Oct 13 06:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17412]: pam_unix(cron:session): session closed for user root
Oct 13 06:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24914]: pam_unix(cron:session): session closed for user root
Oct 13 06:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: Invalid user conda from 186.118.142.216
Oct 13 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: input_userauth_request: invalid user conda [preauth]
Oct 13 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216
Oct 13 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: Failed password for invalid user conda from 186.118.142.216 port 56170 ssh2
Oct 13 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: Received disconnect from 186.118.142.216 port 56170:11: Bye Bye [preauth]
Oct 13 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: Disconnected from 186.118.142.216 port 56170 [preauth]
Oct 13 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27400]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27399]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27401]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27398]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27401]: pam_unix(cron:session): session closed for user root
Oct 13 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27396]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27486]: Successful su for rubyman by root
Oct 13 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27486]: + ??? root:rubyman
Oct 13 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403283 of user rubyman.
Oct 13 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27486]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403283.
Oct 13 06:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27398]: pam_unix(cron:session): session closed for user root
Oct 13 06:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22701]: pam_unix(cron:session): session closed for user root
Oct 13 06:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27397]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25647]: pam_unix(cron:session): session closed for user root
Oct 13 06:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28212]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28211]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28209]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: Invalid user luka from 122.161.199.210
Oct 13 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: input_userauth_request: invalid user luka [preauth]
Oct 13 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210
Oct 13 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28284]: Successful su for rubyman by root
Oct 13 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28284]: + ??? root:rubyman
Oct 13 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403288 of user rubyman.
Oct 13 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28284]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403288.
Oct 13 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: Failed password for invalid user luka from 122.161.199.210 port 49014 ssh2
Oct 13 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: Received disconnect from 122.161.199.210 port 49014:11: Bye Bye [preauth]
Oct 13 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: Disconnected from 122.161.199.210 port 49014 [preauth]
Oct 13 06:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23849]: pam_unix(cron:session): session closed for user root
Oct 13 06:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28210]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: Invalid user mcuser from 186.118.142.216
Oct 13 06:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: input_userauth_request: invalid user mcuser [preauth]
Oct 13 06:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216
Oct 13 06:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: Failed password for invalid user mcuser from 186.118.142.216 port 40806 ssh2
Oct 13 06:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: Received disconnect from 186.118.142.216 port 40806:11: Bye Bye [preauth]
Oct 13 06:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: Disconnected from 186.118.142.216 port 40806 [preauth]
Oct 13 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26202]: pam_unix(cron:session): session closed for user root
Oct 13 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29015]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29014]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29013]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29012]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29123]: Successful su for rubyman by root
Oct 13 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29123]: + ??? root:rubyman
Oct 13 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403292 of user rubyman.
Oct 13 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29123]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403292.
Oct 13 06:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 06:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24423]: pam_unix(cron:session): session closed for user root
Oct 13 06:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Failed password for root from 194.182.86.152 port 57978 ssh2
Oct 13 06:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Connection closed by 194.182.86.152 port 57978 [preauth]
Oct 13 06:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29013]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27400]: pam_unix(cron:session): session closed for user root
Oct 13 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210  user=root
Oct 13 06:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: Failed password for root from 122.161.199.210 port 41968 ssh2
Oct 13 06:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: Received disconnect from 122.161.199.210 port 41968:11: Bye Bye [preauth]
Oct 13 06:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: Disconnected from 122.161.199.210 port 41968 [preauth]
Oct 13 06:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29545]: Invalid user nitin from 20.163.71.109
Oct 13 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29545]: input_userauth_request: invalid user nitin [preauth]
Oct 13 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29545]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 13 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29545]: Failed password for invalid user nitin from 20.163.71.109 port 35880 ssh2
Oct 13 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29545]: Connection closed by 20.163.71.109 port 35880 [preauth]
Oct 13 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29551]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29552]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29549]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29623]: Successful su for rubyman by root
Oct 13 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29623]: + ??? root:rubyman
Oct 13 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403297 of user rubyman.
Oct 13 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29623]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403297.
Oct 13 06:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24913]: pam_unix(cron:session): session closed for user root
Oct 13 06:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29550]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: Invalid user bitcoin from 186.118.142.216
Oct 13 06:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: input_userauth_request: invalid user bitcoin [preauth]
Oct 13 06:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216
Oct 13 06:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: Failed password for invalid user bitcoin from 186.118.142.216 port 33414 ssh2
Oct 13 06:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: Received disconnect from 186.118.142.216 port 33414:11: Bye Bye [preauth]
Oct 13 06:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: Disconnected from 186.118.142.216 port 33414 [preauth]
Oct 13 06:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28212]: pam_unix(cron:session): session closed for user root
Oct 13 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30058]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30057]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30053]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30129]: Successful su for rubyman by root
Oct 13 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30129]: + ??? root:rubyman
Oct 13 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30129]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403301 of user rubyman.
Oct 13 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30129]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403301.
Oct 13 06:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25646]: pam_unix(cron:session): session closed for user root
Oct 13 06:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30054]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210  user=root
Oct 13 06:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: Failed password for root from 122.161.199.210 port 40040 ssh2
Oct 13 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: Received disconnect from 122.161.199.210 port 40040:11: Bye Bye [preauth]
Oct 13 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: Disconnected from 122.161.199.210 port 40040 [preauth]
Oct 13 06:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29015]: pam_unix(cron:session): session closed for user root
Oct 13 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30668]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30667]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30665]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30666]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30668]: pam_unix(cron:session): session closed for user root
Oct 13 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30663]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30741]: Successful su for rubyman by root
Oct 13 06:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30741]: + ??? root:rubyman
Oct 13 06:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30741]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403305 of user rubyman.
Oct 13 06:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30741]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403305.
Oct 13 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30846]: Invalid user jenkins from 186.118.142.216
Oct 13 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30846]: input_userauth_request: invalid user jenkins [preauth]
Oct 13 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30846]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216
Oct 13 06:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30665]: pam_unix(cron:session): session closed for user root
Oct 13 06:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30846]: Failed password for invalid user jenkins from 186.118.142.216 port 59700 ssh2
Oct 13 06:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30846]: Received disconnect from 186.118.142.216 port 59700:11: Bye Bye [preauth]
Oct 13 06:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30846]: Disconnected from 186.118.142.216 port 59700 [preauth]
Oct 13 06:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26201]: pam_unix(cron:session): session closed for user root
Oct 13 06:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30664]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: Invalid user ubuntu from 190.103.202.7
Oct 13 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 13 06:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: Failed password for invalid user ubuntu from 190.103.202.7 port 59510 ssh2
Oct 13 06:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: Connection closed by 190.103.202.7 port 59510 [preauth]
Oct 13 06:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29552]: pam_unix(cron:session): session closed for user root
Oct 13 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31184]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31183]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31181]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31261]: Successful su for rubyman by root
Oct 13 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31261]: + ??? root:rubyman
Oct 13 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403311 of user rubyman.
Oct 13 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31261]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403311.
Oct 13 06:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27399]: pam_unix(cron:session): session closed for user root
Oct 13 06:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31182]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: Invalid user jenkins from 122.161.199.210
Oct 13 06:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: input_userauth_request: invalid user jenkins [preauth]
Oct 13 06:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210
Oct 13 06:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: Failed password for invalid user jenkins from 122.161.199.210 port 32904 ssh2
Oct 13 06:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: Received disconnect from 122.161.199.210 port 32904:11: Bye Bye [preauth]
Oct 13 06:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: Disconnected from 122.161.199.210 port 32904 [preauth]
Oct 13 06:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31692]: Invalid user nitin from 20.163.71.109
Oct 13 06:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31692]: input_userauth_request: invalid user nitin [preauth]
Oct 13 06:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31692]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 13 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31692]: Failed password for invalid user nitin from 20.163.71.109 port 37218 ssh2
Oct 13 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31692]: Connection closed by 20.163.71.109 port 37218 [preauth]
Oct 13 06:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30058]: pam_unix(cron:session): session closed for user root
Oct 13 06:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216  user=root
Oct 13 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: Failed password for root from 186.118.142.216 port 40752 ssh2
Oct 13 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: Received disconnect from 186.118.142.216 port 40752:11: Bye Bye [preauth]
Oct 13 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31791]: Disconnected from 186.118.142.216 port 40752 [preauth]
Oct 13 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31069]: Connection closed by 113.141.70.64 port 38288 [preauth]
Oct 13 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31817]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31816]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31813]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31885]: Successful su for rubyman by root
Oct 13 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31885]: + ??? root:rubyman
Oct 13 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403314 of user rubyman.
Oct 13 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31885]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403314.
Oct 13 06:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28211]: pam_unix(cron:session): session closed for user root
Oct 13 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31814]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30667]: pam_unix(cron:session): session closed for user root
Oct 13 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32361]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32360]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32358]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32433]: Successful su for rubyman by root
Oct 13 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32433]: + ??? root:rubyman
Oct 13 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403318 of user rubyman.
Oct 13 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32433]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403318.
Oct 13 06:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210  user=root
Oct 13 06:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32419]: Failed password for root from 122.161.199.210 port 45348 ssh2
Oct 13 06:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32419]: Received disconnect from 122.161.199.210 port 45348:11: Bye Bye [preauth]
Oct 13 06:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32419]: Disconnected from 122.161.199.210 port 45348 [preauth]
Oct 13 06:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29014]: pam_unix(cron:session): session closed for user root
Oct 13 06:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32359]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31184]: pam_unix(cron:session): session closed for user root
Oct 13 06:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[300]: Invalid user testuser from 186.118.142.216
Oct 13 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[300]: input_userauth_request: invalid user testuser [preauth]
Oct 13 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[300]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216
Oct 13 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[300]: Failed password for invalid user testuser from 186.118.142.216 port 46094 ssh2
Oct 13 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[300]: Received disconnect from 186.118.142.216 port 46094:11: Bye Bye [preauth]
Oct 13 06:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[300]: Disconnected from 186.118.142.216 port 46094 [preauth]
Oct 13 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[354]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[352]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[350]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[433]: Successful su for rubyman by root
Oct 13 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[433]: + ??? root:rubyman
Oct 13 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403322 of user rubyman.
Oct 13 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[433]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403322.
Oct 13 06:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29551]: pam_unix(cron:session): session closed for user root
Oct 13 06:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[351]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31817]: pam_unix(cron:session): session closed for user root
Oct 13 06:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: Invalid user bindu from 122.161.199.210
Oct 13 06:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: input_userauth_request: invalid user bindu [preauth]
Oct 13 06:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210
Oct 13 06:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: Failed password for invalid user bindu from 122.161.199.210 port 37600 ssh2
Oct 13 06:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: Received disconnect from 122.161.199.210 port 37600:11: Bye Bye [preauth]
Oct 13 06:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: Disconnected from 122.161.199.210 port 37600 [preauth]
Oct 13 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[855]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[861]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[863]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[862]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[854]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[863]: pam_unix(cron:session): session closed for user root
Oct 13 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[852]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1002]: Successful su for rubyman by root
Oct 13 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1002]: + ??? root:rubyman
Oct 13 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403331 of user rubyman.
Oct 13 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1002]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403331.
Oct 13 06:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[855]: pam_unix(cron:session): session closed for user root
Oct 13 06:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30057]: pam_unix(cron:session): session closed for user root
Oct 13 06:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[854]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1359]: Did not receive identification string from 80.211.129.128
Oct 13 06:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32361]: pam_unix(cron:session): session closed for user root
Oct 13 06:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 06:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: Failed password for root from 194.182.86.152 port 53544 ssh2
Oct 13 06:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: Connection closed by 194.182.86.152 port 53544 [preauth]
Oct 13 06:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: Invalid user homeassistant from 186.118.142.216
Oct 13 06:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: input_userauth_request: invalid user homeassistant [preauth]
Oct 13 06:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216
Oct 13 06:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: Failed password for invalid user homeassistant from 186.118.142.216 port 33918 ssh2
Oct 13 06:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: Received disconnect from 186.118.142.216 port 33918:11: Bye Bye [preauth]
Oct 13 06:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: Disconnected from 186.118.142.216 port 33918 [preauth]
Oct 13 06:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: Invalid user Sujan from 62.60.131.157
Oct 13 06:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: input_userauth_request: invalid user Sujan [preauth]
Oct 13 06:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 06:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: Failed password for invalid user Sujan from 62.60.131.157 port 62761 ssh2
Oct 13 06:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: Failed password for invalid user Sujan from 62.60.131.157 port 62761 ssh2
Oct 13 06:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: Failed password for invalid user Sujan from 62.60.131.157 port 62761 ssh2
Oct 13 06:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: Failed password for invalid user Sujan from 62.60.131.157 port 62761 ssh2
Oct 13 06:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: Failed password for invalid user Sujan from 62.60.131.157 port 62761 ssh2
Oct 13 06:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: Received disconnect from 62.60.131.157 port 62761:11: Bye [preauth]
Oct 13 06:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: Disconnected from 62.60.131.157 port 62761 [preauth]
Oct 13 06:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 06:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1482]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1483]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1480]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1558]: Successful su for rubyman by root
Oct 13 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1558]: + ??? root:rubyman
Oct 13 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403333 of user rubyman.
Oct 13 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1558]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403333.
Oct 13 06:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30666]: pam_unix(cron:session): session closed for user root
Oct 13 06:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1481]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[354]: pam_unix(cron:session): session closed for user root
Oct 13 06:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210  user=root
Oct 13 06:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2008]: Failed password for root from 122.161.199.210 port 34426 ssh2
Oct 13 06:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2008]: Received disconnect from 122.161.199.210 port 34426:11: Bye Bye [preauth]
Oct 13 06:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2008]: Disconnected from 122.161.199.210 port 34426 [preauth]
Oct 13 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2067]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2070]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2065]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2139]: Successful su for rubyman by root
Oct 13 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2139]: + ??? root:rubyman
Oct 13 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403337 of user rubyman.
Oct 13 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2139]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403337.
Oct 13 06:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31183]: pam_unix(cron:session): session closed for user root
Oct 13 06:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2066]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Invalid user admin from 2.57.121.112
Oct 13 06:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: input_userauth_request: invalid user admin [preauth]
Oct 13 06:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 06:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Failed password for invalid user admin from 2.57.121.112 port 58625 ssh2
Oct 13 06:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Failed password for invalid user admin from 2.57.121.112 port 58625 ssh2
Oct 13 06:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Failed password for invalid user admin from 2.57.121.112 port 58625 ssh2
Oct 13 06:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Failed password for invalid user admin from 2.57.121.112 port 58625 ssh2
Oct 13 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Failed password for invalid user admin from 2.57.121.112 port 58625 ssh2
Oct 13 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Received disconnect from 2.57.121.112 port 58625:11: Bye [preauth]
Oct 13 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: Disconnected from 2.57.121.112 port 58625 [preauth]
Oct 13 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2383]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 06:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: Invalid user ftpuser from 186.118.142.216
Oct 13 06:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 06:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216
Oct 13 06:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: Failed password for invalid user ftpuser from 186.118.142.216 port 34742 ssh2
Oct 13 06:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: Received disconnect from 186.118.142.216 port 34742:11: Bye Bye [preauth]
Oct 13 06:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: Disconnected from 186.118.142.216 port 34742 [preauth]
Oct 13 06:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[862]: pam_unix(cron:session): session closed for user root
Oct 13 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2539]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2537]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2535]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2603]: Successful su for rubyman by root
Oct 13 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2603]: + ??? root:rubyman
Oct 13 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403340 of user rubyman.
Oct 13 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2603]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403340.
Oct 13 06:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31816]: pam_unix(cron:session): session closed for user root
Oct 13 06:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2536]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210  user=root
Oct 13 06:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: Failed password for root from 122.161.199.210 port 35454 ssh2
Oct 13 06:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: Received disconnect from 122.161.199.210 port 35454:11: Bye Bye [preauth]
Oct 13 06:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: Disconnected from 122.161.199.210 port 35454 [preauth]
Oct 13 06:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1483]: pam_unix(cron:session): session closed for user root
Oct 13 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2985]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2986]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2983]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3056]: Successful su for rubyman by root
Oct 13 06:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3056]: + ??? root:rubyman
Oct 13 06:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403347 of user rubyman.
Oct 13 06:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3056]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403347.
Oct 13 06:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32360]: pam_unix(cron:session): session closed for user root
Oct 13 06:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2984]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216  user=root
Oct 13 06:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: Failed password for root from 186.118.142.216 port 44104 ssh2
Oct 13 06:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: Received disconnect from 186.118.142.216 port 44104:11: Bye Bye [preauth]
Oct 13 06:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: Disconnected from 186.118.142.216 port 44104 [preauth]
Oct 13 06:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2070]: pam_unix(cron:session): session closed for user root
Oct 13 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3438]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3439]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3435]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3440]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3433]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3434]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3440]: pam_unix(cron:session): session closed for user root
Oct 13 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3433]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3525]: Successful su for rubyman by root
Oct 13 06:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3525]: + ??? root:rubyman
Oct 13 06:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403349 of user rubyman.
Oct 13 06:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3525]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403349.
Oct 13 06:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3435]: pam_unix(cron:session): session closed for user root
Oct 13 06:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[352]: pam_unix(cron:session): session closed for user root
Oct 13 06:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3434]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2539]: pam_unix(cron:session): session closed for user root
Oct 13 06:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: Invalid user homeassistant from 122.161.199.210
Oct 13 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: input_userauth_request: invalid user homeassistant [preauth]
Oct 13 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210
Oct 13 06:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: Failed password for invalid user homeassistant from 122.161.199.210 port 50278 ssh2
Oct 13 06:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: Received disconnect from 122.161.199.210 port 50278:11: Bye Bye [preauth]
Oct 13 06:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: Disconnected from 122.161.199.210 port 50278 [preauth]
Oct 13 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3935]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3934]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3932]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3932]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4012]: Successful su for rubyman by root
Oct 13 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4012]: + ??? root:rubyman
Oct 13 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403354 of user rubyman.
Oct 13 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4012]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403354.
Oct 13 06:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[861]: pam_unix(cron:session): session closed for user root
Oct 13 06:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3933]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4318]: Invalid user printer from 186.118.142.216
Oct 13 06:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4318]: input_userauth_request: invalid user printer [preauth]
Oct 13 06:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4318]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216
Oct 13 06:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4318]: Failed password for invalid user printer from 186.118.142.216 port 33532 ssh2
Oct 13 06:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4318]: Received disconnect from 186.118.142.216 port 33532:11: Bye Bye [preauth]
Oct 13 06:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4318]: Disconnected from 186.118.142.216 port 33532 [preauth]
Oct 13 06:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2986]: pam_unix(cron:session): session closed for user root
Oct 13 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4454]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4453]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4449]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4514]: Successful su for rubyman by root
Oct 13 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4514]: + ??? root:rubyman
Oct 13 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403358 of user rubyman.
Oct 13 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4514]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403358.
Oct 13 06:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1482]: pam_unix(cron:session): session closed for user root
Oct 13 06:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4450]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3439]: pam_unix(cron:session): session closed for user root
Oct 13 06:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: Invalid user tg from 122.161.199.210
Oct 13 06:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: input_userauth_request: invalid user tg [preauth]
Oct 13 06:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210
Oct 13 06:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: Failed password for invalid user tg from 122.161.199.210 port 57328 ssh2
Oct 13 06:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: Received disconnect from 122.161.199.210 port 57328:11: Bye Bye [preauth]
Oct 13 06:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: Disconnected from 122.161.199.210 port 57328 [preauth]
Oct 13 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5154]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5155]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5152]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5511]: Successful su for rubyman by root
Oct 13 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5511]: + ??? root:rubyman
Oct 13 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403362 of user rubyman.
Oct 13 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5511]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403362.
Oct 13 06:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2067]: pam_unix(cron:session): session closed for user root
Oct 13 06:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5742]: Invalid user milad from 186.118.142.216
Oct 13 06:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5742]: input_userauth_request: invalid user milad [preauth]
Oct 13 06:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5742]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 06:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216
Oct 13 06:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5153]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5742]: Failed password for invalid user milad from 186.118.142.216 port 47652 ssh2
Oct 13 06:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5742]: Received disconnect from 186.118.142.216 port 47652:11: Bye Bye [preauth]
Oct 13 06:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5742]: Disconnected from 186.118.142.216 port 47652 [preauth]
Oct 13 06:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3935]: pam_unix(cron:session): session closed for user root
Oct 13 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5929]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5927]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5928]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5926]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5926]: pam_unix(cron:session): session closed for user p13x
Oct 13 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5995]: Successful su for rubyman by root
Oct 13 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5995]: + ??? root:rubyman
Oct 13 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403367 of user rubyman.
Oct 13 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5995]: pam_unix(su:session): session closed for user rubyman
Oct 13 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403367.
Oct 13 06:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2537]: pam_unix(cron:session): session closed for user root
Oct 13 06:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5927]: pam_unix(cron:session): session closed for user samftp
Oct 13 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210  user=root
Oct 13 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: Failed password for root from 122.161.199.210 port 35440 ssh2
Oct 13 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: Received disconnect from 122.161.199.210 port 35440:11: Bye Bye [preauth]
Oct 13 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: Disconnected from 122.161.199.210 port 35440 [preauth]
Oct 13 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4454]: pam_unix(cron:session): session closed for user root
Oct 13 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: Invalid user mcuser from 186.118.142.216
Oct 13 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: input_userauth_request: invalid user mcuser [preauth]
Oct 13 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216
Oct 13 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6377]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6378]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6373]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6376]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6374]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6373]: pam_unix(cron:session): session closed for user root
Oct 13 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6378]: pam_unix(cron:session): session closed for user root
Oct 13 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6370]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: Failed password for invalid user mcuser from 186.118.142.216 port 41916 ssh2
Oct 13 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: Received disconnect from 186.118.142.216 port 41916:11: Bye Bye [preauth]
Oct 13 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: Disconnected from 186.118.142.216 port 41916 [preauth]
Oct 13 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6495]: Successful su for rubyman by root
Oct 13 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6495]: + ??? root:rubyman
Oct 13 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403373 of user rubyman.
Oct 13 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6495]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403373.
Oct 13 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6374]: pam_unix(cron:session): session closed for user root
Oct 13 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2985]: pam_unix(cron:session): session closed for user root
Oct 13 07:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6372]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Invalid user admin from 2.57.121.25
Oct 13 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: input_userauth_request: invalid user admin [preauth]
Oct 13 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 07:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Failed password for invalid user admin from 2.57.121.25 port 64412 ssh2
Oct 13 07:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Failed password for invalid user admin from 2.57.121.25 port 64412 ssh2
Oct 13 07:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Failed password for invalid user admin from 2.57.121.25 port 64412 ssh2
Oct 13 07:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Failed password for invalid user admin from 2.57.121.25 port 64412 ssh2
Oct 13 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Failed password for invalid user admin from 2.57.121.25 port 64412 ssh2
Oct 13 07:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Received disconnect from 2.57.121.25 port 64412:11: Bye [preauth]
Oct 13 07:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Disconnected from 2.57.121.25 port 64412 [preauth]
Oct 13 07:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 07:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 07:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5155]: pam_unix(cron:session): session closed for user root
Oct 13 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7040]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7038]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7035]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7157]: Successful su for rubyman by root
Oct 13 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7157]: + ??? root:rubyman
Oct 13 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403378 of user rubyman.
Oct 13 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7157]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403378.
Oct 13 07:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3438]: pam_unix(cron:session): session closed for user root
Oct 13 07:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: Invalid user dspace from 122.161.199.210
Oct 13 07:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: input_userauth_request: invalid user dspace [preauth]
Oct 13 07:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210
Oct 13 07:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: Failed password for invalid user dspace from 122.161.199.210 port 46202 ssh2
Oct 13 07:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7036]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: Received disconnect from 122.161.199.210 port 46202:11: Bye Bye [preauth]
Oct 13 07:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: Disconnected from 122.161.199.210 port 46202 [preauth]
Oct 13 07:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5929]: pam_unix(cron:session): session closed for user root
Oct 13 07:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7574]: Invalid user adminadmin from 186.118.142.216
Oct 13 07:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7574]: input_userauth_request: invalid user adminadmin [preauth]
Oct 13 07:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7574]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216
Oct 13 07:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7574]: Failed password for invalid user adminadmin from 186.118.142.216 port 36580 ssh2
Oct 13 07:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7574]: Received disconnect from 186.118.142.216 port 36580:11: Bye Bye [preauth]
Oct 13 07:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7574]: Disconnected from 186.118.142.216 port 36580 [preauth]
Oct 13 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7614]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7612]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7610]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7678]: Successful su for rubyman by root
Oct 13 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7678]: + ??? root:rubyman
Oct 13 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403382 of user rubyman.
Oct 13 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7678]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403382.
Oct 13 07:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3934]: pam_unix(cron:session): session closed for user root
Oct 13 07:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7611]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Invalid user user from 62.60.131.157
Oct 13 07:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: input_userauth_request: invalid user user [preauth]
Oct 13 07:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 07:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Failed password for invalid user user from 62.60.131.157 port 6653 ssh2
Oct 13 07:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Failed password for invalid user user from 62.60.131.157 port 6653 ssh2
Oct 13 07:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Failed password for invalid user user from 62.60.131.157 port 6653 ssh2
Oct 13 07:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Failed password for invalid user user from 62.60.131.157 port 6653 ssh2
Oct 13 07:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Failed password for invalid user user from 62.60.131.157 port 6653 ssh2
Oct 13 07:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Received disconnect from 62.60.131.157 port 6653:11: Bye [preauth]
Oct 13 07:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Disconnected from 62.60.131.157 port 6653 [preauth]
Oct 13 07:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 07:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 07:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6377]: pam_unix(cron:session): session closed for user root
Oct 13 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8520]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8519]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8516]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8593]: Successful su for rubyman by root
Oct 13 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8593]: + ??? root:rubyman
Oct 13 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403386 of user rubyman.
Oct 13 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8593]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403386.
Oct 13 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: Invalid user ftpuser from 122.161.199.210
Oct 13 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210
Oct 13 07:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: Failed password for invalid user ftpuser from 122.161.199.210 port 52112 ssh2
Oct 13 07:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: Received disconnect from 122.161.199.210 port 52112:11: Bye Bye [preauth]
Oct 13 07:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: Disconnected from 122.161.199.210 port 52112 [preauth]
Oct 13 07:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4453]: pam_unix(cron:session): session closed for user root
Oct 13 07:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8517]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7040]: pam_unix(cron:session): session closed for user root
Oct 13 07:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9050]: Invalid user anik from 186.118.142.216
Oct 13 07:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9050]: input_userauth_request: invalid user anik [preauth]
Oct 13 07:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9050]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216
Oct 13 07:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9050]: Failed password for invalid user anik from 186.118.142.216 port 55882 ssh2
Oct 13 07:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9050]: Received disconnect from 186.118.142.216 port 55882:11: Bye Bye [preauth]
Oct 13 07:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9050]: Disconnected from 186.118.142.216 port 55882 [preauth]
Oct 13 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9113]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9112]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9110]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9287]: Successful su for rubyman by root
Oct 13 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9287]: + ??? root:rubyman
Oct 13 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403390 of user rubyman.
Oct 13 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9287]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403390.
Oct 13 07:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5154]: pam_unix(cron:session): session closed for user root
Oct 13 07:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 07:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9484]: Failed password for root from 194.182.86.152 port 54944 ssh2
Oct 13 07:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9484]: Connection closed by 194.182.86.152 port 54944 [preauth]
Oct 13 07:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9111]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7614]: pam_unix(cron:session): session closed for user root
Oct 13 07:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 07:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: Failed password for root from 194.182.86.152 port 48944 ssh2
Oct 13 07:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: Connection closed by 194.182.86.152 port 48944 [preauth]
Oct 13 07:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: Invalid user flavia from 122.161.199.210
Oct 13 07:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: input_userauth_request: invalid user flavia [preauth]
Oct 13 07:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210
Oct 13 07:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: Failed password for invalid user flavia from 122.161.199.210 port 51880 ssh2
Oct 13 07:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: Received disconnect from 122.161.199.210 port 51880:11: Bye Bye [preauth]
Oct 13 07:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: Disconnected from 122.161.199.210 port 51880 [preauth]
Oct 13 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9852]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9851]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9854]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9855]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9855]: pam_unix(cron:session): session closed for user root
Oct 13 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9845]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9936]: Successful su for rubyman by root
Oct 13 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9936]: + ??? root:rubyman
Oct 13 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403397 of user rubyman.
Oct 13 07:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9936]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403397.
Oct 13 07:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9851]: pam_unix(cron:session): session closed for user root
Oct 13 07:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5928]: pam_unix(cron:session): session closed for user root
Oct 13 07:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9850]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: Invalid user luka from 186.118.142.216
Oct 13 07:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: input_userauth_request: invalid user luka [preauth]
Oct 13 07:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216
Oct 13 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: Failed password for invalid user luka from 186.118.142.216 port 37442 ssh2
Oct 13 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: Received disconnect from 186.118.142.216 port 37442:11: Bye Bye [preauth]
Oct 13 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10263]: Disconnected from 186.118.142.216 port 37442 [preauth]
Oct 13 07:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8520]: pam_unix(cron:session): session closed for user root
Oct 13 07:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 07:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: Failed password for root from 194.182.86.152 port 39762 ssh2
Oct 13 07:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: Connection closed by 194.182.86.152 port 39762 [preauth]
Oct 13 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10381]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10379]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10377]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10460]: Successful su for rubyman by root
Oct 13 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10460]: + ??? root:rubyman
Oct 13 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403400 of user rubyman.
Oct 13 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10460]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403400.
Oct 13 07:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6376]: pam_unix(cron:session): session closed for user root
Oct 13 07:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10378]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9113]: pam_unix(cron:session): session closed for user root
Oct 13 07:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10790]: Invalid user bitcoin from 122.161.199.210
Oct 13 07:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10790]: input_userauth_request: invalid user bitcoin [preauth]
Oct 13 07:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10790]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210
Oct 13 07:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10790]: Failed password for invalid user bitcoin from 122.161.199.210 port 55214 ssh2
Oct 13 07:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10790]: Received disconnect from 122.161.199.210 port 55214:11: Bye Bye [preauth]
Oct 13 07:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10790]: Disconnected from 122.161.199.210 port 55214 [preauth]
Oct 13 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10862]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10861]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10859]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10927]: Successful su for rubyman by root
Oct 13 07:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10927]: + ??? root:rubyman
Oct 13 07:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403403 of user rubyman.
Oct 13 07:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10927]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403403.
Oct 13 07:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7038]: pam_unix(cron:session): session closed for user root
Oct 13 07:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10860]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11176]: Invalid user oliveira from 186.118.142.216
Oct 13 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11176]: input_userauth_request: invalid user oliveira [preauth]
Oct 13 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11176]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216
Oct 13 07:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11176]: Failed password for invalid user oliveira from 186.118.142.216 port 32972 ssh2
Oct 13 07:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11176]: Received disconnect from 186.118.142.216 port 32972:11: Bye Bye [preauth]
Oct 13 07:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11176]: Disconnected from 186.118.142.216 port 32972 [preauth]
Oct 13 07:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9854]: pam_unix(cron:session): session closed for user root
Oct 13 07:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 07:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omar@198.199.94.12 rhost=::ffff:45.142.193.185
Oct 13 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11324]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11325]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11320]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11393]: Successful su for rubyman by root
Oct 13 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11393]: + ??? root:rubyman
Oct 13 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403407 of user rubyman.
Oct 13 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11393]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403407.
Oct 13 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omar rhost=::ffff:45.142.193.185
Oct 13 07:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7612]: pam_unix(cron:session): session closed for user root
Oct 13 07:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11321]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: Invalid user mcuser from 122.161.199.210
Oct 13 07:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: input_userauth_request: invalid user mcuser [preauth]
Oct 13 07:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210
Oct 13 07:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: Failed password for invalid user mcuser from 122.161.199.210 port 46174 ssh2
Oct 13 07:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: Received disconnect from 122.161.199.210 port 46174:11: Bye Bye [preauth]
Oct 13 07:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11760]: Disconnected from 122.161.199.210 port 46174 [preauth]
Oct 13 07:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10381]: pam_unix(cron:session): session closed for user root
Oct 13 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11905]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11904]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11899]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11901]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12076]: Successful su for rubyman by root
Oct 13 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12076]: + ??? root:rubyman
Oct 13 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403411 of user rubyman.
Oct 13 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12076]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403411.
Oct 13 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11899]: pam_unix(cron:session): session closed for user root
Oct 13 07:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8519]: pam_unix(cron:session): session closed for user root
Oct 13 07:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11902]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: Invalid user centos from 186.118.142.216
Oct 13 07:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: input_userauth_request: invalid user centos [preauth]
Oct 13 07:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216
Oct 13 07:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: Failed password for invalid user centos from 186.118.142.216 port 51260 ssh2
Oct 13 07:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: Received disconnect from 186.118.142.216 port 51260:11: Bye Bye [preauth]
Oct 13 07:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: Disconnected from 186.118.142.216 port 51260 [preauth]
Oct 13 07:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 07:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12344]: Failed password for root from 194.182.86.152 port 41260 ssh2
Oct 13 07:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12344]: Connection closed by 194.182.86.152 port 41260 [preauth]
Oct 13 07:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10862]: pam_unix(cron:session): session closed for user root
Oct 13 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12491]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12493]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12490]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12492]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12493]: pam_unix(cron:session): session closed for user root
Oct 13 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12488]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12576]: Successful su for rubyman by root
Oct 13 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12576]: + ??? root:rubyman
Oct 13 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403417 of user rubyman.
Oct 13 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12576]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403417.
Oct 13 07:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9112]: pam_unix(cron:session): session closed for user root
Oct 13 07:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12490]: pam_unix(cron:session): session closed for user root
Oct 13 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: Invalid user nvidia from 122.161.199.210
Oct 13 07:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: input_userauth_request: invalid user nvidia [preauth]
Oct 13 07:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210
Oct 13 07:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: Failed password for invalid user nvidia from 122.161.199.210 port 59202 ssh2
Oct 13 07:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: Received disconnect from 122.161.199.210 port 59202:11: Bye Bye [preauth]
Oct 13 07:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: Disconnected from 122.161.199.210 port 59202 [preauth]
Oct 13 07:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12489]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12850]: Invalid user admin from 193.32.162.151
Oct 13 07:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12850]: input_userauth_request: invalid user admin [preauth]
Oct 13 07:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12850]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 13 07:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12850]: Failed password for invalid user admin from 193.32.162.151 port 34872 ssh2
Oct 13 07:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12850]: Connection closed by 193.32.162.151 port 34872 [preauth]
Oct 13 07:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11325]: pam_unix(cron:session): session closed for user root
Oct 13 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13048]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13049]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13042]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13125]: Successful su for rubyman by root
Oct 13 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13125]: + ??? root:rubyman
Oct 13 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403422 of user rubyman.
Oct 13 07:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13125]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403422.
Oct 13 07:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216  user=root
Oct 13 07:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: Failed password for root from 186.118.142.216 port 60238 ssh2
Oct 13 07:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: Received disconnect from 186.118.142.216 port 60238:11: Bye Bye [preauth]
Oct 13 07:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: Disconnected from 186.118.142.216 port 60238 [preauth]
Oct 13 07:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9852]: pam_unix(cron:session): session closed for user root
Oct 13 07:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13043]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 07:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13503]: Failed password for root from 194.182.86.152 port 54380 ssh2
Oct 13 07:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13503]: Connection closed by 194.182.86.152 port 54380 [preauth]
Oct 13 07:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11905]: pam_unix(cron:session): session closed for user root
Oct 13 07:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13582]: Did not receive identification string from 80.211.129.128
Oct 13 07:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: Invalid user adminadmin from 122.161.199.210
Oct 13 07:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: input_userauth_request: invalid user adminadmin [preauth]
Oct 13 07:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210
Oct 13 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13633]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13634]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13631]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13631]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: Failed password for invalid user adminadmin from 122.161.199.210 port 40532 ssh2
Oct 13 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13702]: Successful su for rubyman by root
Oct 13 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13702]: + ??? root:rubyman
Oct 13 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403426 of user rubyman.
Oct 13 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13702]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403426.
Oct 13 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: Received disconnect from 122.161.199.210 port 40532:11: Bye Bye [preauth]
Oct 13 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13623]: Disconnected from 122.161.199.210 port 40532 [preauth]
Oct 13 07:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10379]: pam_unix(cron:session): session closed for user root
Oct 13 07:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13930]: Invalid user system_admin from 164.68.105.9
Oct 13 07:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13930]: input_userauth_request: invalid user system_admin [preauth]
Oct 13 07:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13930]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 07:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13930]: Failed password for invalid user system_admin from 164.68.105.9 port 54388 ssh2
Oct 13 07:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13930]: Connection closed by 164.68.105.9 port 54388 [preauth]
Oct 13 07:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13632]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12492]: pam_unix(cron:session): session closed for user root
Oct 13 07:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: Invalid user nvidia from 186.118.142.216
Oct 13 07:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: input_userauth_request: invalid user nvidia [preauth]
Oct 13 07:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216
Oct 13 07:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: Failed password for invalid user nvidia from 186.118.142.216 port 51572 ssh2
Oct 13 07:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: Received disconnect from 186.118.142.216 port 51572:11: Bye Bye [preauth]
Oct 13 07:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: Disconnected from 186.118.142.216 port 51572 [preauth]
Oct 13 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14202]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14201]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14199]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14269]: Successful su for rubyman by root
Oct 13 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14269]: + ??? root:rubyman
Oct 13 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403433 of user rubyman.
Oct 13 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14269]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403433.
Oct 13 07:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10861]: pam_unix(cron:session): session closed for user root
Oct 13 07:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14200]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13049]: pam_unix(cron:session): session closed for user root
Oct 13 07:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: Invalid user oliveira from 122.161.199.210
Oct 13 07:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: input_userauth_request: invalid user oliveira [preauth]
Oct 13 07:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.161.199.210
Oct 13 07:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: Failed password for invalid user oliveira from 122.161.199.210 port 58502 ssh2
Oct 13 07:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: Received disconnect from 122.161.199.210 port 58502:11: Bye Bye [preauth]
Oct 13 07:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: Disconnected from 122.161.199.210 port 58502 [preauth]
Oct 13 07:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14641]: Did not receive identification string from 80.211.129.128
Oct 13 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14645]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14646]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14643]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14707]: Successful su for rubyman by root
Oct 13 07:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14707]: + ??? root:rubyman
Oct 13 07:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403435 of user rubyman.
Oct 13 07:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14707]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403435.
Oct 13 07:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11324]: pam_unix(cron:session): session closed for user root
Oct 13 07:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14644]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13634]: pam_unix(cron:session): session closed for user root
Oct 13 07:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: Invalid user bindu from 186.118.142.216
Oct 13 07:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: input_userauth_request: invalid user bindu [preauth]
Oct 13 07:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.118.142.216
Oct 13 07:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: Failed password for invalid user bindu from 186.118.142.216 port 48856 ssh2
Oct 13 07:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: Received disconnect from 186.118.142.216 port 48856:11: Bye Bye [preauth]
Oct 13 07:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: Disconnected from 186.118.142.216 port 48856 [preauth]
Oct 13 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15208]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15207]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15209]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15206]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15209]: pam_unix(cron:session): session closed for user root
Oct 13 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15203]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15296]: Successful su for rubyman by root
Oct 13 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15296]: + ??? root:rubyman
Oct 13 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403438 of user rubyman.
Oct 13 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15296]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403438.
Oct 13 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15206]: pam_unix(cron:session): session closed for user root
Oct 13 07:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11904]: pam_unix(cron:session): session closed for user root
Oct 13 07:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15204]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14202]: pam_unix(cron:session): session closed for user root
Oct 13 07:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15709]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15707]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15705]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15784]: Successful su for rubyman by root
Oct 13 07:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15784]: + ??? root:rubyman
Oct 13 07:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403444 of user rubyman.
Oct 13 07:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15784]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403444.
Oct 13 07:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12491]: pam_unix(cron:session): session closed for user root
Oct 13 07:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: Did not receive identification string from 89.40.117.17
Oct 13 07:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15706]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14646]: pam_unix(cron:session): session closed for user root
Oct 13 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16167]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16166]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16161]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16161]: pam_unix(cron:session): session closed for user root
Oct 13 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16164]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16239]: Successful su for rubyman by root
Oct 13 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16239]: + ??? root:rubyman
Oct 13 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403450 of user rubyman.
Oct 13 07:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16239]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403450.
Oct 13 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: Did not receive identification string from 80.211.129.128
Oct 13 07:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13048]: pam_unix(cron:session): session closed for user root
Oct 13 07:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16165]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: Invalid user oracle from 193.32.162.151
Oct 13 07:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: input_userauth_request: invalid user oracle [preauth]
Oct 13 07:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 13 07:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: Failed password for invalid user oracle from 193.32.162.151 port 50646 ssh2
Oct 13 07:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: Connection closed by 193.32.162.151 port 50646 [preauth]
Oct 13 07:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15208]: pam_unix(cron:session): session closed for user root
Oct 13 07:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 07:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: Failed password for root from 194.182.86.152 port 53770 ssh2
Oct 13 07:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: Connection closed by 194.182.86.152 port 53770 [preauth]
Oct 13 07:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16629]: Did not receive identification string from 80.211.129.128
Oct 13 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16649]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16650]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16647]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16713]: Successful su for rubyman by root
Oct 13 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16713]: + ??? root:rubyman
Oct 13 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403454 of user rubyman.
Oct 13 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16713]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403454.
Oct 13 07:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13633]: pam_unix(cron:session): session closed for user root
Oct 13 07:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16648]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: Invalid user admin from 190.103.202.7
Oct 13 07:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: input_userauth_request: invalid user admin [preauth]
Oct 13 07:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 13 07:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: Failed password for invalid user admin from 190.103.202.7 port 39442 ssh2
Oct 13 07:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: Connection closed by 190.103.202.7 port 39442 [preauth]
Oct 13 07:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15709]: pam_unix(cron:session): session closed for user root
Oct 13 07:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17038]: Did not receive identification string from 80.211.129.128
Oct 13 07:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 07:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: Failed password for root from 194.182.86.152 port 33384 ssh2
Oct 13 07:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: Connection closed by 194.182.86.152 port 33384 [preauth]
Oct 13 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17110]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17108]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17106]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17192]: Successful su for rubyman by root
Oct 13 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17192]: + ??? root:rubyman
Oct 13 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403459 of user rubyman.
Oct 13 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17192]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403459.
Oct 13 07:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14201]: pam_unix(cron:session): session closed for user root
Oct 13 07:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17107]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16167]: pam_unix(cron:session): session closed for user root
Oct 13 07:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17555]: Did not receive identification string from 159.203.18.124
Oct 13 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17562]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17561]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17563]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17560]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17558]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17563]: pam_unix(cron:session): session closed for user root
Oct 13 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17558]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17643]: Successful su for rubyman by root
Oct 13 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17643]: + ??? root:rubyman
Oct 13 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403461 of user rubyman.
Oct 13 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17643]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403461.
Oct 13 07:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17560]: pam_unix(cron:session): session closed for user root
Oct 13 07:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14645]: pam_unix(cron:session): session closed for user root
Oct 13 07:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17559]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16650]: pam_unix(cron:session): session closed for user root
Oct 13 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18272]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18273]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18271]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18270]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18270]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18460]: Successful su for rubyman by root
Oct 13 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18460]: + ??? root:rubyman
Oct 13 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403470 of user rubyman.
Oct 13 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18460]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403470.
Oct 13 07:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15207]: pam_unix(cron:session): session closed for user root
Oct 13 07:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18271]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17110]: pam_unix(cron:session): session closed for user root
Oct 13 07:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 07:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: Failed password for root from 80.211.129.128 port 50452 ssh2
Oct 13 07:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: Connection closed by 80.211.129.128 port 50452 [preauth]
Oct 13 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18883]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18880]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18877]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19068]: Successful su for rubyman by root
Oct 13 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19068]: + ??? root:rubyman
Oct 13 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403474 of user rubyman.
Oct 13 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19068]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403474.
Oct 13 07:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: Invalid user user from 2.57.121.112
Oct 13 07:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: input_userauth_request: invalid user user [preauth]
Oct 13 07:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 07:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: Failed password for invalid user user from 2.57.121.112 port 63643 ssh2
Oct 13 07:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: Failed password for invalid user user from 2.57.121.112 port 63643 ssh2
Oct 13 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15707]: pam_unix(cron:session): session closed for user root
Oct 13 07:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: Failed password for invalid user user from 2.57.121.112 port 63643 ssh2
Oct 13 07:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: Failed password for invalid user user from 2.57.121.112 port 63643 ssh2
Oct 13 07:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: Failed password for invalid user user from 2.57.121.112 port 63643 ssh2
Oct 13 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: Received disconnect from 2.57.121.112 port 63643:11: Bye [preauth]
Oct 13 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: Disconnected from 2.57.121.112 port 63643 [preauth]
Oct 13 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 07:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18878]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17562]: pam_unix(cron:session): session closed for user root
Oct 13 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19767]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19765]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19761]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19885]: Successful su for rubyman by root
Oct 13 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19885]: + ??? root:rubyman
Oct 13 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403476 of user rubyman.
Oct 13 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19885]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403476.
Oct 13 07:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16166]: pam_unix(cron:session): session closed for user root
Oct 13 07:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19764]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18273]: pam_unix(cron:session): session closed for user root
Oct 13 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20329]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20330]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20327]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20412]: Successful su for rubyman by root
Oct 13 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20412]: + ??? root:rubyman
Oct 13 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403480 of user rubyman.
Oct 13 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20412]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403480.
Oct 13 07:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16649]: pam_unix(cron:session): session closed for user root
Oct 13 07:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20328]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18883]: pam_unix(cron:session): session closed for user root
Oct 13 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20816]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20811]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20813]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20814]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20816]: pam_unix(cron:session): session closed for user root
Oct 13 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20809]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20888]: Successful su for rubyman by root
Oct 13 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20888]: + ??? root:rubyman
Oct 13 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403483 of user rubyman.
Oct 13 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20888]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403483.
Oct 13 07:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20811]: pam_unix(cron:session): session closed for user root
Oct 13 07:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17108]: pam_unix(cron:session): session closed for user root
Oct 13 07:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20810]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19767]: pam_unix(cron:session): session closed for user root
Oct 13 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21303]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21301]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21302]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21300]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21424]: Successful su for rubyman by root
Oct 13 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21424]: + ??? root:rubyman
Oct 13 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403490 of user rubyman.
Oct 13 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21424]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403490.
Oct 13 07:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17561]: pam_unix(cron:session): session closed for user root
Oct 13 07:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21301]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20330]: pam_unix(cron:session): session closed for user root
Oct 13 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21826]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21827]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21824]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21910]: Successful su for rubyman by root
Oct 13 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21910]: + ??? root:rubyman
Oct 13 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403493 of user rubyman.
Oct 13 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21910]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403493.
Oct 13 07:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18272]: pam_unix(cron:session): session closed for user root
Oct 13 07:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21825]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20814]: pam_unix(cron:session): session closed for user root
Oct 13 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22325]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22324]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22322]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22397]: Successful su for rubyman by root
Oct 13 07:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22397]: + ??? root:rubyman
Oct 13 07:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403497 of user rubyman.
Oct 13 07:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22397]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403497.
Oct 13 07:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18880]: pam_unix(cron:session): session closed for user root
Oct 13 07:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22323]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 07:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22671]: Failed password for root from 194.182.86.152 port 39548 ssh2
Oct 13 07:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22671]: Connection closed by 194.182.86.152 port 39548 [preauth]
Oct 13 07:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21303]: pam_unix(cron:session): session closed for user root
Oct 13 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23125]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23124]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23122]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23221]: Successful su for rubyman by root
Oct 13 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23221]: + ??? root:rubyman
Oct 13 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403501 of user rubyman.
Oct 13 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23221]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403501.
Oct 13 07:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19765]: pam_unix(cron:session): session closed for user root
Oct 13 07:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23123]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.58.220.239  user=root
Oct 13 07:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21827]: pam_unix(cron:session): session closed for user root
Oct 13 07:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23885]: Failed password for root from 31.58.220.239 port 54394 ssh2
Oct 13 07:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23885]: Connection closed by 31.58.220.239 port 54394 [preauth]
Oct 13 07:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: Invalid user pritchard from 62.60.131.157
Oct 13 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: input_userauth_request: invalid user pritchard [preauth]
Oct 13 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23972]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23969]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23973]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23971]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23973]: pam_unix(cron:session): session closed for user root
Oct 13 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23967]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: Failed password for invalid user pritchard from 62.60.131.157 port 62869 ssh2
Oct 13 07:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24055]: Successful su for rubyman by root
Oct 13 07:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24055]: + ??? root:rubyman
Oct 13 07:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403507 of user rubyman.
Oct 13 07:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24055]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403507.
Oct 13 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: Failed password for invalid user pritchard from 62.60.131.157 port 62869 ssh2
Oct 13 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: Failed password for invalid user pritchard from 62.60.131.157 port 62869 ssh2
Oct 13 07:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: Failed password for invalid user pritchard from 62.60.131.157 port 62869 ssh2
Oct 13 07:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23969]: pam_unix(cron:session): session closed for user root
Oct 13 07:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20329]: pam_unix(cron:session): session closed for user root
Oct 13 07:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: Failed password for invalid user pritchard from 62.60.131.157 port 62869 ssh2
Oct 13 07:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: Received disconnect from 62.60.131.157 port 62869:11: Bye [preauth]
Oct 13 07:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: Disconnected from 62.60.131.157 port 62869 [preauth]
Oct 13 07:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 07:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 07:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23968]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22325]: pam_unix(cron:session): session closed for user root
Oct 13 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24536]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24534]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24529]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24623]: Successful su for rubyman by root
Oct 13 07:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24623]: + ??? root:rubyman
Oct 13 07:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403511 of user rubyman.
Oct 13 07:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24623]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403511.
Oct 13 07:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20813]: pam_unix(cron:session): session closed for user root
Oct 13 07:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24531]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23125]: pam_unix(cron:session): session closed for user root
Oct 13 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25015]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25012]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25096]: Successful su for rubyman by root
Oct 13 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25096]: + ??? root:rubyman
Oct 13 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403516 of user rubyman.
Oct 13 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25096]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403516.
Oct 13 07:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21302]: pam_unix(cron:session): session closed for user root
Oct 13 07:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25014]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23972]: pam_unix(cron:session): session closed for user root
Oct 13 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25723]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25722]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25719]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25719]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25890]: Successful su for rubyman by root
Oct 13 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25890]: + ??? root:rubyman
Oct 13 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25890]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403521 of user rubyman.
Oct 13 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25890]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403521.
Oct 13 07:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21826]: pam_unix(cron:session): session closed for user root
Oct 13 07:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25721]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24536]: pam_unix(cron:session): session closed for user root
Oct 13 07:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: Did not receive identification string from 80.211.129.128
Oct 13 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26287]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26288]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26284]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26374]: Successful su for rubyman by root
Oct 13 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26374]: + ??? root:rubyman
Oct 13 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403525 of user rubyman.
Oct 13 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26374]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403525.
Oct 13 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: Invalid user sol from 159.203.18.124
Oct 13 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: input_userauth_request: invalid user sol [preauth]
Oct 13 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.18.124
Oct 13 07:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: Failed password for invalid user sol from 159.203.18.124 port 36514 ssh2
Oct 13 07:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: Connection closed by 159.203.18.124 port 36514 [preauth]
Oct 13 07:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 07:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: Failed password for root from 194.182.86.152 port 59152 ssh2
Oct 13 07:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: Connection closed by 194.182.86.152 port 59152 [preauth]
Oct 13 07:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22324]: pam_unix(cron:session): session closed for user root
Oct 13 07:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26285]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26785]: Did not receive identification string from 80.211.129.128
Oct 13 07:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session closed for user root
Oct 13 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26947]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26948]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26944]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26950]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26950]: pam_unix(cron:session): session closed for user root
Oct 13 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27170]: Successful su for rubyman by root
Oct 13 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27170]: + ??? root:rubyman
Oct 13 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403528 of user rubyman.
Oct 13 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27170]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403528.
Oct 13 07:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26944]: pam_unix(cron:session): session closed for user root
Oct 13 07:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23124]: pam_unix(cron:session): session closed for user root
Oct 13 07:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26928]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 13 07:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Failed password for root from 20.163.71.109 port 32970 ssh2
Oct 13 07:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Connection closed by 20.163.71.109 port 32970 [preauth]
Oct 13 07:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25723]: pam_unix(cron:session): session closed for user root
Oct 13 07:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 07:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27688]: Failed password for root from 194.182.86.152 port 53524 ssh2
Oct 13 07:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27688]: Connection closed by 194.182.86.152 port 53524 [preauth]
Oct 13 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27897]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27896]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27894]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27977]: Successful su for rubyman by root
Oct 13 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27977]: + ??? root:rubyman
Oct 13 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403534 of user rubyman.
Oct 13 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27977]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403534.
Oct 13 07:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 13 07:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28018]: Failed password for root from 20.163.71.109 port 48940 ssh2
Oct 13 07:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28018]: Connection closed by 20.163.71.109 port 48940 [preauth]
Oct 13 07:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23971]: pam_unix(cron:session): session closed for user root
Oct 13 07:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27895]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26288]: pam_unix(cron:session): session closed for user root
Oct 13 07:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 07:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: Failed password for root from 194.182.86.152 port 54222 ssh2
Oct 13 07:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28316]: Connection closed by 194.182.86.152 port 54222 [preauth]
Oct 13 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28390]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28388]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28385]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28689]: Successful su for rubyman by root
Oct 13 07:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28689]: + ??? root:rubyman
Oct 13 07:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403537 of user rubyman.
Oct 13 07:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28689]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403537.
Oct 13 07:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24534]: pam_unix(cron:session): session closed for user root
Oct 13 07:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28386]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26948]: pam_unix(cron:session): session closed for user root
Oct 13 07:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 13 07:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Failed password for root from 190.103.202.7 port 47188 ssh2
Oct 13 07:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Connection closed by 190.103.202.7 port 47188 [preauth]
Oct 13 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29219]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29218]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29217]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29216]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29216]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29303]: Successful su for rubyman by root
Oct 13 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29303]: + ??? root:rubyman
Oct 13 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403541 of user rubyman.
Oct 13 07:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29303]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403541.
Oct 13 07:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25015]: pam_unix(cron:session): session closed for user root
Oct 13 07:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29217]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27897]: pam_unix(cron:session): session closed for user root
Oct 13 07:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 07:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29668]: Failed password for root from 194.182.86.152 port 44062 ssh2
Oct 13 07:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29668]: Connection closed by 194.182.86.152 port 44062 [preauth]
Oct 13 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29714]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29716]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29710]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29712]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29914]: Successful su for rubyman by root
Oct 13 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29914]: + ??? root:rubyman
Oct 13 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403547 of user rubyman.
Oct 13 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29914]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403547.
Oct 13 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29710]: pam_unix(cron:session): session closed for user root
Oct 13 07:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25722]: pam_unix(cron:session): session closed for user root
Oct 13 07:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29713]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28390]: pam_unix(cron:session): session closed for user root
Oct 13 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30355]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30354]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30356]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30357]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30357]: pam_unix(cron:session): session closed for user root
Oct 13 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30352]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30466]: Successful su for rubyman by root
Oct 13 07:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30466]: + ??? root:rubyman
Oct 13 07:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403553 of user rubyman.
Oct 13 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[30466]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403553.
Oct 13 07:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30354]: pam_unix(cron:session): session closed for user root
Oct 13 07:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26287]: pam_unix(cron:session): session closed for user root
Oct 13 07:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30353]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29219]: pam_unix(cron:session): session closed for user root
Oct 13 07:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: Did not receive identification string from 80.211.129.128
Oct 13 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30944]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30943]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30941]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31042]: Successful su for rubyman by root
Oct 13 07:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31042]: + ??? root:rubyman
Oct 13 07:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403558 of user rubyman.
Oct 13 07:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31042]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403558.
Oct 13 07:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26947]: pam_unix(cron:session): session closed for user root
Oct 13 07:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30942]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29716]: pam_unix(cron:session): session closed for user root
Oct 13 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31437]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31445]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31423]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31649]: Invalid user solv from 159.203.18.124
Oct 13 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31649]: input_userauth_request: invalid user solv [preauth]
Oct 13 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31649]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.18.124
Oct 13 07:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31671]: Successful su for rubyman by root
Oct 13 07:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31671]: + ??? root:rubyman
Oct 13 07:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31671]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403560 of user rubyman.
Oct 13 07:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31671]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403560.
Oct 13 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31649]: Failed password for invalid user solv from 159.203.18.124 port 34002 ssh2
Oct 13 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31649]: Connection closed by 159.203.18.124 port 34002 [preauth]
Oct 13 07:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27896]: pam_unix(cron:session): session closed for user root
Oct 13 07:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31436]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30356]: pam_unix(cron:session): session closed for user root
Oct 13 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32059]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32061]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32058]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32060]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32058]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32203]: Successful su for rubyman by root
Oct 13 07:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32203]: + ??? root:rubyman
Oct 13 07:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403564 of user rubyman.
Oct 13 07:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32203]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403564.
Oct 13 07:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28388]: pam_unix(cron:session): session closed for user root
Oct 13 07:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: Did not receive identification string from 80.211.129.128
Oct 13 07:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32059]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30944]: pam_unix(cron:session): session closed for user root
Oct 13 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32574]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32573]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32571]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32652]: Successful su for rubyman by root
Oct 13 07:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32652]: + ??? root:rubyman
Oct 13 07:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403569 of user rubyman.
Oct 13 07:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32652]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403569.
Oct 13 07:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29218]: pam_unix(cron:session): session closed for user root
Oct 13 07:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32572]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31445]: pam_unix(cron:session): session closed for user root
Oct 13 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[591]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[592]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[590]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[593]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[593]: pam_unix(cron:session): session closed for user root
Oct 13 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[588]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[666]: Successful su for rubyman by root
Oct 13 07:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[666]: + ??? root:rubyman
Oct 13 07:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403574 of user rubyman.
Oct 13 07:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[666]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403574.
Oct 13 07:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[590]: pam_unix(cron:session): session closed for user root
Oct 13 07:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29714]: pam_unix(cron:session): session closed for user root
Oct 13 07:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[589]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32061]: pam_unix(cron:session): session closed for user root
Oct 13 07:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1171]: Invalid user hduser from 193.32.162.151
Oct 13 07:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1171]: input_userauth_request: invalid user hduser [preauth]
Oct 13 07:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1171]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 13 07:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1171]: Failed password for invalid user hduser from 193.32.162.151 port 57030 ssh2
Oct 13 07:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1171]: Connection closed by 193.32.162.151 port 57030 [preauth]
Oct 13 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1187]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1186]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1183]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1268]: Successful su for rubyman by root
Oct 13 07:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1268]: + ??? root:rubyman
Oct 13 07:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403579 of user rubyman.
Oct 13 07:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1268]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403579.
Oct 13 07:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30355]: pam_unix(cron:session): session closed for user root
Oct 13 07:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1184]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32574]: pam_unix(cron:session): session closed for user root
Oct 13 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1702]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1703]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1700]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1700]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: Successful su for rubyman by root
Oct 13 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: + ??? root:rubyman
Oct 13 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403585 of user rubyman.
Oct 13 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403585.
Oct 13 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30943]: pam_unix(cron:session): session closed for user root
Oct 13 07:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1701]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[592]: pam_unix(cron:session): session closed for user root
Oct 13 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2265]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2267]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2263]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2327]: Successful su for rubyman by root
Oct 13 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2327]: + ??? root:rubyman
Oct 13 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403586 of user rubyman.
Oct 13 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2327]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403586.
Oct 13 07:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31437]: pam_unix(cron:session): session closed for user root
Oct 13 07:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.106.80.16  user=root
Oct 13 07:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: Failed password for root from 180.106.80.16 port 36323 ssh2
Oct 13 07:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: Received disconnect from 180.106.80.16 port 36323:11: Bye Bye [preauth]
Oct 13 07:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: Disconnected from 180.106.80.16 port 36323 [preauth]
Oct 13 07:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2264]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1187]: pam_unix(cron:session): session closed for user root
Oct 13 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2712]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2711]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2709]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2709]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2778]: Successful su for rubyman by root
Oct 13 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2778]: + ??? root:rubyman
Oct 13 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403590 of user rubyman.
Oct 13 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2778]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403590.
Oct 13 07:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: Invalid user nmrsu from 20.127.224.153
Oct 13 07:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: input_userauth_request: invalid user nmrsu [preauth]
Oct 13 07:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 07:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: Failed password for invalid user nmrsu from 20.127.224.153 port 50512 ssh2
Oct 13 07:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: Received disconnect from 20.127.224.153 port 50512:11: Bye Bye [preauth]
Oct 13 07:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: Disconnected from 20.127.224.153 port 50512 [preauth]
Oct 13 07:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32060]: pam_unix(cron:session): session closed for user root
Oct 13 07:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2710]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1703]: pam_unix(cron:session): session closed for user root
Oct 13 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3153]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3152]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3154]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3155]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3155]: pam_unix(cron:session): session closed for user root
Oct 13 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3149]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3232]: Successful su for rubyman by root
Oct 13 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3232]: + ??? root:rubyman
Oct 13 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403596 of user rubyman.
Oct 13 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3232]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403596.
Oct 13 07:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3152]: pam_unix(cron:session): session closed for user root
Oct 13 07:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32573]: pam_unix(cron:session): session closed for user root
Oct 13 07:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3151]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2267]: pam_unix(cron:session): session closed for user root
Oct 13 07:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Bad protocol version identification '\026\003\001' from 195.178.110.15 port 34622
Oct 13 07:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3643]: Bad protocol version identification 'GET / HTTP/1.1' from 195.178.110.15 port 34636
Oct 13 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3658]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3656]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3657]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3655]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3655]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3732]: Successful su for rubyman by root
Oct 13 07:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3732]: + ??? root:rubyman
Oct 13 07:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403600 of user rubyman.
Oct 13 07:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3732]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403600.
Oct 13 07:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3911]: Invalid user jj from 115.151.72.155
Oct 13 07:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3911]: input_userauth_request: invalid user jj [preauth]
Oct 13 07:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3911]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.151.72.155
Oct 13 07:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[591]: pam_unix(cron:session): session closed for user root
Oct 13 07:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3911]: Failed password for invalid user jj from 115.151.72.155 port 49743 ssh2
Oct 13 07:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3911]: Received disconnect from 115.151.72.155 port 49743:11: Bye Bye [preauth]
Oct 13 07:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3911]: Disconnected from 115.151.72.155 port 49743 [preauth]
Oct 13 07:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3656]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2712]: pam_unix(cron:session): session closed for user root
Oct 13 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4122]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4121]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4119]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4229]: Successful su for rubyman by root
Oct 13 07:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4229]: + ??? root:rubyman
Oct 13 07:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403606 of user rubyman.
Oct 13 07:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4229]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403606.
Oct 13 07:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1186]: pam_unix(cron:session): session closed for user root
Oct 13 07:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4120]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: Invalid user test2 from 20.127.224.153
Oct 13 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: input_userauth_request: invalid user test2 [preauth]
Oct 13 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 07:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: Failed password for invalid user test2 from 20.127.224.153 port 41322 ssh2
Oct 13 07:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: Received disconnect from 20.127.224.153 port 41322:11: Bye Bye [preauth]
Oct 13 07:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: Disconnected from 20.127.224.153 port 41322 [preauth]
Oct 13 07:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4530]: Did not receive identification string from 80.211.129.128
Oct 13 07:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3154]: pam_unix(cron:session): session closed for user root
Oct 13 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4675]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4674]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4672]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4671]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4742]: Successful su for rubyman by root
Oct 13 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4742]: + ??? root:rubyman
Oct 13 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4742]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403608 of user rubyman.
Oct 13 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4742]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403608.
Oct 13 07:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1702]: pam_unix(cron:session): session closed for user root
Oct 13 07:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4672]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3658]: pam_unix(cron:session): session closed for user root
Oct 13 07:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: Invalid user crystal from 20.127.224.153
Oct 13 07:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: input_userauth_request: invalid user crystal [preauth]
Oct 13 07:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: Failed password for invalid user crystal from 20.127.224.153 port 60750 ssh2
Oct 13 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: Received disconnect from 20.127.224.153 port 60750:11: Bye Bye [preauth]
Oct 13 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5606]: Disconnected from 20.127.224.153 port 60750 [preauth]
Oct 13 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5626]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5628]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5625]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5623]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5699]: Successful su for rubyman by root
Oct 13 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5699]: + ??? root:rubyman
Oct 13 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403614 of user rubyman.
Oct 13 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5699]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403614.
Oct 13 07:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2265]: pam_unix(cron:session): session closed for user root
Oct 13 07:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5625]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4122]: pam_unix(cron:session): session closed for user root
Oct 13 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6089]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6088]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6090]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6087]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6090]: pam_unix(cron:session): session closed for user root
Oct 13 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6085]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6176]: Successful su for rubyman by root
Oct 13 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6176]: + ??? root:rubyman
Oct 13 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403617 of user rubyman.
Oct 13 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6176]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403617.
Oct 13 07:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6087]: pam_unix(cron:session): session closed for user root
Oct 13 07:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2711]: pam_unix(cron:session): session closed for user root
Oct 13 07:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6086]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153  user=root
Oct 13 07:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: Failed password for root from 20.127.224.153 port 52486 ssh2
Oct 13 07:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: Received disconnect from 20.127.224.153 port 52486:11: Bye Bye [preauth]
Oct 13 07:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: Disconnected from 20.127.224.153 port 52486 [preauth]
Oct 13 07:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4675]: pam_unix(cron:session): session closed for user root
Oct 13 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6604]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6603]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6597]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6758]: Successful su for rubyman by root
Oct 13 07:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6758]: + ??? root:rubyman
Oct 13 07:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403622 of user rubyman.
Oct 13 07:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6758]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403622.
Oct 13 07:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3153]: pam_unix(cron:session): session closed for user root
Oct 13 07:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6598]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Invalid user zsw from 164.68.105.9
Oct 13 07:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: input_userauth_request: invalid user zsw [preauth]
Oct 13 07:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 07:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Failed password for invalid user zsw from 164.68.105.9 port 39580 ssh2
Oct 13 07:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Connection closed by 164.68.105.9 port 39580 [preauth]
Oct 13 07:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5628]: pam_unix(cron:session): session closed for user root
Oct 13 07:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7128]: Invalid user tibero from 20.127.224.153
Oct 13 07:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7128]: input_userauth_request: invalid user tibero [preauth]
Oct 13 07:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7128]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 07:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7128]: Failed password for invalid user tibero from 20.127.224.153 port 47800 ssh2
Oct 13 07:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7128]: Received disconnect from 20.127.224.153 port 47800:11: Bye Bye [preauth]
Oct 13 07:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7128]: Disconnected from 20.127.224.153 port 47800 [preauth]
Oct 13 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7229]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7226]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7224]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7301]: Successful su for rubyman by root
Oct 13 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7301]: + ??? root:rubyman
Oct 13 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7301]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403626 of user rubyman.
Oct 13 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7301]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403626.
Oct 13 07:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3657]: pam_unix(cron:session): session closed for user root
Oct 13 07:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7225]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6089]: pam_unix(cron:session): session closed for user root
Oct 13 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7690]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7691]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7684]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7766]: Successful su for rubyman by root
Oct 13 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7766]: + ??? root:rubyman
Oct 13 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403632 of user rubyman.
Oct 13 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7766]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403632.
Oct 13 07:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Invalid user solana from 159.203.18.124
Oct 13 07:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: input_userauth_request: invalid user solana [preauth]
Oct 13 07:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.18.124
Oct 13 07:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4121]: pam_unix(cron:session): session closed for user root
Oct 13 07:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Failed password for invalid user solana from 159.203.18.124 port 48842 ssh2
Oct 13 07:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Connection closed by 159.203.18.124 port 48842 [preauth]
Oct 13 07:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153  user=root
Oct 13 07:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8424]: Failed password for root from 20.127.224.153 port 43860 ssh2
Oct 13 07:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8424]: Received disconnect from 20.127.224.153 port 43860:11: Bye Bye [preauth]
Oct 13 07:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8424]: Disconnected from 20.127.224.153 port 43860 [preauth]
Oct 13 07:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7687]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6604]: pam_unix(cron:session): session closed for user root
Oct 13 07:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: Invalid user romeo from 2.57.121.112
Oct 13 07:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: input_userauth_request: invalid user romeo [preauth]
Oct 13 07:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 07:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: Failed password for invalid user romeo from 2.57.121.112 port 63482 ssh2
Oct 13 07:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: Failed password for invalid user romeo from 2.57.121.112 port 63482 ssh2
Oct 13 07:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: Failed password for invalid user romeo from 2.57.121.112 port 63482 ssh2
Oct 13 07:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: Failed password for invalid user romeo from 2.57.121.112 port 63482 ssh2
Oct 13 07:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: Failed password for invalid user romeo from 2.57.121.112 port 63482 ssh2
Oct 13 07:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: Received disconnect from 2.57.121.112 port 63482:11: Bye [preauth]
Oct 13 07:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: Disconnected from 2.57.121.112 port 63482 [preauth]
Oct 13 07:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 07:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8612]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8613]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8610]: pam_unix(cron:session): session closed for user p13x
Oct 13 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8682]: Successful su for rubyman by root
Oct 13 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8682]: + ??? root:rubyman
Oct 13 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403635 of user rubyman.
Oct 13 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8682]: pam_unix(su:session): session closed for user rubyman
Oct 13 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403635.
Oct 13 07:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4674]: pam_unix(cron:session): session closed for user root
Oct 13 07:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8611]: pam_unix(cron:session): session closed for user samftp
Oct 13 07:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7229]: pam_unix(cron:session): session closed for user root
Oct 13 07:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 07:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: Invalid user lby from 20.127.224.153
Oct 13 07:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: input_userauth_request: invalid user lby [preauth]
Oct 13 07:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 07:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 07:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: Failed password for invalid user lby from 20.127.224.153 port 52432 ssh2
Oct 13 07:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: Received disconnect from 20.127.224.153 port 52432:11: Bye Bye [preauth]
Oct 13 07:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: Disconnected from 20.127.224.153 port 52432 [preauth]
Oct 13 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9290]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9294]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9293]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9291]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9289]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9294]: pam_unix(cron:session): session closed for user root
Oct 13 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9289]: pam_unix(cron:session): session closed for user root
Oct 13 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9286]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9428]: Successful su for rubyman by root
Oct 13 08:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9428]: + ??? root:rubyman
Oct 13 08:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403640 of user rubyman.
Oct 13 08:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9428]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403640.
Oct 13 08:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9290]: pam_unix(cron:session): session closed for user root
Oct 13 08:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5626]: pam_unix(cron:session): session closed for user root
Oct 13 08:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9287]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7691]: pam_unix(cron:session): session closed for user root
Oct 13 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10032]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10030]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10025]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10027]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10025]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10118]: Successful su for rubyman by root
Oct 13 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10118]: + ??? root:rubyman
Oct 13 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10118]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403646 of user rubyman.
Oct 13 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10118]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403646.
Oct 13 08:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6088]: pam_unix(cron:session): session closed for user root
Oct 13 08:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153  user=root
Oct 13 08:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 13 08:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: Failed password for root from 20.127.224.153 port 50702 ssh2
Oct 13 08:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: Received disconnect from 20.127.224.153 port 50702:11: Bye Bye [preauth]
Oct 13 08:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: Disconnected from 20.127.224.153 port 50702 [preauth]
Oct 13 08:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10339]: Failed password for root from 190.103.202.7 port 51636 ssh2
Oct 13 08:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10339]: Connection closed by 190.103.202.7 port 51636 [preauth]
Oct 13 08:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10027]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8613]: pam_unix(cron:session): session closed for user root
Oct 13 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10535]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10534]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10528]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10606]: Successful su for rubyman by root
Oct 13 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10606]: + ??? root:rubyman
Oct 13 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403649 of user rubyman.
Oct 13 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10606]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403649.
Oct 13 08:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6603]: pam_unix(cron:session): session closed for user root
Oct 13 08:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10529]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: Invalid user deployuser from 186.96.145.241
Oct 13 08:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: input_userauth_request: invalid user deployuser [preauth]
Oct 13 08:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 13 08:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: Failed password for invalid user deployuser from 186.96.145.241 port 41914 ssh2
Oct 13 08:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: Connection closed by 186.96.145.241 port 41914 [preauth]
Oct 13 08:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9293]: pam_unix(cron:session): session closed for user root
Oct 13 08:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153  user=root
Oct 13 08:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: Failed password for root from 20.127.224.153 port 55342 ssh2
Oct 13 08:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: Received disconnect from 20.127.224.153 port 55342:11: Bye Bye [preauth]
Oct 13 08:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: Disconnected from 20.127.224.153 port 55342 [preauth]
Oct 13 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11002]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11003]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10998]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11070]: Successful su for rubyman by root
Oct 13 08:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11070]: + ??? root:rubyman
Oct 13 08:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403656 of user rubyman.
Oct 13 08:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11070]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403656.
Oct 13 08:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7226]: pam_unix(cron:session): session closed for user root
Oct 13 08:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11000]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10032]: pam_unix(cron:session): session closed for user root
Oct 13 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11451]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11450]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11448]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11524]: Successful su for rubyman by root
Oct 13 08:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11524]: + ??? root:rubyman
Oct 13 08:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403657 of user rubyman.
Oct 13 08:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11524]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403657.
Oct 13 08:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: Invalid user sahil from 20.127.224.153
Oct 13 08:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: input_userauth_request: invalid user sahil [preauth]
Oct 13 08:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 08:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7690]: pam_unix(cron:session): session closed for user root
Oct 13 08:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: Failed password for invalid user sahil from 20.127.224.153 port 51996 ssh2
Oct 13 08:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: Received disconnect from 20.127.224.153 port 51996:11: Bye Bye [preauth]
Oct 13 08:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: Disconnected from 20.127.224.153 port 51996 [preauth]
Oct 13 08:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11449]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10535]: pam_unix(cron:session): session closed for user root
Oct 13 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12023]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12020]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12022]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12019]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12023]: pam_unix(cron:session): session closed for user root
Oct 13 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12015]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12105]: Successful su for rubyman by root
Oct 13 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12105]: + ??? root:rubyman
Oct 13 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403664 of user rubyman.
Oct 13 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12105]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403664.
Oct 13 08:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12019]: pam_unix(cron:session): session closed for user root
Oct 13 08:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8612]: pam_unix(cron:session): session closed for user root
Oct 13 08:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12017]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Invalid user storage from 20.127.224.153
Oct 13 08:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: input_userauth_request: invalid user storage [preauth]
Oct 13 08:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 08:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11003]: pam_unix(cron:session): session closed for user root
Oct 13 08:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Failed password for invalid user storage from 20.127.224.153 port 42036 ssh2
Oct 13 08:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Received disconnect from 20.127.224.153 port 42036:11: Bye Bye [preauth]
Oct 13 08:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Disconnected from 20.127.224.153 port 42036 [preauth]
Oct 13 08:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 08:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12499]: Failed password for root from 194.182.86.152 port 39700 ssh2
Oct 13 08:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12499]: Connection closed by 194.182.86.152 port 39700 [preauth]
Oct 13 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12546]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12545]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12543]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12634]: Successful su for rubyman by root
Oct 13 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12634]: + ??? root:rubyman
Oct 13 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403669 of user rubyman.
Oct 13 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12634]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403669.
Oct 13 08:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9291]: pam_unix(cron:session): session closed for user root
Oct 13 08:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12544]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11451]: pam_unix(cron:session): session closed for user root
Oct 13 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13063]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13065]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13060]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13132]: Successful su for rubyman by root
Oct 13 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13132]: + ??? root:rubyman
Oct 13 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13132]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403673 of user rubyman.
Oct 13 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13132]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403673.
Oct 13 08:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153  user=root
Oct 13 08:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13380]: Failed password for root from 20.127.224.153 port 42512 ssh2
Oct 13 08:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13380]: Received disconnect from 20.127.224.153 port 42512:11: Bye Bye [preauth]
Oct 13 08:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13380]: Disconnected from 20.127.224.153 port 42512 [preauth]
Oct 13 08:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10030]: pam_unix(cron:session): session closed for user root
Oct 13 08:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13061]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12022]: pam_unix(cron:session): session closed for user root
Oct 13 08:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13627]: Did not receive identification string from 80.211.129.128
Oct 13 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13640]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13639]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13638]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13637]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13637]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13709]: Successful su for rubyman by root
Oct 13 08:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13709]: + ??? root:rubyman
Oct 13 08:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403675 of user rubyman.
Oct 13 08:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13709]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403675.
Oct 13 08:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10534]: pam_unix(cron:session): session closed for user root
Oct 13 08:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13638]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: Invalid user hadoop from 20.127.224.153
Oct 13 08:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 08:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 08:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12546]: pam_unix(cron:session): session closed for user root
Oct 13 08:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: Failed password for invalid user hadoop from 20.127.224.153 port 35296 ssh2
Oct 13 08:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: Received disconnect from 20.127.224.153 port 35296:11: Bye Bye [preauth]
Oct 13 08:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: Disconnected from 20.127.224.153 port 35296 [preauth]
Oct 13 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14202]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14203]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14200]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14371]: Successful su for rubyman by root
Oct 13 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14371]: + ??? root:rubyman
Oct 13 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403679 of user rubyman.
Oct 13 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14371]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403679.
Oct 13 08:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session closed for user root
Oct 13 08:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11002]: pam_unix(cron:session): session closed for user root
Oct 13 08:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14201]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 08:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: Failed password for root from 194.182.86.152 port 35052 ssh2
Oct 13 08:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: Connection closed by 194.182.86.152 port 35052 [preauth]
Oct 13 08:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13065]: pam_unix(cron:session): session closed for user root
Oct 13 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14743]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14747]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14744]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14742]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14747]: pam_unix(cron:session): session closed for user root
Oct 13 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14739]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14843]: Successful su for rubyman by root
Oct 13 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14843]: + ??? root:rubyman
Oct 13 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14843]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403688 of user rubyman.
Oct 13 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14843]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403688.
Oct 13 08:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14860]: Invalid user crafty from 20.127.224.153
Oct 13 08:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14860]: input_userauth_request: invalid user crafty [preauth]
Oct 13 08:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14860]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 08:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14860]: Failed password for invalid user crafty from 20.127.224.153 port 53076 ssh2
Oct 13 08:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14860]: Received disconnect from 20.127.224.153 port 53076:11: Bye Bye [preauth]
Oct 13 08:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14860]: Disconnected from 20.127.224.153 port 53076 [preauth]
Oct 13 08:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14742]: pam_unix(cron:session): session closed for user root
Oct 13 08:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11450]: pam_unix(cron:session): session closed for user root
Oct 13 08:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14741]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13640]: pam_unix(cron:session): session closed for user root
Oct 13 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15365]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15364]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15362]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15431]: Successful su for rubyman by root
Oct 13 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15431]: + ??? root:rubyman
Oct 13 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403690 of user rubyman.
Oct 13 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15431]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403690.
Oct 13 08:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12020]: pam_unix(cron:session): session closed for user root
Oct 13 08:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15363]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153  user=root
Oct 13 08:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 08:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Failed password for root from 20.127.224.153 port 56416 ssh2
Oct 13 08:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Received disconnect from 20.127.224.153 port 56416:11: Bye Bye [preauth]
Oct 13 08:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Disconnected from 20.127.224.153 port 56416 [preauth]
Oct 13 08:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15709]: Failed password for root from 194.182.86.152 port 38982 ssh2
Oct 13 08:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15709]: Connection closed by 194.182.86.152 port 38982 [preauth]
Oct 13 08:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: Invalid user user from 62.60.131.157
Oct 13 08:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: input_userauth_request: invalid user user [preauth]
Oct 13 08:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 08:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14203]: pam_unix(cron:session): session closed for user root
Oct 13 08:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: Failed password for invalid user user from 62.60.131.157 port 59021 ssh2
Oct 13 08:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: Failed password for invalid user user from 62.60.131.157 port 59021 ssh2
Oct 13 08:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: Failed password for invalid user user from 62.60.131.157 port 59021 ssh2
Oct 13 08:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: Failed password for invalid user user from 62.60.131.157 port 59021 ssh2
Oct 13 08:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: Failed password for invalid user user from 62.60.131.157 port 59021 ssh2
Oct 13 08:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: Received disconnect from 62.60.131.157 port 59021:11: Bye [preauth]
Oct 13 08:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: Disconnected from 62.60.131.157 port 59021 [preauth]
Oct 13 08:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 08:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 08:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: Did not receive identification string from 80.211.129.128
Oct 13 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15814]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15815]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15812]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15886]: Successful su for rubyman by root
Oct 13 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15886]: + ??? root:rubyman
Oct 13 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403694 of user rubyman.
Oct 13 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15886]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403694.
Oct 13 08:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12545]: pam_unix(cron:session): session closed for user root
Oct 13 08:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15813]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14744]: pam_unix(cron:session): session closed for user root
Oct 13 08:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: Invalid user ftpuser from 20.127.224.153
Oct 13 08:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 08:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16265]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16266]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16263]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: Failed password for invalid user ftpuser from 20.127.224.153 port 43906 ssh2
Oct 13 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: Received disconnect from 20.127.224.153 port 43906:11: Bye Bye [preauth]
Oct 13 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: Disconnected from 20.127.224.153 port 43906 [preauth]
Oct 13 08:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16342]: Successful su for rubyman by root
Oct 13 08:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16342]: + ??? root:rubyman
Oct 13 08:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403698 of user rubyman.
Oct 13 08:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16342]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403698.
Oct 13 08:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13063]: pam_unix(cron:session): session closed for user root
Oct 13 08:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16264]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 08:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16621]: Failed password for root from 80.211.129.128 port 55992 ssh2
Oct 13 08:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15365]: pam_unix(cron:session): session closed for user root
Oct 13 08:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16621]: Connection closed by 80.211.129.128 port 55992 [preauth]
Oct 13 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16730]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16729]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16727]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16814]: Successful su for rubyman by root
Oct 13 08:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16814]: + ??? root:rubyman
Oct 13 08:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403702 of user rubyman.
Oct 13 08:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16814]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403702.
Oct 13 08:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13639]: pam_unix(cron:session): session closed for user root
Oct 13 08:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16728]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: Invalid user sammy from 20.127.224.153
Oct 13 08:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: input_userauth_request: invalid user sammy [preauth]
Oct 13 08:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 08:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: Failed password for invalid user sammy from 20.127.224.153 port 50482 ssh2
Oct 13 08:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: Received disconnect from 20.127.224.153 port 50482:11: Bye Bye [preauth]
Oct 13 08:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: Disconnected from 20.127.224.153 port 50482 [preauth]
Oct 13 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15815]: pam_unix(cron:session): session closed for user root
Oct 13 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17205]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17207]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17204]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17203]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17207]: pam_unix(cron:session): session closed for user root
Oct 13 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17200]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17286]: Successful su for rubyman by root
Oct 13 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17286]: + ??? root:rubyman
Oct 13 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403706 of user rubyman.
Oct 13 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17286]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403706.
Oct 13 08:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17203]: pam_unix(cron:session): session closed for user root
Oct 13 08:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14202]: pam_unix(cron:session): session closed for user root
Oct 13 08:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17201]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16266]: pam_unix(cron:session): session closed for user root
Oct 13 08:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: Invalid user  from 192.144.178.19
Oct 13 08:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: input_userauth_request: invalid user  [preauth]
Oct 13 08:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: Connection closed by 192.144.178.19 port 44888 [preauth]
Oct 13 08:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17683]: Invalid user printer from 20.127.224.153
Oct 13 08:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17683]: input_userauth_request: invalid user printer [preauth]
Oct 13 08:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17683]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 08:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17683]: Failed password for invalid user printer from 20.127.224.153 port 50340 ssh2
Oct 13 08:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17683]: Received disconnect from 20.127.224.153 port 50340:11: Bye Bye [preauth]
Oct 13 08:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17683]: Disconnected from 20.127.224.153 port 50340 [preauth]
Oct 13 08:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: Invalid user admin from 2.57.121.112
Oct 13 08:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: input_userauth_request: invalid user admin [preauth]
Oct 13 08:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: Failed password for invalid user admin from 2.57.121.112 port 16427 ssh2
Oct 13 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17712]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17714]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17710]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17854]: Successful su for rubyman by root
Oct 13 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17854]: + ??? root:rubyman
Oct 13 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403712 of user rubyman.
Oct 13 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17854]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403712.
Oct 13 08:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: Failed password for invalid user admin from 2.57.121.112 port 16427 ssh2
Oct 13 08:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: Failed password for invalid user admin from 2.57.121.112 port 16427 ssh2
Oct 13 08:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: Failed password for invalid user admin from 2.57.121.112 port 16427 ssh2
Oct 13 08:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: Failed password for invalid user admin from 2.57.121.112 port 16427 ssh2
Oct 13 08:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: Received disconnect from 2.57.121.112 port 16427:11: Bye [preauth]
Oct 13 08:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: Disconnected from 2.57.121.112 port 16427 [preauth]
Oct 13 08:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 08:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17688]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 08:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14743]: pam_unix(cron:session): session closed for user root
Oct 13 08:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17711]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: Did not receive identification string from 80.211.129.128
Oct 13 08:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: Invalid user dns1 from 138.68.58.124
Oct 13 08:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: input_userauth_request: invalid user dns1 [preauth]
Oct 13 08:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Oct 13 08:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16730]: pam_unix(cron:session): session closed for user root
Oct 13 08:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: Failed password for invalid user dns1 from 138.68.58.124 port 57032 ssh2
Oct 13 08:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: Connection closed by 138.68.58.124 port 57032 [preauth]
Oct 13 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18481]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18482]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18477]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18479]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18477]: pam_unix(cron:session): session closed for user root
Oct 13 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18479]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18571]: Successful su for rubyman by root
Oct 13 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18571]: + ??? root:rubyman
Oct 13 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403716 of user rubyman.
Oct 13 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18571]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403716.
Oct 13 08:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15364]: pam_unix(cron:session): session closed for user root
Oct 13 08:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18480]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: Invalid user manoj from 20.127.224.153
Oct 13 08:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: input_userauth_request: invalid user manoj [preauth]
Oct 13 08:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 08:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: Failed password for invalid user manoj from 20.127.224.153 port 52336 ssh2
Oct 13 08:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: Received disconnect from 20.127.224.153 port 52336:11: Bye Bye [preauth]
Oct 13 08:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: Disconnected from 20.127.224.153 port 52336 [preauth]
Oct 13 08:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17205]: pam_unix(cron:session): session closed for user root
Oct 13 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19087]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19085]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19082]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19081]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19081]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19160]: Successful su for rubyman by root
Oct 13 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19160]: + ??? root:rubyman
Oct 13 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19160]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403721 of user rubyman.
Oct 13 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19160]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403721.
Oct 13 08:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15814]: pam_unix(cron:session): session closed for user root
Oct 13 08:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19082]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 08:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: Failed password for root from 194.182.86.152 port 47870 ssh2
Oct 13 08:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: Connection closed by 194.182.86.152 port 47870 [preauth]
Oct 13 08:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17714]: pam_unix(cron:session): session closed for user root
Oct 13 08:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153  user=root
Oct 13 08:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19873]: Failed password for root from 20.127.224.153 port 46908 ssh2
Oct 13 08:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19873]: Received disconnect from 20.127.224.153 port 46908:11: Bye Bye [preauth]
Oct 13 08:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19873]: Disconnected from 20.127.224.153 port 46908 [preauth]
Oct 13 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19918]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19917]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19915]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19997]: Successful su for rubyman by root
Oct 13 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19997]: + ??? root:rubyman
Oct 13 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403725 of user rubyman.
Oct 13 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19997]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403725.
Oct 13 08:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16265]: pam_unix(cron:session): session closed for user root
Oct 13 08:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19916]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18482]: pam_unix(cron:session): session closed for user root
Oct 13 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20428]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20430]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20432]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20429]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20432]: pam_unix(cron:session): session closed for user root
Oct 13 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20425]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20521]: Successful su for rubyman by root
Oct 13 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20521]: + ??? root:rubyman
Oct 13 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403732 of user rubyman.
Oct 13 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20521]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403732.
Oct 13 08:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20428]: pam_unix(cron:session): session closed for user root
Oct 13 08:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16729]: pam_unix(cron:session): session closed for user root
Oct 13 08:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: Invalid user user from 20.127.224.153
Oct 13 08:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: input_userauth_request: invalid user user [preauth]
Oct 13 08:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 08:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20427]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: Failed password for invalid user user from 20.127.224.153 port 47284 ssh2
Oct 13 08:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: Received disconnect from 20.127.224.153 port 47284:11: Bye Bye [preauth]
Oct 13 08:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20786]: Disconnected from 20.127.224.153 port 47284 [preauth]
Oct 13 08:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19087]: pam_unix(cron:session): session closed for user root
Oct 13 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20926]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20925]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20923]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21011]: Successful su for rubyman by root
Oct 13 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21011]: + ??? root:rubyman
Oct 13 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403737 of user rubyman.
Oct 13 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21011]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403737.
Oct 13 08:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17204]: pam_unix(cron:session): session closed for user root
Oct 13 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151  user=root
Oct 13 08:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20924]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21212]: Failed password for root from 193.32.162.151 port 55884 ssh2
Oct 13 08:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21212]: Connection closed by 193.32.162.151 port 55884 [preauth]
Oct 13 08:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19918]: pam_unix(cron:session): session closed for user root
Oct 13 08:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21411]: Invalid user aria from 20.127.224.153
Oct 13 08:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21411]: input_userauth_request: invalid user aria [preauth]
Oct 13 08:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21411]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 08:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21411]: Failed password for invalid user aria from 20.127.224.153 port 41988 ssh2
Oct 13 08:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21411]: Received disconnect from 20.127.224.153 port 41988:11: Bye Bye [preauth]
Oct 13 08:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21411]: Disconnected from 20.127.224.153 port 41988 [preauth]
Oct 13 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21455]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21460]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21452]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21525]: Successful su for rubyman by root
Oct 13 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21525]: + ??? root:rubyman
Oct 13 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403740 of user rubyman.
Oct 13 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21525]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403740.
Oct 13 08:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17712]: pam_unix(cron:session): session closed for user root
Oct 13 08:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21454]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20430]: pam_unix(cron:session): session closed for user root
Oct 13 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21926]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21927]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21924]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21996]: Successful su for rubyman by root
Oct 13 08:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21996]: + ??? root:rubyman
Oct 13 08:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403745 of user rubyman.
Oct 13 08:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21996]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403745.
Oct 13 08:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18481]: pam_unix(cron:session): session closed for user root
Oct 13 08:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: Invalid user liming from 20.127.224.153
Oct 13 08:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: input_userauth_request: invalid user liming [preauth]
Oct 13 08:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 08:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: Failed password for invalid user liming from 20.127.224.153 port 59282 ssh2
Oct 13 08:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: Received disconnect from 20.127.224.153 port 59282:11: Bye Bye [preauth]
Oct 13 08:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: Disconnected from 20.127.224.153 port 59282 [preauth]
Oct 13 08:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21925]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.128.166  user=root
Oct 13 08:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22289]: Failed password for root from 124.198.128.166 port 59802 ssh2
Oct 13 08:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22289]: Connection closed by 124.198.128.166 port 59802 [preauth]
Oct 13 08:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 08:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22326]: Failed password for root from 194.182.86.152 port 56694 ssh2
Oct 13 08:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22326]: Connection closed by 194.182.86.152 port 56694 [preauth]
Oct 13 08:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20926]: pam_unix(cron:session): session closed for user root
Oct 13 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22417]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22416]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22414]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22488]: Successful su for rubyman by root
Oct 13 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22488]: + ??? root:rubyman
Oct 13 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403747 of user rubyman.
Oct 13 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22488]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403747.
Oct 13 08:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19085]: pam_unix(cron:session): session closed for user root
Oct 13 08:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: Invalid user admin from 62.60.131.157
Oct 13 08:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: input_userauth_request: invalid user admin [preauth]
Oct 13 08:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 08:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: Failed password for invalid user admin from 62.60.131.157 port 62600 ssh2
Oct 13 08:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22415]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: Failed password for invalid user admin from 62.60.131.157 port 62600 ssh2
Oct 13 08:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: Failed password for invalid user admin from 62.60.131.157 port 62600 ssh2
Oct 13 08:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: Failed password for invalid user admin from 62.60.131.157 port 62600 ssh2
Oct 13 08:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: Failed password for invalid user admin from 62.60.131.157 port 62600 ssh2
Oct 13 08:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: Received disconnect from 62.60.131.157 port 62600:11: Bye [preauth]
Oct 13 08:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: Disconnected from 62.60.131.157 port 62600 [preauth]
Oct 13 08:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 08:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 08:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Invalid user admin from 2.57.121.25
Oct 13 08:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: input_userauth_request: invalid user admin [preauth]
Oct 13 08:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 08:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Failed password for invalid user admin from 2.57.121.25 port 18796 ssh2
Oct 13 08:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Failed password for invalid user admin from 2.57.121.25 port 18796 ssh2
Oct 13 08:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21460]: pam_unix(cron:session): session closed for user root
Oct 13 08:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Failed password for invalid user admin from 2.57.121.25 port 18796 ssh2
Oct 13 08:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Failed password for invalid user admin from 2.57.121.25 port 18796 ssh2
Oct 13 08:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Failed password for invalid user admin from 2.57.121.25 port 18796 ssh2
Oct 13 08:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Received disconnect from 2.57.121.25 port 18796:11: Bye [preauth]
Oct 13 08:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Disconnected from 2.57.121.25 port 18796 [preauth]
Oct 13 08:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 08:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 08:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: Invalid user user from 20.127.224.153
Oct 13 08:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: input_userauth_request: invalid user user [preauth]
Oct 13 08:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 08:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: Failed password for invalid user user from 20.127.224.153 port 39678 ssh2
Oct 13 08:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: Received disconnect from 20.127.224.153 port 39678:11: Bye Bye [preauth]
Oct 13 08:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: Disconnected from 20.127.224.153 port 39678 [preauth]
Oct 13 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23260]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23259]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23257]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23258]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23260]: pam_unix(cron:session): session closed for user root
Oct 13 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23255]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23451]: Successful su for rubyman by root
Oct 13 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23451]: + ??? root:rubyman
Oct 13 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403753 of user rubyman.
Oct 13 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23451]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403753.
Oct 13 08:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23257]: pam_unix(cron:session): session closed for user root
Oct 13 08:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19917]: pam_unix(cron:session): session closed for user root
Oct 13 08:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23256]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21927]: pam_unix(cron:session): session closed for user root
Oct 13 08:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: Invalid user ubuntu from 20.163.71.109
Oct 13 08:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 08:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 13 08:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: Failed password for invalid user ubuntu from 20.163.71.109 port 50372 ssh2
Oct 13 08:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: Connection closed by 20.163.71.109 port 50372 [preauth]
Oct 13 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24131]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24127]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24222]: Successful su for rubyman by root
Oct 13 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24222]: + ??? root:rubyman
Oct 13 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403758 of user rubyman.
Oct 13 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24222]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403758.
Oct 13 08:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20429]: pam_unix(cron:session): session closed for user root
Oct 13 08:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24128]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153  user=root
Oct 13 08:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24507]: Failed password for root from 20.127.224.153 port 39710 ssh2
Oct 13 08:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24507]: Received disconnect from 20.127.224.153 port 39710:11: Bye Bye [preauth]
Oct 13 08:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24507]: Disconnected from 20.127.224.153 port 39710 [preauth]
Oct 13 08:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22417]: pam_unix(cron:session): session closed for user root
Oct 13 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24659]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24660]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24657]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24738]: Successful su for rubyman by root
Oct 13 08:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24738]: + ??? root:rubyman
Oct 13 08:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24738]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403761 of user rubyman.
Oct 13 08:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24738]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403761.
Oct 13 08:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20925]: pam_unix(cron:session): session closed for user root
Oct 13 08:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24658]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23259]: pam_unix(cron:session): session closed for user root
Oct 13 08:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: Invalid user azure from 20.127.224.153
Oct 13 08:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: input_userauth_request: invalid user azure [preauth]
Oct 13 08:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 08:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: Failed password for invalid user azure from 20.127.224.153 port 40148 ssh2
Oct 13 08:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: Received disconnect from 20.127.224.153 port 40148:11: Bye Bye [preauth]
Oct 13 08:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: Disconnected from 20.127.224.153 port 40148 [preauth]
Oct 13 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25144]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25143]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25141]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: Successful su for rubyman by root
Oct 13 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: + ??? root:rubyman
Oct 13 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403766 of user rubyman.
Oct 13 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403766.
Oct 13 08:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21455]: pam_unix(cron:session): session closed for user root
Oct 13 08:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25142]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151  user=root
Oct 13 08:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: Failed password for root from 193.32.162.151 port 54272 ssh2
Oct 13 08:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: Connection closed by 193.32.162.151 port 54272 [preauth]
Oct 13 08:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24131]: pam_unix(cron:session): session closed for user root
Oct 13 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25937]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25930]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25931]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25928]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26023]: Successful su for rubyman by root
Oct 13 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26023]: + ??? root:rubyman
Oct 13 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403770 of user rubyman.
Oct 13 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26023]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403770.
Oct 13 08:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: Did not receive identification string from 80.211.129.128
Oct 13 08:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21926]: pam_unix(cron:session): session closed for user root
Oct 13 08:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25930]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26265]: Invalid user tony from 20.127.224.153
Oct 13 08:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26265]: input_userauth_request: invalid user tony [preauth]
Oct 13 08:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26265]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 08:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26265]: Failed password for invalid user tony from 20.127.224.153 port 57032 ssh2
Oct 13 08:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26265]: Received disconnect from 20.127.224.153 port 57032:11: Bye Bye [preauth]
Oct 13 08:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26265]: Disconnected from 20.127.224.153 port 57032 [preauth]
Oct 13 08:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24660]: pam_unix(cron:session): session closed for user root
Oct 13 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26508]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26514]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26509]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26513]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26514]: pam_unix(cron:session): session closed for user root
Oct 13 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26506]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26590]: Successful su for rubyman by root
Oct 13 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26590]: + ??? root:rubyman
Oct 13 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403776 of user rubyman.
Oct 13 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26590]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403776.
Oct 13 08:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26508]: pam_unix(cron:session): session closed for user root
Oct 13 08:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22416]: pam_unix(cron:session): session closed for user root
Oct 13 08:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 08:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: Failed password for root from 194.182.86.152 port 49718 ssh2
Oct 13 08:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26507]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: Connection closed by 194.182.86.152 port 49718 [preauth]
Oct 13 08:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25144]: pam_unix(cron:session): session closed for user root
Oct 13 08:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27204]: Invalid user age from 20.127.224.153
Oct 13 08:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27204]: input_userauth_request: invalid user age [preauth]
Oct 13 08:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27204]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 08:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27204]: Failed password for invalid user age from 20.127.224.153 port 38320 ssh2
Oct 13 08:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27204]: Received disconnect from 20.127.224.153 port 38320:11: Bye Bye [preauth]
Oct 13 08:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27204]: Disconnected from 20.127.224.153 port 38320 [preauth]
Oct 13 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27245]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27244]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27241]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27320]: Successful su for rubyman by root
Oct 13 08:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27320]: + ??? root:rubyman
Oct 13 08:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403779 of user rubyman.
Oct 13 08:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27320]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403779.
Oct 13 08:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23258]: pam_unix(cron:session): session closed for user root
Oct 13 08:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27243]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: Did not receive identification string from 80.211.129.128
Oct 13 08:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25937]: pam_unix(cron:session): session closed for user root
Oct 13 08:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74  user=root
Oct 13 08:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27992]: Failed password for root from 78.128.112.74 port 60392 ssh2
Oct 13 08:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27992]: Connection closed by 78.128.112.74 port 60392 [preauth]
Oct 13 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28018]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28020]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28015]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28101]: Successful su for rubyman by root
Oct 13 08:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28101]: + ??? root:rubyman
Oct 13 08:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28101]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403783 of user rubyman.
Oct 13 08:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28101]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403783.
Oct 13 08:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session closed for user root
Oct 13 08:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153  user=root
Oct 13 08:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: Failed password for root from 20.127.224.153 port 57132 ssh2
Oct 13 08:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: Received disconnect from 20.127.224.153 port 57132:11: Bye Bye [preauth]
Oct 13 08:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: Disconnected from 20.127.224.153 port 57132 [preauth]
Oct 13 08:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28017]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26513]: pam_unix(cron:session): session closed for user root
Oct 13 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28753]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28751]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28750]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28748]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28748]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28825]: Successful su for rubyman by root
Oct 13 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28825]: + ??? root:rubyman
Oct 13 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403787 of user rubyman.
Oct 13 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28825]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403787.
Oct 13 08:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24659]: pam_unix(cron:session): session closed for user root
Oct 13 08:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: Invalid user guest from 62.60.131.157
Oct 13 08:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: input_userauth_request: invalid user guest [preauth]
Oct 13 08:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 08:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: Failed password for invalid user guest from 62.60.131.157 port 62284 ssh2
Oct 13 08:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28750]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: Failed password for invalid user guest from 62.60.131.157 port 62284 ssh2
Oct 13 08:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: Failed password for invalid user guest from 62.60.131.157 port 62284 ssh2
Oct 13 08:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: Failed password for invalid user guest from 62.60.131.157 port 62284 ssh2
Oct 13 08:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: Failed password for invalid user guest from 62.60.131.157 port 62284 ssh2
Oct 13 08:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: Received disconnect from 62.60.131.157 port 62284:11: Bye [preauth]
Oct 13 08:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: Disconnected from 62.60.131.157 port 62284 [preauth]
Oct 13 08:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 08:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 08:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27245]: pam_unix(cron:session): session closed for user root
Oct 13 08:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: Invalid user mehran from 20.127.224.153
Oct 13 08:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: input_userauth_request: invalid user mehran [preauth]
Oct 13 08:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 08:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: Failed password for invalid user mehran from 20.127.224.153 port 58984 ssh2
Oct 13 08:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: Received disconnect from 20.127.224.153 port 58984:11: Bye Bye [preauth]
Oct 13 08:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: Disconnected from 20.127.224.153 port 58984 [preauth]
Oct 13 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29369]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29370]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29367]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29445]: Successful su for rubyman by root
Oct 13 08:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29445]: + ??? root:rubyman
Oct 13 08:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403791 of user rubyman.
Oct 13 08:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29445]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403791.
Oct 13 08:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25143]: pam_unix(cron:session): session closed for user root
Oct 13 08:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29368]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28020]: pam_unix(cron:session): session closed for user root
Oct 13 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29862]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29861]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29860]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29855]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29862]: pam_unix(cron:session): session closed for user root
Oct 13 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29850]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29951]: Successful su for rubyman by root
Oct 13 08:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29951]: + ??? root:rubyman
Oct 13 08:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403797 of user rubyman.
Oct 13 08:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29951]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403797.
Oct 13 08:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: Invalid user phil from 20.127.224.153
Oct 13 08:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: input_userauth_request: invalid user phil [preauth]
Oct 13 08:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 08:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: Failed password for invalid user phil from 20.127.224.153 port 58464 ssh2
Oct 13 08:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: Received disconnect from 20.127.224.153 port 58464:11: Bye Bye [preauth]
Oct 13 08:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: Disconnected from 20.127.224.153 port 58464 [preauth]
Oct 13 08:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29855]: pam_unix(cron:session): session closed for user root
Oct 13 08:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25931]: pam_unix(cron:session): session closed for user root
Oct 13 08:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29852]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30277]: Did not receive identification string from 45.82.78.102
Oct 13 08:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28753]: pam_unix(cron:session): session closed for user root
Oct 13 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30427]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30433]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30434]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30432]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30427]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30599]: Successful su for rubyman by root
Oct 13 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30599]: + ??? root:rubyman
Oct 13 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403801 of user rubyman.
Oct 13 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30599]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403801.
Oct 13 08:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26509]: pam_unix(cron:session): session closed for user root
Oct 13 08:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30432]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153  user=root
Oct 13 08:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 08:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: Failed password for root from 20.127.224.153 port 49088 ssh2
Oct 13 08:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: Received disconnect from 20.127.224.153 port 49088:11: Bye Bye [preauth]
Oct 13 08:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: Disconnected from 20.127.224.153 port 49088 [preauth]
Oct 13 08:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30885]: Failed password for root from 194.182.86.152 port 43902 ssh2
Oct 13 08:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30885]: Connection closed by 194.182.86.152 port 43902 [preauth]
Oct 13 08:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29370]: pam_unix(cron:session): session closed for user root
Oct 13 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30992]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30991]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30983]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31077]: Successful su for rubyman by root
Oct 13 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31077]: + ??? root:rubyman
Oct 13 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403806 of user rubyman.
Oct 13 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31077]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403806.
Oct 13 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27244]: pam_unix(cron:session): session closed for user root
Oct 13 08:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30990]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29861]: pam_unix(cron:session): session closed for user root
Oct 13 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31502]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31503]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31499]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31698]: Successful su for rubyman by root
Oct 13 08:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31698]: + ??? root:rubyman
Oct 13 08:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403809 of user rubyman.
Oct 13 08:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31698]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403809.
Oct 13 08:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31811]: Did not receive identification string from 194.182.86.152
Oct 13 08:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: Invalid user gera from 20.127.224.153
Oct 13 08:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: input_userauth_request: invalid user gera [preauth]
Oct 13 08:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.127.224.153
Oct 13 08:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28018]: pam_unix(cron:session): session closed for user root
Oct 13 08:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: Failed password for invalid user gera from 20.127.224.153 port 50972 ssh2
Oct 13 08:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: Received disconnect from 20.127.224.153 port 50972:11: Bye Bye [preauth]
Oct 13 08:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: Disconnected from 20.127.224.153 port 50972 [preauth]
Oct 13 08:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.38.148.202  user=root
Oct 13 08:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: Failed password for root from 89.38.148.202 port 40870 ssh2
Oct 13 08:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: Connection closed by 89.38.148.202 port 40870 [preauth]
Oct 13 08:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31501]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30434]: pam_unix(cron:session): session closed for user root
Oct 13 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32100]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32098]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32092]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32096]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32346]: Successful su for rubyman by root
Oct 13 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32346]: + ??? root:rubyman
Oct 13 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403813 of user rubyman.
Oct 13 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32346]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403813.
Oct 13 08:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32092]: pam_unix(cron:session): session closed for user root
Oct 13 08:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28751]: pam_unix(cron:session): session closed for user root
Oct 13 08:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32097]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Did not receive identification string from 80.211.129.128
Oct 13 08:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30992]: pam_unix(cron:session): session closed for user root
Oct 13 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32737]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32743]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32739]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32744]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32744]: pam_unix(cron:session): session closed for user root
Oct 13 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32735]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[354]: Successful su for rubyman by root
Oct 13 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[354]: + ??? root:rubyman
Oct 13 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403820 of user rubyman.
Oct 13 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[354]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403820.
Oct 13 08:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32737]: pam_unix(cron:session): session closed for user root
Oct 13 08:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29369]: pam_unix(cron:session): session closed for user root
Oct 13 08:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32736]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31503]: pam_unix(cron:session): session closed for user root
Oct 13 08:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124  user=root
Oct 13 08:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: Failed password for root from 138.68.58.124 port 54798 ssh2
Oct 13 08:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: Connection closed by 138.68.58.124 port 54798 [preauth]
Oct 13 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[780]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[788]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[778]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[906]: Successful su for rubyman by root
Oct 13 08:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[906]: + ??? root:rubyman
Oct 13 08:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403824 of user rubyman.
Oct 13 08:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[906]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403824.
Oct 13 08:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29860]: pam_unix(cron:session): session closed for user root
Oct 13 08:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[779]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32100]: pam_unix(cron:session): session closed for user root
Oct 13 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1366]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1365]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1364]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1363]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1363]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1469]: Successful su for rubyman by root
Oct 13 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1469]: + ??? root:rubyman
Oct 13 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403829 of user rubyman.
Oct 13 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1469]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403829.
Oct 13 08:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30433]: pam_unix(cron:session): session closed for user root
Oct 13 08:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1364]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32743]: pam_unix(cron:session): session closed for user root
Oct 13 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1967]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1854]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1852]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2041]: Successful su for rubyman by root
Oct 13 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2041]: + ??? root:rubyman
Oct 13 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403834 of user rubyman.
Oct 13 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2041]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403834.
Oct 13 08:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30991]: pam_unix(cron:session): session closed for user root
Oct 13 08:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1854]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[788]: pam_unix(cron:session): session closed for user root
Oct 13 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2404]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2405]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2402]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2498]: Successful su for rubyman by root
Oct 13 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2498]: + ??? root:rubyman
Oct 13 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403836 of user rubyman.
Oct 13 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2498]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403836.
Oct 13 08:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31502]: pam_unix(cron:session): session closed for user root
Oct 13 08:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2403]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1366]: pam_unix(cron:session): session closed for user root
Oct 13 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2868]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2866]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2865]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session closed for user root
Oct 13 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2865]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2958]: Successful su for rubyman by root
Oct 13 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2958]: + ??? root:rubyman
Oct 13 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403845 of user rubyman.
Oct 13 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2958]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403845.
Oct 13 08:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2868]: pam_unix(cron:session): session closed for user root
Oct 13 08:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32098]: pam_unix(cron:session): session closed for user root
Oct 13 08:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2866]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1967]: pam_unix(cron:session): session closed for user root
Oct 13 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3365]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3366]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3358]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3447]: Successful su for rubyman by root
Oct 13 08:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3447]: + ??? root:rubyman
Oct 13 08:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403846 of user rubyman.
Oct 13 08:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3447]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403846.
Oct 13 08:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32739]: pam_unix(cron:session): session closed for user root
Oct 13 08:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3363]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 08:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: Failed password for root from 194.182.86.152 port 42464 ssh2
Oct 13 08:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3717]: Connection closed by 194.182.86.152 port 42464 [preauth]
Oct 13 08:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2405]: pam_unix(cron:session): session closed for user root
Oct 13 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3823]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3822]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3819]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3901]: Successful su for rubyman by root
Oct 13 08:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3901]: + ??? root:rubyman
Oct 13 08:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403852 of user rubyman.
Oct 13 08:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3901]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403852.
Oct 13 08:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[780]: pam_unix(cron:session): session closed for user root
Oct 13 08:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3821]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session closed for user root
Oct 13 08:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4312]: Did not receive identification string from 135.232.200.208
Oct 13 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4326]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4329]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4324]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4398]: Successful su for rubyman by root
Oct 13 08:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4398]: + ??? root:rubyman
Oct 13 08:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403855 of user rubyman.
Oct 13 08:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4398]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403855.
Oct 13 08:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1365]: pam_unix(cron:session): session closed for user root
Oct 13 08:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4325]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3366]: pam_unix(cron:session): session closed for user root
Oct 13 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4824]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4825]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4822]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4934]: Successful su for rubyman by root
Oct 13 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4934]: + ??? root:rubyman
Oct 13 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403859 of user rubyman.
Oct 13 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4934]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403859.
Oct 13 08:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 08:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session closed for user root
Oct 13 08:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5549]: Failed password for root from 194.182.86.152 port 45898 ssh2
Oct 13 08:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5549]: Connection closed by 194.182.86.152 port 45898 [preauth]
Oct 13 08:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4823]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5623]: Did not receive identification string from 135.232.200.208
Oct 13 08:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3823]: pam_unix(cron:session): session closed for user root
Oct 13 08:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: Invalid user ftpuser from 135.232.200.208
Oct 13 08:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 08:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: Failed password for invalid user ftpuser from 135.232.200.208 port 1089 ssh2
Oct 13 08:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: Received disconnect from 135.232.200.208 port 1089:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5760]: Disconnected from 135.232.200.208 port 1089 [preauth]
Oct 13 08:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Invalid user git from 135.232.200.208
Oct 13 08:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: input_userauth_request: invalid user git [preauth]
Oct 13 08:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5791]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5794]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5790]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5789]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5794]: pam_unix(cron:session): session closed for user root
Oct 13 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5787]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Failed password for invalid user git from 135.232.200.208 port 1153 ssh2
Oct 13 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Received disconnect from 135.232.200.208 port 1153:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Disconnected from 135.232.200.208 port 1153 [preauth]
Oct 13 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5882]: Successful su for rubyman by root
Oct 13 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5882]: + ??? root:rubyman
Oct 13 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403864 of user rubyman.
Oct 13 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5882]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403864.
Oct 13 08:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5789]: pam_unix(cron:session): session closed for user root
Oct 13 08:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: Invalid user oracle from 135.232.200.208
Oct 13 08:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: input_userauth_request: invalid user oracle [preauth]
Oct 13 08:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2404]: pam_unix(cron:session): session closed for user root
Oct 13 08:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: Failed password for invalid user oracle from 135.232.200.208 port 1088 ssh2
Oct 13 08:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: Received disconnect from 135.232.200.208 port 1088:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: Disconnected from 135.232.200.208 port 1088 [preauth]
Oct 13 08:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5788]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208  user=root
Oct 13 08:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: Failed password for root from 135.232.200.208 port 1153 ssh2
Oct 13 08:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: Received disconnect from 135.232.200.208 port 1153:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: Disconnected from 135.232.200.208 port 1153 [preauth]
Oct 13 08:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Invalid user ftpuser from 135.232.200.208
Oct 13 08:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 08:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Failed password for invalid user ftpuser from 135.232.200.208 port 1096 ssh2
Oct 13 08:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Received disconnect from 135.232.200.208 port 1096:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Disconnected from 135.232.200.208 port 1096 [preauth]
Oct 13 08:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4329]: pam_unix(cron:session): session closed for user root
Oct 13 08:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208  user=root
Oct 13 08:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: Failed password for root from 135.232.200.208 port 1089 ssh2
Oct 13 08:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: Received disconnect from 135.232.200.208 port 1089:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: Disconnected from 135.232.200.208 port 1089 [preauth]
Oct 13 08:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 08:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: Failed password for root from 194.182.86.152 port 53764 ssh2
Oct 13 08:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: Connection closed by 194.182.86.152 port 53764 [preauth]
Oct 13 08:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Invalid user oracle from 135.232.200.208
Oct 13 08:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: input_userauth_request: invalid user oracle [preauth]
Oct 13 08:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Failed password for invalid user oracle from 135.232.200.208 port 1027 ssh2
Oct 13 08:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Received disconnect from 135.232.200.208 port 1027:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Disconnected from 135.232.200.208 port 1027 [preauth]
Oct 13 08:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Invalid user test from 135.232.200.208
Oct 13 08:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: input_userauth_request: invalid user test [preauth]
Oct 13 08:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Failed password for invalid user test from 135.232.200.208 port 1026 ssh2
Oct 13 08:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6302]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6301]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6299]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6383]: Successful su for rubyman by root
Oct 13 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6383]: + ??? root:rubyman
Oct 13 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6383]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403868 of user rubyman.
Oct 13 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6383]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403868.
Oct 13 08:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: Invalid user ubuntu from 135.232.200.208
Oct 13 08:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 08:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: Failed password for invalid user ubuntu from 135.232.200.208 port 1026 ssh2
Oct 13 08:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6475]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session closed for user root
Oct 13 08:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6300]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: Invalid user centos from 135.232.200.208
Oct 13 08:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: input_userauth_request: invalid user centos [preauth]
Oct 13 08:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: Failed password for invalid user centos from 135.232.200.208 port 1025 ssh2
Oct 13 08:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: Received disconnect from 135.232.200.208 port 1025:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6710]: Disconnected from 135.232.200.208 port 1025 [preauth]
Oct 13 08:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: Invalid user redis from 135.232.200.208
Oct 13 08:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: input_userauth_request: invalid user redis [preauth]
Oct 13 08:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: Failed password for invalid user redis from 135.232.200.208 port 1024 ssh2
Oct 13 08:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: Received disconnect from 135.232.200.208 port 1024:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: Disconnected from 135.232.200.208 port 1024 [preauth]
Oct 13 08:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6777]: User mysql from 135.232.200.208 not allowed because not listed in AllowUsers
Oct 13 08:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6777]: input_userauth_request: invalid user mysql [preauth]
Oct 13 08:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208  user=mysql
Oct 13 08:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6777]: Failed password for invalid user mysql from 135.232.200.208 port 1024 ssh2
Oct 13 08:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6777]: Received disconnect from 135.232.200.208 port 1024:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6777]: Disconnected from 135.232.200.208 port 1024 [preauth]
Oct 13 08:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4825]: pam_unix(cron:session): session closed for user root
Oct 13 08:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Invalid user admin from 135.232.200.208
Oct 13 08:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: input_userauth_request: invalid user admin [preauth]
Oct 13 08:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Failed password for invalid user admin from 135.232.200.208 port 1026 ssh2
Oct 13 08:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: Invalid user postgres from 135.232.200.208
Oct 13 08:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: input_userauth_request: invalid user postgres [preauth]
Oct 13 08:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: Failed password for invalid user postgres from 135.232.200.208 port 1024 ssh2
Oct 13 08:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: Received disconnect from 135.232.200.208 port 1024:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6851]: Disconnected from 135.232.200.208 port 1024 [preauth]
Oct 13 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6876]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6875]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6873]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: Invalid user hadoop from 135.232.200.208
Oct 13 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6949]: Successful su for rubyman by root
Oct 13 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6949]: + ??? root:rubyman
Oct 13 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403873 of user rubyman.
Oct 13 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6949]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403873.
Oct 13 08:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: Failed password for invalid user hadoop from 135.232.200.208 port 1024 ssh2
Oct 13 08:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: Received disconnect from 135.232.200.208 port 1024:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: Disconnected from 135.232.200.208 port 1024 [preauth]
Oct 13 08:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3365]: pam_unix(cron:session): session closed for user root
Oct 13 08:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7236]: Invalid user test from 135.232.200.208
Oct 13 08:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7236]: input_userauth_request: invalid user test [preauth]
Oct 13 08:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7236]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7236]: Failed password for invalid user test from 135.232.200.208 port 1026 ssh2
Oct 13 08:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7236]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7236]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6874]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208  user=root
Oct 13 08:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: Failed password for root from 135.232.200.208 port 1024 ssh2
Oct 13 08:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: Received disconnect from 135.232.200.208 port 1024:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: Disconnected from 135.232.200.208 port 1024 [preauth]
Oct 13 08:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Invalid user oracle from 135.232.200.208
Oct 13 08:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: input_userauth_request: invalid user oracle [preauth]
Oct 13 08:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Failed password for invalid user oracle from 135.232.200.208 port 1024 ssh2
Oct 13 08:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Received disconnect from 135.232.200.208 port 1024:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Disconnected from 135.232.200.208 port 1024 [preauth]
Oct 13 08:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5791]: pam_unix(cron:session): session closed for user root
Oct 13 08:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208  user=root
Oct 13 08:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7398]: Failed password for root from 135.232.200.208 port 1024 ssh2
Oct 13 08:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7398]: Received disconnect from 135.232.200.208 port 1024:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7398]: Disconnected from 135.232.200.208 port 1024 [preauth]
Oct 13 08:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: Invalid user demo from 135.232.200.208
Oct 13 08:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: input_userauth_request: invalid user demo [preauth]
Oct 13 08:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: Failed password for invalid user demo from 135.232.200.208 port 1024 ssh2
Oct 13 08:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: Received disconnect from 135.232.200.208 port 1024:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: Disconnected from 135.232.200.208 port 1024 [preauth]
Oct 13 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7455]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7456]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7453]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: Invalid user testuser from 135.232.200.208
Oct 13 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: input_userauth_request: invalid user testuser [preauth]
Oct 13 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7523]: Successful su for rubyman by root
Oct 13 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7523]: + ??? root:rubyman
Oct 13 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403876 of user rubyman.
Oct 13 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7523]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403876.
Oct 13 08:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: Failed password for invalid user testuser from 135.232.200.208 port 1024 ssh2
Oct 13 08:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: Received disconnect from 135.232.200.208 port 1024:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7444]: Disconnected from 135.232.200.208 port 1024 [preauth]
Oct 13 08:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3822]: pam_unix(cron:session): session closed for user root
Oct 13 08:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7719]: Invalid user redhat from 135.232.200.208
Oct 13 08:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7719]: input_userauth_request: invalid user redhat [preauth]
Oct 13 08:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7719]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7719]: Failed password for invalid user redhat from 135.232.200.208 port 1024 ssh2
Oct 13 08:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7719]: Received disconnect from 135.232.200.208 port 1024:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7719]: Disconnected from 135.232.200.208 port 1024 [preauth]
Oct 13 08:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7454]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7782]: Invalid user minecraft from 135.232.200.208
Oct 13 08:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7782]: input_userauth_request: invalid user minecraft [preauth]
Oct 13 08:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7782]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7782]: Failed password for invalid user minecraft from 135.232.200.208 port 1026 ssh2
Oct 13 08:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7782]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7782]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7814]: Invalid user uftp from 135.232.200.208
Oct 13 08:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7814]: input_userauth_request: invalid user uftp [preauth]
Oct 13 08:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7814]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7814]: Failed password for invalid user uftp from 135.232.200.208 port 1026 ssh2
Oct 13 08:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7814]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7814]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6302]: pam_unix(cron:session): session closed for user root
Oct 13 08:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: Invalid user postgres from 135.232.200.208
Oct 13 08:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: input_userauth_request: invalid user postgres [preauth]
Oct 13 08:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: Failed password for invalid user postgres from 135.232.200.208 port 1026 ssh2
Oct 13 08:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8309]: Invalid user jenkins from 135.232.200.208
Oct 13 08:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8309]: input_userauth_request: invalid user jenkins [preauth]
Oct 13 08:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8309]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8309]: Failed password for invalid user jenkins from 135.232.200.208 port 1026 ssh2
Oct 13 08:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8309]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8309]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: Invalid user redis from 164.68.105.9
Oct 13 08:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: input_userauth_request: invalid user redis [preauth]
Oct 13 08:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 08:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8346]: Invalid user ftpuser from 135.232.200.208
Oct 13 08:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8346]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 08:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8346]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: Failed password for invalid user redis from 164.68.105.9 port 37928 ssh2
Oct 13 08:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: Connection closed by 164.68.105.9 port 37928 [preauth]
Oct 13 08:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8346]: Failed password for invalid user ftpuser from 135.232.200.208 port 1030 ssh2
Oct 13 08:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8346]: Received disconnect from 135.232.200.208 port 1030:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8346]: Disconnected from 135.232.200.208 port 1030 [preauth]
Oct 13 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8365]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8366]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8364]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8363]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8363]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8445]: Successful su for rubyman by root
Oct 13 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8445]: + ??? root:rubyman
Oct 13 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403882 of user rubyman.
Oct 13 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8445]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403882.
Oct 13 08:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8539]: Invalid user nagios from 135.232.200.208
Oct 13 08:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8539]: input_userauth_request: invalid user nagios [preauth]
Oct 13 08:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8539]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8539]: Failed password for invalid user nagios from 135.232.200.208 port 1026 ssh2
Oct 13 08:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8539]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8539]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4326]: pam_unix(cron:session): session closed for user root
Oct 13 08:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: Invalid user apps from 135.232.200.208
Oct 13 08:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: input_userauth_request: invalid user apps [preauth]
Oct 13 08:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8364]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: Failed password for invalid user apps from 135.232.200.208 port 1026 ssh2
Oct 13 08:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 08:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8670]: Failed password for root from 80.211.129.128 port 57218 ssh2
Oct 13 08:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8670]: Connection closed by 80.211.129.128 port 57218 [preauth]
Oct 13 08:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8715]: User mysql from 135.232.200.208 not allowed because not listed in AllowUsers
Oct 13 08:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8715]: input_userauth_request: invalid user mysql [preauth]
Oct 13 08:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208  user=mysql
Oct 13 08:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8715]: Failed password for invalid user mysql from 135.232.200.208 port 1024 ssh2
Oct 13 08:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8715]: Received disconnect from 135.232.200.208 port 1024:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8715]: Disconnected from 135.232.200.208 port 1024 [preauth]
Oct 13 08:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: Invalid user hadoop from 135.232.200.208
Oct 13 08:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 08:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: Failed password for invalid user hadoop from 135.232.200.208 port 1025 ssh2
Oct 13 08:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: Received disconnect from 135.232.200.208 port 1025:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: Disconnected from 135.232.200.208 port 1025 [preauth]
Oct 13 08:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6876]: pam_unix(cron:session): session closed for user root
Oct 13 08:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8900]: Invalid user deployer from 135.232.200.208
Oct 13 08:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8900]: input_userauth_request: invalid user deployer [preauth]
Oct 13 08:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8900]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8900]: Failed password for invalid user deployer from 135.232.200.208 port 1028 ssh2
Oct 13 08:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8900]: Received disconnect from 135.232.200.208 port 1028:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8900]: Disconnected from 135.232.200.208 port 1028 [preauth]
Oct 13 08:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: Invalid user uftp from 135.232.200.208
Oct 13 08:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: input_userauth_request: invalid user uftp [preauth]
Oct 13 08:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: Failed password for invalid user uftp from 135.232.200.208 port 1026 ssh2
Oct 13 08:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8940]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: Invalid user git from 135.232.200.208
Oct 13 08:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: input_userauth_request: invalid user git [preauth]
Oct 13 08:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8980]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8969]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8970]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8971]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8980]: pam_unix(cron:session): session closed for user root
Oct 13 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8967]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: Failed password for invalid user git from 135.232.200.208 port 1026 ssh2
Oct 13 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9060]: Successful su for rubyman by root
Oct 13 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9060]: + ??? root:rubyman
Oct 13 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403885 of user rubyman.
Oct 13 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9060]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403885.
Oct 13 08:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8969]: pam_unix(cron:session): session closed for user root
Oct 13 08:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4824]: pam_unix(cron:session): session closed for user root
Oct 13 08:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: Invalid user oracle from 135.232.200.208
Oct 13 08:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: input_userauth_request: invalid user oracle [preauth]
Oct 13 08:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: Failed password for invalid user oracle from 135.232.200.208 port 1027 ssh2
Oct 13 08:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: Received disconnect from 135.232.200.208 port 1027:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9338]: Disconnected from 135.232.200.208 port 1027 [preauth]
Oct 13 08:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8968]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: Invalid user deploy from 135.232.200.208
Oct 13 08:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: input_userauth_request: invalid user deploy [preauth]
Oct 13 08:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: Failed password for invalid user deploy from 135.232.200.208 port 1025 ssh2
Oct 13 08:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: Received disconnect from 135.232.200.208 port 1025:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: Disconnected from 135.232.200.208 port 1025 [preauth]
Oct 13 08:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: Invalid user redis from 135.232.200.208
Oct 13 08:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: input_userauth_request: invalid user redis [preauth]
Oct 13 08:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: Failed password for invalid user redis from 135.232.200.208 port 1024 ssh2
Oct 13 08:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: Received disconnect from 135.232.200.208 port 1024:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: Disconnected from 135.232.200.208 port 1024 [preauth]
Oct 13 08:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7456]: pam_unix(cron:session): session closed for user root
Oct 13 08:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: User mysql from 135.232.200.208 not allowed because not listed in AllowUsers
Oct 13 08:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: input_userauth_request: invalid user mysql [preauth]
Oct 13 08:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208  user=mysql
Oct 13 08:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: Failed password for invalid user mysql from 135.232.200.208 port 1025 ssh2
Oct 13 08:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: Received disconnect from 135.232.200.208 port 1025:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9541]: Disconnected from 135.232.200.208 port 1025 [preauth]
Oct 13 08:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208  user=root
Oct 13 08:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9585]: Failed password for root from 135.232.200.208 port 1026 ssh2
Oct 13 08:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9585]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9585]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: Bad protocol version identification '\026\003\001' from 195.178.110.15 port 57858
Oct 13 08:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: Bad protocol version identification 'GET / HTTP/1.1' from 195.178.110.15 port 57860
Oct 13 08:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: Invalid user apache from 135.232.200.208
Oct 13 08:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: input_userauth_request: invalid user apache [preauth]
Oct 13 08:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: Failed password for invalid user apache from 135.232.200.208 port 1024 ssh2
Oct 13 08:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: Received disconnect from 135.232.200.208 port 1024:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: Disconnected from 135.232.200.208 port 1024 [preauth]
Oct 13 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9638]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9640]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9639]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9637]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9637]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9840]: Successful su for rubyman by root
Oct 13 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9840]: + ??? root:rubyman
Oct 13 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403890 of user rubyman.
Oct 13 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9840]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403890.
Oct 13 08:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9921]: Invalid user dev from 135.232.200.208
Oct 13 08:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9921]: input_userauth_request: invalid user dev [preauth]
Oct 13 08:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9921]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9921]: Failed password for invalid user dev from 135.232.200.208 port 1026 ssh2
Oct 13 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9921]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9921]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5790]: pam_unix(cron:session): session closed for user root
Oct 13 08:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10060]: Invalid user dev from 135.232.200.208
Oct 13 08:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10060]: input_userauth_request: invalid user dev [preauth]
Oct 13 08:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10060]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10060]: Failed password for invalid user dev from 135.232.200.208 port 1025 ssh2
Oct 13 08:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9638]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10060]: Received disconnect from 135.232.200.208 port 1025:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10060]: Disconnected from 135.232.200.208 port 1025 [preauth]
Oct 13 08:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Invalid user ftpuser from 135.232.200.208
Oct 13 08:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 08:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Failed password for invalid user ftpuser from 135.232.200.208 port 1025 ssh2
Oct 13 08:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Received disconnect from 135.232.200.208 port 1025:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Disconnected from 135.232.200.208 port 1025 [preauth]
Oct 13 08:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: Invalid user hadoop from 135.232.200.208
Oct 13 08:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 08:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Invalid user user from 2.57.121.112
Oct 13 08:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: input_userauth_request: invalid user user [preauth]
Oct 13 08:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: Failed password for invalid user hadoop from 135.232.200.208 port 1026 ssh2
Oct 13 08:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10147]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Failed password for invalid user user from 2.57.121.112 port 63947 ssh2
Oct 13 08:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8366]: pam_unix(cron:session): session closed for user root
Oct 13 08:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Failed password for invalid user user from 2.57.121.112 port 63947 ssh2
Oct 13 08:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Failed password for invalid user user from 2.57.121.112 port 63947 ssh2
Oct 13 08:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: Invalid user oracle from 135.232.200.208
Oct 13 08:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: input_userauth_request: invalid user oracle [preauth]
Oct 13 08:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Failed password for invalid user user from 2.57.121.112 port 63947 ssh2
Oct 13 08:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: Failed password for invalid user oracle from 135.232.200.208 port 1025 ssh2
Oct 13 08:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: Received disconnect from 135.232.200.208 port 1025:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: Disconnected from 135.232.200.208 port 1025 [preauth]
Oct 13 08:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Failed password for invalid user user from 2.57.121.112 port 63947 ssh2
Oct 13 08:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Received disconnect from 2.57.121.112 port 63947:11: Bye [preauth]
Oct 13 08:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Disconnected from 2.57.121.112 port 63947 [preauth]
Oct 13 08:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 08:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 08:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208  user=root
Oct 13 08:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: Failed password for root from 135.232.200.208 port 1026 ssh2
Oct 13 08:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10247]: Invalid user ts3 from 135.232.200.208
Oct 13 08:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10247]: input_userauth_request: invalid user ts3 [preauth]
Oct 13 08:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10247]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10247]: Failed password for invalid user ts3 from 135.232.200.208 port 1025 ssh2
Oct 13 08:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10247]: Received disconnect from 135.232.200.208 port 1025:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10247]: Disconnected from 135.232.200.208 port 1025 [preauth]
Oct 13 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10268]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10269]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10264]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10350]: Successful su for rubyman by root
Oct 13 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10350]: + ??? root:rubyman
Oct 13 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403895 of user rubyman.
Oct 13 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10350]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403895.
Oct 13 08:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: User mysql from 135.232.200.208 not allowed because not listed in AllowUsers
Oct 13 08:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: input_userauth_request: invalid user mysql [preauth]
Oct 13 08:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208  user=mysql
Oct 13 08:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6301]: pam_unix(cron:session): session closed for user root
Oct 13 08:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: Failed password for invalid user mysql from 135.232.200.208 port 1026 ssh2
Oct 13 08:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Invalid user teamspeak from 135.232.200.208
Oct 13 08:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: input_userauth_request: invalid user teamspeak [preauth]
Oct 13 08:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10266]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Failed password for invalid user teamspeak from 135.232.200.208 port 1030 ssh2
Oct 13 08:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Received disconnect from 135.232.200.208 port 1030:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Disconnected from 135.232.200.208 port 1030 [preauth]
Oct 13 08:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: Invalid user oracle from 135.232.200.208
Oct 13 08:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: input_userauth_request: invalid user oracle [preauth]
Oct 13 08:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: Failed password for invalid user oracle from 135.232.200.208 port 1025 ssh2
Oct 13 08:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: Received disconnect from 135.232.200.208 port 1025:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10616]: Disconnected from 135.232.200.208 port 1025 [preauth]
Oct 13 08:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: Invalid user app from 135.232.200.208
Oct 13 08:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: input_userauth_request: invalid user app [preauth]
Oct 13 08:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: Failed password for invalid user app from 135.232.200.208 port 1026 ssh2
Oct 13 08:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8971]: pam_unix(cron:session): session closed for user root
Oct 13 08:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: Invalid user weblogic from 135.232.200.208
Oct 13 08:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: input_userauth_request: invalid user weblogic [preauth]
Oct 13 08:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: Failed password for invalid user weblogic from 135.232.200.208 port 1027 ssh2
Oct 13 08:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: Received disconnect from 135.232.200.208 port 1027:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10711]: Disconnected from 135.232.200.208 port 1027 [preauth]
Oct 13 08:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10746]: Invalid user data from 135.232.200.208
Oct 13 08:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10746]: input_userauth_request: invalid user data [preauth]
Oct 13 08:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10746]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10746]: Failed password for invalid user data from 135.232.200.208 port 1025 ssh2
Oct 13 08:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10746]: Received disconnect from 135.232.200.208 port 1025:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10746]: Disconnected from 135.232.200.208 port 1025 [preauth]
Oct 13 08:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208  user=root
Oct 13 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10774]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10772]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10775]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10771]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10771]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10859]: Successful su for rubyman by root
Oct 13 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10859]: + ??? root:rubyman
Oct 13 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403899 of user rubyman.
Oct 13 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10859]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403899.
Oct 13 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Failed password for root from 135.232.200.208 port 1026 ssh2
Oct 13 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6875]: pam_unix(cron:session): session closed for user root
Oct 13 08:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11017]: Invalid user test from 135.232.200.208
Oct 13 08:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11017]: input_userauth_request: invalid user test [preauth]
Oct 13 08:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11017]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11017]: Failed password for invalid user test from 135.232.200.208 port 1025 ssh2
Oct 13 08:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11017]: Received disconnect from 135.232.200.208 port 1025:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11017]: Disconnected from 135.232.200.208 port 1025 [preauth]
Oct 13 08:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10772]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: Invalid user test from 135.232.200.208
Oct 13 08:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: input_userauth_request: invalid user test [preauth]
Oct 13 08:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: Failed password for invalid user test from 135.232.200.208 port 1026 ssh2
Oct 13 08:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Invalid user git from 135.232.200.208
Oct 13 08:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: input_userauth_request: invalid user git [preauth]
Oct 13 08:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Failed password for invalid user git from 135.232.200.208 port 1025 ssh2
Oct 13 08:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Received disconnect from 135.232.200.208 port 1025:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Disconnected from 135.232.200.208 port 1025 [preauth]
Oct 13 08:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11148]: Invalid user xguest from 135.232.200.208
Oct 13 08:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11148]: input_userauth_request: invalid user xguest [preauth]
Oct 13 08:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11148]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11148]: Failed password for invalid user xguest from 135.232.200.208 port 1027 ssh2
Oct 13 08:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11148]: Received disconnect from 135.232.200.208 port 1027:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11148]: Disconnected from 135.232.200.208 port 1027 [preauth]
Oct 13 08:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9640]: pam_unix(cron:session): session closed for user root
Oct 13 08:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Invalid user testuser from 135.232.200.208
Oct 13 08:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: input_userauth_request: invalid user testuser [preauth]
Oct 13 08:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Failed password for invalid user testuser from 135.232.200.208 port 1025 ssh2
Oct 13 08:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Received disconnect from 135.232.200.208 port 1025:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Disconnected from 135.232.200.208 port 1025 [preauth]
Oct 13 08:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: Invalid user nginx from 135.232.200.208
Oct 13 08:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: input_userauth_request: invalid user nginx [preauth]
Oct 13 08:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: Failed password for invalid user nginx from 135.232.200.208 port 1027 ssh2
Oct 13 08:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: Received disconnect from 135.232.200.208 port 1027:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: Disconnected from 135.232.200.208 port 1027 [preauth]
Oct 13 08:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Invalid user redis from 135.232.200.208
Oct 13 08:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: input_userauth_request: invalid user redis [preauth]
Oct 13 08:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11257]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11258]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11254]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11253]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11253]: pam_unix(cron:session): session closed for user p13x
Oct 13 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11332]: Successful su for rubyman by root
Oct 13 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11332]: + ??? root:rubyman
Oct 13 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403903 of user rubyman.
Oct 13 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11332]: pam_unix(su:session): session closed for user rubyman
Oct 13 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403903.
Oct 13 08:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Failed password for invalid user redis from 135.232.200.208 port 1025 ssh2
Oct 13 08:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Received disconnect from 135.232.200.208 port 1025:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Disconnected from 135.232.200.208 port 1025 [preauth]
Oct 13 08:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7455]: pam_unix(cron:session): session closed for user root
Oct 13 08:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: Invalid user postgres from 135.232.200.208
Oct 13 08:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: input_userauth_request: invalid user postgres [preauth]
Oct 13 08:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: Failed password for invalid user postgres from 135.232.200.208 port 1027 ssh2
Oct 13 08:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: Received disconnect from 135.232.200.208 port 1027:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: Disconnected from 135.232.200.208 port 1027 [preauth]
Oct 13 08:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11254]: pam_unix(cron:session): session closed for user samftp
Oct 13 08:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: Invalid user git from 135.232.200.208
Oct 13 08:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: input_userauth_request: invalid user git [preauth]
Oct 13 08:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: Failed password for invalid user git from 135.232.200.208 port 1026 ssh2
Oct 13 08:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: Invalid user ali from 135.232.200.208
Oct 13 08:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: input_userauth_request: invalid user ali [preauth]
Oct 13 08:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: Failed password for invalid user ali from 135.232.200.208 port 1025 ssh2
Oct 13 08:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: Received disconnect from 135.232.200.208 port 1025:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: Disconnected from 135.232.200.208 port 1025 [preauth]
Oct 13 08:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208  user=root
Oct 13 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: Failed password for root from 135.232.200.208 port 1025 ssh2
Oct 13 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: Received disconnect from 135.232.200.208 port 1025:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11651]: Disconnected from 135.232.200.208 port 1025 [preauth]
Oct 13 08:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10269]: pam_unix(cron:session): session closed for user root
Oct 13 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11772]: Invalid user git from 135.232.200.208
Oct 13 08:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11772]: input_userauth_request: invalid user git [preauth]
Oct 13 08:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11772]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11772]: Failed password for invalid user git from 135.232.200.208 port 1026 ssh2
Oct 13 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11772]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11772]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: Invalid user redhat from 135.232.200.208
Oct 13 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: input_userauth_request: invalid user redhat [preauth]
Oct 13 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 08:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: Failed password for invalid user redhat from 135.232.200.208 port 1026 ssh2
Oct 13 08:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 08:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11828]: Invalid user xguest from 135.232.200.208
Oct 13 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11828]: input_userauth_request: invalid user xguest [preauth]
Oct 13 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11828]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11851]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11852]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11850]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11848]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11848]: pam_unix(cron:session): session closed for user root
Oct 13 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11852]: pam_unix(cron:session): session closed for user root
Oct 13 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11844]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11828]: Failed password for invalid user xguest from 135.232.200.208 port 1027 ssh2
Oct 13 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11828]: Received disconnect from 135.232.200.208 port 1027:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11828]: Disconnected from 135.232.200.208 port 1027 [preauth]
Oct 13 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[11965]: Successful su for rubyman by root
Oct 13 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[11965]: + ??? root:rubyman
Oct 13 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[11965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403906 of user rubyman.
Oct 13 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[11965]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403906.
Oct 13 09:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8365]: pam_unix(cron:session): session closed for user root
Oct 13 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208  user=root
Oct 13 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session closed for user root
Oct 13 09:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12117]: Failed password for root from 135.232.200.208 port 1024 ssh2
Oct 13 09:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12117]: Received disconnect from 135.232.200.208 port 1024:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 09:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12117]: Disconnected from 135.232.200.208 port 1024 [preauth]
Oct 13 09:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: Invalid user xguest from 135.232.200.208
Oct 13 09:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: input_userauth_request: invalid user xguest [preauth]
Oct 13 09:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11845]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: Failed password for invalid user xguest from 135.232.200.208 port 1026 ssh2
Oct 13 09:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 09:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: Invalid user cacti from 135.232.200.208
Oct 13 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: input_userauth_request: invalid user cacti [preauth]
Oct 13 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: Failed password for invalid user cacti from 135.232.200.208 port 1027 ssh2
Oct 13 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: Received disconnect from 135.232.200.208 port 1027:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: Disconnected from 135.232.200.208 port 1027 [preauth]
Oct 13 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12339]: Invalid user redis from 135.232.200.208
Oct 13 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12339]: input_userauth_request: invalid user redis [preauth]
Oct 13 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12339]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 09:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10775]: pam_unix(cron:session): session closed for user root
Oct 13 09:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12339]: Failed password for invalid user redis from 135.232.200.208 port 1026 ssh2
Oct 13 09:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12339]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 09:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12339]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 09:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12353]: Failed password for root from 194.182.86.152 port 40096 ssh2
Oct 13 09:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12353]: Connection closed by 194.182.86.152 port 40096 [preauth]
Oct 13 09:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: Invalid user dev from 135.232.200.208
Oct 13 09:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: input_userauth_request: invalid user dev [preauth]
Oct 13 09:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: Failed password for invalid user dev from 135.232.200.208 port 1024 ssh2
Oct 13 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: Received disconnect from 135.232.200.208 port 1024:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: Disconnected from 135.232.200.208 port 1024 [preauth]
Oct 13 09:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Invalid user git from 135.232.200.208
Oct 13 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: input_userauth_request: invalid user git [preauth]
Oct 13 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 09:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Failed password for invalid user git from 135.232.200.208 port 1027 ssh2
Oct 13 09:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Received disconnect from 135.232.200.208 port 1027:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 09:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Disconnected from 135.232.200.208 port 1027 [preauth]
Oct 13 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12450]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12451]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12448]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: Invalid user ftpuser from 135.232.200.208
Oct 13 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12540]: Successful su for rubyman by root
Oct 13 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12540]: + ??? root:rubyman
Oct 13 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403914 of user rubyman.
Oct 13 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12540]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403914.
Oct 13 09:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: Failed password for invalid user ftpuser from 135.232.200.208 port 1026 ssh2
Oct 13 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12537]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 09:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8970]: pam_unix(cron:session): session closed for user root
Oct 13 09:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: Invalid user postgres from 135.232.200.208
Oct 13 09:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: input_userauth_request: invalid user postgres [preauth]
Oct 13 09:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 09:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: Failed password for invalid user postgres from 135.232.200.208 port 1026 ssh2
Oct 13 09:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 09:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 09:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12449]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Invalid user tomcat from 135.232.200.208
Oct 13 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: input_userauth_request: invalid user tomcat [preauth]
Oct 13 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Failed password for invalid user tomcat from 135.232.200.208 port 1026 ssh2
Oct 13 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: Invalid user deploy from 135.232.200.208
Oct 13 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: input_userauth_request: invalid user deploy [preauth]
Oct 13 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 09:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: Failed password for invalid user deploy from 135.232.200.208 port 1027 ssh2
Oct 13 09:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: Received disconnect from 135.232.200.208 port 1027:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 09:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: Disconnected from 135.232.200.208 port 1027 [preauth]
Oct 13 09:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11258]: pam_unix(cron:session): session closed for user root
Oct 13 09:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: Invalid user guest from 135.232.200.208
Oct 13 09:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: input_userauth_request: invalid user guest [preauth]
Oct 13 09:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 09:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: Failed password for invalid user guest from 135.232.200.208 port 1026 ssh2
Oct 13 09:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: Received disconnect from 135.232.200.208 port 1026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 09:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12888]: Disconnected from 135.232.200.208 port 1026 [preauth]
Oct 13 09:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: Invalid user test from 135.232.200.208
Oct 13 09:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: input_userauth_request: invalid user test [preauth]
Oct 13 09:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 09:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: Failed password for invalid user test from 135.232.200.208 port 1024 ssh2
Oct 13 09:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: Received disconnect from 135.232.200.208 port 1024:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 09:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: Disconnected from 135.232.200.208 port 1024 [preauth]
Oct 13 09:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: Invalid user kafaka from 135.232.200.208
Oct 13 09:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: input_userauth_request: invalid user kafaka [preauth]
Oct 13 09:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=135.232.200.208
Oct 13 09:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: Failed password for invalid user kafaka from 135.232.200.208 port 1024 ssh2
Oct 13 09:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: Received disconnect from 135.232.200.208 port 1024:11: Normal Shutdown, Thank you for playing [preauth]
Oct 13 09:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: Disconnected from 135.232.200.208 port 1024 [preauth]
Oct 13 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12979]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12978]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12974]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13065]: Successful su for rubyman by root
Oct 13 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13065]: + ??? root:rubyman
Oct 13 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403917 of user rubyman.
Oct 13 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13065]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403917.
Oct 13 09:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9639]: pam_unix(cron:session): session closed for user root
Oct 13 09:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12975]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11851]: pam_unix(cron:session): session closed for user root
Oct 13 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13570]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13571]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13565]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13636]: Successful su for rubyman by root
Oct 13 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13636]: + ??? root:rubyman
Oct 13 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13636]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403921 of user rubyman.
Oct 13 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13636]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403921.
Oct 13 09:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Invalid user oracle from 193.32.162.151
Oct 13 09:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: input_userauth_request: invalid user oracle [preauth]
Oct 13 09:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 13 09:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10268]: pam_unix(cron:session): session closed for user root
Oct 13 09:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Failed password for invalid user oracle from 193.32.162.151 port 38604 ssh2
Oct 13 09:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Connection closed by 193.32.162.151 port 38604 [preauth]
Oct 13 09:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13566]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12451]: pam_unix(cron:session): session closed for user root
Oct 13 09:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 09:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: Failed password for root from 194.182.86.152 port 46276 ssh2
Oct 13 09:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: Connection closed by 194.182.86.152 port 46276 [preauth]
Oct 13 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14130]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14129]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14127]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14202]: Successful su for rubyman by root
Oct 13 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14202]: + ??? root:rubyman
Oct 13 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403926 of user rubyman.
Oct 13 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14202]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403926.
Oct 13 09:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: Invalid user ac from 40.83.182.122
Oct 13 09:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: input_userauth_request: invalid user ac [preauth]
Oct 13 09:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: Failed password for invalid user ac from 40.83.182.122 port 59670 ssh2
Oct 13 09:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: Received disconnect from 40.83.182.122 port 59670:11: Bye Bye [preauth]
Oct 13 09:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: Disconnected from 40.83.182.122 port 59670 [preauth]
Oct 13 09:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10774]: pam_unix(cron:session): session closed for user root
Oct 13 09:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14128]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12979]: pam_unix(cron:session): session closed for user root
Oct 13 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14582]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14581]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14583]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14580]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14583]: pam_unix(cron:session): session closed for user root
Oct 13 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14578]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14653]: Successful su for rubyman by root
Oct 13 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14653]: + ??? root:rubyman
Oct 13 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14653]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403932 of user rubyman.
Oct 13 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14653]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403932.
Oct 13 09:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14580]: pam_unix(cron:session): session closed for user root
Oct 13 09:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11257]: pam_unix(cron:session): session closed for user root
Oct 13 09:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14579]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13571]: pam_unix(cron:session): session closed for user root
Oct 13 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15172]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15174]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15169]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15250]: Successful su for rubyman by root
Oct 13 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15250]: + ??? root:rubyman
Oct 13 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403936 of user rubyman.
Oct 13 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15250]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403936.
Oct 13 09:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11850]: pam_unix(cron:session): session closed for user root
Oct 13 09:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15171]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122  user=root
Oct 13 09:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: Failed password for root from 40.83.182.122 port 60080 ssh2
Oct 13 09:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: Received disconnect from 40.83.182.122 port 60080:11: Bye Bye [preauth]
Oct 13 09:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15515]: Disconnected from 40.83.182.122 port 60080 [preauth]
Oct 13 09:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14130]: pam_unix(cron:session): session closed for user root
Oct 13 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15630]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15631]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15628]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15704]: Successful su for rubyman by root
Oct 13 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15704]: + ??? root:rubyman
Oct 13 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403940 of user rubyman.
Oct 13 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15704]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403940.
Oct 13 09:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12450]: pam_unix(cron:session): session closed for user root
Oct 13 09:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15629]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14582]: pam_unix(cron:session): session closed for user root
Oct 13 09:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16071]: Invalid user 1 from 40.83.182.122
Oct 13 09:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16071]: input_userauth_request: invalid user 1 [preauth]
Oct 13 09:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16071]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16071]: Failed password for invalid user 1 from 40.83.182.122 port 36692 ssh2
Oct 13 09:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16071]: Received disconnect from 40.83.182.122 port 36692:11: Bye Bye [preauth]
Oct 13 09:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16071]: Disconnected from 40.83.182.122 port 36692 [preauth]
Oct 13 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16088]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16087]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16085]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16157]: Successful su for rubyman by root
Oct 13 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16157]: + ??? root:rubyman
Oct 13 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403943 of user rubyman.
Oct 13 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16157]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403943.
Oct 13 09:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12978]: pam_unix(cron:session): session closed for user root
Oct 13 09:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16086]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15174]: pam_unix(cron:session): session closed for user root
Oct 13 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16555]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16554]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16550]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16552]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16727]: Successful su for rubyman by root
Oct 13 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16727]: + ??? root:rubyman
Oct 13 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403948 of user rubyman.
Oct 13 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16727]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403948.
Oct 13 09:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16550]: pam_unix(cron:session): session closed for user root
Oct 13 09:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13570]: pam_unix(cron:session): session closed for user root
Oct 13 09:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16553]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.160.96  user=root
Oct 13 09:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16993]: Failed password for root from 94.177.160.96 port 44080 ssh2
Oct 13 09:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16993]: Connection closed by 94.177.160.96 port 44080 [preauth]
Oct 13 09:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: Invalid user maks from 40.83.182.122
Oct 13 09:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: input_userauth_request: invalid user maks [preauth]
Oct 13 09:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: Failed password for invalid user maks from 40.83.182.122 port 44850 ssh2
Oct 13 09:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: Received disconnect from 40.83.182.122 port 44850:11: Bye Bye [preauth]
Oct 13 09:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: Disconnected from 40.83.182.122 port 44850 [preauth]
Oct 13 09:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15631]: pam_unix(cron:session): session closed for user root
Oct 13 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17134]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17138]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17137]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17136]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17138]: pam_unix(cron:session): session closed for user root
Oct 13 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17132]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Invalid user oracle from 193.32.162.151
Oct 13 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: input_userauth_request: invalid user oracle [preauth]
Oct 13 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 13 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17220]: Successful su for rubyman by root
Oct 13 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17220]: + ??? root:rubyman
Oct 13 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403956 of user rubyman.
Oct 13 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17220]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403956.
Oct 13 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Failed password for invalid user oracle from 193.32.162.151 port 33288 ssh2
Oct 13 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Connection closed by 193.32.162.151 port 33288 [preauth]
Oct 13 09:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17134]: pam_unix(cron:session): session closed for user root
Oct 13 09:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14129]: pam_unix(cron:session): session closed for user root
Oct 13 09:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17133]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 09:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: Failed password for root from 194.182.86.152 port 56980 ssh2
Oct 13 09:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17530]: Connection closed by 194.182.86.152 port 56980 [preauth]
Oct 13 09:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16088]: pam_unix(cron:session): session closed for user root
Oct 13 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17623]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17624]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17621]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17620]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17620]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17722]: Successful su for rubyman by root
Oct 13 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17722]: + ??? root:rubyman
Oct 13 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403958 of user rubyman.
Oct 13 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17722]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403958.
Oct 13 09:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: Invalid user reboot from 40.83.182.122
Oct 13 09:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: input_userauth_request: invalid user reboot [preauth]
Oct 13 09:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: Failed password for invalid user reboot from 40.83.182.122 port 48616 ssh2
Oct 13 09:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: Received disconnect from 40.83.182.122 port 48616:11: Bye Bye [preauth]
Oct 13 09:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: Disconnected from 40.83.182.122 port 48616 [preauth]
Oct 13 09:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14581]: pam_unix(cron:session): session closed for user root
Oct 13 09:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17621]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16555]: pam_unix(cron:session): session closed for user root
Oct 13 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18303]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18302]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18299]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18479]: Successful su for rubyman by root
Oct 13 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18479]: + ??? root:rubyman
Oct 13 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403963 of user rubyman.
Oct 13 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18479]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403963.
Oct 13 09:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15172]: pam_unix(cron:session): session closed for user root
Oct 13 09:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18300]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: Invalid user wireguard from 40.83.182.122
Oct 13 09:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: input_userauth_request: invalid user wireguard [preauth]
Oct 13 09:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: Failed password for invalid user wireguard from 40.83.182.122 port 47430 ssh2
Oct 13 09:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: Received disconnect from 40.83.182.122 port 47430:11: Bye Bye [preauth]
Oct 13 09:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: Disconnected from 40.83.182.122 port 47430 [preauth]
Oct 13 09:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17137]: pam_unix(cron:session): session closed for user root
Oct 13 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18904]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18903]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18901]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19089]: Successful su for rubyman by root
Oct 13 09:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19089]: + ??? root:rubyman
Oct 13 09:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403966 of user rubyman.
Oct 13 09:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19089]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403966.
Oct 13 09:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15630]: pam_unix(cron:session): session closed for user root
Oct 13 09:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: Invalid user hsi from 190.103.202.7
Oct 13 09:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: input_userauth_request: invalid user hsi [preauth]
Oct 13 09:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 13 09:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: Failed password for invalid user hsi from 190.103.202.7 port 50164 ssh2
Oct 13 09:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: Connection closed by 190.103.202.7 port 50164 [preauth]
Oct 13 09:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18902]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17624]: pam_unix(cron:session): session closed for user root
Oct 13 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19816]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19827]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19813]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19919]: Successful su for rubyman by root
Oct 13 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19919]: + ??? root:rubyman
Oct 13 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403970 of user rubyman.
Oct 13 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19919]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403970.
Oct 13 09:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16087]: pam_unix(cron:session): session closed for user root
Oct 13 09:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20138]: Invalid user admin from 40.83.182.122
Oct 13 09:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20138]: input_userauth_request: invalid user admin [preauth]
Oct 13 09:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20138]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20138]: Failed password for invalid user admin from 40.83.182.122 port 45256 ssh2
Oct 13 09:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20138]: Received disconnect from 40.83.182.122 port 45256:11: Bye Bye [preauth]
Oct 13 09:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20138]: Disconnected from 40.83.182.122 port 45256 [preauth]
Oct 13 09:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19814]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 09:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20167]: Failed password for root from 194.182.86.152 port 59148 ssh2
Oct 13 09:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20167]: Connection closed by 194.182.86.152 port 59148 [preauth]
Oct 13 09:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 13 09:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: Failed password for root from 164.68.105.9 port 33326 ssh2
Oct 13 09:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: Connection closed by 164.68.105.9 port 33326 [preauth]
Oct 13 09:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18303]: pam_unix(cron:session): session closed for user root
Oct 13 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20371]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20373]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20375]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20372]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20375]: pam_unix(cron:session): session closed for user root
Oct 13 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20366]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20454]: Successful su for rubyman by root
Oct 13 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20454]: + ??? root:rubyman
Oct 13 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403975 of user rubyman.
Oct 13 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20454]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403975.
Oct 13 09:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20371]: pam_unix(cron:session): session closed for user root
Oct 13 09:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16554]: pam_unix(cron:session): session closed for user root
Oct 13 09:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20368]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18904]: pam_unix(cron:session): session closed for user root
Oct 13 09:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20844]: Invalid user slave from 40.83.182.122
Oct 13 09:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20844]: input_userauth_request: invalid user slave [preauth]
Oct 13 09:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20844]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20844]: Failed password for invalid user slave from 40.83.182.122 port 38482 ssh2
Oct 13 09:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20844]: Received disconnect from 40.83.182.122 port 38482:11: Bye Bye [preauth]
Oct 13 09:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20844]: Disconnected from 40.83.182.122 port 38482 [preauth]
Oct 13 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20874]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20875]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20870]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20949]: Successful su for rubyman by root
Oct 13 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20949]: + ??? root:rubyman
Oct 13 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403981 of user rubyman.
Oct 13 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20949]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403981.
Oct 13 09:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17136]: pam_unix(cron:session): session closed for user root
Oct 13 09:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20872]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19827]: pam_unix(cron:session): session closed for user root
Oct 13 09:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21385]: Invalid user hadoop from 193.32.162.151
Oct 13 09:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21385]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 09:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21385]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 13 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21385]: Failed password for invalid user hadoop from 193.32.162.151 port 58456 ssh2
Oct 13 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21397]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21398]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21392]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21392]: pam_unix(cron:session): session closed for user root
Oct 13 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21395]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21385]: Connection closed by 193.32.162.151 port 58456 [preauth]
Oct 13 09:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21478]: Successful su for rubyman by root
Oct 13 09:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21478]: + ??? root:rubyman
Oct 13 09:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403985 of user rubyman.
Oct 13 09:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21478]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403985.
Oct 13 09:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17623]: pam_unix(cron:session): session closed for user root
Oct 13 09:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21396]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21731]: Did not receive identification string from 80.211.129.128
Oct 13 09:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: Invalid user upload from 40.83.182.122
Oct 13 09:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: input_userauth_request: invalid user upload [preauth]
Oct 13 09:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: Failed password for invalid user upload from 40.83.182.122 port 58800 ssh2
Oct 13 09:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: Received disconnect from 40.83.182.122 port 58800:11: Bye Bye [preauth]
Oct 13 09:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: Disconnected from 40.83.182.122 port 58800 [preauth]
Oct 13 09:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20373]: pam_unix(cron:session): session closed for user root
Oct 13 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21886]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21884]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21883]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21882]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21947]: Successful su for rubyman by root
Oct 13 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21947]: + ??? root:rubyman
Oct 13 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21947]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403990 of user rubyman.
Oct 13 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21947]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403990.
Oct 13 09:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18302]: pam_unix(cron:session): session closed for user root
Oct 13 09:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21883]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20875]: pam_unix(cron:session): session closed for user root
Oct 13 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22376]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22375]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22374]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22373]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22373]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22448]: Successful su for rubyman by root
Oct 13 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22448]: + ??? root:rubyman
Oct 13 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 403993 of user rubyman.
Oct 13 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22448]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 403993.
Oct 13 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: Invalid user luna from 40.83.182.122
Oct 13 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: input_userauth_request: invalid user luna [preauth]
Oct 13 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: Failed password for invalid user luna from 40.83.182.122 port 49746 ssh2
Oct 13 09:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: Received disconnect from 40.83.182.122 port 49746:11: Bye Bye [preauth]
Oct 13 09:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: Disconnected from 40.83.182.122 port 49746 [preauth]
Oct 13 09:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18903]: pam_unix(cron:session): session closed for user root
Oct 13 09:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22374]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 09:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22933]: Failed password for root from 194.182.86.152 port 50084 ssh2
Oct 13 09:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22933]: Connection closed by 194.182.86.152 port 50084 [preauth]
Oct 13 09:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21398]: pam_unix(cron:session): session closed for user root
Oct 13 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23132]: Did not receive identification string from 80.211.129.128
Oct 13 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23204]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23201]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23202]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23195]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23204]: pam_unix(cron:session): session closed for user root
Oct 13 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23193]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23301]: Successful su for rubyman by root
Oct 13 09:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23301]: + ??? root:rubyman
Oct 13 09:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23301]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404000 of user rubyman.
Oct 13 09:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23301]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404000.
Oct 13 09:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23195]: pam_unix(cron:session): session closed for user root
Oct 13 09:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19816]: pam_unix(cron:session): session closed for user root
Oct 13 09:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23194]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: Invalid user user from 62.60.131.157
Oct 13 09:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: input_userauth_request: invalid user user [preauth]
Oct 13 09:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 09:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: Failed password for invalid user user from 62.60.131.157 port 27473 ssh2
Oct 13 09:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: Failed password for invalid user user from 62.60.131.157 port 27473 ssh2
Oct 13 09:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: Failed password for invalid user user from 62.60.131.157 port 27473 ssh2
Oct 13 09:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: Failed password for invalid user user from 62.60.131.157 port 27473 ssh2
Oct 13 09:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: Failed password for invalid user user from 62.60.131.157 port 27473 ssh2
Oct 13 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: Received disconnect from 62.60.131.157 port 27473:11: Bye [preauth]
Oct 13 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: Disconnected from 62.60.131.157 port 27473 [preauth]
Oct 13 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 09:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21886]: pam_unix(cron:session): session closed for user root
Oct 13 09:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122  user=root
Oct 13 09:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23991]: Failed password for root from 40.83.182.122 port 57282 ssh2
Oct 13 09:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23991]: Received disconnect from 40.83.182.122 port 57282:11: Bye Bye [preauth]
Oct 13 09:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23991]: Disconnected from 40.83.182.122 port 57282 [preauth]
Oct 13 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24072]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24073]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24066]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24170]: Successful su for rubyman by root
Oct 13 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24170]: + ??? root:rubyman
Oct 13 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404004 of user rubyman.
Oct 13 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24170]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404004.
Oct 13 09:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20372]: pam_unix(cron:session): session closed for user root
Oct 13 09:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24067]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22376]: pam_unix(cron:session): session closed for user root
Oct 13 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24612]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24611]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24608]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24689]: Successful su for rubyman by root
Oct 13 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24689]: + ??? root:rubyman
Oct 13 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404007 of user rubyman.
Oct 13 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24689]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404007.
Oct 13 09:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20874]: pam_unix(cron:session): session closed for user root
Oct 13 09:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24610]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122  user=root
Oct 13 09:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: Failed password for root from 40.83.182.122 port 41874 ssh2
Oct 13 09:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: Received disconnect from 40.83.182.122 port 41874:11: Bye Bye [preauth]
Oct 13 09:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: Disconnected from 40.83.182.122 port 41874 [preauth]
Oct 13 09:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23202]: pam_unix(cron:session): session closed for user root
Oct 13 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25103]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25104]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25096]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25193]: Successful su for rubyman by root
Oct 13 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25193]: + ??? root:rubyman
Oct 13 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404012 of user rubyman.
Oct 13 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25193]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404012.
Oct 13 09:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21397]: pam_unix(cron:session): session closed for user root
Oct 13 09:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25097]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25675]: Did not receive identification string from 176.65.148.44
Oct 13 09:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24073]: pam_unix(cron:session): session closed for user root
Oct 13 09:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122  user=root
Oct 13 09:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: Invalid user hadoop from 193.32.162.151
Oct 13 09:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 09:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 13 09:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: Failed password for root from 40.83.182.122 port 49296 ssh2
Oct 13 09:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: Received disconnect from 40.83.182.122 port 49296:11: Bye Bye [preauth]
Oct 13 09:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: Disconnected from 40.83.182.122 port 49296 [preauth]
Oct 13 09:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: Failed password for invalid user hadoop from 193.32.162.151 port 54468 ssh2
Oct 13 09:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: Connection closed by 193.32.162.151 port 54468 [preauth]
Oct 13 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25899]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25901]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25897]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25983]: Successful su for rubyman by root
Oct 13 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25983]: + ??? root:rubyman
Oct 13 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404017 of user rubyman.
Oct 13 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25983]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404017.
Oct 13 09:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21884]: pam_unix(cron:session): session closed for user root
Oct 13 09:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25898]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24612]: pam_unix(cron:session): session closed for user root
Oct 13 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26392]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26390]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26386]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26391]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26392]: pam_unix(cron:session): session closed for user root
Oct 13 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26383]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26555]: Successful su for rubyman by root
Oct 13 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26555]: + ??? root:rubyman
Oct 13 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404024 of user rubyman.
Oct 13 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26555]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404024.
Oct 13 09:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26386]: pam_unix(cron:session): session closed for user root
Oct 13 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.171.177  user=root
Oct 13 09:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22375]: pam_unix(cron:session): session closed for user root
Oct 13 09:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: Failed password for root from 94.177.171.177 port 54010 ssh2
Oct 13 09:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: Connection closed by 94.177.171.177 port 54010 [preauth]
Oct 13 09:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26385]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: Invalid user alia from 2.57.121.112
Oct 13 09:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: input_userauth_request: invalid user alia [preauth]
Oct 13 09:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 09:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: Failed password for invalid user alia from 2.57.121.112 port 64410 ssh2
Oct 13 09:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: Failed password for invalid user alia from 2.57.121.112 port 64410 ssh2
Oct 13 09:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26923]: Invalid user administrador from 40.83.182.122
Oct 13 09:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26923]: input_userauth_request: invalid user administrador [preauth]
Oct 13 09:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26923]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: Failed password for invalid user alia from 2.57.121.112 port 64410 ssh2
Oct 13 09:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26923]: Failed password for invalid user administrador from 40.83.182.122 port 51240 ssh2
Oct 13 09:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26923]: Received disconnect from 40.83.182.122 port 51240:11: Bye Bye [preauth]
Oct 13 09:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26923]: Disconnected from 40.83.182.122 port 51240 [preauth]
Oct 13 09:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: Failed password for invalid user alia from 2.57.121.112 port 64410 ssh2
Oct 13 09:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: Failed password for invalid user alia from 2.57.121.112 port 64410 ssh2
Oct 13 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: Received disconnect from 2.57.121.112 port 64410:11: Bye [preauth]
Oct 13 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: Disconnected from 2.57.121.112 port 64410 [preauth]
Oct 13 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 09:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25104]: pam_unix(cron:session): session closed for user root
Oct 13 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27216]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27217]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27214]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27288]: Successful su for rubyman by root
Oct 13 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27288]: + ??? root:rubyman
Oct 13 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404026 of user rubyman.
Oct 13 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27288]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404026.
Oct 13 09:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23201]: pam_unix(cron:session): session closed for user root
Oct 13 09:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27215]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25901]: pam_unix(cron:session): session closed for user root
Oct 13 09:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27982]: Invalid user unaih from 40.83.182.122
Oct 13 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27982]: input_userauth_request: invalid user unaih [preauth]
Oct 13 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27982]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27991]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27992]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27989]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28067]: Successful su for rubyman by root
Oct 13 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28067]: + ??? root:rubyman
Oct 13 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27982]: Failed password for invalid user unaih from 40.83.182.122 port 50432 ssh2
Oct 13 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27982]: Received disconnect from 40.83.182.122 port 50432:11: Bye Bye [preauth]
Oct 13 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27982]: Disconnected from 40.83.182.122 port 50432 [preauth]
Oct 13 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404029 of user rubyman.
Oct 13 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28067]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404029.
Oct 13 09:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24072]: pam_unix(cron:session): session closed for user root
Oct 13 09:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27990]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26391]: pam_unix(cron:session): session closed for user root
Oct 13 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28690]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28689]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28633]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28769]: Successful su for rubyman by root
Oct 13 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28769]: + ??? root:rubyman
Oct 13 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404034 of user rubyman.
Oct 13 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28769]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404034.
Oct 13 09:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24611]: pam_unix(cron:session): session closed for user root
Oct 13 09:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28687]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 09:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: Failed password for root from 194.182.86.152 port 42240 ssh2
Oct 13 09:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: Connection closed by 194.182.86.152 port 42240 [preauth]
Oct 13 09:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122  user=root
Oct 13 09:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27217]: pam_unix(cron:session): session closed for user root
Oct 13 09:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: Failed password for root from 40.83.182.122 port 47980 ssh2
Oct 13 09:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: Received disconnect from 40.83.182.122 port 47980:11: Bye Bye [preauth]
Oct 13 09:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: Disconnected from 40.83.182.122 port 47980 [preauth]
Oct 13 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29312]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29314]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29310]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29387]: Successful su for rubyman by root
Oct 13 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29387]: + ??? root:rubyman
Oct 13 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404038 of user rubyman.
Oct 13 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29387]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404038.
Oct 13 09:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25103]: pam_unix(cron:session): session closed for user root
Oct 13 09:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29311]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27992]: pam_unix(cron:session): session closed for user root
Oct 13 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29792]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29794]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29795]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29791]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29789]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29795]: pam_unix(cron:session): session closed for user root
Oct 13 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29789]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29900]: Successful su for rubyman by root
Oct 13 09:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29900]: + ??? root:rubyman
Oct 13 09:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404042 of user rubyman.
Oct 13 09:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29900]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404042.
Oct 13 09:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29791]: pam_unix(cron:session): session closed for user root
Oct 13 09:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25899]: pam_unix(cron:session): session closed for user root
Oct 13 09:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: Invalid user fs from 40.83.182.122
Oct 13 09:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: input_userauth_request: invalid user fs [preauth]
Oct 13 09:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: Failed password for invalid user fs from 40.83.182.122 port 34144 ssh2
Oct 13 09:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: Received disconnect from 40.83.182.122 port 34144:11: Bye Bye [preauth]
Oct 13 09:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: Disconnected from 40.83.182.122 port 34144 [preauth]
Oct 13 09:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: Did not receive identification string from 80.211.129.128
Oct 13 09:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29790]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28690]: pam_unix(cron:session): session closed for user root
Oct 13 09:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: Invalid user hadoop from 193.32.162.151
Oct 13 09:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 09:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 13 09:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: Failed password for invalid user hadoop from 193.32.162.151 port 48306 ssh2
Oct 13 09:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: Connection closed by 193.32.162.151 port 48306 [preauth]
Oct 13 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30378]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30379]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30375]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30512]: Successful su for rubyman by root
Oct 13 09:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30512]: + ??? root:rubyman
Oct 13 09:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404049 of user rubyman.
Oct 13 09:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30512]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404049.
Oct 13 09:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26390]: pam_unix(cron:session): session closed for user root
Oct 13 09:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30376]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.201.227  user=root
Oct 13 09:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: Failed password for root from 80.211.201.227 port 60882 ssh2
Oct 13 09:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: Connection closed by 80.211.201.227 port 60882 [preauth]
Oct 13 09:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29314]: pam_unix(cron:session): session closed for user root
Oct 13 09:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30898]: Invalid user manisha from 40.83.182.122
Oct 13 09:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30898]: input_userauth_request: invalid user manisha [preauth]
Oct 13 09:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30898]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30898]: Failed password for invalid user manisha from 40.83.182.122 port 48594 ssh2
Oct 13 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30898]: Received disconnect from 40.83.182.122 port 48594:11: Bye Bye [preauth]
Oct 13 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30898]: Disconnected from 40.83.182.122 port 48594 [preauth]
Oct 13 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30933]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30934]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30930]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31016]: Successful su for rubyman by root
Oct 13 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31016]: + ??? root:rubyman
Oct 13 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404052 of user rubyman.
Oct 13 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31016]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404052.
Oct 13 09:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27216]: pam_unix(cron:session): session closed for user root
Oct 13 09:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30931]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29794]: pam_unix(cron:session): session closed for user root
Oct 13 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31411]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31413]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31407]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31650]: Successful su for rubyman by root
Oct 13 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31650]: + ??? root:rubyman
Oct 13 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404055 of user rubyman.
Oct 13 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31650]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404055.
Oct 13 09:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27991]: pam_unix(cron:session): session closed for user root
Oct 13 09:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31410]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: Invalid user grid from 40.83.182.122
Oct 13 09:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: input_userauth_request: invalid user grid [preauth]
Oct 13 09:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: Failed password for invalid user grid from 40.83.182.122 port 59782 ssh2
Oct 13 09:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: Received disconnect from 40.83.182.122 port 59782:11: Bye Bye [preauth]
Oct 13 09:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: Disconnected from 40.83.182.122 port 59782 [preauth]
Oct 13 09:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30379]: pam_unix(cron:session): session closed for user root
Oct 13 09:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 09:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31979]: Failed password for root from 194.182.86.152 port 46334 ssh2
Oct 13 09:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31979]: Connection closed by 194.182.86.152 port 46334 [preauth]
Oct 13 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32036]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32034]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32031]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32122]: Successful su for rubyman by root
Oct 13 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32122]: + ??? root:rubyman
Oct 13 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404059 of user rubyman.
Oct 13 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32122]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404059.
Oct 13 09:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28689]: pam_unix(cron:session): session closed for user root
Oct 13 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32396]: Failed password for root from 194.182.86.152 port 37434 ssh2
Oct 13 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32396]: Connection closed by 194.182.86.152 port 37434 [preauth]
Oct 13 09:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32032]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30934]: pam_unix(cron:session): session closed for user root
Oct 13 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32569]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32568]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32571]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32570]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32571]: pam_unix(cron:session): session closed for user root
Oct 13 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32566]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: Invalid user ads from 40.83.182.122
Oct 13 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: input_userauth_request: invalid user ads [preauth]
Oct 13 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32657]: Successful su for rubyman by root
Oct 13 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32657]: + ??? root:rubyman
Oct 13 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404067 of user rubyman.
Oct 13 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32657]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404067.
Oct 13 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: Failed password for invalid user ads from 40.83.182.122 port 60654 ssh2
Oct 13 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: Received disconnect from 40.83.182.122 port 60654:11: Bye Bye [preauth]
Oct 13 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32643]: Disconnected from 40.83.182.122 port 60654 [preauth]
Oct 13 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32568]: pam_unix(cron:session): session closed for user root
Oct 13 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29312]: pam_unix(cron:session): session closed for user root
Oct 13 09:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32567]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31413]: pam_unix(cron:session): session closed for user root
Oct 13 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[611]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[612]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[609]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[696]: Successful su for rubyman by root
Oct 13 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[696]: + ??? root:rubyman
Oct 13 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404069 of user rubyman.
Oct 13 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[696]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404069.
Oct 13 09:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29792]: pam_unix(cron:session): session closed for user root
Oct 13 09:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[610]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: User ftp from 62.60.131.157 not allowed because not listed in AllowUsers
Oct 13 09:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: input_userauth_request: invalid user ftp [preauth]
Oct 13 09:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=ftp
Oct 13 09:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32036]: pam_unix(cron:session): session closed for user root
Oct 13 09:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: Failed password for invalid user ftp from 62.60.131.157 port 62984 ssh2
Oct 13 09:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: Failed password for invalid user ftp from 62.60.131.157 port 62984 ssh2
Oct 13 09:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: Invalid user user62 from 40.83.182.122
Oct 13 09:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: input_userauth_request: invalid user user62 [preauth]
Oct 13 09:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: Failed password for invalid user ftp from 62.60.131.157 port 62984 ssh2
Oct 13 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: Failed password for invalid user user62 from 40.83.182.122 port 50874 ssh2
Oct 13 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: Received disconnect from 40.83.182.122 port 50874:11: Bye Bye [preauth]
Oct 13 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1140]: Disconnected from 40.83.182.122 port 50874 [preauth]
Oct 13 09:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: Failed password for invalid user ftp from 62.60.131.157 port 62984 ssh2
Oct 13 09:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: Failed password for invalid user ftp from 62.60.131.157 port 62984 ssh2
Oct 13 09:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: Received disconnect from 62.60.131.157 port 62984:11: Bye [preauth]
Oct 13 09:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: Disconnected from 62.60.131.157 port 62984 [preauth]
Oct 13 09:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=ftp
Oct 13 09:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1098]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 09:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: Invalid user admin from 2.57.121.112
Oct 13 09:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: input_userauth_request: invalid user admin [preauth]
Oct 13 09:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: Failed password for invalid user admin from 2.57.121.112 port 45464 ssh2
Oct 13 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: Failed password for invalid user admin from 2.57.121.112 port 45464 ssh2
Oct 13 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1195]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1194]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1192]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: Failed password for invalid user admin from 2.57.121.112 port 45464 ssh2
Oct 13 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1270]: Successful su for rubyman by root
Oct 13 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1270]: + ??? root:rubyman
Oct 13 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404073 of user rubyman.
Oct 13 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1270]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404073.
Oct 13 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: Failed password for invalid user admin from 2.57.121.112 port 45464 ssh2
Oct 13 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: Failed password for invalid user admin from 2.57.121.112 port 45464 ssh2
Oct 13 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: Received disconnect from 2.57.121.112 port 45464:11: Bye [preauth]
Oct 13 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: Disconnected from 2.57.121.112 port 45464 [preauth]
Oct 13 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1180]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 09:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30378]: pam_unix(cron:session): session closed for user root
Oct 13 09:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1193]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32570]: pam_unix(cron:session): session closed for user root
Oct 13 09:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1672]: Invalid user hadoop from 193.32.162.151
Oct 13 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1672]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1672]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 13 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1672]: Failed password for invalid user hadoop from 193.32.162.151 port 39800 ssh2
Oct 13 09:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1672]: Connection closed by 193.32.162.151 port 39800 [preauth]
Oct 13 09:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: Failed password for root from 194.182.86.152 port 56282 ssh2
Oct 13 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: Connection closed by 194.182.86.152 port 56282 [preauth]
Oct 13 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1710]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1705]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1789]: Successful su for rubyman by root
Oct 13 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1789]: + ??? root:rubyman
Oct 13 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404077 of user rubyman.
Oct 13 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1789]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404077.
Oct 13 09:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30933]: pam_unix(cron:session): session closed for user root
Oct 13 09:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1706]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: Invalid user applmgr from 40.83.182.122
Oct 13 09:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: input_userauth_request: invalid user applmgr [preauth]
Oct 13 09:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: Failed password for invalid user applmgr from 40.83.182.122 port 47620 ssh2
Oct 13 09:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: Received disconnect from 40.83.182.122 port 47620:11: Bye Bye [preauth]
Oct 13 09:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: Disconnected from 40.83.182.122 port 47620 [preauth]
Oct 13 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[612]: pam_unix(cron:session): session closed for user root
Oct 13 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2283]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2282]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2280]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2277]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2280]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2452]: Successful su for rubyman by root
Oct 13 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2452]: + ??? root:rubyman
Oct 13 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404082 of user rubyman.
Oct 13 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2452]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404082.
Oct 13 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2277]: pam_unix(cron:session): session closed for user root
Oct 13 09:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31411]: pam_unix(cron:session): session closed for user root
Oct 13 09:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2281]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2695]: Did not receive identification string from 80.211.129.128
Oct 13 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1195]: pam_unix(cron:session): session closed for user root
Oct 13 09:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122  user=root
Oct 13 09:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2806]: Failed password for root from 40.83.182.122 port 51066 ssh2
Oct 13 09:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2806]: Received disconnect from 40.83.182.122 port 51066:11: Bye Bye [preauth]
Oct 13 09:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2806]: Disconnected from 40.83.182.122 port 51066 [preauth]
Oct 13 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2828]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2826]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2824]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2825]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2828]: pam_unix(cron:session): session closed for user root
Oct 13 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2821]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2914]: Successful su for rubyman by root
Oct 13 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2914]: + ??? root:rubyman
Oct 13 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404089 of user rubyman.
Oct 13 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2914]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404089.
Oct 13 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2824]: pam_unix(cron:session): session closed for user root
Oct 13 09:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32034]: pam_unix(cron:session): session closed for user root
Oct 13 09:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2822]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1710]: pam_unix(cron:session): session closed for user root
Oct 13 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3317]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3318]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3314]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3406]: Successful su for rubyman by root
Oct 13 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3406]: + ??? root:rubyman
Oct 13 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404095 of user rubyman.
Oct 13 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3406]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404095.
Oct 13 09:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32569]: pam_unix(cron:session): session closed for user root
Oct 13 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3316]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3676]: Invalid user punit from 40.83.182.122
Oct 13 09:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3676]: input_userauth_request: invalid user punit [preauth]
Oct 13 09:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3676]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3676]: Failed password for invalid user punit from 40.83.182.122 port 32824 ssh2
Oct 13 09:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3676]: Received disconnect from 40.83.182.122 port 32824:11: Bye Bye [preauth]
Oct 13 09:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3676]: Disconnected from 40.83.182.122 port 32824 [preauth]
Oct 13 09:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2283]: pam_unix(cron:session): session closed for user root
Oct 13 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3782]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3780]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3778]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3854]: Successful su for rubyman by root
Oct 13 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3854]: + ??? root:rubyman
Oct 13 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404099 of user rubyman.
Oct 13 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3854]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404099.
Oct 13 09:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[611]: pam_unix(cron:session): session closed for user root
Oct 13 09:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3779]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2826]: pam_unix(cron:session): session closed for user root
Oct 13 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4286]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4287]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4282]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4351]: Successful su for rubyman by root
Oct 13 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4351]: + ??? root:rubyman
Oct 13 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404100 of user rubyman.
Oct 13 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4351]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404100.
Oct 13 09:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1194]: pam_unix(cron:session): session closed for user root
Oct 13 09:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4554]: Invalid user sascha from 40.83.182.122
Oct 13 09:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4554]: input_userauth_request: invalid user sascha [preauth]
Oct 13 09:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4554]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4554]: Failed password for invalid user sascha from 40.83.182.122 port 36242 ssh2
Oct 13 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4554]: Received disconnect from 40.83.182.122 port 36242:11: Bye Bye [preauth]
Oct 13 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4554]: Disconnected from 40.83.182.122 port 36242 [preauth]
Oct 13 09:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4283]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3318]: pam_unix(cron:session): session closed for user root
Oct 13 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4781]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4780]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4778]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4848]: Successful su for rubyman by root
Oct 13 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4848]: + ??? root:rubyman
Oct 13 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404104 of user rubyman.
Oct 13 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4848]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404104.
Oct 13 09:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session closed for user root
Oct 13 09:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4779]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3782]: pam_unix(cron:session): session closed for user root
Oct 13 09:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: Invalid user centos from 40.83.182.122
Oct 13 09:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: input_userauth_request: invalid user centos [preauth]
Oct 13 09:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: Failed password for invalid user centos from 40.83.182.122 port 57120 ssh2
Oct 13 09:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: Received disconnect from 40.83.182.122 port 57120:11: Bye Bye [preauth]
Oct 13 09:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: Disconnected from 40.83.182.122 port 57120 [preauth]
Oct 13 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5742]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5743]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5739]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5740]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5737]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5743]: pam_unix(cron:session): session closed for user root
Oct 13 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5737]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5828]: Successful su for rubyman by root
Oct 13 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5828]: + ??? root:rubyman
Oct 13 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404109 of user rubyman.
Oct 13 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5828]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404109.
Oct 13 09:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5739]: pam_unix(cron:session): session closed for user root
Oct 13 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2282]: pam_unix(cron:session): session closed for user root
Oct 13 09:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5738]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4287]: pam_unix(cron:session): session closed for user root
Oct 13 09:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: Invalid user admin from 2.57.121.25
Oct 13 09:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: input_userauth_request: invalid user admin [preauth]
Oct 13 09:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 09:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: Failed password for invalid user admin from 2.57.121.25 port 44864 ssh2
Oct 13 09:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: Failed password for invalid user admin from 2.57.121.25 port 44864 ssh2
Oct 13 09:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: Failed password for invalid user admin from 2.57.121.25 port 44864 ssh2
Oct 13 09:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: Failed password for invalid user admin from 2.57.121.25 port 44864 ssh2
Oct 13 09:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: Failed password for invalid user admin from 2.57.121.25 port 44864 ssh2
Oct 13 09:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: Received disconnect from 2.57.121.25 port 44864:11: Bye [preauth]
Oct 13 09:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: Disconnected from 2.57.121.25 port 44864 [preauth]
Oct 13 09:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 09:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6186]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6235]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6237]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6234]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6232]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6232]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6312]: Successful su for rubyman by root
Oct 13 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6312]: + ??? root:rubyman
Oct 13 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6312]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404115 of user rubyman.
Oct 13 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6312]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404115.
Oct 13 09:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2825]: pam_unix(cron:session): session closed for user root
Oct 13 09:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6234]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 09:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: Failed password for root from 194.182.86.152 port 42698 ssh2
Oct 13 09:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: Connection closed by 194.182.86.152 port 42698 [preauth]
Oct 13 09:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6592]: Invalid user automation from 40.83.182.122
Oct 13 09:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6592]: input_userauth_request: invalid user automation [preauth]
Oct 13 09:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6592]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: Invalid user ubuntu from 20.163.71.109
Oct 13 09:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 09:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 13 09:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6592]: Failed password for invalid user automation from 40.83.182.122 port 58776 ssh2
Oct 13 09:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6592]: Received disconnect from 40.83.182.122 port 58776:11: Bye Bye [preauth]
Oct 13 09:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6592]: Disconnected from 40.83.182.122 port 58776 [preauth]
Oct 13 09:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: Failed password for invalid user ubuntu from 20.163.71.109 port 49212 ssh2
Oct 13 09:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: Connection closed by 20.163.71.109 port 49212 [preauth]
Oct 13 09:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4781]: pam_unix(cron:session): session closed for user root
Oct 13 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6809]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6808]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6807]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6806]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6806]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6878]: Successful su for rubyman by root
Oct 13 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6878]: + ??? root:rubyman
Oct 13 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6878]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404119 of user rubyman.
Oct 13 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6878]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404119.
Oct 13 09:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3317]: pam_unix(cron:session): session closed for user root
Oct 13 09:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6807]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5742]: pam_unix(cron:session): session closed for user root
Oct 13 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7350]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7346]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7344]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122  user=root
Oct 13 09:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7439]: Successful su for rubyman by root
Oct 13 09:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7439]: + ??? root:rubyman
Oct 13 09:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7439]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404124 of user rubyman.
Oct 13 09:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7439]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404124.
Oct 13 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: Failed password for root from 40.83.182.122 port 36852 ssh2
Oct 13 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: Received disconnect from 40.83.182.122 port 36852:11: Bye Bye [preauth]
Oct 13 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: Disconnected from 40.83.182.122 port 36852 [preauth]
Oct 13 09:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3780]: pam_unix(cron:session): session closed for user root
Oct 13 09:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7345]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: Did not receive identification string from 80.211.129.128
Oct 13 09:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6237]: pam_unix(cron:session): session closed for user root
Oct 13 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7825]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7823]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7820]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8321]: Successful su for rubyman by root
Oct 13 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8321]: + ??? root:rubyman
Oct 13 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404126 of user rubyman.
Oct 13 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8321]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404126.
Oct 13 09:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4286]: pam_unix(cron:session): session closed for user root
Oct 13 09:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7822]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 09:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:101.36.97.80
Oct 13 09:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6809]: pam_unix(cron:session): session closed for user root
Oct 13 09:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122  user=root
Oct 13 09:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: Failed password for root from 40.83.182.122 port 51544 ssh2
Oct 13 09:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: Received disconnect from 40.83.182.122 port 51544:11: Bye Bye [preauth]
Oct 13 09:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: Disconnected from 40.83.182.122 port 51544 [preauth]
Oct 13 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8876]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8873]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8874]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8872]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8876]: pam_unix(cron:session): session closed for user root
Oct 13 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8870]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8955]: Successful su for rubyman by root
Oct 13 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8955]: + ??? root:rubyman
Oct 13 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404130 of user rubyman.
Oct 13 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8955]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404130.
Oct 13 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 09:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8941]: Failed password for root from 194.182.86.152 port 45712 ssh2
Oct 13 09:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8941]: Connection closed by 194.182.86.152 port 45712 [preauth]
Oct 13 09:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8872]: pam_unix(cron:session): session closed for user root
Oct 13 09:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4780]: pam_unix(cron:session): session closed for user root
Oct 13 09:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8871]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7350]: pam_unix(cron:session): session closed for user root
Oct 13 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9509]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9510]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9507]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9595]: Successful su for rubyman by root
Oct 13 09:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9595]: + ??? root:rubyman
Oct 13 09:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404137 of user rubyman.
Oct 13 09:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9595]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404137.
Oct 13 09:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5740]: pam_unix(cron:session): session closed for user root
Oct 13 09:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: Invalid user venus from 40.83.182.122
Oct 13 09:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: input_userauth_request: invalid user venus [preauth]
Oct 13 09:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: Failed password for invalid user venus from 40.83.182.122 port 53748 ssh2
Oct 13 09:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: Received disconnect from 40.83.182.122 port 53748:11: Bye Bye [preauth]
Oct 13 09:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: Disconnected from 40.83.182.122 port 53748 [preauth]
Oct 13 09:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9508]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10032]: Did not receive identification string from 80.211.129.128
Oct 13 09:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7825]: pam_unix(cron:session): session closed for user root
Oct 13 09:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: Connection reset by 205.210.31.97 port 63386 [preauth]
Oct 13 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10120]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10119]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10117]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10214]: Successful su for rubyman by root
Oct 13 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10214]: + ??? root:rubyman
Oct 13 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404140 of user rubyman.
Oct 13 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10214]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404140.
Oct 13 09:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.242.58.84  user=root
Oct 13 09:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: Failed password for root from 47.242.58.84 port 47404 ssh2
Oct 13 09:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6235]: pam_unix(cron:session): session closed for user root
Oct 13 09:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: Failed password for root from 47.242.58.84 port 47404 ssh2
Oct 13 09:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: message repeated 2 times: [ Failed password for root from 47.242.58.84 port 47404 ssh2]
Oct 13 09:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: Disconnecting: Change of username or service not allowed: (root,ssh-connection) -> (test,ssh-connection) [preauth]
Oct 13 09:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.242.58.84  user=root
Oct 13 09:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: PAM service(sshd) ignoring max retries; 4 > 3
Oct 13 09:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10118]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Invalid user test from 47.242.58.84
Oct 13 09:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: input_userauth_request: invalid user test [preauth]
Oct 13 09:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.242.58.84
Oct 13 09:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Failed password for invalid user test from 47.242.58.84 port 47412 ssh2
Oct 13 09:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Failed password for invalid user test from 47.242.58.84 port 47412 ssh2
Oct 13 09:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: Did not receive identification string from 80.211.129.128
Oct 13 09:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Disconnecting: Change of username or service not allowed: (test,ssh-connection) -> (dev,ssh-connection) [preauth]
Oct 13 09:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.242.58.84
Oct 13 09:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: Invalid user dev from 47.242.58.84
Oct 13 09:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: input_userauth_request: invalid user dev [preauth]
Oct 13 09:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.242.58.84
Oct 13 09:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: Failed password for invalid user dev from 47.242.58.84 port 53398 ssh2
Oct 13 09:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: Failed password for invalid user dev from 47.242.58.84 port 53398 ssh2
Oct 13 09:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: Disconnecting: Change of username or service not allowed: (dev,ssh-connection) -> (ubuntu,ssh-connection) [preauth]
Oct 13 09:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10489]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.242.58.84
Oct 13 09:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: Invalid user ubuntu from 47.242.58.84
Oct 13 09:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 09:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.242.58.84
Oct 13 09:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: Failed password for invalid user ubuntu from 47.242.58.84 port 46904 ssh2
Oct 13 09:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8874]: pam_unix(cron:session): session closed for user root
Oct 13 09:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: Failed password for invalid user ubuntu from 47.242.58.84 port 46904 ssh2
Oct 13 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: Invalid user mohammad from 40.83.182.122
Oct 13 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: input_userauth_request: invalid user mohammad [preauth]
Oct 13 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
Oct 13 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: Connection closed by 47.242.58.84 port 46904 [preauth]
Oct 13 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10541]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.242.58.84
Oct 13 09:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: Failed password for invalid user mohammad from 40.83.182.122 port 33660 ssh2
Oct 13 09:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: Received disconnect from 40.83.182.122 port 33660:11: Bye Bye [preauth]
Oct 13 09:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: Disconnected from 40.83.182.122 port 33660 [preauth]
Oct 13 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10627]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10626]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10619]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10700]: Successful su for rubyman by root
Oct 13 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10700]: + ??? root:rubyman
Oct 13 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404144 of user rubyman.
Oct 13 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10700]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404144.
Oct 13 09:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6808]: pam_unix(cron:session): session closed for user root
Oct 13 09:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 13 09:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: Failed password for root from 164.68.105.9 port 56340 ssh2
Oct 13 09:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10620]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: Connection closed by 164.68.105.9 port 56340 [preauth]
Oct 13 09:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9510]: pam_unix(cron:session): session closed for user root
Oct 13 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11082]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11081]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11078]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11157]: Successful su for rubyman by root
Oct 13 09:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11157]: + ??? root:rubyman
Oct 13 09:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404148 of user rubyman.
Oct 13 09:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11157]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404148.
Oct 13 09:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7346]: pam_unix(cron:session): session closed for user root
Oct 13 09:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11080]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122  user=root
Oct 13 09:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11406]: Failed password for root from 40.83.182.122 port 53450 ssh2
Oct 13 09:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11406]: Received disconnect from 40.83.182.122 port 53450:11: Bye Bye [preauth]
Oct 13 09:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11406]: Disconnected from 40.83.182.122 port 53450 [preauth]
Oct 13 09:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10120]: pam_unix(cron:session): session closed for user root
Oct 13 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11545]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11543]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11541]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11542]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11545]: pam_unix(cron:session): session closed for user root
Oct 13 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11539]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11646]: Successful su for rubyman by root
Oct 13 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11646]: + ??? root:rubyman
Oct 13 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404154 of user rubyman.
Oct 13 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11646]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404154.
Oct 13 09:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11541]: pam_unix(cron:session): session closed for user root
Oct 13 09:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7823]: pam_unix(cron:session): session closed for user root
Oct 13 09:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11540]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10627]: pam_unix(cron:session): session closed for user root
Oct 13 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12144]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12143]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12140]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12238]: Successful su for rubyman by root
Oct 13 09:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12238]: + ??? root:rubyman
Oct 13 09:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404158 of user rubyman.
Oct 13 09:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12238]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404158.
Oct 13 09:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8873]: pam_unix(cron:session): session closed for user root
Oct 13 09:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12142]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11082]: pam_unix(cron:session): session closed for user root
Oct 13 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12648]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12647]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12645]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12723]: Successful su for rubyman by root
Oct 13 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12723]: + ??? root:rubyman
Oct 13 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404163 of user rubyman.
Oct 13 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12723]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404163.
Oct 13 09:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9509]: pam_unix(cron:session): session closed for user root
Oct 13 09:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12646]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 09:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Invalid user postgres from 62.60.131.157
Oct 13 09:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: input_userauth_request: invalid user postgres [preauth]
Oct 13 09:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 09:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13009]: Failed password for root from 194.182.86.152 port 40176 ssh2
Oct 13 09:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13009]: Connection closed by 194.182.86.152 port 40176 [preauth]
Oct 13 09:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Failed password for invalid user postgres from 62.60.131.157 port 62453 ssh2
Oct 13 09:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Failed password for invalid user postgres from 62.60.131.157 port 62453 ssh2
Oct 13 09:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Failed password for invalid user postgres from 62.60.131.157 port 62453 ssh2
Oct 13 09:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Failed password for invalid user postgres from 62.60.131.157 port 62453 ssh2
Oct 13 09:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 09:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Failed password for invalid user postgres from 62.60.131.157 port 62453 ssh2
Oct 13 09:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Received disconnect from 62.60.131.157 port 62453:11: Bye [preauth]
Oct 13 09:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Disconnected from 62.60.131.157 port 62453 [preauth]
Oct 13 09:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 09:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 09:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11543]: pam_unix(cron:session): session closed for user root
Oct 13 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13136]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13137]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13134]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13232]: Successful su for rubyman by root
Oct 13 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13232]: + ??? root:rubyman
Oct 13 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404167 of user rubyman.
Oct 13 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13232]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404167.
Oct 13 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10119]: pam_unix(cron:session): session closed for user root
Oct 13 09:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13135]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12144]: pam_unix(cron:session): session closed for user root
Oct 13 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13710]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13711]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13708]: pam_unix(cron:session): session closed for user p13x
Oct 13 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13799]: Successful su for rubyman by root
Oct 13 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13799]: + ??? root:rubyman
Oct 13 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404171 of user rubyman.
Oct 13 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13799]: pam_unix(su:session): session closed for user rubyman
Oct 13 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404171.
Oct 13 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10626]: pam_unix(cron:session): session closed for user root
Oct 13 09:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13709]: pam_unix(cron:session): session closed for user samftp
Oct 13 09:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12648]: pam_unix(cron:session): session closed for user root
Oct 13 09:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 09:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: Did not receive identification string from 80.211.129.128
Oct 13 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14283]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14282]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14280]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14281]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14279]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14283]: pam_unix(cron:session): session closed for user root
Oct 13 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14279]: pam_unix(cron:session): session closed for user root
Oct 13 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14277]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14390]: Successful su for rubyman by root
Oct 13 10:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14390]: + ??? root:rubyman
Oct 13 10:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404175 of user rubyman.
Oct 13 10:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14390]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404175.
Oct 13 10:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14280]: pam_unix(cron:session): session closed for user root
Oct 13 10:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11081]: pam_unix(cron:session): session closed for user root
Oct 13 10:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14278]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 10:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14671]: Failed password for root from 194.182.86.152 port 38720 ssh2
Oct 13 10:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14671]: Connection closed by 194.182.86.152 port 38720 [preauth]
Oct 13 10:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13137]: pam_unix(cron:session): session closed for user root
Oct 13 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14849]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14846]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14844]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14920]: Successful su for rubyman by root
Oct 13 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14920]: + ??? root:rubyman
Oct 13 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404182 of user rubyman.
Oct 13 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14920]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404182.
Oct 13 10:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11542]: pam_unix(cron:session): session closed for user root
Oct 13 10:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14845]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13711]: pam_unix(cron:session): session closed for user root
Oct 13 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15417]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15416]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15414]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15476]: Successful su for rubyman by root
Oct 13 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15476]: + ??? root:rubyman
Oct 13 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404185 of user rubyman.
Oct 13 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15476]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404185.
Oct 13 10:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12143]: pam_unix(cron:session): session closed for user root
Oct 13 10:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15415]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14282]: pam_unix(cron:session): session closed for user root
Oct 13 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15851]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15850]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15847]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15917]: Successful su for rubyman by root
Oct 13 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15917]: + ??? root:rubyman
Oct 13 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404191 of user rubyman.
Oct 13 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15917]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404191.
Oct 13 10:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12647]: pam_unix(cron:session): session closed for user root
Oct 13 10:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15849]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14849]: pam_unix(cron:session): session closed for user root
Oct 13 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16303]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16304]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16299]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16380]: Successful su for rubyman by root
Oct 13 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16380]: + ??? root:rubyman
Oct 13 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404193 of user rubyman.
Oct 13 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16380]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404193.
Oct 13 10:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13136]: pam_unix(cron:session): session closed for user root
Oct 13 10:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16302]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15417]: pam_unix(cron:session): session closed for user root
Oct 13 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16781]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16777]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16776]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16779]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16781]: pam_unix(cron:session): session closed for user root
Oct 13 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16774]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16856]: Successful su for rubyman by root
Oct 13 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16856]: + ??? root:rubyman
Oct 13 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404197 of user rubyman.
Oct 13 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16856]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404197.
Oct 13 10:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16776]: pam_unix(cron:session): session closed for user root
Oct 13 10:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13710]: pam_unix(cron:session): session closed for user root
Oct 13 10:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16775]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15851]: pam_unix(cron:session): session closed for user root
Oct 13 10:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 13 10:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17239]: Failed password for root from 20.163.71.109 port 33938 ssh2
Oct 13 10:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17239]: Connection closed by 20.163.71.109 port 33938 [preauth]
Oct 13 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17270]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17271]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17268]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17356]: Successful su for rubyman by root
Oct 13 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17356]: + ??? root:rubyman
Oct 13 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404203 of user rubyman.
Oct 13 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17356]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404203.
Oct 13 10:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14281]: pam_unix(cron:session): session closed for user root
Oct 13 10:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17269]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16304]: pam_unix(cron:session): session closed for user root
Oct 13 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17761]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17762]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17759]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17885]: Successful su for rubyman by root
Oct 13 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17885]: + ??? root:rubyman
Oct 13 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404208 of user rubyman.
Oct 13 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17885]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404208.
Oct 13 10:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17972]: Did not receive identification string from 80.211.129.128
Oct 13 10:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14846]: pam_unix(cron:session): session closed for user root
Oct 13 10:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17760]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16779]: pam_unix(cron:session): session closed for user root
Oct 13 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18513]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18512]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18510]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18593]: Successful su for rubyman by root
Oct 13 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18593]: + ??? root:rubyman
Oct 13 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404212 of user rubyman.
Oct 13 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18593]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404212.
Oct 13 10:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15416]: pam_unix(cron:session): session closed for user root
Oct 13 10:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18511]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17271]: pam_unix(cron:session): session closed for user root
Oct 13 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19110]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19107]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19102]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19105]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19359]: Successful su for rubyman by root
Oct 13 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19359]: + ??? root:rubyman
Oct 13 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404215 of user rubyman.
Oct 13 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[19359]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404215.
Oct 13 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19102]: pam_unix(cron:session): session closed for user root
Oct 13 10:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15850]: pam_unix(cron:session): session closed for user root
Oct 13 10:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19106]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17762]: pam_unix(cron:session): session closed for user root
Oct 13 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20056]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20058]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20055]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20053]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20058]: pam_unix(cron:session): session closed for user root
Oct 13 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20051]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20145]: Successful su for rubyman by root
Oct 13 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20145]: + ??? root:rubyman
Oct 13 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404220 of user rubyman.
Oct 13 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20145]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404220.
Oct 13 10:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20053]: pam_unix(cron:session): session closed for user root
Oct 13 10:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16303]: pam_unix(cron:session): session closed for user root
Oct 13 10:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20052]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18513]: pam_unix(cron:session): session closed for user root
Oct 13 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20585]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20586]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20582]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20666]: Successful su for rubyman by root
Oct 13 10:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20666]: + ??? root:rubyman
Oct 13 10:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404227 of user rubyman.
Oct 13 10:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20666]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404227.
Oct 13 10:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16777]: pam_unix(cron:session): session closed for user root
Oct 13 10:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20584]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19110]: pam_unix(cron:session): session closed for user root
Oct 13 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21061]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21063]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21059]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21130]: Successful su for rubyman by root
Oct 13 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21130]: + ??? root:rubyman
Oct 13 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404231 of user rubyman.
Oct 13 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21130]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404231.
Oct 13 10:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17270]: pam_unix(cron:session): session closed for user root
Oct 13 10:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21060]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: User john from 151.36.143.35 not allowed because not listed in AllowUsers
Oct 13 10:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: input_userauth_request: invalid user john [preauth]
Oct 13 10:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.36.143.35  user=john
Oct 13 10:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Failed password for invalid user john from 151.36.143.35 port 26058 ssh2
Oct 13 10:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Received disconnect from 151.36.143.35 port 26058:11: Bye Bye [preauth]
Oct 13 10:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Disconnected from 151.36.143.35 port 26058 [preauth]
Oct 13 10:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20056]: pam_unix(cron:session): session closed for user root
Oct 13 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21572]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21569]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21567]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21642]: Successful su for rubyman by root
Oct 13 10:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21642]: + ??? root:rubyman
Oct 13 10:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404237 of user rubyman.
Oct 13 10:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21642]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404237.
Oct 13 10:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17761]: pam_unix(cron:session): session closed for user root
Oct 13 10:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21568]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 10:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21943]: Failed password for root from 194.182.86.152 port 57812 ssh2
Oct 13 10:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21943]: Connection closed by 194.182.86.152 port 57812 [preauth]
Oct 13 10:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20586]: pam_unix(cron:session): session closed for user root
Oct 13 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22039]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22038]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22036]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22115]: Successful su for rubyman by root
Oct 13 10:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22115]: + ??? root:rubyman
Oct 13 10:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404239 of user rubyman.
Oct 13 10:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22115]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404239.
Oct 13 10:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18512]: pam_unix(cron:session): session closed for user root
Oct 13 10:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22037]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21063]: pam_unix(cron:session): session closed for user root
Oct 13 10:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22480]: Invalid user server from 151.36.143.35
Oct 13 10:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22480]: input_userauth_request: invalid user server [preauth]
Oct 13 10:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22480]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.36.143.35
Oct 13 10:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22480]: Failed password for invalid user server from 151.36.143.35 port 26048 ssh2
Oct 13 10:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22480]: Received disconnect from 151.36.143.35 port 26048:11: Bye Bye [preauth]
Oct 13 10:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22480]: Disconnected from 151.36.143.35 port 26048 [preauth]
Oct 13 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22529]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22528]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22534]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22533]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22534]: pam_unix(cron:session): session closed for user root
Oct 13 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22526]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22613]: Successful su for rubyman by root
Oct 13 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22613]: + ??? root:rubyman
Oct 13 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404243 of user rubyman.
Oct 13 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22613]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404243.
Oct 13 10:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22528]: pam_unix(cron:session): session closed for user root
Oct 13 10:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 10:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22947]: Failed password for root from 194.182.86.152 port 42320 ssh2
Oct 13 10:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19107]: pam_unix(cron:session): session closed for user root
Oct 13 10:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22947]: Connection closed by 194.182.86.152 port 42320 [preauth]
Oct 13 10:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.205.25  user=root
Oct 13 10:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: Failed password for root from 80.211.205.25 port 49966 ssh2
Oct 13 10:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: Connection closed by 80.211.205.25 port 49966 [preauth]
Oct 13 10:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22527]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21572]: pam_unix(cron:session): session closed for user root
Oct 13 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23565]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23564]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23577]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23563]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23563]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23827]: Successful su for rubyman by root
Oct 13 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23827]: + ??? root:rubyman
Oct 13 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404248 of user rubyman.
Oct 13 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23827]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404248.
Oct 13 10:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: Invalid user runner from 151.36.143.35
Oct 13 10:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: input_userauth_request: invalid user runner [preauth]
Oct 13 10:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.36.143.35
Oct 13 10:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: Failed password for invalid user runner from 151.36.143.35 port 26306 ssh2
Oct 13 10:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: Received disconnect from 151.36.143.35 port 26306:11: Bye Bye [preauth]
Oct 13 10:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: Disconnected from 151.36.143.35 port 26306 [preauth]
Oct 13 10:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20055]: pam_unix(cron:session): session closed for user root
Oct 13 10:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23564]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22039]: pam_unix(cron:session): session closed for user root
Oct 13 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24267]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24268]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24265]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24262]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24262]: pam_unix(cron:session): session closed for user root
Oct 13 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24264]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24346]: Successful su for rubyman by root
Oct 13 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24346]: + ??? root:rubyman
Oct 13 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404256 of user rubyman.
Oct 13 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24346]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404256.
Oct 13 10:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20585]: pam_unix(cron:session): session closed for user root
Oct 13 10:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24265]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22533]: pam_unix(cron:session): session closed for user root
Oct 13 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24775]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24779]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24774]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24772]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24847]: Successful su for rubyman by root
Oct 13 10:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24847]: + ??? root:rubyman
Oct 13 10:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404258 of user rubyman.
Oct 13 10:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24847]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404258.
Oct 13 10:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21061]: pam_unix(cron:session): session closed for user root
Oct 13 10:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24774]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23577]: pam_unix(cron:session): session closed for user root
Oct 13 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25302]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25299]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25296]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25564]: Successful su for rubyman by root
Oct 13 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25564]: + ??? root:rubyman
Oct 13 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404261 of user rubyman.
Oct 13 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25564]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404261.
Oct 13 10:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21569]: pam_unix(cron:session): session closed for user root
Oct 13 10:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25298]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24268]: pam_unix(cron:session): session closed for user root
Oct 13 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26058]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26055]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26056]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26057]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26058]: pam_unix(cron:session): session closed for user root
Oct 13 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26052]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26132]: Successful su for rubyman by root
Oct 13 10:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26132]: + ??? root:rubyman
Oct 13 10:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26132]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404268 of user rubyman.
Oct 13 10:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26132]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404268.
Oct 13 10:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22038]: pam_unix(cron:session): session closed for user root
Oct 13 10:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26055]: pam_unix(cron:session): session closed for user root
Oct 13 10:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26054]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24779]: pam_unix(cron:session): session closed for user root
Oct 13 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26643]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26644]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26641]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26742]: Successful su for rubyman by root
Oct 13 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26742]: + ??? root:rubyman
Oct 13 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26742]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404273 of user rubyman.
Oct 13 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26742]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404273.
Oct 13 10:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22529]: pam_unix(cron:session): session closed for user root
Oct 13 10:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26642]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25302]: pam_unix(cron:session): session closed for user root
Oct 13 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27339]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27340]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27337]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27418]: Successful su for rubyman by root
Oct 13 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27418]: + ??? root:rubyman
Oct 13 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404275 of user rubyman.
Oct 13 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27418]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404275.
Oct 13 10:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23565]: pam_unix(cron:session): session closed for user root
Oct 13 10:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27338]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26057]: pam_unix(cron:session): session closed for user root
Oct 13 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28117]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28118]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28116]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28111]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28198]: Successful su for rubyman by root
Oct 13 10:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28198]: + ??? root:rubyman
Oct 13 10:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404279 of user rubyman.
Oct 13 10:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28198]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404279.
Oct 13 10:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24267]: pam_unix(cron:session): session closed for user root
Oct 13 10:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28116]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26644]: pam_unix(cron:session): session closed for user root
Oct 13 10:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28740]: Did not receive identification string from 80.211.129.128
Oct 13 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28823]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28824]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28820]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28920]: Successful su for rubyman by root
Oct 13 10:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28920]: + ??? root:rubyman
Oct 13 10:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404283 of user rubyman.
Oct 13 10:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28920]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404283.
Oct 13 10:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24775]: pam_unix(cron:session): session closed for user root
Oct 13 10:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28821]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27340]: pam_unix(cron:session): session closed for user root
Oct 13 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29431]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29437]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29439]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29432]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29433]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29435]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29439]: pam_unix(cron:session): session closed for user root
Oct 13 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29431]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29528]: Successful su for rubyman by root
Oct 13 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29528]: + ??? root:rubyman
Oct 13 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29528]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404288 of user rubyman.
Oct 13 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29528]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404288.
Oct 13 10:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29433]: pam_unix(cron:session): session closed for user root
Oct 13 10:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25299]: pam_unix(cron:session): session closed for user root
Oct 13 10:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29432]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28118]: pam_unix(cron:session): session closed for user root
Oct 13 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29965]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29966]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29963]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30059]: Successful su for rubyman by root
Oct 13 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30059]: + ??? root:rubyman
Oct 13 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404295 of user rubyman.
Oct 13 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30059]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404295.
Oct 13 10:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26056]: pam_unix(cron:session): session closed for user root
Oct 13 10:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29964]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28824]: pam_unix(cron:session): session closed for user root
Oct 13 10:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: Did not receive identification string from 80.211.129.128
Oct 13 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30581]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30580]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30578]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30662]: Successful su for rubyman by root
Oct 13 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30662]: + ??? root:rubyman
Oct 13 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404298 of user rubyman.
Oct 13 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30662]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404298.
Oct 13 10:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26643]: pam_unix(cron:session): session closed for user root
Oct 13 10:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30579]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29437]: pam_unix(cron:session): session closed for user root
Oct 13 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31045]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31044]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31042]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31138]: Successful su for rubyman by root
Oct 13 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31138]: + ??? root:rubyman
Oct 13 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404302 of user rubyman.
Oct 13 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31138]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404302.
Oct 13 10:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27339]: pam_unix(cron:session): session closed for user root
Oct 13 10:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31043]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: Invalid user user from 62.60.131.157
Oct 13 10:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: input_userauth_request: invalid user user [preauth]
Oct 13 10:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 10:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: Failed password for invalid user user from 62.60.131.157 port 26956 ssh2
Oct 13 10:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: Failed password for invalid user user from 62.60.131.157 port 26956 ssh2
Oct 13 10:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 10:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root@198.199.94.12 rhost=::ffff:45.142.193.185
Oct 13 10:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: Failed password for invalid user user from 62.60.131.157 port 26956 ssh2
Oct 13 10:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: Failed password for invalid user user from 62.60.131.157 port 26956 ssh2
Oct 13 10:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 13 10:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:45.142.193.185  user=root
Oct 13 10:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: Failed password for invalid user user from 62.60.131.157 port 26956 ssh2
Oct 13 10:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: Received disconnect from 62.60.131.157 port 26956:11: Bye [preauth]
Oct 13 10:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: Disconnected from 62.60.131.157 port 26956 [preauth]
Oct 13 10:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 10:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 10:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29966]: pam_unix(cron:session): session closed for user root
Oct 13 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31692]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31691]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31690]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31689]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31761]: Successful su for rubyman by root
Oct 13 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31761]: + ??? root:rubyman
Oct 13 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404305 of user rubyman.
Oct 13 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31761]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404305.
Oct 13 10:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28117]: pam_unix(cron:session): session closed for user root
Oct 13 10:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: Did not receive identification string from 121.186.31.54
Oct 13 10:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31974]: Did not receive identification string from 121.186.31.54
Oct 13 10:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31975]: Did not receive identification string from 121.186.31.54
Oct 13 10:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31977]: Did not receive identification string from 121.186.31.54
Oct 13 10:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31985]: Failed password for root from 121.186.31.54 port 34192 ssh2
Oct 13 10:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31985]: Connection closed by 121.186.31.54 port 34192 [preauth]
Oct 13 10:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31690]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31983]: Failed password for root from 121.186.31.54 port 34174 ssh2
Oct 13 10:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31980]: Failed password for root from 121.186.31.54 port 34168 ssh2
Oct 13 10:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31983]: Connection closed by 121.186.31.54 port 34174 [preauth]
Oct 13 10:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31980]: Connection closed by 121.186.31.54 port 34168 [preauth]
Oct 13 10:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: Invalid user admin from 121.186.31.54
Oct 13 10:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: input_userauth_request: invalid user admin [preauth]
Oct 13 10:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31984]: Failed password for root from 121.186.31.54 port 34180 ssh2
Oct 13 10:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31984]: Connection closed by 121.186.31.54 port 34180 [preauth]
Oct 13 10:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32019]: Invalid user admin from 121.186.31.54
Oct 13 10:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32019]: input_userauth_request: invalid user admin [preauth]
Oct 13 10:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32019]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: Invalid user admin from 121.186.31.54
Oct 13 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: input_userauth_request: invalid user admin [preauth]
Oct 13 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: Failed password for invalid user admin from 121.186.31.54 port 34196 ssh2
Oct 13 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32022]: Invalid user admin from 121.186.31.54
Oct 13 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32022]: input_userauth_request: invalid user admin [preauth]
Oct 13 10:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: Connection closed by 121.186.31.54 port 34196 [preauth]
Oct 13 10:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32022]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32019]: Failed password for invalid user admin from 121.186.31.54 port 34210 ssh2
Oct 13 10:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32019]: Connection closed by 121.186.31.54 port 34210 [preauth]
Oct 13 10:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: Failed password for invalid user admin from 121.186.31.54 port 34228 ssh2
Oct 13 10:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32022]: Failed password for invalid user admin from 121.186.31.54 port 34220 ssh2
Oct 13 10:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: Connection closed by 121.186.31.54 port 34228 [preauth]
Oct 13 10:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32022]: Connection closed by 121.186.31.54 port 34220 [preauth]
Oct 13 10:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32052]: Invalid user deploy from 121.186.31.54
Oct 13 10:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32052]: input_userauth_request: invalid user deploy [preauth]
Oct 13 10:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32052]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: Invalid user test from 121.186.31.54
Oct 13 10:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: input_userauth_request: invalid user test [preauth]
Oct 13 10:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32061]: Invalid user oracle from 121.186.31.54
Oct 13 10:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32061]: input_userauth_request: invalid user oracle [preauth]
Oct 13 10:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32061]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: Invalid user test from 121.186.31.54
Oct 13 10:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: input_userauth_request: invalid user test [preauth]
Oct 13 10:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32052]: Failed password for invalid user deploy from 121.186.31.54 port 34242 ssh2
Oct 13 10:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32061]: Failed password for invalid user oracle from 121.186.31.54 port 51666 ssh2
Oct 13 10:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: Failed password for invalid user test from 121.186.31.54 port 34230 ssh2
Oct 13 10:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32052]: Connection closed by 121.186.31.54 port 34242 [preauth]
Oct 13 10:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32061]: Connection closed by 121.186.31.54 port 51666 [preauth]
Oct 13 10:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: Connection closed by 121.186.31.54 port 34230 [preauth]
Oct 13 10:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: Invalid user user from 121.186.31.54
Oct 13 10:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: input_userauth_request: invalid user user [preauth]
Oct 13 10:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: Failed password for invalid user test from 121.186.31.54 port 51650 ssh2
Oct 13 10:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32076]: Invalid user guest from 121.186.31.54
Oct 13 10:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32076]: input_userauth_request: invalid user guest [preauth]
Oct 13 10:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: Connection closed by 121.186.31.54 port 51650 [preauth]
Oct 13 10:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32076]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: Invalid user devopsuser from 121.186.31.54
Oct 13 10:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: input_userauth_request: invalid user devopsuser [preauth]
Oct 13 10:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: Failed password for invalid user user from 121.186.31.54 port 51684 ssh2
Oct 13 10:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: Invalid user ubuntu from 121.186.31.54
Oct 13 10:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 10:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32073]: Connection closed by 121.186.31.54 port 51684 [preauth]
Oct 13 10:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32076]: Failed password for invalid user guest from 121.186.31.54 port 51698 ssh2
Oct 13 10:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32076]: Connection closed by 121.186.31.54 port 51698 [preauth]
Oct 13 10:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: Failed password for invalid user devopsuser from 121.186.31.54 port 51676 ssh2
Oct 13 10:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: Connection closed by 121.186.31.54 port 51676 [preauth]
Oct 13 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: Invalid user oracle from 121.186.31.54
Oct 13 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: input_userauth_request: invalid user oracle [preauth]
Oct 13 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: Failed password for invalid user ubuntu from 121.186.31.54 port 51702 ssh2
Oct 13 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Invalid user user from 2.57.121.112
Oct 13 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: input_userauth_request: invalid user user [preauth]
Oct 13 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32111]: Invalid user devuser from 121.186.31.54
Oct 13 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32111]: input_userauth_request: invalid user devuser [preauth]
Oct 13 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: Connection closed by 121.186.31.54 port 51702 [preauth]
Oct 13 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32111]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: Failed password for invalid user oracle from 121.186.31.54 port 51728 ssh2
Oct 13 10:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: Connection closed by 121.186.31.54 port 51728 [preauth]
Oct 13 10:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Failed password for invalid user user from 2.57.121.112 port 64831 ssh2
Oct 13 10:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32111]: Failed password for invalid user devuser from 121.186.31.54 port 51714 ssh2
Oct 13 10:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32111]: Connection closed by 121.186.31.54 port 51714 [preauth]
Oct 13 10:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: Invalid user git from 121.186.31.54
Oct 13 10:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: input_userauth_request: invalid user git [preauth]
Oct 13 10:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Failed password for invalid user user from 2.57.121.112 port 64831 ssh2
Oct 13 10:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: User mysql from 121.186.31.54 not allowed because not listed in AllowUsers
Oct 13 10:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: input_userauth_request: invalid user mysql [preauth]
Oct 13 10:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=mysql
Oct 13 10:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30581]: pam_unix(cron:session): session closed for user root
Oct 13 10:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: Failed password for invalid user git from 121.186.31.54 port 37628 ssh2
Oct 13 10:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: Failed password for root from 121.186.31.54 port 37622 ssh2
Oct 13 10:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: Connection closed by 121.186.31.54 port 37628 [preauth]
Oct 13 10:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: Connection closed by 121.186.31.54 port 37622 [preauth]
Oct 13 10:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Failed password for invalid user user from 2.57.121.112 port 64831 ssh2
Oct 13 10:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: Invalid user oracle from 121.186.31.54
Oct 13 10:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: input_userauth_request: invalid user oracle [preauth]
Oct 13 10:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: Failed password for invalid user mysql from 121.186.31.54 port 37630 ssh2
Oct 13 10:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Failed password for invalid user user from 2.57.121.112 port 64831 ssh2
Oct 13 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: Invalid user minecraft from 121.186.31.54
Oct 13 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: input_userauth_request: invalid user minecraft [preauth]
Oct 13 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: Failed password for invalid user oracle from 121.186.31.54 port 37644 ssh2
Oct 13 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: Connection closed by 121.186.31.54 port 37630 [preauth]
Oct 13 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: Connection closed by 121.186.31.54 port 37644 [preauth]
Oct 13 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Invalid user pi from 121.186.31.54
Oct 13 10:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: input_userauth_request: invalid user pi [preauth]
Oct 13 10:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Failed password for invalid user user from 2.57.121.112 port 64831 ssh2
Oct 13 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: Invalid user ts3 from 121.186.31.54
Oct 13 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: input_userauth_request: invalid user ts3 [preauth]
Oct 13 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Received disconnect from 2.57.121.112 port 64831:11: Bye [preauth]
Oct 13 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Disconnected from 2.57.121.112 port 64831 [preauth]
Oct 13 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: Failed password for invalid user minecraft from 121.186.31.54 port 37650 ssh2
Oct 13 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: Connection closed by 121.186.31.54 port 37650 [preauth]
Oct 13 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: Invalid user kali from 121.186.31.54
Oct 13 10:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: input_userauth_request: invalid user kali [preauth]
Oct 13 10:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Failed password for invalid user pi from 121.186.31.54 port 37666 ssh2
Oct 13 10:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Connection closed by 121.186.31.54 port 37666 [preauth]
Oct 13 10:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: Failed password for invalid user ts3 from 121.186.31.54 port 37698 ssh2
Oct 13 10:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: Invalid user orangepi from 121.186.31.54
Oct 13 10:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: input_userauth_request: invalid user orangepi [preauth]
Oct 13 10:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: Connection closed by 121.186.31.54 port 37698 [preauth]
Oct 13 10:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: Failed password for invalid user kali from 121.186.31.54 port 37682 ssh2
Oct 13 10:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: Connection closed by 121.186.31.54 port 37682 [preauth]
Oct 13 10:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Invalid user oracle from 121.186.31.54
Oct 13 10:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: input_userauth_request: invalid user oracle [preauth]
Oct 13 10:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: Failed password for invalid user orangepi from 121.186.31.54 port 48116 ssh2
Oct 13 10:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32263]: Connection closed by 121.186.31.54 port 48116 [preauth]
Oct 13 10:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32272]: Failed password for root from 121.186.31.54 port 48126 ssh2
Oct 13 10:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32272]: Connection closed by 121.186.31.54 port 48126 [preauth]
Oct 13 10:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Failed password for invalid user oracle from 121.186.31.54 port 48138 ssh2
Oct 13 10:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Connection closed by 121.186.31.54 port 48138 [preauth]
Oct 13 10:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32279]: Failed password for root from 121.186.31.54 port 48144 ssh2
Oct 13 10:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32279]: Connection closed by 121.186.31.54 port 48144 [preauth]
Oct 13 10:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: Invalid user postgres from 121.186.31.54
Oct 13 10:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: input_userauth_request: invalid user postgres [preauth]
Oct 13 10:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: Invalid user ubuntu from 121.186.31.54
Oct 13 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: Invalid user test from 121.186.31.54
Oct 13 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: input_userauth_request: invalid user test [preauth]
Oct 13 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32293]: Failed password for root from 121.186.31.54 port 48146 ssh2
Oct 13 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32293]: Connection closed by 121.186.31.54 port 48146 [preauth]
Oct 13 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: Failed password for invalid user postgres from 121.186.31.54 port 48160 ssh2
Oct 13 10:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: Failed password for invalid user ubuntu from 121.186.31.54 port 48172 ssh2
Oct 13 10:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: Failed password for invalid user test from 121.186.31.54 port 48174 ssh2
Oct 13 10:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: Connection closed by 121.186.31.54 port 48160 [preauth]
Oct 13 10:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32302]: Connection closed by 121.186.31.54 port 48174 [preauth]
Oct 13 10:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: Connection closed by 121.186.31.54 port 48172 [preauth]
Oct 13 10:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Invalid user test from 121.186.31.54
Oct 13 10:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: input_userauth_request: invalid user test [preauth]
Oct 13 10:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: Failed password for root from 121.186.31.54 port 48184 ssh2
Oct 13 10:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: Connection closed by 121.186.31.54 port 48184 [preauth]
Oct 13 10:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Failed password for invalid user test from 121.186.31.54 port 35472 ssh2
Oct 13 10:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Connection closed by 121.186.31.54 port 35472 [preauth]
Oct 13 10:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: Failed password for root from 121.186.31.54 port 35486 ssh2
Oct 13 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32319]: Connection closed by 121.186.31.54 port 35486 [preauth]
Oct 13 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: Invalid user pgbouncer from 121.186.31.54
Oct 13 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: input_userauth_request: invalid user pgbouncer [preauth]
Oct 13 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32346]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32345]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32347]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32348]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32348]: pam_unix(cron:session): session closed for user root
Oct 13 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32343]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32322]: Failed password for root from 121.186.31.54 port 35488 ssh2
Oct 13 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32322]: Connection closed by 121.186.31.54 port 35488 [preauth]
Oct 13 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32326]: Failed password for root from 121.186.31.54 port 35498 ssh2
Oct 13 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32326]: Connection closed by 121.186.31.54 port 35498 [preauth]
Oct 13 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: Successful su for rubyman by root
Oct 13 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: + ??? root:rubyman
Oct 13 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404313 of user rubyman.
Oct 13 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32426]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404313.
Oct 13 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: Invalid user vyos from 121.186.31.54
Oct 13 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: input_userauth_request: invalid user vyos [preauth]
Oct 13 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: Failed password for invalid user pgbouncer from 121.186.31.54 port 35500 ssh2
Oct 13 10:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: Connection closed by 121.186.31.54 port 35500 [preauth]
Oct 13 10:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: Invalid user ubnt from 121.186.31.54
Oct 13 10:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: input_userauth_request: invalid user ubnt [preauth]
Oct 13 10:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: Invalid user ansible from 121.186.31.54
Oct 13 10:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: input_userauth_request: invalid user ansible [preauth]
Oct 13 10:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: Failed password for invalid user vyos from 121.186.31.54 port 35502 ssh2
Oct 13 10:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: Connection closed by 121.186.31.54 port 35502 [preauth]
Oct 13 10:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: Failed password for invalid user ubnt from 121.186.31.54 port 35524 ssh2
Oct 13 10:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: Invalid user dspace from 121.186.31.54
Oct 13 10:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: input_userauth_request: invalid user dspace [preauth]
Oct 13 10:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: Failed password for invalid user ansible from 121.186.31.54 port 35518 ssh2
Oct 13 10:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: Connection closed by 121.186.31.54 port 35524 [preauth]
Oct 13 10:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: Connection closed by 121.186.31.54 port 35518 [preauth]
Oct 13 10:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Failed password for root from 121.186.31.54 port 38280 ssh2
Oct 13 10:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32345]: pam_unix(cron:session): session closed for user root
Oct 13 10:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Connection closed by 121.186.31.54 port 38280 [preauth]
Oct 13 10:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: Failed password for invalid user dspace from 121.186.31.54 port 38286 ssh2
Oct 13 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32540]: Connection closed by 121.186.31.54 port 38286 [preauth]
Oct 13 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32573]: Invalid user deploy from 121.186.31.54
Oct 13 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32573]: input_userauth_request: invalid user deploy [preauth]
Oct 13 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: Invalid user orangepi from 121.186.31.54
Oct 13 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: input_userauth_request: invalid user orangepi [preauth]
Oct 13 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32573]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: Failed password for root from 121.186.31.54 port 38296 ssh2
Oct 13 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28823]: pam_unix(cron:session): session closed for user root
Oct 13 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: Connection closed by 121.186.31.54 port 38296 [preauth]
Oct 13 10:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32602]: Invalid user admin from 121.186.31.54
Oct 13 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32602]: input_userauth_request: invalid user admin [preauth]
Oct 13 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32602]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32573]: Failed password for invalid user deploy from 121.186.31.54 port 38304 ssh2
Oct 13 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: Failed password for invalid user orangepi from 121.186.31.54 port 38312 ssh2
Oct 13 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32588]: Connection closed by 121.186.31.54 port 38312 [preauth]
Oct 13 10:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32573]: Connection closed by 121.186.31.54 port 38304 [preauth]
Oct 13 10:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32657]: Failed password for root from 121.186.31.54 port 38328 ssh2
Oct 13 10:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32602]: Failed password for invalid user admin from 121.186.31.54 port 38314 ssh2
Oct 13 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: Invalid user testuser from 121.186.31.54
Oct 13 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: input_userauth_request: invalid user testuser [preauth]
Oct 13 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32657]: Connection closed by 121.186.31.54 port 38328 [preauth]
Oct 13 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: Invalid user steam from 121.186.31.54
Oct 13 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: input_userauth_request: invalid user steam [preauth]
Oct 13 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32602]: Connection closed by 121.186.31.54 port 38314 [preauth]
Oct 13 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: Failed password for invalid user testuser from 121.186.31.54 port 39342 ssh2
Oct 13 10:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32683]: Invalid user ftpuser from 121.186.31.54
Oct 13 10:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32683]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 10:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: Connection closed by 121.186.31.54 port 39342 [preauth]
Oct 13 10:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: Failed password for invalid user steam from 121.186.31.54 port 39350 ssh2
Oct 13 10:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32683]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: Connection closed by 121.186.31.54 port 39350 [preauth]
Oct 13 10:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32683]: Failed password for invalid user ftpuser from 121.186.31.54 port 39366 ssh2
Oct 13 10:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32685]: Failed password for root from 121.186.31.54 port 39372 ssh2
Oct 13 10:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32685]: Connection closed by 121.186.31.54 port 39372 [preauth]
Oct 13 10:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: Failed password for root from 121.186.31.54 port 39382 ssh2
Oct 13 10:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: Connection closed by 121.186.31.54 port 39382 [preauth]
Oct 13 10:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: Invalid user amir from 151.36.143.35
Oct 13 10:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: input_userauth_request: invalid user amir [preauth]
Oct 13 10:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.36.143.35
Oct 13 10:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32344]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32683]: Connection closed by 121.186.31.54 port 39366 [preauth]
Oct 13 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: Invalid user debian from 121.186.31.54
Oct 13 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: input_userauth_request: invalid user debian [preauth]
Oct 13 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: Failed password for root from 121.186.31.54 port 39386 ssh2
Oct 13 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: Failed password for invalid user amir from 151.36.143.35 port 26812 ssh2
Oct 13 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32715]: Connection closed by 121.186.31.54 port 39386 [preauth]
Oct 13 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: Received disconnect from 151.36.143.35 port 26812:11: Bye Bye [preauth]
Oct 13 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: Disconnected from 151.36.143.35 port 26812 [preauth]
Oct 13 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32745]: Invalid user test from 121.186.31.54
Oct 13 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32745]: input_userauth_request: invalid user test [preauth]
Oct 13 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32745]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: Failed password for invalid user debian from 121.186.31.54 port 39400 ssh2
Oct 13 10:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32745]: Failed password for invalid user test from 121.186.31.54 port 39402 ssh2
Oct 13 10:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: Connection closed by 121.186.31.54 port 39400 [preauth]
Oct 13 10:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32745]: Connection closed by 121.186.31.54 port 39402 [preauth]
Oct 13 10:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32757]: Invalid user guest from 121.186.31.54
Oct 13 10:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32757]: input_userauth_request: invalid user guest [preauth]
Oct 13 10:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74  user=root
Oct 13 10:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: Invalid user git from 121.186.31.54
Oct 13 10:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: input_userauth_request: invalid user git [preauth]
Oct 13 10:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32754]: Failed password for root from 121.186.31.54 port 39404 ssh2
Oct 13 10:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32757]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32754]: Connection closed by 121.186.31.54 port 39404 [preauth]
Oct 13 10:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: Invalid user kafka from 121.186.31.54
Oct 13 10:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: input_userauth_request: invalid user kafka [preauth]
Oct 13 10:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: Failed password for root from 78.128.112.74 port 34382 ssh2
Oct 13 10:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[302]: Connection closed by 78.128.112.74 port 34382 [preauth]
Oct 13 10:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: Failed password for invalid user git from 121.186.31.54 port 46432 ssh2
Oct 13 10:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: Connection closed by 121.186.31.54 port 46432 [preauth]
Oct 13 10:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32757]: Failed password for invalid user guest from 121.186.31.54 port 46430 ssh2
Oct 13 10:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32757]: Connection closed by 121.186.31.54 port 46430 [preauth]
Oct 13 10:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: Failed password for invalid user kafka from 121.186.31.54 port 46446 ssh2
Oct 13 10:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: Invalid user deploy from 121.186.31.54
Oct 13 10:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: input_userauth_request: invalid user deploy [preauth]
Oct 13 10:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[309]: Connection closed by 121.186.31.54 port 46446 [preauth]
Oct 13 10:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[316]: Invalid user testuser from 121.186.31.54
Oct 13 10:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[316]: input_userauth_request: invalid user testuser [preauth]
Oct 13 10:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[313]: Failed password for root from 121.186.31.54 port 46462 ssh2
Oct 13 10:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[316]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[313]: Connection closed by 121.186.31.54 port 46462 [preauth]
Oct 13 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: Invalid user test from 121.186.31.54
Oct 13 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: input_userauth_request: invalid user test [preauth]
Oct 13 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: Failed password for invalid user deploy from 121.186.31.54 port 46464 ssh2
Oct 13 10:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[316]: Failed password for invalid user testuser from 121.186.31.54 port 46480 ssh2
Oct 13 10:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[316]: Connection closed by 121.186.31.54 port 46480 [preauth]
Oct 13 10:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: Connection closed by 121.186.31.54 port 46464 [preauth]
Oct 13 10:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: Invalid user guest from 121.186.31.54
Oct 13 10:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: input_userauth_request: invalid user guest [preauth]
Oct 13 10:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: Failed password for invalid user test from 121.186.31.54 port 46482 ssh2
Oct 13 10:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: Connection closed by 121.186.31.54 port 46482 [preauth]
Oct 13 10:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[350]: Invalid user postgres from 121.186.31.54
Oct 13 10:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[350]: input_userauth_request: invalid user postgres [preauth]
Oct 13 10:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: Failed password for invalid user guest from 121.186.31.54 port 46492 ssh2
Oct 13 10:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[350]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[345]: Connection closed by 121.186.31.54 port 46492 [preauth]
Oct 13 10:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[348]: Failed password for root from 121.186.31.54 port 40434 ssh2
Oct 13 10:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: Invalid user postgres from 121.186.31.54
Oct 13 10:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: input_userauth_request: invalid user postgres [preauth]
Oct 13 10:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[348]: Connection closed by 121.186.31.54 port 40434 [preauth]
Oct 13 10:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31045]: pam_unix(cron:session): session closed for user root
Oct 13 10:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Invalid user ansible from 121.186.31.54
Oct 13 10:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: input_userauth_request: invalid user ansible [preauth]
Oct 13 10:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[350]: Failed password for invalid user postgres from 121.186.31.54 port 40438 ssh2
Oct 13 10:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[350]: Connection closed by 121.186.31.54 port 40438 [preauth]
Oct 13 10:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[383]: Invalid user ubuntu from 121.186.31.54
Oct 13 10:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[383]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 10:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[383]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: Failed password for invalid user postgres from 121.186.31.54 port 40452 ssh2
Oct 13 10:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: Connection closed by 121.186.31.54 port 40452 [preauth]
Oct 13 10:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Failed password for invalid user ansible from 121.186.31.54 port 40458 ssh2
Oct 13 10:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[391]: Invalid user ubuntu from 121.186.31.54
Oct 13 10:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[391]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 10:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[391]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Connection closed by 121.186.31.54 port 40458 [preauth]
Oct 13 10:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[383]: Failed password for invalid user ubuntu from 121.186.31.54 port 40464 ssh2
Oct 13 10:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[414]: Invalid user hadoop from 121.186.31.54
Oct 13 10:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[414]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 10:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[414]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[383]: Connection closed by 121.186.31.54 port 40464 [preauth]
Oct 13 10:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[391]: Failed password for invalid user ubuntu from 121.186.31.54 port 40474 ssh2
Oct 13 10:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[391]: Connection closed by 121.186.31.54 port 40474 [preauth]
Oct 13 10:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Invalid user deploy from 121.186.31.54
Oct 13 10:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: input_userauth_request: invalid user deploy [preauth]
Oct 13 10:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[414]: Failed password for invalid user hadoop from 121.186.31.54 port 40496 ssh2
Oct 13 10:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[414]: Connection closed by 121.186.31.54 port 40496 [preauth]
Oct 13 10:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[426]: Invalid user debian from 121.186.31.54
Oct 13 10:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[426]: input_userauth_request: invalid user debian [preauth]
Oct 13 10:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[426]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Failed password for invalid user deploy from 121.186.31.54 port 40488 ssh2
Oct 13 10:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Connection closed by 121.186.31.54 port 40488 [preauth]
Oct 13 10:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Failed password for root from 121.186.31.54 port 47364 ssh2
Oct 13 10:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Connection closed by 121.186.31.54 port 47364 [preauth]
Oct 13 10:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[433]: Invalid user admin from 121.186.31.54
Oct 13 10:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[433]: input_userauth_request: invalid user admin [preauth]
Oct 13 10:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[426]: Failed password for invalid user debian from 121.186.31.54 port 47362 ssh2
Oct 13 10:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[433]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[426]: Connection closed by 121.186.31.54 port 47362 [preauth]
Oct 13 10:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: Invalid user kali from 121.186.31.54
Oct 13 10:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: input_userauth_request: invalid user kali [preauth]
Oct 13 10:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[433]: Failed password for invalid user admin from 121.186.31.54 port 47376 ssh2
Oct 13 10:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: Invalid user admin from 121.186.31.54
Oct 13 10:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: input_userauth_request: invalid user admin [preauth]
Oct 13 10:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[433]: Connection closed by 121.186.31.54 port 47376 [preauth]
Oct 13 10:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[436]: Failed password for root from 121.186.31.54 port 47386 ssh2
Oct 13 10:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[436]: Connection closed by 121.186.31.54 port 47386 [preauth]
Oct 13 10:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: Failed password for invalid user kali from 121.186.31.54 port 47394 ssh2
Oct 13 10:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[473]: Invalid user test from 121.186.31.54
Oct 13 10:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[473]: input_userauth_request: invalid user test [preauth]
Oct 13 10:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: Failed password for invalid user admin from 121.186.31.54 port 47396 ssh2
Oct 13 10:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: Connection closed by 121.186.31.54 port 47396 [preauth]
Oct 13 10:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: Connection closed by 121.186.31.54 port 47394 [preauth]
Oct 13 10:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[473]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: Invalid user odroid from 121.186.31.54
Oct 13 10:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: input_userauth_request: invalid user odroid [preauth]
Oct 13 10:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: Invalid user vpn from 121.186.31.54
Oct 13 10:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: input_userauth_request: invalid user vpn [preauth]
Oct 13 10:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: Invalid user user from 121.186.31.54
Oct 13 10:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: input_userauth_request: invalid user user [preauth]
Oct 13 10:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[473]: Failed password for invalid user test from 121.186.31.54 port 47410 ssh2
Oct 13 10:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[473]: Connection closed by 121.186.31.54 port 47410 [preauth]
Oct 13 10:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: Failed password for invalid user odroid from 121.186.31.54 port 40650 ssh2
Oct 13 10:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: Invalid user devuser from 121.186.31.54
Oct 13 10:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: input_userauth_request: invalid user devuser [preauth]
Oct 13 10:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: Connection closed by 121.186.31.54 port 40650 [preauth]
Oct 13 10:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: Failed password for invalid user user from 121.186.31.54 port 40660 ssh2
Oct 13 10:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: Connection closed by 121.186.31.54 port 40660 [preauth]
Oct 13 10:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: Failed password for invalid user vpn from 121.186.31.54 port 47418 ssh2
Oct 13 10:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: Connection closed by 121.186.31.54 port 47418 [preauth]
Oct 13 10:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: Failed password for invalid user devuser from 121.186.31.54 port 40664 ssh2
Oct 13 10:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: Connection closed by 121.186.31.54 port 40664 [preauth]
Oct 13 10:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: Invalid user user from 121.186.31.54
Oct 13 10:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: input_userauth_request: invalid user user [preauth]
Oct 13 10:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: Invalid user ubuntu from 121.186.31.54
Oct 13 10:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 10:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[520]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[521]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[518]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: Invalid user testuser from 121.186.31.54
Oct 13 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: input_userauth_request: invalid user testuser [preauth]
Oct 13 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[594]: Successful su for rubyman by root
Oct 13 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[594]: + ??? root:rubyman
Oct 13 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404315 of user rubyman.
Oct 13 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[594]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404315.
Oct 13 10:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: Failed password for invalid user user from 121.186.31.54 port 40686 ssh2
Oct 13 10:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: Failed password for invalid user ubuntu from 121.186.31.54 port 40676 ssh2
Oct 13 10:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: Connection closed by 121.186.31.54 port 40676 [preauth]
Oct 13 10:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[500]: Connection closed by 121.186.31.54 port 40686 [preauth]
Oct 13 10:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: Failed password for invalid user testuser from 121.186.31.54 port 40714 ssh2
Oct 13 10:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.38.148.202  user=root
Oct 13 10:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: Connection closed by 121.186.31.54 port 40714 [preauth]
Oct 13 10:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: Invalid user test from 121.186.31.54
Oct 13 10:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: input_userauth_request: invalid user test [preauth]
Oct 13 10:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Invalid user vpn from 121.186.31.54
Oct 13 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: input_userauth_request: invalid user vpn [preauth]
Oct 13 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[615]: Failed password for root from 89.38.148.202 port 38962 ssh2
Oct 13 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[652]: Invalid user steam from 121.186.31.54
Oct 13 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[652]: input_userauth_request: invalid user steam [preauth]
Oct 13 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[615]: Connection closed by 89.38.148.202 port 38962 [preauth]
Oct 13 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[652]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: Invalid user deploy from 121.186.31.54
Oct 13 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: input_userauth_request: invalid user deploy [preauth]
Oct 13 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: Failed password for invalid user test from 121.186.31.54 port 40700 ssh2
Oct 13 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: Connection closed by 121.186.31.54 port 40700 [preauth]
Oct 13 10:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[652]: Failed password for invalid user steam from 121.186.31.54 port 56820 ssh2
Oct 13 10:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[699]: Invalid user devopsadmin from 121.186.31.54
Oct 13 10:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[699]: input_userauth_request: invalid user devopsadmin [preauth]
Oct 13 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[699]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Failed password for invalid user vpn from 121.186.31.54 port 40728 ssh2
Oct 13 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: Failed password for invalid user deploy from 121.186.31.54 port 40730 ssh2
Oct 13 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[652]: Connection closed by 121.186.31.54 port 56820 [preauth]
Oct 13 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Connection closed by 121.186.31.54 port 40728 [preauth]
Oct 13 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: Connection closed by 121.186.31.54 port 40730 [preauth]
Oct 13 10:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: Invalid user admin from 121.186.31.54
Oct 13 10:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: input_userauth_request: invalid user admin [preauth]
Oct 13 10:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[699]: Failed password for invalid user devopsadmin from 121.186.31.54 port 56830 ssh2
Oct 13 10:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[699]: Connection closed by 121.186.31.54 port 56830 [preauth]
Oct 13 10:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: Invalid user ubuntu from 121.186.31.54
Oct 13 10:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 10:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[796]: Invalid user moxa from 121.186.31.54
Oct 13 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[796]: input_userauth_request: invalid user moxa [preauth]
Oct 13 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[796]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: Failed password for invalid user admin from 121.186.31.54 port 56832 ssh2
Oct 13 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: Failed password for root from 121.186.31.54 port 56838 ssh2
Oct 13 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29435]: pam_unix(cron:session): session closed for user root
Oct 13 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: Connection closed by 121.186.31.54 port 56832 [preauth]
Oct 13 10:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: Connection closed by 121.186.31.54 port 56838 [preauth]
Oct 13 10:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: Failed password for invalid user ubuntu from 121.186.31.54 port 56844 ssh2
Oct 13 10:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: Connection closed by 121.186.31.54 port 56844 [preauth]
Oct 13 10:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[796]: Failed password for invalid user moxa from 121.186.31.54 port 56854 ssh2
Oct 13 10:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[796]: Connection closed by 121.186.31.54 port 56854 [preauth]
Oct 13 10:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Invalid user oracle from 121.186.31.54
Oct 13 10:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: input_userauth_request: invalid user oracle [preauth]
Oct 13 10:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[854]: Invalid user admin from 121.186.31.54
Oct 13 10:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[854]: input_userauth_request: invalid user admin [preauth]
Oct 13 10:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[854]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: Invalid user guest from 121.186.31.54
Oct 13 10:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: input_userauth_request: invalid user guest [preauth]
Oct 13 10:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: Failed password for root from 121.186.31.54 port 56868 ssh2
Oct 13 10:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: Connection closed by 121.186.31.54 port 56868 [preauth]
Oct 13 10:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Failed password for invalid user oracle from 121.186.31.54 port 56874 ssh2
Oct 13 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Invalid user ubuntu from 121.186.31.54
Oct 13 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[854]: Failed password for invalid user admin from 121.186.31.54 port 60650 ssh2
Oct 13 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Connection closed by 121.186.31.54 port 56874 [preauth]
Oct 13 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[854]: Connection closed by 121.186.31.54 port 60650 [preauth]
Oct 13 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[519]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: Failed password for invalid user guest from 121.186.31.54 port 60664 ssh2
Oct 13 10:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: Connection closed by 121.186.31.54 port 60664 [preauth]
Oct 13 10:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: Invalid user test from 121.186.31.54
Oct 13 10:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: input_userauth_request: invalid user test [preauth]
Oct 13 10:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Failed password for invalid user ubuntu from 121.186.31.54 port 60678 ssh2
Oct 13 10:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Connection closed by 121.186.31.54 port 60678 [preauth]
Oct 13 10:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[939]: Invalid user testuser from 121.186.31.54
Oct 13 10:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[939]: input_userauth_request: invalid user testuser [preauth]
Oct 13 10:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[939]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: Failed password for root from 121.186.31.54 port 60704 ssh2
Oct 13 10:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: Failed password for invalid user test from 121.186.31.54 port 60694 ssh2
Oct 13 10:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: Connection closed by 121.186.31.54 port 60704 [preauth]
Oct 13 10:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[939]: Failed password for invalid user testuser from 121.186.31.54 port 60712 ssh2
Oct 13 10:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: Connection closed by 121.186.31.54 port 60694 [preauth]
Oct 13 10:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[939]: Connection closed by 121.186.31.54 port 60712 [preauth]
Oct 13 10:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: Invalid user ubuntu from 121.186.31.54
Oct 13 10:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 10:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[965]: Failed password for root from 121.186.31.54 port 60728 ssh2
Oct 13 10:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[965]: Connection closed by 121.186.31.54 port 60728 [preauth]
Oct 13 10:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: Invalid user ubnt from 121.186.31.54
Oct 13 10:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: input_userauth_request: invalid user ubnt [preauth]
Oct 13 10:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: Failed password for invalid user ubuntu from 121.186.31.54 port 60738 ssh2
Oct 13 10:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: Connection closed by 121.186.31.54 port 60738 [preauth]
Oct 13 10:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: Failed password for root from 121.186.31.54 port 51382 ssh2
Oct 13 10:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: Failed password for invalid user ubnt from 121.186.31.54 port 51376 ssh2
Oct 13 10:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1015]: Invalid user deploy from 121.186.31.54
Oct 13 10:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1015]: input_userauth_request: invalid user deploy [preauth]
Oct 13 10:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: Connection closed by 121.186.31.54 port 51382 [preauth]
Oct 13 10:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: Connection closed by 121.186.31.54 port 51376 [preauth]
Oct 13 10:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1015]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1001]: Failed password for root from 121.186.31.54 port 51384 ssh2
Oct 13 10:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1001]: Connection closed by 121.186.31.54 port 51384 [preauth]
Oct 13 10:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1020]: Invalid user ubuntu from 121.186.31.54
Oct 13 10:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1020]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 10:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1015]: Failed password for invalid user deploy from 121.186.31.54 port 51394 ssh2
Oct 13 10:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1020]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1015]: Connection closed by 121.186.31.54 port 51394 [preauth]
Oct 13 10:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: Invalid user user from 121.186.31.54
Oct 13 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: input_userauth_request: invalid user user [preauth]
Oct 13 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1020]: Failed password for invalid user ubuntu from 121.186.31.54 port 51402 ssh2
Oct 13 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: Invalid user admin from 121.186.31.54
Oct 13 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: input_userauth_request: invalid user admin [preauth]
Oct 13 10:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: Failed password for root from 121.186.31.54 port 51404 ssh2
Oct 13 10:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: Connection closed by 121.186.31.54 port 51404 [preauth]
Oct 13 10:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1020]: Connection closed by 121.186.31.54 port 51402 [preauth]
Oct 13 10:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: Failed password for invalid user user from 121.186.31.54 port 51420 ssh2
Oct 13 10:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1048]: Connection closed by 121.186.31.54 port 51420 [preauth]
Oct 13 10:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: Failed password for invalid user admin from 121.186.31.54 port 51422 ssh2
Oct 13 10:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1049]: Connection closed by 121.186.31.54 port 51422 [preauth]
Oct 13 10:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: Invalid user jenkins from 121.186.31.54
Oct 13 10:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: input_userauth_request: invalid user jenkins [preauth]
Oct 13 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1064]: Invalid user kali from 121.186.31.54
Oct 13 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1064]: input_userauth_request: invalid user kali [preauth]
Oct 13 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1064]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31692]: pam_unix(cron:session): session closed for user root
Oct 13 10:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: Failed password for invalid user jenkins from 121.186.31.54 port 48532 ssh2
Oct 13 10:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1064]: Failed password for invalid user kali from 121.186.31.54 port 48522 ssh2
Oct 13 10:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: Connection closed by 121.186.31.54 port 48532 [preauth]
Oct 13 10:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1066]: Failed password for root from 121.186.31.54 port 48524 ssh2
Oct 13 10:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1066]: Connection closed by 121.186.31.54 port 48524 [preauth]
Oct 13 10:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1064]: Connection closed by 121.186.31.54 port 48522 [preauth]
Oct 13 10:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: Failed password for root from 121.186.31.54 port 48540 ssh2
Oct 13 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: Invalid user oracle from 121.186.31.54
Oct 13 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: input_userauth_request: invalid user oracle [preauth]
Oct 13 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: Connection closed by 121.186.31.54 port 48540 [preauth]
Oct 13 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: Invalid user postgres from 121.186.31.54
Oct 13 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: input_userauth_request: invalid user postgres [preauth]
Oct 13 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: Invalid user kafka from 121.186.31.54
Oct 13 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: input_userauth_request: invalid user kafka [preauth]
Oct 13 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: Failed password for invalid user oracle from 121.186.31.54 port 48554 ssh2
Oct 13 10:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: Connection closed by 121.186.31.54 port 48554 [preauth]
Oct 13 10:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: Failed password for invalid user postgres from 121.186.31.54 port 48570 ssh2
Oct 13 10:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: Failed password for invalid user kafka from 121.186.31.54 port 48558 ssh2
Oct 13 10:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: Connection closed by 121.186.31.54 port 48558 [preauth]
Oct 13 10:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: Connection closed by 121.186.31.54 port 48570 [preauth]
Oct 13 10:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Invalid user admin from 121.186.31.54
Oct 13 10:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: input_userauth_request: invalid user admin [preauth]
Oct 13 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Invalid user odoo from 121.186.31.54
Oct 13 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: input_userauth_request: invalid user odoo [preauth]
Oct 13 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: Failed password for root from 121.186.31.54 port 48572 ssh2
Oct 13 10:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: Connection closed by 121.186.31.54 port 48572 [preauth]
Oct 13 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Failed password for invalid user admin from 121.186.31.54 port 48582 ssh2
Oct 13 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1133]: Failed password for root from 121.186.31.54 port 52186 ssh2
Oct 13 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Connection closed by 121.186.31.54 port 48582 [preauth]
Oct 13 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1133]: Connection closed by 121.186.31.54 port 52186 [preauth]
Oct 13 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Failed password for invalid user odoo from 121.186.31.54 port 52174 ssh2
Oct 13 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Connection closed by 121.186.31.54 port 52174 [preauth]
Oct 13 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1143]: Invalid user odoo18 from 121.186.31.54
Oct 13 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1143]: input_userauth_request: invalid user odoo18 [preauth]
Oct 13 10:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1143]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: Invalid user elastic from 121.186.31.54
Oct 13 10:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: input_userauth_request: invalid user elastic [preauth]
Oct 13 10:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: Invalid user kali from 121.186.31.54
Oct 13 10:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: input_userauth_request: invalid user kali [preauth]
Oct 13 10:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1143]: Failed password for invalid user odoo18 from 121.186.31.54 port 52190 ssh2
Oct 13 10:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1154]: Failed password for root from 121.186.31.54 port 52216 ssh2
Oct 13 10:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1154]: Connection closed by 121.186.31.54 port 52216 [preauth]
Oct 13 10:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: Failed password for invalid user elastic from 121.186.31.54 port 52206 ssh2
Oct 13 10:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: Connection closed by 121.186.31.54 port 52206 [preauth]
Oct 13 10:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1143]: Connection closed by 121.186.31.54 port 52190 [preauth]
Oct 13 10:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: Failed password for invalid user kali from 121.186.31.54 port 52230 ssh2
Oct 13 10:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: Invalid user pi from 121.186.31.54
Oct 13 10:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: input_userauth_request: invalid user pi [preauth]
Oct 13 10:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1156]: Connection closed by 121.186.31.54 port 52230 [preauth]
Oct 13 10:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1175]: Invalid user deployer from 121.186.31.54
Oct 13 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1175]: input_userauth_request: invalid user deployer [preauth]
Oct 13 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1178]: Invalid user pi from 121.186.31.54
Oct 13 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1178]: input_userauth_request: invalid user pi [preauth]
Oct 13 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1178]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1175]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1181]: Invalid user oracle from 121.186.31.54
Oct 13 10:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1181]: input_userauth_request: invalid user oracle [preauth]
Oct 13 10:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: Failed password for invalid user pi from 121.186.31.54 port 52246 ssh2
Oct 13 10:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1181]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1178]: Failed password for invalid user pi from 121.186.31.54 port 52250 ssh2
Oct 13 10:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: Connection closed by 121.186.31.54 port 52246 [preauth]
Oct 13 10:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1175]: Failed password for invalid user deployer from 121.186.31.54 port 52248 ssh2
Oct 13 10:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1178]: Connection closed by 121.186.31.54 port 52250 [preauth]
Oct 13 10:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1175]: Connection closed by 121.186.31.54 port 52248 [preauth]
Oct 13 10:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Invalid user jenkins from 121.186.31.54
Oct 13 10:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: input_userauth_request: invalid user jenkins [preauth]
Oct 13 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1181]: Failed password for invalid user oracle from 121.186.31.54 port 57446 ssh2
Oct 13 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Invalid user user from 121.186.31.54
Oct 13 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: input_userauth_request: invalid user user [preauth]
Oct 13 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1181]: Connection closed by 121.186.31.54 port 57446 [preauth]
Oct 13 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1194]: Invalid user deployer from 121.186.31.54
Oct 13 10:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1194]: input_userauth_request: invalid user deployer [preauth]
Oct 13 10:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1194]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: Invalid user oracle from 121.186.31.54
Oct 13 10:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: input_userauth_request: invalid user oracle [preauth]
Oct 13 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1206]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1207]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1203]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Failed password for invalid user jenkins from 121.186.31.54 port 57450 ssh2
Oct 13 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Connection closed by 121.186.31.54 port 57450 [preauth]
Oct 13 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Failed password for invalid user user from 121.186.31.54 port 57476 ssh2
Oct 13 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1197]: Connection closed by 121.186.31.54 port 57476 [preauth]
Oct 13 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1194]: Failed password for invalid user deployer from 121.186.31.54 port 57460 ssh2
Oct 13 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1289]: Successful su for rubyman by root
Oct 13 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1289]: + ??? root:rubyman
Oct 13 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1289]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404320 of user rubyman.
Oct 13 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1289]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404320.
Oct 13 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1194]: Connection closed by 121.186.31.54 port 57460 [preauth]
Oct 13 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: Failed password for invalid user oracle from 121.186.31.54 port 57484 ssh2
Oct 13 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: Invalid user deploy from 121.186.31.54
Oct 13 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: input_userauth_request: invalid user deploy [preauth]
Oct 13 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: Invalid user fa from 121.186.31.54
Oct 13 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: input_userauth_request: invalid user fa [preauth]
Oct 13 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: Connection closed by 121.186.31.54 port 57484 [preauth]
Oct 13 10:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: Invalid user postgres from 121.186.31.54
Oct 13 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: input_userauth_request: invalid user postgres [preauth]
Oct 13 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: Invalid user guest from 121.186.31.54
Oct 13 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: input_userauth_request: invalid user guest [preauth]
Oct 13 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: Failed password for invalid user deploy from 121.186.31.54 port 57486 ssh2
Oct 13 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: Failed password for invalid user fa from 121.186.31.54 port 57504 ssh2
Oct 13 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: Connection closed by 121.186.31.54 port 57486 [preauth]
Oct 13 10:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1320]: Connection closed by 121.186.31.54 port 57504 [preauth]
Oct 13 10:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: Failed password for invalid user guest from 121.186.31.54 port 43756 ssh2
Oct 13 10:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1441]: Invalid user vyos from 121.186.31.54
Oct 13 10:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1441]: input_userauth_request: invalid user vyos [preauth]
Oct 13 10:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: Invalid user devops from 151.36.143.35
Oct 13 10:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: input_userauth_request: invalid user devops [preauth]
Oct 13 10:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.36.143.35
Oct 13 10:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: Failed password for invalid user postgres from 121.186.31.54 port 57498 ssh2
Oct 13 10:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1441]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: Connection closed by 121.186.31.54 port 43756 [preauth]
Oct 13 10:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: Connection closed by 121.186.31.54 port 57498 [preauth]
Oct 13 10:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1499]: Invalid user postgres from 121.186.31.54
Oct 13 10:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1499]: input_userauth_request: invalid user postgres [preauth]
Oct 13 10:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1499]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: Failed password for invalid user devops from 151.36.143.35 port 26199 ssh2
Oct 13 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29965]: pam_unix(cron:session): session closed for user root
Oct 13 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: Received disconnect from 151.36.143.35 port 26199:11: Bye Bye [preauth]
Oct 13 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: Disconnected from 151.36.143.35 port 26199 [preauth]
Oct 13 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1441]: Failed password for invalid user vyos from 121.186.31.54 port 43764 ssh2
Oct 13 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: Failed password for root from 121.186.31.54 port 43758 ssh2
Oct 13 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1501]: Invalid user odoo18 from 121.186.31.54
Oct 13 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1501]: input_userauth_request: invalid user odoo18 [preauth]
Oct 13 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1391]: Connection closed by 121.186.31.54 port 43758 [preauth]
Oct 13 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1441]: Connection closed by 121.186.31.54 port 43764 [preauth]
Oct 13 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1501]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1499]: Failed password for invalid user postgres from 121.186.31.54 port 43768 ssh2
Oct 13 10:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1499]: Connection closed by 121.186.31.54 port 43768 [preauth]
Oct 13 10:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1501]: Failed password for invalid user odoo18 from 121.186.31.54 port 43770 ssh2
Oct 13 10:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1501]: Connection closed by 121.186.31.54 port 43770 [preauth]
Oct 13 10:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1547]: Invalid user deploy from 121.186.31.54
Oct 13 10:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1547]: input_userauth_request: invalid user deploy [preauth]
Oct 13 10:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1547]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1537]: Invalid user linaro from 121.186.31.54
Oct 13 10:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1537]: input_userauth_request: invalid user linaro [preauth]
Oct 13 10:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1537]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1547]: Failed password for invalid user deploy from 121.186.31.54 port 43794 ssh2
Oct 13 10:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: Failed password for root from 121.186.31.54 port 43784 ssh2
Oct 13 10:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1205]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1547]: Connection closed by 121.186.31.54 port 43794 [preauth]
Oct 13 10:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: Connection closed by 121.186.31.54 port 43784 [preauth]
Oct 13 10:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1537]: Failed password for invalid user linaro from 121.186.31.54 port 43788 ssh2
Oct 13 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1537]: Connection closed by 121.186.31.54 port 43788 [preauth]
Oct 13 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1578]: Invalid user ramp from 121.186.31.54
Oct 13 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1578]: input_userauth_request: invalid user ramp [preauth]
Oct 13 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1578]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: Invalid user deploy from 121.186.31.54
Oct 13 10:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: input_userauth_request: invalid user deploy [preauth]
Oct 13 10:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: Invalid user devops from 121.186.31.54
Oct 13 10:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: input_userauth_request: invalid user devops [preauth]
Oct 13 10:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1559]: Failed password for root from 121.186.31.54 port 55330 ssh2
Oct 13 10:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1559]: Connection closed by 121.186.31.54 port 55330 [preauth]
Oct 13 10:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1578]: Failed password for invalid user ramp from 121.186.31.54 port 55340 ssh2
Oct 13 10:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1578]: Connection closed by 121.186.31.54 port 55340 [preauth]
Oct 13 10:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: Failed password for invalid user deploy from 121.186.31.54 port 55350 ssh2
Oct 13 10:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: Failed password for invalid user devops from 121.186.31.54 port 55358 ssh2
Oct 13 10:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: Connection closed by 121.186.31.54 port 55358 [preauth]
Oct 13 10:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: Connection closed by 121.186.31.54 port 55350 [preauth]
Oct 13 10:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Invalid user user from 121.186.31.54
Oct 13 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: input_userauth_request: invalid user user [preauth]
Oct 13 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1615]: Invalid user vagrant from 121.186.31.54
Oct 13 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1615]: input_userauth_request: invalid user vagrant [preauth]
Oct 13 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1615]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: Invalid user admin from 121.186.31.54
Oct 13 10:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: input_userauth_request: invalid user admin [preauth]
Oct 13 10:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: Invalid user ec2-user from 121.186.31.54
Oct 13 10:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: input_userauth_request: invalid user ec2-user [preauth]
Oct 13 10:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Failed password for invalid user user from 121.186.31.54 port 55396 ssh2
Oct 13 10:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Connection closed by 121.186.31.54 port 55396 [preauth]
Oct 13 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1615]: Failed password for invalid user vagrant from 121.186.31.54 port 55404 ssh2
Oct 13 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1615]: Connection closed by 121.186.31.54 port 55404 [preauth]
Oct 13 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: Invalid user ubuntu from 121.186.31.54
Oct 13 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: Failed password for invalid user ec2-user from 121.186.31.54 port 55370 ssh2
Oct 13 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: Failed password for invalid user admin from 121.186.31.54 port 55386 ssh2
Oct 13 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: Connection closed by 121.186.31.54 port 55370 [preauth]
Oct 13 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: Connection closed by 121.186.31.54 port 55386 [preauth]
Oct 13 10:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: Invalid user ubuntu from 121.186.31.54
Oct 13 10:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 10:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: Invalid user user from 121.186.31.54
Oct 13 10:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: input_userauth_request: invalid user user [preauth]
Oct 13 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1648]: Invalid user admin from 121.186.31.54
Oct 13 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1648]: input_userauth_request: invalid user admin [preauth]
Oct 13 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1648]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: Failed password for invalid user ubuntu from 121.186.31.54 port 44164 ssh2
Oct 13 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: Connection closed by 121.186.31.54 port 44164 [preauth]
Oct 13 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: Failed password for invalid user ubuntu from 121.186.31.54 port 44168 ssh2
Oct 13 10:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: Connection closed by 121.186.31.54 port 44168 [preauth]
Oct 13 10:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: Failed password for invalid user user from 121.186.31.54 port 44174 ssh2
Oct 13 10:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: Invalid user deploy from 121.186.31.54
Oct 13 10:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: input_userauth_request: invalid user deploy [preauth]
Oct 13 10:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1648]: Failed password for invalid user admin from 121.186.31.54 port 44182 ssh2
Oct 13 10:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1645]: Connection closed by 121.186.31.54 port 44174 [preauth]
Oct 13 10:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1648]: Connection closed by 121.186.31.54 port 44182 [preauth]
Oct 13 10:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: Invalid user devops from 121.186.31.54
Oct 13 10:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: input_userauth_request: invalid user devops [preauth]
Oct 13 10:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1684]: Invalid user debian from 121.186.31.54
Oct 13 10:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1684]: input_userauth_request: invalid user debian [preauth]
Oct 13 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: Failed password for invalid user deploy from 121.186.31.54 port 44190 ssh2
Oct 13 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1684]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: Failed password for invalid user devops from 121.186.31.54 port 44206 ssh2
Oct 13 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: Invalid user kali from 121.186.31.54
Oct 13 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: input_userauth_request: invalid user kali [preauth]
Oct 13 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: Connection closed by 121.186.31.54 port 44206 [preauth]
Oct 13 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: Connection closed by 121.186.31.54 port 44190 [preauth]
Oct 13 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1684]: Failed password for invalid user debian from 121.186.31.54 port 44218 ssh2
Oct 13 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1684]: Connection closed by 121.186.31.54 port 44218 [preauth]
Oct 13 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: Failed password for invalid user kali from 121.186.31.54 port 44210 ssh2
Oct 13 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: Invalid user fa from 121.186.31.54
Oct 13 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: input_userauth_request: invalid user fa [preauth]
Oct 13 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: User mysql from 121.186.31.54 not allowed because not listed in AllowUsers
Oct 13 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: input_userauth_request: invalid user mysql [preauth]
Oct 13 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=mysql
Oct 13 10:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: Connection closed by 121.186.31.54 port 44210 [preauth]
Oct 13 10:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1700]: Invalid user devops from 121.186.31.54
Oct 13 10:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1700]: input_userauth_request: invalid user devops [preauth]
Oct 13 10:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1700]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: Failed password for invalid user fa from 121.186.31.54 port 38928 ssh2
Oct 13 10:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: Failed password for invalid user mysql from 121.186.31.54 port 38922 ssh2
Oct 13 10:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1708]: Invalid user testuser from 121.186.31.54
Oct 13 10:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1708]: input_userauth_request: invalid user testuser [preauth]
Oct 13 10:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: Connection closed by 121.186.31.54 port 38928 [preauth]
Oct 13 10:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: Connection closed by 121.186.31.54 port 38922 [preauth]
Oct 13 10:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1700]: Failed password for invalid user devops from 121.186.31.54 port 38942 ssh2
Oct 13 10:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1708]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1700]: Connection closed by 121.186.31.54 port 38942 [preauth]
Oct 13 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: Invalid user es from 121.186.31.54
Oct 13 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: input_userauth_request: invalid user es [preauth]
Oct 13 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1743]: Invalid user ubuntu from 121.186.31.54
Oct 13 10:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1743]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 10:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1743]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1708]: Failed password for invalid user testuser from 121.186.31.54 port 38954 ssh2
Oct 13 10:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1708]: Connection closed by 121.186.31.54 port 38954 [preauth]
Oct 13 10:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32347]: pam_unix(cron:session): session closed for user root
Oct 13 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: Failed password for invalid user es from 121.186.31.54 port 38966 ssh2
Oct 13 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1743]: Failed password for invalid user ubuntu from 121.186.31.54 port 38990 ssh2
Oct 13 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1743]: Connection closed by 121.186.31.54 port 38990 [preauth]
Oct 13 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1756]: Invalid user oracle from 121.186.31.54
Oct 13 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1756]: input_userauth_request: invalid user oracle [preauth]
Oct 13 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1739]: Connection closed by 121.186.31.54 port 38966 [preauth]
Oct 13 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1756]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1741]: Failed password for root from 121.186.31.54 port 38980 ssh2
Oct 13 10:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1741]: Connection closed by 121.186.31.54 port 38980 [preauth]
Oct 13 10:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Invalid user ts3 from 121.186.31.54
Oct 13 10:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: input_userauth_request: invalid user ts3 [preauth]
Oct 13 10:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1756]: Failed password for invalid user oracle from 121.186.31.54 port 39006 ssh2
Oct 13 10:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1756]: Connection closed by 121.186.31.54 port 39006 [preauth]
Oct 13 10:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: User mysql from 121.186.31.54 not allowed because not listed in AllowUsers
Oct 13 10:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: input_userauth_request: invalid user mysql [preauth]
Oct 13 10:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: Invalid user jenkins from 121.186.31.54
Oct 13 10:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: input_userauth_request: invalid user jenkins [preauth]
Oct 13 10:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=mysql
Oct 13 10:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Failed password for invalid user ts3 from 121.186.31.54 port 39008 ssh2
Oct 13 10:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: Failed password for root from 121.186.31.54 port 60648 ssh2
Oct 13 10:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Connection closed by 121.186.31.54 port 39008 [preauth]
Oct 13 10:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1772]: Connection closed by 121.186.31.54 port 60648 [preauth]
Oct 13 10:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: Failed password for invalid user jenkins from 121.186.31.54 port 60652 ssh2
Oct 13 10:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: Connection closed by 121.186.31.54 port 60652 [preauth]
Oct 13 10:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: Failed password for invalid user mysql from 121.186.31.54 port 39010 ssh2
Oct 13 10:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: Invalid user odoo from 121.186.31.54
Oct 13 10:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: input_userauth_request: invalid user odoo [preauth]
Oct 13 10:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Invalid user guest from 121.186.31.54
Oct 13 10:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: input_userauth_request: invalid user guest [preauth]
Oct 13 10:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: Connection closed by 121.186.31.54 port 39010 [preauth]
Oct 13 10:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: Invalid user vpn from 121.186.31.54
Oct 13 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: input_userauth_request: invalid user vpn [preauth]
Oct 13 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: Invalid user deploy from 121.186.31.54
Oct 13 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: input_userauth_request: invalid user deploy [preauth]
Oct 13 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Failed password for invalid user guest from 121.186.31.54 port 60658 ssh2
Oct 13 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: Failed password for invalid user odoo from 121.186.31.54 port 60660 ssh2
Oct 13 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Connection closed by 121.186.31.54 port 60658 [preauth]
Oct 13 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: Connection closed by 121.186.31.54 port 60660 [preauth]
Oct 13 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: Failed password for invalid user vpn from 121.186.31.54 port 60684 ssh2
Oct 13 10:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: Invalid user odoo18 from 121.186.31.54
Oct 13 10:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: input_userauth_request: invalid user odoo18 [preauth]
Oct 13 10:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: Failed password for invalid user deploy from 121.186.31.54 port 60668 ssh2
Oct 13 10:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: Connection closed by 121.186.31.54 port 60684 [preauth]
Oct 13 10:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1793]: Connection closed by 121.186.31.54 port 60668 [preauth]
Oct 13 10:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1813]: Failed password for root from 121.186.31.54 port 60686 ssh2
Oct 13 10:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1813]: Connection closed by 121.186.31.54 port 60686 [preauth]
Oct 13 10:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: Failed password for invalid user odoo18 from 121.186.31.54 port 60696 ssh2
Oct 13 10:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: Invalid user oracle from 121.186.31.54
Oct 13 10:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: input_userauth_request: invalid user oracle [preauth]
Oct 13 10:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1815]: Connection closed by 121.186.31.54 port 60696 [preauth]
Oct 13 10:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: Invalid user guest from 121.186.31.54
Oct 13 10:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: input_userauth_request: invalid user guest [preauth]
Oct 13 10:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: Failed password for invalid user oracle from 121.186.31.54 port 60714 ssh2
Oct 13 10:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: Connection closed by 121.186.31.54 port 60714 [preauth]
Oct 13 10:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: Failed password for root from 121.186.31.54 port 60700 ssh2
Oct 13 10:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: Connection closed by 121.186.31.54 port 60700 [preauth]
Oct 13 10:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: Failed password for invalid user guest from 121.186.31.54 port 47140 ssh2
Oct 13 10:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: Invalid user guest from 121.186.31.54
Oct 13 10:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: input_userauth_request: invalid user guest [preauth]
Oct 13 10:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: Invalid user deployer from 121.186.31.54
Oct 13 10:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: input_userauth_request: invalid user deployer [preauth]
Oct 13 10:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: Connection closed by 121.186.31.54 port 47140 [preauth]
Oct 13 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1832]: Failed password for root from 121.186.31.54 port 47146 ssh2
Oct 13 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1968]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1967]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1854]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1832]: Connection closed by 121.186.31.54 port 47146 [preauth]
Oct 13 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: Failed password for invalid user deployer from 121.186.31.54 port 47156 ssh2
Oct 13 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2038]: Successful su for rubyman by root
Oct 13 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2038]: + ??? root:rubyman
Oct 13 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404324 of user rubyman.
Oct 13 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2038]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404324.
Oct 13 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: Connection closed by 121.186.31.54 port 47156 [preauth]
Oct 13 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: Failed password for invalid user guest from 121.186.31.54 port 47148 ssh2
Oct 13 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: Connection closed by 121.186.31.54 port 47148 [preauth]
Oct 13 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: Invalid user testuser from 121.186.31.54
Oct 13 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: input_userauth_request: invalid user testuser [preauth]
Oct 13 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2061]: Invalid user pi from 121.186.31.54
Oct 13 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2061]: input_userauth_request: invalid user pi [preauth]
Oct 13 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: Invalid user testuser from 121.186.31.54
Oct 13 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: input_userauth_request: invalid user testuser [preauth]
Oct 13 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2061]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: Failed password for root from 121.186.31.54 port 47168 ssh2
Oct 13 10:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: Failed password for invalid user testuser from 121.186.31.54 port 47182 ssh2
Oct 13 10:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: Connection closed by 121.186.31.54 port 47168 [preauth]
Oct 13 10:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2023]: Connection closed by 121.186.31.54 port 47182 [preauth]
Oct 13 10:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: Failed password for invalid user testuser from 121.186.31.54 port 47196 ssh2
Oct 13 10:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2061]: Failed password for invalid user pi from 121.186.31.54 port 47186 ssh2
Oct 13 10:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2061]: Connection closed by 121.186.31.54 port 47186 [preauth]
Oct 13 10:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: Invalid user postgres from 121.186.31.54
Oct 13 10:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: input_userauth_request: invalid user postgres [preauth]
Oct 13 10:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: Connection closed by 121.186.31.54 port 47196 [preauth]
Oct 13 10:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: Invalid user ts3 from 121.186.31.54
Oct 13 10:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: input_userauth_request: invalid user ts3 [preauth]
Oct 13 10:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: User mysql from 121.186.31.54 not allowed because not listed in AllowUsers
Oct 13 10:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: input_userauth_request: invalid user mysql [preauth]
Oct 13 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=mysql
Oct 13 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: Failed password for invalid user postgres from 121.186.31.54 port 54740 ssh2
Oct 13 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: Connection closed by 121.186.31.54 port 54740 [preauth]
Oct 13 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30580]: pam_unix(cron:session): session closed for user root
Oct 13 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: Failed password for root from 121.186.31.54 port 54754 ssh2
Oct 13 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: Connection closed by 121.186.31.54 port 54754 [preauth]
Oct 13 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: Failed password for invalid user ts3 from 121.186.31.54 port 54760 ssh2
Oct 13 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: Connection closed by 121.186.31.54 port 54760 [preauth]
Oct 13 10:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: Failed password for invalid user mysql from 121.186.31.54 port 54764 ssh2
Oct 13 10:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: Connection closed by 121.186.31.54 port 54764 [preauth]
Oct 13 10:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2194]: Failed password for root from 121.186.31.54 port 54770 ssh2
Oct 13 10:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2194]: Connection closed by 121.186.31.54 port 54770 [preauth]
Oct 13 10:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: Failed password for root from 121.186.31.54 port 54786 ssh2
Oct 13 10:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: Connection closed by 121.186.31.54 port 54786 [preauth]
Oct 13 10:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: Invalid user jenkins from 121.186.31.54
Oct 13 10:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: input_userauth_request: invalid user jenkins [preauth]
Oct 13 10:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: Failed password for root from 121.186.31.54 port 54794 ssh2
Oct 13 10:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2253]: Failed password for root from 121.186.31.54 port 54806 ssh2
Oct 13 10:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: Connection closed by 121.186.31.54 port 54794 [preauth]
Oct 13 10:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2253]: Connection closed by 121.186.31.54 port 54806 [preauth]
Oct 13 10:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: Failed password for invalid user jenkins from 121.186.31.54 port 38842 ssh2
Oct 13 10:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: Connection closed by 121.186.31.54 port 38842 [preauth]
Oct 13 10:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Invalid user testuser from 121.186.31.54
Oct 13 10:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: input_userauth_request: invalid user testuser [preauth]
Oct 13 10:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: Invalid user ubuntu from 121.186.31.54
Oct 13 10:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 10:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: Failed password for root from 121.186.31.54 port 38852 ssh2
Oct 13 10:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: Connection closed by 121.186.31.54 port 38852 [preauth]
Oct 13 10:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: Failed password for invalid user ubuntu from 121.186.31.54 port 38864 ssh2
Oct 13 10:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Failed password for invalid user testuser from 121.186.31.54 port 38856 ssh2
Oct 13 10:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: Connection closed by 121.186.31.54 port 38864 [preauth]
Oct 13 10:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2289]: Connection closed by 121.186.31.54 port 38856 [preauth]
Oct 13 10:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Invalid user ansible from 121.186.31.54
Oct 13 10:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: input_userauth_request: invalid user ansible [preauth]
Oct 13 10:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 13 10:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 13 10:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Failed password for invalid user ansible from 121.186.31.54 port 38882 ssh2
Oct 13 10:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2312]: Failed password for root from 121.186.31.54 port 38874 ssh2
Oct 13 10:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2312]: Connection closed by 121.186.31.54 port 38874 [preauth]
Oct 13 10:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Connection closed by 121.186.31.54 port 38882 [preauth]
Oct 13 10:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[521]: pam_unix(cron:session): session closed for user root
Oct 13 10:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.36.143.35  user=root
Oct 13 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2367]: Failed password for root from 151.36.143.35 port 26981 ssh2
Oct 13 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2367]: Received disconnect from 151.36.143.35 port 26981:11: Bye Bye [preauth]
Oct 13 10:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2367]: Disconnected from 151.36.143.35 port 26981 [preauth]
Oct 13 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2452]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2449]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2446]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2534]: Successful su for rubyman by root
Oct 13 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2534]: + ??? root:rubyman
Oct 13 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404328 of user rubyman.
Oct 13 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2534]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404328.
Oct 13 10:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31044]: pam_unix(cron:session): session closed for user root
Oct 13 10:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2448]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1207]: pam_unix(cron:session): session closed for user root
Oct 13 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2905]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2906]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2902]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2903]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2906]: pam_unix(cron:session): session closed for user root
Oct 13 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2898]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2988]: Successful su for rubyman by root
Oct 13 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2988]: + ??? root:rubyman
Oct 13 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404331 of user rubyman.
Oct 13 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2988]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404331.
Oct 13 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3091]: Invalid user odoo17 from 151.36.143.35
Oct 13 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3091]: input_userauth_request: invalid user odoo17 [preauth]
Oct 13 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3091]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.36.143.35
Oct 13 10:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2902]: pam_unix(cron:session): session closed for user root
Oct 13 10:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3091]: Failed password for invalid user odoo17 from 151.36.143.35 port 26991 ssh2
Oct 13 10:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3091]: Received disconnect from 151.36.143.35 port 26991:11: Bye Bye [preauth]
Oct 13 10:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3091]: Disconnected from 151.36.143.35 port 26991 [preauth]
Oct 13 10:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31691]: pam_unix(cron:session): session closed for user root
Oct 13 10:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2900]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1968]: pam_unix(cron:session): session closed for user root
Oct 13 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3413]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3412]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3409]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3493]: Successful su for rubyman by root
Oct 13 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3493]: + ??? root:rubyman
Oct 13 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404338 of user rubyman.
Oct 13 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3493]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404338.
Oct 13 10:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32346]: pam_unix(cron:session): session closed for user root
Oct 13 10:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3410]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3703]: Did not receive identification string from 80.211.129.128
Oct 13 10:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: Did not receive identification string from 194.0.234.20
Oct 13 10:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2452]: pam_unix(cron:session): session closed for user root
Oct 13 10:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3865]: Did not receive identification string from 167.99.37.175
Oct 13 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3879]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3885]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3876]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3949]: Successful su for rubyman by root
Oct 13 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3949]: + ??? root:rubyman
Oct 13 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404342 of user rubyman.
Oct 13 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3949]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404342.
Oct 13 10:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[520]: pam_unix(cron:session): session closed for user root
Oct 13 10:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3877]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2905]: pam_unix(cron:session): session closed for user root
Oct 13 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4373]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4374]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4371]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4457]: Successful su for rubyman by root
Oct 13 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4457]: + ??? root:rubyman
Oct 13 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404345 of user rubyman.
Oct 13 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4457]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404345.
Oct 13 10:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1206]: pam_unix(cron:session): session closed for user root
Oct 13 10:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4372]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3413]: pam_unix(cron:session): session closed for user root
Oct 13 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4873]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4874]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4867]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4871]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5543]: Successful su for rubyman by root
Oct 13 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5543]: + ??? root:rubyman
Oct 13 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404350 of user rubyman.
Oct 13 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5543]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404350.
Oct 13 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4867]: pam_unix(cron:session): session closed for user root
Oct 13 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1967]: pam_unix(cron:session): session closed for user root
Oct 13 10:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4872]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: Did not receive identification string from 80.211.129.128
Oct 13 10:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3885]: pam_unix(cron:session): session closed for user root
Oct 13 10:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5872]: Invalid user  from 62.60.131.157
Oct 13 10:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5872]: input_userauth_request: invalid user  [preauth]
Oct 13 10:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5872]: Failed none for invalid user  from 62.60.131.157 port 62764 ssh2
Oct 13 10:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5872]: Received disconnect from 62.60.131.157 port 62764:11: Bye [preauth]
Oct 13 10:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5872]: Disconnected from 62.60.131.157 port 62764 [preauth]
Oct 13 10:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: Invalid user dspace from 151.36.143.35
Oct 13 10:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: input_userauth_request: invalid user dspace [preauth]
Oct 13 10:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.36.143.35
Oct 13 10:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: Failed password for invalid user dspace from 151.36.143.35 port 26273 ssh2
Oct 13 10:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: Received disconnect from 151.36.143.35 port 26273:11: Bye Bye [preauth]
Oct 13 10:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: Disconnected from 151.36.143.35 port 26273 [preauth]
Oct 13 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5971]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5970]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5968]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5969]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5971]: pam_unix(cron:session): session closed for user root
Oct 13 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5964]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6042]: Successful su for rubyman by root
Oct 13 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6042]: + ??? root:rubyman
Oct 13 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404357 of user rubyman.
Oct 13 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6042]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404357.
Oct 13 10:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5968]: pam_unix(cron:session): session closed for user root
Oct 13 10:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2449]: pam_unix(cron:session): session closed for user root
Oct 13 10:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5966]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 10:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6303]: Failed password for root from 194.182.86.152 port 60728 ssh2
Oct 13 10:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6303]: Connection closed by 194.182.86.152 port 60728 [preauth]
Oct 13 10:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4374]: pam_unix(cron:session): session closed for user root
Oct 13 10:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: Invalid user deployuser from 186.96.145.241
Oct 13 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: input_userauth_request: invalid user deployuser [preauth]
Oct 13 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 13 10:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: Failed password for invalid user deployuser from 186.96.145.241 port 54032 ssh2
Oct 13 10:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: Connection closed by 186.96.145.241 port 54032 [preauth]
Oct 13 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6443]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6442]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6438]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6543]: Successful su for rubyman by root
Oct 13 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6543]: + ??? root:rubyman
Oct 13 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404360 of user rubyman.
Oct 13 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6543]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404360.
Oct 13 10:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2903]: pam_unix(cron:session): session closed for user root
Oct 13 10:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: Invalid user frappe from 151.36.143.35
Oct 13 10:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: input_userauth_request: invalid user frappe [preauth]
Oct 13 10:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.36.143.35
Oct 13 10:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6440]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: Failed password for invalid user frappe from 151.36.143.35 port 26773 ssh2
Oct 13 10:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: Received disconnect from 151.36.143.35 port 26773:11: Bye Bye [preauth]
Oct 13 10:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: Disconnected from 151.36.143.35 port 26773 [preauth]
Oct 13 10:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6876]: Failed password for root from 167.99.37.175 port 60170 ssh2
Oct 13 10:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6876]: Connection closed by 167.99.37.175 port 60170 [preauth]
Oct 13 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4874]: pam_unix(cron:session): session closed for user root
Oct 13 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7011]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7013]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7009]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7105]: Successful su for rubyman by root
Oct 13 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7105]: + ??? root:rubyman
Oct 13 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404367 of user rubyman.
Oct 13 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7105]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404367.
Oct 13 10:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3412]: pam_unix(cron:session): session closed for user root
Oct 13 10:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: Failed password for root from 167.99.37.175 port 51462 ssh2
Oct 13 10:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: Connection closed by 167.99.37.175 port 51462 [preauth]
Oct 13 10:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7010]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: Invalid user zhangjiaqi from 190.103.202.7
Oct 13 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: input_userauth_request: invalid user zhangjiaqi [preauth]
Oct 13 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 13 10:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: Failed password for invalid user zhangjiaqi from 190.103.202.7 port 48454 ssh2
Oct 13 10:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: Connection closed by 190.103.202.7 port 48454 [preauth]
Oct 13 10:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5970]: pam_unix(cron:session): session closed for user root
Oct 13 10:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: Invalid user testuser from 151.36.143.35
Oct 13 10:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: input_userauth_request: invalid user testuser [preauth]
Oct 13 10:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.36.143.35
Oct 13 10:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: Failed password for invalid user testuser from 151.36.143.35 port 26998 ssh2
Oct 13 10:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: Received disconnect from 151.36.143.35 port 26998:11: Bye Bye [preauth]
Oct 13 10:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7551]: Disconnected from 151.36.143.35 port 26998 [preauth]
Oct 13 10:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7580]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7582]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7578]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7644]: Successful su for rubyman by root
Oct 13 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7644]: + ??? root:rubyman
Oct 13 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404368 of user rubyman.
Oct 13 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7644]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404368.
Oct 13 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: Failed password for root from 167.99.37.175 port 55910 ssh2
Oct 13 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7573]: Connection closed by 167.99.37.175 port 55910 [preauth]
Oct 13 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3879]: pam_unix(cron:session): session closed for user root
Oct 13 10:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7579]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6443]: pam_unix(cron:session): session closed for user root
Oct 13 10:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: Failed password for root from 167.99.37.175 port 60142 ssh2
Oct 13 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: Connection closed by 167.99.37.175 port 60142 [preauth]
Oct 13 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8485]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8486]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8483]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8556]: Successful su for rubyman by root
Oct 13 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8556]: + ??? root:rubyman
Oct 13 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404374 of user rubyman.
Oct 13 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8556]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404374.
Oct 13 10:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4373]: pam_unix(cron:session): session closed for user root
Oct 13 10:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8484]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8955]: Invalid user dev from 151.36.143.35
Oct 13 10:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8955]: input_userauth_request: invalid user dev [preauth]
Oct 13 10:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8955]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.36.143.35
Oct 13 10:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8955]: Failed password for invalid user dev from 151.36.143.35 port 26355 ssh2
Oct 13 10:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8955]: Received disconnect from 151.36.143.35 port 26355:11: Bye Bye [preauth]
Oct 13 10:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8955]: Disconnected from 151.36.143.35 port 26355 [preauth]
Oct 13 10:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7013]: pam_unix(cron:session): session closed for user root
Oct 13 10:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: Failed password for root from 167.99.37.175 port 36448 ssh2
Oct 13 10:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: Connection closed by 167.99.37.175 port 36448 [preauth]
Oct 13 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9078]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9077]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9079]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9076]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9079]: pam_unix(cron:session): session closed for user root
Oct 13 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9074]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9258]: Successful su for rubyman by root
Oct 13 10:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9258]: + ??? root:rubyman
Oct 13 10:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404377 of user rubyman.
Oct 13 10:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9258]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404377.
Oct 13 10:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9076]: pam_unix(cron:session): session closed for user root
Oct 13 10:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4873]: pam_unix(cron:session): session closed for user root
Oct 13 10:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9075]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9623]: Failed password for root from 167.99.37.175 port 36150 ssh2
Oct 13 10:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9623]: Connection closed by 167.99.37.175 port 36150 [preauth]
Oct 13 10:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7582]: pam_unix(cron:session): session closed for user root
Oct 13 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9841]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9842]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9839]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9927]: Successful su for rubyman by root
Oct 13 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9927]: + ??? root:rubyman
Oct 13 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404385 of user rubyman.
Oct 13 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9927]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404385.
Oct 13 10:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5969]: pam_unix(cron:session): session closed for user root
Oct 13 10:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9840]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Failed password for root from 167.99.37.175 port 60024 ssh2
Oct 13 10:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Connection closed by 167.99.37.175 port 60024 [preauth]
Oct 13 10:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8486]: pam_unix(cron:session): session closed for user root
Oct 13 10:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10347]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10346]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10343]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10419]: Successful su for rubyman by root
Oct 13 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10419]: + ??? root:rubyman
Oct 13 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10419]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404386 of user rubyman.
Oct 13 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10419]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404386.
Oct 13 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10338]: Failed password for root from 167.99.37.175 port 43612 ssh2
Oct 13 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10338]: Connection closed by 167.99.37.175 port 43612 [preauth]
Oct 13 10:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6442]: pam_unix(cron:session): session closed for user root
Oct 13 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10581]: Failed password for root from 194.182.86.152 port 50866 ssh2
Oct 13 10:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10581]: Connection closed by 194.182.86.152 port 50866 [preauth]
Oct 13 10:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10344]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9078]: pam_unix(cron:session): session closed for user root
Oct 13 10:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: Failed password for root from 167.99.37.175 port 36650 ssh2
Oct 13 10:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: Connection closed by 167.99.37.175 port 36650 [preauth]
Oct 13 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10828]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10829]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10824]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10898]: Successful su for rubyman by root
Oct 13 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10898]: + ??? root:rubyman
Oct 13 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404392 of user rubyman.
Oct 13 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10898]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404392.
Oct 13 10:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7011]: pam_unix(cron:session): session closed for user root
Oct 13 10:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 10:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11090]: Failed password for root from 194.182.86.152 port 46406 ssh2
Oct 13 10:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11090]: Connection closed by 194.182.86.152 port 46406 [preauth]
Oct 13 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10826]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11174]: Failed password for root from 167.99.37.175 port 55150 ssh2
Oct 13 10:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11174]: Connection closed by 167.99.37.175 port 55150 [preauth]
Oct 13 10:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9842]: pam_unix(cron:session): session closed for user root
Oct 13 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11292]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11290]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11289]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11288]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11288]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11359]: Successful su for rubyman by root
Oct 13 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11359]: + ??? root:rubyman
Oct 13 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404395 of user rubyman.
Oct 13 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11359]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404395.
Oct 13 10:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7580]: pam_unix(cron:session): session closed for user root
Oct 13 10:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11553]: Failed password for root from 167.99.37.175 port 42982 ssh2
Oct 13 10:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11553]: Connection closed by 167.99.37.175 port 42982 [preauth]
Oct 13 10:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11289]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.36.143.35  user=root
Oct 13 10:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11634]: Failed password for root from 151.36.143.35 port 26716 ssh2
Oct 13 10:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11634]: Received disconnect from 151.36.143.35 port 26716:11: Bye Bye [preauth]
Oct 13 10:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11634]: Disconnected from 151.36.143.35 port 26716 [preauth]
Oct 13 10:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10347]: pam_unix(cron:session): session closed for user root
Oct 13 10:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11841]: Failed password for root from 167.99.37.175 port 59454 ssh2
Oct 13 10:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11841]: Connection closed by 167.99.37.175 port 59454 [preauth]
Oct 13 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11865]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11869]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11866]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11871]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11870]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11871]: pam_unix(cron:session): session closed for user root
Oct 13 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11863]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11946]: Successful su for rubyman by root
Oct 13 10:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11946]: + ??? root:rubyman
Oct 13 10:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404403 of user rubyman.
Oct 13 10:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11946]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404403.
Oct 13 10:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11866]: pam_unix(cron:session): session closed for user root
Oct 13 10:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8485]: pam_unix(cron:session): session closed for user root
Oct 13 10:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11865]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10829]: pam_unix(cron:session): session closed for user root
Oct 13 10:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12292]: Failed password for root from 167.99.37.175 port 43404 ssh2
Oct 13 10:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12292]: Connection closed by 167.99.37.175 port 43404 [preauth]
Oct 13 10:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: Invalid user ubuntu from 151.38.60.253
Oct 13 10:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 10:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.38.60.253
Oct 13 10:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: Failed password for invalid user ubuntu from 151.38.60.253 port 56517 ssh2
Oct 13 10:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: Received disconnect from 151.38.60.253 port 56517:11: Bye Bye [preauth]
Oct 13 10:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: Disconnected from 151.38.60.253 port 56517 [preauth]
Oct 13 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12374]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12375]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12372]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12455]: Successful su for rubyman by root
Oct 13 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12455]: + ??? root:rubyman
Oct 13 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404406 of user rubyman.
Oct 13 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12455]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404406.
Oct 13 10:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9077]: pam_unix(cron:session): session closed for user root
Oct 13 10:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12373]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: Failed password for root from 167.99.37.175 port 51120 ssh2
Oct 13 10:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: Connection closed by 167.99.37.175 port 51120 [preauth]
Oct 13 10:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: Invalid user deon from 2.57.121.112
Oct 13 10:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: input_userauth_request: invalid user deon [preauth]
Oct 13 10:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11292]: pam_unix(cron:session): session closed for user root
Oct 13 10:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: Failed password for invalid user deon from 2.57.121.112 port 64452 ssh2
Oct 13 10:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: Failed password for invalid user deon from 2.57.121.112 port 64452 ssh2
Oct 13 10:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: Failed password for invalid user deon from 2.57.121.112 port 64452 ssh2
Oct 13 10:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: Failed password for invalid user deon from 2.57.121.112 port 64452 ssh2
Oct 13 10:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: Failed password for invalid user deon from 2.57.121.112 port 64452 ssh2
Oct 13 10:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: Received disconnect from 2.57.121.112 port 64452:11: Bye [preauth]
Oct 13 10:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: Disconnected from 2.57.121.112 port 64452 [preauth]
Oct 13 10:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 10:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12884]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12881]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12883]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12880]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12880]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12963]: Successful su for rubyman by root
Oct 13 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12963]: + ??? root:rubyman
Oct 13 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12963]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404408 of user rubyman.
Oct 13 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12963]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404408.
Oct 13 10:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: Failed password for root from 167.99.37.175 port 51776 ssh2
Oct 13 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13011]: Connection closed by 167.99.37.175 port 51776 [preauth]
Oct 13 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: User john from 151.38.60.253 not allowed because not listed in AllowUsers
Oct 13 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: input_userauth_request: invalid user john [preauth]
Oct 13 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.38.60.253  user=john
Oct 13 10:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: Failed password for invalid user john from 151.38.60.253 port 56397 ssh2
Oct 13 10:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: Received disconnect from 151.38.60.253 port 56397:11: Bye Bye [preauth]
Oct 13 10:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: Disconnected from 151.38.60.253 port 56397 [preauth]
Oct 13 10:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9841]: pam_unix(cron:session): session closed for user root
Oct 13 10:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12881]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11870]: pam_unix(cron:session): session closed for user root
Oct 13 10:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13443]: Failed password for root from 167.99.37.175 port 38024 ssh2
Oct 13 10:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13443]: Connection closed by 167.99.37.175 port 38024 [preauth]
Oct 13 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13496]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13495]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13491]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13572]: Successful su for rubyman by root
Oct 13 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13572]: + ??? root:rubyman
Oct 13 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404412 of user rubyman.
Oct 13 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13572]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404412.
Oct 13 10:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10346]: pam_unix(cron:session): session closed for user root
Oct 13 10:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13493]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: Invalid user sftpuser from 151.38.60.253
Oct 13 10:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: input_userauth_request: invalid user sftpuser [preauth]
Oct 13 10:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.38.60.253
Oct 13 10:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: Failed password for invalid user sftpuser from 151.38.60.253 port 56333 ssh2
Oct 13 10:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: Received disconnect from 151.38.60.253 port 56333:11: Bye Bye [preauth]
Oct 13 10:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: Disconnected from 151.38.60.253 port 56333 [preauth]
Oct 13 10:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Failed password for root from 167.99.37.175 port 50292 ssh2
Oct 13 10:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Connection closed by 167.99.37.175 port 50292 [preauth]
Oct 13 10:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12375]: pam_unix(cron:session): session closed for user root
Oct 13 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13979]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13980]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13977]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14131]: Successful su for rubyman by root
Oct 13 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14131]: + ??? root:rubyman
Oct 13 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404419 of user rubyman.
Oct 13 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14131]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404419.
Oct 13 10:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10828]: pam_unix(cron:session): session closed for user root
Oct 13 10:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14317]: Failed password for root from 167.99.37.175 port 35926 ssh2
Oct 13 10:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14317]: Connection closed by 167.99.37.175 port 35926 [preauth]
Oct 13 10:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13978]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12884]: pam_unix(cron:session): session closed for user root
Oct 13 10:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: Failed password for root from 167.99.37.175 port 42464 ssh2
Oct 13 10:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: Connection closed by 167.99.37.175 port 42464 [preauth]
Oct 13 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14512]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14513]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14510]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14509]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14513]: pam_unix(cron:session): session closed for user root
Oct 13 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14506]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14598]: Successful su for rubyman by root
Oct 13 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14598]: + ??? root:rubyman
Oct 13 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14598]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404420 of user rubyman.
Oct 13 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14598]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404420.
Oct 13 10:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14509]: pam_unix(cron:session): session closed for user root
Oct 13 10:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11290]: pam_unix(cron:session): session closed for user root
Oct 13 10:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14507]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13496]: pam_unix(cron:session): session closed for user root
Oct 13 10:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: Failed password for root from 167.99.37.175 port 51540 ssh2
Oct 13 10:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: Connection closed by 167.99.37.175 port 51540 [preauth]
Oct 13 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15019]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15020]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: Invalid user admin from 2.57.121.112
Oct 13 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: input_userauth_request: invalid user admin [preauth]
Oct 13 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15186]: Successful su for rubyman by root
Oct 13 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15186]: + ??? root:rubyman
Oct 13 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15186]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404427 of user rubyman.
Oct 13 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15186]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404427.
Oct 13 10:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: Failed password for invalid user admin from 2.57.121.112 port 45480 ssh2
Oct 13 10:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: Failed password for invalid user admin from 2.57.121.112 port 45480 ssh2
Oct 13 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: Failed password for root from 194.182.86.152 port 36868 ssh2
Oct 13 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: Connection closed by 194.182.86.152 port 36868 [preauth]
Oct 13 10:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: Failed password for invalid user admin from 2.57.121.112 port 45480 ssh2
Oct 13 10:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: Failed password for invalid user admin from 2.57.121.112 port 45480 ssh2
Oct 13 10:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 10:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11869]: pam_unix(cron:session): session closed for user root
Oct 13 10:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: Failed password for invalid user admin from 2.57.121.112 port 45480 ssh2
Oct 13 10:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: Received disconnect from 2.57.121.112 port 45480:11: Bye [preauth]
Oct 13 10:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: Disconnected from 2.57.121.112 port 45480 [preauth]
Oct 13 10:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 10:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 10:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15017]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: Failed password for root from 167.99.37.175 port 49994 ssh2
Oct 13 10:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: Connection closed by 167.99.37.175 port 49994 [preauth]
Oct 13 10:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13980]: pam_unix(cron:session): session closed for user root
Oct 13 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15577]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15578]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15575]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15573]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15573]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15655]: Successful su for rubyman by root
Oct 13 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15655]: + ??? root:rubyman
Oct 13 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404430 of user rubyman.
Oct 13 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15655]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404430.
Oct 13 10:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: Failed password for root from 167.99.37.175 port 35516 ssh2
Oct 13 10:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: Connection closed by 167.99.37.175 port 35516 [preauth]
Oct 13 10:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12374]: pam_unix(cron:session): session closed for user root
Oct 13 10:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15575]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14512]: pam_unix(cron:session): session closed for user root
Oct 13 10:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16009]: Failed password for root from 167.99.37.175 port 54722 ssh2
Oct 13 10:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16009]: Connection closed by 167.99.37.175 port 54722 [preauth]
Oct 13 10:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 10:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root@omarabas.com@198.199.94.12 rhost=::ffff:79.124.49.146
Oct 13 10:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 10:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root@omarabas.com rhost=::ffff:79.124.49.146
Oct 13 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16056]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16055]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16052]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16125]: Successful su for rubyman by root
Oct 13 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16125]: + ??? root:rubyman
Oct 13 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404435 of user rubyman.
Oct 13 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16125]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404435.
Oct 13 10:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12883]: pam_unix(cron:session): session closed for user root
Oct 13 10:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16053]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16420]: Failed password for root from 167.99.37.175 port 35700 ssh2
Oct 13 10:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16420]: Connection closed by 167.99.37.175 port 35700 [preauth]
Oct 13 10:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15020]: pam_unix(cron:session): session closed for user root
Oct 13 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16518]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16516]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16519]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session closed for user p13x
Oct 13 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: Successful su for rubyman by root
Oct 13 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: + ??? root:rubyman
Oct 13 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404439 of user rubyman.
Oct 13 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: pam_unix(su:session): session closed for user rubyman
Oct 13 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404439.
Oct 13 10:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13495]: pam_unix(cron:session): session closed for user root
Oct 13 10:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16516]: pam_unix(cron:session): session closed for user samftp
Oct 13 10:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: Failed password for root from 167.99.37.175 port 36566 ssh2
Oct 13 10:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: Connection closed by 167.99.37.175 port 36566 [preauth]
Oct 13 10:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15578]: pam_unix(cron:session): session closed for user root
Oct 13 10:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 10:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.37.175  user=root
Oct 13 10:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16971]: Failed password for root from 167.99.37.175 port 53182 ssh2
Oct 13 10:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16971]: Connection closed by 167.99.37.175 port 53182 [preauth]
Oct 13 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16994]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16995]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16992]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16985]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16993]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16989]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16989]: pam_unix(cron:session): session closed for user root
Oct 13 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16995]: pam_unix(cron:session): session closed for user root
Oct 13 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16985]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17121]: Successful su for rubyman by root
Oct 13 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17121]: + ??? root:rubyman
Oct 13 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404443 of user rubyman.
Oct 13 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17121]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404443.
Oct 13 11:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16992]: pam_unix(cron:session): session closed for user root
Oct 13 11:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13979]: pam_unix(cron:session): session closed for user root
Oct 13 11:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Invalid user radio from 151.36.143.35
Oct 13 11:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: input_userauth_request: invalid user radio [preauth]
Oct 13 11:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.36.143.35
Oct 13 11:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Failed password for invalid user radio from 151.36.143.35 port 26449 ssh2
Oct 13 11:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Received disconnect from 151.36.143.35 port 26449:11: Bye Bye [preauth]
Oct 13 11:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Disconnected from 151.36.143.35 port 26449 [preauth]
Oct 13 11:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16988]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16056]: pam_unix(cron:session): session closed for user root
Oct 13 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17556]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17553]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17558]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17553]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17638]: Successful su for rubyman by root
Oct 13 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17638]: + ??? root:rubyman
Oct 13 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17638]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404449 of user rubyman.
Oct 13 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17638]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404449.
Oct 13 11:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14510]: pam_unix(cron:session): session closed for user root
Oct 13 11:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17555]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: Invalid user weblogic from 151.36.143.35
Oct 13 11:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: input_userauth_request: invalid user weblogic [preauth]
Oct 13 11:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.36.143.35
Oct 13 11:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: Failed password for invalid user weblogic from 151.36.143.35 port 26878 ssh2
Oct 13 11:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: Received disconnect from 151.36.143.35 port 26878:11: Bye Bye [preauth]
Oct 13 11:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: Disconnected from 151.36.143.35 port 26878 [preauth]
Oct 13 11:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16519]: pam_unix(cron:session): session closed for user root
Oct 13 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: Did not receive identification string from 196.251.80.27
Oct 13 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18245]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18244]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18313]: Successful su for rubyman by root
Oct 13 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18313]: + ??? root:rubyman
Oct 13 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404453 of user rubyman.
Oct 13 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18313]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404453.
Oct 13 11:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15019]: pam_unix(cron:session): session closed for user root
Oct 13 11:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18243]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16994]: pam_unix(cron:session): session closed for user root
Oct 13 11:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18808]: Invalid user user from 151.36.143.35
Oct 13 11:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18808]: input_userauth_request: invalid user user [preauth]
Oct 13 11:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18808]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.36.143.35
Oct 13 11:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18808]: Failed password for invalid user user from 151.36.143.35 port 26195 ssh2
Oct 13 11:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18808]: Received disconnect from 151.36.143.35 port 26195:11: Bye Bye [preauth]
Oct 13 11:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18808]: Disconnected from 151.36.143.35 port 26195 [preauth]
Oct 13 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18841]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18840]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18836]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18914]: Successful su for rubyman by root
Oct 13 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18914]: + ??? root:rubyman
Oct 13 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404457 of user rubyman.
Oct 13 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18914]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404457.
Oct 13 11:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15577]: pam_unix(cron:session): session closed for user root
Oct 13 11:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18839]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17558]: pam_unix(cron:session): session closed for user root
Oct 13 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19696]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19697]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19695]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19694]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19694]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19834]: Successful su for rubyman by root
Oct 13 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19834]: + ??? root:rubyman
Oct 13 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404461 of user rubyman.
Oct 13 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19834]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404461.
Oct 13 11:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16055]: pam_unix(cron:session): session closed for user root
Oct 13 11:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19695]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18245]: pam_unix(cron:session): session closed for user root
Oct 13 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20291]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20289]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session closed for user root
Oct 13 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20287]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20384]: Successful su for rubyman by root
Oct 13 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20384]: + ??? root:rubyman
Oct 13 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404466 of user rubyman.
Oct 13 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20384]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404466.
Oct 13 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20360]: Did not receive identification string from 80.211.129.128
Oct 13 11:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20289]: pam_unix(cron:session): session closed for user root
Oct 13 11:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16518]: pam_unix(cron:session): session closed for user root
Oct 13 11:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20288]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18841]: pam_unix(cron:session): session closed for user root
Oct 13 11:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20807]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20805]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20803]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20882]: Successful su for rubyman by root
Oct 13 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20882]: + ??? root:rubyman
Oct 13 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404474 of user rubyman.
Oct 13 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20882]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404474.
Oct 13 11:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20789]: Failed password for root from 80.211.129.128 port 48940 ssh2
Oct 13 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20789]: Connection closed by 80.211.129.128 port 48940 [preauth]
Oct 13 11:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: Invalid user admin from 2.57.121.25
Oct 13 11:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 11:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16993]: pam_unix(cron:session): session closed for user root
Oct 13 11:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: Failed password for invalid user admin from 2.57.121.25 port 13216 ssh2
Oct 13 11:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: Failed password for invalid user admin from 2.57.121.25 port 13216 ssh2
Oct 13 11:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: Failed password for invalid user admin from 2.57.121.25 port 13216 ssh2
Oct 13 11:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20804]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: Failed password for invalid user admin from 2.57.121.25 port 13216 ssh2
Oct 13 11:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: Failed password for invalid user admin from 2.57.121.25 port 13216 ssh2
Oct 13 11:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: Received disconnect from 2.57.121.25 port 13216:11: Bye [preauth]
Oct 13 11:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: Disconnected from 2.57.121.25 port 13216 [preauth]
Oct 13 11:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 11:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21051]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 11:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19697]: pam_unix(cron:session): session closed for user root
Oct 13 11:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21220]: Did not receive identification string from 80.211.129.128
Oct 13 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21258]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21259]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21256]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21398]: Successful su for rubyman by root
Oct 13 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21398]: + ??? root:rubyman
Oct 13 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404475 of user rubyman.
Oct 13 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21398]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404475.
Oct 13 11:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17556]: pam_unix(cron:session): session closed for user root
Oct 13 11:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21257]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session closed for user root
Oct 13 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21794]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21795]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21792]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21881]: Successful su for rubyman by root
Oct 13 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21881]: + ??? root:rubyman
Oct 13 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404480 of user rubyman.
Oct 13 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21881]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404480.
Oct 13 11:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18244]: pam_unix(cron:session): session closed for user root
Oct 13 11:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21793]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22174]: Failed password for root from 196.251.80.27 port 44644 ssh2
Oct 13 11:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22174]: Connection closed by 196.251.80.27 port 44644 [preauth]
Oct 13 11:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20807]: pam_unix(cron:session): session closed for user root
Oct 13 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22302]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22297]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22301]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22299]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[22478]: Successful su for rubyman by root
Oct 13 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[22478]: + ??? root:rubyman
Oct 13 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[22478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404483 of user rubyman.
Oct 13 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[22478]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404483.
Oct 13 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22297]: pam_unix(cron:session): session closed for user root
Oct 13 11:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18840]: pam_unix(cron:session): session closed for user root
Oct 13 11:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22300]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23100]: Failed password for root from 196.251.80.27 port 35002 ssh2
Oct 13 11:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23100]: Connection closed by 196.251.80.27 port 35002 [preauth]
Oct 13 11:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21259]: pam_unix(cron:session): session closed for user root
Oct 13 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23241]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23235]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23240]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23234]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23241]: pam_unix(cron:session): session closed for user root
Oct 13 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23231]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23328]: Successful su for rubyman by root
Oct 13 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23328]: + ??? root:rubyman
Oct 13 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404491 of user rubyman.
Oct 13 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23328]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404491.
Oct 13 11:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23234]: pam_unix(cron:session): session closed for user root
Oct 13 11:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19696]: pam_unix(cron:session): session closed for user root
Oct 13 11:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23232]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21795]: pam_unix(cron:session): session closed for user root
Oct 13 11:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: Failed password for root from 196.251.80.27 port 48162 ssh2
Oct 13 11:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: Connection closed by 196.251.80.27 port 48162 [preauth]
Oct 13 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24101]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24095]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24093]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24209]: Successful su for rubyman by root
Oct 13 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24209]: + ??? root:rubyman
Oct 13 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404495 of user rubyman.
Oct 13 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24209]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404495.
Oct 13 11:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20291]: pam_unix(cron:session): session closed for user root
Oct 13 11:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24094]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22302]: pam_unix(cron:session): session closed for user root
Oct 13 11:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 11:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mtifil14@198.199.94.12 rhost=::ffff:45.142.193.185
Oct 13 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: Failed password for root from 196.251.80.27 port 55554 ssh2
Oct 13 11:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: Connection closed by 196.251.80.27 port 55554 [preauth]
Oct 13 11:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 11:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mtifil14 rhost=::ffff:45.142.193.185
Oct 13 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24655]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24657]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24651]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24731]: Successful su for rubyman by root
Oct 13 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24731]: + ??? root:rubyman
Oct 13 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24731]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404499 of user rubyman.
Oct 13 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24731]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404499.
Oct 13 11:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20805]: pam_unix(cron:session): session closed for user root
Oct 13 11:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24653]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23240]: pam_unix(cron:session): session closed for user root
Oct 13 11:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: Failed password for root from 196.251.80.27 port 59966 ssh2
Oct 13 11:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: Connection closed by 196.251.80.27 port 59966 [preauth]
Oct 13 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25149]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25146]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25144]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25244]: Successful su for rubyman by root
Oct 13 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25244]: + ??? root:rubyman
Oct 13 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404502 of user rubyman.
Oct 13 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25244]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404502.
Oct 13 11:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21258]: pam_unix(cron:session): session closed for user root
Oct 13 11:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25145]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: Invalid user bitrix from 164.68.105.9
Oct 13 11:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: input_userauth_request: invalid user bitrix [preauth]
Oct 13 11:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 11:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: Failed password for invalid user bitrix from 164.68.105.9 port 54126 ssh2
Oct 13 11:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: Connection closed by 164.68.105.9 port 54126 [preauth]
Oct 13 11:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24101]: pam_unix(cron:session): session closed for user root
Oct 13 11:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25758]: Failed password for root from 196.251.80.27 port 36142 ssh2
Oct 13 11:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25758]: Connection closed by 196.251.80.27 port 36142 [preauth]
Oct 13 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25945]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25941]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25939]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26028]: Successful su for rubyman by root
Oct 13 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26028]: + ??? root:rubyman
Oct 13 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404508 of user rubyman.
Oct 13 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26028]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404508.
Oct 13 11:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21794]: pam_unix(cron:session): session closed for user root
Oct 13 11:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25940]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24657]: pam_unix(cron:session): session closed for user root
Oct 13 11:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26320]: Failed password for root from 196.251.80.27 port 39060 ssh2
Oct 13 11:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26320]: Connection closed by 196.251.80.27 port 39060 [preauth]
Oct 13 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26518]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26516]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26517]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26515]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26514]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26518]: pam_unix(cron:session): session closed for user root
Oct 13 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26513]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26594]: Successful su for rubyman by root
Oct 13 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26594]: + ??? root:rubyman
Oct 13 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404512 of user rubyman.
Oct 13 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26594]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404512.
Oct 13 11:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26515]: pam_unix(cron:session): session closed for user root
Oct 13 11:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22301]: pam_unix(cron:session): session closed for user root
Oct 13 11:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26514]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: Failed password for root from 196.251.80.27 port 40268 ssh2
Oct 13 11:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: Connection closed by 196.251.80.27 port 40268 [preauth]
Oct 13 11:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25149]: pam_unix(cron:session): session closed for user root
Oct 13 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27245]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27244]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27241]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27320]: Successful su for rubyman by root
Oct 13 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27320]: + ??? root:rubyman
Oct 13 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404518 of user rubyman.
Oct 13 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27320]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404518.
Oct 13 11:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23235]: pam_unix(cron:session): session closed for user root
Oct 13 11:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27243]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: Failed password for root from 196.251.80.27 port 41574 ssh2
Oct 13 11:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: Connection closed by 196.251.80.27 port 41574 [preauth]
Oct 13 11:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25945]: pam_unix(cron:session): session closed for user root
Oct 13 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28033]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28032]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28027]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28027]: pam_unix(cron:session): session closed for user root
Oct 13 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28029]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28106]: Successful su for rubyman by root
Oct 13 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28106]: + ??? root:rubyman
Oct 13 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28106]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404521 of user rubyman.
Oct 13 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28106]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404521.
Oct 13 11:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24095]: pam_unix(cron:session): session closed for user root
Oct 13 11:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28031]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Failed password for root from 196.251.80.27 port 42128 ssh2
Oct 13 11:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Connection closed by 196.251.80.27 port 42128 [preauth]
Oct 13 11:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28603]: Invalid user bitrix from 164.68.105.9
Oct 13 11:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28603]: input_userauth_request: invalid user bitrix [preauth]
Oct 13 11:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28603]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 11:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26517]: pam_unix(cron:session): session closed for user root
Oct 13 11:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28603]: Failed password for invalid user bitrix from 164.68.105.9 port 60090 ssh2
Oct 13 11:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28603]: Connection closed by 164.68.105.9 port 60090 [preauth]
Oct 13 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28754]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28753]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28750]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28826]: Successful su for rubyman by root
Oct 13 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28826]: + ??? root:rubyman
Oct 13 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404527 of user rubyman.
Oct 13 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28826]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404527.
Oct 13 11:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24655]: pam_unix(cron:session): session closed for user root
Oct 13 11:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28751]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: Failed password for root from 196.251.80.27 port 42408 ssh2
Oct 13 11:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: Connection closed by 196.251.80.27 port 42408 [preauth]
Oct 13 11:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27245]: pam_unix(cron:session): session closed for user root
Oct 13 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29367]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29368]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29365]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29443]: Successful su for rubyman by root
Oct 13 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29443]: + ??? root:rubyman
Oct 13 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404530 of user rubyman.
Oct 13 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29443]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404530.
Oct 13 11:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25146]: pam_unix(cron:session): session closed for user root
Oct 13 11:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29366]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29686]: Failed password for root from 196.251.80.27 port 42376 ssh2
Oct 13 11:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29686]: Connection closed by 196.251.80.27 port 42376 [preauth]
Oct 13 11:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28033]: pam_unix(cron:session): session closed for user root
Oct 13 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29878]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29872]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29876]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29877]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29878]: pam_unix(cron:session): session closed for user root
Oct 13 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29868]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29965]: Successful su for rubyman by root
Oct 13 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29965]: + ??? root:rubyman
Oct 13 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404536 of user rubyman.
Oct 13 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29965]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404536.
Oct 13 11:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29872]: pam_unix(cron:session): session closed for user root
Oct 13 11:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25941]: pam_unix(cron:session): session closed for user root
Oct 13 11:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: Failed password for root from 196.251.80.27 port 43062 ssh2
Oct 13 11:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: Connection closed by 196.251.80.27 port 43062 [preauth]
Oct 13 11:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29870]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 11:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30271]: Failed password for root from 194.182.86.152 port 40204 ssh2
Oct 13 11:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30271]: Connection closed by 194.182.86.152 port 40204 [preauth]
Oct 13 11:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28754]: pam_unix(cron:session): session closed for user root
Oct 13 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30440]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30435]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30434]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30433]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30433]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30612]: Successful su for rubyman by root
Oct 13 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30612]: + ??? root:rubyman
Oct 13 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30612]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404539 of user rubyman.
Oct 13 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30612]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404539.
Oct 13 11:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26516]: pam_unix(cron:session): session closed for user root
Oct 13 11:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: Failed password for root from 196.251.80.27 port 42210 ssh2
Oct 13 11:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: Connection closed by 196.251.80.27 port 42210 [preauth]
Oct 13 11:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30434]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29368]: pam_unix(cron:session): session closed for user root
Oct 13 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31001]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30999]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30996]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30997]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30996]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31089]: Successful su for rubyman by root
Oct 13 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31089]: + ??? root:rubyman
Oct 13 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404544 of user rubyman.
Oct 13 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31089]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404544.
Oct 13 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31117]: Failed password for root from 196.251.80.27 port 41902 ssh2
Oct 13 11:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31117]: Connection closed by 196.251.80.27 port 41902 [preauth]
Oct 13 11:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27244]: pam_unix(cron:session): session closed for user root
Oct 13 11:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30997]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29877]: pam_unix(cron:session): session closed for user root
Oct 13 11:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31644]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31645]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31641]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: Failed password for root from 196.251.80.27 port 40932 ssh2
Oct 13 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: Connection closed by 196.251.80.27 port 40932 [preauth]
Oct 13 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31714]: Successful su for rubyman by root
Oct 13 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31714]: + ??? root:rubyman
Oct 13 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404548 of user rubyman.
Oct 13 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31714]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404548.
Oct 13 11:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28032]: pam_unix(cron:session): session closed for user root
Oct 13 11:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31642]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30440]: pam_unix(cron:session): session closed for user root
Oct 13 11:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 11:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: Failed password for root from 196.251.80.27 port 39690 ssh2
Oct 13 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32102]: Connection closed by 196.251.80.27 port 39690 [preauth]
Oct 13 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32122]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32123]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32117]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: Failed password for root from 194.182.86.152 port 37396 ssh2
Oct 13 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32104]: Connection closed by 194.182.86.152 port 37396 [preauth]
Oct 13 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32267]: Successful su for rubyman by root
Oct 13 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32267]: + ??? root:rubyman
Oct 13 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404551 of user rubyman.
Oct 13 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32267]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404551.
Oct 13 11:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28753]: pam_unix(cron:session): session closed for user root
Oct 13 11:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32121]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31001]: pam_unix(cron:session): session closed for user root
Oct 13 11:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: Failed password for root from 196.251.80.27 port 38850 ssh2
Oct 13 11:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: Connection closed by 196.251.80.27 port 38850 [preauth]
Oct 13 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32648]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32651]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32647]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32652]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32652]: pam_unix(cron:session): session closed for user root
Oct 13 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32645]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32737]: Successful su for rubyman by root
Oct 13 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32737]: + ??? root:rubyman
Oct 13 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404558 of user rubyman.
Oct 13 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32737]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404558.
Oct 13 11:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: Failed password for root from 194.182.86.152 port 55104 ssh2
Oct 13 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: Connection closed by 194.182.86.152 port 55104 [preauth]
Oct 13 11:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32647]: pam_unix(cron:session): session closed for user root
Oct 13 11:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29367]: pam_unix(cron:session): session closed for user root
Oct 13 11:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32646]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31645]: pam_unix(cron:session): session closed for user root
Oct 13 11:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: Failed password for root from 196.251.80.27 port 36620 ssh2
Oct 13 11:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: Connection closed by 196.251.80.27 port 36620 [preauth]
Oct 13 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[688]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[689]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[684]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[770]: Successful su for rubyman by root
Oct 13 11:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[770]: + ??? root:rubyman
Oct 13 11:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404563 of user rubyman.
Oct 13 11:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[770]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404563.
Oct 13 11:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29876]: pam_unix(cron:session): session closed for user root
Oct 13 11:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[686]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32123]: pam_unix(cron:session): session closed for user root
Oct 13 11:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=root
Oct 13 11:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1203]: Failed password for root from 196.251.80.27 port 35256 ssh2
Oct 13 11:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1203]: Connection closed by 196.251.80.27 port 35256 [preauth]
Oct 13 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1267]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1266]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1265]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1264]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1344]: Successful su for rubyman by root
Oct 13 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1344]: + ??? root:rubyman
Oct 13 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404566 of user rubyman.
Oct 13 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1344]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404566.
Oct 13 11:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30435]: pam_unix(cron:session): session closed for user root
Oct 13 11:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1265]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32651]: pam_unix(cron:session): session closed for user root
Oct 13 11:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: Invalid user admin from 196.251.80.27
Oct 13 11:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: Failed password for invalid user admin from 196.251.80.27 port 33326 ssh2
Oct 13 11:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1695]: Connection closed by 196.251.80.27 port 33326 [preauth]
Oct 13 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1778]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1777]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1776]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1775]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1775]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1846]: Successful su for rubyman by root
Oct 13 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1846]: + ??? root:rubyman
Oct 13 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1846]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404571 of user rubyman.
Oct 13 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1846]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404571.
Oct 13 11:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30999]: pam_unix(cron:session): session closed for user root
Oct 13 11:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1776]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: Invalid user admin from 196.251.80.27
Oct 13 11:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: Failed password for invalid user admin from 196.251.80.27 port 59324 ssh2
Oct 13 11:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2239]: Connection closed by 196.251.80.27 port 59324 [preauth]
Oct 13 11:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[689]: pam_unix(cron:session): session closed for user root
Oct 13 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2323]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2324]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2321]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2391]: Successful su for rubyman by root
Oct 13 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2391]: + ??? root:rubyman
Oct 13 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404573 of user rubyman.
Oct 13 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2391]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404573.
Oct 13 11:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31644]: pam_unix(cron:session): session closed for user root
Oct 13 11:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2322]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2676]: Invalid user admin from 196.251.80.27
Oct 13 11:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2676]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2676]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2676]: Failed password for invalid user admin from 196.251.80.27 port 57064 ssh2
Oct 13 11:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2676]: Connection closed by 196.251.80.27 port 57064 [preauth]
Oct 13 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1267]: pam_unix(cron:session): session closed for user root
Oct 13 11:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 13 11:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2753]: Failed password for root from 62.60.131.157 port 61330 ssh2
Oct 13 11:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2753]: message repeated 3 times: [ Failed password for root from 62.60.131.157 port 61330 ssh2]
Oct 13 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2778]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2774]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2776]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2779]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2780]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2773]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2780]: pam_unix(cron:session): session closed for user root
Oct 13 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2773]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2753]: Failed password for root from 62.60.131.157 port 61330 ssh2
Oct 13 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2753]: Received disconnect from 62.60.131.157 port 61330:11: Bye [preauth]
Oct 13 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2753]: Disconnected from 62.60.131.157 port 61330 [preauth]
Oct 13 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2753]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 13 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2753]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2855]: Successful su for rubyman by root
Oct 13 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2855]: + ??? root:rubyman
Oct 13 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404578 of user rubyman.
Oct 13 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2855]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404578.
Oct 13 11:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2776]: pam_unix(cron:session): session closed for user root
Oct 13 11:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32122]: pam_unix(cron:session): session closed for user root
Oct 13 11:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2774]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: Invalid user admin from 196.251.80.27
Oct 13 11:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: Failed password for invalid user admin from 196.251.80.27 port 53604 ssh2
Oct 13 11:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: Connection closed by 196.251.80.27 port 53604 [preauth]
Oct 13 11:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1778]: pam_unix(cron:session): session closed for user root
Oct 13 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3253]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3254]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3251]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3249]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3351]: Successful su for rubyman by root
Oct 13 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3351]: + ??? root:rubyman
Oct 13 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404585 of user rubyman.
Oct 13 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3351]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404585.
Oct 13 11:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32648]: pam_unix(cron:session): session closed for user root
Oct 13 11:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3251]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3573]: Invalid user admin from 196.251.80.27
Oct 13 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3573]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3573]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3573]: Failed password for invalid user admin from 196.251.80.27 port 49716 ssh2
Oct 13 11:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3573]: Connection closed by 196.251.80.27 port 49716 [preauth]
Oct 13 11:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2324]: pam_unix(cron:session): session closed for user root
Oct 13 11:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3720]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3721]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3716]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3806]: Successful su for rubyman by root
Oct 13 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3806]: + ??? root:rubyman
Oct 13 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404587 of user rubyman.
Oct 13 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3806]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404587.
Oct 13 11:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[688]: pam_unix(cron:session): session closed for user root
Oct 13 11:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3986]: Invalid user admin from 196.251.80.27
Oct 13 11:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3986]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3986]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3986]: Failed password for invalid user admin from 196.251.80.27 port 45218 ssh2
Oct 13 11:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3986]: Connection closed by 196.251.80.27 port 45218 [preauth]
Oct 13 11:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3717]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4051]: Connection closed by 167.99.208.197 port 47526 [preauth]
Oct 13 11:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: Connection closed by 167.99.208.197 port 47528 [preauth]
Oct 13 11:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4061]: Connection closed by 167.99.208.197 port 42798 [preauth]
Oct 13 11:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4065]: Connection closed by 167.99.208.197 port 42810 [preauth]
Oct 13 11:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Connection closed by 167.99.208.197 port 42814 [preauth]
Oct 13 11:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: Connection closed by 167.99.208.197 port 42816 [preauth]
Oct 13 11:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4083]: Connection closed by 167.99.208.197 port 42830 [preauth]
Oct 13 11:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4085]: Connection closed by 167.99.208.197 port 42834 [preauth]
Oct 13 11:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: Connection closed by 167.99.208.197 port 42842 [preauth]
Oct 13 11:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4103]: Connection closed by 167.99.208.197 port 42846 [preauth]
Oct 13 11:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4111]: Connection closed by 167.99.208.197 port 42854 [preauth]
Oct 13 11:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4123]: Connection closed by 167.99.208.197 port 52440 [preauth]
Oct 13 11:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4129]: Connection closed by 167.99.208.197 port 52442 [preauth]
Oct 13 11:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4131]: Connection closed by 167.99.208.197 port 52458 [preauth]
Oct 13 11:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: Connection closed by 167.99.208.197 port 52462 [preauth]
Oct 13 11:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2779]: pam_unix(cron:session): session closed for user root
Oct 13 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4282]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4283]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4279]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: Invalid user admin from 196.251.80.27
Oct 13 11:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4351]: Successful su for rubyman by root
Oct 13 11:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4351]: + ??? root:rubyman
Oct 13 11:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404591 of user rubyman.
Oct 13 11:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4351]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404591.
Oct 13 11:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: Failed password for invalid user admin from 196.251.80.27 port 39658 ssh2
Oct 13 11:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4277]: Connection closed by 196.251.80.27 port 39658 [preauth]
Oct 13 11:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1266]: pam_unix(cron:session): session closed for user root
Oct 13 11:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4281]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3254]: pam_unix(cron:session): session closed for user root
Oct 13 11:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: Invalid user admin from 196.251.80.27
Oct 13 11:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: Failed password for invalid user admin from 196.251.80.27 port 33316 ssh2
Oct 13 11:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: Connection closed by 196.251.80.27 port 33316 [preauth]
Oct 13 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4770]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4771]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4769]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4768]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4768]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4840]: Successful su for rubyman by root
Oct 13 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4840]: + ??? root:rubyman
Oct 13 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404595 of user rubyman.
Oct 13 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4840]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404595.
Oct 13 11:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1777]: pam_unix(cron:session): session closed for user root
Oct 13 11:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4769]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3721]: pam_unix(cron:session): session closed for user root
Oct 13 11:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5664]: Invalid user admin from 196.251.80.27
Oct 13 11:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5664]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5664]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5664]: Failed password for invalid user admin from 196.251.80.27 port 54346 ssh2
Oct 13 11:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5664]: Connection closed by 196.251.80.27 port 54346 [preauth]
Oct 13 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5724]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5726]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5727]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5729]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5729]: pam_unix(cron:session): session closed for user root
Oct 13 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5721]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5815]: Successful su for rubyman by root
Oct 13 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5815]: + ??? root:rubyman
Oct 13 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404601 of user rubyman.
Oct 13 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5815]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404601.
Oct 13 11:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5724]: pam_unix(cron:session): session closed for user root
Oct 13 11:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2323]: pam_unix(cron:session): session closed for user root
Oct 13 11:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5722]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: Invalid user admin from 196.251.80.27
Oct 13 11:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: Failed password for invalid user admin from 196.251.80.27 port 46812 ssh2
Oct 13 11:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: Connection closed by 196.251.80.27 port 46812 [preauth]
Oct 13 11:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4283]: pam_unix(cron:session): session closed for user root
Oct 13 11:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Invalid user user from 62.60.131.157
Oct 13 11:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: input_userauth_request: invalid user user [preauth]
Oct 13 11:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 11:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Failed password for invalid user user from 62.60.131.157 port 59528 ssh2
Oct 13 11:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Failed password for invalid user user from 62.60.131.157 port 59528 ssh2
Oct 13 11:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:165.154.120.30
Oct 13 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Failed password for invalid user user from 62.60.131.157 port 59528 ssh2
Oct 13 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6259]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6258]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Failed password for invalid user user from 62.60.131.157 port 59528 ssh2
Oct 13 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6255]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6332]: Successful su for rubyman by root
Oct 13 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6332]: + ??? root:rubyman
Oct 13 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404606 of user rubyman.
Oct 13 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6332]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404606.
Oct 13 11:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Failed password for invalid user user from 62.60.131.157 port 59528 ssh2
Oct 13 11:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Received disconnect from 62.60.131.157 port 59528:11: Bye [preauth]
Oct 13 11:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: Disconnected from 62.60.131.157 port 59528 [preauth]
Oct 13 11:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 11:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6217]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 11:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2778]: pam_unix(cron:session): session closed for user root
Oct 13 11:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6256]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: Invalid user admin from 196.251.80.27
Oct 13 11:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: Failed password for invalid user admin from 196.251.80.27 port 38956 ssh2
Oct 13 11:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: Connection closed by 196.251.80.27 port 38956 [preauth]
Oct 13 11:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4771]: pam_unix(cron:session): session closed for user root
Oct 13 11:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: Did not receive identification string from 80.211.129.128
Oct 13 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6817]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6818]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6815]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6893]: Successful su for rubyman by root
Oct 13 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6893]: + ??? root:rubyman
Oct 13 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404610 of user rubyman.
Oct 13 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6893]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404610.
Oct 13 11:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3253]: pam_unix(cron:session): session closed for user root
Oct 13 11:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: Invalid user admin from 196.251.80.27
Oct 13 11:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: Failed password for invalid user admin from 196.251.80.27 port 59554 ssh2
Oct 13 11:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: Connection closed by 196.251.80.27 port 59554 [preauth]
Oct 13 11:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7224]: Did not receive identification string from 123.56.86.32
Oct 13 11:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6816]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5727]: pam_unix(cron:session): session closed for user root
Oct 13 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7365]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7364]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7362]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7444]: Successful su for rubyman by root
Oct 13 11:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7444]: + ??? root:rubyman
Oct 13 11:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404614 of user rubyman.
Oct 13 11:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7444]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404614.
Oct 13 11:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: Invalid user admin from 196.251.80.27
Oct 13 11:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: Failed password for invalid user admin from 196.251.80.27 port 51148 ssh2
Oct 13 11:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7433]: Connection closed by 196.251.80.27 port 51148 [preauth]
Oct 13 11:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3720]: pam_unix(cron:session): session closed for user root
Oct 13 11:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6259]: pam_unix(cron:session): session closed for user root
Oct 13 11:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: Invalid user admin from 196.251.80.27
Oct 13 11:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: Failed password for invalid user admin from 196.251.80.27 port 40942 ssh2
Oct 13 11:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: Connection closed by 196.251.80.27 port 40942 [preauth]
Oct 13 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7842]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7843]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7837]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7839]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[8455]: Successful su for rubyman by root
Oct 13 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[8455]: + ??? root:rubyman
Oct 13 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[8455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404618 of user rubyman.
Oct 13 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[8455]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404618.
Oct 13 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7837]: pam_unix(cron:session): session closed for user root
Oct 13 11:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4282]: pam_unix(cron:session): session closed for user root
Oct 13 11:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7840]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6818]: pam_unix(cron:session): session closed for user root
Oct 13 11:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: Invalid user admin from 196.251.80.27
Oct 13 11:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: Failed password for invalid user admin from 196.251.80.27 port 58862 ssh2
Oct 13 11:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: Connection closed by 196.251.80.27 port 58862 [preauth]
Oct 13 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8956]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8955]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8957]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8958]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8958]: pam_unix(cron:session): session closed for user root
Oct 13 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8953]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9048]: Successful su for rubyman by root
Oct 13 11:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9048]: + ??? root:rubyman
Oct 13 11:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404626 of user rubyman.
Oct 13 11:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9048]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404626.
Oct 13 11:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8955]: pam_unix(cron:session): session closed for user root
Oct 13 11:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4770]: pam_unix(cron:session): session closed for user root
Oct 13 11:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8954]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: Invalid user admin from 196.251.80.27
Oct 13 11:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: Failed password for invalid user admin from 196.251.80.27 port 47342 ssh2
Oct 13 11:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: Connection closed by 196.251.80.27 port 47342 [preauth]
Oct 13 11:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7365]: pam_unix(cron:session): session closed for user root
Oct 13 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9599]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9600]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9595]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9812]: Successful su for rubyman by root
Oct 13 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9812]: + ??? root:rubyman
Oct 13 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404629 of user rubyman.
Oct 13 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9812]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404629.
Oct 13 11:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: Invalid user chris from 20.163.71.109
Oct 13 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: input_userauth_request: invalid user chris [preauth]
Oct 13 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 13 11:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: Failed password for invalid user chris from 20.163.71.109 port 54346 ssh2
Oct 13 11:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9858]: Connection closed by 20.163.71.109 port 54346 [preauth]
Oct 13 11:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5726]: pam_unix(cron:session): session closed for user root
Oct 13 11:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9596]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10072]: Invalid user admin from 196.251.80.27
Oct 13 11:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10072]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10072]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10072]: Failed password for invalid user admin from 196.251.80.27 port 38482 ssh2
Oct 13 11:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10072]: Connection closed by 196.251.80.27 port 38482 [preauth]
Oct 13 11:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Invalid user ubnt from 62.60.131.157
Oct 13 11:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: input_userauth_request: invalid user ubnt [preauth]
Oct 13 11:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 11:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Failed password for invalid user ubnt from 62.60.131.157 port 62419 ssh2
Oct 13 11:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Failed password for invalid user ubnt from 62.60.131.157 port 62419 ssh2
Oct 13 11:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Failed password for invalid user ubnt from 62.60.131.157 port 62419 ssh2
Oct 13 11:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Failed password for invalid user ubnt from 62.60.131.157 port 62419 ssh2
Oct 13 11:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7843]: pam_unix(cron:session): session closed for user root
Oct 13 11:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Failed password for invalid user ubnt from 62.60.131.157 port 62419 ssh2
Oct 13 11:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Received disconnect from 62.60.131.157 port 62419:11: Bye [preauth]
Oct 13 11:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Disconnected from 62.60.131.157 port 62419 [preauth]
Oct 13 11:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 11:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10227]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10226]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10223]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10297]: Successful su for rubyman by root
Oct 13 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10297]: + ??? root:rubyman
Oct 13 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404632 of user rubyman.
Oct 13 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10297]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404632.
Oct 13 11:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10466]: Invalid user admin from 196.251.80.27
Oct 13 11:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10466]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10466]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6258]: pam_unix(cron:session): session closed for user root
Oct 13 11:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10466]: Failed password for invalid user admin from 196.251.80.27 port 57252 ssh2
Oct 13 11:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10466]: Connection closed by 196.251.80.27 port 57252 [preauth]
Oct 13 11:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10224]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8957]: pam_unix(cron:session): session closed for user root
Oct 13 11:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 11:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: Failed password for root from 194.182.86.152 port 42788 ssh2
Oct 13 11:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: Connection closed by 194.182.86.152 port 42788 [preauth]
Oct 13 11:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: Invalid user admin from 196.251.80.27
Oct 13 11:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: Failed password for invalid user admin from 196.251.80.27 port 46624 ssh2
Oct 13 11:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: Connection closed by 196.251.80.27 port 46624 [preauth]
Oct 13 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10709]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10710]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10707]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10783]: Successful su for rubyman by root
Oct 13 11:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10783]: + ??? root:rubyman
Oct 13 11:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404637 of user rubyman.
Oct 13 11:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10783]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404637.
Oct 13 11:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6817]: pam_unix(cron:session): session closed for user root
Oct 13 11:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.128.166  user=root
Oct 13 11:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10977]: Failed password for root from 124.198.128.166 port 39804 ssh2
Oct 13 11:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10977]: Connection closed by 124.198.128.166 port 39804 [preauth]
Oct 13 11:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10708]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 11:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: Failed password for root from 194.182.86.152 port 54752 ssh2
Oct 13 11:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: Connection closed by 194.182.86.152 port 54752 [preauth]
Oct 13 11:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9600]: pam_unix(cron:session): session closed for user root
Oct 13 11:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: Invalid user admin from 196.251.80.27
Oct 13 11:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: input_userauth_request: invalid user admin [preauth]
Oct 13 11:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: Failed password for invalid user admin from 196.251.80.27 port 35646 ssh2
Oct 13 11:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: Connection closed by 196.251.80.27 port 35646 [preauth]
Oct 13 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11160]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11157]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11158]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11154]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11154]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11232]: Successful su for rubyman by root
Oct 13 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11232]: + ??? root:rubyman
Oct 13 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404640 of user rubyman.
Oct 13 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11232]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404640.
Oct 13 11:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7364]: pam_unix(cron:session): session closed for user root
Oct 13 11:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11157]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: Invalid user dspace from 196.251.80.27
Oct 13 11:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: input_userauth_request: invalid user dspace [preauth]
Oct 13 11:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10227]: pam_unix(cron:session): session closed for user root
Oct 13 11:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: Failed password for invalid user dspace from 196.251.80.27 port 52928 ssh2
Oct 13 11:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: Connection closed by 196.251.80.27 port 52928 [preauth]
Oct 13 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11638]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11649]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11648]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11647]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11646]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11637]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11649]: pam_unix(cron:session): session closed for user root
Oct 13 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11637]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11813]: Successful su for rubyman by root
Oct 13 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11813]: + ??? root:rubyman
Oct 13 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404649 of user rubyman.
Oct 13 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11813]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404649.
Oct 13 11:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11646]: pam_unix(cron:session): session closed for user root
Oct 13 11:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7842]: pam_unix(cron:session): session closed for user root
Oct 13 11:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: Did not receive identification string from 80.211.129.128
Oct 13 11:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11638]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12096]: Invalid user dspace from 196.251.80.27
Oct 13 11:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12096]: input_userauth_request: invalid user dspace [preauth]
Oct 13 11:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12096]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12096]: Failed password for invalid user dspace from 196.251.80.27 port 41902 ssh2
Oct 13 11:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12096]: Connection closed by 196.251.80.27 port 41902 [preauth]
Oct 13 11:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 11:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: Failed password for root from 194.182.86.152 port 54194 ssh2
Oct 13 11:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: Connection closed by 194.182.86.152 port 54194 [preauth]
Oct 13 11:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Invalid user  from 43.163.97.137
Oct 13 11:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: input_userauth_request: invalid user  [preauth]
Oct 13 11:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10710]: pam_unix(cron:session): session closed for user root
Oct 13 11:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Connection closed by 43.163.97.137 port 14980 [preauth]
Oct 13 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12254]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12255]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12251]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12251]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12332]: Successful su for rubyman by root
Oct 13 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12332]: + ??? root:rubyman
Oct 13 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404650 of user rubyman.
Oct 13 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12332]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404650.
Oct 13 11:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12514]: Invalid user dspace from 196.251.80.27
Oct 13 11:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12514]: input_userauth_request: invalid user dspace [preauth]
Oct 13 11:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12514]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8956]: pam_unix(cron:session): session closed for user root
Oct 13 11:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12514]: Failed password for invalid user dspace from 196.251.80.27 port 58652 ssh2
Oct 13 11:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12514]: Connection closed by 196.251.80.27 port 58652 [preauth]
Oct 13 11:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12253]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11160]: pam_unix(cron:session): session closed for user root
Oct 13 11:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: Invalid user dspace from 196.251.80.27
Oct 13 11:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: input_userauth_request: invalid user dspace [preauth]
Oct 13 11:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12755]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12756]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12753]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: Failed password for invalid user dspace from 196.251.80.27 port 47374 ssh2
Oct 13 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: Connection closed by 196.251.80.27 port 47374 [preauth]
Oct 13 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12828]: Successful su for rubyman by root
Oct 13 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12828]: + ??? root:rubyman
Oct 13 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404654 of user rubyman.
Oct 13 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12828]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404654.
Oct 13 11:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 11:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9599]: pam_unix(cron:session): session closed for user root
Oct 13 11:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: Failed password for root from 194.182.86.152 port 59972 ssh2
Oct 13 11:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: Connection closed by 194.182.86.152 port 59972 [preauth]
Oct 13 11:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12754]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11648]: pam_unix(cron:session): session closed for user root
Oct 13 11:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: Invalid user dspace from 196.251.80.27
Oct 13 11:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: input_userauth_request: invalid user dspace [preauth]
Oct 13 11:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: Failed password for invalid user dspace from 196.251.80.27 port 35592 ssh2
Oct 13 11:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: Connection closed by 196.251.80.27 port 35592 [preauth]
Oct 13 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13359]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13357]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13441]: Successful su for rubyman by root
Oct 13 11:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13441]: + ??? root:rubyman
Oct 13 11:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404659 of user rubyman.
Oct 13 11:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13441]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404659.
Oct 13 11:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10226]: pam_unix(cron:session): session closed for user root
Oct 13 11:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13356]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: Invalid user dspace from 196.251.80.27
Oct 13 11:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: input_userauth_request: invalid user dspace [preauth]
Oct 13 11:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: Failed password for invalid user dspace from 196.251.80.27 port 51958 ssh2
Oct 13 11:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: Connection closed by 196.251.80.27 port 51958 [preauth]
Oct 13 11:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12255]: pam_unix(cron:session): session closed for user root
Oct 13 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13854]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13853]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13848]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13919]: Successful su for rubyman by root
Oct 13 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13919]: + ??? root:rubyman
Oct 13 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404664 of user rubyman.
Oct 13 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13919]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404664.
Oct 13 11:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10709]: pam_unix(cron:session): session closed for user root
Oct 13 11:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13849]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Invalid user dspace from 196.251.80.27
Oct 13 11:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: input_userauth_request: invalid user dspace [preauth]
Oct 13 11:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Failed password for invalid user dspace from 196.251.80.27 port 39846 ssh2
Oct 13 11:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Connection closed by 196.251.80.27 port 39846 [preauth]
Oct 13 11:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14267]: Did not receive identification string from 80.211.129.128
Oct 13 11:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12756]: pam_unix(cron:session): session closed for user root
Oct 13 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14380]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14378]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14377]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14381]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14381]: pam_unix(cron:session): session closed for user root
Oct 13 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14375]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14451]: Successful su for rubyman by root
Oct 13 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14451]: + ??? root:rubyman
Oct 13 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404666 of user rubyman.
Oct 13 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14451]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404666.
Oct 13 11:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14377]: pam_unix(cron:session): session closed for user root
Oct 13 11:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11158]: pam_unix(cron:session): session closed for user root
Oct 13 11:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14671]: Invalid user dspace from 196.251.80.27
Oct 13 11:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14671]: input_userauth_request: invalid user dspace [preauth]
Oct 13 11:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14671]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14671]: Failed password for invalid user dspace from 196.251.80.27 port 55712 ssh2
Oct 13 11:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14671]: Connection closed by 196.251.80.27 port 55712 [preauth]
Oct 13 11:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14376]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.171.177  user=root
Oct 13 11:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: Failed password for root from 94.177.171.177 port 57440 ssh2
Oct 13 11:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: Connection closed by 94.177.171.177 port 57440 [preauth]
Oct 13 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13359]: pam_unix(cron:session): session closed for user root
Oct 13 11:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: Invalid user ttuser from 164.68.105.9
Oct 13 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: input_userauth_request: invalid user ttuser [preauth]
Oct 13 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 11:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: Failed password for invalid user ttuser from 164.68.105.9 port 57264 ssh2
Oct 13 11:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: Connection closed by 164.68.105.9 port 57264 [preauth]
Oct 13 11:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14854]: Invalid user bert from 190.103.202.7
Oct 13 11:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14854]: input_userauth_request: invalid user bert [preauth]
Oct 13 11:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14854]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 13 11:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14854]: Failed password for invalid user bert from 190.103.202.7 port 55758 ssh2
Oct 13 11:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14854]: Connection closed by 190.103.202.7 port 55758 [preauth]
Oct 13 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14885]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14886]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14883]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: Invalid user dspace from 196.251.80.27
Oct 13 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: input_userauth_request: invalid user dspace [preauth]
Oct 13 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14969]: Successful su for rubyman by root
Oct 13 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14969]: + ??? root:rubyman
Oct 13 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14969]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404674 of user rubyman.
Oct 13 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14969]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404674.
Oct 13 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: Failed password for invalid user dspace from 196.251.80.27 port 43520 ssh2
Oct 13 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14881]: Connection closed by 196.251.80.27 port 43520 [preauth]
Oct 13 11:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11647]: pam_unix(cron:session): session closed for user root
Oct 13 11:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14884]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13854]: pam_unix(cron:session): session closed for user root
Oct 13 11:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15425]: Invalid user dspace from 196.251.80.27
Oct 13 11:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15425]: input_userauth_request: invalid user dspace [preauth]
Oct 13 11:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15425]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15425]: Failed password for invalid user dspace from 196.251.80.27 port 58854 ssh2
Oct 13 11:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15425]: Connection closed by 196.251.80.27 port 58854 [preauth]
Oct 13 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15448]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15447]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15445]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15514]: Successful su for rubyman by root
Oct 13 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15514]: + ??? root:rubyman
Oct 13 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404677 of user rubyman.
Oct 13 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15514]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404677.
Oct 13 11:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12254]: pam_unix(cron:session): session closed for user root
Oct 13 11:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15446]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: Invalid user dspace from 196.251.80.27
Oct 13 11:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: input_userauth_request: invalid user dspace [preauth]
Oct 13 11:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: Failed password for invalid user dspace from 196.251.80.27 port 44600 ssh2
Oct 13 11:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: Connection closed by 196.251.80.27 port 44600 [preauth]
Oct 13 11:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14380]: pam_unix(cron:session): session closed for user root
Oct 13 11:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 11:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Failed password for root from 80.211.129.128 port 49486 ssh2
Oct 13 11:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Connection closed by 80.211.129.128 port 49486 [preauth]
Oct 13 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15901]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15900]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15898]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15964]: Successful su for rubyman by root
Oct 13 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15964]: + ??? root:rubyman
Oct 13 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404680 of user rubyman.
Oct 13 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15964]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404680.
Oct 13 11:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12755]: pam_unix(cron:session): session closed for user root
Oct 13 11:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15899]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: Invalid user dspace from 196.251.80.27
Oct 13 11:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: input_userauth_request: invalid user dspace [preauth]
Oct 13 11:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: Failed password for invalid user dspace from 196.251.80.27 port 33090 ssh2
Oct 13 11:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: Connection closed by 196.251.80.27 port 33090 [preauth]
Oct 13 11:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 11:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: Failed password for root from 194.182.86.152 port 41324 ssh2
Oct 13 11:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: Connection closed by 194.182.86.152 port 41324 [preauth]
Oct 13 11:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14886]: pam_unix(cron:session): session closed for user root
Oct 13 11:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 11:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=abaramo@omarabas.com@198.199.94.12 rhost=::ffff:79.124.49.146
Oct 13 11:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 11:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=abaramo@omarabas.com rhost=::ffff:79.124.49.146
Oct 13 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16375]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16374]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16372]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16452]: Successful su for rubyman by root
Oct 13 11:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16452]: + ??? root:rubyman
Oct 13 11:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404684 of user rubyman.
Oct 13 11:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16452]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404684.
Oct 13 11:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13357]: pam_unix(cron:session): session closed for user root
Oct 13 11:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Invalid user odoo from 196.251.80.27
Oct 13 11:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: input_userauth_request: invalid user odoo [preauth]
Oct 13 11:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Failed password for invalid user odoo from 196.251.80.27 port 48210 ssh2
Oct 13 11:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Connection closed by 196.251.80.27 port 48210 [preauth]
Oct 13 11:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16373]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15448]: pam_unix(cron:session): session closed for user root
Oct 13 11:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: Invalid user ttuser from 164.68.105.9
Oct 13 11:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: input_userauth_request: invalid user ttuser [preauth]
Oct 13 11:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 11:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: Failed password for invalid user ttuser from 164.68.105.9 port 57260 ssh2
Oct 13 11:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: Connection closed by 164.68.105.9 port 57260 [preauth]
Oct 13 11:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: Invalid user odoo from 196.251.80.27
Oct 13 11:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: input_userauth_request: invalid user odoo [preauth]
Oct 13 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16850]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16846]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16848]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16847]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16850]: pam_unix(cron:session): session closed for user root
Oct 13 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16843]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16921]: Successful su for rubyman by root
Oct 13 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16921]: + ??? root:rubyman
Oct 13 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404692 of user rubyman.
Oct 13 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16921]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404692.
Oct 13 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: Failed password for invalid user odoo from 196.251.80.27 port 34708 ssh2
Oct 13 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: Connection closed by 196.251.80.27 port 34708 [preauth]
Oct 13 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16846]: pam_unix(cron:session): session closed for user root
Oct 13 11:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13853]: pam_unix(cron:session): session closed for user root
Oct 13 11:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16844]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15901]: pam_unix(cron:session): session closed for user root
Oct 13 11:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Invalid user odoo from 196.251.80.27
Oct 13 11:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: input_userauth_request: invalid user odoo [preauth]
Oct 13 11:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Failed password for invalid user odoo from 196.251.80.27 port 49306 ssh2
Oct 13 11:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Connection closed by 196.251.80.27 port 49306 [preauth]
Oct 13 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17343]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17344]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17337]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17428]: Successful su for rubyman by root
Oct 13 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17428]: + ??? root:rubyman
Oct 13 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404695 of user rubyman.
Oct 13 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17428]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404695.
Oct 13 11:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14378]: pam_unix(cron:session): session closed for user root
Oct 13 11:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17339]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17742]: Invalid user odoo from 196.251.80.27
Oct 13 11:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17742]: input_userauth_request: invalid user odoo [preauth]
Oct 13 11:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17742]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16375]: pam_unix(cron:session): session closed for user root
Oct 13 11:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17742]: Failed password for invalid user odoo from 196.251.80.27 port 35698 ssh2
Oct 13 11:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17742]: Connection closed by 196.251.80.27 port 35698 [preauth]
Oct 13 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17888]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17887]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17886]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17885]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17963]: Successful su for rubyman by root
Oct 13 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17963]: + ??? root:rubyman
Oct 13 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17963]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404699 of user rubyman.
Oct 13 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17963]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404699.
Oct 13 11:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14885]: pam_unix(cron:session): session closed for user root
Oct 13 11:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17886]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: Invalid user odoo from 196.251.80.27
Oct 13 11:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: input_userauth_request: invalid user odoo [preauth]
Oct 13 11:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: Failed password for invalid user odoo from 196.251.80.27 port 49388 ssh2
Oct 13 11:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: Connection closed by 196.251.80.27 port 49388 [preauth]
Oct 13 11:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16848]: pam_unix(cron:session): session closed for user root
Oct 13 11:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 11:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: Failed password for root from 194.182.86.152 port 60688 ssh2
Oct 13 11:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: Connection closed by 194.182.86.152 port 60688 [preauth]
Oct 13 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18591]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18590]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18588]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18677]: Successful su for rubyman by root
Oct 13 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18677]: + ??? root:rubyman
Oct 13 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404703 of user rubyman.
Oct 13 11:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18677]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404703.
Oct 13 11:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15447]: pam_unix(cron:session): session closed for user root
Oct 13 11:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: Invalid user odoo from 196.251.80.27
Oct 13 11:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: input_userauth_request: invalid user odoo [preauth]
Oct 13 11:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: Failed password for invalid user odoo from 196.251.80.27 port 35324 ssh2
Oct 13 11:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: Connection closed by 196.251.80.27 port 35324 [preauth]
Oct 13 11:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18589]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: Did not receive identification string from 80.211.129.128
Oct 13 11:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17344]: pam_unix(cron:session): session closed for user root
Oct 13 11:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 11:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19183]: Failed password for root from 194.182.86.152 port 50430 ssh2
Oct 13 11:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19183]: Connection closed by 194.182.86.152 port 50430 [preauth]
Oct 13 11:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: Invalid user odoo from 196.251.80.27
Oct 13 11:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: input_userauth_request: invalid user odoo [preauth]
Oct 13 11:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19208]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19207]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19203]: pam_unix(cron:session): session closed for user p13x
Oct 13 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: Failed password for invalid user odoo from 196.251.80.27 port 49324 ssh2
Oct 13 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: Connection closed by 196.251.80.27 port 49324 [preauth]
Oct 13 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19312]: Successful su for rubyman by root
Oct 13 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19312]: + ??? root:rubyman
Oct 13 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19312]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404706 of user rubyman.
Oct 13 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19312]: pam_unix(su:session): session closed for user rubyman
Oct 13 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404706.
Oct 13 11:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15900]: pam_unix(cron:session): session closed for user root
Oct 13 11:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19204]: pam_unix(cron:session): session closed for user samftp
Oct 13 11:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17888]: pam_unix(cron:session): session closed for user root
Oct 13 11:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 11:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19972]: Invalid user odoo from 196.251.80.27
Oct 13 11:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19972]: input_userauth_request: invalid user odoo [preauth]
Oct 13 11:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19972]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 11:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 11:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19972]: Failed password for invalid user odoo from 196.251.80.27 port 34304 ssh2
Oct 13 11:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19972]: Connection closed by 196.251.80.27 port 34304 [preauth]
Oct 13 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20036]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20035]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20038]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20040]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20037]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20035]: pam_unix(cron:session): session closed for user root
Oct 13 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20040]: pam_unix(cron:session): session closed for user root
Oct 13 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20032]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[20173]: Successful su for rubyman by root
Oct 13 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[20173]: + ??? root:rubyman
Oct 13 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[20173]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404715 of user rubyman.
Oct 13 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[20173]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404715.
Oct 13 12:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16374]: pam_unix(cron:session): session closed for user root
Oct 13 12:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20036]: pam_unix(cron:session): session closed for user root
Oct 13 12:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20033]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20522]: Invalid user odoo from 196.251.80.27
Oct 13 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20522]: input_userauth_request: invalid user odoo [preauth]
Oct 13 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20522]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20522]: Failed password for invalid user odoo from 196.251.80.27 port 47730 ssh2
Oct 13 12:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20522]: Connection closed by 196.251.80.27 port 47730 [preauth]
Oct 13 12:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18591]: pam_unix(cron:session): session closed for user root
Oct 13 12:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: Invalid user user from 2.57.121.112
Oct 13 12:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: input_userauth_request: invalid user user [preauth]
Oct 13 12:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 12:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: Failed password for invalid user user from 2.57.121.112 port 64359 ssh2
Oct 13 12:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: Failed password for invalid user user from 2.57.121.112 port 64359 ssh2
Oct 13 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: Failed password for invalid user user from 2.57.121.112 port 64359 ssh2
Oct 13 12:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: Failed password for invalid user user from 2.57.121.112 port 64359 ssh2
Oct 13 12:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: Failed password for invalid user user from 2.57.121.112 port 64359 ssh2
Oct 13 12:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: Received disconnect from 2.57.121.112 port 64359:11: Bye [preauth]
Oct 13 12:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: Disconnected from 2.57.121.112 port 64359 [preauth]
Oct 13 12:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 12:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20603]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20659]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20658]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20656]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20744]: Successful su for rubyman by root
Oct 13 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20744]: + ??? root:rubyman
Oct 13 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404719 of user rubyman.
Oct 13 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20744]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404719.
Oct 13 12:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20732]: Failed password for root from 194.182.86.152 port 40848 ssh2
Oct 13 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20732]: Connection closed by 194.182.86.152 port 40848 [preauth]
Oct 13 12:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16847]: pam_unix(cron:session): session closed for user root
Oct 13 12:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20657]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20998]: Invalid user odoo from 196.251.80.27
Oct 13 12:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20998]: input_userauth_request: invalid user odoo [preauth]
Oct 13 12:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20998]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20998]: Failed password for invalid user odoo from 196.251.80.27 port 60618 ssh2
Oct 13 12:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20998]: Connection closed by 196.251.80.27 port 60618 [preauth]
Oct 13 12:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19208]: pam_unix(cron:session): session closed for user root
Oct 13 12:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21103]: Did not receive identification string from 183.91.2.158
Oct 13 12:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21109]: Did not receive identification string from 183.91.2.158
Oct 13 12:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21140]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21141]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21138]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21204]: Successful su for rubyman by root
Oct 13 12:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21204]: + ??? root:rubyman
Oct 13 12:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404721 of user rubyman.
Oct 13 12:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21204]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404721.
Oct 13 12:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17343]: pam_unix(cron:session): session closed for user root
Oct 13 12:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: Invalid user odoo from 196.251.80.27
Oct 13 12:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: input_userauth_request: invalid user odoo [preauth]
Oct 13 12:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: Failed password for invalid user odoo from 196.251.80.27 port 45086 ssh2
Oct 13 12:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: Connection closed by 196.251.80.27 port 45086 [preauth]
Oct 13 12:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21139]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Invalid user superroot from 183.91.2.158
Oct 13 12:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: input_userauth_request: invalid user superroot [preauth]
Oct 13 12:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.91.2.158
Oct 13 12:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Failed password for invalid user superroot from 183.91.2.158 port 34387 ssh2
Oct 13 12:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Connection closed by 183.91.2.158 port 34387 [preauth]
Oct 13 12:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20038]: pam_unix(cron:session): session closed for user root
Oct 13 12:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21645]: Invalid user odoo from 196.251.80.27
Oct 13 12:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21645]: input_userauth_request: invalid user odoo [preauth]
Oct 13 12:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21645]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21645]: Failed password for invalid user odoo from 196.251.80.27 port 58260 ssh2
Oct 13 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21645]: Connection closed by 196.251.80.27 port 58260 [preauth]
Oct 13 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21653]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21655]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21651]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21727]: Successful su for rubyman by root
Oct 13 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21727]: + ??? root:rubyman
Oct 13 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404725 of user rubyman.
Oct 13 12:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21727]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404725.
Oct 13 12:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17887]: pam_unix(cron:session): session closed for user root
Oct 13 12:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21652]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20659]: pam_unix(cron:session): session closed for user root
Oct 13 12:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: Invalid user test from 196.251.80.27
Oct 13 12:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: input_userauth_request: invalid user test [preauth]
Oct 13 12:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: Failed password for invalid user test from 196.251.80.27 port 41670 ssh2
Oct 13 12:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: Connection closed by 196.251.80.27 port 41670 [preauth]
Oct 13 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22134]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22135]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22128]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22239]: Successful su for rubyman by root
Oct 13 12:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22239]: + ??? root:rubyman
Oct 13 12:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404729 of user rubyman.
Oct 13 12:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22239]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404729.
Oct 13 12:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18590]: pam_unix(cron:session): session closed for user root
Oct 13 12:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22129]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: Invalid user test from 196.251.80.27
Oct 13 12:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: input_userauth_request: invalid user test [preauth]
Oct 13 12:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: Failed password for invalid user test from 196.251.80.27 port 53612 ssh2
Oct 13 12:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: Connection closed by 196.251.80.27 port 53612 [preauth]
Oct 13 12:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21141]: pam_unix(cron:session): session closed for user root
Oct 13 12:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.61.185.190  user=root
Oct 13 12:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22600]: Failed password for root from 45.61.185.190 port 43436 ssh2
Oct 13 12:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22600]: Connection closed by 45.61.185.190 port 43436 [preauth]
Oct 13 12:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.61.185.190  user=root
Oct 13 12:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22602]: Failed password for root from 45.61.185.190 port 58404 ssh2
Oct 13 12:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22602]: Connection closed by 45.61.185.190 port 58404 [preauth]
Oct 13 12:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.61.185.190  user=root
Oct 13 12:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: Failed password for root from 45.61.185.190 port 58408 ssh2
Oct 13 12:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: Connection closed by 45.61.185.190 port 58408 [preauth]
Oct 13 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22625]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22626]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22623]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22624]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22621]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22620]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22626]: pam_unix(cron:session): session closed for user root
Oct 13 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22620]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22908]: Successful su for rubyman by root
Oct 13 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22908]: + ??? root:rubyman
Oct 13 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404735 of user rubyman.
Oct 13 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22908]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404735.
Oct 13 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.61.185.190  user=root
Oct 13 12:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Failed password for root from 45.61.185.190 port 58424 ssh2
Oct 13 12:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Connection closed by 45.61.185.190 port 58424 [preauth]
Oct 13 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23161]: Connection closed by 45.61.185.190 port 39434 [preauth]
Oct 13 12:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22623]: pam_unix(cron:session): session closed for user root
Oct 13 12:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19207]: pam_unix(cron:session): session closed for user root
Oct 13 12:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22621]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Invalid user test from 196.251.80.27
Oct 13 12:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: input_userauth_request: invalid user test [preauth]
Oct 13 12:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Failed password for invalid user test from 196.251.80.27 port 39714 ssh2
Oct 13 12:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Connection closed by 196.251.80.27 port 39714 [preauth]
Oct 13 12:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21655]: pam_unix(cron:session): session closed for user root
Oct 13 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23842]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23845]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23841]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23840]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23840]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23930]: Successful su for rubyman by root
Oct 13 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23930]: + ??? root:rubyman
Oct 13 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23930]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404741 of user rubyman.
Oct 13 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23930]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404741.
Oct 13 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: Invalid user test from 196.251.80.27
Oct 13 12:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: input_userauth_request: invalid user test [preauth]
Oct 13 12:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: Failed password for invalid user test from 196.251.80.27 port 50888 ssh2
Oct 13 12:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: Connection closed by 196.251.80.27 port 50888 [preauth]
Oct 13 12:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20037]: pam_unix(cron:session): session closed for user root
Oct 13 12:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23841]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22135]: pam_unix(cron:session): session closed for user root
Oct 13 12:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24336]: Invalid user test from 196.251.80.27
Oct 13 12:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24336]: input_userauth_request: invalid user test [preauth]
Oct 13 12:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24336]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24336]: Failed password for invalid user test from 196.251.80.27 port 35414 ssh2
Oct 13 12:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24336]: Connection closed by 196.251.80.27 port 35414 [preauth]
Oct 13 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24381]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24380]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24378]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24457]: Successful su for rubyman by root
Oct 13 12:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24457]: + ??? root:rubyman
Oct 13 12:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404743 of user rubyman.
Oct 13 12:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24457]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404743.
Oct 13 12:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24572]: Invalid user bert from 190.103.202.7
Oct 13 12:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24572]: input_userauth_request: invalid user bert [preauth]
Oct 13 12:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24572]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 13 12:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24572]: Failed password for invalid user bert from 190.103.202.7 port 46750 ssh2
Oct 13 12:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20658]: pam_unix(cron:session): session closed for user root
Oct 13 12:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24572]: Connection closed by 190.103.202.7 port 46750 [preauth]
Oct 13 12:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24379]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: Invalid user test from 196.251.80.27
Oct 13 12:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: input_userauth_request: invalid user test [preauth]
Oct 13 12:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22625]: pam_unix(cron:session): session closed for user root
Oct 13 12:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: Failed password for invalid user test from 196.251.80.27 port 47440 ssh2
Oct 13 12:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: Connection closed by 196.251.80.27 port 47440 [preauth]
Oct 13 12:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: Invalid user chris from 20.163.71.109
Oct 13 12:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: input_userauth_request: invalid user chris [preauth]
Oct 13 12:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 13 12:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: Failed password for invalid user chris from 20.163.71.109 port 34004 ssh2
Oct 13 12:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: Connection closed by 20.163.71.109 port 34004 [preauth]
Oct 13 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24871]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24872]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24867]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24941]: Successful su for rubyman by root
Oct 13 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24941]: + ??? root:rubyman
Oct 13 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24941]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404747 of user rubyman.
Oct 13 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24941]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404747.
Oct 13 12:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21140]: pam_unix(cron:session): session closed for user root
Oct 13 12:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24868]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25261]: Invalid user test from 196.251.80.27
Oct 13 12:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25261]: input_userauth_request: invalid user test [preauth]
Oct 13 12:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25261]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25261]: Failed password for invalid user test from 196.251.80.27 port 59392 ssh2
Oct 13 12:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 12:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25261]: Connection closed by 196.251.80.27 port 59392 [preauth]
Oct 13 12:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: Failed password for root from 194.182.86.152 port 47026 ssh2
Oct 13 12:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: Connection closed by 194.182.86.152 port 47026 [preauth]
Oct 13 12:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23845]: pam_unix(cron:session): session closed for user root
Oct 13 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25601]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25602]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25597]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25764]: Successful su for rubyman by root
Oct 13 12:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25764]: + ??? root:rubyman
Oct 13 12:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404753 of user rubyman.
Oct 13 12:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25764]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404753.
Oct 13 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25597]: pam_unix(cron:session): session closed for user root
Oct 13 12:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21653]: pam_unix(cron:session): session closed for user root
Oct 13 12:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26070]: Invalid user test from 196.251.80.27
Oct 13 12:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26070]: input_userauth_request: invalid user test [preauth]
Oct 13 12:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26070]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26070]: Failed password for invalid user test from 196.251.80.27 port 42814 ssh2
Oct 13 12:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26070]: Connection closed by 196.251.80.27 port 42814 [preauth]
Oct 13 12:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25600]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24381]: pam_unix(cron:session): session closed for user root
Oct 13 12:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: Invalid user test from 196.251.80.27
Oct 13 12:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: input_userauth_request: invalid user test [preauth]
Oct 13 12:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26272]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26270]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26271]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26266]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26265]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26272]: pam_unix(cron:session): session closed for user root
Oct 13 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: Failed password for invalid user test from 196.251.80.27 port 54730 ssh2
Oct 13 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26264]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: Connection closed by 196.251.80.27 port 54730 [preauth]
Oct 13 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[26367]: Successful su for rubyman by root
Oct 13 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[26367]: + ??? root:rubyman
Oct 13 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[26367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404761 of user rubyman.
Oct 13 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[26367]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404761.
Oct 13 12:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26266]: pam_unix(cron:session): session closed for user root
Oct 13 12:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22134]: pam_unix(cron:session): session closed for user root
Oct 13 12:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26265]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24872]: pam_unix(cron:session): session closed for user root
Oct 13 12:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26873]: Invalid user test from 196.251.80.27
Oct 13 12:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26873]: input_userauth_request: invalid user test [preauth]
Oct 13 12:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26873]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26873]: Failed password for invalid user test from 196.251.80.27 port 37826 ssh2
Oct 13 12:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26873]: Connection closed by 196.251.80.27 port 37826 [preauth]
Oct 13 12:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 12:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26879]: Failed password for root from 80.211.129.128 port 58968 ssh2
Oct 13 12:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26879]: Connection closed by 80.211.129.128 port 58968 [preauth]
Oct 13 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26956]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26957]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26952]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27189]: Successful su for rubyman by root
Oct 13 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27189]: + ??? root:rubyman
Oct 13 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404762 of user rubyman.
Oct 13 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27189]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404762.
Oct 13 12:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 12:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27281]: Failed password for root from 194.182.86.152 port 60044 ssh2
Oct 13 12:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27281]: Connection closed by 194.182.86.152 port 60044 [preauth]
Oct 13 12:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22624]: pam_unix(cron:session): session closed for user root
Oct 13 12:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26955]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Invalid user test from 196.251.80.27
Oct 13 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: input_userauth_request: invalid user test [preauth]
Oct 13 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Failed password for invalid user test from 196.251.80.27 port 49098 ssh2
Oct 13 12:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Connection closed by 196.251.80.27 port 49098 [preauth]
Oct 13 12:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25602]: pam_unix(cron:session): session closed for user root
Oct 13 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27872]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27874]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27869]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27947]: Successful su for rubyman by root
Oct 13 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27947]: + ??? root:rubyman
Oct 13 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27947]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404767 of user rubyman.
Oct 13 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27947]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404767.
Oct 13 12:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23842]: pam_unix(cron:session): session closed for user root
Oct 13 12:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27871]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Invalid user test from 196.251.80.27
Oct 13 12:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: input_userauth_request: invalid user test [preauth]
Oct 13 12:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Failed password for invalid user test from 196.251.80.27 port 60880 ssh2
Oct 13 12:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Connection closed by 196.251.80.27 port 60880 [preauth]
Oct 13 12:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26271]: pam_unix(cron:session): session closed for user root
Oct 13 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28350]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28349]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28345]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28425]: Successful su for rubyman by root
Oct 13 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28425]: + ??? root:rubyman
Oct 13 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404771 of user rubyman.
Oct 13 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28425]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404771.
Oct 13 12:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28803]: Invalid user test from 196.251.80.27
Oct 13 12:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28803]: input_userauth_request: invalid user test [preauth]
Oct 13 12:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28803]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24380]: pam_unix(cron:session): session closed for user root
Oct 13 12:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28803]: Failed password for invalid user test from 196.251.80.27 port 43592 ssh2
Oct 13 12:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28803]: Connection closed by 196.251.80.27 port 43592 [preauth]
Oct 13 12:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28348]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26957]: pam_unix(cron:session): session closed for user root
Oct 13 12:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: Invalid user test from 196.251.80.27
Oct 13 12:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: input_userauth_request: invalid user test [preauth]
Oct 13 12:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: Failed password for invalid user test from 196.251.80.27 port 54824 ssh2
Oct 13 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29188]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29185]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29181]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29170]: Connection closed by 196.251.80.27 port 54824 [preauth]
Oct 13 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29261]: Successful su for rubyman by root
Oct 13 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29261]: + ??? root:rubyman
Oct 13 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404774 of user rubyman.
Oct 13 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29261]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404774.
Oct 13 12:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24871]: pam_unix(cron:session): session closed for user root
Oct 13 12:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29184]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: Invalid user admin from 2.57.121.112
Oct 13 12:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: input_userauth_request: invalid user admin [preauth]
Oct 13 12:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 12:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: Failed password for invalid user admin from 2.57.121.112 port 42529 ssh2
Oct 13 12:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: Failed password for invalid user admin from 2.57.121.112 port 42529 ssh2
Oct 13 12:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: Failed password for invalid user admin from 2.57.121.112 port 42529 ssh2
Oct 13 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: Failed password for invalid user admin from 2.57.121.112 port 42529 ssh2
Oct 13 12:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: Failed password for invalid user admin from 2.57.121.112 port 42529 ssh2
Oct 13 12:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: Received disconnect from 2.57.121.112 port 42529:11: Bye [preauth]
Oct 13 12:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: Disconnected from 2.57.121.112 port 42529 [preauth]
Oct 13 12:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 12:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 12:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27874]: pam_unix(cron:session): session closed for user root
Oct 13 12:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: Invalid user test from 196.251.80.27
Oct 13 12:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: input_userauth_request: invalid user test [preauth]
Oct 13 12:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: Failed password for invalid user test from 196.251.80.27 port 37438 ssh2
Oct 13 12:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29623]: Connection closed by 196.251.80.27 port 37438 [preauth]
Oct 13 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29678]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29680]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29681]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29679]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29681]: pam_unix(cron:session): session closed for user root
Oct 13 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29675]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29764]: Successful su for rubyman by root
Oct 13 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29764]: + ??? root:rubyman
Oct 13 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404780 of user rubyman.
Oct 13 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29764]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404780.
Oct 13 12:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29678]: pam_unix(cron:session): session closed for user root
Oct 13 12:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25601]: pam_unix(cron:session): session closed for user root
Oct 13 12:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29677]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: Invalid user test from 196.251.80.27
Oct 13 12:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: input_userauth_request: invalid user test [preauth]
Oct 13 12:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28350]: pam_unix(cron:session): session closed for user root
Oct 13 12:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: Failed password for invalid user test from 196.251.80.27 port 48510 ssh2
Oct 13 12:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: Connection closed by 196.251.80.27 port 48510 [preauth]
Oct 13 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30236]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30235]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30233]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30232]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30232]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30350]: Successful su for rubyman by root
Oct 13 12:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30350]: + ??? root:rubyman
Oct 13 12:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404785 of user rubyman.
Oct 13 12:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30350]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404785.
Oct 13 12:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: Invalid user gwendolyn from 2.57.121.112
Oct 13 12:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: input_userauth_request: invalid user gwendolyn [preauth]
Oct 13 12:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 12:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26270]: pam_unix(cron:session): session closed for user root
Oct 13 12:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: Failed password for invalid user gwendolyn from 2.57.121.112 port 63156 ssh2
Oct 13 12:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: Failed password for invalid user gwendolyn from 2.57.121.112 port 63156 ssh2
Oct 13 12:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30233]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: Failed password for invalid user gwendolyn from 2.57.121.112 port 63156 ssh2
Oct 13 12:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: Failed password for invalid user gwendolyn from 2.57.121.112 port 63156 ssh2
Oct 13 12:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: Invalid user test from 196.251.80.27
Oct 13 12:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: input_userauth_request: invalid user test [preauth]
Oct 13 12:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: Failed password for invalid user gwendolyn from 2.57.121.112 port 63156 ssh2
Oct 13 12:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: Received disconnect from 2.57.121.112 port 63156:11: Bye [preauth]
Oct 13 12:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: Disconnected from 2.57.121.112 port 63156 [preauth]
Oct 13 12:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 12:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 12:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: Failed password for invalid user test from 196.251.80.27 port 58062 ssh2
Oct 13 12:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: Connection closed by 196.251.80.27 port 58062 [preauth]
Oct 13 12:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29188]: pam_unix(cron:session): session closed for user root
Oct 13 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30828]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30827]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30823]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30823]: pam_unix(cron:session): session closed for user root
Oct 13 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30825]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30901]: Successful su for rubyman by root
Oct 13 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30901]: + ??? root:rubyman
Oct 13 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404790 of user rubyman.
Oct 13 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30901]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404790.
Oct 13 12:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: Invalid user test from 196.251.80.27
Oct 13 12:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: input_userauth_request: invalid user test [preauth]
Oct 13 12:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26956]: pam_unix(cron:session): session closed for user root
Oct 13 12:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: Failed password for invalid user test from 196.251.80.27 port 41586 ssh2
Oct 13 12:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: Connection closed by 196.251.80.27 port 41586 [preauth]
Oct 13 12:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30826]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29680]: pam_unix(cron:session): session closed for user root
Oct 13 12:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31267]: Did not receive identification string from 80.211.129.128
Oct 13 12:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Invalid user test from 196.251.80.27
Oct 13 12:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: input_userauth_request: invalid user test [preauth]
Oct 13 12:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Failed password for invalid user test from 196.251.80.27 port 51926 ssh2
Oct 13 12:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Connection closed by 196.251.80.27 port 51926 [preauth]
Oct 13 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31306]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31307]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31302]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31382]: Successful su for rubyman by root
Oct 13 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31382]: + ??? root:rubyman
Oct 13 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404794 of user rubyman.
Oct 13 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31382]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404794.
Oct 13 12:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27872]: pam_unix(cron:session): session closed for user root
Oct 13 12:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31304]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30236]: pam_unix(cron:session): session closed for user root
Oct 13 12:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: Invalid user test from 196.251.80.27
Oct 13 12:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: input_userauth_request: invalid user test [preauth]
Oct 13 12:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: Failed password for invalid user test from 196.251.80.27 port 34398 ssh2
Oct 13 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: Connection closed by 196.251.80.27 port 34398 [preauth]
Oct 13 12:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 12:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31831]: Failed password for root from 80.211.129.128 port 58092 ssh2
Oct 13 12:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31831]: Connection closed by 80.211.129.128 port 58092 [preauth]
Oct 13 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31932]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31931]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31927]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31926]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31926]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32005]: Successful su for rubyman by root
Oct 13 12:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32005]: + ??? root:rubyman
Oct 13 12:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404798 of user rubyman.
Oct 13 12:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32005]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404798.
Oct 13 12:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28349]: pam_unix(cron:session): session closed for user root
Oct 13 12:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31927]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: Invalid user oracle from 196.251.80.27
Oct 13 12:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: Failed password for invalid user oracle from 196.251.80.27 port 44574 ssh2
Oct 13 12:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: Connection closed by 196.251.80.27 port 44574 [preauth]
Oct 13 12:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32384]: Failed password for root from 194.182.86.152 port 46216 ssh2
Oct 13 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30828]: pam_unix(cron:session): session closed for user root
Oct 13 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32384]: Connection closed by 194.182.86.152 port 46216 [preauth]
Oct 13 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32472]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32471]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32470]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32469]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32472]: pam_unix(cron:session): session closed for user root
Oct 13 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32466]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32547]: Successful su for rubyman by root
Oct 13 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32547]: + ??? root:rubyman
Oct 13 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404802 of user rubyman.
Oct 13 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32547]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404802.
Oct 13 12:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32469]: pam_unix(cron:session): session closed for user root
Oct 13 12:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29185]: pam_unix(cron:session): session closed for user root
Oct 13 12:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: Invalid user oracle from 196.251.80.27
Oct 13 12:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: Failed password for invalid user oracle from 196.251.80.27 port 54310 ssh2
Oct 13 12:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32706]: Connection closed by 196.251.80.27 port 54310 [preauth]
Oct 13 12:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32468]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31307]: pam_unix(cron:session): session closed for user root
Oct 13 12:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: Invalid user oracle from 196.251.80.27
Oct 13 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: Failed password for invalid user oracle from 196.251.80.27 port 36184 ssh2
Oct 13 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[502]: Connection closed by 196.251.80.27 port 36184 [preauth]
Oct 13 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[518]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[519]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[515]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[592]: Successful su for rubyman by root
Oct 13 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[592]: + ??? root:rubyman
Oct 13 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404807 of user rubyman.
Oct 13 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[592]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404807.
Oct 13 12:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29679]: pam_unix(cron:session): session closed for user root
Oct 13 12:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[517]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31932]: pam_unix(cron:session): session closed for user root
Oct 13 12:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1018]: Invalid user oracle from 196.251.80.27
Oct 13 12:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1018]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1018]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 12:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1018]: Failed password for invalid user oracle from 196.251.80.27 port 45826 ssh2
Oct 13 12:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1020]: Failed password for root from 194.182.86.152 port 42660 ssh2
Oct 13 12:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1018]: Connection closed by 196.251.80.27 port 45826 [preauth]
Oct 13 12:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1020]: Connection closed by 194.182.86.152 port 42660 [preauth]
Oct 13 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1092]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1094]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1089]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1165]: Successful su for rubyman by root
Oct 13 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1165]: + ??? root:rubyman
Oct 13 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404812 of user rubyman.
Oct 13 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1165]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404812.
Oct 13 12:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30235]: pam_unix(cron:session): session closed for user root
Oct 13 12:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 12:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: Failed password for root from 194.182.86.152 port 33084 ssh2
Oct 13 12:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1091]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: Connection closed by 194.182.86.152 port 33084 [preauth]
Oct 13 12:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1466]: Invalid user oracle from 196.251.80.27
Oct 13 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1466]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1466]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1466]: Failed password for invalid user oracle from 196.251.80.27 port 55894 ssh2
Oct 13 12:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1466]: Connection closed by 196.251.80.27 port 55894 [preauth]
Oct 13 12:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32471]: pam_unix(cron:session): session closed for user root
Oct 13 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1579]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1580]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1577]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1661]: Successful su for rubyman by root
Oct 13 12:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1661]: + ??? root:rubyman
Oct 13 12:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404815 of user rubyman.
Oct 13 12:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1661]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404815.
Oct 13 12:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30827]: pam_unix(cron:session): session closed for user root
Oct 13 12:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: Invalid user oracle from 196.251.80.27
Oct 13 12:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: Failed password for invalid user oracle from 196.251.80.27 port 37560 ssh2
Oct 13 12:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: Connection closed by 196.251.80.27 port 37560 [preauth]
Oct 13 12:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1578]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[519]: pam_unix(cron:session): session closed for user root
Oct 13 12:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: Invalid user oracle from 196.251.80.27
Oct 13 12:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: Failed password for invalid user oracle from 196.251.80.27 port 47340 ssh2
Oct 13 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: Connection closed by 196.251.80.27 port 47340 [preauth]
Oct 13 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2163]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2165]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2162]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2161]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2161]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2242]: Successful su for rubyman by root
Oct 13 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2242]: + ??? root:rubyman
Oct 13 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404819 of user rubyman.
Oct 13 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2242]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404819.
Oct 13 12:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31306]: pam_unix(cron:session): session closed for user root
Oct 13 12:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2162]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1094]: pam_unix(cron:session): session closed for user root
Oct 13 12:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: Invalid user oracle from 196.251.80.27
Oct 13 12:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: Failed password for invalid user oracle from 196.251.80.27 port 56492 ssh2
Oct 13 12:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: Connection closed by 196.251.80.27 port 56492 [preauth]
Oct 13 12:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2624]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2623]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2621]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2622]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2624]: pam_unix(cron:session): session closed for user root
Oct 13 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2619]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 13 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2693]: Successful su for rubyman by root
Oct 13 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2693]: + ??? root:rubyman
Oct 13 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404824 of user rubyman.
Oct 13 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2693]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404824.
Oct 13 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: Failed password for root from 190.103.202.7 port 47374 ssh2
Oct 13 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: Connection closed by 190.103.202.7 port 47374 [preauth]
Oct 13 12:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2621]: pam_unix(cron:session): session closed for user root
Oct 13 12:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31931]: pam_unix(cron:session): session closed for user root
Oct 13 12:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Invalid user admin from 2.57.121.25
Oct 13 12:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: input_userauth_request: invalid user admin [preauth]
Oct 13 12:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 12:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2620]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Failed password for invalid user admin from 2.57.121.25 port 23339 ssh2
Oct 13 12:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Failed password for invalid user admin from 2.57.121.25 port 23339 ssh2
Oct 13 12:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Failed password for invalid user admin from 2.57.121.25 port 23339 ssh2
Oct 13 12:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Failed password for invalid user admin from 2.57.121.25 port 23339 ssh2
Oct 13 12:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Failed password for invalid user admin from 2.57.121.25 port 23339 ssh2
Oct 13 12:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Received disconnect from 2.57.121.25 port 23339:11: Bye [preauth]
Oct 13 12:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Disconnected from 2.57.121.25 port 23339 [preauth]
Oct 13 12:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 12:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 12:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2991]: Invalid user oracle from 196.251.80.27
Oct 13 12:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2991]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2991]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2991]: Failed password for invalid user oracle from 196.251.80.27 port 37872 ssh2
Oct 13 12:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2991]: Connection closed by 196.251.80.27 port 37872 [preauth]
Oct 13 12:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1580]: pam_unix(cron:session): session closed for user root
Oct 13 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3099]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3098]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3100]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3097]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3097]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3167]: Successful su for rubyman by root
Oct 13 12:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3167]: + ??? root:rubyman
Oct 13 12:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3167]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404831 of user rubyman.
Oct 13 12:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3167]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404831.
Oct 13 12:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32470]: pam_unix(cron:session): session closed for user root
Oct 13 12:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3098]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: Invalid user oracle from 196.251.80.27
Oct 13 12:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: Failed password for invalid user oracle from 196.251.80.27 port 48974 ssh2
Oct 13 12:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: Connection closed by 196.251.80.27 port 48974 [preauth]
Oct 13 12:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2165]: pam_unix(cron:session): session closed for user root
Oct 13 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3564]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3563]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3561]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3632]: Successful su for rubyman by root
Oct 13 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3632]: + ??? root:rubyman
Oct 13 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404833 of user rubyman.
Oct 13 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3632]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404833.
Oct 13 12:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: Invalid user oracle from 196.251.80.27
Oct 13 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: Failed password for invalid user oracle from 196.251.80.27 port 56386 ssh2
Oct 13 12:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: Connection closed by 196.251.80.27 port 56386 [preauth]
Oct 13 12:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[518]: pam_unix(cron:session): session closed for user root
Oct 13 12:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74  user=root
Oct 13 12:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3807]: Failed password for root from 78.128.112.74 port 35538 ssh2
Oct 13 12:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3807]: Connection closed by 78.128.112.74 port 35538 [preauth]
Oct 13 12:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3562]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3929]: Did not receive identification string from 80.211.129.128
Oct 13 12:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2623]: pam_unix(cron:session): session closed for user root
Oct 13 12:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.58.220.239  user=root
Oct 13 12:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3975]: Failed password for root from 31.58.220.239 port 55308 ssh2
Oct 13 12:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3975]: Connection closed by 31.58.220.239 port 55308 [preauth]
Oct 13 12:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: Invalid user oracle from 196.251.80.27
Oct 13 12:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: Failed password for invalid user oracle from 196.251.80.27 port 36712 ssh2
Oct 13 12:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: Connection closed by 196.251.80.27 port 36712 [preauth]
Oct 13 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4025]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4026]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4023]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4097]: Successful su for rubyman by root
Oct 13 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4097]: + ??? root:rubyman
Oct 13 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404838 of user rubyman.
Oct 13 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4097]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404838.
Oct 13 12:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1092]: pam_unix(cron:session): session closed for user root
Oct 13 12:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 12:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: Failed password for root from 194.182.86.152 port 59232 ssh2
Oct 13 12:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: Connection closed by 194.182.86.152 port 59232 [preauth]
Oct 13 12:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4024]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4447]: Invalid user oracle from 196.251.80.27
Oct 13 12:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4447]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4447]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3100]: pam_unix(cron:session): session closed for user root
Oct 13 12:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4447]: Failed password for invalid user oracle from 196.251.80.27 port 45586 ssh2
Oct 13 12:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4447]: Connection closed by 196.251.80.27 port 45586 [preauth]
Oct 13 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4527]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4526]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4523]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4523]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4634]: Successful su for rubyman by root
Oct 13 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4634]: + ??? root:rubyman
Oct 13 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404841 of user rubyman.
Oct 13 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4634]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404841.
Oct 13 12:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1579]: pam_unix(cron:session): session closed for user root
Oct 13 12:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 12:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4845]: Failed password for root from 194.182.86.152 port 41432 ssh2
Oct 13 12:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4845]: Connection closed by 194.182.86.152 port 41432 [preauth]
Oct 13 12:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4524]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: Invalid user oracle from 196.251.80.27
Oct 13 12:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: Failed password for invalid user oracle from 196.251.80.27 port 55130 ssh2
Oct 13 12:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: Connection closed by 196.251.80.27 port 55130 [preauth]
Oct 13 12:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3564]: pam_unix(cron:session): session closed for user root
Oct 13 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5526]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5528]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5527]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5524]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5528]: pam_unix(cron:session): session closed for user root
Oct 13 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5519]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5604]: Successful su for rubyman by root
Oct 13 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5604]: + ??? root:rubyman
Oct 13 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404848 of user rubyman.
Oct 13 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5604]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404848.
Oct 13 12:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Invalid user oracle from 196.251.80.27
Oct 13 12:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5524]: pam_unix(cron:session): session closed for user root
Oct 13 12:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Failed password for invalid user oracle from 196.251.80.27 port 36346 ssh2
Oct 13 12:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Connection closed by 196.251.80.27 port 36346 [preauth]
Oct 13 12:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2163]: pam_unix(cron:session): session closed for user root
Oct 13 12:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5520]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4026]: pam_unix(cron:session): session closed for user root
Oct 13 12:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Invalid user oracle from 196.251.80.27
Oct 13 12:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Failed password for invalid user oracle from 196.251.80.27 port 45406 ssh2
Oct 13 12:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Connection closed by 196.251.80.27 port 45406 [preauth]
Oct 13 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6036]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6037]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6033]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6109]: Successful su for rubyman by root
Oct 13 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6109]: + ??? root:rubyman
Oct 13 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6109]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404851 of user rubyman.
Oct 13 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6109]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404851.
Oct 13 12:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.58.220.239  user=root
Oct 13 12:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2622]: pam_unix(cron:session): session closed for user root
Oct 13 12:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: Failed password for root from 31.58.220.239 port 37058 ssh2
Oct 13 12:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6248]: Connection closed by 31.58.220.239 port 37058 [preauth]
Oct 13 12:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6034]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: Invalid user oracle from 196.251.80.27
Oct 13 12:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4527]: pam_unix(cron:session): session closed for user root
Oct 13 12:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: Failed password for invalid user oracle from 196.251.80.27 port 53784 ssh2
Oct 13 12:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: Connection closed by 196.251.80.27 port 53784 [preauth]
Oct 13 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6495]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6496]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6490]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6585]: Successful su for rubyman by root
Oct 13 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6585]: + ??? root:rubyman
Oct 13 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404858 of user rubyman.
Oct 13 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6585]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404858.
Oct 13 12:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3099]: pam_unix(cron:session): session closed for user root
Oct 13 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6491]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6911]: Invalid user oracle from 196.251.80.27
Oct 13 12:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6911]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6911]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6911]: Failed password for invalid user oracle from 196.251.80.27 port 34492 ssh2
Oct 13 12:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6911]: Connection closed by 196.251.80.27 port 34492 [preauth]
Oct 13 12:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 12:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6926]: Failed password for root from 194.182.86.152 port 34336 ssh2
Oct 13 12:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6926]: Connection closed by 194.182.86.152 port 34336 [preauth]
Oct 13 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5527]: pam_unix(cron:session): session closed for user root
Oct 13 12:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 12:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: Failed password for root from 194.182.86.152 port 40614 ssh2
Oct 13 12:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: Connection closed by 194.182.86.152 port 40614 [preauth]
Oct 13 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7054]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7055]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7052]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7218]: Successful su for rubyman by root
Oct 13 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7218]: + ??? root:rubyman
Oct 13 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404862 of user rubyman.
Oct 13 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7218]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404862.
Oct 13 12:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: Invalid user oracle from 196.251.80.27
Oct 13 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: Failed password for invalid user oracle from 196.251.80.27 port 43180 ssh2
Oct 13 12:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3563]: pam_unix(cron:session): session closed for user root
Oct 13 12:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: Connection closed by 196.251.80.27 port 43180 [preauth]
Oct 13 12:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Invalid user ali from 20.163.71.109
Oct 13 12:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: input_userauth_request: invalid user ali [preauth]
Oct 13 12:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 13 12:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Failed password for invalid user ali from 20.163.71.109 port 38918 ssh2
Oct 13 12:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Connection closed by 20.163.71.109 port 38918 [preauth]
Oct 13 12:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7053]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6037]: pam_unix(cron:session): session closed for user root
Oct 13 12:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.40.117.17  user=root
Oct 13 12:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: Failed password for root from 89.40.117.17 port 56924 ssh2
Oct 13 12:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7587]: Invalid user oracle from 196.251.80.27
Oct 13 12:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7587]: input_userauth_request: invalid user oracle [preauth]
Oct 13 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7587]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7587]: Failed password for invalid user oracle from 196.251.80.27 port 51608 ssh2
Oct 13 12:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7587]: Connection closed by 196.251.80.27 port 51608 [preauth]
Oct 13 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7607]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7606]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7603]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7680]: Successful su for rubyman by root
Oct 13 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7680]: + ??? root:rubyman
Oct 13 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404864 of user rubyman.
Oct 13 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7680]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404864.
Oct 13 12:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4025]: pam_unix(cron:session): session closed for user root
Oct 13 12:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7605]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Invalid user postgres from 196.251.80.27
Oct 13 12:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6496]: pam_unix(cron:session): session closed for user root
Oct 13 12:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Failed password for invalid user postgres from 196.251.80.27 port 60146 ssh2
Oct 13 12:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Connection closed by 196.251.80.27 port 60146 [preauth]
Oct 13 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8510]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8511]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8508]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8509]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8511]: pam_unix(cron:session): session closed for user root
Oct 13 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8505]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8593]: Successful su for rubyman by root
Oct 13 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8593]: + ??? root:rubyman
Oct 13 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404867 of user rubyman.
Oct 13 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8593]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404867.
Oct 13 12:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8508]: pam_unix(cron:session): session closed for user root
Oct 13 12:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4526]: pam_unix(cron:session): session closed for user root
Oct 13 12:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8506]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: Invalid user postgres from 196.251.80.27
Oct 13 12:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: Failed password for invalid user postgres from 196.251.80.27 port 40086 ssh2
Oct 13 12:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: Connection closed by 196.251.80.27 port 40086 [preauth]
Oct 13 12:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: Failed password for root from 5.231.70.68 port 58392 ssh2
Oct 13 12:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: Received disconnect from 5.231.70.68 port 58392:11: Bye Bye [preauth]
Oct 13 12:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9003]: Disconnected from 5.231.70.68 port 58392 [preauth]
Oct 13 12:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9010]: Failed password for root from 5.231.70.68 port 42886 ssh2
Oct 13 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9010]: Received disconnect from 5.231.70.68 port 42886:11: Bye Bye [preauth]
Oct 13 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9010]: Disconnected from 5.231.70.68 port 42886 [preauth]
Oct 13 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: Failed password for root from 5.231.70.68 port 42900 ssh2
Oct 13 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: Received disconnect from 5.231.70.68 port 42900:11: Bye Bye [preauth]
Oct 13 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9039]: Disconnected from 5.231.70.68 port 42900 [preauth]
Oct 13 12:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: Failed password for root from 5.231.70.68 port 42916 ssh2
Oct 13 12:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: Received disconnect from 5.231.70.68 port 42916:11: Bye Bye [preauth]
Oct 13 12:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: Disconnected from 5.231.70.68 port 42916 [preauth]
Oct 13 12:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7055]: pam_unix(cron:session): session closed for user root
Oct 13 12:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: Failed password for root from 5.231.70.68 port 45678 ssh2
Oct 13 12:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: Received disconnect from 5.231.70.68 port 45678:11: Bye Bye [preauth]
Oct 13 12:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9067]: Disconnected from 5.231.70.68 port 45678 [preauth]
Oct 13 12:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9078]: Failed password for root from 5.231.70.68 port 45692 ssh2
Oct 13 12:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9078]: Received disconnect from 5.231.70.68 port 45692:11: Bye Bye [preauth]
Oct 13 12:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9078]: Disconnected from 5.231.70.68 port 45692 [preauth]
Oct 13 12:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9094]: Failed password for root from 5.231.70.68 port 45706 ssh2
Oct 13 12:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9094]: Received disconnect from 5.231.70.68 port 45706:11: Bye Bye [preauth]
Oct 13 12:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9094]: Disconnected from 5.231.70.68 port 45706 [preauth]
Oct 13 12:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9098]: Failed password for root from 5.231.70.68 port 45710 ssh2
Oct 13 12:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9098]: Received disconnect from 5.231.70.68 port 45710:11: Bye Bye [preauth]
Oct 13 12:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9098]: Disconnected from 5.231.70.68 port 45710 [preauth]
Oct 13 12:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9123]: Failed password for root from 5.231.70.68 port 34684 ssh2
Oct 13 12:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9123]: Received disconnect from 5.231.70.68 port 34684:11: Bye Bye [preauth]
Oct 13 12:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9123]: Disconnected from 5.231.70.68 port 34684 [preauth]
Oct 13 12:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: Failed password for root from 5.231.70.68 port 34696 ssh2
Oct 13 12:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: Received disconnect from 5.231.70.68 port 34696:11: Bye Bye [preauth]
Oct 13 12:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9135]: Disconnected from 5.231.70.68 port 34696 [preauth]
Oct 13 12:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9237]: Failed password for root from 5.231.70.68 port 34698 ssh2
Oct 13 12:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9237]: Received disconnect from 5.231.70.68 port 34698:11: Bye Bye [preauth]
Oct 13 12:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9237]: Disconnected from 5.231.70.68 port 34698 [preauth]
Oct 13 12:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9259]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9258]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9256]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9346]: Successful su for rubyman by root
Oct 13 12:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9346]: + ??? root:rubyman
Oct 13 12:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Failed password for root from 5.231.70.68 port 33364 ssh2
Oct 13 12:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404873 of user rubyman.
Oct 13 12:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9346]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404873.
Oct 13 12:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Received disconnect from 5.231.70.68 port 33364:11: Bye Bye [preauth]
Oct 13 12:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Disconnected from 5.231.70.68 port 33364 [preauth]
Oct 13 12:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9375]: Failed password for root from 5.231.70.68 port 33376 ssh2
Oct 13 12:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9375]: Received disconnect from 5.231.70.68 port 33376:11: Bye Bye [preauth]
Oct 13 12:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9375]: Disconnected from 5.231.70.68 port 33376 [preauth]
Oct 13 12:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Invalid user postgres from 196.251.80.27
Oct 13 12:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9430]: Failed password for root from 5.231.70.68 port 33384 ssh2
Oct 13 12:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9430]: Received disconnect from 5.231.70.68 port 33384:11: Bye Bye [preauth]
Oct 13 12:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9430]: Disconnected from 5.231.70.68 port 33384 [preauth]
Oct 13 12:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Failed password for invalid user postgres from 196.251.80.27 port 48878 ssh2
Oct 13 12:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Connection closed by 196.251.80.27 port 48878 [preauth]
Oct 13 12:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Failed password for root from 5.231.70.68 port 51134 ssh2
Oct 13 12:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Received disconnect from 5.231.70.68 port 51134:11: Bye Bye [preauth]
Oct 13 12:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Disconnected from 5.231.70.68 port 51134 [preauth]
Oct 13 12:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5526]: pam_unix(cron:session): session closed for user root
Oct 13 12:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9581]: Failed password for root from 5.231.70.68 port 51144 ssh2
Oct 13 12:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9581]: Received disconnect from 5.231.70.68 port 51144:11: Bye Bye [preauth]
Oct 13 12:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9581]: Disconnected from 5.231.70.68 port 51144 [preauth]
Oct 13 12:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9257]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: Failed password for root from 5.231.70.68 port 51154 ssh2
Oct 13 12:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: Received disconnect from 5.231.70.68 port 51154:11: Bye Bye [preauth]
Oct 13 12:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: Disconnected from 5.231.70.68 port 51154 [preauth]
Oct 13 12:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: Failed password for root from 5.231.70.68 port 42276 ssh2
Oct 13 12:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: Received disconnect from 5.231.70.68 port 42276:11: Bye Bye [preauth]
Oct 13 12:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: Disconnected from 5.231.70.68 port 42276 [preauth]
Oct 13 12:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9680]: Failed password for root from 5.231.70.68 port 42290 ssh2
Oct 13 12:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9680]: Received disconnect from 5.231.70.68 port 42290:11: Bye Bye [preauth]
Oct 13 12:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9680]: Disconnected from 5.231.70.68 port 42290 [preauth]
Oct 13 12:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: Failed password for root from 5.231.70.68 port 42302 ssh2
Oct 13 12:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: Received disconnect from 5.231.70.68 port 42302:11: Bye Bye [preauth]
Oct 13 12:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: Disconnected from 5.231.70.68 port 42302 [preauth]
Oct 13 12:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9751]: Failed password for root from 5.231.70.68 port 42318 ssh2
Oct 13 12:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9751]: Received disconnect from 5.231.70.68 port 42318:11: Bye Bye [preauth]
Oct 13 12:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9751]: Disconnected from 5.231.70.68 port 42318 [preauth]
Oct 13 12:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9817]: Failed password for root from 5.231.70.68 port 40176 ssh2
Oct 13 12:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9817]: Received disconnect from 5.231.70.68 port 40176:11: Bye Bye [preauth]
Oct 13 12:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9817]: Disconnected from 5.231.70.68 port 40176 [preauth]
Oct 13 12:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Failed password for root from 5.231.70.68 port 40188 ssh2
Oct 13 12:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Received disconnect from 5.231.70.68 port 40188:11: Bye Bye [preauth]
Oct 13 12:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Disconnected from 5.231.70.68 port 40188 [preauth]
Oct 13 12:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9836]: Failed password for root from 5.231.70.68 port 40202 ssh2
Oct 13 12:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7607]: pam_unix(cron:session): session closed for user root
Oct 13 12:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9836]: Received disconnect from 5.231.70.68 port 40202:11: Bye Bye [preauth]
Oct 13 12:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9836]: Disconnected from 5.231.70.68 port 40202 [preauth]
Oct 13 12:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: Failed password for root from 5.231.70.68 port 54328 ssh2
Oct 13 12:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: Received disconnect from 5.231.70.68 port 54328:11: Bye Bye [preauth]
Oct 13 12:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: Disconnected from 5.231.70.68 port 54328 [preauth]
Oct 13 12:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9880]: Failed password for root from 5.231.70.68 port 54344 ssh2
Oct 13 12:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9880]: Received disconnect from 5.231.70.68 port 54344:11: Bye Bye [preauth]
Oct 13 12:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9880]: Disconnected from 5.231.70.68 port 54344 [preauth]
Oct 13 12:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Failed password for root from 5.231.70.68 port 54354 ssh2
Oct 13 12:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Received disconnect from 5.231.70.68 port 54354:11: Bye Bye [preauth]
Oct 13 12:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9889]: Disconnected from 5.231.70.68 port 54354 [preauth]
Oct 13 12:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9895]: Failed password for root from 5.231.70.68 port 54362 ssh2
Oct 13 12:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9895]: Received disconnect from 5.231.70.68 port 54362:11: Bye Bye [preauth]
Oct 13 12:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9895]: Disconnected from 5.231.70.68 port 54362 [preauth]
Oct 13 12:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: Invalid user postgres from 196.251.80.27
Oct 13 12:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9922]: Failed password for root from 5.231.70.68 port 44670 ssh2
Oct 13 12:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9922]: Received disconnect from 5.231.70.68 port 44670:11: Bye Bye [preauth]
Oct 13 12:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9922]: Disconnected from 5.231.70.68 port 44670 [preauth]
Oct 13 12:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: Failed password for invalid user postgres from 196.251.80.27 port 56840 ssh2
Oct 13 12:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: Connection closed by 196.251.80.27 port 56840 [preauth]
Oct 13 12:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9929]: Failed password for root from 5.231.70.68 port 44678 ssh2
Oct 13 12:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9929]: Received disconnect from 5.231.70.68 port 44678:11: Bye Bye [preauth]
Oct 13 12:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9929]: Disconnected from 5.231.70.68 port 44678 [preauth]
Oct 13 12:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9941]: Failed password for root from 5.231.70.68 port 44688 ssh2
Oct 13 12:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9941]: Received disconnect from 5.231.70.68 port 44688:11: Bye Bye [preauth]
Oct 13 12:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9941]: Disconnected from 5.231.70.68 port 44688 [preauth]
Oct 13 12:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9953]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9950]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9948]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9948]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10022]: Successful su for rubyman by root
Oct 13 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10022]: + ??? root:rubyman
Oct 13 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404878 of user rubyman.
Oct 13 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10022]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404878.
Oct 13 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9944]: Failed password for root from 5.231.70.68 port 59432 ssh2
Oct 13 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9944]: Received disconnect from 5.231.70.68 port 59432:11: Bye Bye [preauth]
Oct 13 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9944]: Disconnected from 5.231.70.68 port 59432 [preauth]
Oct 13 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10065]: Failed password for root from 5.231.70.68 port 59436 ssh2
Oct 13 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10065]: Received disconnect from 5.231.70.68 port 59436:11: Bye Bye [preauth]
Oct 13 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10065]: Disconnected from 5.231.70.68 port 59436 [preauth]
Oct 13 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: Failed password for root from 5.231.70.68 port 59450 ssh2
Oct 13 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: Received disconnect from 5.231.70.68 port 59450:11: Bye Bye [preauth]
Oct 13 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: Disconnected from 5.231.70.68 port 59450 [preauth]
Oct 13 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6036]: pam_unix(cron:session): session closed for user root
Oct 13 12:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: Failed password for root from 5.231.70.68 port 53382 ssh2
Oct 13 12:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: Received disconnect from 5.231.70.68 port 53382:11: Bye Bye [preauth]
Oct 13 12:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: Disconnected from 5.231.70.68 port 53382 [preauth]
Oct 13 12:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10249]: Failed password for root from 5.231.70.68 port 53388 ssh2
Oct 13 12:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10249]: Received disconnect from 5.231.70.68 port 53388:11: Bye Bye [preauth]
Oct 13 12:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10249]: Disconnected from 5.231.70.68 port 53388 [preauth]
Oct 13 12:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9949]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10264]: Failed password for root from 5.231.70.68 port 53394 ssh2
Oct 13 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10264]: Received disconnect from 5.231.70.68 port 53394:11: Bye Bye [preauth]
Oct 13 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10264]: Disconnected from 5.231.70.68 port 53394 [preauth]
Oct 13 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10302]: Failed password for root from 5.231.70.68 port 49030 ssh2
Oct 13 12:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10302]: Received disconnect from 5.231.70.68 port 49030:11: Bye Bye [preauth]
Oct 13 12:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10302]: Disconnected from 5.231.70.68 port 49030 [preauth]
Oct 13 12:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10314]: Failed password for root from 5.231.70.68 port 49044 ssh2
Oct 13 12:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10314]: Received disconnect from 5.231.70.68 port 49044:11: Bye Bye [preauth]
Oct 13 12:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10314]: Disconnected from 5.231.70.68 port 49044 [preauth]
Oct 13 12:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10317]: Failed password for root from 5.231.70.68 port 49048 ssh2
Oct 13 12:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10317]: Received disconnect from 5.231.70.68 port 49048:11: Bye Bye [preauth]
Oct 13 12:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10317]: Disconnected from 5.231.70.68 port 49048 [preauth]
Oct 13 12:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Failed password for root from 5.231.70.68 port 49058 ssh2
Oct 13 12:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Received disconnect from 5.231.70.68 port 49058:11: Bye Bye [preauth]
Oct 13 12:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Disconnected from 5.231.70.68 port 49058 [preauth]
Oct 13 12:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: Failed password for root from 5.231.70.68 port 50122 ssh2
Oct 13 12:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: Received disconnect from 5.231.70.68 port 50122:11: Bye Bye [preauth]
Oct 13 12:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: Disconnected from 5.231.70.68 port 50122 [preauth]
Oct 13 12:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: Failed password for root from 5.231.70.68 port 50136 ssh2
Oct 13 12:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: Received disconnect from 5.231.70.68 port 50136:11: Bye Bye [preauth]
Oct 13 12:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: Disconnected from 5.231.70.68 port 50136 [preauth]
Oct 13 12:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10389]: Invalid user postgres from 196.251.80.27
Oct 13 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10389]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10389]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: Failed password for root from 5.231.70.68 port 50150 ssh2
Oct 13 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: Received disconnect from 5.231.70.68 port 50150:11: Bye Bye [preauth]
Oct 13 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: Disconnected from 5.231.70.68 port 50150 [preauth]
Oct 13 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8510]: pam_unix(cron:session): session closed for user root
Oct 13 12:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10389]: Failed password for invalid user postgres from 196.251.80.27 port 37172 ssh2
Oct 13 12:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10389]: Connection closed by 196.251.80.27 port 37172 [preauth]
Oct 13 12:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10408]: Failed password for root from 5.231.70.68 port 36606 ssh2
Oct 13 12:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10408]: Received disconnect from 5.231.70.68 port 36606:11: Bye Bye [preauth]
Oct 13 12:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10408]: Disconnected from 5.231.70.68 port 36606 [preauth]
Oct 13 12:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: Failed password for root from 5.231.70.68 port 36614 ssh2
Oct 13 12:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: Received disconnect from 5.231.70.68 port 36614:11: Bye Bye [preauth]
Oct 13 12:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: Disconnected from 5.231.70.68 port 36614 [preauth]
Oct 13 12:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10428]: Failed password for root from 5.231.70.68 port 36622 ssh2
Oct 13 12:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10428]: Received disconnect from 5.231.70.68 port 36622:11: Bye Bye [preauth]
Oct 13 12:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10428]: Disconnected from 5.231.70.68 port 36622 [preauth]
Oct 13 12:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: Failed password for root from 5.231.70.68 port 58678 ssh2
Oct 13 12:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: Received disconnect from 5.231.70.68 port 58678:11: Bye Bye [preauth]
Oct 13 12:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10460]: Disconnected from 5.231.70.68 port 58678 [preauth]
Oct 13 12:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: Failed password for root from 5.231.70.68 port 58682 ssh2
Oct 13 12:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: Received disconnect from 5.231.70.68 port 58682:11: Bye Bye [preauth]
Oct 13 12:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: Disconnected from 5.231.70.68 port 58682 [preauth]
Oct 13 12:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Failed password for root from 5.231.70.68 port 58690 ssh2
Oct 13 12:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Received disconnect from 5.231.70.68 port 58690:11: Bye Bye [preauth]
Oct 13 12:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Disconnected from 5.231.70.68 port 58690 [preauth]
Oct 13 12:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: Failed password for root from 5.231.70.68 port 58712 ssh2
Oct 13 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: Received disconnect from 5.231.70.68 port 58712:11: Bye Bye [preauth]
Oct 13 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: Disconnected from 5.231.70.68 port 58712 [preauth]
Oct 13 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10493]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10492]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10490]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10567]: Successful su for rubyman by root
Oct 13 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10567]: + ??? root:rubyman
Oct 13 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10567]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404881 of user rubyman.
Oct 13 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10567]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404881.
Oct 13 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10486]: Failed password for root from 5.231.70.68 port 43344 ssh2
Oct 13 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10486]: Received disconnect from 5.231.70.68 port 43344:11: Bye Bye [preauth]
Oct 13 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10486]: Disconnected from 5.231.70.68 port 43344 [preauth]
Oct 13 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10651]: Failed password for root from 5.231.70.68 port 43346 ssh2
Oct 13 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10651]: Received disconnect from 5.231.70.68 port 43346:11: Bye Bye [preauth]
Oct 13 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10651]: Disconnected from 5.231.70.68 port 43346 [preauth]
Oct 13 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6495]: pam_unix(cron:session): session closed for user root
Oct 13 12:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10690]: Failed password for root from 5.231.70.68 port 43356 ssh2
Oct 13 12:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10690]: Received disconnect from 5.231.70.68 port 43356:11: Bye Bye [preauth]
Oct 13 12:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10690]: Disconnected from 5.231.70.68 port 43356 [preauth]
Oct 13 12:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: Failed password for root from 5.231.70.68 port 46510 ssh2
Oct 13 12:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: Received disconnect from 5.231.70.68 port 46510:11: Bye Bye [preauth]
Oct 13 12:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: Disconnected from 5.231.70.68 port 46510 [preauth]
Oct 13 12:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: Failed password for root from 5.231.70.68 port 46518 ssh2
Oct 13 12:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: Received disconnect from 5.231.70.68 port 46518:11: Bye Bye [preauth]
Oct 13 12:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: Disconnected from 5.231.70.68 port 46518 [preauth]
Oct 13 12:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10491]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10808]: Failed password for root from 5.231.70.68 port 46522 ssh2
Oct 13 12:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10808]: Received disconnect from 5.231.70.68 port 46522:11: Bye Bye [preauth]
Oct 13 12:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10808]: Disconnected from 5.231.70.68 port 46522 [preauth]
Oct 13 12:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: Failed password for root from 5.231.70.68 port 59628 ssh2
Oct 13 12:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: Received disconnect from 5.231.70.68 port 59628:11: Bye Bye [preauth]
Oct 13 12:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: Disconnected from 5.231.70.68 port 59628 [preauth]
Oct 13 12:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: Invalid user postgres from 196.251.80.27
Oct 13 12:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10855]: Failed password for root from 5.231.70.68 port 59640 ssh2
Oct 13 12:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10855]: Received disconnect from 5.231.70.68 port 59640:11: Bye Bye [preauth]
Oct 13 12:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10855]: Disconnected from 5.231.70.68 port 59640 [preauth]
Oct 13 12:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: Failed password for invalid user postgres from 196.251.80.27 port 44876 ssh2
Oct 13 12:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: Connection closed by 196.251.80.27 port 44876 [preauth]
Oct 13 12:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: Failed password for root from 5.231.70.68 port 59650 ssh2
Oct 13 12:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: Received disconnect from 5.231.70.68 port 59650:11: Bye Bye [preauth]
Oct 13 12:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: Disconnected from 5.231.70.68 port 59650 [preauth]
Oct 13 12:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: Failed password for root from 5.231.70.68 port 33846 ssh2
Oct 13 12:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: Received disconnect from 5.231.70.68 port 33846:11: Bye Bye [preauth]
Oct 13 12:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: Disconnected from 5.231.70.68 port 33846 [preauth]
Oct 13 12:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: Failed password for root from 5.231.70.68 port 33852 ssh2
Oct 13 12:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: Received disconnect from 5.231.70.68 port 33852:11: Bye Bye [preauth]
Oct 13 12:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10896]: Disconnected from 5.231.70.68 port 33852 [preauth]
Oct 13 12:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9259]: pam_unix(cron:session): session closed for user root
Oct 13 12:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: Failed password for root from 5.231.70.68 port 33862 ssh2
Oct 13 12:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: Received disconnect from 5.231.70.68 port 33862:11: Bye Bye [preauth]
Oct 13 12:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: Disconnected from 5.231.70.68 port 33862 [preauth]
Oct 13 12:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10932]: Failed password for root from 5.231.70.68 port 47424 ssh2
Oct 13 12:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10932]: Received disconnect from 5.231.70.68 port 47424:11: Bye Bye [preauth]
Oct 13 12:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10932]: Disconnected from 5.231.70.68 port 47424 [preauth]
Oct 13 12:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10935]: Failed password for root from 5.231.70.68 port 47428 ssh2
Oct 13 12:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10935]: Received disconnect from 5.231.70.68 port 47428:11: Bye Bye [preauth]
Oct 13 12:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10935]: Disconnected from 5.231.70.68 port 47428 [preauth]
Oct 13 12:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: Failed password for root from 5.231.70.68 port 47436 ssh2
Oct 13 12:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: Received disconnect from 5.231.70.68 port 47436:11: Bye Bye [preauth]
Oct 13 12:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10947]: Disconnected from 5.231.70.68 port 47436 [preauth]
Oct 13 12:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 12:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Failed password for root from 194.182.86.152 port 37000 ssh2
Oct 13 12:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Connection closed by 194.182.86.152 port 37000 [preauth]
Oct 13 12:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10970]: Failed password for root from 5.231.70.68 port 47450 ssh2
Oct 13 12:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10970]: Received disconnect from 5.231.70.68 port 47450:11: Bye Bye [preauth]
Oct 13 12:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10970]: Disconnected from 5.231.70.68 port 47450 [preauth]
Oct 13 12:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: Failed password for root from 5.231.70.68 port 42124 ssh2
Oct 13 12:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: Received disconnect from 5.231.70.68 port 42124:11: Bye Bye [preauth]
Oct 13 12:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10982]: Disconnected from 5.231.70.68 port 42124 [preauth]
Oct 13 12:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Failed password for root from 5.231.70.68 port 42140 ssh2
Oct 13 12:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Received disconnect from 5.231.70.68 port 42140:11: Bye Bye [preauth]
Oct 13 12:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Disconnected from 5.231.70.68 port 42140 [preauth]
Oct 13 12:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11004]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11003]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11000]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10997]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11000]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10995]: Failed password for root from 5.231.70.68 port 42146 ssh2
Oct 13 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10995]: Received disconnect from 5.231.70.68 port 42146:11: Bye Bye [preauth]
Oct 13 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10995]: Disconnected from 5.231.70.68 port 42146 [preauth]
Oct 13 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11185]: Successful su for rubyman by root
Oct 13 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11185]: + ??? root:rubyman
Oct 13 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404885 of user rubyman.
Oct 13 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11185]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404885.
Oct 13 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10997]: pam_unix(cron:session): session closed for user root
Oct 13 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: Failed password for root from 5.231.70.68 port 48378 ssh2
Oct 13 12:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: Received disconnect from 5.231.70.68 port 48378:11: Bye Bye [preauth]
Oct 13 12:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: Disconnected from 5.231.70.68 port 48378 [preauth]
Oct 13 12:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11229]: Failed password for root from 5.231.70.68 port 48392 ssh2
Oct 13 12:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11229]: Received disconnect from 5.231.70.68 port 48392:11: Bye Bye [preauth]
Oct 13 12:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11229]: Disconnected from 5.231.70.68 port 48392 [preauth]
Oct 13 12:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Invalid user postgres from 196.251.80.27
Oct 13 12:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: Failed password for root from 5.231.70.68 port 48394 ssh2
Oct 13 12:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: Received disconnect from 5.231.70.68 port 48394:11: Bye Bye [preauth]
Oct 13 12:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: Disconnected from 5.231.70.68 port 48394 [preauth]
Oct 13 12:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7054]: pam_unix(cron:session): session closed for user root
Oct 13 12:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Failed password for invalid user postgres from 196.251.80.27 port 52250 ssh2
Oct 13 12:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Connection closed by 196.251.80.27 port 52250 [preauth]
Oct 13 12:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: Failed password for root from 5.231.70.68 port 48078 ssh2
Oct 13 12:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: Received disconnect from 5.231.70.68 port 48078:11: Bye Bye [preauth]
Oct 13 12:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: Disconnected from 5.231.70.68 port 48078 [preauth]
Oct 13 12:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11406]: Failed password for root from 5.231.70.68 port 48080 ssh2
Oct 13 12:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11406]: Received disconnect from 5.231.70.68 port 48080:11: Bye Bye [preauth]
Oct 13 12:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11406]: Disconnected from 5.231.70.68 port 48080 [preauth]
Oct 13 12:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11002]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Failed password for root from 5.231.70.68 port 48094 ssh2
Oct 13 12:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Received disconnect from 5.231.70.68 port 48094:11: Bye Bye [preauth]
Oct 13 12:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Disconnected from 5.231.70.68 port 48094 [preauth]
Oct 13 12:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: Failed password for root from 5.231.70.68 port 42338 ssh2
Oct 13 12:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: Received disconnect from 5.231.70.68 port 42338:11: Bye Bye [preauth]
Oct 13 12:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: Disconnected from 5.231.70.68 port 42338 [preauth]
Oct 13 12:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Failed password for root from 5.231.70.68 port 42350 ssh2
Oct 13 12:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Received disconnect from 5.231.70.68 port 42350:11: Bye Bye [preauth]
Oct 13 12:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Disconnected from 5.231.70.68 port 42350 [preauth]
Oct 13 12:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Failed password for root from 5.231.70.68 port 42360 ssh2
Oct 13 12:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Received disconnect from 5.231.70.68 port 42360:11: Bye Bye [preauth]
Oct 13 12:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Disconnected from 5.231.70.68 port 42360 [preauth]
Oct 13 12:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: Failed password for root from 5.231.70.68 port 39356 ssh2
Oct 13 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: Received disconnect from 5.231.70.68 port 39356:11: Bye Bye [preauth]
Oct 13 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11492]: Disconnected from 5.231.70.68 port 39356 [preauth]
Oct 13 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11505]: Failed password for root from 5.231.70.68 port 39360 ssh2
Oct 13 12:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11505]: Received disconnect from 5.231.70.68 port 39360:11: Bye Bye [preauth]
Oct 13 12:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11505]: Disconnected from 5.231.70.68 port 39360 [preauth]
Oct 13 12:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9953]: pam_unix(cron:session): session closed for user root
Oct 13 12:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11518]: Failed password for root from 5.231.70.68 port 39366 ssh2
Oct 13 12:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11518]: Received disconnect from 5.231.70.68 port 39366:11: Bye Bye [preauth]
Oct 13 12:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11518]: Disconnected from 5.231.70.68 port 39366 [preauth]
Oct 13 12:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11543]: Failed password for root from 5.231.70.68 port 39100 ssh2
Oct 13 12:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11543]: Received disconnect from 5.231.70.68 port 39100:11: Bye Bye [preauth]
Oct 13 12:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11543]: Disconnected from 5.231.70.68 port 39100 [preauth]
Oct 13 12:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: Failed password for root from 5.231.70.68 port 39112 ssh2
Oct 13 12:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: Received disconnect from 5.231.70.68 port 39112:11: Bye Bye [preauth]
Oct 13 12:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11561]: Disconnected from 5.231.70.68 port 39112 [preauth]
Oct 13 12:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: Failed password for root from 5.231.70.68 port 39126 ssh2
Oct 13 12:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: Received disconnect from 5.231.70.68 port 39126:11: Bye Bye [preauth]
Oct 13 12:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: Disconnected from 5.231.70.68 port 39126 [preauth]
Oct 13 12:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: Failed password for root from 5.231.70.68 port 41906 ssh2
Oct 13 12:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: Received disconnect from 5.231.70.68 port 41906:11: Bye Bye [preauth]
Oct 13 12:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: Disconnected from 5.231.70.68 port 41906 [preauth]
Oct 13 12:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11597]: Failed password for root from 5.231.70.68 port 41918 ssh2
Oct 13 12:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11597]: Received disconnect from 5.231.70.68 port 41918:11: Bye Bye [preauth]
Oct 13 12:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11597]: Disconnected from 5.231.70.68 port 41918 [preauth]
Oct 13 12:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11613]: Invalid user postgres from 196.251.80.27
Oct 13 12:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11613]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11613]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: Failed password for root from 5.231.70.68 port 41928 ssh2
Oct 13 12:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: Received disconnect from 5.231.70.68 port 41928:11: Bye Bye [preauth]
Oct 13 12:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: Disconnected from 5.231.70.68 port 41928 [preauth]
Oct 13 12:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: Invalid user devserver from 103.176.78.151
Oct 13 12:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: input_userauth_request: invalid user devserver [preauth]
Oct 13 12:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 12:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11613]: Failed password for invalid user postgres from 196.251.80.27 port 59576 ssh2
Oct 13 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11613]: Connection closed by 196.251.80.27 port 59576 [preauth]
Oct 13 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: Failed password for invalid user devserver from 103.176.78.151 port 46440 ssh2
Oct 13 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11656]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11651]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11654]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11653]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11656]: pam_unix(cron:session): session closed for user root
Oct 13 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11649]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: Received disconnect from 103.176.78.151 port 46440:11: Bye Bye [preauth]
Oct 13 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: Disconnected from 103.176.78.151 port 46440 [preauth]
Oct 13 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11624]: Failed password for root from 5.231.70.68 port 44670 ssh2
Oct 13 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11624]: Received disconnect from 5.231.70.68 port 44670:11: Bye Bye [preauth]
Oct 13 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11624]: Disconnected from 5.231.70.68 port 44670 [preauth]
Oct 13 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11822]: Successful su for rubyman by root
Oct 13 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11822]: + ??? root:rubyman
Oct 13 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404890 of user rubyman.
Oct 13 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11822]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404890.
Oct 13 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: Failed password for root from 5.231.70.68 port 44684 ssh2
Oct 13 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: Received disconnect from 5.231.70.68 port 44684:11: Bye Bye [preauth]
Oct 13 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: Disconnected from 5.231.70.68 port 44684 [preauth]
Oct 13 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11922]: Failed password for root from 5.231.70.68 port 44690 ssh2
Oct 13 12:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11922]: Received disconnect from 5.231.70.68 port 44690:11: Bye Bye [preauth]
Oct 13 12:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11922]: Disconnected from 5.231.70.68 port 44690 [preauth]
Oct 13 12:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11651]: pam_unix(cron:session): session closed for user root
Oct 13 12:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7606]: pam_unix(cron:session): session closed for user root
Oct 13 12:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: Failed password for root from 5.231.70.68 port 42282 ssh2
Oct 13 12:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: Received disconnect from 5.231.70.68 port 42282:11: Bye Bye [preauth]
Oct 13 12:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: Disconnected from 5.231.70.68 port 42282 [preauth]
Oct 13 12:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Failed password for root from 5.231.70.68 port 42296 ssh2
Oct 13 12:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Received disconnect from 5.231.70.68 port 42296:11: Bye Bye [preauth]
Oct 13 12:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Disconnected from 5.231.70.68 port 42296 [preauth]
Oct 13 12:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12067]: Failed password for root from 5.231.70.68 port 42310 ssh2
Oct 13 12:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12067]: Received disconnect from 5.231.70.68 port 42310:11: Bye Bye [preauth]
Oct 13 12:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12067]: Disconnected from 5.231.70.68 port 42310 [preauth]
Oct 13 12:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11650]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Failed password for root from 5.231.70.68 port 55342 ssh2
Oct 13 12:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Received disconnect from 5.231.70.68 port 55342:11: Bye Bye [preauth]
Oct 13 12:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Disconnected from 5.231.70.68 port 55342 [preauth]
Oct 13 12:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: Failed password for root from 5.231.70.68 port 55348 ssh2
Oct 13 12:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: Received disconnect from 5.231.70.68 port 55348:11: Bye Bye [preauth]
Oct 13 12:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: Disconnected from 5.231.70.68 port 55348 [preauth]
Oct 13 12:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12125]: Failed password for root from 5.231.70.68 port 55362 ssh2
Oct 13 12:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12125]: Received disconnect from 5.231.70.68 port 55362:11: Bye Bye [preauth]
Oct 13 12:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12125]: Disconnected from 5.231.70.68 port 55362 [preauth]
Oct 13 12:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12140]: Invalid user proxyuser from 178.62.19.223
Oct 13 12:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12140]: input_userauth_request: invalid user proxyuser [preauth]
Oct 13 12:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12140]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 12:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12135]: Failed password for root from 5.231.70.68 port 37608 ssh2
Oct 13 12:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12135]: Received disconnect from 5.231.70.68 port 37608:11: Bye Bye [preauth]
Oct 13 12:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12135]: Disconnected from 5.231.70.68 port 37608 [preauth]
Oct 13 12:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12140]: Failed password for invalid user proxyuser from 178.62.19.223 port 46466 ssh2
Oct 13 12:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12140]: Received disconnect from 178.62.19.223 port 46466:11: Bye Bye [preauth]
Oct 13 12:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12140]: Disconnected from 178.62.19.223 port 46466 [preauth]
Oct 13 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.231.70.68  user=root
Oct 13 12:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: Failed password for root from 5.231.70.68 port 37616 ssh2
Oct 13 12:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: Received disconnect from 5.231.70.68 port 37616:11: Bye Bye [preauth]
Oct 13 12:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: Disconnected from 5.231.70.68 port 37616 [preauth]
Oct 13 12:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10493]: pam_unix(cron:session): session closed for user root
Oct 13 12:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: Invalid user postgres from 196.251.80.27
Oct 13 12:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: Failed password for invalid user postgres from 196.251.80.27 port 38468 ssh2
Oct 13 12:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: Connection closed by 196.251.80.27 port 38468 [preauth]
Oct 13 12:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12278]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12277]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12271]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12351]: Successful su for rubyman by root
Oct 13 12:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12351]: + ??? root:rubyman
Oct 13 12:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404896 of user rubyman.
Oct 13 12:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12351]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404896.
Oct 13 12:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12439]: Invalid user devserver from 51.195.149.120
Oct 13 12:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12439]: input_userauth_request: invalid user devserver [preauth]
Oct 13 12:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12439]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 12:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12494]: Invalid user acct from 103.10.45.57
Oct 13 12:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12494]: input_userauth_request: invalid user acct [preauth]
Oct 13 12:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12494]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 12:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12439]: Failed password for invalid user devserver from 51.195.149.120 port 54334 ssh2
Oct 13 12:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12439]: Received disconnect from 51.195.149.120 port 54334:11: Bye Bye [preauth]
Oct 13 12:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12439]: Disconnected from 51.195.149.120 port 54334 [preauth]
Oct 13 12:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12494]: Failed password for invalid user acct from 103.10.45.57 port 37790 ssh2
Oct 13 12:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12494]: Received disconnect from 103.10.45.57 port 37790:11: Bye Bye [preauth]
Oct 13 12:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12494]: Disconnected from 103.10.45.57 port 37790 [preauth]
Oct 13 12:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8509]: pam_unix(cron:session): session closed for user root
Oct 13 12:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12272]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: Invalid user postgres from 196.251.80.27
Oct 13 12:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: Failed password for invalid user postgres from 196.251.80.27 port 46282 ssh2
Oct 13 12:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: Connection closed by 196.251.80.27 port 46282 [preauth]
Oct 13 12:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12684]: Invalid user egarcia from 216.10.242.161
Oct 13 12:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12684]: input_userauth_request: invalid user egarcia [preauth]
Oct 13 12:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12684]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 12:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11004]: pam_unix(cron:session): session closed for user root
Oct 13 12:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12684]: Failed password for invalid user egarcia from 216.10.242.161 port 48046 ssh2
Oct 13 12:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12684]: Received disconnect from 216.10.242.161 port 48046:11: Bye Bye [preauth]
Oct 13 12:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12684]: Disconnected from 216.10.242.161 port 48046 [preauth]
Oct 13 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12770]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12771]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12769]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12768]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12768]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12796]: Invalid user ac from 185.255.91.226
Oct 13 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12796]: input_userauth_request: invalid user ac [preauth]
Oct 13 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12796]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12854]: Successful su for rubyman by root
Oct 13 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12854]: + ??? root:rubyman
Oct 13 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404901 of user rubyman.
Oct 13 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12854]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404901.
Oct 13 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12796]: Failed password for invalid user ac from 185.255.91.226 port 46434 ssh2
Oct 13 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12796]: Received disconnect from 185.255.91.226 port 46434:11: Bye Bye [preauth]
Oct 13 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12796]: Disconnected from 185.255.91.226 port 46434 [preauth]
Oct 13 12:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9258]: pam_unix(cron:session): session closed for user root
Oct 13 12:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: Invalid user postgres from 196.251.80.27
Oct 13 12:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: Failed password for invalid user postgres from 196.251.80.27 port 54222 ssh2
Oct 13 12:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13075]: Connection closed by 196.251.80.27 port 54222 [preauth]
Oct 13 12:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12769]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11654]: pam_unix(cron:session): session closed for user root
Oct 13 12:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: Invalid user postgres from 196.251.80.27
Oct 13 12:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Invalid user user from 62.60.131.157
Oct 13 12:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: input_userauth_request: invalid user user [preauth]
Oct 13 12:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 12:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Failed password for invalid user user from 62.60.131.157 port 54762 ssh2
Oct 13 12:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: Failed password for invalid user postgres from 196.251.80.27 port 33250 ssh2
Oct 13 12:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: Connection closed by 196.251.80.27 port 33250 [preauth]
Oct 13 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13385]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13387]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13383]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Failed password for invalid user user from 62.60.131.157 port 54762 ssh2
Oct 13 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13466]: Successful su for rubyman by root
Oct 13 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13466]: + ??? root:rubyman
Oct 13 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404904 of user rubyman.
Oct 13 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13466]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404904.
Oct 13 12:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Failed password for invalid user user from 62.60.131.157 port 54762 ssh2
Oct 13 12:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Failed password for invalid user user from 62.60.131.157 port 54762 ssh2
Oct 13 12:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Failed password for invalid user user from 62.60.131.157 port 54762 ssh2
Oct 13 12:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Received disconnect from 62.60.131.157 port 54762:11: Bye [preauth]
Oct 13 12:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Disconnected from 62.60.131.157 port 54762 [preauth]
Oct 13 12:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 12:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 12:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223  user=root
Oct 13 12:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: Failed password for root from 178.62.19.223 port 46126 ssh2
Oct 13 12:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: Received disconnect from 178.62.19.223 port 46126:11: Bye Bye [preauth]
Oct 13 12:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: Disconnected from 178.62.19.223 port 46126 [preauth]
Oct 13 12:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9950]: pam_unix(cron:session): session closed for user root
Oct 13 12:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: Invalid user admin from 62.60.131.157
Oct 13 12:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: input_userauth_request: invalid user admin [preauth]
Oct 13 12:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 12:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: Failed password for invalid user admin from 62.60.131.157 port 62573 ssh2
Oct 13 12:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: Failed password for invalid user admin from 62.60.131.157 port 62573 ssh2
Oct 13 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: Invalid user egarcia from 51.195.149.120
Oct 13 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: input_userauth_request: invalid user egarcia [preauth]
Oct 13 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: Failed password for invalid user egarcia from 51.195.149.120 port 59934 ssh2
Oct 13 12:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: Failed password for invalid user admin from 62.60.131.157 port 62573 ssh2
Oct 13 12:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: Received disconnect from 51.195.149.120 port 59934:11: Bye Bye [preauth]
Oct 13 12:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: Disconnected from 51.195.149.120 port 59934 [preauth]
Oct 13 12:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: Failed password for invalid user admin from 62.60.131.157 port 62573 ssh2
Oct 13 12:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: Failed password for invalid user admin from 62.60.131.157 port 62573 ssh2
Oct 13 12:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: Received disconnect from 62.60.131.157 port 62573:11: Bye [preauth]
Oct 13 12:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: Disconnected from 62.60.131.157 port 62573 [preauth]
Oct 13 12:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 12:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 12:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12278]: pam_unix(cron:session): session closed for user root
Oct 13 12:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Invalid user postgres from 196.251.80.27
Oct 13 12:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Failed password for invalid user postgres from 196.251.80.27 port 40162 ssh2
Oct 13 12:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Connection closed by 196.251.80.27 port 40162 [preauth]
Oct 13 12:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: Invalid user silas from 101.126.89.164
Oct 13 12:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: input_userauth_request: invalid user silas [preauth]
Oct 13 12:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.126.89.164
Oct 13 12:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: Failed password for invalid user silas from 101.126.89.164 port 42244 ssh2
Oct 13 12:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: Received disconnect from 101.126.89.164 port 42244:11: Bye Bye [preauth]
Oct 13 12:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: Disconnected from 101.126.89.164 port 42244 [preauth]
Oct 13 12:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13875]: Invalid user almalinux from 216.10.242.161
Oct 13 12:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13875]: input_userauth_request: invalid user almalinux [preauth]
Oct 13 12:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13875]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 12:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13875]: Failed password for invalid user almalinux from 216.10.242.161 port 39336 ssh2
Oct 13 12:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13875]: Received disconnect from 216.10.242.161 port 39336:11: Bye Bye [preauth]
Oct 13 12:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13875]: Disconnected from 216.10.242.161 port 39336 [preauth]
Oct 13 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13886]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13885]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13883]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13955]: Successful su for rubyman by root
Oct 13 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13955]: + ??? root:rubyman
Oct 13 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404909 of user rubyman.
Oct 13 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13955]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404909.
Oct 13 12:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: Invalid user mqm from 103.10.45.57
Oct 13 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: input_userauth_request: invalid user mqm [preauth]
Oct 13 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 12:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: Failed password for invalid user mqm from 103.10.45.57 port 42682 ssh2
Oct 13 12:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: Received disconnect from 103.10.45.57 port 42682:11: Bye Bye [preauth]
Oct 13 12:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: Disconnected from 103.10.45.57 port 42682 [preauth]
Oct 13 12:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: Invalid user deploy from 185.255.91.226
Oct 13 12:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: input_userauth_request: invalid user deploy [preauth]
Oct 13 12:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 12:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10492]: pam_unix(cron:session): session closed for user root
Oct 13 12:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: Failed password for invalid user deploy from 185.255.91.226 port 57066 ssh2
Oct 13 12:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: Received disconnect from 185.255.91.226 port 57066:11: Bye Bye [preauth]
Oct 13 12:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14134]: Disconnected from 185.255.91.226 port 57066 [preauth]
Oct 13 12:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13884]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: Invalid user sysop from 178.62.19.223
Oct 13 12:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: input_userauth_request: invalid user sysop [preauth]
Oct 13 12:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 12:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: Failed password for invalid user sysop from 178.62.19.223 port 47848 ssh2
Oct 13 12:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: Received disconnect from 178.62.19.223 port 47848:11: Bye Bye [preauth]
Oct 13 12:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: Disconnected from 178.62.19.223 port 47848 [preauth]
Oct 13 12:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: Invalid user postgres from 196.251.80.27
Oct 13 12:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: Failed password for invalid user postgres from 196.251.80.27 port 47336 ssh2
Oct 13 12:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: Connection closed by 196.251.80.27 port 47336 [preauth]
Oct 13 12:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: Invalid user dm from 51.195.149.120
Oct 13 12:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: input_userauth_request: invalid user dm [preauth]
Oct 13 12:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 12:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12771]: pam_unix(cron:session): session closed for user root
Oct 13 12:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: Failed password for invalid user dm from 51.195.149.120 port 44908 ssh2
Oct 13 12:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: Received disconnect from 51.195.149.120 port 44908:11: Bye Bye [preauth]
Oct 13 12:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: Disconnected from 51.195.149.120 port 44908 [preauth]
Oct 13 12:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14371]: Did not receive identification string from 80.211.129.128
Oct 13 12:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: Invalid user proxyuser from 103.176.78.151
Oct 13 12:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: input_userauth_request: invalid user proxyuser [preauth]
Oct 13 12:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 12:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: Failed password for invalid user proxyuser from 103.176.78.151 port 43246 ssh2
Oct 13 12:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: Received disconnect from 103.176.78.151 port 43246:11: Bye Bye [preauth]
Oct 13 12:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14372]: Disconnected from 103.176.78.151 port 43246 [preauth]
Oct 13 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14420]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14421]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14418]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14417]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14421]: pam_unix(cron:session): session closed for user root
Oct 13 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14415]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14509]: Successful su for rubyman by root
Oct 13 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14509]: + ??? root:rubyman
Oct 13 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404912 of user rubyman.
Oct 13 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14509]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404912.
Oct 13 12:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14417]: pam_unix(cron:session): session closed for user root
Oct 13 12:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14639]: Invalid user postgres from 196.251.80.27
Oct 13 12:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14639]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14639]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11003]: pam_unix(cron:session): session closed for user root
Oct 13 12:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14639]: Failed password for invalid user postgres from 196.251.80.27 port 54686 ssh2
Oct 13 12:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14639]: Connection closed by 196.251.80.27 port 54686 [preauth]
Oct 13 12:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14416]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161  user=root
Oct 13 12:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: Failed password for root from 216.10.242.161 port 59960 ssh2
Oct 13 12:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: Received disconnect from 216.10.242.161 port 59960:11: Bye Bye [preauth]
Oct 13 12:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: Disconnected from 216.10.242.161 port 59960 [preauth]
Oct 13 12:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: Invalid user ugo from 185.255.91.226
Oct 13 12:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: input_userauth_request: invalid user ugo [preauth]
Oct 13 12:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 12:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223  user=root
Oct 13 12:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: Failed password for invalid user ugo from 185.255.91.226 port 34832 ssh2
Oct 13 12:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: Received disconnect from 185.255.91.226 port 34832:11: Bye Bye [preauth]
Oct 13 12:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: Disconnected from 185.255.91.226 port 34832 [preauth]
Oct 13 12:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13387]: pam_unix(cron:session): session closed for user root
Oct 13 12:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: Failed password for root from 178.62.19.223 port 44230 ssh2
Oct 13 12:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: Received disconnect from 178.62.19.223 port 44230:11: Bye Bye [preauth]
Oct 13 12:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14845]: Disconnected from 178.62.19.223 port 44230 [preauth]
Oct 13 12:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: Invalid user zwj from 103.10.45.57
Oct 13 12:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: input_userauth_request: invalid user zwj [preauth]
Oct 13 12:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 12:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: Failed password for invalid user zwj from 103.10.45.57 port 36854 ssh2
Oct 13 12:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: Received disconnect from 103.10.45.57 port 36854:11: Bye Bye [preauth]
Oct 13 12:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14897]: Disconnected from 103.10.45.57 port 36854 [preauth]
Oct 13 12:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120  user=root
Oct 13 12:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: Invalid user postgres from 196.251.80.27
Oct 13 12:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: Failed password for root from 51.195.149.120 port 39950 ssh2
Oct 13 12:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: Received disconnect from 51.195.149.120 port 39950:11: Bye Bye [preauth]
Oct 13 12:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: Disconnected from 51.195.149.120 port 39950 [preauth]
Oct 13 12:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: Failed password for invalid user postgres from 196.251.80.27 port 32926 ssh2
Oct 13 12:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14908]: Connection closed by 196.251.80.27 port 32926 [preauth]
Oct 13 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14938]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14939]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14937]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14936]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14936]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15022]: Successful su for rubyman by root
Oct 13 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15022]: + ??? root:rubyman
Oct 13 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404919 of user rubyman.
Oct 13 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15022]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404919.
Oct 13 12:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11653]: pam_unix(cron:session): session closed for user root
Oct 13 12:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14937]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Invalid user postgres from 196.251.80.27
Oct 13 12:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13886]: pam_unix(cron:session): session closed for user root
Oct 13 12:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Failed password for invalid user postgres from 196.251.80.27 port 40056 ssh2
Oct 13 12:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Connection closed by 196.251.80.27 port 40056 [preauth]
Oct 13 12:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: Invalid user user123 from 178.62.19.223
Oct 13 12:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: input_userauth_request: invalid user user123 [preauth]
Oct 13 12:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 12:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: Failed password for invalid user user123 from 178.62.19.223 port 33890 ssh2
Oct 13 12:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: Received disconnect from 178.62.19.223 port 33890:11: Bye Bye [preauth]
Oct 13 12:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: Disconnected from 178.62.19.223 port 33890 [preauth]
Oct 13 12:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: Invalid user original from 185.255.91.226
Oct 13 12:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: input_userauth_request: invalid user original [preauth]
Oct 13 12:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 12:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: Failed password for invalid user original from 185.255.91.226 port 57384 ssh2
Oct 13 12:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: Received disconnect from 185.255.91.226 port 57384:11: Bye Bye [preauth]
Oct 13 12:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: Disconnected from 185.255.91.226 port 57384 [preauth]
Oct 13 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15506]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15507]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15504]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161  user=root
Oct 13 12:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15577]: Successful su for rubyman by root
Oct 13 12:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15577]: + ??? root:rubyman
Oct 13 12:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404923 of user rubyman.
Oct 13 12:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15577]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404923.
Oct 13 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: Failed password for root from 216.10.242.161 port 53836 ssh2
Oct 13 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: Received disconnect from 216.10.242.161 port 53836:11: Bye Bye [preauth]
Oct 13 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: Disconnected from 216.10.242.161 port 53836 [preauth]
Oct 13 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: Invalid user lruiz from 51.195.149.120
Oct 13 12:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: input_userauth_request: invalid user lruiz [preauth]
Oct 13 12:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 12:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: Failed password for invalid user lruiz from 51.195.149.120 port 41862 ssh2
Oct 13 12:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: Received disconnect from 51.195.149.120 port 41862:11: Bye Bye [preauth]
Oct 13 12:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: Disconnected from 51.195.149.120 port 41862 [preauth]
Oct 13 12:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12277]: pam_unix(cron:session): session closed for user root
Oct 13 12:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15505]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Invalid user postgres from 196.251.80.27
Oct 13 12:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Failed password for invalid user postgres from 196.251.80.27 port 46880 ssh2
Oct 13 12:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Connection closed by 196.251.80.27 port 46880 [preauth]
Oct 13 12:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Invalid user devserver from 103.10.45.57
Oct 13 12:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: input_userauth_request: invalid user devserver [preauth]
Oct 13 12:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 12:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Failed password for invalid user devserver from 103.10.45.57 port 33972 ssh2
Oct 13 12:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Received disconnect from 103.10.45.57 port 33972:11: Bye Bye [preauth]
Oct 13 12:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Disconnected from 103.10.45.57 port 33972 [preauth]
Oct 13 12:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14420]: pam_unix(cron:session): session closed for user root
Oct 13 12:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: Invalid user zwj from 103.176.78.151
Oct 13 12:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: input_userauth_request: invalid user zwj [preauth]
Oct 13 12:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 12:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: Failed password for invalid user zwj from 103.176.78.151 port 41336 ssh2
Oct 13 12:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: Received disconnect from 103.176.78.151 port 41336:11: Bye Bye [preauth]
Oct 13 12:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: Disconnected from 103.176.78.151 port 41336 [preauth]
Oct 13 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15958]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15959]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15955]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15955]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16042]: Successful su for rubyman by root
Oct 13 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16042]: + ??? root:rubyman
Oct 13 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404928 of user rubyman.
Oct 13 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16042]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404928.
Oct 13 12:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: Invalid user postgres from 196.251.80.27
Oct 13 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16125]: Invalid user devserver from 178.62.19.223
Oct 13 12:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16125]: input_userauth_request: invalid user devserver [preauth]
Oct 13 12:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16125]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 12:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: Failed password for invalid user postgres from 196.251.80.27 port 53832 ssh2
Oct 13 12:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: Connection closed by 196.251.80.27 port 53832 [preauth]
Oct 13 12:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16125]: Failed password for invalid user devserver from 178.62.19.223 port 37560 ssh2
Oct 13 12:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16125]: Received disconnect from 178.62.19.223 port 37560:11: Bye Bye [preauth]
Oct 13 12:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16125]: Disconnected from 178.62.19.223 port 37560 [preauth]
Oct 13 12:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12770]: pam_unix(cron:session): session closed for user root
Oct 13 12:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 12:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Invalid user zwj from 51.195.149.120
Oct 13 12:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: input_userauth_request: invalid user zwj [preauth]
Oct 13 12:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 12:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: Failed password for root from 194.182.86.152 port 41574 ssh2
Oct 13 12:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: Connection closed by 194.182.86.152 port 41574 [preauth]
Oct 13 12:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226  user=root
Oct 13 12:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Failed password for invalid user zwj from 51.195.149.120 port 52258 ssh2
Oct 13 12:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Received disconnect from 51.195.149.120 port 52258:11: Bye Bye [preauth]
Oct 13 12:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Disconnected from 51.195.149.120 port 52258 [preauth]
Oct 13 12:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: Failed password for root from 185.255.91.226 port 49720 ssh2
Oct 13 12:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: Received disconnect from 185.255.91.226 port 49720:11: Bye Bye [preauth]
Oct 13 12:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: Disconnected from 185.255.91.226 port 49720 [preauth]
Oct 13 12:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161  user=root
Oct 13 12:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16330]: Failed password for root from 216.10.242.161 port 45960 ssh2
Oct 13 12:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16330]: Received disconnect from 216.10.242.161 port 45960:11: Bye Bye [preauth]
Oct 13 12:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16330]: Disconnected from 216.10.242.161 port 45960 [preauth]
Oct 13 12:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14939]: pam_unix(cron:session): session closed for user root
Oct 13 12:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: Invalid user postgres from 196.251.80.27
Oct 13 12:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: input_userauth_request: invalid user postgres [preauth]
Oct 13 12:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: Failed password for invalid user postgres from 196.251.80.27 port 60240 ssh2
Oct 13 12:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: Connection closed by 196.251.80.27 port 60240 [preauth]
Oct 13 12:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: Invalid user will from 103.10.45.57
Oct 13 12:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: input_userauth_request: invalid user will [preauth]
Oct 13 12:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: Failed password for invalid user will from 103.10.45.57 port 42544 ssh2
Oct 13 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: Received disconnect from 103.10.45.57 port 42544:11: Bye Bye [preauth]
Oct 13 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: Disconnected from 103.10.45.57 port 42544 [preauth]
Oct 13 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16445]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16446]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16440]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16515]: Successful su for rubyman by root
Oct 13 12:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16515]: + ??? root:rubyman
Oct 13 12:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404930 of user rubyman.
Oct 13 12:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16515]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404930.
Oct 13 12:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13385]: pam_unix(cron:session): session closed for user root
Oct 13 12:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Invalid user mqm from 178.62.19.223
Oct 13 12:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: input_userauth_request: invalid user mqm [preauth]
Oct 13 12:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 12:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16444]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Failed password for invalid user mqm from 178.62.19.223 port 59928 ssh2
Oct 13 12:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Received disconnect from 178.62.19.223 port 59928:11: Bye Bye [preauth]
Oct 13 12:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Disconnected from 178.62.19.223 port 59928 [preauth]
Oct 13 12:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120  user=root
Oct 13 12:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16785]: Failed password for root from 51.195.149.120 port 51786 ssh2
Oct 13 12:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16785]: Received disconnect from 51.195.149.120 port 51786:11: Bye Bye [preauth]
Oct 13 12:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16785]: Disconnected from 51.195.149.120 port 51786 [preauth]
Oct 13 12:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16815]: Invalid user hadoop from 196.251.80.27
Oct 13 12:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16815]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 12:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16815]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16815]: Failed password for invalid user hadoop from 196.251.80.27 port 38742 ssh2
Oct 13 12:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16815]: Connection closed by 196.251.80.27 port 38742 [preauth]
Oct 13 12:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: Invalid user student from 185.255.91.226
Oct 13 12:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: input_userauth_request: invalid user student [preauth]
Oct 13 12:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 12:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15507]: pam_unix(cron:session): session closed for user root
Oct 13 12:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: Failed password for invalid user student from 185.255.91.226 port 36964 ssh2
Oct 13 12:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: Received disconnect from 185.255.91.226 port 36964:11: Bye Bye [preauth]
Oct 13 12:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: Disconnected from 185.255.91.226 port 36964 [preauth]
Oct 13 12:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Invalid user sysop from 216.10.242.161
Oct 13 12:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: input_userauth_request: invalid user sysop [preauth]
Oct 13 12:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 12:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Failed password for invalid user sysop from 216.10.242.161 port 37382 ssh2
Oct 13 12:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Received disconnect from 216.10.242.161 port 37382:11: Bye Bye [preauth]
Oct 13 12:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Disconnected from 216.10.242.161 port 37382 [preauth]
Oct 13 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16915]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16913]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16914]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16912]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16915]: pam_unix(cron:session): session closed for user root
Oct 13 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16910]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16994]: Successful su for rubyman by root
Oct 13 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16994]: + ??? root:rubyman
Oct 13 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16994]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404936 of user rubyman.
Oct 13 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16994]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404936.
Oct 13 12:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13885]: pam_unix(cron:session): session closed for user root
Oct 13 12:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16912]: pam_unix(cron:session): session closed for user root
Oct 13 12:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: Invalid user hadoop from 196.251.80.27
Oct 13 12:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 12:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16911]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: Failed password for invalid user hadoop from 196.251.80.27 port 45200 ssh2
Oct 13 12:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: Connection closed by 196.251.80.27 port 45200 [preauth]
Oct 13 12:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223  user=root
Oct 13 12:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Failed password for root from 178.62.19.223 port 45304 ssh2
Oct 13 12:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Received disconnect from 178.62.19.223 port 45304:11: Bye Bye [preauth]
Oct 13 12:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Disconnected from 178.62.19.223 port 45304 [preauth]
Oct 13 12:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57  user=root
Oct 13 12:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17316]: Failed password for root from 103.10.45.57 port 58816 ssh2
Oct 13 12:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17316]: Received disconnect from 103.10.45.57 port 58816:11: Bye Bye [preauth]
Oct 13 12:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17316]: Disconnected from 103.10.45.57 port 58816 [preauth]
Oct 13 12:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: Invalid user silas from 51.195.149.120
Oct 13 12:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: input_userauth_request: invalid user silas [preauth]
Oct 13 12:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 12:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15959]: pam_unix(cron:session): session closed for user root
Oct 13 12:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: Failed password for invalid user silas from 51.195.149.120 port 56502 ssh2
Oct 13 12:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: Received disconnect from 51.195.149.120 port 56502:11: Bye Bye [preauth]
Oct 13 12:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: Disconnected from 51.195.149.120 port 56502 [preauth]
Oct 13 12:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 12:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: Invalid user qyy from 185.255.91.226
Oct 13 12:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: input_userauth_request: invalid user qyy [preauth]
Oct 13 12:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 12:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17404]: Failed password for root from 194.182.86.152 port 40708 ssh2
Oct 13 12:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17404]: Connection closed by 194.182.86.152 port 40708 [preauth]
Oct 13 12:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: Failed password for invalid user qyy from 185.255.91.226 port 55338 ssh2
Oct 13 12:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: Received disconnect from 185.255.91.226 port 55338:11: Bye Bye [preauth]
Oct 13 12:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17408]: Disconnected from 185.255.91.226 port 55338 [preauth]
Oct 13 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17423]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17424]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17421]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17493]: Successful su for rubyman by root
Oct 13 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17493]: + ??? root:rubyman
Oct 13 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404940 of user rubyman.
Oct 13 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17493]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404940.
Oct 13 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: Invalid user hadoop from 196.251.80.27
Oct 13 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: Failed password for invalid user hadoop from 196.251.80.27 port 51650 ssh2
Oct 13 12:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: Connection closed by 196.251.80.27 port 51650 [preauth]
Oct 13 12:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14418]: pam_unix(cron:session): session closed for user root
Oct 13 12:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17422]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161  user=root
Oct 13 12:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: Failed password for root from 216.10.242.161 port 42342 ssh2
Oct 13 12:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: Received disconnect from 216.10.242.161 port 42342:11: Bye Bye [preauth]
Oct 13 12:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: Disconnected from 216.10.242.161 port 42342 [preauth]
Oct 13 12:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17868]: Did not receive identification string from 80.211.129.128
Oct 13 12:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16446]: pam_unix(cron:session): session closed for user root
Oct 13 12:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17916]: Invalid user almalinux from 178.62.19.223
Oct 13 12:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17916]: input_userauth_request: invalid user almalinux [preauth]
Oct 13 12:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17916]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 12:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17916]: Failed password for invalid user almalinux from 178.62.19.223 port 51800 ssh2
Oct 13 12:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17916]: Received disconnect from 178.62.19.223 port 51800:11: Bye Bye [preauth]
Oct 13 12:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17916]: Disconnected from 178.62.19.223 port 51800 [preauth]
Oct 13 12:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Invalid user hadoop from 196.251.80.27
Oct 13 12:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 12:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17952]: Invalid user almalinux from 51.195.149.120
Oct 13 12:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17952]: input_userauth_request: invalid user almalinux [preauth]
Oct 13 12:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17952]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 12:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17952]: Failed password for invalid user almalinux from 51.195.149.120 port 45162 ssh2
Oct 13 12:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Failed password for invalid user hadoop from 196.251.80.27 port 57500 ssh2
Oct 13 12:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17952]: Received disconnect from 51.195.149.120 port 45162:11: Bye Bye [preauth]
Oct 13 12:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17952]: Disconnected from 51.195.149.120 port 45162 [preauth]
Oct 13 12:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17950]: Connection closed by 196.251.80.27 port 57500 [preauth]
Oct 13 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17985]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17986]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17982]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18065]: Successful su for rubyman by root
Oct 13 12:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18065]: + ??? root:rubyman
Oct 13 12:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404945 of user rubyman.
Oct 13 12:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18065]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404945.
Oct 13 12:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Invalid user lruiz from 103.10.45.57
Oct 13 12:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: input_userauth_request: invalid user lruiz [preauth]
Oct 13 12:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 12:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Failed password for invalid user lruiz from 103.10.45.57 port 55264 ssh2
Oct 13 12:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Received disconnect from 103.10.45.57 port 55264:11: Bye Bye [preauth]
Oct 13 12:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Disconnected from 103.10.45.57 port 55264 [preauth]
Oct 13 12:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14938]: pam_unix(cron:session): session closed for user root
Oct 13 12:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: Invalid user bill from 185.255.91.226
Oct 13 12:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: input_userauth_request: invalid user bill [preauth]
Oct 13 12:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 12:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17983]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: Failed password for invalid user bill from 185.255.91.226 port 48750 ssh2
Oct 13 12:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: Received disconnect from 185.255.91.226 port 48750:11: Bye Bye [preauth]
Oct 13 12:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: Disconnected from 185.255.91.226 port 48750 [preauth]
Oct 13 12:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18604]: Invalid user hadoop from 196.251.80.27
Oct 13 12:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18604]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 12:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18604]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18604]: Failed password for invalid user hadoop from 196.251.80.27 port 35790 ssh2
Oct 13 12:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18604]: Connection closed by 196.251.80.27 port 35790 [preauth]
Oct 13 12:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16914]: pam_unix(cron:session): session closed for user root
Oct 13 12:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: Invalid user will from 216.10.242.161
Oct 13 12:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: input_userauth_request: invalid user will [preauth]
Oct 13 12:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 12:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: Failed password for invalid user will from 216.10.242.161 port 51940 ssh2
Oct 13 12:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: Received disconnect from 216.10.242.161 port 51940:11: Bye Bye [preauth]
Oct 13 12:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: Disconnected from 216.10.242.161 port 51940 [preauth]
Oct 13 12:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: Invalid user egarcia from 178.62.19.223
Oct 13 12:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: input_userauth_request: invalid user egarcia [preauth]
Oct 13 12:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 12:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: Failed password for invalid user egarcia from 178.62.19.223 port 53006 ssh2
Oct 13 12:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: Received disconnect from 178.62.19.223 port 53006:11: Bye Bye [preauth]
Oct 13 12:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18681]: Disconnected from 178.62.19.223 port 53006 [preauth]
Oct 13 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18702]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18699]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18698]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18697]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18771]: Successful su for rubyman by root
Oct 13 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18771]: + ??? root:rubyman
Oct 13 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404950 of user rubyman.
Oct 13 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18771]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404950.
Oct 13 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120  user=root
Oct 13 12:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: Failed password for root from 51.195.149.120 port 50286 ssh2
Oct 13 12:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: Received disconnect from 51.195.149.120 port 50286:11: Bye Bye [preauth]
Oct 13 12:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: Disconnected from 51.195.149.120 port 50286 [preauth]
Oct 13 12:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15506]: pam_unix(cron:session): session closed for user root
Oct 13 12:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18698]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19156]: Invalid user hadoop from 196.251.80.27
Oct 13 12:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19156]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 12:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19156]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19156]: Failed password for invalid user hadoop from 196.251.80.27 port 42590 ssh2
Oct 13 12:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19156]: Connection closed by 196.251.80.27 port 42590 [preauth]
Oct 13 12:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17424]: pam_unix(cron:session): session closed for user root
Oct 13 12:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: Connection closed by 103.176.78.151 port 42860 [preauth]
Oct 13 12:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Invalid user silas from 103.10.45.57
Oct 13 12:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: input_userauth_request: invalid user silas [preauth]
Oct 13 12:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 12:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226  user=root
Oct 13 12:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Failed password for invalid user silas from 103.10.45.57 port 34184 ssh2
Oct 13 12:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Received disconnect from 103.10.45.57 port 34184:11: Bye Bye [preauth]
Oct 13 12:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Disconnected from 103.10.45.57 port 34184 [preauth]
Oct 13 12:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: Failed password for root from 185.255.91.226 port 43278 ssh2
Oct 13 12:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: Received disconnect from 185.255.91.226 port 43278:11: Bye Bye [preauth]
Oct 13 12:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: Disconnected from 185.255.91.226 port 43278 [preauth]
Oct 13 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19359]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19353]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19351]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19581]: Successful su for rubyman by root
Oct 13 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19581]: + ??? root:rubyman
Oct 13 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404952 of user rubyman.
Oct 13 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19581]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404952.
Oct 13 12:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19764]: Invalid user hadoop from 196.251.80.27
Oct 13 12:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19764]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 12:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19764]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: Invalid user ctarazona from 178.62.19.223
Oct 13 12:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: input_userauth_request: invalid user ctarazona [preauth]
Oct 13 12:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 12:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19764]: Failed password for invalid user hadoop from 196.251.80.27 port 48608 ssh2
Oct 13 12:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19764]: Connection closed by 196.251.80.27 port 48608 [preauth]
Oct 13 12:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15958]: pam_unix(cron:session): session closed for user root
Oct 13 12:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: Failed password for invalid user ctarazona from 178.62.19.223 port 51398 ssh2
Oct 13 12:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: Received disconnect from 178.62.19.223 port 51398:11: Bye Bye [preauth]
Oct 13 12:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: Disconnected from 178.62.19.223 port 51398 [preauth]
Oct 13 12:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19352]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161  user=root
Oct 13 12:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19981]: Failed password for root from 216.10.242.161 port 60632 ssh2
Oct 13 12:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19981]: Received disconnect from 216.10.242.161 port 60632:11: Bye Bye [preauth]
Oct 13 12:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19981]: Disconnected from 216.10.242.161 port 60632 [preauth]
Oct 13 12:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: Invalid user acct from 51.195.149.120
Oct 13 12:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: input_userauth_request: invalid user acct [preauth]
Oct 13 12:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 12:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: Failed password for invalid user acct from 51.195.149.120 port 58508 ssh2
Oct 13 12:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: Received disconnect from 51.195.149.120 port 58508:11: Bye Bye [preauth]
Oct 13 12:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: Disconnected from 51.195.149.120 port 58508 [preauth]
Oct 13 12:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17986]: pam_unix(cron:session): session closed for user root
Oct 13 12:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20120]: Invalid user hadoop from 196.251.80.27
Oct 13 12:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20120]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 12:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20120]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20120]: Failed password for invalid user hadoop from 196.251.80.27 port 55014 ssh2
Oct 13 12:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20120]: Connection closed by 196.251.80.27 port 55014 [preauth]
Oct 13 12:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20134]: Bad protocol version identification '\026\003\001' from 195.178.110.15 port 54678
Oct 13 12:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20137]: Bad protocol version identification 'GET / HTTP/1.1' from 195.178.110.15 port 54682
Oct 13 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20152]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20151]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20153]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20154]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20154]: pam_unix(cron:session): session closed for user root
Oct 13 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20149]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20155]: Invalid user raymond from 185.255.91.226
Oct 13 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20155]: input_userauth_request: invalid user raymond [preauth]
Oct 13 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20155]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 12:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20267]: Successful su for rubyman by root
Oct 13 12:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20267]: + ??? root:rubyman
Oct 13 12:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404959 of user rubyman.
Oct 13 12:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20267]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404959.
Oct 13 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20155]: Failed password for invalid user raymond from 185.255.91.226 port 44462 ssh2
Oct 13 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20155]: Received disconnect from 185.255.91.226 port 44462:11: Bye Bye [preauth]
Oct 13 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20155]: Disconnected from 185.255.91.226 port 44462 [preauth]
Oct 13 12:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20151]: pam_unix(cron:session): session closed for user root
Oct 13 12:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16445]: pam_unix(cron:session): session closed for user root
Oct 13 12:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Invalid user egarcia from 103.10.45.57
Oct 13 12:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: input_userauth_request: invalid user egarcia [preauth]
Oct 13 12:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 12:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Failed password for invalid user egarcia from 103.10.45.57 port 37128 ssh2
Oct 13 12:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Received disconnect from 103.10.45.57 port 37128:11: Bye Bye [preauth]
Oct 13 12:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Disconnected from 103.10.45.57 port 37128 [preauth]
Oct 13 12:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223  user=root
Oct 13 12:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20150]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: Failed password for root from 178.62.19.223 port 42962 ssh2
Oct 13 12:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: Received disconnect from 178.62.19.223 port 42962:11: Bye Bye [preauth]
Oct 13 12:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: Disconnected from 178.62.19.223 port 42962 [preauth]
Oct 13 12:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: Invalid user hadoop from 196.251.80.27
Oct 13 12:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 12:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Invalid user cuckoo from 51.195.149.120
Oct 13 12:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: input_userauth_request: invalid user cuckoo [preauth]
Oct 13 12:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 12:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: Failed password for invalid user hadoop from 196.251.80.27 port 32810 ssh2
Oct 13 12:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20586]: Connection closed by 196.251.80.27 port 32810 [preauth]
Oct 13 12:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Failed password for invalid user cuckoo from 51.195.149.120 port 35166 ssh2
Oct 13 12:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Received disconnect from 51.195.149.120 port 35166:11: Bye Bye [preauth]
Oct 13 12:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20600]: Disconnected from 51.195.149.120 port 35166 [preauth]
Oct 13 12:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18702]: pam_unix(cron:session): session closed for user root
Oct 13 12:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161  user=root
Oct 13 12:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20640]: Failed password for root from 216.10.242.161 port 52140 ssh2
Oct 13 12:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20640]: Received disconnect from 216.10.242.161 port 52140:11: Bye Bye [preauth]
Oct 13 12:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20640]: Disconnected from 216.10.242.161 port 52140 [preauth]
Oct 13 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20699]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20701]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20698]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20696]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20782]: Successful su for rubyman by root
Oct 13 12:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20782]: + ??? root:rubyman
Oct 13 12:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404962 of user rubyman.
Oct 13 12:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20782]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404962.
Oct 13 12:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16913]: pam_unix(cron:session): session closed for user root
Oct 13 12:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: Invalid user hadoop from 196.251.80.27
Oct 13 12:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 12:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20698]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: Failed password for invalid user hadoop from 196.251.80.27 port 39006 ssh2
Oct 13 12:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: Connection closed by 196.251.80.27 port 39006 [preauth]
Oct 13 12:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: Invalid user paco from 185.255.91.226
Oct 13 12:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: input_userauth_request: invalid user paco [preauth]
Oct 13 12:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 12:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: Failed password for invalid user paco from 185.255.91.226 port 52454 ssh2
Oct 13 12:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: Received disconnect from 185.255.91.226 port 52454:11: Bye Bye [preauth]
Oct 13 12:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: Disconnected from 185.255.91.226 port 52454 [preauth]
Oct 13 12:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: Invalid user silas from 178.62.19.223
Oct 13 12:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: input_userauth_request: invalid user silas [preauth]
Oct 13 12:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 12:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: Failed password for invalid user silas from 178.62.19.223 port 47618 ssh2
Oct 13 12:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: Received disconnect from 178.62.19.223 port 47618:11: Bye Bye [preauth]
Oct 13 12:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: Disconnected from 178.62.19.223 port 47618 [preauth]
Oct 13 12:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19359]: pam_unix(cron:session): session closed for user root
Oct 13 12:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: Connection closed by 103.176.78.151 port 58114 [preauth]
Oct 13 12:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21140]: Invalid user almalinux from 103.10.45.57
Oct 13 12:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21140]: input_userauth_request: invalid user almalinux [preauth]
Oct 13 12:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21140]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 12:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Invalid user poc from 51.195.149.120
Oct 13 12:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: input_userauth_request: invalid user poc [preauth]
Oct 13 12:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 12:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21140]: Failed password for invalid user almalinux from 103.10.45.57 port 45406 ssh2
Oct 13 12:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21140]: Received disconnect from 103.10.45.57 port 45406:11: Bye Bye [preauth]
Oct 13 12:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21140]: Disconnected from 103.10.45.57 port 45406 [preauth]
Oct 13 12:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Failed password for invalid user poc from 51.195.149.120 port 38700 ssh2
Oct 13 12:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Received disconnect from 51.195.149.120 port 38700:11: Bye Bye [preauth]
Oct 13 12:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Disconnected from 51.195.149.120 port 38700 [preauth]
Oct 13 12:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21165]: Invalid user hadoop from 196.251.80.27
Oct 13 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21165]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21165]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21180]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21178]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21177]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21176]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21176]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21243]: Successful su for rubyman by root
Oct 13 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21243]: + ??? root:rubyman
Oct 13 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21243]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404966 of user rubyman.
Oct 13 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21243]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404966.
Oct 13 12:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21165]: Failed password for invalid user hadoop from 196.251.80.27 port 44840 ssh2
Oct 13 12:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21165]: Connection closed by 196.251.80.27 port 44840 [preauth]
Oct 13 12:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17423]: pam_unix(cron:session): session closed for user root
Oct 13 12:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: Invalid user lruiz from 216.10.242.161
Oct 13 12:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: input_userauth_request: invalid user lruiz [preauth]
Oct 13 12:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 12:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: Failed password for invalid user lruiz from 216.10.242.161 port 44534 ssh2
Oct 13 12:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: Received disconnect from 216.10.242.161 port 44534:11: Bye Bye [preauth]
Oct 13 12:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: Disconnected from 216.10.242.161 port 44534 [preauth]
Oct 13 12:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21177]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20153]: pam_unix(cron:session): session closed for user root
Oct 13 12:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: Invalid user hadoop from 196.251.80.27
Oct 13 12:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 12:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 12:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: Invalid user julia from 185.255.91.226
Oct 13 12:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: input_userauth_request: invalid user julia [preauth]
Oct 13 12:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 12:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: Failed password for invalid user hadoop from 196.251.80.27 port 50708 ssh2
Oct 13 12:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: Connection closed by 196.251.80.27 port 50708 [preauth]
Oct 13 12:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: Invalid user cuckoo from 178.62.19.223
Oct 13 12:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: input_userauth_request: invalid user cuckoo [preauth]
Oct 13 12:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 12:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: Failed password for invalid user julia from 185.255.91.226 port 34012 ssh2
Oct 13 12:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: Received disconnect from 185.255.91.226 port 34012:11: Bye Bye [preauth]
Oct 13 12:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21661]: Disconnected from 185.255.91.226 port 34012 [preauth]
Oct 13 12:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: Failed password for invalid user cuckoo from 178.62.19.223 port 43754 ssh2
Oct 13 12:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: Received disconnect from 178.62.19.223 port 43754:11: Bye Bye [preauth]
Oct 13 12:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: Disconnected from 178.62.19.223 port 43754 [preauth]
Oct 13 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21706]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21705]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21703]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21704]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21703]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21785]: Successful su for rubyman by root
Oct 13 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21785]: + ??? root:rubyman
Oct 13 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21785]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404970 of user rubyman.
Oct 13 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21785]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404970.
Oct 13 12:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120  user=root
Oct 13 12:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21879]: Failed password for root from 51.195.149.120 port 37414 ssh2
Oct 13 12:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21879]: Received disconnect from 51.195.149.120 port 37414:11: Bye Bye [preauth]
Oct 13 12:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21879]: Disconnected from 51.195.149.120 port 37414 [preauth]
Oct 13 12:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17985]: pam_unix(cron:session): session closed for user root
Oct 13 12:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21704]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: Invalid user test from 103.10.45.57
Oct 13 12:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: input_userauth_request: invalid user test [preauth]
Oct 13 12:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 12:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: Failed password for invalid user test from 103.10.45.57 port 54714 ssh2
Oct 13 12:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: Received disconnect from 103.10.45.57 port 54714:11: Bye Bye [preauth]
Oct 13 12:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22046]: Disconnected from 103.10.45.57 port 54714 [preauth]
Oct 13 12:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 12:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: input_userauth_request: invalid user mysql [preauth]
Oct 13 12:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 12:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: Failed password for invalid user mysql from 196.251.80.27 port 56556 ssh2
Oct 13 12:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22060]: Connection closed by 196.251.80.27 port 56556 [preauth]
Oct 13 12:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20701]: pam_unix(cron:session): session closed for user root
Oct 13 12:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: Invalid user test from 134.175.247.110
Oct 13 12:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: input_userauth_request: invalid user test [preauth]
Oct 13 12:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.175.247.110
Oct 13 12:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: Invalid user proxyuser from 216.10.242.161
Oct 13 12:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: input_userauth_request: invalid user proxyuser [preauth]
Oct 13 12:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 12:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: Failed password for invalid user test from 134.175.247.110 port 42704 ssh2
Oct 13 12:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: Received disconnect from 134.175.247.110 port 42704:11: Bye Bye [preauth]
Oct 13 12:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: Disconnected from 134.175.247.110 port 42704 [preauth]
Oct 13 12:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: Failed password for invalid user proxyuser from 216.10.242.161 port 42190 ssh2
Oct 13 12:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: Received disconnect from 216.10.242.161 port 42190:11: Bye Bye [preauth]
Oct 13 12:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22144]: Disconnected from 216.10.242.161 port 42190 [preauth]
Oct 13 12:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 12:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: Failed password for root from 194.182.86.152 port 58712 ssh2
Oct 13 12:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22190]: Connection closed by 194.182.86.152 port 58712 [preauth]
Oct 13 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22230]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22231]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22226]: pam_unix(cron:session): session closed for user p13x
Oct 13 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22303]: Successful su for rubyman by root
Oct 13 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22303]: + ??? root:rubyman
Oct 13 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404975 of user rubyman.
Oct 13 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22303]: pam_unix(su:session): session closed for user rubyman
Oct 13 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404975.
Oct 13 12:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223  user=root
Oct 13 12:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22343]: Failed password for root from 178.62.19.223 port 37800 ssh2
Oct 13 12:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22343]: Received disconnect from 178.62.19.223 port 37800:11: Bye Bye [preauth]
Oct 13 12:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22343]: Disconnected from 178.62.19.223 port 37800 [preauth]
Oct 13 12:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18699]: pam_unix(cron:session): session closed for user root
Oct 13 12:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 12:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: input_userauth_request: invalid user mysql [preauth]
Oct 13 12:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 12:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: Failed password for invalid user mysql from 196.251.80.27 port 34302 ssh2
Oct 13 12:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22488]: Connection closed by 196.251.80.27 port 34302 [preauth]
Oct 13 12:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: Invalid user superv from 185.255.91.226
Oct 13 12:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: input_userauth_request: invalid user superv [preauth]
Oct 13 12:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 12:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: Failed password for invalid user superv from 185.255.91.226 port 54782 ssh2
Oct 13 12:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: Received disconnect from 185.255.91.226 port 54782:11: Bye Bye [preauth]
Oct 13 12:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: Disconnected from 185.255.91.226 port 54782 [preauth]
Oct 13 12:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22227]: pam_unix(cron:session): session closed for user samftp
Oct 13 12:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: Invalid user azureuser from 181.212.34.237
Oct 13 12:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: input_userauth_request: invalid user azureuser [preauth]
Oct 13 12:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 12:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22567]: Invalid user ftpuser from 51.195.149.120
Oct 13 12:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22567]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 12:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22567]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 12:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 12:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: Failed password for invalid user azureuser from 181.212.34.237 port 6917 ssh2
Oct 13 12:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: Received disconnect from 181.212.34.237 port 6917:11: Bye Bye [preauth]
Oct 13 12:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: Disconnected from 181.212.34.237 port 6917 [preauth]
Oct 13 12:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22567]: Failed password for invalid user ftpuser from 51.195.149.120 port 59470 ssh2
Oct 13 12:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22567]: Received disconnect from 51.195.149.120 port 59470:11: Bye Bye [preauth]
Oct 13 12:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22567]: Disconnected from 51.195.149.120 port 59470 [preauth]
Oct 13 12:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21180]: pam_unix(cron:session): session closed for user root
Oct 13 12:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 12:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 12:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: input_userauth_request: invalid user mysql [preauth]
Oct 13 12:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 12:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: Failed password for invalid user mysql from 196.251.80.27 port 40480 ssh2
Oct 13 12:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: Connection closed by 196.251.80.27 port 40480 [preauth]
Oct 13 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22905]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22902]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22898]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22904]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22900]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22905]: pam_unix(cron:session): session closed for user root
Oct 13 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22898]: pam_unix(cron:session): session closed for user root
Oct 13 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22896]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[23178]: Successful su for rubyman by root
Oct 13 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[23178]: + ??? root:rubyman
Oct 13 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[23178]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404982 of user rubyman.
Oct 13 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[23178]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404982.
Oct 13 13:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23321]: Invalid user ftpuser from 103.10.45.57
Oct 13 13:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23321]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 13:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23321]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 13:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22900]: pam_unix(cron:session): session closed for user root
Oct 13 13:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19353]: pam_unix(cron:session): session closed for user root
Oct 13 13:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23321]: Failed password for invalid user ftpuser from 103.10.45.57 port 43390 ssh2
Oct 13 13:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23321]: Received disconnect from 103.10.45.57 port 43390:11: Bye Bye [preauth]
Oct 13 13:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23321]: Disconnected from 103.10.45.57 port 43390 [preauth]
Oct 13 13:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: Invalid user puneet from 216.10.242.161
Oct 13 13:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: input_userauth_request: invalid user puneet [preauth]
Oct 13 13:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 13:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: Failed password for invalid user puneet from 216.10.242.161 port 47098 ssh2
Oct 13 13:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: Received disconnect from 216.10.242.161 port 47098:11: Bye Bye [preauth]
Oct 13 13:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: Disconnected from 216.10.242.161 port 47098 [preauth]
Oct 13 13:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23769]: Invalid user sol from 37.120.247.172
Oct 13 13:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23769]: input_userauth_request: invalid user sol [preauth]
Oct 13 13:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23769]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223  user=root
Oct 13 13:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23769]: Failed password for invalid user sol from 37.120.247.172 port 53116 ssh2
Oct 13 13:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23769]: Received disconnect from 37.120.247.172 port 53116:11: Bye Bye [preauth]
Oct 13 13:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23769]: Disconnected from 37.120.247.172 port 53116 [preauth]
Oct 13 13:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23781]: Failed password for root from 178.62.19.223 port 37288 ssh2
Oct 13 13:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23781]: Received disconnect from 178.62.19.223 port 37288:11: Bye Bye [preauth]
Oct 13 13:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23781]: Disconnected from 178.62.19.223 port 37288 [preauth]
Oct 13 13:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22897]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120  user=root
Oct 13 13:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: Failed password for root from 51.195.149.120 port 35930 ssh2
Oct 13 13:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: Received disconnect from 51.195.149.120 port 35930:11: Bye Bye [preauth]
Oct 13 13:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: Disconnected from 51.195.149.120 port 35930 [preauth]
Oct 13 13:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21706]: pam_unix(cron:session): session closed for user root
Oct 13 13:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226  user=root
Oct 13 13:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23942]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 13:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23942]: input_userauth_request: invalid user mysql [preauth]
Oct 13 13:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23923]: Failed password for root from 185.255.91.226 port 60750 ssh2
Oct 13 13:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 13:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23923]: Received disconnect from 185.255.91.226 port 60750:11: Bye Bye [preauth]
Oct 13 13:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23923]: Disconnected from 185.255.91.226 port 60750 [preauth]
Oct 13 13:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23942]: Failed password for invalid user mysql from 196.251.80.27 port 45710 ssh2
Oct 13 13:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23942]: Connection closed by 196.251.80.27 port 45710 [preauth]
Oct 13 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24012]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24010]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24008]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24122]: Successful su for rubyman by root
Oct 13 13:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24122]: + ??? root:rubyman
Oct 13 13:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404985 of user rubyman.
Oct 13 13:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24122]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404985.
Oct 13 13:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20152]: pam_unix(cron:session): session closed for user root
Oct 13 13:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24009]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24402]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 13:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24402]: input_userauth_request: invalid user mysql [preauth]
Oct 13 13:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 13:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24402]: Failed password for invalid user mysql from 196.251.80.27 port 51270 ssh2
Oct 13 13:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24402]: Connection closed by 196.251.80.27 port 51270 [preauth]
Oct 13 13:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Invalid user daniel from 178.62.19.223
Oct 13 13:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: input_userauth_request: invalid user daniel [preauth]
Oct 13 13:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 13:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Failed password for invalid user daniel from 178.62.19.223 port 45886 ssh2
Oct 13 13:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Received disconnect from 178.62.19.223 port 45886:11: Bye Bye [preauth]
Oct 13 13:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Disconnected from 178.62.19.223 port 45886 [preauth]
Oct 13 13:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161  user=root
Oct 13 13:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22231]: pam_unix(cron:session): session closed for user root
Oct 13 13:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24450]: Failed password for root from 216.10.242.161 port 54350 ssh2
Oct 13 13:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24450]: Received disconnect from 216.10.242.161 port 54350:11: Bye Bye [preauth]
Oct 13 13:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24450]: Disconnected from 216.10.242.161 port 54350 [preauth]
Oct 13 13:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120  user=root
Oct 13 13:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: Failed password for root from 51.195.149.120 port 48898 ssh2
Oct 13 13:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: Received disconnect from 51.195.149.120 port 48898:11: Bye Bye [preauth]
Oct 13 13:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: Disconnected from 51.195.149.120 port 48898 [preauth]
Oct 13 13:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: User mysql from 62.60.131.157 not allowed because not listed in AllowUsers
Oct 13 13:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: input_userauth_request: invalid user mysql [preauth]
Oct 13 13:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=mysql
Oct 13 13:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154  user=root
Oct 13 13:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: Failed password for invalid user mysql from 62.60.131.157 port 62297 ssh2
Oct 13 13:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: Failed password for root from 89.216.47.154 port 36008 ssh2
Oct 13 13:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: Received disconnect from 89.216.47.154 port 36008:11: Bye Bye [preauth]
Oct 13 13:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24514]: Disconnected from 89.216.47.154 port 36008 [preauth]
Oct 13 13:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: Failed password for invalid user mysql from 62.60.131.157 port 62297 ssh2
Oct 13 13:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: message repeated 2 times: [ Failed password for invalid user mysql from 62.60.131.157 port 62297 ssh2]
Oct 13 13:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: Failed password for invalid user mysql from 62.60.131.157 port 62297 ssh2
Oct 13 13:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: Received disconnect from 62.60.131.157 port 62297:11: Bye [preauth]
Oct 13 13:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: Disconnected from 62.60.131.157 port 62297 [preauth]
Oct 13 13:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=mysql
Oct 13 13:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 13:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226  user=root
Oct 13 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24563]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24562]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24560]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24555]: Failed password for root from 185.255.91.226 port 50830 ssh2
Oct 13 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24555]: Received disconnect from 185.255.91.226 port 50830:11: Bye Bye [preauth]
Oct 13 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24555]: Disconnected from 185.255.91.226 port 50830 [preauth]
Oct 13 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24650]: Successful su for rubyman by root
Oct 13 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24650]: + ??? root:rubyman
Oct 13 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404991 of user rubyman.
Oct 13 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24650]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404991.
Oct 13 13:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 13:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: input_userauth_request: invalid user mysql [preauth]
Oct 13 13:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 13:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20699]: pam_unix(cron:session): session closed for user root
Oct 13 13:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Failed password for invalid user mysql from 196.251.80.27 port 56568 ssh2
Oct 13 13:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Connection closed by 196.251.80.27 port 56568 [preauth]
Oct 13 13:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24561]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223  user=root
Oct 13 13:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22904]: pam_unix(cron:session): session closed for user root
Oct 13 13:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: Failed password for root from 178.62.19.223 port 57650 ssh2
Oct 13 13:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: Received disconnect from 178.62.19.223 port 57650:11: Bye Bye [preauth]
Oct 13 13:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24981]: Disconnected from 178.62.19.223 port 57650 [preauth]
Oct 13 13:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Invalid user system from 37.120.247.172
Oct 13 13:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: input_userauth_request: invalid user system [preauth]
Oct 13 13:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Failed password for invalid user system from 37.120.247.172 port 53288 ssh2
Oct 13 13:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Received disconnect from 37.120.247.172 port 53288:11: Bye Bye [preauth]
Oct 13 13:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Disconnected from 37.120.247.172 port 53288 [preauth]
Oct 13 13:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 13:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: input_userauth_request: invalid user mysql [preauth]
Oct 13 13:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 13:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: Invalid user debian from 181.212.34.237
Oct 13 13:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: input_userauth_request: invalid user debian [preauth]
Oct 13 13:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: Failed password for invalid user mysql from 196.251.80.27 port 33882 ssh2
Oct 13 13:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: Connection closed by 196.251.80.27 port 33882 [preauth]
Oct 13 13:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: Failed password for invalid user debian from 181.212.34.237 port 26556 ssh2
Oct 13 13:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: Received disconnect from 181.212.34.237 port 26556:11: Bye Bye [preauth]
Oct 13 13:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: Disconnected from 181.212.34.237 port 26556 [preauth]
Oct 13 13:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120  user=root
Oct 13 13:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25043]: Failed password for root from 51.195.149.120 port 45300 ssh2
Oct 13 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25043]: Received disconnect from 51.195.149.120 port 45300:11: Bye Bye [preauth]
Oct 13 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25043]: Disconnected from 51.195.149.120 port 45300 [preauth]
Oct 13 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: Invalid user njs from 216.10.242.161
Oct 13 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: input_userauth_request: invalid user njs [preauth]
Oct 13 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25061]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25059]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25060]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25058]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25058]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25149]: Successful su for rubyman by root
Oct 13 13:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25149]: + ??? root:rubyman
Oct 13 13:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404995 of user rubyman.
Oct 13 13:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25149]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404995.
Oct 13 13:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: Failed password for invalid user njs from 216.10.242.161 port 41288 ssh2
Oct 13 13:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: Received disconnect from 216.10.242.161 port 41288:11: Bye Bye [preauth]
Oct 13 13:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: Disconnected from 216.10.242.161 port 41288 [preauth]
Oct 13 13:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21178]: pam_unix(cron:session): session closed for user root
Oct 13 13:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: Bad protocol version identification '\026\003\001' from 148.113.214.206 port 55312
Oct 13 13:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57  user=root
Oct 13 13:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: Failed password for root from 103.10.45.57 port 58294 ssh2
Oct 13 13:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: Received disconnect from 103.10.45.57 port 58294:11: Bye Bye [preauth]
Oct 13 13:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25597]: Disconnected from 103.10.45.57 port 58294 [preauth]
Oct 13 13:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25059]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226  user=root
Oct 13 13:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: Failed password for root from 185.255.91.226 port 34228 ssh2
Oct 13 13:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: Received disconnect from 185.255.91.226 port 34228:11: Bye Bye [preauth]
Oct 13 13:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: Disconnected from 185.255.91.226 port 34228 [preauth]
Oct 13 13:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25679]: Invalid user root11 from 89.216.47.154
Oct 13 13:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25679]: input_userauth_request: invalid user root11 [preauth]
Oct 13 13:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25679]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25679]: Failed password for invalid user root11 from 89.216.47.154 port 55238 ssh2
Oct 13 13:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25679]: Received disconnect from 89.216.47.154 port 55238:11: Bye Bye [preauth]
Oct 13 13:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25679]: Disconnected from 89.216.47.154 port 55238 [preauth]
Oct 13 13:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25685]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 13:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25685]: input_userauth_request: invalid user mysql [preauth]
Oct 13 13:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 13:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24012]: pam_unix(cron:session): session closed for user root
Oct 13 13:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25685]: Failed password for invalid user mysql from 196.251.80.27 port 39252 ssh2
Oct 13 13:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25685]: Connection closed by 196.251.80.27 port 39252 [preauth]
Oct 13 13:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223  user=root
Oct 13 13:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25755]: Failed password for root from 178.62.19.223 port 54854 ssh2
Oct 13 13:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25755]: Received disconnect from 178.62.19.223 port 54854:11: Bye Bye [preauth]
Oct 13 13:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25755]: Disconnected from 178.62.19.223 port 54854 [preauth]
Oct 13 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25770]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25769]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25766]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25946]: Successful su for rubyman by root
Oct 13 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25946]: + ??? root:rubyman
Oct 13 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 404997 of user rubyman.
Oct 13 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25946]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 404997.
Oct 13 13:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: Invalid user oracle from 37.120.247.172
Oct 13 13:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: input_userauth_request: invalid user oracle [preauth]
Oct 13 13:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21705]: pam_unix(cron:session): session closed for user root
Oct 13 13:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: Failed password for invalid user oracle from 37.120.247.172 port 48038 ssh2
Oct 13 13:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: Received disconnect from 37.120.247.172 port 48038:11: Bye Bye [preauth]
Oct 13 13:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: Disconnected from 37.120.247.172 port 48038 [preauth]
Oct 13 13:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: Invalid user ctarazona from 51.195.149.120
Oct 13 13:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: input_userauth_request: invalid user ctarazona [preauth]
Oct 13 13:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 13:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: Failed password for invalid user ctarazona from 51.195.149.120 port 59632 ssh2
Oct 13 13:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: Received disconnect from 51.195.149.120 port 59632:11: Bye Bye [preauth]
Oct 13 13:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26139]: Disconnected from 51.195.149.120 port 59632 [preauth]
Oct 13 13:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25768]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26219]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 13:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26219]: input_userauth_request: invalid user mysql [preauth]
Oct 13 13:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 13:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26219]: Failed password for invalid user mysql from 196.251.80.27 port 44548 ssh2
Oct 13 13:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26219]: Connection closed by 196.251.80.27 port 44548 [preauth]
Oct 13 13:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26231]: Invalid user devserver from 216.10.242.161
Oct 13 13:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26231]: input_userauth_request: invalid user devserver [preauth]
Oct 13 13:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26231]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 13:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26231]: Failed password for invalid user devserver from 216.10.242.161 port 32990 ssh2
Oct 13 13:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26231]: Received disconnect from 216.10.242.161 port 32990:11: Bye Bye [preauth]
Oct 13 13:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26231]: Disconnected from 216.10.242.161 port 32990 [preauth]
Oct 13 13:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24563]: pam_unix(cron:session): session closed for user root
Oct 13 13:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26289]: Invalid user radio from 181.212.34.237
Oct 13 13:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26289]: input_userauth_request: invalid user radio [preauth]
Oct 13 13:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26289]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226  user=root
Oct 13 13:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26289]: Failed password for invalid user radio from 181.212.34.237 port 40135 ssh2
Oct 13 13:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26289]: Received disconnect from 181.212.34.237 port 40135:11: Bye Bye [preauth]
Oct 13 13:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26289]: Disconnected from 181.212.34.237 port 40135 [preauth]
Oct 13 13:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26296]: Failed password for root from 185.255.91.226 port 33878 ssh2
Oct 13 13:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26296]: Received disconnect from 185.255.91.226 port 33878:11: Bye Bye [preauth]
Oct 13 13:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26296]: Disconnected from 185.255.91.226 port 33878 [preauth]
Oct 13 13:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57  user=root
Oct 13 13:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26321]: Failed password for root from 103.10.45.57 port 53864 ssh2
Oct 13 13:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26321]: Received disconnect from 103.10.45.57 port 53864:11: Bye Bye [preauth]
Oct 13 13:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26321]: Disconnected from 103.10.45.57 port 53864 [preauth]
Oct 13 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26363]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26361]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26362]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26366]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26360]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26366]: pam_unix(cron:session): session closed for user root
Oct 13 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26358]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: Invalid user admin1234 from 89.216.47.154
Oct 13 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: input_userauth_request: invalid user admin1234 [preauth]
Oct 13 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: Successful su for rubyman by root
Oct 13 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: + ??? root:rubyman
Oct 13 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405001 of user rubyman.
Oct 13 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405001.
Oct 13 13:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: Failed password for invalid user admin1234 from 89.216.47.154 port 44599 ssh2
Oct 13 13:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: Received disconnect from 89.216.47.154 port 44599:11: Bye Bye [preauth]
Oct 13 13:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: Disconnected from 89.216.47.154 port 44599 [preauth]
Oct 13 13:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: Invalid user puneet from 178.62.19.223
Oct 13 13:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: input_userauth_request: invalid user puneet [preauth]
Oct 13 13:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 13:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26665]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 13:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26665]: input_userauth_request: invalid user mysql [preauth]
Oct 13 13:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 13:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26361]: pam_unix(cron:session): session closed for user root
Oct 13 13:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22230]: pam_unix(cron:session): session closed for user root
Oct 13 13:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: Failed password for invalid user puneet from 178.62.19.223 port 56806 ssh2
Oct 13 13:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: Received disconnect from 178.62.19.223 port 56806:11: Bye Bye [preauth]
Oct 13 13:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: Disconnected from 178.62.19.223 port 56806 [preauth]
Oct 13 13:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26665]: Failed password for invalid user mysql from 196.251.80.27 port 49832 ssh2
Oct 13 13:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26665]: Connection closed by 196.251.80.27 port 49832 [preauth]
Oct 13 13:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151  user=root
Oct 13 13:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26360]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26862]: Failed password for root from 103.176.78.151 port 48338 ssh2
Oct 13 13:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26862]: Received disconnect from 103.176.78.151 port 48338:11: Bye Bye [preauth]
Oct 13 13:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26862]: Disconnected from 103.176.78.151 port 48338 [preauth]
Oct 13 13:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120  user=root
Oct 13 13:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26892]: Failed password for root from 51.195.149.120 port 43500 ssh2
Oct 13 13:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26892]: Received disconnect from 51.195.149.120 port 43500:11: Bye Bye [preauth]
Oct 13 13:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26892]: Disconnected from 51.195.149.120 port 43500 [preauth]
Oct 13 13:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: Invalid user administrator from 37.120.247.172
Oct 13 13:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: input_userauth_request: invalid user administrator [preauth]
Oct 13 13:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: Invalid user ndd from 177.75.6.242
Oct 13 13:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: input_userauth_request: invalid user ndd [preauth]
Oct 13 13:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: Failed password for invalid user administrator from 37.120.247.172 port 53576 ssh2
Oct 13 13:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: Received disconnect from 37.120.247.172 port 53576:11: Bye Bye [preauth]
Oct 13 13:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: Disconnected from 37.120.247.172 port 53576 [preauth]
Oct 13 13:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: Failed password for invalid user ndd from 177.75.6.242 port 51505 ssh2
Oct 13 13:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: Received disconnect from 177.75.6.242 port 51505:11: Bye Bye [preauth]
Oct 13 13:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: Disconnected from 177.75.6.242 port 51505 [preauth]
Oct 13 13:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25061]: pam_unix(cron:session): session closed for user root
Oct 13 13:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 13:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: input_userauth_request: invalid user mysql [preauth]
Oct 13 13:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 13:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: Failed password for invalid user mysql from 196.251.80.27 port 55186 ssh2
Oct 13 13:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27180]: Connection closed by 196.251.80.27 port 55186 [preauth]
Oct 13 13:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: Invalid user test from 216.10.242.161
Oct 13 13:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: input_userauth_request: invalid user test [preauth]
Oct 13 13:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27206]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27207]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27203]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: Failed password for invalid user test from 216.10.242.161 port 53528 ssh2
Oct 13 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: Received disconnect from 216.10.242.161 port 53528:11: Bye Bye [preauth]
Oct 13 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: Disconnected from 216.10.242.161 port 53528 [preauth]
Oct 13 13:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27287]: Successful su for rubyman by root
Oct 13 13:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27287]: + ??? root:rubyman
Oct 13 13:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405007 of user rubyman.
Oct 13 13:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27287]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405007.
Oct 13 13:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226  user=root
Oct 13 13:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: Failed password for root from 185.255.91.226 port 36900 ssh2
Oct 13 13:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: Received disconnect from 185.255.91.226 port 36900:11: Bye Bye [preauth]
Oct 13 13:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27309]: Disconnected from 185.255.91.226 port 36900 [preauth]
Oct 13 13:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22902]: pam_unix(cron:session): session closed for user root
Oct 13 13:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27204]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: Invalid user puneet from 103.10.45.57
Oct 13 13:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: input_userauth_request: invalid user puneet [preauth]
Oct 13 13:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 13:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: Failed password for invalid user puneet from 103.10.45.57 port 54396 ssh2
Oct 13 13:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: Received disconnect from 103.10.45.57 port 54396:11: Bye Bye [preauth]
Oct 13 13:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: Disconnected from 103.10.45.57 port 54396 [preauth]
Oct 13 13:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: Invalid user lruiz from 178.62.19.223
Oct 13 13:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: input_userauth_request: invalid user lruiz [preauth]
Oct 13 13:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 13:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: Failed password for invalid user lruiz from 178.62.19.223 port 57304 ssh2
Oct 13 13:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: Invalid user ubuntu from 181.212.34.237
Oct 13 13:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 13:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: Received disconnect from 178.62.19.223 port 57304:11: Bye Bye [preauth]
Oct 13 13:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: Disconnected from 178.62.19.223 port 57304 [preauth]
Oct 13 13:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: Failed password for invalid user ubuntu from 181.212.34.237 port 64709 ssh2
Oct 13 13:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: Received disconnect from 181.212.34.237 port 64709:11: Bye Bye [preauth]
Oct 13 13:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: Disconnected from 181.212.34.237 port 64709 [preauth]
Oct 13 13:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: Invalid user aryan from 89.216.47.154
Oct 13 13:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: input_userauth_request: invalid user aryan [preauth]
Oct 13 13:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: Failed password for invalid user aryan from 89.216.47.154 port 33960 ssh2
Oct 13 13:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: Received disconnect from 89.216.47.154 port 33960:11: Bye Bye [preauth]
Oct 13 13:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27861]: Disconnected from 89.216.47.154 port 33960 [preauth]
Oct 13 13:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27913]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 13:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27913]: input_userauth_request: invalid user mysql [preauth]
Oct 13 13:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 13:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25770]: pam_unix(cron:session): session closed for user root
Oct 13 13:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27913]: Failed password for invalid user mysql from 196.251.80.27 port 60106 ssh2
Oct 13 13:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27913]: Connection closed by 196.251.80.27 port 60106 [preauth]
Oct 13 13:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120  user=root
Oct 13 13:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Failed password for root from 51.195.149.120 port 46580 ssh2
Oct 13 13:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Received disconnect from 51.195.149.120 port 46580:11: Bye Bye [preauth]
Oct 13 13:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Disconnected from 51.195.149.120 port 46580 [preauth]
Oct 13 13:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: Invalid user dmdba from 37.120.247.172
Oct 13 13:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: input_userauth_request: invalid user dmdba [preauth]
Oct 13 13:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: Failed password for invalid user dmdba from 37.120.247.172 port 49620 ssh2
Oct 13 13:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: Received disconnect from 37.120.247.172 port 49620:11: Bye Bye [preauth]
Oct 13 13:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27941]: Disconnected from 37.120.247.172 port 49620 [preauth]
Oct 13 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27990]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27991]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27988]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28073]: Successful su for rubyman by root
Oct 13 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28073]: + ??? root:rubyman
Oct 13 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405011 of user rubyman.
Oct 13 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28073]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405011.
Oct 13 13:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24010]: pam_unix(cron:session): session closed for user root
Oct 13 13:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 13:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omarab8@198.199.94.12 rhost=::ffff:45.142.193.185
Oct 13 13:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 13:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omarab8 rhost=::ffff:45.142.193.185
Oct 13 13:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27989]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28349]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 13:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28349]: input_userauth_request: invalid user mysql [preauth]
Oct 13 13:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 13:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28349]: Failed password for invalid user mysql from 196.251.80.27 port 37182 ssh2
Oct 13 13:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161  user=root
Oct 13 13:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28349]: Connection closed by 196.251.80.27 port 37182 [preauth]
Oct 13 13:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: Invalid user integral from 185.255.91.226
Oct 13 13:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: input_userauth_request: invalid user integral [preauth]
Oct 13 13:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 13:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: Failed password for root from 216.10.242.161 port 43086 ssh2
Oct 13 13:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: Received disconnect from 216.10.242.161 port 43086:11: Bye Bye [preauth]
Oct 13 13:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: Disconnected from 216.10.242.161 port 43086 [preauth]
Oct 13 13:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: Failed password for invalid user integral from 185.255.91.226 port 43562 ssh2
Oct 13 13:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: Received disconnect from 185.255.91.226 port 43562:11: Bye Bye [preauth]
Oct 13 13:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: Disconnected from 185.255.91.226 port 43562 [preauth]
Oct 13 13:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223  user=root
Oct 13 13:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151  user=root
Oct 13 13:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: Failed password for root from 178.62.19.223 port 53024 ssh2
Oct 13 13:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: Received disconnect from 178.62.19.223 port 53024:11: Bye Bye [preauth]
Oct 13 13:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: Disconnected from 178.62.19.223 port 53024 [preauth]
Oct 13 13:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: Failed password for root from 103.176.78.151 port 36002 ssh2
Oct 13 13:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: Received disconnect from 103.176.78.151 port 36002:11: Bye Bye [preauth]
Oct 13 13:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: Disconnected from 103.176.78.151 port 36002 [preauth]
Oct 13 13:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26363]: pam_unix(cron:session): session closed for user root
Oct 13 13:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242  user=root
Oct 13 13:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: Failed password for root from 177.75.6.242 port 55280 ssh2
Oct 13 13:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: Received disconnect from 177.75.6.242 port 55280:11: Bye Bye [preauth]
Oct 13 13:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: Disconnected from 177.75.6.242 port 55280 [preauth]
Oct 13 13:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: Invalid user ctarazona from 103.10.45.57
Oct 13 13:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: input_userauth_request: invalid user ctarazona [preauth]
Oct 13 13:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 13:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: Failed password for invalid user ctarazona from 103.10.45.57 port 34762 ssh2
Oct 13 13:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: Received disconnect from 103.10.45.57 port 34762:11: Bye Bye [preauth]
Oct 13 13:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: Disconnected from 103.10.45.57 port 34762 [preauth]
Oct 13 13:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28730]: Invalid user proxyuser from 51.195.149.120
Oct 13 13:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28730]: input_userauth_request: invalid user proxyuser [preauth]
Oct 13 13:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28730]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 13:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154  user=root
Oct 13 13:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28730]: Failed password for invalid user proxyuser from 51.195.149.120 port 40164 ssh2
Oct 13 13:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28730]: Received disconnect from 51.195.149.120 port 40164:11: Bye Bye [preauth]
Oct 13 13:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28730]: Disconnected from 51.195.149.120 port 40164 [preauth]
Oct 13 13:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: Failed password for root from 89.216.47.154 port 51553 ssh2
Oct 13 13:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: Received disconnect from 89.216.47.154 port 51553:11: Bye Bye [preauth]
Oct 13 13:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: Disconnected from 89.216.47.154 port 51553 [preauth]
Oct 13 13:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 13:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: Invalid user oracle from 37.120.247.172
Oct 13 13:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: input_userauth_request: invalid user oracle [preauth]
Oct 13 13:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28755]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28754]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28751]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: Invalid user bot from 181.212.34.237
Oct 13 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: input_userauth_request: invalid user bot [preauth]
Oct 13 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28717]: Failed password for root from 80.211.129.128 port 58620 ssh2
Oct 13 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28827]: Successful su for rubyman by root
Oct 13 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28827]: + ??? root:rubyman
Oct 13 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405016 of user rubyman.
Oct 13 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28827]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405016.
Oct 13 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: Failed password for invalid user oracle from 37.120.247.172 port 43090 ssh2
Oct 13 13:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: Received disconnect from 37.120.247.172 port 43090:11: Bye Bye [preauth]
Oct 13 13:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: Disconnected from 37.120.247.172 port 43090 [preauth]
Oct 13 13:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28717]: Connection closed by 80.211.129.128 port 58620 [preauth]
Oct 13 13:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: Failed password for invalid user bot from 181.212.34.237 port 6301 ssh2
Oct 13 13:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: Received disconnect from 181.212.34.237 port 6301:11: Bye Bye [preauth]
Oct 13 13:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28747]: Disconnected from 181.212.34.237 port 6301 [preauth]
Oct 13 13:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29017]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 13:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29017]: input_userauth_request: invalid user mysql [preauth]
Oct 13 13:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 13:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29017]: Failed password for invalid user mysql from 196.251.80.27 port 41928 ssh2
Oct 13 13:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29017]: Connection closed by 196.251.80.27 port 41928 [preauth]
Oct 13 13:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24562]: pam_unix(cron:session): session closed for user root
Oct 13 13:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28753]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27207]: pam_unix(cron:session): session closed for user root
Oct 13 13:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29314]: Invalid user leandro from 185.255.91.226
Oct 13 13:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29314]: input_userauth_request: invalid user leandro [preauth]
Oct 13 13:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29314]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 13:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: Invalid user poc from 178.62.19.223
Oct 13 13:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: input_userauth_request: invalid user poc [preauth]
Oct 13 13:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 13:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29314]: Failed password for invalid user leandro from 185.255.91.226 port 52170 ssh2
Oct 13 13:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29314]: Received disconnect from 185.255.91.226 port 52170:11: Bye Bye [preauth]
Oct 13 13:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29314]: Disconnected from 185.255.91.226 port 52170 [preauth]
Oct 13 13:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: Failed password for invalid user poc from 178.62.19.223 port 39536 ssh2
Oct 13 13:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: Received disconnect from 178.62.19.223 port 39536:11: Bye Bye [preauth]
Oct 13 13:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: Disconnected from 178.62.19.223 port 39536 [preauth]
Oct 13 13:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29337]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 13:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29337]: input_userauth_request: invalid user mysql [preauth]
Oct 13 13:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 13:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29337]: Failed password for invalid user mysql from 196.251.80.27 port 46852 ssh2
Oct 13 13:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29337]: Connection closed by 196.251.80.27 port 46852 [preauth]
Oct 13 13:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: Invalid user zwj from 216.10.242.161
Oct 13 13:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: input_userauth_request: invalid user zwj [preauth]
Oct 13 13:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 13:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: Failed password for invalid user zwj from 216.10.242.161 port 40494 ssh2
Oct 13 13:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: Received disconnect from 216.10.242.161 port 40494:11: Bye Bye [preauth]
Oct 13 13:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: Disconnected from 216.10.242.161 port 40494 [preauth]
Oct 13 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29370]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29377]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29376]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29373]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29373]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29567]: Successful su for rubyman by root
Oct 13 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29567]: + ??? root:rubyman
Oct 13 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29567]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405021 of user rubyman.
Oct 13 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29567]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405021.
Oct 13 13:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29370]: pam_unix(cron:session): session closed for user root
Oct 13 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29610]: Invalid user puneet from 51.195.149.120
Oct 13 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29610]: input_userauth_request: invalid user puneet [preauth]
Oct 13 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29610]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 13:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29610]: Failed password for invalid user puneet from 51.195.149.120 port 49772 ssh2
Oct 13 13:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29610]: Received disconnect from 51.195.149.120 port 49772:11: Bye Bye [preauth]
Oct 13 13:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29610]: Disconnected from 51.195.149.120 port 49772 [preauth]
Oct 13 13:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25060]: pam_unix(cron:session): session closed for user root
Oct 13 13:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29775]: Invalid user azureuser from 37.120.247.172
Oct 13 13:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29775]: input_userauth_request: invalid user azureuser [preauth]
Oct 13 13:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29775]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29775]: Failed password for invalid user azureuser from 37.120.247.172 port 58576 ssh2
Oct 13 13:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29775]: Received disconnect from 37.120.247.172 port 58576:11: Bye Bye [preauth]
Oct 13 13:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29775]: Disconnected from 37.120.247.172 port 58576 [preauth]
Oct 13 13:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57  user=root
Oct 13 13:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Failed password for root from 103.10.45.57 port 46824 ssh2
Oct 13 13:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Received disconnect from 103.10.45.57 port 46824:11: Bye Bye [preauth]
Oct 13 13:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Disconnected from 103.10.45.57 port 46824 [preauth]
Oct 13 13:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29375]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: Invalid user deb from 89.216.47.154
Oct 13 13:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: input_userauth_request: invalid user deb [preauth]
Oct 13 13:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: Invalid user user1 from 177.75.6.242
Oct 13 13:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: input_userauth_request: invalid user user1 [preauth]
Oct 13 13:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29843]: Did not receive identification string from 80.211.129.128
Oct 13 13:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: Failed password for invalid user deb from 89.216.47.154 port 40917 ssh2
Oct 13 13:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: Received disconnect from 89.216.47.154 port 40917:11: Bye Bye [preauth]
Oct 13 13:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: Disconnected from 89.216.47.154 port 40917 [preauth]
Oct 13 13:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: Failed password for invalid user user1 from 177.75.6.242 port 31543 ssh2
Oct 13 13:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: Received disconnect from 177.75.6.242 port 31543:11: Bye Bye [preauth]
Oct 13 13:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: Disconnected from 177.75.6.242 port 31543 [preauth]
Oct 13 13:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 13:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: input_userauth_request: invalid user mysql [preauth]
Oct 13 13:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 13:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: Invalid user dockeruser from 181.212.34.237
Oct 13 13:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: input_userauth_request: invalid user dockeruser [preauth]
Oct 13 13:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: Failed password for invalid user mysql from 196.251.80.27 port 51608 ssh2
Oct 13 13:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: Connection closed by 196.251.80.27 port 51608 [preauth]
Oct 13 13:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: Failed password for invalid user dockeruser from 181.212.34.237 port 31222 ssh2
Oct 13 13:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: Received disconnect from 181.212.34.237 port 31222:11: Bye Bye [preauth]
Oct 13 13:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29903]: Disconnected from 181.212.34.237 port 31222 [preauth]
Oct 13 13:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27991]: pam_unix(cron:session): session closed for user root
Oct 13 13:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: Invalid user mqm from 103.176.78.151
Oct 13 13:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: input_userauth_request: invalid user mqm [preauth]
Oct 13 13:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 13:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: Failed password for invalid user mqm from 103.176.78.151 port 44180 ssh2
Oct 13 13:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: Received disconnect from 103.176.78.151 port 44180:11: Bye Bye [preauth]
Oct 13 13:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: Disconnected from 103.176.78.151 port 44180 [preauth]
Oct 13 13:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 13:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: Failed password for root from 194.182.86.152 port 56676 ssh2
Oct 13 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: Connection closed by 194.182.86.152 port 56676 [preauth]
Oct 13 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: Invalid user acct from 178.62.19.223
Oct 13 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: input_userauth_request: invalid user acct [preauth]
Oct 13 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30023]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30024]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30021]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30024]: pam_unix(cron:session): session closed for user root
Oct 13 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: Failed password for invalid user acct from 178.62.19.223 port 54934 ssh2
Oct 13 13:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30110]: Successful su for rubyman by root
Oct 13 13:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30110]: + ??? root:rubyman
Oct 13 13:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405026 of user rubyman.
Oct 13 13:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30110]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405026.
Oct 13 13:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: Received disconnect from 178.62.19.223 port 54934:11: Bye Bye [preauth]
Oct 13 13:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: Disconnected from 178.62.19.223 port 54934 [preauth]
Oct 13 13:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session closed for user root
Oct 13 13:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: Invalid user mps from 185.255.91.226
Oct 13 13:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: input_userauth_request: invalid user mps [preauth]
Oct 13 13:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 13:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25769]: pam_unix(cron:session): session closed for user root
Oct 13 13:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: Failed password for invalid user mps from 185.255.91.226 port 44442 ssh2
Oct 13 13:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: Received disconnect from 185.255.91.226 port 44442:11: Bye Bye [preauth]
Oct 13 13:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: Disconnected from 185.255.91.226 port 44442 [preauth]
Oct 13 13:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 13:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: input_userauth_request: invalid user mysql [preauth]
Oct 13 13:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 13:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30416]: Invalid user njs from 51.195.149.120
Oct 13 13:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30416]: input_userauth_request: invalid user njs [preauth]
Oct 13 13:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30416]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 13:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: Failed password for invalid user mysql from 196.251.80.27 port 56560 ssh2
Oct 13 13:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: Connection closed by 196.251.80.27 port 56560 [preauth]
Oct 13 13:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30416]: Failed password for invalid user njs from 51.195.149.120 port 52986 ssh2
Oct 13 13:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30416]: Received disconnect from 51.195.149.120 port 52986:11: Bye Bye [preauth]
Oct 13 13:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30416]: Disconnected from 51.195.149.120 port 52986 [preauth]
Oct 13 13:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: Invalid user ctarazona from 216.10.242.161
Oct 13 13:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: input_userauth_request: invalid user ctarazona [preauth]
Oct 13 13:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 13:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: Failed password for invalid user ctarazona from 216.10.242.161 port 39718 ssh2
Oct 13 13:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: Received disconnect from 216.10.242.161 port 39718:11: Bye Bye [preauth]
Oct 13 13:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: Disconnected from 216.10.242.161 port 39718 [preauth]
Oct 13 13:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: Invalid user adminuser from 37.120.247.172
Oct 13 13:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: input_userauth_request: invalid user adminuser [preauth]
Oct 13 13:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: Failed password for invalid user adminuser from 37.120.247.172 port 47542 ssh2
Oct 13 13:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: Received disconnect from 37.120.247.172 port 47542:11: Bye Bye [preauth]
Oct 13 13:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: Disconnected from 37.120.247.172 port 47542 [preauth]
Oct 13 13:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28755]: pam_unix(cron:session): session closed for user root
Oct 13 13:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57  user=root
Oct 13 13:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30639]: Failed password for root from 103.10.45.57 port 37042 ssh2
Oct 13 13:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30639]: Received disconnect from 103.10.45.57 port 37042:11: Bye Bye [preauth]
Oct 13 13:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30639]: Disconnected from 103.10.45.57 port 37042 [preauth]
Oct 13 13:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: Invalid user lcx from 89.216.47.154
Oct 13 13:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: input_userauth_request: invalid user lcx [preauth]
Oct 13 13:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30657]: Invalid user ubuntu from 134.175.247.110
Oct 13 13:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30657]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 13:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30657]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.175.247.110
Oct 13 13:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: Failed password for invalid user lcx from 89.216.47.154 port 58514 ssh2
Oct 13 13:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: Received disconnect from 89.216.47.154 port 58514:11: Bye Bye [preauth]
Oct 13 13:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30654]: Disconnected from 89.216.47.154 port 58514 [preauth]
Oct 13 13:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30657]: Failed password for invalid user ubuntu from 134.175.247.110 port 32980 ssh2
Oct 13 13:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30657]: Received disconnect from 134.175.247.110 port 32980:11: Bye Bye [preauth]
Oct 13 13:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30657]: Disconnected from 134.175.247.110 port 32980 [preauth]
Oct 13 13:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: Invalid user free from 177.75.6.242
Oct 13 13:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: input_userauth_request: invalid user free [preauth]
Oct 13 13:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: input_userauth_request: invalid user mysql [preauth]
Oct 13 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30690]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30689]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30685]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: Failed password for invalid user free from 177.75.6.242 port 1645 ssh2
Oct 13 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: Received disconnect from 177.75.6.242 port 1645:11: Bye Bye [preauth]
Oct 13 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: Disconnected from 177.75.6.242 port 1645 [preauth]
Oct 13 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30762]: Successful su for rubyman by root
Oct 13 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30762]: + ??? root:rubyman
Oct 13 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30762]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405030 of user rubyman.
Oct 13 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30762]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405030.
Oct 13 13:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: Failed password for invalid user mysql from 196.251.80.27 port 32976 ssh2
Oct 13 13:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: Connection closed by 196.251.80.27 port 32976 [preauth]
Oct 13 13:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: Invalid user dev from 181.212.34.237
Oct 13 13:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: input_userauth_request: invalid user dev [preauth]
Oct 13 13:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26362]: pam_unix(cron:session): session closed for user root
Oct 13 13:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: Failed password for invalid user dev from 181.212.34.237 port 32547 ssh2
Oct 13 13:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: Received disconnect from 181.212.34.237 port 32547:11: Bye Bye [preauth]
Oct 13 13:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: Disconnected from 181.212.34.237 port 32547 [preauth]
Oct 13 13:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223  user=root
Oct 13 13:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30686]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30992]: Failed password for root from 178.62.19.223 port 57026 ssh2
Oct 13 13:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30992]: Received disconnect from 178.62.19.223 port 57026:11: Bye Bye [preauth]
Oct 13 13:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30992]: Disconnected from 178.62.19.223 port 57026 [preauth]
Oct 13 13:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31078]: Invalid user reinaldo from 185.255.91.226
Oct 13 13:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31078]: input_userauth_request: invalid user reinaldo [preauth]
Oct 13 13:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31078]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 13:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31078]: Failed password for invalid user reinaldo from 185.255.91.226 port 37410 ssh2
Oct 13 13:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29377]: pam_unix(cron:session): session closed for user root
Oct 13 13:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31078]: Received disconnect from 185.255.91.226 port 37410:11: Bye Bye [preauth]
Oct 13 13:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31078]: Disconnected from 185.255.91.226 port 37410 [preauth]
Oct 13 13:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120  user=root
Oct 13 13:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: Failed password for root from 51.195.149.120 port 39104 ssh2
Oct 13 13:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: Received disconnect from 51.195.149.120 port 39104:11: Bye Bye [preauth]
Oct 13 13:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: Disconnected from 51.195.149.120 port 39104 [preauth]
Oct 13 13:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: Invalid user agent from 37.120.247.172
Oct 13 13:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: input_userauth_request: invalid user agent [preauth]
Oct 13 13:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 13:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: input_userauth_request: invalid user mysql [preauth]
Oct 13 13:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 13:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: Failed password for invalid user mysql from 196.251.80.27 port 37684 ssh2
Oct 13 13:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: Connection closed by 196.251.80.27 port 37684 [preauth]
Oct 13 13:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: Did not receive identification string from 80.211.129.128
Oct 13 13:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: Failed password for invalid user agent from 37.120.247.172 port 37068 ssh2
Oct 13 13:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: Received disconnect from 37.120.247.172 port 37068:11: Bye Bye [preauth]
Oct 13 13:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: Disconnected from 37.120.247.172 port 37068 [preauth]
Oct 13 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31180]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31179]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31177]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31246]: Successful su for rubyman by root
Oct 13 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31246]: + ??? root:rubyman
Oct 13 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31246]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405034 of user rubyman.
Oct 13 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31246]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405034.
Oct 13 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31275]: Invalid user poc from 216.10.242.161
Oct 13 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31275]: input_userauth_request: invalid user poc [preauth]
Oct 13 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31275]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 13:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31275]: Failed password for invalid user poc from 216.10.242.161 port 52668 ssh2
Oct 13 13:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31275]: Received disconnect from 216.10.242.161 port 52668:11: Bye Bye [preauth]
Oct 13 13:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31275]: Disconnected from 216.10.242.161 port 52668 [preauth]
Oct 13 13:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 13:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: Failed password for root from 194.182.86.152 port 46652 ssh2
Oct 13 13:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: Connection closed by 194.182.86.152 port 46652 [preauth]
Oct 13 13:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: Invalid user ftpuser from 103.176.78.151
Oct 13 13:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 13:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 13:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27206]: pam_unix(cron:session): session closed for user root
Oct 13 13:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: Failed password for invalid user ftpuser from 103.176.78.151 port 52968 ssh2
Oct 13 13:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: Received disconnect from 103.176.78.151 port 52968:11: Bye Bye [preauth]
Oct 13 13:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: Disconnected from 103.176.78.151 port 52968 [preauth]
Oct 13 13:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31178]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Invalid user import from 89.216.47.154
Oct 13 13:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: input_userauth_request: invalid user import [preauth]
Oct 13 13:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Failed password for invalid user import from 89.216.47.154 port 47878 ssh2
Oct 13 13:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57  user=root
Oct 13 13:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Received disconnect from 89.216.47.154 port 47878:11: Bye Bye [preauth]
Oct 13 13:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Disconnected from 89.216.47.154 port 47878 [preauth]
Oct 13 13:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31677]: Failed password for root from 103.10.45.57 port 47332 ssh2
Oct 13 13:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31677]: Received disconnect from 103.10.45.57 port 47332:11: Bye Bye [preauth]
Oct 13 13:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31677]: Disconnected from 103.10.45.57 port 47332 [preauth]
Oct 13 13:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: User mysql from 196.251.80.27 not allowed because not listed in AllowUsers
Oct 13 13:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: input_userauth_request: invalid user mysql [preauth]
Oct 13 13:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27  user=mysql
Oct 13 13:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: Failed password for invalid user mysql from 196.251.80.27 port 42616 ssh2
Oct 13 13:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: Connection closed by 196.251.80.27 port 42616 [preauth]
Oct 13 13:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: Invalid user dm from 178.62.19.223
Oct 13 13:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: input_userauth_request: invalid user dm [preauth]
Oct 13 13:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 13:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: Invalid user happy from 177.75.6.242
Oct 13 13:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: input_userauth_request: invalid user happy [preauth]
Oct 13 13:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: Failed password for invalid user dm from 178.62.19.223 port 47698 ssh2
Oct 13 13:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: Received disconnect from 178.62.19.223 port 47698:11: Bye Bye [preauth]
Oct 13 13:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: Disconnected from 178.62.19.223 port 47698 [preauth]
Oct 13 13:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: Failed password for invalid user happy from 177.75.6.242 port 24161 ssh2
Oct 13 13:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: Received disconnect from 177.75.6.242 port 24161:11: Bye Bye [preauth]
Oct 13 13:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31718]: Disconnected from 177.75.6.242 port 24161 [preauth]
Oct 13 13:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30023]: pam_unix(cron:session): session closed for user root
Oct 13 13:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Invalid user dolphinscheduler from 181.212.34.237
Oct 13 13:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: input_userauth_request: invalid user dolphinscheduler [preauth]
Oct 13 13:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Failed password for invalid user dolphinscheduler from 181.212.34.237 port 2393 ssh2
Oct 13 13:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Received disconnect from 181.212.34.237 port 2393:11: Bye Bye [preauth]
Oct 13 13:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Disconnected from 181.212.34.237 port 2393 [preauth]
Oct 13 13:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: Invalid user will from 51.195.149.120
Oct 13 13:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: input_userauth_request: invalid user will [preauth]
Oct 13 13:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 13:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: Failed password for invalid user will from 51.195.149.120 port 50268 ssh2
Oct 13 13:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: Received disconnect from 51.195.149.120 port 50268:11: Bye Bye [preauth]
Oct 13 13:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: Disconnected from 51.195.149.120 port 50268 [preauth]
Oct 13 13:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31806]: Invalid user django from 37.120.247.172
Oct 13 13:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31806]: input_userauth_request: invalid user django [preauth]
Oct 13 13:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31806]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31813]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31812]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31810]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31806]: Failed password for invalid user django from 37.120.247.172 port 51598 ssh2
Oct 13 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31806]: Received disconnect from 37.120.247.172 port 51598:11: Bye Bye [preauth]
Oct 13 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31806]: Disconnected from 37.120.247.172 port 51598 [preauth]
Oct 13 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31884]: Successful su for rubyman by root
Oct 13 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31884]: + ??? root:rubyman
Oct 13 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405040 of user rubyman.
Oct 13 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31884]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405040.
Oct 13 13:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: Invalid user xy from 185.255.91.226
Oct 13 13:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: input_userauth_request: invalid user xy [preauth]
Oct 13 13:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 13:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: Failed password for invalid user xy from 185.255.91.226 port 43060 ssh2
Oct 13 13:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: Received disconnect from 185.255.91.226 port 43060:11: Bye Bye [preauth]
Oct 13 13:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: Disconnected from 185.255.91.226 port 43060 [preauth]
Oct 13 13:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27990]: pam_unix(cron:session): session closed for user root
Oct 13 13:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32100]: Invalid user git from 196.251.80.27
Oct 13 13:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32100]: input_userauth_request: invalid user git [preauth]
Oct 13 13:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32100]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32100]: Failed password for invalid user git from 196.251.80.27 port 46808 ssh2
Oct 13 13:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32100]: Connection closed by 196.251.80.27 port 46808 [preauth]
Oct 13 13:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31811]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: Invalid user mqm from 216.10.242.161
Oct 13 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: input_userauth_request: invalid user mqm [preauth]
Oct 13 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 13:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: Failed password for invalid user mqm from 216.10.242.161 port 47652 ssh2
Oct 13 13:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: Received disconnect from 216.10.242.161 port 47652:11: Bye Bye [preauth]
Oct 13 13:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: Disconnected from 216.10.242.161 port 47652 [preauth]
Oct 13 13:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30690]: pam_unix(cron:session): session closed for user root
Oct 13 13:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32315]: Invalid user njs from 178.62.19.223
Oct 13 13:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32315]: input_userauth_request: invalid user njs [preauth]
Oct 13 13:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32315]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 13:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32315]: Failed password for invalid user njs from 178.62.19.223 port 41914 ssh2
Oct 13 13:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32315]: Received disconnect from 178.62.19.223 port 41914:11: Bye Bye [preauth]
Oct 13 13:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32315]: Disconnected from 178.62.19.223 port 41914 [preauth]
Oct 13 13:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32327]: Invalid user graphsql from 89.216.47.154
Oct 13 13:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32327]: input_userauth_request: invalid user graphsql [preauth]
Oct 13 13:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32327]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32327]: Failed password for invalid user graphsql from 89.216.47.154 port 37240 ssh2
Oct 13 13:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32327]: Received disconnect from 89.216.47.154 port 37240:11: Bye Bye [preauth]
Oct 13 13:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32327]: Disconnected from 89.216.47.154 port 37240 [preauth]
Oct 13 13:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Invalid user git from 196.251.80.27
Oct 13 13:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: input_userauth_request: invalid user git [preauth]
Oct 13 13:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Failed password for invalid user git from 196.251.80.27 port 51410 ssh2
Oct 13 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32367]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32368]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32363]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32363]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Connection closed by 196.251.80.27 port 51410 [preauth]
Oct 13 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32439]: Successful su for rubyman by root
Oct 13 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32439]: + ??? root:rubyman
Oct 13 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32439]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405044 of user rubyman.
Oct 13 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32439]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405044.
Oct 13 13:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Invalid user user123 from 51.195.149.120
Oct 13 13:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: input_userauth_request: invalid user user123 [preauth]
Oct 13 13:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 13:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Failed password for invalid user user123 from 51.195.149.120 port 46030 ssh2
Oct 13 13:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Received disconnect from 51.195.149.120 port 46030:11: Bye Bye [preauth]
Oct 13 13:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Disconnected from 51.195.149.120 port 46030 [preauth]
Oct 13 13:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: Invalid user Test01 from 177.75.6.242
Oct 13 13:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: input_userauth_request: invalid user Test01 [preauth]
Oct 13 13:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28754]: pam_unix(cron:session): session closed for user root
Oct 13 13:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: Failed password for invalid user Test01 from 177.75.6.242 port 6861 ssh2
Oct 13 13:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: Received disconnect from 177.75.6.242 port 6861:11: Bye Bye [preauth]
Oct 13 13:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: Disconnected from 177.75.6.242 port 6861 [preauth]
Oct 13 13:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: Invalid user adminuser from 37.120.247.172
Oct 13 13:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: input_userauth_request: invalid user adminuser [preauth]
Oct 13 13:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: Failed password for invalid user adminuser from 37.120.247.172 port 50130 ssh2
Oct 13 13:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: Received disconnect from 37.120.247.172 port 50130:11: Bye Bye [preauth]
Oct 13 13:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32644]: Disconnected from 37.120.247.172 port 50130 [preauth]
Oct 13 13:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32366]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32696]: Invalid user sosemaloku from 185.255.91.226
Oct 13 13:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32696]: input_userauth_request: invalid user sosemaloku [preauth]
Oct 13 13:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32696]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 13:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32696]: Failed password for invalid user sosemaloku from 185.255.91.226 port 49200 ssh2
Oct 13 13:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32696]: Received disconnect from 185.255.91.226 port 49200:11: Bye Bye [preauth]
Oct 13 13:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32696]: Disconnected from 185.255.91.226 port 49200 [preauth]
Oct 13 13:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: Invalid user ftpuser from 181.212.34.237
Oct 13 13:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 13:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: Failed password for invalid user ftpuser from 181.212.34.237 port 51779 ssh2
Oct 13 13:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: Received disconnect from 181.212.34.237 port 51779:11: Bye Bye [preauth]
Oct 13 13:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32709]: Disconnected from 181.212.34.237 port 51779 [preauth]
Oct 13 13:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: Invalid user lruiz from 103.176.78.151
Oct 13 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: input_userauth_request: invalid user lruiz [preauth]
Oct 13 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 13:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: Failed password for invalid user lruiz from 103.176.78.151 port 38764 ssh2
Oct 13 13:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: Received disconnect from 103.176.78.151 port 38764:11: Bye Bye [preauth]
Oct 13 13:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32744]: Disconnected from 103.176.78.151 port 38764 [preauth]
Oct 13 13:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31180]: pam_unix(cron:session): session closed for user root
Oct 13 13:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[342]: Invalid user git from 196.251.80.27
Oct 13 13:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[342]: input_userauth_request: invalid user git [preauth]
Oct 13 13:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[342]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[342]: Failed password for invalid user git from 196.251.80.27 port 55618 ssh2
Oct 13 13:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[342]: Connection closed by 196.251.80.27 port 55618 [preauth]
Oct 13 13:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[361]: Invalid user zwj from 178.62.19.223
Oct 13 13:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[361]: input_userauth_request: invalid user zwj [preauth]
Oct 13 13:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[361]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 13:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[361]: Failed password for invalid user zwj from 178.62.19.223 port 52306 ssh2
Oct 13 13:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[361]: Received disconnect from 178.62.19.223 port 52306:11: Bye Bye [preauth]
Oct 13 13:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[361]: Disconnected from 178.62.19.223 port 52306 [preauth]
Oct 13 13:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[364]: Invalid user acct from 216.10.242.161
Oct 13 13:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[364]: input_userauth_request: invalid user acct [preauth]
Oct 13 13:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[364]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 13:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Invalid user jwereszc from 164.68.105.9
Oct 13 13:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: input_userauth_request: invalid user jwereszc [preauth]
Oct 13 13:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 13:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[364]: Failed password for invalid user acct from 216.10.242.161 port 36938 ssh2
Oct 13 13:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[364]: Received disconnect from 216.10.242.161 port 36938:11: Bye Bye [preauth]
Oct 13 13:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[364]: Disconnected from 216.10.242.161 port 36938 [preauth]
Oct 13 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Failed password for invalid user jwereszc from 164.68.105.9 port 45070 ssh2
Oct 13 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Connection closed by 164.68.105.9 port 45070 [preauth]
Oct 13 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[385]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[384]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[387]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[386]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[383]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[387]: pam_unix(cron:session): session closed for user root
Oct 13 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[381]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[479]: Successful su for rubyman by root
Oct 13 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[479]: + ??? root:rubyman
Oct 13 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405047 of user rubyman.
Oct 13 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[479]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405047.
Oct 13 13:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[384]: pam_unix(cron:session): session closed for user root
Oct 13 13:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29376]: pam_unix(cron:session): session closed for user root
Oct 13 13:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[686]: Invalid user pavel from 51.195.149.120
Oct 13 13:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[686]: input_userauth_request: invalid user pavel [preauth]
Oct 13 13:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[686]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 13:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[686]: Failed password for invalid user pavel from 51.195.149.120 port 33008 ssh2
Oct 13 13:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[686]: Received disconnect from 51.195.149.120 port 33008:11: Bye Bye [preauth]
Oct 13 13:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[686]: Disconnected from 51.195.149.120 port 33008 [preauth]
Oct 13 13:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: Invalid user invoices from 89.216.47.154
Oct 13 13:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: input_userauth_request: invalid user invoices [preauth]
Oct 13 13:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[383]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: Failed password for invalid user invoices from 89.216.47.154 port 54836 ssh2
Oct 13 13:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: Received disconnect from 89.216.47.154 port 54836:11: Bye Bye [preauth]
Oct 13 13:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: Disconnected from 89.216.47.154 port 54836 [preauth]
Oct 13 13:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[805]: Invalid user ubuntu from 37.120.247.172
Oct 13 13:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[805]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 13:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[805]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[788]: Did not receive identification string from 80.211.129.128
Oct 13 13:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[805]: Failed password for invalid user ubuntu from 37.120.247.172 port 57192 ssh2
Oct 13 13:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[805]: Received disconnect from 37.120.247.172 port 57192:11: Bye Bye [preauth]
Oct 13 13:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[805]: Disconnected from 37.120.247.172 port 57192 [preauth]
Oct 13 13:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: Invalid user git from 196.251.80.27
Oct 13 13:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: input_userauth_request: invalid user git [preauth]
Oct 13 13:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: Failed password for invalid user git from 196.251.80.27 port 59992 ssh2
Oct 13 13:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: Connection closed by 196.251.80.27 port 59992 [preauth]
Oct 13 13:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31813]: pam_unix(cron:session): session closed for user root
Oct 13 13:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Invalid user Azure from 177.75.6.242
Oct 13 13:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: input_userauth_request: invalid user Azure [preauth]
Oct 13 13:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Failed password for invalid user Azure from 177.75.6.242 port 50682 ssh2
Oct 13 13:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Received disconnect from 177.75.6.242 port 50682:11: Bye Bye [preauth]
Oct 13 13:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Disconnected from 177.75.6.242 port 50682 [preauth]
Oct 13 13:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: Invalid user caleb from 185.255.91.226
Oct 13 13:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: input_userauth_request: invalid user caleb [preauth]
Oct 13 13:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 13:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: Failed password for invalid user caleb from 185.255.91.226 port 33028 ssh2
Oct 13 13:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: Received disconnect from 185.255.91.226 port 33028:11: Bye Bye [preauth]
Oct 13 13:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: Disconnected from 185.255.91.226 port 33028 [preauth]
Oct 13 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[983]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[999]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[981]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1095]: Successful su for rubyman by root
Oct 13 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1095]: + ??? root:rubyman
Oct 13 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405055 of user rubyman.
Oct 13 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1095]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405055.
Oct 13 13:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: Invalid user botuser from 181.212.34.237
Oct 13 13:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: input_userauth_request: invalid user botuser [preauth]
Oct 13 13:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: Invalid user will from 178.62.19.223
Oct 13 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: input_userauth_request: invalid user will [preauth]
Oct 13 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: Failed password for invalid user botuser from 181.212.34.237 port 51170 ssh2
Oct 13 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: Received disconnect from 181.212.34.237 port 51170:11: Bye Bye [preauth]
Oct 13 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: Disconnected from 181.212.34.237 port 51170 [preauth]
Oct 13 13:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: Failed password for invalid user will from 178.62.19.223 port 60856 ssh2
Oct 13 13:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: Received disconnect from 178.62.19.223 port 60856:11: Bye Bye [preauth]
Oct 13 13:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: Disconnected from 178.62.19.223 port 60856 [preauth]
Oct 13 13:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30021]: pam_unix(cron:session): session closed for user root
Oct 13 13:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[982]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: Invalid user git from 196.251.80.27
Oct 13 13:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: input_userauth_request: invalid user git [preauth]
Oct 13 13:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: Failed password for invalid user git from 196.251.80.27 port 35602 ssh2
Oct 13 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: Connection closed by 196.251.80.27 port 35602 [preauth]
Oct 13 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1363]: Invalid user ftpuser from 216.10.242.161
Oct 13 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1363]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1363]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 13:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: Invalid user sysop from 51.195.149.120
Oct 13 13:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: input_userauth_request: invalid user sysop [preauth]
Oct 13 13:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1363]: Failed password for invalid user ftpuser from 216.10.242.161 port 54496 ssh2
Oct 13 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1363]: Received disconnect from 216.10.242.161 port 54496:11: Bye Bye [preauth]
Oct 13 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1363]: Disconnected from 216.10.242.161 port 54496 [preauth]
Oct 13 13:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: Failed password for invalid user sysop from 51.195.149.120 port 57330 ssh2
Oct 13 13:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: Received disconnect from 51.195.149.120 port 57330:11: Bye Bye [preauth]
Oct 13 13:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: Disconnected from 51.195.149.120 port 57330 [preauth]
Oct 13 13:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32368]: pam_unix(cron:session): session closed for user root
Oct 13 13:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151  user=root
Oct 13 13:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: Failed password for root from 103.176.78.151 port 44798 ssh2
Oct 13 13:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: Received disconnect from 103.176.78.151 port 44798:11: Bye Bye [preauth]
Oct 13 13:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: Disconnected from 103.176.78.151 port 44798 [preauth]
Oct 13 13:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: Invalid user user1 from 37.120.247.172
Oct 13 13:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: input_userauth_request: invalid user user1 [preauth]
Oct 13 13:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: Invalid user test from 89.216.47.154
Oct 13 13:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: input_userauth_request: invalid user test [preauth]
Oct 13 13:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: Failed password for invalid user user1 from 37.120.247.172 port 44358 ssh2
Oct 13 13:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: Received disconnect from 37.120.247.172 port 44358:11: Bye Bye [preauth]
Oct 13 13:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: Disconnected from 37.120.247.172 port 44358 [preauth]
Oct 13 13:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: Failed password for invalid user test from 89.216.47.154 port 44202 ssh2
Oct 13 13:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: Received disconnect from 89.216.47.154 port 44202:11: Bye Bye [preauth]
Oct 13 13:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: Disconnected from 89.216.47.154 port 44202 [preauth]
Oct 13 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1527]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1521]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1526]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1525]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1524]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1521]: pam_unix(cron:session): session closed for user root
Oct 13 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1524]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1600]: Successful su for rubyman by root
Oct 13 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1600]: + ??? root:rubyman
Oct 13 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405056 of user rubyman.
Oct 13 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1600]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405056.
Oct 13 13:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226  user=root
Oct 13 13:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: Invalid user git from 196.251.80.27
Oct 13 13:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: input_userauth_request: invalid user git [preauth]
Oct 13 13:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: Failed password for root from 185.255.91.226 port 58150 ssh2
Oct 13 13:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: Received disconnect from 185.255.91.226 port 58150:11: Bye Bye [preauth]
Oct 13 13:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: Disconnected from 185.255.91.226 port 58150 [preauth]
Oct 13 13:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: Failed password for invalid user git from 196.251.80.27 port 39136 ssh2
Oct 13 13:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: Connection closed by 196.251.80.27 port 39136 [preauth]
Oct 13 13:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30689]: pam_unix(cron:session): session closed for user root
Oct 13 13:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242  user=root
Oct 13 13:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: Failed password for root from 177.75.6.242 port 3104 ssh2
Oct 13 13:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: Received disconnect from 177.75.6.242 port 3104:11: Bye Bye [preauth]
Oct 13 13:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: Disconnected from 177.75.6.242 port 3104 [preauth]
Oct 13 13:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: Invalid user test from 178.62.19.223
Oct 13 13:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: input_userauth_request: invalid user test [preauth]
Oct 13 13:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 13:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57  user=root
Oct 13 13:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1525]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: Failed password for invalid user test from 178.62.19.223 port 36178 ssh2
Oct 13 13:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: Received disconnect from 178.62.19.223 port 36178:11: Bye Bye [preauth]
Oct 13 13:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: Disconnected from 178.62.19.223 port 36178 [preauth]
Oct 13 13:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1854]: Failed password for root from 103.10.45.57 port 43446 ssh2
Oct 13 13:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1854]: Received disconnect from 103.10.45.57 port 43446:11: Bye Bye [preauth]
Oct 13 13:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1854]: Disconnected from 103.10.45.57 port 43446 [preauth]
Oct 13 13:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120  user=root
Oct 13 13:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: Failed password for root from 51.195.149.120 port 42216 ssh2
Oct 13 13:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: Received disconnect from 51.195.149.120 port 42216:11: Bye Bye [preauth]
Oct 13 13:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: Disconnected from 51.195.149.120 port 42216 [preauth]
Oct 13 13:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[386]: pam_unix(cron:session): session closed for user root
Oct 13 13:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237  user=root
Oct 13 13:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2071]: Failed password for root from 181.212.34.237 port 3873 ssh2
Oct 13 13:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2071]: Received disconnect from 181.212.34.237 port 3873:11: Bye Bye [preauth]
Oct 13 13:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2071]: Disconnected from 181.212.34.237 port 3873 [preauth]
Oct 13 13:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Invalid user git from 196.251.80.27
Oct 13 13:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: input_userauth_request: invalid user git [preauth]
Oct 13 13:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161  user=root
Oct 13 13:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Failed password for invalid user git from 196.251.80.27 port 43088 ssh2
Oct 13 13:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Connection closed by 196.251.80.27 port 43088 [preauth]
Oct 13 13:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: Failed password for root from 216.10.242.161 port 45112 ssh2
Oct 13 13:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: Received disconnect from 216.10.242.161 port 45112:11: Bye Bye [preauth]
Oct 13 13:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: Disconnected from 216.10.242.161 port 45112 [preauth]
Oct 13 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2127]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2128]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2126]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2125]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2125]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2207]: Successful su for rubyman by root
Oct 13 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2207]: + ??? root:rubyman
Oct 13 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405062 of user rubyman.
Oct 13 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2207]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405062.
Oct 13 13:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31179]: pam_unix(cron:session): session closed for user root
Oct 13 13:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: Invalid user adminuser from 37.120.247.172
Oct 13 13:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: input_userauth_request: invalid user adminuser [preauth]
Oct 13 13:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: Failed password for invalid user adminuser from 37.120.247.172 port 56524 ssh2
Oct 13 13:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: Received disconnect from 37.120.247.172 port 56524:11: Bye Bye [preauth]
Oct 13 13:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: Disconnected from 37.120.247.172 port 56524 [preauth]
Oct 13 13:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2126]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Invalid user rene from 185.255.91.226
Oct 13 13:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: input_userauth_request: invalid user rene [preauth]
Oct 13 13:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 13:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Failed password for invalid user rene from 185.255.91.226 port 41674 ssh2
Oct 13 13:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Received disconnect from 185.255.91.226 port 41674:11: Bye Bye [preauth]
Oct 13 13:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Disconnected from 185.255.91.226 port 41674 [preauth]
Oct 13 13:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154  user=root
Oct 13 13:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2507]: Invalid user ftpuser from 178.62.19.223
Oct 13 13:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2507]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 13:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2507]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 13:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: Failed password for root from 89.216.47.154 port 33564 ssh2
Oct 13 13:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: Received disconnect from 89.216.47.154 port 33564:11: Bye Bye [preauth]
Oct 13 13:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2495]: Disconnected from 89.216.47.154 port 33564 [preauth]
Oct 13 13:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: Invalid user git from 196.251.80.27
Oct 13 13:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: input_userauth_request: invalid user git [preauth]
Oct 13 13:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2507]: Failed password for invalid user ftpuser from 178.62.19.223 port 35468 ssh2
Oct 13 13:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2507]: Received disconnect from 178.62.19.223 port 35468:11: Bye Bye [preauth]
Oct 13 13:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2507]: Disconnected from 178.62.19.223 port 35468 [preauth]
Oct 13 13:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: Failed password for invalid user git from 196.251.80.27 port 47282 ssh2
Oct 13 13:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: Connection closed by 196.251.80.27 port 47282 [preauth]
Oct 13 13:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[999]: pam_unix(cron:session): session closed for user root
Oct 13 13:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2544]: Did not receive identification string from 80.211.129.128
Oct 13 13:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: Invalid user daniel from 51.195.149.120
Oct 13 13:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: input_userauth_request: invalid user daniel [preauth]
Oct 13 13:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 13:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: Failed password for invalid user daniel from 51.195.149.120 port 42950 ssh2
Oct 13 13:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242  user=root
Oct 13 13:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2583]: Invalid user sysop from 103.176.78.151
Oct 13 13:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2583]: input_userauth_request: invalid user sysop [preauth]
Oct 13 13:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2583]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 13:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: Received disconnect from 51.195.149.120 port 42950:11: Bye Bye [preauth]
Oct 13 13:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2581]: Disconnected from 51.195.149.120 port 42950 [preauth]
Oct 13 13:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: Invalid user sysop from 103.10.45.57
Oct 13 13:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: input_userauth_request: invalid user sysop [preauth]
Oct 13 13:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 13:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2586]: Failed password for root from 177.75.6.242 port 25720 ssh2
Oct 13 13:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2583]: Failed password for invalid user sysop from 103.176.78.151 port 39546 ssh2
Oct 13 13:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2586]: Received disconnect from 177.75.6.242 port 25720:11: Bye Bye [preauth]
Oct 13 13:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2586]: Disconnected from 177.75.6.242 port 25720 [preauth]
Oct 13 13:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2583]: Received disconnect from 103.176.78.151 port 39546:11: Bye Bye [preauth]
Oct 13 13:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2583]: Disconnected from 103.176.78.151 port 39546 [preauth]
Oct 13 13:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: Failed password for invalid user sysop from 103.10.45.57 port 38610 ssh2
Oct 13 13:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: Received disconnect from 103.10.45.57 port 38610:11: Bye Bye [preauth]
Oct 13 13:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: Disconnected from 103.10.45.57 port 38610 [preauth]
Oct 13 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2612]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2613]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2608]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2677]: Successful su for rubyman by root
Oct 13 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2677]: + ??? root:rubyman
Oct 13 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405065 of user rubyman.
Oct 13 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2677]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405065.
Oct 13 13:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31812]: pam_unix(cron:session): session closed for user root
Oct 13 13:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2610]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: Invalid user git from 196.251.80.27
Oct 13 13:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: input_userauth_request: invalid user git [preauth]
Oct 13 13:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Invalid user cuckoo from 216.10.242.161
Oct 13 13:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: input_userauth_request: invalid user cuckoo [preauth]
Oct 13 13:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 13:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: Failed password for invalid user git from 196.251.80.27 port 51320 ssh2
Oct 13 13:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2910]: Connection closed by 196.251.80.27 port 51320 [preauth]
Oct 13 13:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Failed password for invalid user cuckoo from 216.10.242.161 port 37290 ssh2
Oct 13 13:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Received disconnect from 216.10.242.161 port 37290:11: Bye Bye [preauth]
Oct 13 13:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Disconnected from 216.10.242.161 port 37290 [preauth]
Oct 13 13:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: Invalid user deployuser from 186.96.145.241
Oct 13 13:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: input_userauth_request: invalid user deployuser [preauth]
Oct 13 13:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 13 13:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Invalid user botuser from 37.120.247.172
Oct 13 13:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: input_userauth_request: invalid user botuser [preauth]
Oct 13 13:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: Failed password for invalid user deployuser from 186.96.145.241 port 37810 ssh2
Oct 13 13:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: Connection closed by 186.96.145.241 port 37810 [preauth]
Oct 13 13:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Failed password for invalid user botuser from 37.120.247.172 port 39710 ssh2
Oct 13 13:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Received disconnect from 37.120.247.172 port 39710:11: Bye Bye [preauth]
Oct 13 13:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2944]: Disconnected from 37.120.247.172 port 39710 [preauth]
Oct 13 13:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1527]: pam_unix(cron:session): session closed for user root
Oct 13 13:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226  user=root
Oct 13 13:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223  user=root
Oct 13 13:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: Failed password for root from 185.255.91.226 port 56180 ssh2
Oct 13 13:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: Received disconnect from 185.255.91.226 port 56180:11: Bye Bye [preauth]
Oct 13 13:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: Disconnected from 185.255.91.226 port 56180 [preauth]
Oct 13 13:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: Failed password for root from 178.62.19.223 port 55382 ssh2
Oct 13 13:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: Received disconnect from 178.62.19.223 port 55382:11: Bye Bye [preauth]
Oct 13 13:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: Disconnected from 178.62.19.223 port 55382 [preauth]
Oct 13 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3069]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3067]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3066]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3068]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3069]: pam_unix(cron:session): session closed for user root
Oct 13 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3064]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3144]: Successful su for rubyman by root
Oct 13 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3144]: + ??? root:rubyman
Oct 13 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3144]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405069 of user rubyman.
Oct 13 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3144]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405069.
Oct 13 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154  user=root
Oct 13 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: Invalid user git from 196.251.80.27
Oct 13 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: input_userauth_request: invalid user git [preauth]
Oct 13 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: Invalid user test from 51.195.149.120
Oct 13 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: input_userauth_request: invalid user test [preauth]
Oct 13 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: Failed password for invalid user git from 196.251.80.27 port 54542 ssh2
Oct 13 13:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: Connection closed by 196.251.80.27 port 54542 [preauth]
Oct 13 13:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3127]: Failed password for root from 89.216.47.154 port 51158 ssh2
Oct 13 13:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237  user=root
Oct 13 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3127]: Received disconnect from 89.216.47.154 port 51158:11: Bye Bye [preauth]
Oct 13 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3127]: Disconnected from 89.216.47.154 port 51158 [preauth]
Oct 13 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: Failed password for invalid user test from 51.195.149.120 port 53738 ssh2
Oct 13 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: Received disconnect from 51.195.149.120 port 53738:11: Bye Bye [preauth]
Oct 13 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: Disconnected from 51.195.149.120 port 53738 [preauth]
Oct 13 13:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Failed password for root from 181.212.34.237 port 62615 ssh2
Oct 13 13:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Received disconnect from 181.212.34.237 port 62615:11: Bye Bye [preauth]
Oct 13 13:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Disconnected from 181.212.34.237 port 62615 [preauth]
Oct 13 13:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3066]: pam_unix(cron:session): session closed for user root
Oct 13 13:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32367]: pam_unix(cron:session): session closed for user root
Oct 13 13:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3065]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3452]: Invalid user cuckoo from 103.10.45.57
Oct 13 13:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3452]: input_userauth_request: invalid user cuckoo [preauth]
Oct 13 13:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3452]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 13:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3452]: Failed password for invalid user cuckoo from 103.10.45.57 port 34712 ssh2
Oct 13 13:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3452]: Received disconnect from 103.10.45.57 port 34712:11: Bye Bye [preauth]
Oct 13 13:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3452]: Disconnected from 103.10.45.57 port 34712 [preauth]
Oct 13 13:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3456]: Invalid user ikeda from 177.75.6.242
Oct 13 13:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3456]: input_userauth_request: invalid user ikeda [preauth]
Oct 13 13:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3456]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3456]: Failed password for invalid user ikeda from 177.75.6.242 port 63831 ssh2
Oct 13 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3456]: Received disconnect from 177.75.6.242 port 63831:11: Bye Bye [preauth]
Oct 13 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3456]: Disconnected from 177.75.6.242 port 63831 [preauth]
Oct 13 13:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2128]: pam_unix(cron:session): session closed for user root
Oct 13 13:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: Invalid user test01 from 37.120.247.172
Oct 13 13:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: input_userauth_request: invalid user test01 [preauth]
Oct 13 13:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: Failed password for invalid user test01 from 37.120.247.172 port 33390 ssh2
Oct 13 13:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: Received disconnect from 37.120.247.172 port 33390:11: Bye Bye [preauth]
Oct 13 13:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3521]: Disconnected from 37.120.247.172 port 33390 [preauth]
Oct 13 13:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: Invalid user git from 196.251.80.27
Oct 13 13:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: input_userauth_request: invalid user git [preauth]
Oct 13 13:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: Invalid user dm from 216.10.242.161
Oct 13 13:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: input_userauth_request: invalid user dm [preauth]
Oct 13 13:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 13:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: Failed password for invalid user dm from 216.10.242.161 port 59564 ssh2
Oct 13 13:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: Failed password for invalid user git from 196.251.80.27 port 58654 ssh2
Oct 13 13:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: Received disconnect from 216.10.242.161 port 59564:11: Bye Bye [preauth]
Oct 13 13:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: Disconnected from 216.10.242.161 port 59564 [preauth]
Oct 13 13:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: Connection closed by 196.251.80.27 port 58654 [preauth]
Oct 13 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3578]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3579]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3576]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3657]: Successful su for rubyman by root
Oct 13 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3657]: + ??? root:rubyman
Oct 13 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405078 of user rubyman.
Oct 13 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3657]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405078.
Oct 13 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Invalid user user123 from 103.176.78.151
Oct 13 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: input_userauth_request: invalid user user123 [preauth]
Oct 13 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Failed password for invalid user user123 from 103.176.78.151 port 48744 ssh2
Oct 13 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223  user=root
Oct 13 13:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Received disconnect from 103.176.78.151 port 48744:11: Bye Bye [preauth]
Oct 13 13:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Disconnected from 103.176.78.151 port 48744 [preauth]
Oct 13 13:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3693]: Failed password for root from 178.62.19.223 port 59338 ssh2
Oct 13 13:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3693]: Received disconnect from 178.62.19.223 port 59338:11: Bye Bye [preauth]
Oct 13 13:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3693]: Disconnected from 178.62.19.223 port 59338 [preauth]
Oct 13 13:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: Invalid user ftpuser from 185.255.91.226
Oct 13 13:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 13:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 13:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: Failed password for invalid user ftpuser from 185.255.91.226 port 57778 ssh2
Oct 13 13:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: Received disconnect from 185.255.91.226 port 57778:11: Bye Bye [preauth]
Oct 13 13:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: Disconnected from 185.255.91.226 port 57778 [preauth]
Oct 13 13:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[385]: pam_unix(cron:session): session closed for user root
Oct 13 13:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3577]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120  user=root
Oct 13 13:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: Failed password for root from 51.195.149.120 port 39950 ssh2
Oct 13 13:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: Received disconnect from 51.195.149.120 port 39950:11: Bye Bye [preauth]
Oct 13 13:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: Disconnected from 51.195.149.120 port 39950 [preauth]
Oct 13 13:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3932]: Invalid user git from 196.251.80.27
Oct 13 13:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3932]: input_userauth_request: invalid user git [preauth]
Oct 13 13:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3932]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: Invalid user chart from 89.216.47.154
Oct 13 13:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: input_userauth_request: invalid user chart [preauth]
Oct 13 13:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3932]: Failed password for invalid user git from 196.251.80.27 port 33696 ssh2
Oct 13 13:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3932]: Connection closed by 196.251.80.27 port 33696 [preauth]
Oct 13 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: Failed password for invalid user chart from 89.216.47.154 port 40524 ssh2
Oct 13 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: Received disconnect from 89.216.47.154 port 40524:11: Bye Bye [preauth]
Oct 13 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: Disconnected from 89.216.47.154 port 40524 [preauth]
Oct 13 13:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2613]: pam_unix(cron:session): session closed for user root
Oct 13 13:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 13:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: Failed password for root from 194.182.86.152 port 40126 ssh2
Oct 13 13:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4023]: Invalid user test from 181.212.34.237
Oct 13 13:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4023]: input_userauth_request: invalid user test [preauth]
Oct 13 13:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4023]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: Connection closed by 194.182.86.152 port 40126 [preauth]
Oct 13 13:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4023]: Failed password for invalid user test from 181.212.34.237 port 21337 ssh2
Oct 13 13:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4023]: Received disconnect from 181.212.34.237 port 21337:11: Bye Bye [preauth]
Oct 13 13:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4023]: Disconnected from 181.212.34.237 port 21337 [preauth]
Oct 13 13:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4044]: Invalid user dspace from 37.120.247.172
Oct 13 13:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4044]: input_userauth_request: invalid user dspace [preauth]
Oct 13 13:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4044]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4044]: Failed password for invalid user dspace from 37.120.247.172 port 52330 ssh2
Oct 13 13:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4044]: Received disconnect from 37.120.247.172 port 52330:11: Bye Bye [preauth]
Oct 13 13:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4044]: Disconnected from 37.120.247.172 port 52330 [preauth]
Oct 13 13:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Invalid user poc from 103.10.45.57
Oct 13 13:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: input_userauth_request: invalid user poc [preauth]
Oct 13 13:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4061]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4062]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4059]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Failed password for invalid user poc from 103.10.45.57 port 60058 ssh2
Oct 13 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Received disconnect from 103.10.45.57 port 60058:11: Bye Bye [preauth]
Oct 13 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Disconnected from 103.10.45.57 port 60058 [preauth]
Oct 13 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4139]: Successful su for rubyman by root
Oct 13 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4139]: + ??? root:rubyman
Oct 13 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405079 of user rubyman.
Oct 13 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4139]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405079.
Oct 13 13:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242  user=root
Oct 13 13:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[983]: pam_unix(cron:session): session closed for user root
Oct 13 13:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4308]: Failed password for root from 177.75.6.242 port 30631 ssh2
Oct 13 13:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4308]: Received disconnect from 177.75.6.242 port 30631:11: Bye Bye [preauth]
Oct 13 13:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4308]: Disconnected from 177.75.6.242 port 30631 [preauth]
Oct 13 13:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: Invalid user www from 196.251.80.27
Oct 13 13:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: input_userauth_request: invalid user www [preauth]
Oct 13 13:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161  user=root
Oct 13 13:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: Failed password for invalid user www from 196.251.80.27 port 36978 ssh2
Oct 13 13:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4374]: Failed password for root from 216.10.242.161 port 53594 ssh2
Oct 13 13:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: Connection closed by 196.251.80.27 port 36978 [preauth]
Oct 13 13:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4374]: Received disconnect from 216.10.242.161 port 53594:11: Bye Bye [preauth]
Oct 13 13:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4374]: Disconnected from 216.10.242.161 port 53594 [preauth]
Oct 13 13:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: Invalid user pavel from 178.62.19.223
Oct 13 13:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: input_userauth_request: invalid user pavel [preauth]
Oct 13 13:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.19.223
Oct 13 13:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4060]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: Failed password for invalid user pavel from 178.62.19.223 port 41496 ssh2
Oct 13 13:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: Received disconnect from 178.62.19.223 port 41496:11: Bye Bye [preauth]
Oct 13 13:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: Disconnected from 178.62.19.223 port 41496 [preauth]
Oct 13 13:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: Invalid user newuser from 185.255.91.226
Oct 13 13:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: input_userauth_request: invalid user newuser [preauth]
Oct 13 13:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 13:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: Failed password for invalid user newuser from 185.255.91.226 port 46738 ssh2
Oct 13 13:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: Received disconnect from 185.255.91.226 port 46738:11: Bye Bye [preauth]
Oct 13 13:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: Disconnected from 185.255.91.226 port 46738 [preauth]
Oct 13 13:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4476]: Invalid user mqm from 51.195.149.120
Oct 13 13:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4476]: input_userauth_request: invalid user mqm [preauth]
Oct 13 13:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4476]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.195.149.120
Oct 13 13:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4476]: Failed password for invalid user mqm from 51.195.149.120 port 49934 ssh2
Oct 13 13:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4476]: Received disconnect from 51.195.149.120 port 49934:11: Bye Bye [preauth]
Oct 13 13:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4476]: Disconnected from 51.195.149.120 port 49934 [preauth]
Oct 13 13:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 13 13:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Failed password for root from 190.103.202.7 port 43126 ssh2
Oct 13 13:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Connection closed by 190.103.202.7 port 43126 [preauth]
Oct 13 13:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3068]: pam_unix(cron:session): session closed for user root
Oct 13 13:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4564]: Invalid user www from 196.251.80.27
Oct 13 13:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4564]: input_userauth_request: invalid user www [preauth]
Oct 13 13:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4564]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4564]: Failed password for invalid user www from 196.251.80.27 port 40632 ssh2
Oct 13 13:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4564]: Connection closed by 196.251.80.27 port 40632 [preauth]
Oct 13 13:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: Invalid user hello from 89.216.47.154
Oct 13 13:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: input_userauth_request: invalid user hello [preauth]
Oct 13 13:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4598]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4594]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4591]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4697]: Successful su for rubyman by root
Oct 13 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4697]: + ??? root:rubyman
Oct 13 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405083 of user rubyman.
Oct 13 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4697]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405083.
Oct 13 13:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: Failed password for invalid user hello from 89.216.47.154 port 58120 ssh2
Oct 13 13:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: Received disconnect from 89.216.47.154 port 58120:11: Bye Bye [preauth]
Oct 13 13:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: Disconnected from 89.216.47.154 port 58120 [preauth]
Oct 13 13:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1526]: pam_unix(cron:session): session closed for user root
Oct 13 13:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151  user=root
Oct 13 13:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172  user=root
Oct 13 13:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Failed password for root from 103.176.78.151 port 59494 ssh2
Oct 13 13:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Received disconnect from 103.176.78.151 port 59494:11: Bye Bye [preauth]
Oct 13 13:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Disconnected from 103.176.78.151 port 59494 [preauth]
Oct 13 13:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: Failed password for root from 37.120.247.172 port 40038 ssh2
Oct 13 13:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: Received disconnect from 37.120.247.172 port 40038:11: Bye Bye [preauth]
Oct 13 13:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4931]: Disconnected from 37.120.247.172 port 40038 [preauth]
Oct 13 13:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4592]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Invalid user administrator from 181.212.34.237
Oct 13 13:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: input_userauth_request: invalid user administrator [preauth]
Oct 13 13:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Failed password for invalid user administrator from 181.212.34.237 port 43819 ssh2
Oct 13 13:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Received disconnect from 181.212.34.237 port 43819:11: Bye Bye [preauth]
Oct 13 13:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Disconnected from 181.212.34.237 port 43819 [preauth]
Oct 13 13:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: Invalid user user123 from 103.10.45.57
Oct 13 13:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: input_userauth_request: invalid user user123 [preauth]
Oct 13 13:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5421]: Invalid user www from 134.175.247.110
Oct 13 13:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5421]: input_userauth_request: invalid user www [preauth]
Oct 13 13:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 13:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5421]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.175.247.110
Oct 13 13:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: Failed password for invalid user user123 from 103.10.45.57 port 36392 ssh2
Oct 13 13:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5421]: Failed password for invalid user www from 134.175.247.110 port 47760 ssh2
Oct 13 13:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5421]: Received disconnect from 134.175.247.110 port 47760:11: Bye Bye [preauth]
Oct 13 13:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5421]: Disconnected from 134.175.247.110 port 47760 [preauth]
Oct 13 13:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: Received disconnect from 103.10.45.57 port 36392:11: Bye Bye [preauth]
Oct 13 13:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: Disconnected from 103.10.45.57 port 36392 [preauth]
Oct 13 13:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: Invalid user www from 196.251.80.27
Oct 13 13:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: input_userauth_request: invalid user www [preauth]
Oct 13 13:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3579]: pam_unix(cron:session): session closed for user root
Oct 13 13:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: Failed password for invalid user www from 196.251.80.27 port 44312 ssh2
Oct 13 13:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: Connection closed by 196.251.80.27 port 44312 [preauth]
Oct 13 13:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161  user=root
Oct 13 13:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: Failed password for root from 216.10.242.161 port 53290 ssh2
Oct 13 13:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: Received disconnect from 216.10.242.161 port 53290:11: Bye Bye [preauth]
Oct 13 13:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5528]: Disconnected from 216.10.242.161 port 53290 [preauth]
Oct 13 13:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: Invalid user maryam from 177.75.6.242
Oct 13 13:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: input_userauth_request: invalid user maryam [preauth]
Oct 13 13:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: Failed password for invalid user maryam from 177.75.6.242 port 19816 ssh2
Oct 13 13:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: Received disconnect from 177.75.6.242 port 19816:11: Bye Bye [preauth]
Oct 13 13:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: Disconnected from 177.75.6.242 port 19816 [preauth]
Oct 13 13:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5572]: Invalid user myth from 185.255.91.226
Oct 13 13:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5572]: input_userauth_request: invalid user myth [preauth]
Oct 13 13:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5572]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 13:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5572]: Failed password for invalid user myth from 185.255.91.226 port 52204 ssh2
Oct 13 13:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5572]: Received disconnect from 185.255.91.226 port 52204:11: Bye Bye [preauth]
Oct 13 13:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5572]: Disconnected from 185.255.91.226 port 52204 [preauth]
Oct 13 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5589]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5588]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5586]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5669]: Successful su for rubyman by root
Oct 13 13:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5669]: + ??? root:rubyman
Oct 13 13:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405088 of user rubyman.
Oct 13 13:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5669]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405088.
Oct 13 13:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2127]: pam_unix(cron:session): session closed for user root
Oct 13 13:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5587]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: Invalid user www from 196.251.80.27
Oct 13 13:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: input_userauth_request: invalid user www [preauth]
Oct 13 13:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: Failed password for invalid user www from 196.251.80.27 port 47662 ssh2
Oct 13 13:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: Connection closed by 196.251.80.27 port 47662 [preauth]
Oct 13 13:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5968]: User ftp from 37.120.247.172 not allowed because not listed in AllowUsers
Oct 13 13:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5968]: input_userauth_request: invalid user ftp [preauth]
Oct 13 13:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172  user=ftp
Oct 13 13:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Invalid user elk from 89.216.47.154
Oct 13 13:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: input_userauth_request: invalid user elk [preauth]
Oct 13 13:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5968]: Failed password for invalid user ftp from 37.120.247.172 port 55520 ssh2
Oct 13 13:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5968]: Received disconnect from 37.120.247.172 port 55520:11: Bye Bye [preauth]
Oct 13 13:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5968]: Disconnected from 37.120.247.172 port 55520 [preauth]
Oct 13 13:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Failed password for invalid user elk from 89.216.47.154 port 47486 ssh2
Oct 13 13:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Received disconnect from 89.216.47.154 port 47486:11: Bye Bye [preauth]
Oct 13 13:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: Disconnected from 89.216.47.154 port 47486 [preauth]
Oct 13 13:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4062]: pam_unix(cron:session): session closed for user root
Oct 13 13:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.195.254.152  user=root
Oct 13 13:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: Failed password for root from 199.195.254.152 port 60594 ssh2
Oct 13 13:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: Connection closed by 199.195.254.152 port 60594 [preauth]
Oct 13 13:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.195.254.152  user=root
Oct 13 13:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: Failed password for root from 199.195.254.152 port 60598 ssh2
Oct 13 13:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6016]: Connection closed by 199.195.254.152 port 60598 [preauth]
Oct 13 13:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.195.254.152  user=root
Oct 13 13:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: Failed password for root from 199.195.254.152 port 60602 ssh2
Oct 13 13:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: Connection closed by 199.195.254.152 port 60602 [preauth]
Oct 13 13:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.195.254.152  user=root
Oct 13 13:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6033]: Failed password for root from 199.195.254.152 port 60614 ssh2
Oct 13 13:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6033]: Connection closed by 199.195.254.152 port 60614 [preauth]
Oct 13 13:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6057]: Connection closed by 199.195.254.152 port 60132 [preauth]
Oct 13 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6074]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6076]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6075]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6073]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6076]: pam_unix(cron:session): session closed for user root
Oct 13 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6071]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6168]: Successful su for rubyman by root
Oct 13 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6168]: + ??? root:rubyman
Oct 13 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6168]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405092 of user rubyman.
Oct 13 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6168]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405092.
Oct 13 13:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: Invalid user testuser from 181.212.34.237
Oct 13 13:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: input_userauth_request: invalid user testuser [preauth]
Oct 13 13:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: Invalid user www from 196.251.80.27
Oct 13 13:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: input_userauth_request: invalid user www [preauth]
Oct 13 13:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: Failed password for invalid user testuser from 181.212.34.237 port 32300 ssh2
Oct 13 13:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: Received disconnect from 181.212.34.237 port 32300:11: Bye Bye [preauth]
Oct 13 13:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: Disconnected from 181.212.34.237 port 32300 [preauth]
Oct 13 13:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: Failed password for invalid user www from 196.251.80.27 port 50548 ssh2
Oct 13 13:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: Connection closed by 196.251.80.27 port 50548 [preauth]
Oct 13 13:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: Invalid user daniel from 103.10.45.57
Oct 13 13:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: input_userauth_request: invalid user daniel [preauth]
Oct 13 13:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 13:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6073]: pam_unix(cron:session): session closed for user root
Oct 13 13:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2612]: pam_unix(cron:session): session closed for user root
Oct 13 13:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: Failed password for invalid user daniel from 103.10.45.57 port 50580 ssh2
Oct 13 13:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: Received disconnect from 103.10.45.57 port 50580:11: Bye Bye [preauth]
Oct 13 13:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: Disconnected from 103.10.45.57 port 50580 [preauth]
Oct 13 13:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: Invalid user daniel from 216.10.242.161
Oct 13 13:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: input_userauth_request: invalid user daniel [preauth]
Oct 13 13:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 13:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: Failed password for invalid user daniel from 216.10.242.161 port 54950 ssh2
Oct 13 13:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: Received disconnect from 216.10.242.161 port 54950:11: Bye Bye [preauth]
Oct 13 13:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: Disconnected from 216.10.242.161 port 54950 [preauth]
Oct 13 13:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226  user=root
Oct 13 13:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6072]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6417]: Failed password for root from 185.255.91.226 port 42466 ssh2
Oct 13 13:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6417]: Received disconnect from 185.255.91.226 port 42466:11: Bye Bye [preauth]
Oct 13 13:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6417]: Disconnected from 185.255.91.226 port 42466 [preauth]
Oct 13 13:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Invalid user dev from 177.75.6.242
Oct 13 13:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: input_userauth_request: invalid user dev [preauth]
Oct 13 13:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151  user=root
Oct 13 13:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Failed password for invalid user dev from 177.75.6.242 port 59867 ssh2
Oct 13 13:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Received disconnect from 177.75.6.242 port 59867:11: Bye Bye [preauth]
Oct 13 13:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Disconnected from 177.75.6.242 port 59867 [preauth]
Oct 13 13:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: Failed password for root from 103.176.78.151 port 56766 ssh2
Oct 13 13:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: Received disconnect from 103.176.78.151 port 56766:11: Bye Bye [preauth]
Oct 13 13:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: Disconnected from 103.176.78.151 port 56766 [preauth]
Oct 13 13:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4598]: pam_unix(cron:session): session closed for user root
Oct 13 13:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: Invalid user nagios from 37.120.247.172
Oct 13 13:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: input_userauth_request: invalid user nagios [preauth]
Oct 13 13:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: Failed password for invalid user nagios from 37.120.247.172 port 59836 ssh2
Oct 13 13:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: Received disconnect from 37.120.247.172 port 59836:11: Bye Bye [preauth]
Oct 13 13:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: Disconnected from 37.120.247.172 port 59836 [preauth]
Oct 13 13:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: Invalid user www from 196.251.80.27
Oct 13 13:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: input_userauth_request: invalid user www [preauth]
Oct 13 13:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: Failed password for invalid user www from 196.251.80.27 port 53716 ssh2
Oct 13 13:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: Connection closed by 196.251.80.27 port 53716 [preauth]
Oct 13 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6597]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6596]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6593]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6757]: Successful su for rubyman by root
Oct 13 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6757]: + ??? root:rubyman
Oct 13 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405100 of user rubyman.
Oct 13 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6757]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405100.
Oct 13 13:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: Invalid user hamid from 89.216.47.154
Oct 13 13:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: input_userauth_request: invalid user hamid [preauth]
Oct 13 13:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: Failed password for invalid user hamid from 89.216.47.154 port 36848 ssh2
Oct 13 13:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: Received disconnect from 89.216.47.154 port 36848:11: Bye Bye [preauth]
Oct 13 13:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: Disconnected from 89.216.47.154 port 36848 [preauth]
Oct 13 13:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3067]: pam_unix(cron:session): session closed for user root
Oct 13 13:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6594]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7044]: Invalid user www from 196.251.80.27
Oct 13 13:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7044]: input_userauth_request: invalid user www [preauth]
Oct 13 13:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7044]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7044]: Failed password for invalid user www from 196.251.80.27 port 57466 ssh2
Oct 13 13:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7044]: Connection closed by 196.251.80.27 port 57466 [preauth]
Oct 13 13:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5589]: pam_unix(cron:session): session closed for user root
Oct 13 13:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57  user=root
Oct 13 13:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7092]: Failed password for root from 103.10.45.57 port 47426 ssh2
Oct 13 13:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7092]: Received disconnect from 103.10.45.57 port 47426:11: Bye Bye [preauth]
Oct 13 13:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7092]: Disconnected from 103.10.45.57 port 47426 [preauth]
Oct 13 13:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: Invalid user ftpuser from 181.212.34.237
Oct 13 13:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 13:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7116]: Invalid user issabel from 185.255.91.226
Oct 13 13:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7116]: input_userauth_request: invalid user issabel [preauth]
Oct 13 13:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7116]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226
Oct 13 13:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: Failed password for invalid user ftpuser from 181.212.34.237 port 50547 ssh2
Oct 13 13:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: Received disconnect from 181.212.34.237 port 50547:11: Bye Bye [preauth]
Oct 13 13:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: Disconnected from 181.212.34.237 port 50547 [preauth]
Oct 13 13:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: Invalid user silas from 216.10.242.161
Oct 13 13:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: input_userauth_request: invalid user silas [preauth]
Oct 13 13:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 13:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7116]: Failed password for invalid user issabel from 185.255.91.226 port 60622 ssh2
Oct 13 13:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7116]: Received disconnect from 185.255.91.226 port 60622:11: Bye Bye [preauth]
Oct 13 13:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7116]: Disconnected from 185.255.91.226 port 60622 [preauth]
Oct 13 13:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: Failed password for invalid user silas from 216.10.242.161 port 52718 ssh2
Oct 13 13:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: Received disconnect from 216.10.242.161 port 52718:11: Bye Bye [preauth]
Oct 13 13:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: Disconnected from 216.10.242.161 port 52718 [preauth]
Oct 13 13:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: Invalid user kali from 177.75.6.242
Oct 13 13:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: input_userauth_request: invalid user kali [preauth]
Oct 13 13:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7246]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7245]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: Failed password for invalid user kali from 177.75.6.242 port 56944 ssh2
Oct 13 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7243]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: Received disconnect from 177.75.6.242 port 56944:11: Bye Bye [preauth]
Oct 13 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: Disconnected from 177.75.6.242 port 56944 [preauth]
Oct 13 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7314]: Successful su for rubyman by root
Oct 13 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7314]: + ??? root:rubyman
Oct 13 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7314]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405102 of user rubyman.
Oct 13 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7314]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405102.
Oct 13 13:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: Invalid user erpnext from 37.120.247.172
Oct 13 13:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: input_userauth_request: invalid user erpnext [preauth]
Oct 13 13:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: Failed password for invalid user erpnext from 37.120.247.172 port 40654 ssh2
Oct 13 13:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: Received disconnect from 37.120.247.172 port 40654:11: Bye Bye [preauth]
Oct 13 13:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7407]: Disconnected from 37.120.247.172 port 40654 [preauth]
Oct 13 13:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3578]: pam_unix(cron:session): session closed for user root
Oct 13 13:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7244]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7575]: Invalid user www from 196.251.80.27
Oct 13 13:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7575]: input_userauth_request: invalid user www [preauth]
Oct 13 13:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7575]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7575]: Failed password for invalid user www from 196.251.80.27 port 60346 ssh2
Oct 13 13:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7575]: Connection closed by 196.251.80.27 port 60346 [preauth]
Oct 13 13:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7612]: Invalid user ubuntu from 89.216.47.154
Oct 13 13:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7612]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 13:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7612]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7612]: Failed password for invalid user ubuntu from 89.216.47.154 port 54443 ssh2
Oct 13 13:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7612]: Received disconnect from 89.216.47.154 port 54443:11: Bye Bye [preauth]
Oct 13 13:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7612]: Disconnected from 89.216.47.154 port 54443 [preauth]
Oct 13 13:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: Invalid user acct from 103.176.78.151
Oct 13 13:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: input_userauth_request: invalid user acct [preauth]
Oct 13 13:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 13:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: Failed password for invalid user acct from 103.176.78.151 port 54416 ssh2
Oct 13 13:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: Received disconnect from 103.176.78.151 port 54416:11: Bye Bye [preauth]
Oct 13 13:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7625]: Disconnected from 103.176.78.151 port 54416 [preauth]
Oct 13 13:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6075]: pam_unix(cron:session): session closed for user root
Oct 13 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7719]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7718]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7716]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7793]: Successful su for rubyman by root
Oct 13 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7793]: + ??? root:rubyman
Oct 13 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405105 of user rubyman.
Oct 13 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7793]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405105.
Oct 13 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.226  user=root
Oct 13 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Invalid user www from 196.251.80.27
Oct 13 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: input_userauth_request: invalid user www [preauth]
Oct 13 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Failed password for root from 185.255.91.226 port 34096 ssh2
Oct 13 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Received disconnect from 185.255.91.226 port 34096:11: Bye Bye [preauth]
Oct 13 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Disconnected from 185.255.91.226 port 34096 [preauth]
Oct 13 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Failed password for invalid user www from 196.251.80.27 port 35040 ssh2
Oct 13 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Connection closed by 196.251.80.27 port 35040 [preauth]
Oct 13 13:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4061]: pam_unix(cron:session): session closed for user root
Oct 13 13:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8415]: Invalid user user123 from 216.10.242.161
Oct 13 13:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8415]: input_userauth_request: invalid user user123 [preauth]
Oct 13 13:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8415]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 13:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8415]: Failed password for invalid user user123 from 216.10.242.161 port 44270 ssh2
Oct 13 13:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8415]: Received disconnect from 216.10.242.161 port 44270:11: Bye Bye [preauth]
Oct 13 13:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8415]: Disconnected from 216.10.242.161 port 44270 [preauth]
Oct 13 13:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8455]: Invalid user dmdba from 181.212.34.237
Oct 13 13:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8455]: input_userauth_request: invalid user dmdba [preauth]
Oct 13 13:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8455]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: Invalid user njs from 103.10.45.57
Oct 13 13:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: input_userauth_request: invalid user njs [preauth]
Oct 13 13:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 13:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7717]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8455]: Failed password for invalid user dmdba from 181.212.34.237 port 21519 ssh2
Oct 13 13:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8455]: Received disconnect from 181.212.34.237 port 21519:11: Bye Bye [preauth]
Oct 13 13:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8455]: Disconnected from 181.212.34.237 port 21519 [preauth]
Oct 13 13:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: Failed password for invalid user njs from 103.10.45.57 port 37240 ssh2
Oct 13 13:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: Received disconnect from 103.10.45.57 port 37240:11: Bye Bye [preauth]
Oct 13 13:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8458]: Disconnected from 103.10.45.57 port 37240 [preauth]
Oct 13 13:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8498]: User john from 37.120.247.172 not allowed because not listed in AllowUsers
Oct 13 13:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8498]: input_userauth_request: invalid user john [preauth]
Oct 13 13:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172  user=john
Oct 13 13:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: Invalid user anil from 20.163.71.109
Oct 13 13:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: input_userauth_request: invalid user anil [preauth]
Oct 13 13:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 13 13:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8498]: Failed password for invalid user john from 37.120.247.172 port 36576 ssh2
Oct 13 13:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8498]: Received disconnect from 37.120.247.172 port 36576:11: Bye Bye [preauth]
Oct 13 13:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8498]: Disconnected from 37.120.247.172 port 36576 [preauth]
Oct 13 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: Failed password for invalid user anil from 20.163.71.109 port 57176 ssh2
Oct 13 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: Connection closed by 20.163.71.109 port 57176 [preauth]
Oct 13 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: Invalid user test from 177.75.6.242
Oct 13 13:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: input_userauth_request: invalid user test [preauth]
Oct 13 13:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: Failed password for invalid user test from 177.75.6.242 port 44199 ssh2
Oct 13 13:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: Received disconnect from 177.75.6.242 port 44199:11: Bye Bye [preauth]
Oct 13 13:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: Disconnected from 177.75.6.242 port 44199 [preauth]
Oct 13 13:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8558]: Did not receive identification string from 82.223.10.156
Oct 13 13:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6597]: pam_unix(cron:session): session closed for user root
Oct 13 13:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.223.10.156  user=root
Oct 13 13:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: Failed password for root from 82.223.10.156 port 55376 ssh2
Oct 13 13:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: Connection closed by 82.223.10.156 port 55376 [preauth]
Oct 13 13:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.223.10.156  user=root
Oct 13 13:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: Failed password for root from 82.223.10.156 port 58062 ssh2
Oct 13 13:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: Connection closed by 82.223.10.156 port 58062 [preauth]
Oct 13 13:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.223.10.156  user=root
Oct 13 13:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: Failed password for root from 82.223.10.156 port 59142 ssh2
Oct 13 13:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: Connection closed by 82.223.10.156 port 59142 [preauth]
Oct 13 13:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.223.10.156  user=root
Oct 13 13:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: Failed password for root from 82.223.10.156 port 60764 ssh2
Oct 13 13:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8620]: Invalid user www from 196.251.80.27
Oct 13 13:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8620]: input_userauth_request: invalid user www [preauth]
Oct 13 13:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: Connection closed by 82.223.10.156 port 60764 [preauth]
Oct 13 13:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8620]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.223.10.156  user=root
Oct 13 13:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8620]: Failed password for invalid user www from 196.251.80.27 port 38538 ssh2
Oct 13 13:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8620]: Connection closed by 196.251.80.27 port 38538 [preauth]
Oct 13 13:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: Failed password for root from 82.223.10.156 port 34368 ssh2
Oct 13 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8664]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8665]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8658]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8722]: Invalid user postgres from 89.216.47.154
Oct 13 13:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8722]: input_userauth_request: invalid user postgres [preauth]
Oct 13 13:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8722]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8737]: Successful su for rubyman by root
Oct 13 13:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8737]: + ??? root:rubyman
Oct 13 13:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405112 of user rubyman.
Oct 13 13:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8737]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405112.
Oct 13 13:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8722]: Failed password for invalid user postgres from 89.216.47.154 port 43805 ssh2
Oct 13 13:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8722]: Received disconnect from 89.216.47.154 port 43805:11: Bye Bye [preauth]
Oct 13 13:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8722]: Disconnected from 89.216.47.154 port 43805 [preauth]
Oct 13 13:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4594]: pam_unix(cron:session): session closed for user root
Oct 13 13:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8659]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9105]: Connection closed by 142.93.135.160 port 50522 [preauth]
Oct 13 13:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: Invalid user www from 196.251.80.27
Oct 13 13:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: input_userauth_request: invalid user www [preauth]
Oct 13 13:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: Failed password for invalid user www from 196.251.80.27 port 41680 ssh2
Oct 13 13:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: Connection closed by 196.251.80.27 port 41680 [preauth]
Oct 13 13:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7246]: pam_unix(cron:session): session closed for user root
Oct 13 13:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161  user=root
Oct 13 13:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: Failed password for root from 216.10.242.161 port 34458 ssh2
Oct 13 13:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: Received disconnect from 216.10.242.161 port 34458:11: Bye Bye [preauth]
Oct 13 13:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9268]: Disconnected from 216.10.242.161 port 34458 [preauth]
Oct 13 13:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9296]: Invalid user agent from 37.120.247.172
Oct 13 13:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9296]: input_userauth_request: invalid user agent [preauth]
Oct 13 13:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9296]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9296]: Failed password for invalid user agent from 37.120.247.172 port 34870 ssh2
Oct 13 13:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9296]: Received disconnect from 37.120.247.172 port 34870:11: Bye Bye [preauth]
Oct 13 13:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9296]: Disconnected from 37.120.247.172 port 34870 [preauth]
Oct 13 13:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: Invalid user dm from 103.10.45.57
Oct 13 13:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: input_userauth_request: invalid user dm [preauth]
Oct 13 13:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 13:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: Failed password for invalid user dm from 103.10.45.57 port 49824 ssh2
Oct 13 13:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: Received disconnect from 103.10.45.57 port 49824:11: Bye Bye [preauth]
Oct 13 13:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: Disconnected from 103.10.45.57 port 49824 [preauth]
Oct 13 13:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: Invalid user dm from 103.176.78.151
Oct 13 13:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: input_userauth_request: invalid user dm [preauth]
Oct 13 13:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 13:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9337]: Invalid user dev from 181.212.34.237
Oct 13 13:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9337]: input_userauth_request: invalid user dev [preauth]
Oct 13 13:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9337]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: Failed password for invalid user dm from 103.176.78.151 port 49026 ssh2
Oct 13 13:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: Received disconnect from 103.176.78.151 port 49026:11: Bye Bye [preauth]
Oct 13 13:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: Disconnected from 103.176.78.151 port 49026 [preauth]
Oct 13 13:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9337]: Failed password for invalid user dev from 181.212.34.237 port 18340 ssh2
Oct 13 13:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9337]: Received disconnect from 181.212.34.237 port 18340:11: Bye Bye [preauth]
Oct 13 13:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9337]: Disconnected from 181.212.34.237 port 18340 [preauth]
Oct 13 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9365]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9368]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9364]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9366]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9367]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9363]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9368]: pam_unix(cron:session): session closed for user root
Oct 13 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9363]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9446]: Successful su for rubyman by root
Oct 13 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9446]: + ??? root:rubyman
Oct 13 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405115 of user rubyman.
Oct 13 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9446]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405115.
Oct 13 13:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9365]: pam_unix(cron:session): session closed for user root
Oct 13 13:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242  user=root
Oct 13 13:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5588]: pam_unix(cron:session): session closed for user root
Oct 13 13:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9624]: Failed password for root from 177.75.6.242 port 16899 ssh2
Oct 13 13:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9624]: Received disconnect from 177.75.6.242 port 16899:11: Bye Bye [preauth]
Oct 13 13:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9624]: Disconnected from 177.75.6.242 port 16899 [preauth]
Oct 13 13:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9843]: Invalid user www from 196.251.80.27
Oct 13 13:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9843]: input_userauth_request: invalid user www [preauth]
Oct 13 13:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9843]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9843]: Failed password for invalid user www from 196.251.80.27 port 44666 ssh2
Oct 13 13:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9843]: Connection closed by 196.251.80.27 port 44666 [preauth]
Oct 13 13:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9364]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7719]: pam_unix(cron:session): session closed for user root
Oct 13 13:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: Invalid user aos from 89.216.47.154
Oct 13 13:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: input_userauth_request: invalid user aos [preauth]
Oct 13 13:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: Failed password for invalid user aos from 89.216.47.154 port 33172 ssh2
Oct 13 13:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: Received disconnect from 89.216.47.154 port 33172:11: Bye Bye [preauth]
Oct 13 13:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: Disconnected from 89.216.47.154 port 33172 [preauth]
Oct 13 13:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 13:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Failed password for root from 194.182.86.152 port 46688 ssh2
Oct 13 13:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Connection closed by 194.182.86.152 port 46688 [preauth]
Oct 13 13:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10036]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10035]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10032]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10025]: Invalid user test1 from 196.251.80.27
Oct 13 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10025]: input_userauth_request: invalid user test1 [preauth]
Oct 13 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10025]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10111]: Successful su for rubyman by root
Oct 13 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10111]: + ??? root:rubyman
Oct 13 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10111]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405119 of user rubyman.
Oct 13 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10111]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405119.
Oct 13 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10025]: Failed password for invalid user test1 from 196.251.80.27 port 47800 ssh2
Oct 13 13:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172  user=root
Oct 13 13:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10025]: Connection closed by 196.251.80.27 port 47800 [preauth]
Oct 13 13:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10141]: Failed password for root from 37.120.247.172 port 59116 ssh2
Oct 13 13:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10141]: Received disconnect from 37.120.247.172 port 59116:11: Bye Bye [preauth]
Oct 13 13:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10141]: Disconnected from 37.120.247.172 port 59116 [preauth]
Oct 13 13:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10242]: Invalid user pavel from 216.10.242.161
Oct 13 13:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10242]: input_userauth_request: invalid user pavel [preauth]
Oct 13 13:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10242]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=216.10.242.161
Oct 13 13:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10242]: Failed password for invalid user pavel from 216.10.242.161 port 52496 ssh2
Oct 13 13:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10242]: Received disconnect from 216.10.242.161 port 52496:11: Bye Bye [preauth]
Oct 13 13:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10242]: Disconnected from 216.10.242.161 port 52496 [preauth]
Oct 13 13:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6074]: pam_unix(cron:session): session closed for user root
Oct 13 13:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10034]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57  user=root
Oct 13 13:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: Failed password for root from 103.10.45.57 port 56498 ssh2
Oct 13 13:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: Received disconnect from 103.10.45.57 port 56498:11: Bye Bye [preauth]
Oct 13 13:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: Disconnected from 103.10.45.57 port 56498 [preauth]
Oct 13 13:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: Invalid user git from 181.212.34.237
Oct 13 13:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: input_userauth_request: invalid user git [preauth]
Oct 13 13:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: Failed password for invalid user git from 181.212.34.237 port 59481 ssh2
Oct 13 13:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: Received disconnect from 181.212.34.237 port 59481:11: Bye Bye [preauth]
Oct 13 13:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: Disconnected from 181.212.34.237 port 59481 [preauth]
Oct 13 13:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8665]: pam_unix(cron:session): session closed for user root
Oct 13 13:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: Invalid user test1 from 196.251.80.27
Oct 13 13:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: input_userauth_request: invalid user test1 [preauth]
Oct 13 13:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: Failed password for invalid user test1 from 196.251.80.27 port 50818 ssh2
Oct 13 13:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: Invalid user admin from 2.57.121.112
Oct 13 13:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: input_userauth_request: invalid user admin [preauth]
Oct 13 13:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 13:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10478]: Connection closed by 196.251.80.27 port 50818 [preauth]
Oct 13 13:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: Failed password for invalid user admin from 2.57.121.112 port 49922 ssh2
Oct 13 13:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: Failed password for invalid user admin from 2.57.121.112 port 49922 ssh2
Oct 13 13:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: Invalid user user from 2.57.121.112
Oct 13 13:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: input_userauth_request: invalid user user [preauth]
Oct 13 13:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 13:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: Failed password for invalid user admin from 2.57.121.112 port 49922 ssh2
Oct 13 13:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: Failed password for invalid user user from 2.57.121.112 port 63197 ssh2
Oct 13 13:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: Failed password for invalid user admin from 2.57.121.112 port 49922 ssh2
Oct 13 13:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: Failed password for invalid user user from 2.57.121.112 port 63197 ssh2
Oct 13 13:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: Failed password for invalid user admin from 2.57.121.112 port 49922 ssh2
Oct 13 13:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: Received disconnect from 2.57.121.112 port 49922:11: Bye [preauth]
Oct 13 13:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: Disconnected from 2.57.121.112 port 49922 [preauth]
Oct 13 13:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 13:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10496]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 13:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: Failed password for invalid user user from 2.57.121.112 port 63197 ssh2
Oct 13 13:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10539]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10541]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10536]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: Failed password for invalid user user from 2.57.121.112 port 63197 ssh2
Oct 13 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10611]: Successful su for rubyman by root
Oct 13 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10611]: + ??? root:rubyman
Oct 13 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10611]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405123 of user rubyman.
Oct 13 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10611]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405123.
Oct 13 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Invalid user ctarazona from 103.176.78.151
Oct 13 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: input_userauth_request: invalid user ctarazona [preauth]
Oct 13 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: Failed password for invalid user user from 2.57.121.112 port 63197 ssh2
Oct 13 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: Received disconnect from 2.57.121.112 port 63197:11: Bye [preauth]
Oct 13 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: Disconnected from 2.57.121.112 port 63197 [preauth]
Oct 13 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 13:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Failed password for invalid user ctarazona from 103.176.78.151 port 52408 ssh2
Oct 13 13:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Received disconnect from 103.176.78.151 port 52408:11: Bye Bye [preauth]
Oct 13 13:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Disconnected from 103.176.78.151 port 52408 [preauth]
Oct 13 13:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6596]: pam_unix(cron:session): session closed for user root
Oct 13 13:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Invalid user ming from 89.216.47.154
Oct 13 13:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: input_userauth_request: invalid user ming [preauth]
Oct 13 13:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Failed password for invalid user ming from 89.216.47.154 port 50772 ssh2
Oct 13 13:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Received disconnect from 89.216.47.154 port 50772:11: Bye Bye [preauth]
Oct 13 13:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Disconnected from 89.216.47.154 port 50772 [preauth]
Oct 13 13:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10537]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172  user=root
Oct 13 13:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: Failed password for root from 37.120.247.172 port 40636 ssh2
Oct 13 13:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: Received disconnect from 37.120.247.172 port 40636:11: Bye Bye [preauth]
Oct 13 13:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: Disconnected from 37.120.247.172 port 40636 [preauth]
Oct 13 13:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: Invalid user test1 from 196.251.80.27
Oct 13 13:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: input_userauth_request: invalid user test1 [preauth]
Oct 13 13:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: Failed password for invalid user test1 from 196.251.80.27 port 53562 ssh2
Oct 13 13:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10895]: Connection closed by 196.251.80.27 port 53562 [preauth]
Oct 13 13:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: Invalid user suporte from 177.75.6.242
Oct 13 13:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: input_userauth_request: invalid user suporte [preauth]
Oct 13 13:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: Failed password for invalid user suporte from 177.75.6.242 port 57024 ssh2
Oct 13 13:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: Received disconnect from 177.75.6.242 port 57024:11: Bye Bye [preauth]
Oct 13 13:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: Disconnected from 177.75.6.242 port 57024 [preauth]
Oct 13 13:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9367]: pam_unix(cron:session): session closed for user root
Oct 13 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11024]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11023]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11020]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11093]: Successful su for rubyman by root
Oct 13 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11093]: + ??? root:rubyman
Oct 13 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405127 of user rubyman.
Oct 13 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11093]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405127.
Oct 13 13:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Invalid user www from 181.212.34.237
Oct 13 13:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: input_userauth_request: invalid user www [preauth]
Oct 13 13:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7245]: pam_unix(cron:session): session closed for user root
Oct 13 13:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Failed password for invalid user www from 181.212.34.237 port 59703 ssh2
Oct 13 13:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Received disconnect from 181.212.34.237 port 59703:11: Bye Bye [preauth]
Oct 13 13:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Disconnected from 181.212.34.237 port 59703 [preauth]
Oct 13 13:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: Invalid user test1 from 196.251.80.27
Oct 13 13:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: input_userauth_request: invalid user test1 [preauth]
Oct 13 13:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: Failed password for invalid user test1 from 196.251.80.27 port 56496 ssh2
Oct 13 13:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11292]: Connection closed by 196.251.80.27 port 56496 [preauth]
Oct 13 13:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57  user=root
Oct 13 13:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11021]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11327]: Failed password for root from 103.10.45.57 port 58240 ssh2
Oct 13 13:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11327]: Received disconnect from 103.10.45.57 port 58240:11: Bye Bye [preauth]
Oct 13 13:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11327]: Disconnected from 103.10.45.57 port 58240 [preauth]
Oct 13 13:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 13:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Failed password for root from 194.182.86.152 port 44962 ssh2
Oct 13 13:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: Connection closed by 194.182.86.152 port 44962 [preauth]
Oct 13 13:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Invalid user ubuntu from 37.120.247.172
Oct 13 13:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 13:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Failed password for invalid user ubuntu from 37.120.247.172 port 53000 ssh2
Oct 13 13:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Received disconnect from 37.120.247.172 port 53000:11: Bye Bye [preauth]
Oct 13 13:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Disconnected from 37.120.247.172 port 53000 [preauth]
Oct 13 13:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10036]: pam_unix(cron:session): session closed for user root
Oct 13 13:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154  user=root
Oct 13 13:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: Failed password for root from 89.216.47.154 port 40131 ssh2
Oct 13 13:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: Received disconnect from 89.216.47.154 port 40131:11: Bye Bye [preauth]
Oct 13 13:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: Disconnected from 89.216.47.154 port 40131 [preauth]
Oct 13 13:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: Invalid user test1 from 196.251.80.27
Oct 13 13:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: input_userauth_request: invalid user test1 [preauth]
Oct 13 13:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: Failed password for invalid user test1 from 196.251.80.27 port 59174 ssh2
Oct 13 13:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11476]: Connection closed by 196.251.80.27 port 59174 [preauth]
Oct 13 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11494]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11493]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11491]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11567]: Successful su for rubyman by root
Oct 13 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11567]: + ??? root:rubyman
Oct 13 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11567]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405131 of user rubyman.
Oct 13 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11567]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405131.
Oct 13 13:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Invalid user user2 from 177.75.6.242
Oct 13 13:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: input_userauth_request: invalid user user2 [preauth]
Oct 13 13:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: Invalid user poc from 103.176.78.151
Oct 13 13:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: input_userauth_request: invalid user poc [preauth]
Oct 13 13:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 13:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7718]: pam_unix(cron:session): session closed for user root
Oct 13 13:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Failed password for invalid user user2 from 177.75.6.242 port 25996 ssh2
Oct 13 13:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Received disconnect from 177.75.6.242 port 25996:11: Bye Bye [preauth]
Oct 13 13:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11787]: Disconnected from 177.75.6.242 port 25996 [preauth]
Oct 13 13:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: Failed password for invalid user poc from 103.176.78.151 port 45362 ssh2
Oct 13 13:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: Received disconnect from 103.176.78.151 port 45362:11: Bye Bye [preauth]
Oct 13 13:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: Disconnected from 103.176.78.151 port 45362 [preauth]
Oct 13 13:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11492]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11970]: Invalid user test1 from 196.251.80.27
Oct 13 13:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11970]: input_userauth_request: invalid user test1 [preauth]
Oct 13 13:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10541]: pam_unix(cron:session): session closed for user root
Oct 13 13:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11970]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11970]: Failed password for invalid user test1 from 196.251.80.27 port 34172 ssh2
Oct 13 13:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11970]: Connection closed by 196.251.80.27 port 34172 [preauth]
Oct 13 13:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12012]: User backup from 181.212.34.237 not allowed because not listed in AllowUsers
Oct 13 13:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12012]: input_userauth_request: invalid user backup [preauth]
Oct 13 13:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237  user=backup
Oct 13 13:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12012]: Failed password for invalid user backup from 181.212.34.237 port 5617 ssh2
Oct 13 13:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12012]: Received disconnect from 181.212.34.237 port 5617:11: Bye Bye [preauth]
Oct 13 13:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12012]: Disconnected from 181.212.34.237 port 5617 [preauth]
Oct 13 13:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: Invalid user proxyuser from 103.10.45.57
Oct 13 13:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: input_userauth_request: invalid user proxyuser [preauth]
Oct 13 13:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 13:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: Failed password for invalid user proxyuser from 103.10.45.57 port 43018 ssh2
Oct 13 13:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: Received disconnect from 103.10.45.57 port 43018:11: Bye Bye [preauth]
Oct 13 13:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12030]: Disconnected from 103.10.45.57 port 43018 [preauth]
Oct 13 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12070]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12072]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12069]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12068]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12072]: pam_unix(cron:session): session closed for user root
Oct 13 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12066]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12160]: Successful su for rubyman by root
Oct 13 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12160]: + ??? root:rubyman
Oct 13 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12160]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405135 of user rubyman.
Oct 13 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12160]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405135.
Oct 13 13:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12199]: Invalid user ubuntu from 37.120.247.172
Oct 13 13:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12199]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 13:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12199]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12199]: Failed password for invalid user ubuntu from 37.120.247.172 port 44384 ssh2
Oct 13 13:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12199]: Received disconnect from 37.120.247.172 port 44384:11: Bye Bye [preauth]
Oct 13 13:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12199]: Disconnected from 37.120.247.172 port 44384 [preauth]
Oct 13 13:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12068]: pam_unix(cron:session): session closed for user root
Oct 13 13:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8664]: pam_unix(cron:session): session closed for user root
Oct 13 13:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12369]: Invalid user elastic from 89.216.47.154
Oct 13 13:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12369]: input_userauth_request: invalid user elastic [preauth]
Oct 13 13:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12369]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12369]: Failed password for invalid user elastic from 89.216.47.154 port 57727 ssh2
Oct 13 13:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12369]: Received disconnect from 89.216.47.154 port 57727:11: Bye Bye [preauth]
Oct 13 13:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12369]: Disconnected from 89.216.47.154 port 57727 [preauth]
Oct 13 13:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12067]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: Invalid user test1 from 196.251.80.27
Oct 13 13:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: input_userauth_request: invalid user test1 [preauth]
Oct 13 13:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: Failed password for invalid user test1 from 196.251.80.27 port 36454 ssh2
Oct 13 13:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: Connection closed by 196.251.80.27 port 36454 [preauth]
Oct 13 13:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11024]: pam_unix(cron:session): session closed for user root
Oct 13 13:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12546]: Invalid user mtvps1 from 177.75.6.242
Oct 13 13:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12546]: input_userauth_request: invalid user mtvps1 [preauth]
Oct 13 13:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12546]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12546]: Failed password for invalid user mtvps1 from 177.75.6.242 port 14634 ssh2
Oct 13 13:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12546]: Received disconnect from 177.75.6.242 port 14634:11: Bye Bye [preauth]
Oct 13 13:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12546]: Disconnected from 177.75.6.242 port 14634 [preauth]
Oct 13 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12595]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12597]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12589]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12589]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12697]: Successful su for rubyman by root
Oct 13 13:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12697]: + ??? root:rubyman
Oct 13 13:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405143 of user rubyman.
Oct 13 13:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12697]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405143.
Oct 13 13:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: Invalid user test1 from 196.251.80.27
Oct 13 13:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: input_userauth_request: invalid user test1 [preauth]
Oct 13 13:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: Failed password for invalid user test1 from 196.251.80.27 port 39014 ssh2
Oct 13 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: Connection closed by 196.251.80.27 port 39014 [preauth]
Oct 13 13:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: User ftp from 134.175.247.110 not allowed because not listed in AllowUsers
Oct 13 13:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: input_userauth_request: invalid user ftp [preauth]
Oct 13 13:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.175.247.110  user=ftp
Oct 13 13:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Failed password for invalid user ftp from 134.175.247.110 port 34320 ssh2
Oct 13 13:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Received disconnect from 134.175.247.110 port 34320:11: Bye Bye [preauth]
Oct 13 13:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Disconnected from 134.175.247.110 port 34320 [preauth]
Oct 13 13:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9366]: pam_unix(cron:session): session closed for user root
Oct 13 13:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12592]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Invalid user test from 103.176.78.151
Oct 13 13:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: input_userauth_request: invalid user test [preauth]
Oct 13 13:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 13:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12968]: Invalid user git from 37.120.247.172
Oct 13 13:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12968]: input_userauth_request: invalid user git [preauth]
Oct 13 13:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12968]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Failed password for invalid user test from 103.176.78.151 port 56156 ssh2
Oct 13 13:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Received disconnect from 103.176.78.151 port 56156:11: Bye Bye [preauth]
Oct 13 13:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Disconnected from 103.176.78.151 port 56156 [preauth]
Oct 13 13:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12968]: Failed password for invalid user git from 37.120.247.172 port 56794 ssh2
Oct 13 13:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12968]: Received disconnect from 37.120.247.172 port 56794:11: Bye Bye [preauth]
Oct 13 13:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12968]: Disconnected from 37.120.247.172 port 56794 [preauth]
Oct 13 13:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: Invalid user test1 from 181.212.34.237
Oct 13 13:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: input_userauth_request: invalid user test1 [preauth]
Oct 13 13:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: Failed password for invalid user test1 from 181.212.34.237 port 55084 ssh2
Oct 13 13:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: Received disconnect from 181.212.34.237 port 55084:11: Bye Bye [preauth]
Oct 13 13:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: Disconnected from 181.212.34.237 port 55084 [preauth]
Oct 13 13:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: Invalid user pavel from 103.10.45.57
Oct 13 13:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: input_userauth_request: invalid user pavel [preauth]
Oct 13 13:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57
Oct 13 13:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11494]: pam_unix(cron:session): session closed for user root
Oct 13 13:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: Failed password for invalid user pavel from 103.10.45.57 port 43994 ssh2
Oct 13 13:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: Received disconnect from 103.10.45.57 port 43994:11: Bye Bye [preauth]
Oct 13 13:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: Disconnected from 103.10.45.57 port 43994 [preauth]
Oct 13 13:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13089]: Invalid user test1 from 196.251.80.27
Oct 13 13:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13089]: input_userauth_request: invalid user test1 [preauth]
Oct 13 13:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13089]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13089]: Failed password for invalid user test1 from 196.251.80.27 port 41848 ssh2
Oct 13 13:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13089]: Connection closed by 196.251.80.27 port 41848 [preauth]
Oct 13 13:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154  user=root
Oct 13 13:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: Failed password for root from 89.216.47.154 port 47096 ssh2
Oct 13 13:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: Received disconnect from 89.216.47.154 port 47096:11: Bye Bye [preauth]
Oct 13 13:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: Disconnected from 89.216.47.154 port 47096 [preauth]
Oct 13 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13125]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13127]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13126]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13128]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13125]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13193]: Successful su for rubyman by root
Oct 13 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13193]: + ??? root:rubyman
Oct 13 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405146 of user rubyman.
Oct 13 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13193]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405146.
Oct 13 13:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10035]: pam_unix(cron:session): session closed for user root
Oct 13 13:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: Invalid user botuser from 134.175.247.110
Oct 13 13:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: input_userauth_request: invalid user botuser [preauth]
Oct 13 13:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.175.247.110
Oct 13 13:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: Failed password for invalid user botuser from 134.175.247.110 port 54772 ssh2
Oct 13 13:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: Received disconnect from 134.175.247.110 port 54772:11: Bye Bye [preauth]
Oct 13 13:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: Disconnected from 134.175.247.110 port 54772 [preauth]
Oct 13 13:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 13:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: Failed password for root from 194.182.86.152 port 48296 ssh2
Oct 13 13:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13126]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13534]: Connection closed by 194.182.86.152 port 48296 [preauth]
Oct 13 13:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242  user=root
Oct 13 13:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: Failed password for root from 177.75.6.242 port 54990 ssh2
Oct 13 13:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: Received disconnect from 177.75.6.242 port 54990:11: Bye Bye [preauth]
Oct 13 13:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: Disconnected from 177.75.6.242 port 54990 [preauth]
Oct 13 13:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13619]: Invalid user test1 from 196.251.80.27
Oct 13 13:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13619]: input_userauth_request: invalid user test1 [preauth]
Oct 13 13:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13619]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13619]: Failed password for invalid user test1 from 196.251.80.27 port 44514 ssh2
Oct 13 13:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13619]: Connection closed by 196.251.80.27 port 44514 [preauth]
Oct 13 13:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: Invalid user git from 37.120.247.172
Oct 13 13:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: input_userauth_request: invalid user git [preauth]
Oct 13 13:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12070]: pam_unix(cron:session): session closed for user root
Oct 13 13:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: Failed password for invalid user git from 37.120.247.172 port 36572 ssh2
Oct 13 13:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: Received disconnect from 37.120.247.172 port 36572:11: Bye Bye [preauth]
Oct 13 13:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: Disconnected from 37.120.247.172 port 36572 [preauth]
Oct 13 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13714]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13713]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13710]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13805]: Successful su for rubyman by root
Oct 13 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13805]: + ??? root:rubyman
Oct 13 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405149 of user rubyman.
Oct 13 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13805]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405149.
Oct 13 13:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10539]: pam_unix(cron:session): session closed for user root
Oct 13 13:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: Invalid user frappe from 181.212.34.237
Oct 13 13:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: input_userauth_request: invalid user frappe [preauth]
Oct 13 13:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.10.45.57  user=root
Oct 13 13:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: Failed password for invalid user frappe from 181.212.34.237 port 4685 ssh2
Oct 13 13:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: Received disconnect from 181.212.34.237 port 4685:11: Bye Bye [preauth]
Oct 13 13:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: Disconnected from 181.212.34.237 port 4685 [preauth]
Oct 13 13:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: Failed password for root from 103.10.45.57 port 44458 ssh2
Oct 13 13:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: Received disconnect from 103.10.45.57 port 44458:11: Bye Bye [preauth]
Oct 13 13:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: Disconnected from 103.10.45.57 port 44458 [preauth]
Oct 13 13:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13711]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: Invalid user test1 from 196.251.80.27
Oct 13 13:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: input_userauth_request: invalid user test1 [preauth]
Oct 13 13:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: Failed password for invalid user test1 from 196.251.80.27 port 47008 ssh2
Oct 13 13:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14131]: Connection closed by 196.251.80.27 port 47008 [preauth]
Oct 13 13:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: Invalid user silas from 103.176.78.151
Oct 13 13:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: input_userauth_request: invalid user silas [preauth]
Oct 13 13:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 13:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14164]: Invalid user rftest from 89.216.47.154
Oct 13 13:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14164]: input_userauth_request: invalid user rftest [preauth]
Oct 13 13:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14164]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: Failed password for invalid user silas from 103.176.78.151 port 47184 ssh2
Oct 13 13:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: Received disconnect from 103.176.78.151 port 47184:11: Bye Bye [preauth]
Oct 13 13:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14161]: Disconnected from 103.176.78.151 port 47184 [preauth]
Oct 13 13:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14164]: Failed password for invalid user rftest from 89.216.47.154 port 36460 ssh2
Oct 13 13:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14164]: Received disconnect from 89.216.47.154 port 36460:11: Bye Bye [preauth]
Oct 13 13:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14164]: Disconnected from 89.216.47.154 port 36460 [preauth]
Oct 13 13:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12597]: pam_unix(cron:session): session closed for user root
Oct 13 13:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Invalid user oracle from 37.120.247.172
Oct 13 13:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: input_userauth_request: invalid user oracle [preauth]
Oct 13 13:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Failed password for invalid user oracle from 37.120.247.172 port 41648 ssh2
Oct 13 13:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Received disconnect from 37.120.247.172 port 41648:11: Bye Bye [preauth]
Oct 13 13:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Disconnected from 37.120.247.172 port 41648 [preauth]
Oct 13 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14287]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14288]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14281]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14283]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14455]: Successful su for rubyman by root
Oct 13 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14455]: + ??? root:rubyman
Oct 13 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405156 of user rubyman.
Oct 13 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14455]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405156.
Oct 13 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: Invalid user test1 from 196.251.80.27
Oct 13 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: input_userauth_request: invalid user test1 [preauth]
Oct 13 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14281]: pam_unix(cron:session): session closed for user root
Oct 13 13:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Invalid user test01 from 177.75.6.242
Oct 13 13:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: input_userauth_request: invalid user test01 [preauth]
Oct 13 13:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: Failed password for invalid user test1 from 196.251.80.27 port 49460 ssh2
Oct 13 13:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: Connection closed by 196.251.80.27 port 49460 [preauth]
Oct 13 13:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Failed password for invalid user test01 from 177.75.6.242 port 26143 ssh2
Oct 13 13:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Received disconnect from 177.75.6.242 port 26143:11: Bye Bye [preauth]
Oct 13 13:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Disconnected from 177.75.6.242 port 26143 [preauth]
Oct 13 13:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11023]: pam_unix(cron:session): session closed for user root
Oct 13 13:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14285]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13128]: pam_unix(cron:session): session closed for user root
Oct 13 13:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14802]: Invalid user test2 from 196.251.80.27
Oct 13 13:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14802]: input_userauth_request: invalid user test2 [preauth]
Oct 13 13:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: Invalid user bot from 181.212.34.237
Oct 13 13:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: input_userauth_request: invalid user bot [preauth]
Oct 13 13:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14802]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: Failed password for invalid user bot from 181.212.34.237 port 31868 ssh2
Oct 13 13:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: Received disconnect from 181.212.34.237 port 31868:11: Bye Bye [preauth]
Oct 13 13:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: Disconnected from 181.212.34.237 port 31868 [preauth]
Oct 13 13:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14802]: Failed password for invalid user test2 from 196.251.80.27 port 52002 ssh2
Oct 13 13:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14802]: Connection closed by 196.251.80.27 port 52002 [preauth]
Oct 13 13:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: Invalid user smkim from 89.216.47.154
Oct 13 13:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: input_userauth_request: invalid user smkim [preauth]
Oct 13 13:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: Failed password for invalid user smkim from 89.216.47.154 port 54053 ssh2
Oct 13 13:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: Received disconnect from 89.216.47.154 port 54053:11: Bye Bye [preauth]
Oct 13 13:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: Disconnected from 89.216.47.154 port 54053 [preauth]
Oct 13 13:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: Invalid user alvaro from 177.92.162.241
Oct 13 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: input_userauth_request: invalid user alvaro [preauth]
Oct 13 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14874]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14871]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14872]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14873]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14874]: pam_unix(cron:session): session closed for user root
Oct 13 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14869]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: Failed password for invalid user alvaro from 177.92.162.241 port 26531 ssh2
Oct 13 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: Received disconnect from 177.92.162.241 port 26531:11: Bye Bye [preauth]
Oct 13 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14856]: Disconnected from 177.92.162.241 port 26531 [preauth]
Oct 13 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14952]: Successful su for rubyman by root
Oct 13 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14952]: + ??? root:rubyman
Oct 13 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405162 of user rubyman.
Oct 13 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14952]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405162.
Oct 13 13:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14871]: pam_unix(cron:session): session closed for user root
Oct 13 13:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11493]: pam_unix(cron:session): session closed for user root
Oct 13 13:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Invalid user amir from 37.120.247.172
Oct 13 13:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: input_userauth_request: invalid user amir [preauth]
Oct 13 13:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Failed password for invalid user amir from 37.120.247.172 port 50012 ssh2
Oct 13 13:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Received disconnect from 37.120.247.172 port 50012:11: Bye Bye [preauth]
Oct 13 13:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Disconnected from 37.120.247.172 port 50012 [preauth]
Oct 13 13:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14870]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: Invalid user test2 from 196.251.80.27
Oct 13 13:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: input_userauth_request: invalid user test2 [preauth]
Oct 13 13:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: Failed password for invalid user test2 from 196.251.80.27 port 54510 ssh2
Oct 13 13:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: Connection closed by 196.251.80.27 port 54510 [preauth]
Oct 13 13:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: Invalid user pavel from 103.176.78.151
Oct 13 13:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: input_userauth_request: invalid user pavel [preauth]
Oct 13 13:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 13:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: Failed password for invalid user pavel from 103.176.78.151 port 56410 ssh2
Oct 13 13:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: Received disconnect from 103.176.78.151 port 56410:11: Bye Bye [preauth]
Oct 13 13:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: Disconnected from 103.176.78.151 port 56410 [preauth]
Oct 13 13:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13714]: pam_unix(cron:session): session closed for user root
Oct 13 13:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: Invalid user raju from 177.75.6.242
Oct 13 13:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: input_userauth_request: invalid user raju [preauth]
Oct 13 13:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15465]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15464]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15462]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15462]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: Failed password for invalid user raju from 177.75.6.242 port 58867 ssh2
Oct 13 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: Received disconnect from 177.75.6.242 port 58867:11: Bye Bye [preauth]
Oct 13 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: Disconnected from 177.75.6.242 port 58867 [preauth]
Oct 13 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15533]: Successful su for rubyman by root
Oct 13 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15533]: + ??? root:rubyman
Oct 13 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405166 of user rubyman.
Oct 13 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15533]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405166.
Oct 13 13:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12069]: pam_unix(cron:session): session closed for user root
Oct 13 13:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15749]: Invalid user test2 from 196.251.80.27
Oct 13 13:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15749]: input_userauth_request: invalid user test2 [preauth]
Oct 13 13:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15749]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: Invalid user savana from 2.57.121.112
Oct 13 13:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: input_userauth_request: invalid user savana [preauth]
Oct 13 13:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 13:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15463]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15749]: Failed password for invalid user test2 from 196.251.80.27 port 56508 ssh2
Oct 13 13:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15749]: Connection closed by 196.251.80.27 port 56508 [preauth]
Oct 13 13:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: Failed password for invalid user savana from 2.57.121.112 port 62945 ssh2
Oct 13 13:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: Failed password for invalid user savana from 2.57.121.112 port 62945 ssh2
Oct 13 13:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15796]: Invalid user abc from 181.212.34.237
Oct 13 13:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15796]: input_userauth_request: invalid user abc [preauth]
Oct 13 13:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15796]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: Failed password for invalid user savana from 2.57.121.112 port 62945 ssh2
Oct 13 13:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15796]: Failed password for invalid user abc from 181.212.34.237 port 15287 ssh2
Oct 13 13:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154  user=root
Oct 13 13:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15796]: Received disconnect from 181.212.34.237 port 15287:11: Bye Bye [preauth]
Oct 13 13:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15796]: Disconnected from 181.212.34.237 port 15287 [preauth]
Oct 13 13:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: Failed password for root from 89.216.47.154 port 43415 ssh2
Oct 13 13:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: Failed password for invalid user savana from 2.57.121.112 port 62945 ssh2
Oct 13 13:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: Received disconnect from 89.216.47.154 port 43415:11: Bye Bye [preauth]
Oct 13 13:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: Disconnected from 89.216.47.154 port 43415 [preauth]
Oct 13 13:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: Failed password for invalid user savana from 2.57.121.112 port 62945 ssh2
Oct 13 13:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 13:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: Received disconnect from 2.57.121.112 port 62945:11: Bye [preauth]
Oct 13 13:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: Disconnected from 2.57.121.112 port 62945 [preauth]
Oct 13 13:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 13:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 13:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15810]: Failed password for root from 194.182.86.152 port 60484 ssh2
Oct 13 13:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15810]: Connection closed by 194.182.86.152 port 60484 [preauth]
Oct 13 13:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: Invalid user system from 37.120.247.172
Oct 13 13:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: input_userauth_request: invalid user system [preauth]
Oct 13 13:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: Failed password for invalid user system from 37.120.247.172 port 43744 ssh2
Oct 13 13:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: Received disconnect from 37.120.247.172 port 43744:11: Bye Bye [preauth]
Oct 13 13:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: Disconnected from 37.120.247.172 port 43744 [preauth]
Oct 13 13:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14288]: pam_unix(cron:session): session closed for user root
Oct 13 13:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: Invalid user test2 from 196.251.80.27
Oct 13 13:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: input_userauth_request: invalid user test2 [preauth]
Oct 13 13:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15933]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15934]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15931]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: Failed password for invalid user test2 from 196.251.80.27 port 59442 ssh2
Oct 13 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: Connection closed by 196.251.80.27 port 59442 [preauth]
Oct 13 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16011]: Successful su for rubyman by root
Oct 13 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16011]: + ??? root:rubyman
Oct 13 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405170 of user rubyman.
Oct 13 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16011]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405170.
Oct 13 13:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12595]: pam_unix(cron:session): session closed for user root
Oct 13 13:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15932]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 13:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: Failed password for root from 194.182.86.152 port 56414 ssh2
Oct 13 13:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: Connection closed by 194.182.86.152 port 56414 [preauth]
Oct 13 13:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14873]: pam_unix(cron:session): session closed for user root
Oct 13 13:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: Invalid user test2 from 196.251.80.27
Oct 13 13:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: input_userauth_request: invalid user test2 [preauth]
Oct 13 13:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151  user=root
Oct 13 13:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: Failed password for invalid user test2 from 196.251.80.27 port 33440 ssh2
Oct 13 13:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16345]: Failed password for root from 103.176.78.151 port 54314 ssh2
Oct 13 13:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: Connection closed by 196.251.80.27 port 33440 [preauth]
Oct 13 13:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16345]: Received disconnect from 103.176.78.151 port 54314:11: Bye Bye [preauth]
Oct 13 13:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16345]: Disconnected from 103.176.78.151 port 54314 [preauth]
Oct 13 13:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16386]: Invalid user test01 from 37.120.247.172
Oct 13 13:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16386]: input_userauth_request: invalid user test01 [preauth]
Oct 13 13:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16386]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.172
Oct 13 13:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16386]: Failed password for invalid user test01 from 37.120.247.172 port 58984 ssh2
Oct 13 13:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16386]: Received disconnect from 37.120.247.172 port 58984:11: Bye Bye [preauth]
Oct 13 13:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16386]: Disconnected from 37.120.247.172 port 58984 [preauth]
Oct 13 13:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: Invalid user useradmin from 89.216.47.154
Oct 13 13:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: input_userauth_request: invalid user useradmin [preauth]
Oct 13 13:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: Invalid user ahmed from 181.212.34.237
Oct 13 13:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: input_userauth_request: invalid user ahmed [preauth]
Oct 13 13:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16406]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16407]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16403]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: Failed password for invalid user useradmin from 89.216.47.154 port 32781 ssh2
Oct 13 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: Received disconnect from 89.216.47.154 port 32781:11: Bye Bye [preauth]
Oct 13 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: Disconnected from 89.216.47.154 port 32781 [preauth]
Oct 13 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: Failed password for invalid user ahmed from 181.212.34.237 port 4771 ssh2
Oct 13 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: Received disconnect from 181.212.34.237 port 4771:11: Bye Bye [preauth]
Oct 13 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: Disconnected from 181.212.34.237 port 4771 [preauth]
Oct 13 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16481]: Successful su for rubyman by root
Oct 13 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16481]: + ??? root:rubyman
Oct 13 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405175 of user rubyman.
Oct 13 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16481]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405175.
Oct 13 13:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 13:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16522]: Failed password for root from 194.182.86.152 port 37482 ssh2
Oct 13 13:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16522]: Connection closed by 194.182.86.152 port 37482 [preauth]
Oct 13 13:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Invalid user wahyu from 177.75.6.242
Oct 13 13:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: input_userauth_request: invalid user wahyu [preauth]
Oct 13 13:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13127]: pam_unix(cron:session): session closed for user root
Oct 13 13:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Failed password for invalid user wahyu from 177.75.6.242 port 48098 ssh2
Oct 13 13:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Received disconnect from 177.75.6.242 port 48098:11: Bye Bye [preauth]
Oct 13 13:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Disconnected from 177.75.6.242 port 48098 [preauth]
Oct 13 13:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16404]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: Invalid user test2 from 196.251.80.27
Oct 13 13:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: input_userauth_request: invalid user test2 [preauth]
Oct 13 13:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: Failed password for invalid user test2 from 196.251.80.27 port 35622 ssh2
Oct 13 13:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: Connection closed by 196.251.80.27 port 35622 [preauth]
Oct 13 13:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16787]: Bad protocol version identification '\026\003\001' from 93.123.109.214 port 54866
Oct 13 13:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16788]: Bad protocol version identification 'GET / HTTP/1.1' from 93.123.109.214 port 54874
Oct 13 13:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15465]: pam_unix(cron:session): session closed for user root
Oct 13 13:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16858]: Did not receive identification string from 80.211.129.128
Oct 13 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16881]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16882]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16880]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16879]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16879]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16945]: Successful su for rubyman by root
Oct 13 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16945]: + ??? root:rubyman
Oct 13 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405176 of user rubyman.
Oct 13 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16945]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405176.
Oct 13 13:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13713]: pam_unix(cron:session): session closed for user root
Oct 13 13:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: Invalid user admin from 2.57.121.25
Oct 13 13:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: input_userauth_request: invalid user admin [preauth]
Oct 13 13:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 13:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: Invalid user test2 from 196.251.80.27
Oct 13 13:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: input_userauth_request: invalid user test2 [preauth]
Oct 13 13:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: Failed password for invalid user admin from 2.57.121.25 port 48703 ssh2
Oct 13 13:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: Failed password for invalid user test2 from 196.251.80.27 port 38026 ssh2
Oct 13 13:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17146]: Connection closed by 196.251.80.27 port 38026 [preauth]
Oct 13 13:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: Failed password for invalid user admin from 2.57.121.25 port 48703 ssh2
Oct 13 13:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: Failed password for invalid user admin from 2.57.121.25 port 48703 ssh2
Oct 13 13:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16880]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: Failed password for invalid user admin from 2.57.121.25 port 48703 ssh2
Oct 13 13:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: Failed password for invalid user admin from 2.57.121.25 port 48703 ssh2
Oct 13 13:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: Received disconnect from 2.57.121.25 port 48703:11: Bye [preauth]
Oct 13 13:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: Disconnected from 2.57.121.25 port 48703 [preauth]
Oct 13 13:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 13:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 13:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154  user=root
Oct 13 13:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15934]: pam_unix(cron:session): session closed for user root
Oct 13 13:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17271]: Failed password for root from 89.216.47.154 port 50377 ssh2
Oct 13 13:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17271]: Received disconnect from 89.216.47.154 port 50377:11: Bye Bye [preauth]
Oct 13 13:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17271]: Disconnected from 89.216.47.154 port 50377 [preauth]
Oct 13 13:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: User john from 181.212.34.237 not allowed because not listed in AllowUsers
Oct 13 13:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: input_userauth_request: invalid user john [preauth]
Oct 13 13:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237  user=john
Oct 13 13:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: Failed password for invalid user john from 181.212.34.237 port 48829 ssh2
Oct 13 13:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: Received disconnect from 181.212.34.237 port 48829:11: Bye Bye [preauth]
Oct 13 13:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: Disconnected from 181.212.34.237 port 48829 [preauth]
Oct 13 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: Invalid user test2 from 196.251.80.27
Oct 13 13:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: input_userauth_request: invalid user test2 [preauth]
Oct 13 13:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: Failed password for invalid user test2 from 196.251.80.27 port 40130 ssh2
Oct 13 13:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Invalid user egarcia from 103.176.78.151
Oct 13 13:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: input_userauth_request: invalid user egarcia [preauth]
Oct 13 13:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 13:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: Connection closed by 196.251.80.27 port 40130 [preauth]
Oct 13 13:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Failed password for invalid user egarcia from 103.176.78.151 port 33796 ssh2
Oct 13 13:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Received disconnect from 103.176.78.151 port 33796:11: Bye Bye [preauth]
Oct 13 13:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Disconnected from 103.176.78.151 port 33796 [preauth]
Oct 13 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17357]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17355]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17354]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17356]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17357]: pam_unix(cron:session): session closed for user root
Oct 13 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17352]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17434]: Successful su for rubyman by root
Oct 13 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17434]: + ??? root:rubyman
Oct 13 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405180 of user rubyman.
Oct 13 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17434]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405180.
Oct 13 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: Invalid user  from 62.60.131.157
Oct 13 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: input_userauth_request: invalid user  [preauth]
Oct 13 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: Failed none for invalid user  from 62.60.131.157 port 62915 ssh2
Oct 13 13:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: Received disconnect from 62.60.131.157 port 62915:11: Bye [preauth]
Oct 13 13:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: Disconnected from 62.60.131.157 port 62915 [preauth]
Oct 13 13:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17354]: pam_unix(cron:session): session closed for user root
Oct 13 13:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14287]: pam_unix(cron:session): session closed for user root
Oct 13 13:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17353]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16407]: pam_unix(cron:session): session closed for user root
Oct 13 13:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17861]: Invalid user test2 from 196.251.80.27
Oct 13 13:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17861]: input_userauth_request: invalid user test2 [preauth]
Oct 13 13:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17861]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17861]: Failed password for invalid user test2 from 196.251.80.27 port 42450 ssh2
Oct 13 13:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17861]: Connection closed by 196.251.80.27 port 42450 [preauth]
Oct 13 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17936]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17935]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17933]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18022]: Successful su for rubyman by root
Oct 13 13:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18022]: + ??? root:rubyman
Oct 13 13:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405187 of user rubyman.
Oct 13 13:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18022]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405187.
Oct 13 13:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: Invalid user christelle from 89.216.47.154
Oct 13 13:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: input_userauth_request: invalid user christelle [preauth]
Oct 13 13:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14872]: pam_unix(cron:session): session closed for user root
Oct 13 13:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: Failed password for invalid user christelle from 89.216.47.154 port 39741 ssh2
Oct 13 13:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: Received disconnect from 89.216.47.154 port 39741:11: Bye Bye [preauth]
Oct 13 13:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: Disconnected from 89.216.47.154 port 39741 [preauth]
Oct 13 13:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18461]: User ftp from 181.212.34.237 not allowed because not listed in AllowUsers
Oct 13 13:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18461]: input_userauth_request: invalid user ftp [preauth]
Oct 13 13:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237  user=ftp
Oct 13 13:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17934]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18461]: Failed password for invalid user ftp from 181.212.34.237 port 9775 ssh2
Oct 13 13:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18461]: Received disconnect from 181.212.34.237 port 9775:11: Bye Bye [preauth]
Oct 13 13:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18461]: Disconnected from 181.212.34.237 port 9775 [preauth]
Oct 13 13:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: Invalid user test2 from 196.251.80.27
Oct 13 13:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: input_userauth_request: invalid user test2 [preauth]
Oct 13 13:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: Failed password for invalid user test2 from 196.251.80.27 port 44460 ssh2
Oct 13 13:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18512]: Connection closed by 196.251.80.27 port 44460 [preauth]
Oct 13 13:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16882]: pam_unix(cron:session): session closed for user root
Oct 13 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18656]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18657]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18654]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151  user=root
Oct 13 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18729]: Successful su for rubyman by root
Oct 13 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18729]: + ??? root:rubyman
Oct 13 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405191 of user rubyman.
Oct 13 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18729]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405191.
Oct 13 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18649]: Failed password for root from 103.176.78.151 port 54258 ssh2
Oct 13 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18649]: Received disconnect from 103.176.78.151 port 54258:11: Bye Bye [preauth]
Oct 13 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18649]: Disconnected from 103.176.78.151 port 54258 [preauth]
Oct 13 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18850]: Invalid user test2 from 196.251.80.27
Oct 13 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18850]: input_userauth_request: invalid user test2 [preauth]
Oct 13 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18850]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15464]: pam_unix(cron:session): session closed for user root
Oct 13 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18850]: Failed password for invalid user test2 from 196.251.80.27 port 46318 ssh2
Oct 13 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18850]: Connection closed by 196.251.80.27 port 46318 [preauth]
Oct 13 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242  user=root
Oct 13 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18930]: Failed password for root from 177.75.6.242 port 17701 ssh2
Oct 13 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18930]: Received disconnect from 177.75.6.242 port 17701:11: Bye Bye [preauth]
Oct 13 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18930]: Disconnected from 177.75.6.242 port 17701 [preauth]
Oct 13 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18655]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Invalid user user1 from 177.92.162.241
Oct 13 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: input_userauth_request: invalid user user1 [preauth]
Oct 13 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Failed password for invalid user user1 from 177.92.162.241 port 56658 ssh2
Oct 13 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Received disconnect from 177.92.162.241 port 56658:11: Bye Bye [preauth]
Oct 13 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Disconnected from 177.92.162.241 port 56658 [preauth]
Oct 13 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19156]: Invalid user elaine from 89.216.47.154
Oct 13 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19156]: input_userauth_request: invalid user elaine [preauth]
Oct 13 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19156]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19156]: Failed password for invalid user elaine from 89.216.47.154 port 57335 ssh2
Oct 13 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19156]: Received disconnect from 89.216.47.154 port 57335:11: Bye Bye [preauth]
Oct 13 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19156]: Disconnected from 89.216.47.154 port 57335 [preauth]
Oct 13 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17356]: pam_unix(cron:session): session closed for user root
Oct 13 13:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Invalid user ubuntu from 181.212.34.237
Oct 13 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: Invalid user test3 from 196.251.80.27
Oct 13 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: input_userauth_request: invalid user test3 [preauth]
Oct 13 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Failed password for invalid user ubuntu from 181.212.34.237 port 31447 ssh2
Oct 13 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Received disconnect from 181.212.34.237 port 31447:11: Bye Bye [preauth]
Oct 13 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Disconnected from 181.212.34.237 port 31447 [preauth]
Oct 13 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: Failed password for root from 194.182.86.152 port 56382 ssh2
Oct 13 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: Connection closed by 194.182.86.152 port 56382 [preauth]
Oct 13 13:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: Failed password for invalid user test3 from 196.251.80.27 port 48418 ssh2
Oct 13 13:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: Connection closed by 196.251.80.27 port 48418 [preauth]
Oct 13 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19298]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19297]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19290]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19452]: Successful su for rubyman by root
Oct 13 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19452]: + ??? root:rubyman
Oct 13 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405195 of user rubyman.
Oct 13 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19452]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405195.
Oct 13 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15933]: pam_unix(cron:session): session closed for user root
Oct 13 13:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19292]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: Invalid user test3 from 196.251.80.27
Oct 13 13:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: input_userauth_request: invalid user test3 [preauth]
Oct 13 13:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17936]: pam_unix(cron:session): session closed for user root
Oct 13 13:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: Failed password for invalid user test3 from 196.251.80.27 port 50686 ssh2
Oct 13 13:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: Connection closed by 196.251.80.27 port 50686 [preauth]
Oct 13 13:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242  user=root
Oct 13 13:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20074]: Failed password for root from 177.75.6.242 port 11341 ssh2
Oct 13 13:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20074]: Received disconnect from 177.75.6.242 port 11341:11: Bye Bye [preauth]
Oct 13 13:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20074]: Disconnected from 177.75.6.242 port 11341 [preauth]
Oct 13 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20105]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20104]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20102]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20180]: Successful su for rubyman by root
Oct 13 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20180]: + ??? root:rubyman
Oct 13 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405198 of user rubyman.
Oct 13 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20180]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405198.
Oct 13 13:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: Invalid user vbox from 89.216.47.154
Oct 13 13:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: input_userauth_request: invalid user vbox [preauth]
Oct 13 13:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20311]: Invalid user cuckoo from 103.176.78.151
Oct 13 13:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20311]: input_userauth_request: invalid user cuckoo [preauth]
Oct 13 13:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20311]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 13:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: Failed password for invalid user vbox from 89.216.47.154 port 46700 ssh2
Oct 13 13:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: Received disconnect from 89.216.47.154 port 46700:11: Bye Bye [preauth]
Oct 13 13:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20307]: Disconnected from 89.216.47.154 port 46700 [preauth]
Oct 13 13:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16406]: pam_unix(cron:session): session closed for user root
Oct 13 13:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20311]: Failed password for invalid user cuckoo from 103.176.78.151 port 58608 ssh2
Oct 13 13:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20311]: Received disconnect from 103.176.78.151 port 58608:11: Bye Bye [preauth]
Oct 13 13:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20311]: Disconnected from 103.176.78.151 port 58608 [preauth]
Oct 13 13:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20103]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20463]: Invalid user test3 from 196.251.80.27
Oct 13 13:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20463]: input_userauth_request: invalid user test3 [preauth]
Oct 13 13:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20463]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20463]: Failed password for invalid user test3 from 196.251.80.27 port 52838 ssh2
Oct 13 13:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20463]: Connection closed by 196.251.80.27 port 52838 [preauth]
Oct 13 13:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Invalid user weblogic from 181.212.34.237
Oct 13 13:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: input_userauth_request: invalid user weblogic [preauth]
Oct 13 13:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Failed password for invalid user weblogic from 181.212.34.237 port 56438 ssh2
Oct 13 13:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Received disconnect from 181.212.34.237 port 56438:11: Bye Bye [preauth]
Oct 13 13:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Disconnected from 181.212.34.237 port 56438 [preauth]
Oct 13 13:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18657]: pam_unix(cron:session): session closed for user root
Oct 13 13:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: Invalid user user from 62.60.131.157
Oct 13 13:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: input_userauth_request: invalid user user [preauth]
Oct 13 13:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 13:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: Failed password for invalid user user from 62.60.131.157 port 52427 ssh2
Oct 13 13:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: Failed password for invalid user user from 62.60.131.157 port 52427 ssh2
Oct 13 13:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: Failed password for invalid user user from 62.60.131.157 port 52427 ssh2
Oct 13 13:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: Failed password for invalid user user from 62.60.131.157 port 52427 ssh2
Oct 13 13:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: Failed password for invalid user user from 62.60.131.157 port 52427 ssh2
Oct 13 13:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: Received disconnect from 62.60.131.157 port 52427:11: Bye [preauth]
Oct 13 13:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: Disconnected from 62.60.131.157 port 52427 [preauth]
Oct 13 13:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 13:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20562]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20605]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20609]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20608]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20603]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20609]: pam_unix(cron:session): session closed for user root
Oct 13 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20601]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20695]: Successful su for rubyman by root
Oct 13 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20695]: + ??? root:rubyman
Oct 13 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20695]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405204 of user rubyman.
Oct 13 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20695]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405204.
Oct 13 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20738]: Invalid user test3 from 196.251.80.27
Oct 13 13:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20738]: input_userauth_request: invalid user test3 [preauth]
Oct 13 13:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20738]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20738]: Failed password for invalid user test3 from 196.251.80.27 port 54524 ssh2
Oct 13 13:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20738]: Connection closed by 196.251.80.27 port 54524 [preauth]
Oct 13 13:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20603]: pam_unix(cron:session): session closed for user root
Oct 13 13:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16881]: pam_unix(cron:session): session closed for user root
Oct 13 13:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20602]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242  user=root
Oct 13 13:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: Failed password for root from 177.75.6.242 port 64651 ssh2
Oct 13 13:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: Received disconnect from 177.75.6.242 port 64651:11: Bye Bye [preauth]
Oct 13 13:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: Disconnected from 177.75.6.242 port 64651 [preauth]
Oct 13 13:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19298]: pam_unix(cron:session): session closed for user root
Oct 13 13:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21050]: Invalid user krodriguez from 89.216.47.154
Oct 13 13:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21050]: input_userauth_request: invalid user krodriguez [preauth]
Oct 13 13:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21050]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.216.47.154
Oct 13 13:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21050]: Failed password for invalid user krodriguez from 89.216.47.154 port 36063 ssh2
Oct 13 13:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21050]: Received disconnect from 89.216.47.154 port 36063:11: Bye Bye [preauth]
Oct 13 13:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21050]: Disconnected from 89.216.47.154 port 36063 [preauth]
Oct 13 13:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21092]: Invalid user test3 from 196.251.80.27
Oct 13 13:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21092]: input_userauth_request: invalid user test3 [preauth]
Oct 13 13:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21092]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21092]: Failed password for invalid user test3 from 196.251.80.27 port 56600 ssh2
Oct 13 13:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21092]: Connection closed by 196.251.80.27 port 56600 [preauth]
Oct 13 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21115]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21113]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21114]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21111]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21191]: Successful su for rubyman by root
Oct 13 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21191]: + ??? root:rubyman
Oct 13 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405209 of user rubyman.
Oct 13 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21191]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405209.
Oct 13 13:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17355]: pam_unix(cron:session): session closed for user root
Oct 13 13:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237  user=root
Oct 13 13:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: Failed password for root from 181.212.34.237 port 56280 ssh2
Oct 13 13:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: Received disconnect from 181.212.34.237 port 56280:11: Bye Bye [preauth]
Oct 13 13:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: Disconnected from 181.212.34.237 port 56280 [preauth]
Oct 13 13:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21113]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: Invalid user will from 103.176.78.151
Oct 13 13:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: input_userauth_request: invalid user will [preauth]
Oct 13 13:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 13:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: Failed password for invalid user will from 103.176.78.151 port 50570 ssh2
Oct 13 13:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: Received disconnect from 103.176.78.151 port 50570:11: Bye Bye [preauth]
Oct 13 13:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: Disconnected from 103.176.78.151 port 50570 [preauth]
Oct 13 13:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: Invalid user test3 from 196.251.80.27
Oct 13 13:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: input_userauth_request: invalid user test3 [preauth]
Oct 13 13:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: Failed password for invalid user test3 from 196.251.80.27 port 58048 ssh2
Oct 13 13:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: Connection closed by 196.251.80.27 port 58048 [preauth]
Oct 13 13:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20105]: pam_unix(cron:session): session closed for user root
Oct 13 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21644]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21642]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21640]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21717]: Successful su for rubyman by root
Oct 13 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21717]: + ??? root:rubyman
Oct 13 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405212 of user rubyman.
Oct 13 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21717]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405212.
Oct 13 13:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17935]: pam_unix(cron:session): session closed for user root
Oct 13 13:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242  user=root
Oct 13 13:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21927]: Failed password for root from 177.75.6.242 port 19609 ssh2
Oct 13 13:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21927]: Received disconnect from 177.75.6.242 port 19609:11: Bye Bye [preauth]
Oct 13 13:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21927]: Disconnected from 177.75.6.242 port 19609 [preauth]
Oct 13 13:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21641]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: Invalid user test3 from 196.251.80.27
Oct 13 13:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: input_userauth_request: invalid user test3 [preauth]
Oct 13 13:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: Failed password for invalid user test3 from 196.251.80.27 port 59844 ssh2
Oct 13 13:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: Connection closed by 196.251.80.27 port 59844 [preauth]
Oct 13 13:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22036]: Did not receive identification string from 177.92.162.241
Oct 13 13:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20608]: pam_unix(cron:session): session closed for user root
Oct 13 13:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: Invalid user web from 181.212.34.237
Oct 13 13:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: input_userauth_request: invalid user web [preauth]
Oct 13 13:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: Failed password for invalid user web from 181.212.34.237 port 18177 ssh2
Oct 13 13:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: Received disconnect from 181.212.34.237 port 18177:11: Bye Bye [preauth]
Oct 13 13:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: Disconnected from 181.212.34.237 port 18177 [preauth]
Oct 13 13:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22120]: Invalid user test3 from 196.251.80.27
Oct 13 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22120]: input_userauth_request: invalid user test3 [preauth]
Oct 13 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22134]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22129]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22125]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22125]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22120]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22237]: Successful su for rubyman by root
Oct 13 13:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22237]: + ??? root:rubyman
Oct 13 13:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405217 of user rubyman.
Oct 13 13:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22237]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405217.
Oct 13 13:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22120]: Failed password for invalid user test3 from 196.251.80.27 port 33384 ssh2
Oct 13 13:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22120]: Connection closed by 196.251.80.27 port 33384 [preauth]
Oct 13 13:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18656]: pam_unix(cron:session): session closed for user root
Oct 13 13:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22128]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: Invalid user njs from 103.176.78.151
Oct 13 13:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: input_userauth_request: invalid user njs [preauth]
Oct 13 13:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 13:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: Failed password for invalid user njs from 103.176.78.151 port 59550 ssh2
Oct 13 13:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: Received disconnect from 103.176.78.151 port 59550:11: Bye Bye [preauth]
Oct 13 13:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: Disconnected from 103.176.78.151 port 59550 [preauth]
Oct 13 13:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21115]: pam_unix(cron:session): session closed for user root
Oct 13 13:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 13:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22566]: Failed password for root from 194.182.86.152 port 49378 ssh2
Oct 13 13:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22572]: Invalid user test3 from 196.251.80.27
Oct 13 13:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22572]: input_userauth_request: invalid user test3 [preauth]
Oct 13 13:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22566]: Connection closed by 194.182.86.152 port 49378 [preauth]
Oct 13 13:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22572]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22572]: Failed password for invalid user test3 from 196.251.80.27 port 35020 ssh2
Oct 13 13:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22572]: Connection closed by 196.251.80.27 port 35020 [preauth]
Oct 13 13:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: Invalid user lisa from 177.75.6.242
Oct 13 13:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: input_userauth_request: invalid user lisa [preauth]
Oct 13 13:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: Failed password for invalid user lisa from 177.75.6.242 port 39176 ssh2
Oct 13 13:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: Received disconnect from 177.75.6.242 port 39176:11: Bye Bye [preauth]
Oct 13 13:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: Disconnected from 177.75.6.242 port 39176 [preauth]
Oct 13 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22620]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22621]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22617]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22902]: Successful su for rubyman by root
Oct 13 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22902]: + ??? root:rubyman
Oct 13 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405223 of user rubyman.
Oct 13 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22902]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405223.
Oct 13 13:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19297]: pam_unix(cron:session): session closed for user root
Oct 13 13:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22619]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23350]: Invalid user test3 from 196.251.80.27
Oct 13 13:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23350]: input_userauth_request: invalid user test3 [preauth]
Oct 13 13:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23350]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23350]: Failed password for invalid user test3 from 196.251.80.27 port 36792 ssh2
Oct 13 13:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23350]: Connection closed by 196.251.80.27 port 36792 [preauth]
Oct 13 13:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: Invalid user app from 181.212.34.237
Oct 13 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: input_userauth_request: invalid user app [preauth]
Oct 13 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.212.34.237
Oct 13 13:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: Failed password for invalid user app from 181.212.34.237 port 37052 ssh2
Oct 13 13:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: Received disconnect from 181.212.34.237 port 37052:11: Bye Bye [preauth]
Oct 13 13:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23496]: Disconnected from 181.212.34.237 port 37052 [preauth]
Oct 13 13:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21644]: pam_unix(cron:session): session closed for user root
Oct 13 13:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23788]: Did not receive identification string from 80.211.129.128
Oct 13 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23807]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23811]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23805]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23806]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23811]: pam_unix(cron:session): session closed for user root
Oct 13 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23803]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23889]: Successful su for rubyman by root
Oct 13 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23889]: + ??? root:rubyman
Oct 13 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405224 of user rubyman.
Oct 13 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23889]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405224.
Oct 13 13:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23805]: pam_unix(cron:session): session closed for user root
Oct 13 13:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20104]: pam_unix(cron:session): session closed for user root
Oct 13 13:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24140]: Invalid user test3 from 196.251.80.27
Oct 13 13:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24140]: input_userauth_request: invalid user test3 [preauth]
Oct 13 13:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24140]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24140]: Failed password for invalid user test3 from 196.251.80.27 port 38712 ssh2
Oct 13 13:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24140]: Connection closed by 196.251.80.27 port 38712 [preauth]
Oct 13 13:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23804]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 13:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: Failed password for root from 194.182.86.152 port 36624 ssh2
Oct 13 13:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: Connection closed by 194.182.86.152 port 36624 [preauth]
Oct 13 13:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24237]: Invalid user spark from 177.75.6.242
Oct 13 13:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24237]: input_userauth_request: invalid user spark [preauth]
Oct 13 13:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24237]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24237]: Failed password for invalid user spark from 177.75.6.242 port 12488 ssh2
Oct 13 13:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24237]: Received disconnect from 177.75.6.242 port 12488:11: Bye Bye [preauth]
Oct 13 13:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24237]: Disconnected from 177.75.6.242 port 12488 [preauth]
Oct 13 13:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22134]: pam_unix(cron:session): session closed for user root
Oct 13 13:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24302]: Invalid user daniel from 103.176.78.151
Oct 13 13:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24302]: input_userauth_request: invalid user daniel [preauth]
Oct 13 13:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24302]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151
Oct 13 13:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24302]: Failed password for invalid user daniel from 103.176.78.151 port 46736 ssh2
Oct 13 13:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24302]: Received disconnect from 103.176.78.151 port 46736:11: Bye Bye [preauth]
Oct 13 13:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24302]: Disconnected from 103.176.78.151 port 46736 [preauth]
Oct 13 13:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: Invalid user test4 from 196.251.80.27
Oct 13 13:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: input_userauth_request: invalid user test4 [preauth]
Oct 13 13:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: Failed password for invalid user test4 from 196.251.80.27 port 40422 ssh2
Oct 13 13:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: Connection closed by 196.251.80.27 port 40422 [preauth]
Oct 13 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24385]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24384]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24382]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24383]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24382]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24470]: Successful su for rubyman by root
Oct 13 13:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24470]: + ??? root:rubyman
Oct 13 13:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405230 of user rubyman.
Oct 13 13:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24470]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405230.
Oct 13 13:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20605]: pam_unix(cron:session): session closed for user root
Oct 13 13:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24383]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22621]: pam_unix(cron:session): session closed for user root
Oct 13 13:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: Invalid user test4 from 196.251.80.27
Oct 13 13:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: input_userauth_request: invalid user test4 [preauth]
Oct 13 13:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: Failed password for invalid user test4 from 196.251.80.27 port 42052 ssh2
Oct 13 13:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: Connection closed by 196.251.80.27 port 42052 [preauth]
Oct 13 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24878]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24879]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24875]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24875]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24943]: Successful su for rubyman by root
Oct 13 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24943]: + ??? root:rubyman
Oct 13 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405235 of user rubyman.
Oct 13 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24943]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405235.
Oct 13 13:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242  user=root
Oct 13 13:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21114]: pam_unix(cron:session): session closed for user root
Oct 13 13:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: Failed password for root from 177.75.6.242 port 60793 ssh2
Oct 13 13:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: Received disconnect from 177.75.6.242 port 60793:11: Bye Bye [preauth]
Oct 13 13:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25060]: Disconnected from 177.75.6.242 port 60793 [preauth]
Oct 13 13:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: Invalid user ram from 177.92.162.241
Oct 13 13:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: input_userauth_request: invalid user ram [preauth]
Oct 13 13:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 13:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: Failed password for invalid user ram from 177.92.162.241 port 53140 ssh2
Oct 13 13:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: Received disconnect from 177.92.162.241 port 53140:11: Bye Bye [preauth]
Oct 13 13:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: Disconnected from 177.92.162.241 port 53140 [preauth]
Oct 13 13:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24877]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: Invalid user test4 from 196.251.80.27
Oct 13 13:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: input_userauth_request: invalid user test4 [preauth]
Oct 13 13:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: Failed password for invalid user test4 from 196.251.80.27 port 43574 ssh2
Oct 13 13:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: Connection closed by 196.251.80.27 port 43574 [preauth]
Oct 13 13:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23807]: pam_unix(cron:session): session closed for user root
Oct 13 13:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151  user=root
Oct 13 13:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25588]: Failed password for root from 103.176.78.151 port 40680 ssh2
Oct 13 13:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25588]: Received disconnect from 103.176.78.151 port 40680:11: Bye Bye [preauth]
Oct 13 13:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25588]: Disconnected from 103.176.78.151 port 40680 [preauth]
Oct 13 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25610]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25608]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25675]: Successful su for rubyman by root
Oct 13 13:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25675]: + ??? root:rubyman
Oct 13 13:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405238 of user rubyman.
Oct 13 13:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25675]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405238.
Oct 13 13:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: Invalid user test4 from 196.251.80.27
Oct 13 13:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: input_userauth_request: invalid user test4 [preauth]
Oct 13 13:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21642]: pam_unix(cron:session): session closed for user root
Oct 13 13:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: Failed password for invalid user test4 from 196.251.80.27 port 45518 ssh2
Oct 13 13:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25770]: Connection closed by 196.251.80.27 port 45518 [preauth]
Oct 13 13:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25609]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 13:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26087]: Failed password for root from 194.182.86.152 port 54784 ssh2
Oct 13 13:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26087]: Connection closed by 194.182.86.152 port 54784 [preauth]
Oct 13 13:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24385]: pam_unix(cron:session): session closed for user root
Oct 13 13:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: Invalid user reinaldo from 177.75.6.242
Oct 13 13:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: input_userauth_request: invalid user reinaldo [preauth]
Oct 13 13:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 13:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: Failed password for invalid user reinaldo from 177.75.6.242 port 1643 ssh2
Oct 13 13:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: Received disconnect from 177.75.6.242 port 1643:11: Bye Bye [preauth]
Oct 13 13:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: Disconnected from 177.75.6.242 port 1643 [preauth]
Oct 13 13:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26169]: Invalid user test4 from 196.251.80.27
Oct 13 13:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26169]: input_userauth_request: invalid user test4 [preauth]
Oct 13 13:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26169]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26169]: Failed password for invalid user test4 from 196.251.80.27 port 47236 ssh2
Oct 13 13:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26169]: Connection closed by 196.251.80.27 port 47236 [preauth]
Oct 13 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26190]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26189]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26186]: pam_unix(cron:session): session closed for user p13x
Oct 13 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26274]: Successful su for rubyman by root
Oct 13 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26274]: + ??? root:rubyman
Oct 13 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405243 of user rubyman.
Oct 13 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26274]: pam_unix(su:session): session closed for user rubyman
Oct 13 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405243.
Oct 13 13:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22129]: pam_unix(cron:session): session closed for user root
Oct 13 13:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26187]: pam_unix(cron:session): session closed for user samftp
Oct 13 13:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 13:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26658]: Invalid user test4 from 196.251.80.27
Oct 13 13:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26658]: input_userauth_request: invalid user test4 [preauth]
Oct 13 13:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26658]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 13:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.80.27
Oct 13 13:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26658]: Failed password for invalid user test4 from 196.251.80.27 port 48208 ssh2
Oct 13 13:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26658]: Connection closed by 196.251.80.27 port 48208 [preauth]
Oct 13 13:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24879]: pam_unix(cron:session): session closed for user root
Oct 13 13:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26794]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26790]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26789]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26787]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26788]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26794]: pam_unix(cron:session): session closed for user root
Oct 13 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26787]: pam_unix(cron:session): session closed for user root
Oct 13 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26785]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.151  user=root
Oct 13 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: Failed password for root from 103.176.78.151 port 38466 ssh2
Oct 13 14:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: Received disconnect from 103.176.78.151 port 38466:11: Bye Bye [preauth]
Oct 13 14:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: Disconnected from 103.176.78.151 port 38466 [preauth]
Oct 13 14:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26984]: Successful su for rubyman by root
Oct 13 14:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26984]: + ??? root:rubyman
Oct 13 14:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405248 of user rubyman.
Oct 13 14:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26984]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405248.
Oct 13 14:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22620]: pam_unix(cron:session): session closed for user root
Oct 13 14:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26788]: pam_unix(cron:session): session closed for user root
Oct 13 14:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: Invalid user paulo from 177.75.6.242
Oct 13 14:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: input_userauth_request: invalid user paulo [preauth]
Oct 13 14:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.75.6.242
Oct 13 14:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: Failed password for invalid user paulo from 177.75.6.242 port 8819 ssh2
Oct 13 14:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: Received disconnect from 177.75.6.242 port 8819:11: Bye Bye [preauth]
Oct 13 14:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27375]: Disconnected from 177.75.6.242 port 8819 [preauth]
Oct 13 14:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26786]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session closed for user root
Oct 13 14:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 14:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27728]: Failed password for root from 80.211.129.128 port 52488 ssh2
Oct 13 14:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27728]: Connection closed by 80.211.129.128 port 52488 [preauth]
Oct 13 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27872]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27874]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27869]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27981]: Successful su for rubyman by root
Oct 13 14:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27981]: + ??? root:rubyman
Oct 13 14:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405254 of user rubyman.
Oct 13 14:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27981]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405254.
Oct 13 14:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23806]: pam_unix(cron:session): session closed for user root
Oct 13 14:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27871]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26190]: pam_unix(cron:session): session closed for user root
Oct 13 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28381]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28379]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28377]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28633]: Successful su for rubyman by root
Oct 13 14:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28633]: + ??? root:rubyman
Oct 13 14:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405257 of user rubyman.
Oct 13 14:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28633]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405257.
Oct 13 14:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28772]: Invalid user sonar from 177.92.162.241
Oct 13 14:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28772]: input_userauth_request: invalid user sonar [preauth]
Oct 13 14:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28772]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 14:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28772]: Failed password for invalid user sonar from 177.92.162.241 port 32736 ssh2
Oct 13 14:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28772]: Received disconnect from 177.92.162.241 port 32736:11: Bye Bye [preauth]
Oct 13 14:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28772]: Disconnected from 177.92.162.241 port 32736 [preauth]
Oct 13 14:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24384]: pam_unix(cron:session): session closed for user root
Oct 13 14:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.205.25  user=root
Oct 13 14:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28378]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29000]: Failed password for root from 80.211.205.25 port 38680 ssh2
Oct 13 14:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29000]: Connection closed by 80.211.205.25 port 38680 [preauth]
Oct 13 14:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.201.227  user=root
Oct 13 14:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29080]: Failed password for root from 80.211.201.227 port 51736 ssh2
Oct 13 14:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29080]: Connection closed by 80.211.201.227 port 51736 [preauth]
Oct 13 14:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26790]: pam_unix(cron:session): session closed for user root
Oct 13 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29221]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29220]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29218]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29305]: Successful su for rubyman by root
Oct 13 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29305]: + ??? root:rubyman
Oct 13 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405262 of user rubyman.
Oct 13 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29305]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405262.
Oct 13 14:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24878]: pam_unix(cron:session): session closed for user root
Oct 13 14:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29219]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: Invalid user badmin from 164.68.105.9
Oct 13 14:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: input_userauth_request: invalid user badmin [preauth]
Oct 13 14:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 14:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: Failed password for invalid user badmin from 164.68.105.9 port 47818 ssh2
Oct 13 14:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: Connection closed by 164.68.105.9 port 47818 [preauth]
Oct 13 14:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27874]: pam_unix(cron:session): session closed for user root
Oct 13 14:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: Did not receive identification string from 80.211.129.128
Oct 13 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29711]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29712]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29708]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29796]: Successful su for rubyman by root
Oct 13 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29796]: + ??? root:rubyman
Oct 13 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405266 of user rubyman.
Oct 13 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29796]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405266.
Oct 13 14:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25610]: pam_unix(cron:session): session closed for user root
Oct 13 14:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29710]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 14:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: Failed password for root from 194.182.86.152 port 57508 ssh2
Oct 13 14:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: Connection closed by 194.182.86.152 port 57508 [preauth]
Oct 13 14:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28381]: pam_unix(cron:session): session closed for user root
Oct 13 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30233]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30235]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30236]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30237]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30237]: pam_unix(cron:session): session closed for user root
Oct 13 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30231]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30337]: Successful su for rubyman by root
Oct 13 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30337]: + ??? root:rubyman
Oct 13 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405272 of user rubyman.
Oct 13 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30337]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405272.
Oct 13 14:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30233]: pam_unix(cron:session): session closed for user root
Oct 13 14:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26189]: pam_unix(cron:session): session closed for user root
Oct 13 14:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30232]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29221]: pam_unix(cron:session): session closed for user root
Oct 13 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30840]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30838]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30836]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30922]: Successful su for rubyman by root
Oct 13 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30922]: + ??? root:rubyman
Oct 13 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405276 of user rubyman.
Oct 13 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30922]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405276.
Oct 13 14:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26789]: pam_unix(cron:session): session closed for user root
Oct 13 14:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30837]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29712]: pam_unix(cron:session): session closed for user root
Oct 13 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31334]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31335]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31398]: Successful su for rubyman by root
Oct 13 14:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31398]: + ??? root:rubyman
Oct 13 14:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405282 of user rubyman.
Oct 13 14:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31398]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405282.
Oct 13 14:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 14:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31326]: Failed password for root from 194.182.86.152 port 43280 ssh2
Oct 13 14:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31326]: Connection closed by 194.182.86.152 port 43280 [preauth]
Oct 13 14:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: Did not receive identification string from 177.92.162.241
Oct 13 14:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27872]: pam_unix(cron:session): session closed for user root
Oct 13 14:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31333]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30236]: pam_unix(cron:session): session closed for user root
Oct 13 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31952]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31954]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31949]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32026]: Successful su for rubyman by root
Oct 13 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32026]: + ??? root:rubyman
Oct 13 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32026]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405284 of user rubyman.
Oct 13 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32026]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405284.
Oct 13 14:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28379]: pam_unix(cron:session): session closed for user root
Oct 13 14:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31951]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30840]: pam_unix(cron:session): session closed for user root
Oct 13 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32485]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32480]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32482]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32662]: Successful su for rubyman by root
Oct 13 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32662]: + ??? root:rubyman
Oct 13 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405288 of user rubyman.
Oct 13 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32662]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405288.
Oct 13 14:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32480]: pam_unix(cron:session): session closed for user root
Oct 13 14:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29220]: pam_unix(cron:session): session closed for user root
Oct 13 14:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32484]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31335]: pam_unix(cron:session): session closed for user root
Oct 13 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[604]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[602]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[605]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[603]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[605]: pam_unix(cron:session): session closed for user root
Oct 13 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[600]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[680]: Successful su for rubyman by root
Oct 13 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[680]: + ??? root:rubyman
Oct 13 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405292 of user rubyman.
Oct 13 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[680]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405292.
Oct 13 14:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[602]: pam_unix(cron:session): session closed for user root
Oct 13 14:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29711]: pam_unix(cron:session): session closed for user root
Oct 13 14:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[601]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31954]: pam_unix(cron:session): session closed for user root
Oct 13 14:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 14:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: Failed password for root from 194.182.86.152 port 37124 ssh2
Oct 13 14:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: Connection closed by 194.182.86.152 port 37124 [preauth]
Oct 13 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1201]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1200]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1197]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1283]: Successful su for rubyman by root
Oct 13 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1283]: + ??? root:rubyman
Oct 13 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405298 of user rubyman.
Oct 13 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1283]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405298.
Oct 13 14:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30235]: pam_unix(cron:session): session closed for user root
Oct 13 14:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 14:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1198]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: Failed password for root from 194.182.86.152 port 35062 ssh2
Oct 13 14:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1531]: Connection closed by 194.182.86.152 port 35062 [preauth]
Oct 13 14:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: Did not receive identification string from 80.211.129.128
Oct 13 14:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session closed for user root
Oct 13 14:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1671]: Invalid user nexus from 177.92.162.241
Oct 13 14:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1671]: input_userauth_request: invalid user nexus [preauth]
Oct 13 14:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1671]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 14:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1671]: Failed password for invalid user nexus from 177.92.162.241 port 39154 ssh2
Oct 13 14:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1671]: Received disconnect from 177.92.162.241 port 39154:11: Bye Bye [preauth]
Oct 13 14:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1671]: Disconnected from 177.92.162.241 port 39154 [preauth]
Oct 13 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1706]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1704]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1793]: Successful su for rubyman by root
Oct 13 14:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1793]: + ??? root:rubyman
Oct 13 14:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405303 of user rubyman.
Oct 13 14:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1793]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405303.
Oct 13 14:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30838]: pam_unix(cron:session): session closed for user root
Oct 13 14:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1705]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[604]: pam_unix(cron:session): session closed for user root
Oct 13 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2278]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2280]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2276]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2342]: Successful su for rubyman by root
Oct 13 14:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2342]: + ??? root:rubyman
Oct 13 14:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405307 of user rubyman.
Oct 13 14:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2342]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405307.
Oct 13 14:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31334]: pam_unix(cron:session): session closed for user root
Oct 13 14:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2277]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1201]: pam_unix(cron:session): session closed for user root
Oct 13 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2714]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2715]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2711]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2712]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2711]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2787]: Successful su for rubyman by root
Oct 13 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2787]: + ??? root:rubyman
Oct 13 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405310 of user rubyman.
Oct 13 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2787]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405310.
Oct 13 14:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31952]: pam_unix(cron:session): session closed for user root
Oct 13 14:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2712]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 14:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: Failed password for root from 80.211.129.128 port 39502 ssh2
Oct 13 14:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: Connection closed by 80.211.129.128 port 39502 [preauth]
Oct 13 14:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session closed for user root
Oct 13 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3166]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3163]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3165]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3162]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3166]: pam_unix(cron:session): session closed for user root
Oct 13 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3160]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3238]: Successful su for rubyman by root
Oct 13 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3238]: + ??? root:rubyman
Oct 13 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405318 of user rubyman.
Oct 13 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3238]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405318.
Oct 13 14:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3162]: pam_unix(cron:session): session closed for user root
Oct 13 14:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32485]: pam_unix(cron:session): session closed for user root
Oct 13 14:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3161]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2280]: pam_unix(cron:session): session closed for user root
Oct 13 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3656]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3655]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3653]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3740]: Successful su for rubyman by root
Oct 13 14:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3740]: + ??? root:rubyman
Oct 13 14:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405320 of user rubyman.
Oct 13 14:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3740]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405320.
Oct 13 14:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[603]: pam_unix(cron:session): session closed for user root
Oct 13 14:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3654]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2715]: pam_unix(cron:session): session closed for user root
Oct 13 14:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Invalid user tim from 177.92.162.241
Oct 13 14:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: input_userauth_request: invalid user tim [preauth]
Oct 13 14:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 14:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Failed password for invalid user tim from 177.92.162.241 port 24389 ssh2
Oct 13 14:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Received disconnect from 177.92.162.241 port 24389:11: Bye Bye [preauth]
Oct 13 14:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Disconnected from 177.92.162.241 port 24389 [preauth]
Oct 13 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4132]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4131]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4133]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4125]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4125]: pam_unix(cron:session): session closed for user root
Oct 13 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4130]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4249]: Successful su for rubyman by root
Oct 13 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4249]: + ??? root:rubyman
Oct 13 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405324 of user rubyman.
Oct 13 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4249]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405324.
Oct 13 14:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1200]: pam_unix(cron:session): session closed for user root
Oct 13 14:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4131]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 14:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: Failed password for root from 194.182.86.152 port 42914 ssh2
Oct 13 14:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: Connection closed by 194.182.86.152 port 42914 [preauth]
Oct 13 14:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3165]: pam_unix(cron:session): session closed for user root
Oct 13 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4684]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4683]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4680]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4748]: Successful su for rubyman by root
Oct 13 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4748]: + ??? root:rubyman
Oct 13 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405330 of user rubyman.
Oct 13 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4748]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405330.
Oct 13 14:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1706]: pam_unix(cron:session): session closed for user root
Oct 13 14:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4682]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3656]: pam_unix(cron:session): session closed for user root
Oct 13 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5626]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5621]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5625]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5621]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5696]: Successful su for rubyman by root
Oct 13 14:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5696]: + ??? root:rubyman
Oct 13 14:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405334 of user rubyman.
Oct 13 14:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5696]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405334.
Oct 13 14:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2278]: pam_unix(cron:session): session closed for user root
Oct 13 14:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5623]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4133]: pam_unix(cron:session): session closed for user root
Oct 13 14:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 14:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: Failed password for root from 194.182.86.152 port 56024 ssh2
Oct 13 14:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: Connection closed by 194.182.86.152 port 56024 [preauth]
Oct 13 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6090]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6091]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6088]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6089]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6091]: pam_unix(cron:session): session closed for user root
Oct 13 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6086]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6177]: Successful su for rubyman by root
Oct 13 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6177]: + ??? root:rubyman
Oct 13 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405337 of user rubyman.
Oct 13 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6177]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405337.
Oct 13 14:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6088]: pam_unix(cron:session): session closed for user root
Oct 13 14:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2714]: pam_unix(cron:session): session closed for user root
Oct 13 14:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6087]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4684]: pam_unix(cron:session): session closed for user root
Oct 13 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6597]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6598]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6594]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6758]: Successful su for rubyman by root
Oct 13 14:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6758]: + ??? root:rubyman
Oct 13 14:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405343 of user rubyman.
Oct 13 14:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6758]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405343.
Oct 13 14:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3163]: pam_unix(cron:session): session closed for user root
Oct 13 14:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6596]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241  user=root
Oct 13 14:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7035]: Failed password for root from 177.92.162.241 port 50127 ssh2
Oct 13 14:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7035]: Received disconnect from 177.92.162.241 port 50127:11: Bye Bye [preauth]
Oct 13 14:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7035]: Disconnected from 177.92.162.241 port 50127 [preauth]
Oct 13 14:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5626]: pam_unix(cron:session): session closed for user root
Oct 13 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7229]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7226]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7224]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7294]: Successful su for rubyman by root
Oct 13 14:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7294]: + ??? root:rubyman
Oct 13 14:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7294]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405348 of user rubyman.
Oct 13 14:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7294]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405348.
Oct 13 14:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3655]: pam_unix(cron:session): session closed for user root
Oct 13 14:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7506]: Bad protocol version identification '\026\003\001' from 195.178.110.15 port 50784
Oct 13 14:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7508]: Bad protocol version identification 'GET / HTTP/1.1' from 195.178.110.15 port 50800
Oct 13 14:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7225]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6090]: pam_unix(cron:session): session closed for user root
Oct 13 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7680]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7678]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7675]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7758]: Successful su for rubyman by root
Oct 13 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7758]: + ??? root:rubyman
Oct 13 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405351 of user rubyman.
Oct 13 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7758]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405351.
Oct 13 14:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4132]: pam_unix(cron:session): session closed for user root
Oct 13 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7677]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6598]: pam_unix(cron:session): session closed for user root
Oct 13 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8590]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8589]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8587]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8666]: Successful su for rubyman by root
Oct 13 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8666]: + ??? root:rubyman
Oct 13 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405355 of user rubyman.
Oct 13 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8666]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405355.
Oct 13 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4683]: pam_unix(cron:session): session closed for user root
Oct 13 14:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8588]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74  user=root
Oct 13 14:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9035]: Failed password for root from 78.128.112.74 port 45292 ssh2
Oct 13 14:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9035]: Connection closed by 78.128.112.74 port 45292 [preauth]
Oct 13 14:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7229]: pam_unix(cron:session): session closed for user root
Oct 13 14:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9269]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9270]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9268]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9271]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9271]: pam_unix(cron:session): session closed for user root
Oct 13 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9266]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9362]: Successful su for rubyman by root
Oct 13 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9362]: + ??? root:rubyman
Oct 13 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405363 of user rubyman.
Oct 13 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9362]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405363.
Oct 13 14:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9261]: Failed password for root from 194.182.86.152 port 38864 ssh2
Oct 13 14:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9261]: Connection closed by 194.182.86.152 port 38864 [preauth]
Oct 13 14:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9268]: pam_unix(cron:session): session closed for user root
Oct 13 14:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5625]: pam_unix(cron:session): session closed for user root
Oct 13 14:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9628]: Did not receive identification string from 80.211.129.128
Oct 13 14:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9267]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7680]: pam_unix(cron:session): session closed for user root
Oct 13 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9936]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9937]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9935]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9934]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9934]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10016]: Successful su for rubyman by root
Oct 13 14:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10016]: + ??? root:rubyman
Oct 13 14:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405368 of user rubyman.
Oct 13 14:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10016]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405368.
Oct 13 14:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6089]: pam_unix(cron:session): session closed for user root
Oct 13 14:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9935]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: Invalid user csgoserver from 177.92.162.241
Oct 13 14:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: input_userauth_request: invalid user csgoserver [preauth]
Oct 13 14:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 14:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: Failed password for invalid user csgoserver from 177.92.162.241 port 44230 ssh2
Oct 13 14:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: Received disconnect from 177.92.162.241 port 44230:11: Bye Bye [preauth]
Oct 13 14:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10319]: Disconnected from 177.92.162.241 port 44230 [preauth]
Oct 13 14:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8590]: pam_unix(cron:session): session closed for user root
Oct 13 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10425]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10426]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10422]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10499]: Successful su for rubyman by root
Oct 13 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10499]: + ??? root:rubyman
Oct 13 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405370 of user rubyman.
Oct 13 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10499]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405370.
Oct 13 14:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6597]: pam_unix(cron:session): session closed for user root
Oct 13 14:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10423]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9270]: pam_unix(cron:session): session closed for user root
Oct 13 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10898]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10899]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10895]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10964]: Successful su for rubyman by root
Oct 13 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10964]: + ??? root:rubyman
Oct 13 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405374 of user rubyman.
Oct 13 14:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10964]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405374.
Oct 13 14:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7226]: pam_unix(cron:session): session closed for user root
Oct 13 14:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10896]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9937]: pam_unix(cron:session): session closed for user root
Oct 13 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11344]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11343]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11340]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11340]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11415]: Successful su for rubyman by root
Oct 13 14:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11415]: + ??? root:rubyman
Oct 13 14:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405378 of user rubyman.
Oct 13 14:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11415]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405378.
Oct 13 14:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7678]: pam_unix(cron:session): session closed for user root
Oct 13 14:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11342]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10426]: pam_unix(cron:session): session closed for user root
Oct 13 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11915]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11912]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11913]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11914]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11915]: pam_unix(cron:session): session closed for user root
Oct 13 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11909]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11987]: Successful su for rubyman by root
Oct 13 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11987]: + ??? root:rubyman
Oct 13 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11987]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405385 of user rubyman.
Oct 13 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11987]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405385.
Oct 13 14:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11912]: pam_unix(cron:session): session closed for user root
Oct 13 14:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8589]: pam_unix(cron:session): session closed for user root
Oct 13 14:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11911]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10899]: pam_unix(cron:session): session closed for user root
Oct 13 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12418]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12417]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12415]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12501]: Successful su for rubyman by root
Oct 13 14:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12501]: + ??? root:rubyman
Oct 13 14:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405388 of user rubyman.
Oct 13 14:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12501]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405388.
Oct 13 14:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9269]: pam_unix(cron:session): session closed for user root
Oct 13 14:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12416]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12803]: Did not receive identification string from 177.92.162.241
Oct 13 14:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11344]: pam_unix(cron:session): session closed for user root
Oct 13 14:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: Bad protocol version identification '\026\003\001\001\027\001' from 128.14.239.39 port 52202
Oct 13 14:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12922]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12921]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12915]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 13 14:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13014]: Successful su for rubyman by root
Oct 13 14:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13014]: + ??? root:rubyman
Oct 13 14:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405391 of user rubyman.
Oct 13 14:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13014]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405391.
Oct 13 14:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: Failed password for root from 62.60.131.157 port 61778 ssh2
Oct 13 14:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: message repeated 3 times: [ Failed password for root from 62.60.131.157 port 61778 ssh2]
Oct 13 14:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9936]: pam_unix(cron:session): session closed for user root
Oct 13 14:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: Failed password for root from 62.60.131.157 port 61778 ssh2
Oct 13 14:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: Received disconnect from 62.60.131.157 port 61778:11: Bye [preauth]
Oct 13 14:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: Disconnected from 62.60.131.157 port 61778 [preauth]
Oct 13 14:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 13 14:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 14:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: Did not receive identification string from 128.14.239.39
Oct 13 14:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13232]: Connection closed by 128.14.239.39 port 41322 [preauth]
Oct 13 14:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: Protocol major versions differ for 128.14.239.39: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Server
Oct 13 14:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11914]: pam_unix(cron:session): session closed for user root
Oct 13 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13519]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13520]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13517]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13588]: Successful su for rubyman by root
Oct 13 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13588]: + ??? root:rubyman
Oct 13 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405395 of user rubyman.
Oct 13 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13588]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405395.
Oct 13 14:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10425]: pam_unix(cron:session): session closed for user root
Oct 13 14:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13518]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12418]: pam_unix(cron:session): session closed for user root
Oct 13 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13992]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13991]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13988]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14146]: Successful su for rubyman by root
Oct 13 14:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14146]: + ??? root:rubyman
Oct 13 14:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405402 of user rubyman.
Oct 13 14:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14146]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405402.
Oct 13 14:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10898]: pam_unix(cron:session): session closed for user root
Oct 13 14:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13990]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12922]: pam_unix(cron:session): session closed for user root
Oct 13 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14518]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14520]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14519]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14517]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14516]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14520]: pam_unix(cron:session): session closed for user root
Oct 13 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14515]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14598]: Successful su for rubyman by root
Oct 13 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14598]: + ??? root:rubyman
Oct 13 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14598]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405405 of user rubyman.
Oct 13 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14598]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405405.
Oct 13 14:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14517]: pam_unix(cron:session): session closed for user root
Oct 13 14:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11343]: pam_unix(cron:session): session closed for user root
Oct 13 14:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14516]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241  user=root
Oct 13 14:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13520]: pam_unix(cron:session): session closed for user root
Oct 13 14:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: Failed password for root from 177.92.162.241 port 23301 ssh2
Oct 13 14:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: Received disconnect from 177.92.162.241 port 23301:11: Bye Bye [preauth]
Oct 13 14:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: Disconnected from 177.92.162.241 port 23301 [preauth]
Oct 13 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15017]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15013]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15012]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15183]: Successful su for rubyman by root
Oct 13 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15183]: + ??? root:rubyman
Oct 13 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405410 of user rubyman.
Oct 13 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15183]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405410.
Oct 13 14:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11913]: pam_unix(cron:session): session closed for user root
Oct 13 14:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 14:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15406]: Failed password for root from 194.182.86.152 port 60418 ssh2
Oct 13 14:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15406]: Connection closed by 194.182.86.152 port 60418 [preauth]
Oct 13 14:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15013]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13992]: pam_unix(cron:session): session closed for user root
Oct 13 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15572]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15571]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15569]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15649]: Successful su for rubyman by root
Oct 13 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15649]: + ??? root:rubyman
Oct 13 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405414 of user rubyman.
Oct 13 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15649]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405414.
Oct 13 14:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12417]: pam_unix(cron:session): session closed for user root
Oct 13 14:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15570]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14519]: pam_unix(cron:session): session closed for user root
Oct 13 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16031]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16030]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16027]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16096]: Successful su for rubyman by root
Oct 13 14:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16096]: + ??? root:rubyman
Oct 13 14:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405418 of user rubyman.
Oct 13 14:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16096]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405418.
Oct 13 14:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12921]: pam_unix(cron:session): session closed for user root
Oct 13 14:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16029]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15017]: pam_unix(cron:session): session closed for user root
Oct 13 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16482]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16483]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16475]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16480]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16662]: Successful su for rubyman by root
Oct 13 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16662]: + ??? root:rubyman
Oct 13 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405422 of user rubyman.
Oct 13 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16662]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405422.
Oct 13 14:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16475]: pam_unix(cron:session): session closed for user root
Oct 13 14:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13519]: pam_unix(cron:session): session closed for user root
Oct 13 14:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16481]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: Invalid user dreambox from 177.92.162.241
Oct 13 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: input_userauth_request: invalid user dreambox [preauth]
Oct 13 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 14:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: Failed password for invalid user dreambox from 177.92.162.241 port 1092 ssh2
Oct 13 14:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: Received disconnect from 177.92.162.241 port 1092:11: Bye Bye [preauth]
Oct 13 14:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16949]: Disconnected from 177.92.162.241 port 1092 [preauth]
Oct 13 14:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15572]: pam_unix(cron:session): session closed for user root
Oct 13 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17053]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17051]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17050]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17052]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17049]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17053]: pam_unix(cron:session): session closed for user root
Oct 13 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17048]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17141]: Successful su for rubyman by root
Oct 13 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17141]: + ??? root:rubyman
Oct 13 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405430 of user rubyman.
Oct 13 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17141]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405430.
Oct 13 14:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17050]: pam_unix(cron:session): session closed for user root
Oct 13 14:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13991]: pam_unix(cron:session): session closed for user root
Oct 13 14:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17049]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 14:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: Failed password for root from 80.211.129.128 port 58968 ssh2
Oct 13 14:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: Connection closed by 80.211.129.128 port 58968 [preauth]
Oct 13 14:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16031]: pam_unix(cron:session): session closed for user root
Oct 13 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17543]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17542]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17541]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17540]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17540]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17626]: Successful su for rubyman by root
Oct 13 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17626]: + ??? root:rubyman
Oct 13 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405434 of user rubyman.
Oct 13 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17626]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405434.
Oct 13 14:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14518]: pam_unix(cron:session): session closed for user root
Oct 13 14:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17541]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16483]: pam_unix(cron:session): session closed for user root
Oct 13 14:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 14:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: Failed password for root from 80.211.129.128 port 41888 ssh2
Oct 13 14:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18038]: Connection closed by 80.211.129.128 port 41888 [preauth]
Oct 13 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18118]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18115]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18113]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18297]: Successful su for rubyman by root
Oct 13 14:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18297]: + ??? root:rubyman
Oct 13 14:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405436 of user rubyman.
Oct 13 14:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18297]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405436.
Oct 13 14:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session closed for user root
Oct 13 14:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18114]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17052]: pam_unix(cron:session): session closed for user root
Oct 13 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18808]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18809]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18805]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18886]: Successful su for rubyman by root
Oct 13 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18886]: + ??? root:rubyman
Oct 13 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405443 of user rubyman.
Oct 13 14:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18886]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405443.
Oct 13 14:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15571]: pam_unix(cron:session): session closed for user root
Oct 13 14:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18806]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: Invalid user tms from 177.92.162.241
Oct 13 14:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: input_userauth_request: invalid user tms [preauth]
Oct 13 14:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 14:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: Failed password for invalid user tms from 177.92.162.241 port 62601 ssh2
Oct 13 14:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: Received disconnect from 177.92.162.241 port 62601:11: Bye Bye [preauth]
Oct 13 14:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: Disconnected from 177.92.162.241 port 62601 [preauth]
Oct 13 14:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17543]: pam_unix(cron:session): session closed for user root
Oct 13 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19612]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19614]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19609]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19792]: Successful su for rubyman by root
Oct 13 14:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19792]: + ??? root:rubyman
Oct 13 14:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405447 of user rubyman.
Oct 13 14:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19792]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405447.
Oct 13 14:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16030]: pam_unix(cron:session): session closed for user root
Oct 13 14:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: Invalid user admin from 62.60.131.157
Oct 13 14:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: input_userauth_request: invalid user admin [preauth]
Oct 13 14:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 14:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19610]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: Failed password for invalid user admin from 62.60.131.157 port 62787 ssh2
Oct 13 14:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: Failed password for invalid user admin from 62.60.131.157 port 62787 ssh2
Oct 13 14:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: Failed password for invalid user admin from 62.60.131.157 port 62787 ssh2
Oct 13 14:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: Failed password for invalid user admin from 62.60.131.157 port 62787 ssh2
Oct 13 14:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: Failed password for invalid user admin from 62.60.131.157 port 62787 ssh2
Oct 13 14:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: Received disconnect from 62.60.131.157 port 62787:11: Bye [preauth]
Oct 13 14:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: Disconnected from 62.60.131.157 port 62787 [preauth]
Oct 13 14:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 14:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: PAM service(sshd) ignoring max retries; 4 > 3
Oct 13 14:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18118]: pam_unix(cron:session): session closed for user root
Oct 13 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20272]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20273]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20270]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20268]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20273]: pam_unix(cron:session): session closed for user root
Oct 13 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20266]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20344]: Successful su for rubyman by root
Oct 13 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20344]: + ??? root:rubyman
Oct 13 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405448 of user rubyman.
Oct 13 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20344]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405448.
Oct 13 14:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20268]: pam_unix(cron:session): session closed for user root
Oct 13 14:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16482]: pam_unix(cron:session): session closed for user root
Oct 13 14:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20267]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18809]: pam_unix(cron:session): session closed for user root
Oct 13 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20765]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20775]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20771]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20762]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20762]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20854]: Successful su for rubyman by root
Oct 13 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20854]: + ??? root:rubyman
Oct 13 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405454 of user rubyman.
Oct 13 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20854]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405454.
Oct 13 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20771]: pam_unix(cron:session): session closed for user root
Oct 13 14:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17051]: pam_unix(cron:session): session closed for user root
Oct 13 14:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20764]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19614]: pam_unix(cron:session): session closed for user root
Oct 13 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21222]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21223]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21220]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21317]: Successful su for rubyman by root
Oct 13 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21317]: + ??? root:rubyman
Oct 13 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405459 of user rubyman.
Oct 13 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21317]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405459.
Oct 13 14:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17542]: pam_unix(cron:session): session closed for user root
Oct 13 14:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21572]: Invalid user samson from 177.92.162.241
Oct 13 14:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21572]: input_userauth_request: invalid user samson [preauth]
Oct 13 14:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21572]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 14:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21221]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21572]: Failed password for invalid user samson from 177.92.162.241 port 44361 ssh2
Oct 13 14:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21572]: Received disconnect from 177.92.162.241 port 44361:11: Bye Bye [preauth]
Oct 13 14:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21572]: Disconnected from 177.92.162.241 port 44361 [preauth]
Oct 13 14:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 14:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: Failed password for root from 194.182.86.152 port 41838 ssh2
Oct 13 14:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: Connection closed by 194.182.86.152 port 41838 [preauth]
Oct 13 14:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20272]: pam_unix(cron:session): session closed for user root
Oct 13 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21762]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21763]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21760]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21829]: Successful su for rubyman by root
Oct 13 14:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21829]: + ??? root:rubyman
Oct 13 14:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405465 of user rubyman.
Oct 13 14:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21829]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405465.
Oct 13 14:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18115]: pam_unix(cron:session): session closed for user root
Oct 13 14:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21761]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: Invalid user admin from 2.57.121.112
Oct 13 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: input_userauth_request: invalid user admin [preauth]
Oct 13 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 14:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: Failed password for invalid user admin from 2.57.121.112 port 31405 ssh2
Oct 13 14:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: Failed password for invalid user admin from 2.57.121.112 port 31405 ssh2
Oct 13 14:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: Failed password for invalid user admin from 2.57.121.112 port 31405 ssh2
Oct 13 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20775]: pam_unix(cron:session): session closed for user root
Oct 13 14:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: Failed password for invalid user admin from 2.57.121.112 port 31405 ssh2
Oct 13 14:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: Failed password for invalid user admin from 2.57.121.112 port 31405 ssh2
Oct 13 14:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: Received disconnect from 2.57.121.112 port 31405:11: Bye [preauth]
Oct 13 14:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: Disconnected from 2.57.121.112 port 31405 [preauth]
Oct 13 14:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 14:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22260]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22261]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22255]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22334]: Successful su for rubyman by root
Oct 13 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22334]: + ??? root:rubyman
Oct 13 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22334]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405468 of user rubyman.
Oct 13 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22334]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405468.
Oct 13 14:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18808]: pam_unix(cron:session): session closed for user root
Oct 13 14:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22259]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22502]: Did not receive identification string from 223.29.201.213
Oct 13 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: Invalid user wqmarlduiqkmgs from 223.29.201.213
Oct 13 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: input_userauth_request: invalid user wqmarlduiqkmgs [preauth]
Oct 13 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: fatal: ssh_packet_get_string: incomplete message [preauth]
Oct 13 14:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21223]: pam_unix(cron:session): session closed for user root
Oct 13 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22920]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22922]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22921]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22919]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22922]: pam_unix(cron:session): session closed for user root
Oct 13 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22917]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23141]: Successful su for rubyman by root
Oct 13 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23141]: + ??? root:rubyman
Oct 13 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405473 of user rubyman.
Oct 13 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23141]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405473.
Oct 13 14:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22919]: pam_unix(cron:session): session closed for user root
Oct 13 14:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19612]: pam_unix(cron:session): session closed for user root
Oct 13 14:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22918]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21763]: pam_unix(cron:session): session closed for user root
Oct 13 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23930]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23927]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23925]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24020]: Successful su for rubyman by root
Oct 13 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24020]: + ??? root:rubyman
Oct 13 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24020]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405477 of user rubyman.
Oct 13 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24020]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405477.
Oct 13 14:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20270]: pam_unix(cron:session): session closed for user root
Oct 13 14:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: Invalid user ftproot from 177.92.162.241
Oct 13 14:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: input_userauth_request: invalid user ftproot [preauth]
Oct 13 14:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 14:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: Failed password for invalid user ftproot from 177.92.162.241 port 31048 ssh2
Oct 13 14:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: Received disconnect from 177.92.162.241 port 31048:11: Bye Bye [preauth]
Oct 13 14:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24253]: Disconnected from 177.92.162.241 port 31048 [preauth]
Oct 13 14:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23926]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22261]: pam_unix(cron:session): session closed for user root
Oct 13 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24467]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24468]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24463]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24553]: Successful su for rubyman by root
Oct 13 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24553]: + ??? root:rubyman
Oct 13 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405482 of user rubyman.
Oct 13 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24553]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405482.
Oct 13 14:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20765]: pam_unix(cron:session): session closed for user root
Oct 13 14:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24465]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22921]: pam_unix(cron:session): session closed for user root
Oct 13 14:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 14:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: Failed password for root from 194.182.86.152 port 49868 ssh2
Oct 13 14:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: Connection closed by 194.182.86.152 port 49868 [preauth]
Oct 13 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24940]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24941]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24938]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25028]: Successful su for rubyman by root
Oct 13 14:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25028]: + ??? root:rubyman
Oct 13 14:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405486 of user rubyman.
Oct 13 14:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25028]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405486.
Oct 13 14:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21222]: pam_unix(cron:session): session closed for user root
Oct 13 14:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24939]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23930]: pam_unix(cron:session): session closed for user root
Oct 13 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25656]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25657]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25654]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25727]: Successful su for rubyman by root
Oct 13 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25727]: + ??? root:rubyman
Oct 13 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405489 of user rubyman.
Oct 13 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25727]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405489.
Oct 13 14:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21762]: pam_unix(cron:session): session closed for user root
Oct 13 14:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25655]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24468]: pam_unix(cron:session): session closed for user root
Oct 13 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26226]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26228]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26224]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26227]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26228]: pam_unix(cron:session): session closed for user root
Oct 13 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26221]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26307]: Successful su for rubyman by root
Oct 13 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26307]: + ??? root:rubyman
Oct 13 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405497 of user rubyman.
Oct 13 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26307]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405497.
Oct 13 14:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26224]: pam_unix(cron:session): session closed for user root
Oct 13 14:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22260]: pam_unix(cron:session): session closed for user root
Oct 13 14:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241  user=root
Oct 13 14:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: Failed password for root from 177.92.162.241 port 17460 ssh2
Oct 13 14:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: Received disconnect from 177.92.162.241 port 17460:11: Bye Bye [preauth]
Oct 13 14:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: Disconnected from 177.92.162.241 port 17460 [preauth]
Oct 13 14:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26223]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24941]: pam_unix(cron:session): session closed for user root
Oct 13 14:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: Invalid user user from 62.60.131.157
Oct 13 14:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: input_userauth_request: invalid user user [preauth]
Oct 13 14:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: Failed password for invalid user user from 62.60.131.157 port 32932 ssh2
Oct 13 14:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: Failed password for invalid user user from 62.60.131.157 port 32932 ssh2
Oct 13 14:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: Failed password for invalid user user from 62.60.131.157 port 32932 ssh2
Oct 13 14:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: Failed password for invalid user user from 62.60.131.157 port 32932 ssh2
Oct 13 14:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: Failed password for invalid user user from 62.60.131.157 port 32932 ssh2
Oct 13 14:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: Received disconnect from 62.60.131.157 port 32932:11: Bye [preauth]
Oct 13 14:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: Disconnected from 62.60.131.157 port 32932 [preauth]
Oct 13 14:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 14:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26823]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26879]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26877]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26872]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26872]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27039]: Successful su for rubyman by root
Oct 13 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27039]: + ??? root:rubyman
Oct 13 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405499 of user rubyman.
Oct 13 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27039]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405499.
Oct 13 14:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22920]: pam_unix(cron:session): session closed for user root
Oct 13 14:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26873]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25657]: pam_unix(cron:session): session closed for user root
Oct 13 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27720]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27718]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27712]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27710]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27905]: Successful su for rubyman by root
Oct 13 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27905]: + ??? root:rubyman
Oct 13 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405504 of user rubyman.
Oct 13 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27905]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405504.
Oct 13 14:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124  user=root
Oct 13 14:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23927]: pam_unix(cron:session): session closed for user root
Oct 13 14:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 14:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: Failed password for root from 138.68.58.124 port 36036 ssh2
Oct 13 14:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: Connection closed by 138.68.58.124 port 36036 [preauth]
Oct 13 14:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: Failed password for root from 194.182.86.152 port 38470 ssh2
Oct 13 14:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: Connection closed by 194.182.86.152 port 38470 [preauth]
Oct 13 14:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27712]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26227]: pam_unix(cron:session): session closed for user root
Oct 13 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28299]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28294]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28388]: Successful su for rubyman by root
Oct 13 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28388]: + ??? root:rubyman
Oct 13 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405507 of user rubyman.
Oct 13 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28388]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405507.
Oct 13 14:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24467]: pam_unix(cron:session): session closed for user root
Oct 13 14:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28298]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26879]: pam_unix(cron:session): session closed for user root
Oct 13 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29134]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29135]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29131]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29131]: pam_unix(cron:session): session closed for user p13x
Oct 13 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29215]: Successful su for rubyman by root
Oct 13 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29215]: + ??? root:rubyman
Oct 13 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405512 of user rubyman.
Oct 13 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29215]: pam_unix(su:session): session closed for user rubyman
Oct 13 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405512.
Oct 13 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: Invalid user ookla from 177.92.162.241
Oct 13 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: input_userauth_request: invalid user ookla [preauth]
Oct 13 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 14:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: Failed password for invalid user ookla from 177.92.162.241 port 52264 ssh2
Oct 13 14:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: Received disconnect from 177.92.162.241 port 52264:11: Bye Bye [preauth]
Oct 13 14:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: Disconnected from 177.92.162.241 port 52264 [preauth]
Oct 13 14:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24940]: pam_unix(cron:session): session closed for user root
Oct 13 14:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29133]: pam_unix(cron:session): session closed for user samftp
Oct 13 14:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27720]: pam_unix(cron:session): session closed for user root
Oct 13 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29643]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29639]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29641]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29644]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29642]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29639]: pam_unix(cron:session): session closed for user root
Oct 13 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29644]: pam_unix(cron:session): session closed for user root
Oct 13 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29769]: Successful su for rubyman by root
Oct 13 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29769]: + ??? root:rubyman
Oct 13 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405515 of user rubyman.
Oct 13 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29769]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405515.
Oct 13 15:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29641]: pam_unix(cron:session): session closed for user root
Oct 13 15:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25656]: pam_unix(cron:session): session closed for user root
Oct 13 15:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29635]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session closed for user root
Oct 13 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30279]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30278]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30276]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30378]: Successful su for rubyman by root
Oct 13 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30378]: + ??? root:rubyman
Oct 13 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405525 of user rubyman.
Oct 13 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30378]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405525.
Oct 13 15:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26226]: pam_unix(cron:session): session closed for user root
Oct 13 15:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30277]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29135]: pam_unix(cron:session): session closed for user root
Oct 13 15:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Invalid user user from 2.57.121.112
Oct 13 15:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: input_userauth_request: invalid user user [preauth]
Oct 13 15:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30853]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30850]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30847]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Failed password for invalid user user from 2.57.121.112 port 64102 ssh2
Oct 13 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30929]: Successful su for rubyman by root
Oct 13 15:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30929]: + ??? root:rubyman
Oct 13 15:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405527 of user rubyman.
Oct 13 15:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30929]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405527.
Oct 13 15:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Failed password for invalid user user from 2.57.121.112 port 64102 ssh2
Oct 13 15:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Failed password for invalid user user from 2.57.121.112 port 64102 ssh2
Oct 13 15:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26877]: pam_unix(cron:session): session closed for user root
Oct 13 15:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Failed password for invalid user user from 2.57.121.112 port 64102 ssh2
Oct 13 15:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Failed password for invalid user user from 2.57.121.112 port 64102 ssh2
Oct 13 15:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Received disconnect from 2.57.121.112 port 64102:11: Bye [preauth]
Oct 13 15:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Disconnected from 2.57.121.112 port 64102 [preauth]
Oct 13 15:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 15:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 15:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: Invalid user admin from 2.57.121.25
Oct 13 15:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: input_userauth_request: invalid user admin [preauth]
Oct 13 15:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 15:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: Failed password for invalid user admin from 2.57.121.25 port 35542 ssh2
Oct 13 15:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: Failed password for invalid user admin from 2.57.121.25 port 35542 ssh2
Oct 13 15:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30848]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: Failed password for invalid user admin from 2.57.121.25 port 35542 ssh2
Oct 13 15:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: Failed password for invalid user admin from 2.57.121.25 port 35542 ssh2
Oct 13 15:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: Failed password for invalid user admin from 2.57.121.25 port 35542 ssh2
Oct 13 15:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: Received disconnect from 2.57.121.25 port 35542:11: Bye [preauth]
Oct 13 15:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: Disconnected from 2.57.121.25 port 35542 [preauth]
Oct 13 15:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 15:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 15:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29643]: pam_unix(cron:session): session closed for user root
Oct 13 15:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31300]: Did not receive identification string from 195.184.76.233
Oct 13 15:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31339]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31340]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31337]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31406]: Successful su for rubyman by root
Oct 13 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31406]: + ??? root:rubyman
Oct 13 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405533 of user rubyman.
Oct 13 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31406]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405533.
Oct 13 15:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31321]: Did not receive identification string from 195.184.76.10
Oct 13 15:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 15:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31335]: Failed password for root from 80.211.129.128 port 55818 ssh2
Oct 13 15:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31335]: Connection closed by 80.211.129.128 port 55818 [preauth]
Oct 13 15:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27718]: pam_unix(cron:session): session closed for user root
Oct 13 15:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31338]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30279]: pam_unix(cron:session): session closed for user root
Oct 13 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31952]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31954]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31949]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32034]: Successful su for rubyman by root
Oct 13 15:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32034]: + ??? root:rubyman
Oct 13 15:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405536 of user rubyman.
Oct 13 15:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32034]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405536.
Oct 13 15:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28299]: pam_unix(cron:session): session closed for user root
Oct 13 15:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31951]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.128.166  user=root
Oct 13 15:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32397]: Failed password for root from 124.198.128.166 port 52582 ssh2
Oct 13 15:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32397]: Connection closed by 124.198.128.166 port 52582 [preauth]
Oct 13 15:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30853]: pam_unix(cron:session): session closed for user root
Oct 13 15:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Invalid user david from 164.68.105.9
Oct 13 15:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: input_userauth_request: invalid user david [preauth]
Oct 13 15:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 15:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Failed password for invalid user david from 164.68.105.9 port 49076 ssh2
Oct 13 15:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Connection closed by 164.68.105.9 port 49076 [preauth]
Oct 13 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32492]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32496]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32493]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32495]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32496]: pam_unix(cron:session): session closed for user root
Oct 13 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32490]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32569]: Successful su for rubyman by root
Oct 13 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32569]: + ??? root:rubyman
Oct 13 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405538 of user rubyman.
Oct 13 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32569]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405538.
Oct 13 15:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32492]: pam_unix(cron:session): session closed for user root
Oct 13 15:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: Invalid user damaris from 2.57.121.112
Oct 13 15:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: input_userauth_request: invalid user damaris [preauth]
Oct 13 15:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 15:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29134]: pam_unix(cron:session): session closed for user root
Oct 13 15:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: Failed password for invalid user damaris from 2.57.121.112 port 63206 ssh2
Oct 13 15:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: Failed password for invalid user damaris from 2.57.121.112 port 63206 ssh2
Oct 13 15:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: Failed password for invalid user damaris from 2.57.121.112 port 63206 ssh2
Oct 13 15:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: Failed password for invalid user damaris from 2.57.121.112 port 63206 ssh2
Oct 13 15:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32491]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: Failed password for invalid user damaris from 2.57.121.112 port 63206 ssh2
Oct 13 15:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: Received disconnect from 2.57.121.112 port 63206:11: Bye [preauth]
Oct 13 15:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: Disconnected from 2.57.121.112 port 63206 [preauth]
Oct 13 15:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 15:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32697]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 15:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31340]: pam_unix(cron:session): session closed for user root
Oct 13 15:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: Received disconnect from 193.46.255.20 port 51414:11:  [preauth]
Oct 13 15:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: Disconnected from 193.46.255.20 port 51414 [preauth]
Oct 13 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[542]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[540]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[539]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[538]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[613]: Successful su for rubyman by root
Oct 13 15:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[613]: + ??? root:rubyman
Oct 13 15:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405544 of user rubyman.
Oct 13 15:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[613]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405544.
Oct 13 15:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29642]: pam_unix(cron:session): session closed for user root
Oct 13 15:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[539]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31954]: pam_unix(cron:session): session closed for user root
Oct 13 15:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: Invalid user ubuntu from 177.92.162.241
Oct 13 15:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 15:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 15:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: Failed password for invalid user ubuntu from 177.92.162.241 port 37622 ssh2
Oct 13 15:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: Received disconnect from 177.92.162.241 port 37622:11: Bye Bye [preauth]
Oct 13 15:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: Disconnected from 177.92.162.241 port 37622 [preauth]
Oct 13 15:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 15:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1097]: Failed password for root from 80.211.129.128 port 60884 ssh2
Oct 13 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1097]: Connection closed by 80.211.129.128 port 60884 [preauth]
Oct 13 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1113]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1112]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1110]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1180]: Successful su for rubyman by root
Oct 13 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1180]: + ??? root:rubyman
Oct 13 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405548 of user rubyman.
Oct 13 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1180]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405548.
Oct 13 15:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30278]: pam_unix(cron:session): session closed for user root
Oct 13 15:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1111]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 15:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1422]: Failed password for root from 194.182.86.152 port 54060 ssh2
Oct 13 15:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1422]: Connection closed by 194.182.86.152 port 54060 [preauth]
Oct 13 15:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1509]: Did not receive identification string from 217.81.121.166
Oct 13 15:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32495]: pam_unix(cron:session): session closed for user root
Oct 13 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1599]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1600]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1597]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1682]: Successful su for rubyman by root
Oct 13 15:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1682]: + ??? root:rubyman
Oct 13 15:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405555 of user rubyman.
Oct 13 15:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1682]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405555.
Oct 13 15:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30850]: pam_unix(cron:session): session closed for user root
Oct 13 15:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1598]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[542]: pam_unix(cron:session): session closed for user root
Oct 13 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2182]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2180]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2179]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2178]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2176]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2178]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2345]: Successful su for rubyman by root
Oct 13 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2345]: + ??? root:rubyman
Oct 13 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405556 of user rubyman.
Oct 13 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2345]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405556.
Oct 13 15:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2176]: pam_unix(cron:session): session closed for user root
Oct 13 15:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31339]: pam_unix(cron:session): session closed for user root
Oct 13 15:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2179]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1113]: pam_unix(cron:session): session closed for user root
Oct 13 15:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: Bad protocol version identification '\026\003\001' from 93.123.109.214 port 60884
Oct 13 15:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: Bad protocol version identification 'GET / HTTP/1.1' from 93.123.109.214 port 60896
Oct 13 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2735]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2734]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2732]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2733]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2735]: pam_unix(cron:session): session closed for user root
Oct 13 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2729]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2806]: Successful su for rubyman by root
Oct 13 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2806]: + ??? root:rubyman
Oct 13 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405562 of user rubyman.
Oct 13 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2806]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405562.
Oct 13 15:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2732]: pam_unix(cron:session): session closed for user root
Oct 13 15:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31952]: pam_unix(cron:session): session closed for user root
Oct 13 15:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2731]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1600]: pam_unix(cron:session): session closed for user root
Oct 13 15:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: Invalid user dreambox from 177.92.162.241
Oct 13 15:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: input_userauth_request: invalid user dreambox [preauth]
Oct 13 15:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 15:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: Failed password for invalid user dreambox from 177.92.162.241 port 23741 ssh2
Oct 13 15:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: Received disconnect from 177.92.162.241 port 23741:11: Bye Bye [preauth]
Oct 13 15:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: Disconnected from 177.92.162.241 port 23741 [preauth]
Oct 13 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3204]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3205]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3201]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3288]: Successful su for rubyman by root
Oct 13 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3288]: + ??? root:rubyman
Oct 13 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405569 of user rubyman.
Oct 13 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3288]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405569.
Oct 13 15:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32493]: pam_unix(cron:session): session closed for user root
Oct 13 15:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3202]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 15:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: Failed password for root from 194.182.86.152 port 36616 ssh2
Oct 13 15:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: Connection closed by 194.182.86.152 port 36616 [preauth]
Oct 13 15:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2182]: pam_unix(cron:session): session closed for user root
Oct 13 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3679]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3678]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3676]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3757]: Successful su for rubyman by root
Oct 13 15:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3757]: + ??? root:rubyman
Oct 13 15:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405571 of user rubyman.
Oct 13 15:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3757]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405571.
Oct 13 15:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[540]: pam_unix(cron:session): session closed for user root
Oct 13 15:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3677]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2734]: pam_unix(cron:session): session closed for user root
Oct 13 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4141]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4140]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4135]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4253]: Successful su for rubyman by root
Oct 13 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4253]: + ??? root:rubyman
Oct 13 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405576 of user rubyman.
Oct 13 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4253]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405576.
Oct 13 15:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1112]: pam_unix(cron:session): session closed for user root
Oct 13 15:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4139]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3205]: pam_unix(cron:session): session closed for user root
Oct 13 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4685]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4684]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4682]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4752]: Successful su for rubyman by root
Oct 13 15:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4752]: + ??? root:rubyman
Oct 13 15:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405581 of user rubyman.
Oct 13 15:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4752]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405581.
Oct 13 15:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1599]: pam_unix(cron:session): session closed for user root
Oct 13 15:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4683]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3679]: pam_unix(cron:session): session closed for user root
Oct 13 15:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241  user=root
Oct 13 15:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: Failed password for root from 177.92.162.241 port 319 ssh2
Oct 13 15:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: Received disconnect from 177.92.162.241 port 319:11: Bye Bye [preauth]
Oct 13 15:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: Disconnected from 177.92.162.241 port 319 [preauth]
Oct 13 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5631]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5630]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5633]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5632]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5633]: pam_unix(cron:session): session closed for user root
Oct 13 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5628]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5716]: Successful su for rubyman by root
Oct 13 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5716]: + ??? root:rubyman
Oct 13 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5716]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405585 of user rubyman.
Oct 13 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5716]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405585.
Oct 13 15:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5630]: pam_unix(cron:session): session closed for user root
Oct 13 15:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2180]: pam_unix(cron:session): session closed for user root
Oct 13 15:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5629]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4141]: pam_unix(cron:session): session closed for user root
Oct 13 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6133]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6130]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6128]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6218]: Successful su for rubyman by root
Oct 13 15:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6218]: + ??? root:rubyman
Oct 13 15:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405589 of user rubyman.
Oct 13 15:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6218]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405589.
Oct 13 15:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2733]: pam_unix(cron:session): session closed for user root
Oct 13 15:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6129]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4685]: pam_unix(cron:session): session closed for user root
Oct 13 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6687]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6690]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6692]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6623]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6623]: pam_unix(cron:session): session closed for user root
Oct 13 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6687]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6765]: Successful su for rubyman by root
Oct 13 15:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6765]: + ??? root:rubyman
Oct 13 15:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405596 of user rubyman.
Oct 13 15:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6765]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405596.
Oct 13 15:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3204]: pam_unix(cron:session): session closed for user root
Oct 13 15:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6688]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5632]: pam_unix(cron:session): session closed for user root
Oct 13 15:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: Invalid user david from 164.68.105.9
Oct 13 15:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: input_userauth_request: invalid user david [preauth]
Oct 13 15:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 15:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: Failed password for invalid user david from 164.68.105.9 port 55916 ssh2
Oct 13 15:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: Connection closed by 164.68.105.9 port 55916 [preauth]
Oct 13 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7232]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7233]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7230]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7299]: Successful su for rubyman by root
Oct 13 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7299]: + ??? root:rubyman
Oct 13 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405598 of user rubyman.
Oct 13 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7299]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405598.
Oct 13 15:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3678]: pam_unix(cron:session): session closed for user root
Oct 13 15:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7231]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 15:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: Failed password for root from 80.211.129.128 port 48050 ssh2
Oct 13 15:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: Connection closed by 80.211.129.128 port 48050 [preauth]
Oct 13 15:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6133]: pam_unix(cron:session): session closed for user root
Oct 13 15:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241  user=root
Oct 13 15:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7643]: Failed password for root from 177.92.162.241 port 61221 ssh2
Oct 13 15:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7643]: Received disconnect from 177.92.162.241 port 61221:11: Bye Bye [preauth]
Oct 13 15:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7643]: Disconnected from 177.92.162.241 port 61221 [preauth]
Oct 13 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7708]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7710]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7705]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7778]: Successful su for rubyman by root
Oct 13 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7778]: + ??? root:rubyman
Oct 13 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405602 of user rubyman.
Oct 13 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7778]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405602.
Oct 13 15:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4140]: pam_unix(cron:session): session closed for user root
Oct 13 15:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7707]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6692]: pam_unix(cron:session): session closed for user root
Oct 13 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8611]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8613]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8612]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8610]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8613]: pam_unix(cron:session): session closed for user root
Oct 13 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8607]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[8692]: Successful su for rubyman by root
Oct 13 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[8692]: + ??? root:rubyman
Oct 13 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[8692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405606 of user rubyman.
Oct 13 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[8692]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405606.
Oct 13 15:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8610]: pam_unix(cron:session): session closed for user root
Oct 13 15:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4684]: pam_unix(cron:session): session closed for user root
Oct 13 15:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8608]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7233]: pam_unix(cron:session): session closed for user root
Oct 13 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9333]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9332]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9329]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9416]: Successful su for rubyman by root
Oct 13 15:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9416]: + ??? root:rubyman
Oct 13 15:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405613 of user rubyman.
Oct 13 15:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9416]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405613.
Oct 13 15:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5631]: pam_unix(cron:session): session closed for user root
Oct 13 15:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9330]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7710]: pam_unix(cron:session): session closed for user root
Oct 13 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9956]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9957]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9954]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10027]: Successful su for rubyman by root
Oct 13 15:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10027]: + ??? root:rubyman
Oct 13 15:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405616 of user rubyman.
Oct 13 15:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10027]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405616.
Oct 13 15:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6130]: pam_unix(cron:session): session closed for user root
Oct 13 15:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9955]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241  user=root
Oct 13 15:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10314]: Failed password for root from 177.92.162.241 port 43896 ssh2
Oct 13 15:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10314]: Received disconnect from 177.92.162.241 port 43896:11: Bye Bye [preauth]
Oct 13 15:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10314]: Disconnected from 177.92.162.241 port 43896 [preauth]
Oct 13 15:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8612]: pam_unix(cron:session): session closed for user root
Oct 13 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10438]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10439]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10433]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10433]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10517]: Successful su for rubyman by root
Oct 13 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10517]: + ??? root:rubyman
Oct 13 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405621 of user rubyman.
Oct 13 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10517]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405621.
Oct 13 15:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6690]: pam_unix(cron:session): session closed for user root
Oct 13 15:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10437]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9333]: pam_unix(cron:session): session closed for user root
Oct 13 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10909]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10910]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10907]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10978]: Successful su for rubyman by root
Oct 13 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10978]: + ??? root:rubyman
Oct 13 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405625 of user rubyman.
Oct 13 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10978]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405625.
Oct 13 15:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7232]: pam_unix(cron:session): session closed for user root
Oct 13 15:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10908]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 15:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Failed password for root from 194.182.86.152 port 38258 ssh2
Oct 13 15:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Connection closed by 194.182.86.152 port 38258 [preauth]
Oct 13 15:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9957]: pam_unix(cron:session): session closed for user root
Oct 13 15:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11328]: Connection reset by 198.235.24.90 port 61000 [preauth]
Oct 13 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11359]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11360]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11362]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11361]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11362]: pam_unix(cron:session): session closed for user root
Oct 13 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11356]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: Successful su for rubyman by root
Oct 13 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: + ??? root:rubyman
Oct 13 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405632 of user rubyman.
Oct 13 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405632.
Oct 13 15:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11359]: pam_unix(cron:session): session closed for user root
Oct 13 15:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7708]: pam_unix(cron:session): session closed for user root
Oct 13 15:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11358]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10439]: pam_unix(cron:session): session closed for user root
Oct 13 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11957]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11956]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11954]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12028]: Successful su for rubyman by root
Oct 13 15:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12028]: + ??? root:rubyman
Oct 13 15:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405635 of user rubyman.
Oct 13 15:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12028]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405635.
Oct 13 15:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8611]: pam_unix(cron:session): session closed for user root
Oct 13 15:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11955]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: Invalid user deploy from 177.92.162.241
Oct 13 15:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: input_userauth_request: invalid user deploy [preauth]
Oct 13 15:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 15:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: Failed password for invalid user deploy from 177.92.162.241 port 30118 ssh2
Oct 13 15:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: Received disconnect from 177.92.162.241 port 30118:11: Bye Bye [preauth]
Oct 13 15:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: Disconnected from 177.92.162.241 port 30118 [preauth]
Oct 13 15:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10910]: pam_unix(cron:session): session closed for user root
Oct 13 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12434]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12433]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12430]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12526]: Successful su for rubyman by root
Oct 13 15:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12526]: + ??? root:rubyman
Oct 13 15:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405639 of user rubyman.
Oct 13 15:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12526]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405639.
Oct 13 15:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 15:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: Failed password for root from 194.182.86.152 port 36134 ssh2
Oct 13 15:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: Connection closed by 194.182.86.152 port 36134 [preauth]
Oct 13 15:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9332]: pam_unix(cron:session): session closed for user root
Oct 13 15:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12431]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11361]: pam_unix(cron:session): session closed for user root
Oct 13 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12932]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12933]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12924]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13020]: Successful su for rubyman by root
Oct 13 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13020]: + ??? root:rubyman
Oct 13 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13020]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405643 of user rubyman.
Oct 13 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13020]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405643.
Oct 13 15:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166  user=root
Oct 13 15:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9956]: pam_unix(cron:session): session closed for user root
Oct 13 15:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13169]: Failed password for root from 217.81.121.166 port 47962 ssh2
Oct 13 15:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13169]: Connection closed by 217.81.121.166 port 47962 [preauth]
Oct 13 15:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13233]: Invalid user admin from 217.81.121.166
Oct 13 15:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13233]: input_userauth_request: invalid user admin [preauth]
Oct 13 15:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13233]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13233]: Failed password for invalid user admin from 217.81.121.166 port 48442 ssh2
Oct 13 15:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13233]: Connection closed by 217.81.121.166 port 48442 [preauth]
Oct 13 15:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13354]: Invalid user test from 217.81.121.166
Oct 13 15:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13354]: input_userauth_request: invalid user test [preauth]
Oct 13 15:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13354]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12925]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13354]: Failed password for invalid user test from 217.81.121.166 port 49025 ssh2
Oct 13 15:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13354]: Connection closed by 217.81.121.166 port 49025 [preauth]
Oct 13 15:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166  user=root
Oct 13 15:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: Failed password for root from 217.81.121.166 port 49475 ssh2
Oct 13 15:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: Connection closed by 217.81.121.166 port 49475 [preauth]
Oct 13 15:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166  user=root
Oct 13 15:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13396]: Failed password for root from 217.81.121.166 port 50054 ssh2
Oct 13 15:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13396]: Connection closed by 217.81.121.166 port 50054 [preauth]
Oct 13 15:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: Invalid user devuser from 217.81.121.166
Oct 13 15:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: input_userauth_request: invalid user devuser [preauth]
Oct 13 15:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: Failed password for invalid user devuser from 217.81.121.166 port 50522 ssh2
Oct 13 15:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: Connection closed by 217.81.121.166 port 50522 [preauth]
Oct 13 15:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13444]: Invalid user user from 217.81.121.166
Oct 13 15:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13444]: input_userauth_request: invalid user user [preauth]
Oct 13 15:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13444]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13444]: Failed password for invalid user user from 217.81.121.166 port 51113 ssh2
Oct 13 15:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13444]: Connection closed by 217.81.121.166 port 51113 [preauth]
Oct 13 15:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13449]: Invalid user admin from 217.81.121.166
Oct 13 15:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13449]: input_userauth_request: invalid user admin [preauth]
Oct 13 15:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13449]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13449]: Failed password for invalid user admin from 217.81.121.166 port 51697 ssh2
Oct 13 15:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13449]: Connection closed by 217.81.121.166 port 51697 [preauth]
Oct 13 15:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166  user=root
Oct 13 15:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13465]: Failed password for root from 217.81.121.166 port 52279 ssh2
Oct 13 15:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11957]: pam_unix(cron:session): session closed for user root
Oct 13 15:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13465]: Connection closed by 217.81.121.166 port 52279 [preauth]
Oct 13 15:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: Invalid user test from 217.81.121.166
Oct 13 15:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: input_userauth_request: invalid user test [preauth]
Oct 13 15:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: Failed password for invalid user test from 217.81.121.166 port 52829 ssh2
Oct 13 15:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: Connection closed by 217.81.121.166 port 52829 [preauth]
Oct 13 15:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: Invalid user admin from 217.81.121.166
Oct 13 15:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: input_userauth_request: invalid user admin [preauth]
Oct 13 15:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: Failed password for invalid user admin from 217.81.121.166 port 53260 ssh2
Oct 13 15:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: Connection closed by 217.81.121.166 port 53260 [preauth]
Oct 13 15:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166  user=root
Oct 13 15:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13503]: Failed password for root from 217.81.121.166 port 53792 ssh2
Oct 13 15:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13503]: Connection closed by 217.81.121.166 port 53792 [preauth]
Oct 13 15:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13532]: Invalid user vpnssh from 217.81.121.166
Oct 13 15:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13532]: input_userauth_request: invalid user vpnssh [preauth]
Oct 13 15:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13532]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13532]: Failed password for invalid user vpnssh from 217.81.121.166 port 54275 ssh2
Oct 13 15:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13532]: Connection closed by 217.81.121.166 port 54275 [preauth]
Oct 13 15:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13550]: Invalid user odoo from 217.81.121.166
Oct 13 15:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13550]: input_userauth_request: invalid user odoo [preauth]
Oct 13 15:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13550]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13550]: Failed password for invalid user odoo from 217.81.121.166 port 54798 ssh2
Oct 13 15:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13550]: Connection closed by 217.81.121.166 port 54798 [preauth]
Oct 13 15:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166  user=root
Oct 13 15:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13553]: Failed password for root from 217.81.121.166 port 55353 ssh2
Oct 13 15:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13553]: Connection closed by 217.81.121.166 port 55353 [preauth]
Oct 13 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13574]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13573]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13571]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: Invalid user ubuntu from 217.81.121.166
Oct 13 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13633]: Successful su for rubyman by root
Oct 13 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13633]: + ??? root:rubyman
Oct 13 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405646 of user rubyman.
Oct 13 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13633]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405646.
Oct 13 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: Failed password for invalid user ubuntu from 217.81.121.166 port 55916 ssh2
Oct 13 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13565]: Connection closed by 217.81.121.166 port 55916 [preauth]
Oct 13 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: User mysql from 217.81.121.166 not allowed because not listed in AllowUsers
Oct 13 15:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: input_userauth_request: invalid user mysql [preauth]
Oct 13 15:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166  user=mysql
Oct 13 15:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: Failed password for invalid user mysql from 217.81.121.166 port 56453 ssh2
Oct 13 15:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: Connection closed by 217.81.121.166 port 56453 [preauth]
Oct 13 15:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Invalid user user from 217.81.121.166
Oct 13 15:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: input_userauth_request: invalid user user [preauth]
Oct 13 15:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10438]: pam_unix(cron:session): session closed for user root
Oct 13 15:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Failed password for invalid user user from 217.81.121.166 port 56978 ssh2
Oct 13 15:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Connection closed by 217.81.121.166 port 56978 [preauth]
Oct 13 15:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166  user=root
Oct 13 15:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13872]: Failed password for root from 217.81.121.166 port 57568 ssh2
Oct 13 15:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13872]: Connection closed by 217.81.121.166 port 57568 [preauth]
Oct 13 15:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13572]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166  user=root
Oct 13 15:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13898]: Failed password for root from 217.81.121.166 port 58187 ssh2
Oct 13 15:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13898]: Connection closed by 217.81.121.166 port 58187 [preauth]
Oct 13 15:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: Invalid user craft from 217.81.121.166
Oct 13 15:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: input_userauth_request: invalid user craft [preauth]
Oct 13 15:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: Failed password for invalid user craft from 217.81.121.166 port 58773 ssh2
Oct 13 15:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: Connection closed by 217.81.121.166 port 58773 [preauth]
Oct 13 15:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13933]: Invalid user vpnuser from 217.81.121.166
Oct 13 15:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13933]: input_userauth_request: invalid user vpnuser [preauth]
Oct 13 15:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13933]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13933]: Failed password for invalid user vpnuser from 217.81.121.166 port 59405 ssh2
Oct 13 15:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13933]: Connection closed by 217.81.121.166 port 59405 [preauth]
Oct 13 15:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13944]: Invalid user zjw from 217.81.121.166
Oct 13 15:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13944]: input_userauth_request: invalid user zjw [preauth]
Oct 13 15:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13944]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13944]: Failed password for invalid user zjw from 217.81.121.166 port 59916 ssh2
Oct 13 15:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13944]: Connection closed by 217.81.121.166 port 59916 [preauth]
Oct 13 15:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: Invalid user deploy from 217.81.121.166
Oct 13 15:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: input_userauth_request: invalid user deploy [preauth]
Oct 13 15:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: Failed password for invalid user deploy from 217.81.121.166 port 60550 ssh2
Oct 13 15:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: Connection closed by 217.81.121.166 port 60550 [preauth]
Oct 13 15:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: Invalid user openvpn from 217.81.121.166
Oct 13 15:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: input_userauth_request: invalid user openvpn [preauth]
Oct 13 15:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: Failed password for invalid user openvpn from 217.81.121.166 port 32844 ssh2
Oct 13 15:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: Connection closed by 217.81.121.166 port 32844 [preauth]
Oct 13 15:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13987]: Invalid user guest from 217.81.121.166
Oct 13 15:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13987]: input_userauth_request: invalid user guest [preauth]
Oct 13 15:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13987]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12434]: pam_unix(cron:session): session closed for user root
Oct 13 15:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13987]: Failed password for invalid user guest from 217.81.121.166 port 33343 ssh2
Oct 13 15:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13987]: Connection closed by 217.81.121.166 port 33343 [preauth]
Oct 13 15:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: Invalid user orangepi from 217.81.121.166
Oct 13 15:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: input_userauth_request: invalid user orangepi [preauth]
Oct 13 15:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: Failed password for invalid user orangepi from 217.81.121.166 port 33903 ssh2
Oct 13 15:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: Connection closed by 217.81.121.166 port 33903 [preauth]
Oct 13 15:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Invalid user postgres from 217.81.121.166
Oct 13 15:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: input_userauth_request: invalid user postgres [preauth]
Oct 13 15:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Failed password for invalid user postgres from 217.81.121.166 port 34526 ssh2
Oct 13 15:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Connection closed by 217.81.121.166 port 34526 [preauth]
Oct 13 15:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: Invalid user jenkins from 217.81.121.166
Oct 13 15:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: input_userauth_request: invalid user jenkins [preauth]
Oct 13 15:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: Failed password for invalid user jenkins from 217.81.121.166 port 35133 ssh2
Oct 13 15:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: Connection closed by 217.81.121.166 port 35133 [preauth]
Oct 13 15:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14136]: Invalid user deploy from 217.81.121.166
Oct 13 15:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14136]: input_userauth_request: invalid user deploy [preauth]
Oct 13 15:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14136]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14136]: Failed password for invalid user deploy from 217.81.121.166 port 35614 ssh2
Oct 13 15:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14136]: Connection closed by 217.81.121.166 port 35614 [preauth]
Oct 13 15:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166  user=root
Oct 13 15:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14151]: Failed password for root from 217.81.121.166 port 36227 ssh2
Oct 13 15:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14151]: Connection closed by 217.81.121.166 port 36227 [preauth]
Oct 13 15:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14155]: Invalid user ftpuser from 217.81.121.166
Oct 13 15:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14155]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 15:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14155]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14173]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14174]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14172]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14168]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14171]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14169]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14174]: pam_unix(cron:session): session closed for user root
Oct 13 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14168]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14155]: Failed password for invalid user ftpuser from 217.81.121.166 port 36763 ssh2
Oct 13 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14155]: Connection closed by 217.81.121.166 port 36763 [preauth]
Oct 13 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: Invalid user git from 217.81.121.166
Oct 13 15:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: input_userauth_request: invalid user git [preauth]
Oct 13 15:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[14255]: Successful su for rubyman by root
Oct 13 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[14255]: + ??? root:rubyman
Oct 13 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[14255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405650 of user rubyman.
Oct 13 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[14255]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405650.
Oct 13 15:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: Failed password for invalid user git from 217.81.121.166 port 37270 ssh2
Oct 13 15:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: Connection closed by 217.81.121.166 port 37270 [preauth]
Oct 13 15:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Invalid user elastic from 217.81.121.166
Oct 13 15:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: input_userauth_request: invalid user elastic [preauth]
Oct 13 15:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14171]: pam_unix(cron:session): session closed for user root
Oct 13 15:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Failed password for invalid user elastic from 217.81.121.166 port 37753 ssh2
Oct 13 15:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10909]: pam_unix(cron:session): session closed for user root
Oct 13 15:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Connection closed by 217.81.121.166 port 37753 [preauth]
Oct 13 15:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14406]: Invalid user hadoop from 217.81.121.166
Oct 13 15:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14406]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 15:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14406]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14406]: Failed password for invalid user hadoop from 217.81.121.166 port 38328 ssh2
Oct 13 15:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14406]: Connection closed by 217.81.121.166 port 38328 [preauth]
Oct 13 15:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: Invalid user db2inst1 from 217.81.121.166
Oct 13 15:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: input_userauth_request: invalid user db2inst1 [preauth]
Oct 13 15:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: Failed password for invalid user db2inst1 from 217.81.121.166 port 38874 ssh2
Oct 13 15:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: Connection closed by 217.81.121.166 port 38874 [preauth]
Oct 13 15:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: Invalid user ubnt from 217.81.121.166
Oct 13 15:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: input_userauth_request: invalid user ubnt [preauth]
Oct 13 15:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14169]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: Failed password for invalid user ubnt from 217.81.121.166 port 39329 ssh2
Oct 13 15:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14483]: Connection closed by 217.81.121.166 port 39329 [preauth]
Oct 13 15:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14530]: Invalid user postgres from 217.81.121.166
Oct 13 15:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14530]: input_userauth_request: invalid user postgres [preauth]
Oct 13 15:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14530]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14530]: Failed password for invalid user postgres from 217.81.121.166 port 39826 ssh2
Oct 13 15:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14530]: Connection closed by 217.81.121.166 port 39826 [preauth]
Oct 13 15:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: Invalid user deploy from 217.81.121.166
Oct 13 15:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: input_userauth_request: invalid user deploy [preauth]
Oct 13 15:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241  user=root
Oct 13 15:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: Failed password for invalid user deploy from 217.81.121.166 port 40380 ssh2
Oct 13 15:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: Failed password for root from 177.92.162.241 port 58357 ssh2
Oct 13 15:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: Connection closed by 217.81.121.166 port 40380 [preauth]
Oct 13 15:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: Received disconnect from 177.92.162.241 port 58357:11: Bye Bye [preauth]
Oct 13 15:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: Disconnected from 177.92.162.241 port 58357 [preauth]
Oct 13 15:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166  user=root
Oct 13 15:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Failed password for root from 217.81.121.166 port 41014 ssh2
Oct 13 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Connection closed by 217.81.121.166 port 41014 [preauth]
Oct 13 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: Invalid user admin from 217.81.121.166
Oct 13 15:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: input_userauth_request: invalid user admin [preauth]
Oct 13 15:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: Did not receive identification string from 91.196.152.18
Oct 13 15:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: Failed password for invalid user admin from 217.81.121.166 port 41528 ssh2
Oct 13 15:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: Connection closed by 217.81.121.166 port 41528 [preauth]
Oct 13 15:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12933]: pam_unix(cron:session): session closed for user root
Oct 13 15:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: Invalid user ubuntu from 217.81.121.166
Oct 13 15:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 15:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: Failed password for invalid user ubuntu from 217.81.121.166 port 42155 ssh2
Oct 13 15:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14597]: Connection closed by 217.81.121.166 port 42155 [preauth]
Oct 13 15:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166  user=root
Oct 13 15:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14620]: Failed password for root from 217.81.121.166 port 42687 ssh2
Oct 13 15:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14620]: Connection closed by 217.81.121.166 port 42687 [preauth]
Oct 13 15:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: Invalid user devopsuser from 217.81.121.166
Oct 13 15:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: input_userauth_request: invalid user devopsuser [preauth]
Oct 13 15:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14583]: Did not receive identification string from 91.196.152.111
Oct 13 15:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: Failed password for invalid user devopsuser from 217.81.121.166 port 43284 ssh2
Oct 13 15:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14632]: Connection closed by 217.81.121.166 port 43284 [preauth]
Oct 13 15:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Invalid user es from 217.81.121.166
Oct 13 15:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: input_userauth_request: invalid user es [preauth]
Oct 13 15:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Failed password for invalid user es from 217.81.121.166 port 43867 ssh2
Oct 13 15:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Connection closed by 217.81.121.166 port 43867 [preauth]
Oct 13 15:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 15:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: Invalid user deployer from 217.81.121.166
Oct 13 15:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: input_userauth_request: invalid user deployer [preauth]
Oct 13 15:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14661]: Failed password for root from 194.182.86.152 port 37322 ssh2
Oct 13 15:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14661]: Connection closed by 194.182.86.152 port 37322 [preauth]
Oct 13 15:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: Failed password for invalid user deployer from 217.81.121.166 port 44449 ssh2
Oct 13 15:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: Connection closed by 217.81.121.166 port 44449 [preauth]
Oct 13 15:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: Invalid user ubuntu from 217.81.121.166
Oct 13 15:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 15:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: Failed password for invalid user ubuntu from 217.81.121.166 port 45008 ssh2
Oct 13 15:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: Connection closed by 217.81.121.166 port 45008 [preauth]
Oct 13 15:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14692]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14691]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14690]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14689]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14684]: Invalid user guest from 217.81.121.166
Oct 13 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14684]: input_userauth_request: invalid user guest [preauth]
Oct 13 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14684]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14771]: Successful su for rubyman by root
Oct 13 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14771]: + ??? root:rubyman
Oct 13 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405657 of user rubyman.
Oct 13 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14771]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405657.
Oct 13 15:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14684]: Failed password for invalid user guest from 217.81.121.166 port 45546 ssh2
Oct 13 15:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14684]: Connection closed by 217.81.121.166 port 45546 [preauth]
Oct 13 15:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: Invalid user devops from 217.81.121.166
Oct 13 15:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: input_userauth_request: invalid user devops [preauth]
Oct 13 15:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: Failed password for invalid user devops from 217.81.121.166 port 46190 ssh2
Oct 13 15:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: Connection closed by 217.81.121.166 port 46190 [preauth]
Oct 13 15:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14912]: Invalid user pi from 217.81.121.166
Oct 13 15:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14912]: input_userauth_request: invalid user pi [preauth]
Oct 13 15:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14912]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14912]: Failed password for invalid user pi from 217.81.121.166 port 46729 ssh2
Oct 13 15:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14912]: Connection closed by 217.81.121.166 port 46729 [preauth]
Oct 13 15:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166  user=root
Oct 13 15:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11360]: pam_unix(cron:session): session closed for user root
Oct 13 15:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14972]: Failed password for root from 217.81.121.166 port 47308 ssh2
Oct 13 15:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14972]: Connection closed by 217.81.121.166 port 47308 [preauth]
Oct 13 15:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: Invalid user kafka from 217.81.121.166
Oct 13 15:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: input_userauth_request: invalid user kafka [preauth]
Oct 13 15:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.81.121.166
Oct 13 15:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14690]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: Failed password for invalid user kafka from 217.81.121.166 port 47887 ssh2
Oct 13 15:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: Connection closed by 217.81.121.166 port 47887 [preauth]
Oct 13 15:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: Bad protocol version identification '\026\003\003\001\246\001' from 91.196.152.108 port 42227
Oct 13 15:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15148]: Did not receive identification string from 91.196.152.108
Oct 13 15:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13574]: pam_unix(cron:session): session closed for user root
Oct 13 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15270]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15269]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15267]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15366]: Successful su for rubyman by root
Oct 13 15:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15366]: + ??? root:rubyman
Oct 13 15:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405660 of user rubyman.
Oct 13 15:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15366]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405660.
Oct 13 15:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11956]: pam_unix(cron:session): session closed for user root
Oct 13 15:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15268]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 15:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root@mediuscorp.com@198.199.94.12 rhost=::ffff:79.124.49.146
Oct 13 15:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 15:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root@mediuscorp.com rhost=::ffff:79.124.49.146
Oct 13 15:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14173]: pam_unix(cron:session): session closed for user root
Oct 13 15:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Invalid user wadmin from 164.68.105.9
Oct 13 15:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: input_userauth_request: invalid user wadmin [preauth]
Oct 13 15:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 15:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Failed password for invalid user wadmin from 164.68.105.9 port 48978 ssh2
Oct 13 15:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Connection closed by 164.68.105.9 port 48978 [preauth]
Oct 13 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15746]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15748]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15744]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15812]: Successful su for rubyman by root
Oct 13 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15812]: + ??? root:rubyman
Oct 13 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405666 of user rubyman.
Oct 13 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15812]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405666.
Oct 13 15:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12433]: pam_unix(cron:session): session closed for user root
Oct 13 15:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15745]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 15:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: Failed password for root from 194.182.86.152 port 58204 ssh2
Oct 13 15:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: Connection closed by 194.182.86.152 port 58204 [preauth]
Oct 13 15:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14692]: pam_unix(cron:session): session closed for user root
Oct 13 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16185]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16186]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16183]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16260]: Successful su for rubyman by root
Oct 13 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16260]: + ??? root:rubyman
Oct 13 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405668 of user rubyman.
Oct 13 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16260]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405668.
Oct 13 15:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12932]: pam_unix(cron:session): session closed for user root
Oct 13 15:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16184]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16520]: Invalid user desktop from 177.92.162.241
Oct 13 15:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16520]: input_userauth_request: invalid user desktop [preauth]
Oct 13 15:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16520]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 15:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16520]: Failed password for invalid user desktop from 177.92.162.241 port 61628 ssh2
Oct 13 15:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16520]: Received disconnect from 177.92.162.241 port 61628:11: Bye Bye [preauth]
Oct 13 15:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16520]: Disconnected from 177.92.162.241 port 61628 [preauth]
Oct 13 15:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15270]: pam_unix(cron:session): session closed for user root
Oct 13 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16662]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16661]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16659]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16660]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16662]: pam_unix(cron:session): session closed for user root
Oct 13 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16657]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16734]: Successful su for rubyman by root
Oct 13 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16734]: + ??? root:rubyman
Oct 13 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16734]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405673 of user rubyman.
Oct 13 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16734]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405673.
Oct 13 15:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13573]: pam_unix(cron:session): session closed for user root
Oct 13 15:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16659]: pam_unix(cron:session): session closed for user root
Oct 13 15:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16658]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15748]: pam_unix(cron:session): session closed for user root
Oct 13 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17155]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17156]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17153]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17233]: Successful su for rubyman by root
Oct 13 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17233]: + ??? root:rubyman
Oct 13 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405678 of user rubyman.
Oct 13 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17233]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405678.
Oct 13 15:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14172]: pam_unix(cron:session): session closed for user root
Oct 13 15:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17154]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16186]: pam_unix(cron:session): session closed for user root
Oct 13 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17601]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17605]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17598]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17598]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17684]: Successful su for rubyman by root
Oct 13 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17684]: + ??? root:rubyman
Oct 13 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405683 of user rubyman.
Oct 13 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17684]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405683.
Oct 13 15:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14691]: pam_unix(cron:session): session closed for user root
Oct 13 15:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17934]: Connection closed by 91.231.89.86 port 47673 [preauth]
Oct 13 15:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17600]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16661]: pam_unix(cron:session): session closed for user root
Oct 13 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18277]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18276]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18274]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18458]: Successful su for rubyman by root
Oct 13 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18458]: + ??? root:rubyman
Oct 13 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405687 of user rubyman.
Oct 13 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18458]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405687.
Oct 13 15:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15269]: pam_unix(cron:session): session closed for user root
Oct 13 15:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18275]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17156]: pam_unix(cron:session): session closed for user root
Oct 13 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18864]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18863]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18865]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18862]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18862]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19176]: Successful su for rubyman by root
Oct 13 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19176]: + ??? root:rubyman
Oct 13 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405692 of user rubyman.
Oct 13 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19176]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405692.
Oct 13 15:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session closed for user root
Oct 13 15:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15746]: pam_unix(cron:session): session closed for user root
Oct 13 15:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19565]: Connection closed by 91.196.152.12 port 50941 [preauth]
Oct 13 15:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18863]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17605]: pam_unix(cron:session): session closed for user root
Oct 13 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19919]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19920]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19918]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19925]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19925]: pam_unix(cron:session): session closed for user root
Oct 13 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19916]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20010]: Successful su for rubyman by root
Oct 13 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20010]: + ??? root:rubyman
Oct 13 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405697 of user rubyman.
Oct 13 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20010]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405697.
Oct 13 15:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19918]: pam_unix(cron:session): session closed for user root
Oct 13 15:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16185]: pam_unix(cron:session): session closed for user root
Oct 13 15:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19917]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 15:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: Failed password for root from 194.182.86.152 port 54002 ssh2
Oct 13 15:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: Connection closed by 194.182.86.152 port 54002 [preauth]
Oct 13 15:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18277]: pam_unix(cron:session): session closed for user root
Oct 13 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20471]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20472]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20468]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20552]: Successful su for rubyman by root
Oct 13 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20552]: + ??? root:rubyman
Oct 13 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405703 of user rubyman.
Oct 13 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20552]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405703.
Oct 13 15:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16660]: pam_unix(cron:session): session closed for user root
Oct 13 15:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20469]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18865]: pam_unix(cron:session): session closed for user root
Oct 13 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20940]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20939]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20935]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21017]: Successful su for rubyman by root
Oct 13 15:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21017]: + ??? root:rubyman
Oct 13 15:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405707 of user rubyman.
Oct 13 15:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21017]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405707.
Oct 13 15:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Invalid user hassan from 177.92.162.241
Oct 13 15:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: input_userauth_request: invalid user hassan [preauth]
Oct 13 15:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 15:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Failed password for invalid user hassan from 177.92.162.241 port 35515 ssh2
Oct 13 15:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Received disconnect from 177.92.162.241 port 35515:11: Bye Bye [preauth]
Oct 13 15:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Disconnected from 177.92.162.241 port 35515 [preauth]
Oct 13 15:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17155]: pam_unix(cron:session): session closed for user root
Oct 13 15:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 15:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21144]: Failed password for root from 194.182.86.152 port 60480 ssh2
Oct 13 15:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21144]: Connection closed by 194.182.86.152 port 60480 [preauth]
Oct 13 15:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20936]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19920]: pam_unix(cron:session): session closed for user root
Oct 13 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21462]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21461]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21455]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21528]: Successful su for rubyman by root
Oct 13 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21528]: + ??? root:rubyman
Oct 13 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21528]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405709 of user rubyman.
Oct 13 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21528]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405709.
Oct 13 15:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17601]: pam_unix(cron:session): session closed for user root
Oct 13 15:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21460]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: Invalid user  from 62.60.131.157
Oct 13 15:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: input_userauth_request: invalid user  [preauth]
Oct 13 15:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: Failed none for invalid user  from 62.60.131.157 port 62974 ssh2
Oct 13 15:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: Received disconnect from 62.60.131.157 port 62974:11: Bye [preauth]
Oct 13 15:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: Disconnected from 62.60.131.157 port 62974 [preauth]
Oct 13 15:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20472]: pam_unix(cron:session): session closed for user root
Oct 13 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21932]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21931]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21929]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21930]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21929]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22002]: Successful su for rubyman by root
Oct 13 15:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22002]: + ??? root:rubyman
Oct 13 15:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405713 of user rubyman.
Oct 13 15:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22002]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405713.
Oct 13 15:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18276]: pam_unix(cron:session): session closed for user root
Oct 13 15:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21930]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20940]: pam_unix(cron:session): session closed for user root
Oct 13 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22424]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22417]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22419]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22418]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22424]: pam_unix(cron:session): session closed for user root
Oct 13 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22415]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22500]: Successful su for rubyman by root
Oct 13 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22500]: + ??? root:rubyman
Oct 13 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405717 of user rubyman.
Oct 13 15:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22500]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405717.
Oct 13 15:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22417]: pam_unix(cron:session): session closed for user root
Oct 13 15:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18864]: pam_unix(cron:session): session closed for user root
Oct 13 15:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22416]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21462]: pam_unix(cron:session): session closed for user root
Oct 13 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23285]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23290]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23283]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23511]: Successful su for rubyman by root
Oct 13 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23511]: + ??? root:rubyman
Oct 13 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405724 of user rubyman.
Oct 13 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23511]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405724.
Oct 13 15:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23509]: Invalid user graylog from 177.92.162.241
Oct 13 15:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23509]: input_userauth_request: invalid user graylog [preauth]
Oct 13 15:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23509]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 15:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23509]: Failed password for invalid user graylog from 177.92.162.241 port 13980 ssh2
Oct 13 15:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23509]: Received disconnect from 177.92.162.241 port 13980:11: Bye Bye [preauth]
Oct 13 15:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23509]: Disconnected from 177.92.162.241 port 13980 [preauth]
Oct 13 15:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19919]: pam_unix(cron:session): session closed for user root
Oct 13 15:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23284]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21932]: pam_unix(cron:session): session closed for user root
Oct 13 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24131]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24128]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24215]: Successful su for rubyman by root
Oct 13 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24215]: + ??? root:rubyman
Oct 13 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405730 of user rubyman.
Oct 13 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24215]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405730.
Oct 13 15:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20471]: pam_unix(cron:session): session closed for user root
Oct 13 15:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22419]: pam_unix(cron:session): session closed for user root
Oct 13 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24637]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24636]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24634]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24715]: Successful su for rubyman by root
Oct 13 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24715]: + ??? root:rubyman
Oct 13 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405732 of user rubyman.
Oct 13 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24715]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405732.
Oct 13 15:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20939]: pam_unix(cron:session): session closed for user root
Oct 13 15:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24635]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23290]: pam_unix(cron:session): session closed for user root
Oct 13 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25128]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25127]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25126]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25124]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25218]: Successful su for rubyman by root
Oct 13 15:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25218]: + ??? root:rubyman
Oct 13 15:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405735 of user rubyman.
Oct 13 15:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25218]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405735.
Oct 13 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21461]: pam_unix(cron:session): session closed for user root
Oct 13 15:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25126]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session closed for user root
Oct 13 15:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241  user=root
Oct 13 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25893]: Failed password for root from 177.92.162.241 port 62048 ssh2
Oct 13 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25893]: Received disconnect from 177.92.162.241 port 62048:11: Bye Bye [preauth]
Oct 13 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25893]: Disconnected from 177.92.162.241 port 62048 [preauth]
Oct 13 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25909]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25906]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25904]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25910]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25903]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25905]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25910]: pam_unix(cron:session): session closed for user root
Oct 13 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25903]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[26011]: Successful su for rubyman by root
Oct 13 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[26011]: + ??? root:rubyman
Oct 13 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[26011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405739 of user rubyman.
Oct 13 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[26011]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405739.
Oct 13 15:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21931]: pam_unix(cron:session): session closed for user root
Oct 13 15:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25905]: pam_unix(cron:session): session closed for user root
Oct 13 15:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25904]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24637]: pam_unix(cron:session): session closed for user root
Oct 13 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26509]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26513]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26507]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26594]: Successful su for rubyman by root
Oct 13 15:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26594]: + ??? root:rubyman
Oct 13 15:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405745 of user rubyman.
Oct 13 15:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26594]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405745.
Oct 13 15:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22418]: pam_unix(cron:session): session closed for user root
Oct 13 15:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26508]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25128]: pam_unix(cron:session): session closed for user root
Oct 13 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27212]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27207]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27211]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27207]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27284]: Successful su for rubyman by root
Oct 13 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27284]: + ??? root:rubyman
Oct 13 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405749 of user rubyman.
Oct 13 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27284]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405749.
Oct 13 15:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23285]: pam_unix(cron:session): session closed for user root
Oct 13 15:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27210]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25909]: pam_unix(cron:session): session closed for user root
Oct 13 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27991]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27992]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27989]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28066]: Successful su for rubyman by root
Oct 13 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28066]: + ??? root:rubyman
Oct 13 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405756 of user rubyman.
Oct 13 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28066]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405756.
Oct 13 15:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24131]: pam_unix(cron:session): session closed for user root
Oct 13 15:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27990]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 15:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: Failed password for root from 194.182.86.152 port 52674 ssh2
Oct 13 15:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: Connection closed by 194.182.86.152 port 52674 [preauth]
Oct 13 15:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26513]: pam_unix(cron:session): session closed for user root
Oct 13 15:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: Invalid user zwj from 177.92.162.241
Oct 13 15:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: input_userauth_request: invalid user zwj [preauth]
Oct 13 15:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 15:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: Failed password for invalid user zwj from 177.92.162.241 port 40022 ssh2
Oct 13 15:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: Received disconnect from 177.92.162.241 port 40022:11: Bye Bye [preauth]
Oct 13 15:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28414]: Disconnected from 177.92.162.241 port 40022 [preauth]
Oct 13 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28704]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28703]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28701]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28784]: Successful su for rubyman by root
Oct 13 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28784]: + ??? root:rubyman
Oct 13 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405757 of user rubyman.
Oct 13 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28784]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405757.
Oct 13 15:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24636]: pam_unix(cron:session): session closed for user root
Oct 13 15:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28702]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27212]: pam_unix(cron:session): session closed for user root
Oct 13 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29316]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29314]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29311]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29312]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29316]: pam_unix(cron:session): session closed for user root
Oct 13 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29308]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29395]: Successful su for rubyman by root
Oct 13 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29395]: + ??? root:rubyman
Oct 13 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29395]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405761 of user rubyman.
Oct 13 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29395]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405761.
Oct 13 15:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 15:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: Failed password for root from 194.182.86.152 port 54118 ssh2
Oct 13 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: Connection closed by 194.182.86.152 port 54118 [preauth]
Oct 13 15:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29311]: pam_unix(cron:session): session closed for user root
Oct 13 15:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25127]: pam_unix(cron:session): session closed for user root
Oct 13 15:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29310]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27992]: pam_unix(cron:session): session closed for user root
Oct 13 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29841]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29840]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29838]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 13 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29948]: Successful su for rubyman by root
Oct 13 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29948]: + ??? root:rubyman
Oct 13 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405767 of user rubyman.
Oct 13 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29948]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405767.
Oct 13 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29896]: Failed password for root from 190.103.202.7 port 52354 ssh2
Oct 13 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29896]: Connection closed by 190.103.202.7 port 52354 [preauth]
Oct 13 15:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 15:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: Failed password for root from 194.182.86.152 port 45208 ssh2
Oct 13 15:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: Connection closed by 194.182.86.152 port 45208 [preauth]
Oct 13 15:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25906]: pam_unix(cron:session): session closed for user root
Oct 13 15:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29839]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28704]: pam_unix(cron:session): session closed for user root
Oct 13 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30388]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30387]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30385]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30514]: Successful su for rubyman by root
Oct 13 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30514]: + ??? root:rubyman
Oct 13 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405773 of user rubyman.
Oct 13 15:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30514]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405773.
Oct 13 15:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26509]: pam_unix(cron:session): session closed for user root
Oct 13 15:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30386]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Did not receive identification string from 14.103.233.117
Oct 13 15:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29314]: pam_unix(cron:session): session closed for user root
Oct 13 15:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30890]: Invalid user tommy from 177.92.162.241
Oct 13 15:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30890]: input_userauth_request: invalid user tommy [preauth]
Oct 13 15:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30890]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.92.162.241
Oct 13 15:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30890]: Failed password for invalid user tommy from 177.92.162.241 port 21682 ssh2
Oct 13 15:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30890]: Received disconnect from 177.92.162.241 port 21682:11: Bye Bye [preauth]
Oct 13 15:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30890]: Disconnected from 177.92.162.241 port 21682 [preauth]
Oct 13 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30942]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30941]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30939]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: Invalid user deployuser from 186.96.145.241
Oct 13 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: input_userauth_request: invalid user deployuser [preauth]
Oct 13 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 13 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31033]: Successful su for rubyman by root
Oct 13 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31033]: + ??? root:rubyman
Oct 13 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405776 of user rubyman.
Oct 13 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31033]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405776.
Oct 13 15:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: Failed password for invalid user deployuser from 186.96.145.241 port 49828 ssh2
Oct 13 15:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: Connection closed by 186.96.145.241 port 49828 [preauth]
Oct 13 15:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27211]: pam_unix(cron:session): session closed for user root
Oct 13 15:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30940]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29841]: pam_unix(cron:session): session closed for user root
Oct 13 15:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 15:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=webmaster@mtifilm.com@198.199.94.12 rhost=::ffff:79.124.49.146
Oct 13 15:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 15:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=webmaster@mtifilm.com rhost=::ffff:79.124.49.146
Oct 13 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31456]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31458]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31447]: pam_unix(cron:session): session closed for user p13x
Oct 13 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31674]: Successful su for rubyman by root
Oct 13 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31674]: + ??? root:rubyman
Oct 13 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405779 of user rubyman.
Oct 13 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31674]: pam_unix(su:session): session closed for user rubyman
Oct 13 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405779.
Oct 13 15:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27991]: pam_unix(cron:session): session closed for user root
Oct 13 15:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31455]: pam_unix(cron:session): session closed for user samftp
Oct 13 15:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30388]: pam_unix(cron:session): session closed for user root
Oct 13 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32068]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32066]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32067]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32064]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32065]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32068]: pam_unix(cron:session): session closed for user root
Oct 13 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32064]: pam_unix(cron:session): session closed for user root
Oct 13 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32061]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32270]: Successful su for rubyman by root
Oct 13 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32270]: + ??? root:rubyman
Oct 13 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405785 of user rubyman.
Oct 13 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32270]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405785.
Oct 13 16:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28703]: pam_unix(cron:session): session closed for user root
Oct 13 16:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32065]: pam_unix(cron:session): session closed for user root
Oct 13 16:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32062]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30942]: pam_unix(cron:session): session closed for user root
Oct 13 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32704]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32706]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32700]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32700]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[322]: Successful su for rubyman by root
Oct 13 16:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[322]: + ??? root:rubyman
Oct 13 16:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[322]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405790 of user rubyman.
Oct 13 16:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[322]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405790.
Oct 13 16:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29312]: pam_unix(cron:session): session closed for user root
Oct 13 16:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32703]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31458]: pam_unix(cron:session): session closed for user root
Oct 13 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[707]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[706]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[702]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[804]: Successful su for rubyman by root
Oct 13 16:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[804]: + ??? root:rubyman
Oct 13 16:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[804]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405795 of user rubyman.
Oct 13 16:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[804]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405795.
Oct 13 16:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29840]: pam_unix(cron:session): session closed for user root
Oct 13 16:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[705]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: Invalid user a from 62.60.131.157
Oct 13 16:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: input_userauth_request: invalid user a [preauth]
Oct 13 16:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 16:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: Failed password for invalid user a from 62.60.131.157 port 61692 ssh2
Oct 13 16:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: Failed password for invalid user a from 62.60.131.157 port 61692 ssh2
Oct 13 16:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 16:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: Failed password for invalid user a from 62.60.131.157 port 61692 ssh2
Oct 13 16:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: Failed password for root from 80.211.129.128 port 41102 ssh2
Oct 13 16:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: Connection closed by 80.211.129.128 port 41102 [preauth]
Oct 13 16:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: Failed password for invalid user a from 62.60.131.157 port 61692 ssh2
Oct 13 16:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: Failed password for invalid user a from 62.60.131.157 port 61692 ssh2
Oct 13 16:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: Received disconnect from 62.60.131.157 port 61692:11: Bye [preauth]
Oct 13 16:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: Disconnected from 62.60.131.157 port 61692 [preauth]
Oct 13 16:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 16:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 16:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32067]: pam_unix(cron:session): session closed for user root
Oct 13 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1287]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1288]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1284]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1366]: Successful su for rubyman by root
Oct 13 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1366]: + ??? root:rubyman
Oct 13 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405799 of user rubyman.
Oct 13 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1366]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405799.
Oct 13 16:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30387]: pam_unix(cron:session): session closed for user root
Oct 13 16:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1286]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32706]: pam_unix(cron:session): session closed for user root
Oct 13 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1793]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1795]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1791]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1971]: Successful su for rubyman by root
Oct 13 16:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1971]: + ??? root:rubyman
Oct 13 16:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405802 of user rubyman.
Oct 13 16:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1971]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405802.
Oct 13 16:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30941]: pam_unix(cron:session): session closed for user root
Oct 13 16:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1792]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Invalid user admin from 2.57.121.112
Oct 13 16:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: input_userauth_request: invalid user admin [preauth]
Oct 13 16:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 16:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Failed password for invalid user admin from 2.57.121.112 port 46828 ssh2
Oct 13 16:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Failed password for invalid user admin from 2.57.121.112 port 46828 ssh2
Oct 13 16:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Failed password for invalid user admin from 2.57.121.112 port 46828 ssh2
Oct 13 16:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Failed password for invalid user admin from 2.57.121.112 port 46828 ssh2
Oct 13 16:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[707]: pam_unix(cron:session): session closed for user root
Oct 13 16:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Failed password for invalid user admin from 2.57.121.112 port 46828 ssh2
Oct 13 16:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Received disconnect from 2.57.121.112 port 46828:11: Bye [preauth]
Oct 13 16:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Disconnected from 2.57.121.112 port 46828 [preauth]
Oct 13 16:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 16:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2342]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2343]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2344]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2345]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2345]: pam_unix(cron:session): session closed for user root
Oct 13 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2338]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2413]: Successful su for rubyman by root
Oct 13 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2413]: + ??? root:rubyman
Oct 13 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2413]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405810 of user rubyman.
Oct 13 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2413]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405810.
Oct 13 16:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2342]: pam_unix(cron:session): session closed for user root
Oct 13 16:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 16:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31456]: pam_unix(cron:session): session closed for user root
Oct 13 16:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: Failed password for root from 194.182.86.152 port 58754 ssh2
Oct 13 16:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: Connection closed by 194.182.86.152 port 58754 [preauth]
Oct 13 16:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2340]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2664]: Invalid user lvh from 138.68.58.124
Oct 13 16:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2664]: input_userauth_request: invalid user lvh [preauth]
Oct 13 16:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2664]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Oct 13 16:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2664]: Failed password for invalid user lvh from 138.68.58.124 port 51800 ssh2
Oct 13 16:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2664]: Connection closed by 138.68.58.124 port 51800 [preauth]
Oct 13 16:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1288]: pam_unix(cron:session): session closed for user root
Oct 13 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2824]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2822]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2820]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2914]: Successful su for rubyman by root
Oct 13 16:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2914]: + ??? root:rubyman
Oct 13 16:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405813 of user rubyman.
Oct 13 16:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2914]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405813.
Oct 13 16:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32066]: pam_unix(cron:session): session closed for user root
Oct 13 16:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2821]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1795]: pam_unix(cron:session): session closed for user root
Oct 13 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3281]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3279]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3280]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3277]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3368]: Successful su for rubyman by root
Oct 13 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3368]: + ??? root:rubyman
Oct 13 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3368]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405817 of user rubyman.
Oct 13 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3368]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405817.
Oct 13 16:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32704]: pam_unix(cron:session): session closed for user root
Oct 13 16:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3279]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 16:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: Failed password for root from 194.182.86.152 port 36274 ssh2
Oct 13 16:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: Connection closed by 194.182.86.152 port 36274 [preauth]
Oct 13 16:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2344]: pam_unix(cron:session): session closed for user root
Oct 13 16:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: Invalid user ansible from 164.68.105.9
Oct 13 16:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: input_userauth_request: invalid user ansible [preauth]
Oct 13 16:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: Failed password for invalid user ansible from 164.68.105.9 port 57282 ssh2
Oct 13 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3738]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3739]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3737]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3736]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: Connection closed by 164.68.105.9 port 57282 [preauth]
Oct 13 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3823]: Successful su for rubyman by root
Oct 13 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3823]: + ??? root:rubyman
Oct 13 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405820 of user rubyman.
Oct 13 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3823]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405820.
Oct 13 16:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[706]: pam_unix(cron:session): session closed for user root
Oct 13 16:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3737]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2824]: pam_unix(cron:session): session closed for user root
Oct 13 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4252]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4250]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4253]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4243]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4249]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4430]: Successful su for rubyman by root
Oct 13 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4430]: + ??? root:rubyman
Oct 13 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405826 of user rubyman.
Oct 13 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4430]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405826.
Oct 13 16:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4243]: pam_unix(cron:session): session closed for user root
Oct 13 16:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1287]: pam_unix(cron:session): session closed for user root
Oct 13 16:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4250]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3281]: pam_unix(cron:session): session closed for user root
Oct 13 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4859]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4857]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4853]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4856]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4851]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4859]: pam_unix(cron:session): session closed for user root
Oct 13 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4851]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[5120]: Successful su for rubyman by root
Oct 13 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[5120]: + ??? root:rubyman
Oct 13 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[5120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405830 of user rubyman.
Oct 13 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[5120]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405830.
Oct 13 16:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4853]: pam_unix(cron:session): session closed for user root
Oct 13 16:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1793]: pam_unix(cron:session): session closed for user root
Oct 13 16:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4852]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3739]: pam_unix(cron:session): session closed for user root
Oct 13 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5859]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5858]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5854]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5945]: Successful su for rubyman by root
Oct 13 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5945]: + ??? root:rubyman
Oct 13 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405836 of user rubyman.
Oct 13 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5945]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405836.
Oct 13 16:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2343]: pam_unix(cron:session): session closed for user root
Oct 13 16:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5855]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4253]: pam_unix(cron:session): session closed for user root
Oct 13 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6305]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6304]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6302]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6380]: Successful su for rubyman by root
Oct 13 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6380]: + ??? root:rubyman
Oct 13 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405840 of user rubyman.
Oct 13 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6380]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405840.
Oct 13 16:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2822]: pam_unix(cron:session): session closed for user root
Oct 13 16:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6303]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4857]: pam_unix(cron:session): session closed for user root
Oct 13 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6849]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6850]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6847]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6930]: Successful su for rubyman by root
Oct 13 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6930]: + ??? root:rubyman
Oct 13 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6930]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405844 of user rubyman.
Oct 13 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6930]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405844.
Oct 13 16:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3280]: pam_unix(cron:session): session closed for user root
Oct 13 16:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6848]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5859]: pam_unix(cron:session): session closed for user root
Oct 13 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7412]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7413]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7410]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: Successful su for rubyman by root
Oct 13 16:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: + ??? root:rubyman
Oct 13 16:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405848 of user rubyman.
Oct 13 16:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405848.
Oct 13 16:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3738]: pam_unix(cron:session): session closed for user root
Oct 13 16:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7411]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6305]: pam_unix(cron:session): session closed for user root
Oct 13 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8230]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8032]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8087]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8033]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8230]: pam_unix(cron:session): session closed for user root
Oct 13 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8020]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8390]: Successful su for rubyman by root
Oct 13 16:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8390]: + ??? root:rubyman
Oct 13 16:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405855 of user rubyman.
Oct 13 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[8390]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405855.
Oct 13 16:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8032]: pam_unix(cron:session): session closed for user root
Oct 13 16:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4252]: pam_unix(cron:session): session closed for user root
Oct 13 16:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8021]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6850]: pam_unix(cron:session): session closed for user root
Oct 13 16:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 16:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: Failed password for root from 194.182.86.152 port 39180 ssh2
Oct 13 16:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: Connection closed by 194.182.86.152 port 39180 [preauth]
Oct 13 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8920]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8919]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8915]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9004]: Successful su for rubyman by root
Oct 13 16:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9004]: + ??? root:rubyman
Oct 13 16:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405858 of user rubyman.
Oct 13 16:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9004]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405858.
Oct 13 16:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4856]: pam_unix(cron:session): session closed for user root
Oct 13 16:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8917]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7413]: pam_unix(cron:session): session closed for user root
Oct 13 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9525]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9524]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9519]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9519]: pam_unix(cron:session): session closed for user root
Oct 13 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9522]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9603]: Successful su for rubyman by root
Oct 13 16:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9603]: + ??? root:rubyman
Oct 13 16:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405863 of user rubyman.
Oct 13 16:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9603]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405863.
Oct 13 16:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5858]: pam_unix(cron:session): session closed for user root
Oct 13 16:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9523]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8087]: pam_unix(cron:session): session closed for user root
Oct 13 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10130]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10131]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10125]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10125]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10215]: Successful su for rubyman by root
Oct 13 16:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10215]: + ??? root:rubyman
Oct 13 16:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405868 of user rubyman.
Oct 13 16:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10215]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405868.
Oct 13 16:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6304]: pam_unix(cron:session): session closed for user root
Oct 13 16:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10127]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8920]: pam_unix(cron:session): session closed for user root
Oct 13 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10611]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10610]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10607]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10690]: Successful su for rubyman by root
Oct 13 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10690]: + ??? root:rubyman
Oct 13 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405870 of user rubyman.
Oct 13 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10690]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405870.
Oct 13 16:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6849]: pam_unix(cron:session): session closed for user root
Oct 13 16:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10608]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9525]: pam_unix(cron:session): session closed for user root
Oct 13 16:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: Invalid user admin from 2.57.121.25
Oct 13 16:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: input_userauth_request: invalid user admin [preauth]
Oct 13 16:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 16:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: Failed password for invalid user admin from 2.57.121.25 port 21758 ssh2
Oct 13 16:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: Failed password for invalid user admin from 2.57.121.25 port 21758 ssh2
Oct 13 16:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: Failed password for invalid user admin from 2.57.121.25 port 21758 ssh2
Oct 13 16:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: Failed password for invalid user admin from 2.57.121.25 port 21758 ssh2
Oct 13 16:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: Failed password for invalid user admin from 2.57.121.25 port 21758 ssh2
Oct 13 16:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: Received disconnect from 2.57.121.25 port 21758:11: Bye [preauth]
Oct 13 16:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: Disconnected from 2.57.121.25 port 21758 [preauth]
Oct 13 16:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 16:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11014]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11062]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11065]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11067]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11063]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11067]: pam_unix(cron:session): session closed for user root
Oct 13 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11060]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11153]: Successful su for rubyman by root
Oct 13 16:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11153]: + ??? root:rubyman
Oct 13 16:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11153]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405878 of user rubyman.
Oct 13 16:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11153]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405878.
Oct 13 16:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11062]: pam_unix(cron:session): session closed for user root
Oct 13 16:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7412]: pam_unix(cron:session): session closed for user root
Oct 13 16:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11061]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10131]: pam_unix(cron:session): session closed for user root
Oct 13 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11561]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11559]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11555]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11740]: Successful su for rubyman by root
Oct 13 16:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11740]: + ??? root:rubyman
Oct 13 16:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405880 of user rubyman.
Oct 13 16:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11740]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405880.
Oct 13 16:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8033]: pam_unix(cron:session): session closed for user root
Oct 13 16:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11556]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10611]: pam_unix(cron:session): session closed for user root
Oct 13 16:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74  user=root
Oct 13 16:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Failed password for root from 78.128.112.74 port 49272 ssh2
Oct 13 16:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Connection closed by 78.128.112.74 port 49272 [preauth]
Oct 13 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12135]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12134]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12139]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12133]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12218]: Successful su for rubyman by root
Oct 13 16:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12218]: + ??? root:rubyman
Oct 13 16:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405884 of user rubyman.
Oct 13 16:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12218]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405884.
Oct 13 16:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8919]: pam_unix(cron:session): session closed for user root
Oct 13 16:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12134]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11065]: pam_unix(cron:session): session closed for user root
Oct 13 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12620]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12619]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12616]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12701]: Successful su for rubyman by root
Oct 13 16:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12701]: + ??? root:rubyman
Oct 13 16:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405889 of user rubyman.
Oct 13 16:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12701]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405889.
Oct 13 16:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9524]: pam_unix(cron:session): session closed for user root
Oct 13 16:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12618]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11561]: pam_unix(cron:session): session closed for user root
Oct 13 16:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.171.177  user=root
Oct 13 16:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: Failed password for root from 94.177.171.177 port 49732 ssh2
Oct 13 16:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: Connection closed by 94.177.171.177 port 49732 [preauth]
Oct 13 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13123]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13124]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13122]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13121]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13188]: Successful su for rubyman by root
Oct 13 16:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13188]: + ??? root:rubyman
Oct 13 16:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405892 of user rubyman.
Oct 13 16:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13188]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405892.
Oct 13 16:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10130]: pam_unix(cron:session): session closed for user root
Oct 13 16:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13122]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12139]: pam_unix(cron:session): session closed for user root
Oct 13 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13682]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13687]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13685]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13684]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13687]: pam_unix(cron:session): session closed for user root
Oct 13 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13680]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13788]: Successful su for rubyman by root
Oct 13 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13788]: + ??? root:rubyman
Oct 13 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405899 of user rubyman.
Oct 13 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13788]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405899.
Oct 13 16:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13682]: pam_unix(cron:session): session closed for user root
Oct 13 16:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10610]: pam_unix(cron:session): session closed for user root
Oct 13 16:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13681]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12620]: pam_unix(cron:session): session closed for user root
Oct 13 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14281]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14280]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14279]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14278]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14278]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14352]: Successful su for rubyman by root
Oct 13 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14352]: + ??? root:rubyman
Oct 13 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405902 of user rubyman.
Oct 13 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14352]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405902.
Oct 13 16:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11063]: pam_unix(cron:session): session closed for user root
Oct 13 16:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14279]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13124]: pam_unix(cron:session): session closed for user root
Oct 13 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14719]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14718]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14716]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14802]: Successful su for rubyman by root
Oct 13 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14802]: + ??? root:rubyman
Oct 13 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14802]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405906 of user rubyman.
Oct 13 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14802]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405906.
Oct 13 16:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11559]: pam_unix(cron:session): session closed for user root
Oct 13 16:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14717]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13685]: pam_unix(cron:session): session closed for user root
Oct 13 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15298]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15297]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15295]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15295]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15379]: Successful su for rubyman by root
Oct 13 16:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15379]: + ??? root:rubyman
Oct 13 16:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405910 of user rubyman.
Oct 13 16:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15379]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405910.
Oct 13 16:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12135]: pam_unix(cron:session): session closed for user root
Oct 13 16:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15296]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14281]: pam_unix(cron:session): session closed for user root
Oct 13 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15745]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15746]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15743]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15813]: Successful su for rubyman by root
Oct 13 16:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15813]: + ??? root:rubyman
Oct 13 16:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405914 of user rubyman.
Oct 13 16:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15813]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405914.
Oct 13 16:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: Bad protocol version identification '\026\003\001' from 93.123.109.214 port 48588
Oct 13 16:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: Bad protocol version identification 'GET / HTTP/1.1' from 93.123.109.214 port 48600
Oct 13 16:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 13 16:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12619]: pam_unix(cron:session): session closed for user root
Oct 13 16:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15990]: Failed password for root from 20.163.71.109 port 45592 ssh2
Oct 13 16:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15990]: Connection closed by 20.163.71.109 port 45592 [preauth]
Oct 13 16:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15744]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 16:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Invalid user git from 45.9.116.195
Oct 13 16:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: input_userauth_request: invalid user git [preauth]
Oct 13 16:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 16:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: Failed password for root from 80.211.129.128 port 42844 ssh2
Oct 13 16:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: Connection closed by 80.211.129.128 port 42844 [preauth]
Oct 13 16:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Failed password for invalid user git from 45.9.116.195 port 59224 ssh2
Oct 13 16:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Received disconnect from 45.9.116.195 port 59224:11: Bye Bye [preauth]
Oct 13 16:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Disconnected from 45.9.116.195 port 59224 [preauth]
Oct 13 16:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14719]: pam_unix(cron:session): session closed for user root
Oct 13 16:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: Connection closed by 45.156.128.81 port 44169 [preauth]
Oct 13 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16206]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16203]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16207]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16199]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16200]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16198]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16207]: pam_unix(cron:session): session closed for user root
Oct 13 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16198]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16284]: Successful su for rubyman by root
Oct 13 16:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16284]: + ??? root:rubyman
Oct 13 16:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405918 of user rubyman.
Oct 13 16:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16284]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405918.
Oct 13 16:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16200]: pam_unix(cron:session): session closed for user root
Oct 13 16:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13123]: pam_unix(cron:session): session closed for user root
Oct 13 16:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16199]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15298]: pam_unix(cron:session): session closed for user root
Oct 13 16:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: Invalid user guest from 103.18.79.204
Oct 13 16:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: input_userauth_request: invalid user guest [preauth]
Oct 13 16:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 16:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: Failed password for invalid user guest from 103.18.79.204 port 51462 ssh2
Oct 13 16:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: Received disconnect from 103.18.79.204 port 51462:11: Bye Bye [preauth]
Oct 13 16:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: Disconnected from 103.18.79.204 port 51462 [preauth]
Oct 13 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16701]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16702]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16699]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16699]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16787]: Successful su for rubyman by root
Oct 13 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16787]: + ??? root:rubyman
Oct 13 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405926 of user rubyman.
Oct 13 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16787]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405926.
Oct 13 16:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13684]: pam_unix(cron:session): session closed for user root
Oct 13 16:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16700]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15746]: pam_unix(cron:session): session closed for user root
Oct 13 16:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195  user=root
Oct 13 16:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: Failed password for root from 45.9.116.195 port 58722 ssh2
Oct 13 16:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: Received disconnect from 45.9.116.195 port 58722:11: Bye Bye [preauth]
Oct 13 16:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: Disconnected from 45.9.116.195 port 58722 [preauth]
Oct 13 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17177]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17176]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17174]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17248]: Successful su for rubyman by root
Oct 13 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17248]: + ??? root:rubyman
Oct 13 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405930 of user rubyman.
Oct 13 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17248]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405930.
Oct 13 16:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14280]: pam_unix(cron:session): session closed for user root
Oct 13 16:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17175]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16206]: pam_unix(cron:session): session closed for user root
Oct 13 16:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204  user=root
Oct 13 16:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Failed password for root from 103.18.79.204 port 32862 ssh2
Oct 13 16:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Received disconnect from 103.18.79.204 port 32862:11: Bye Bye [preauth]
Oct 13 16:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Disconnected from 103.18.79.204 port 32862 [preauth]
Oct 13 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17625]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17626]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17623]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17714]: Successful su for rubyman by root
Oct 13 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17714]: + ??? root:rubyman
Oct 13 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405932 of user rubyman.
Oct 13 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17714]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405932.
Oct 13 16:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17916]: Invalid user helloworld from 45.9.116.195
Oct 13 16:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17916]: input_userauth_request: invalid user helloworld [preauth]
Oct 13 16:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17916]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 16:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14718]: pam_unix(cron:session): session closed for user root
Oct 13 16:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17916]: Failed password for invalid user helloworld from 45.9.116.195 port 45542 ssh2
Oct 13 16:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17916]: Received disconnect from 45.9.116.195 port 45542:11: Bye Bye [preauth]
Oct 13 16:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17916]: Disconnected from 45.9.116.195 port 45542 [preauth]
Oct 13 16:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17624]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: Invalid user vpn from 62.60.131.157
Oct 13 16:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: input_userauth_request: invalid user vpn [preauth]
Oct 13 16:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 16:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: Failed password for invalid user vpn from 62.60.131.157 port 62837 ssh2
Oct 13 16:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16702]: pam_unix(cron:session): session closed for user root
Oct 13 16:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: Failed password for invalid user vpn from 62.60.131.157 port 62837 ssh2
Oct 13 16:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: Failed password for invalid user vpn from 62.60.131.157 port 62837 ssh2
Oct 13 16:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: Failed password for invalid user vpn from 62.60.131.157 port 62837 ssh2
Oct 13 16:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: Failed password for invalid user vpn from 62.60.131.157 port 62837 ssh2
Oct 13 16:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: Received disconnect from 62.60.131.157 port 62837:11: Bye [preauth]
Oct 13 16:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: Disconnected from 62.60.131.157 port 62837 [preauth]
Oct 13 16:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 16:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18287]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18286]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18284]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18469]: Successful su for rubyman by root
Oct 13 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18469]: + ??? root:rubyman
Oct 13 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405936 of user rubyman.
Oct 13 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18469]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405936.
Oct 13 16:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15297]: pam_unix(cron:session): session closed for user root
Oct 13 16:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18285]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18746]: Invalid user baidu from 103.18.79.204
Oct 13 16:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18746]: input_userauth_request: invalid user baidu [preauth]
Oct 13 16:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18746]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 16:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18746]: Failed password for invalid user baidu from 103.18.79.204 port 37296 ssh2
Oct 13 16:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18746]: Received disconnect from 103.18.79.204 port 37296:11: Bye Bye [preauth]
Oct 13 16:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18746]: Disconnected from 103.18.79.204 port 37296 [preauth]
Oct 13 16:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: Invalid user deploy from 45.9.116.195
Oct 13 16:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: input_userauth_request: invalid user deploy [preauth]
Oct 13 16:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 16:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: Failed password for invalid user deploy from 45.9.116.195 port 45146 ssh2
Oct 13 16:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: Received disconnect from 45.9.116.195 port 45146:11: Bye Bye [preauth]
Oct 13 16:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: Disconnected from 45.9.116.195 port 45146 [preauth]
Oct 13 16:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17177]: pam_unix(cron:session): session closed for user root
Oct 13 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18895]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18890]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18891]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18894]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18895]: pam_unix(cron:session): session closed for user root
Oct 13 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18888]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19088]: Successful su for rubyman by root
Oct 13 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19088]: + ??? root:rubyman
Oct 13 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405940 of user rubyman.
Oct 13 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19088]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405940.
Oct 13 16:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18890]: pam_unix(cron:session): session closed for user root
Oct 13 16:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15745]: pam_unix(cron:session): session closed for user root
Oct 13 16:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18889]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17626]: pam_unix(cron:session): session closed for user root
Oct 13 16:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204  user=root
Oct 13 16:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19827]: Failed password for root from 103.18.79.204 port 41736 ssh2
Oct 13 16:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19827]: Received disconnect from 103.18.79.204 port 41736:11: Bye Bye [preauth]
Oct 13 16:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19827]: Disconnected from 103.18.79.204 port 41736 [preauth]
Oct 13 16:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: Invalid user guest from 45.9.116.195
Oct 13 16:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: input_userauth_request: invalid user guest [preauth]
Oct 13 16:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19847]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19846]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19844]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: Failed password for invalid user guest from 45.9.116.195 port 39388 ssh2
Oct 13 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: Received disconnect from 45.9.116.195 port 39388:11: Bye Bye [preauth]
Oct 13 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19829]: Disconnected from 45.9.116.195 port 39388 [preauth]
Oct 13 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19949]: Successful su for rubyman by root
Oct 13 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19949]: + ??? root:rubyman
Oct 13 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405947 of user rubyman.
Oct 13 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19949]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405947.
Oct 13 16:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16203]: pam_unix(cron:session): session closed for user root
Oct 13 16:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19845]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18287]: pam_unix(cron:session): session closed for user root
Oct 13 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20387]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20386]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20384]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20463]: Successful su for rubyman by root
Oct 13 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20463]: + ??? root:rubyman
Oct 13 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405952 of user rubyman.
Oct 13 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20463]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405952.
Oct 13 16:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16701]: pam_unix(cron:session): session closed for user root
Oct 13 16:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20385]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204  user=root
Oct 13 16:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20732]: Failed password for root from 103.18.79.204 port 46176 ssh2
Oct 13 16:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20732]: Received disconnect from 103.18.79.204 port 46176:11: Bye Bye [preauth]
Oct 13 16:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20732]: Disconnected from 103.18.79.204 port 46176 [preauth]
Oct 13 16:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: Invalid user marilia from 45.9.116.195
Oct 13 16:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: input_userauth_request: invalid user marilia [preauth]
Oct 13 16:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 16:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: Failed password for invalid user marilia from 45.9.116.195 port 48314 ssh2
Oct 13 16:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: Received disconnect from 45.9.116.195 port 48314:11: Bye Bye [preauth]
Oct 13 16:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20757]: Disconnected from 45.9.116.195 port 48314 [preauth]
Oct 13 16:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18894]: pam_unix(cron:session): session closed for user root
Oct 13 16:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 16:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20835]: Failed password for root from 194.182.86.152 port 42504 ssh2
Oct 13 16:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20835]: Connection closed by 194.182.86.152 port 42504 [preauth]
Oct 13 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20858]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20860]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20859]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20857]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20928]: Successful su for rubyman by root
Oct 13 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20928]: + ??? root:rubyman
Oct 13 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405956 of user rubyman.
Oct 13 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20928]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405956.
Oct 13 16:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17176]: pam_unix(cron:session): session closed for user root
Oct 13 16:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20858]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19847]: pam_unix(cron:session): session closed for user root
Oct 13 16:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: Invalid user helloworld from 103.18.79.204
Oct 13 16:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: input_userauth_request: invalid user helloworld [preauth]
Oct 13 16:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 16:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: Failed password for invalid user helloworld from 103.18.79.204 port 50604 ssh2
Oct 13 16:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: Received disconnect from 103.18.79.204 port 50604:11: Bye Bye [preauth]
Oct 13 16:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21305]: Disconnected from 103.18.79.204 port 50604 [preauth]
Oct 13 16:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21315]: Invalid user jona from 45.9.116.195
Oct 13 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21315]: input_userauth_request: invalid user jona [preauth]
Oct 13 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21315]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21323]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21324]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21318]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21320]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21315]: Failed password for invalid user jona from 45.9.116.195 port 54342 ssh2
Oct 13 16:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21315]: Received disconnect from 45.9.116.195 port 54342:11: Bye Bye [preauth]
Oct 13 16:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21315]: Disconnected from 45.9.116.195 port 54342 [preauth]
Oct 13 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[21559]: Successful su for rubyman by root
Oct 13 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[21559]: + ??? root:rubyman
Oct 13 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[21559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405960 of user rubyman.
Oct 13 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[21559]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405960.
Oct 13 16:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21318]: pam_unix(cron:session): session closed for user root
Oct 13 16:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17625]: pam_unix(cron:session): session closed for user root
Oct 13 16:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21321]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 16:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21826]: Failed password for root from 194.182.86.152 port 49236 ssh2
Oct 13 16:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21826]: Connection closed by 194.182.86.152 port 49236 [preauth]
Oct 13 16:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20387]: pam_unix(cron:session): session closed for user root
Oct 13 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21954]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21957]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21955]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21956]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21957]: pam_unix(cron:session): session closed for user root
Oct 13 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21952]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22040]: Successful su for rubyman by root
Oct 13 16:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22040]: + ??? root:rubyman
Oct 13 16:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405966 of user rubyman.
Oct 13 16:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22040]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405966.
Oct 13 16:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21954]: pam_unix(cron:session): session closed for user root
Oct 13 16:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18286]: pam_unix(cron:session): session closed for user root
Oct 13 16:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21953]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204  user=root
Oct 13 16:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22363]: Failed password for root from 103.18.79.204 port 55040 ssh2
Oct 13 16:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22363]: Received disconnect from 103.18.79.204 port 55040:11: Bye Bye [preauth]
Oct 13 16:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22363]: Disconnected from 103.18.79.204 port 55040 [preauth]
Oct 13 16:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22389]: Invalid user vinay from 45.9.116.195
Oct 13 16:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22389]: input_userauth_request: invalid user vinay [preauth]
Oct 13 16:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22389]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 16:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22389]: Failed password for invalid user vinay from 45.9.116.195 port 44940 ssh2
Oct 13 16:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22389]: Received disconnect from 45.9.116.195 port 44940:11: Bye Bye [preauth]
Oct 13 16:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22389]: Disconnected from 45.9.116.195 port 44940 [preauth]
Oct 13 16:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20860]: pam_unix(cron:session): session closed for user root
Oct 13 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22487]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22486]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22483]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22568]: Successful su for rubyman by root
Oct 13 16:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22568]: + ??? root:rubyman
Oct 13 16:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405970 of user rubyman.
Oct 13 16:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22568]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405970.
Oct 13 16:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18891]: pam_unix(cron:session): session closed for user root
Oct 13 16:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22485]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21324]: pam_unix(cron:session): session closed for user root
Oct 13 16:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23335]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23336]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23332]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23322]: Invalid user marci from 103.18.79.204
Oct 13 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23322]: input_userauth_request: invalid user marci [preauth]
Oct 13 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23322]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23547]: Successful su for rubyman by root
Oct 13 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23547]: + ??? root:rubyman
Oct 13 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405973 of user rubyman.
Oct 13 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23547]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405973.
Oct 13 16:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23322]: Failed password for invalid user marci from 103.18.79.204 port 59474 ssh2
Oct 13 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23322]: Received disconnect from 103.18.79.204 port 59474:11: Bye Bye [preauth]
Oct 13 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23322]: Disconnected from 103.18.79.204 port 59474 [preauth]
Oct 13 16:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: Invalid user data from 45.9.116.195
Oct 13 16:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: input_userauth_request: invalid user data [preauth]
Oct 13 16:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 16:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: Failed password for invalid user data from 45.9.116.195 port 39104 ssh2
Oct 13 16:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: Received disconnect from 45.9.116.195 port 39104:11: Bye Bye [preauth]
Oct 13 16:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23827]: Disconnected from 45.9.116.195 port 39104 [preauth]
Oct 13 16:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19846]: pam_unix(cron:session): session closed for user root
Oct 13 16:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23334]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21956]: pam_unix(cron:session): session closed for user root
Oct 13 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24169]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24168]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24166]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24249]: Successful su for rubyman by root
Oct 13 16:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24249]: + ??? root:rubyman
Oct 13 16:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405979 of user rubyman.
Oct 13 16:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24249]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405979.
Oct 13 16:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20386]: pam_unix(cron:session): session closed for user root
Oct 13 16:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24167]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204  user=root
Oct 13 16:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24575]: Failed password for root from 103.18.79.204 port 35680 ssh2
Oct 13 16:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24575]: Received disconnect from 103.18.79.204 port 35680:11: Bye Bye [preauth]
Oct 13 16:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24575]: Disconnected from 103.18.79.204 port 35680 [preauth]
Oct 13 16:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22487]: pam_unix(cron:session): session closed for user root
Oct 13 16:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: Invalid user mpp from 45.9.116.195
Oct 13 16:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: input_userauth_request: invalid user mpp [preauth]
Oct 13 16:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 16:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 16:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: Failed password for invalid user mpp from 45.9.116.195 port 58612 ssh2
Oct 13 16:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: Received disconnect from 45.9.116.195 port 58612:11: Bye Bye [preauth]
Oct 13 16:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: Disconnected from 45.9.116.195 port 58612 [preauth]
Oct 13 16:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24632]: Failed password for root from 194.182.86.152 port 40776 ssh2
Oct 13 16:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24632]: Connection closed by 194.182.86.152 port 40776 [preauth]
Oct 13 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24691]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24690]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24688]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24774]: Successful su for rubyman by root
Oct 13 16:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24774]: + ??? root:rubyman
Oct 13 16:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405983 of user rubyman.
Oct 13 16:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24774]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405983.
Oct 13 16:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20859]: pam_unix(cron:session): session closed for user root
Oct 13 16:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24689]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23336]: pam_unix(cron:session): session closed for user root
Oct 13 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25193]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25192]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25196]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25194]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25196]: pam_unix(cron:session): session closed for user root
Oct 13 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25183]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25305]: Successful su for rubyman by root
Oct 13 16:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25305]: + ??? root:rubyman
Oct 13 16:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405989 of user rubyman.
Oct 13 16:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25305]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405989.
Oct 13 16:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25192]: pam_unix(cron:session): session closed for user root
Oct 13 16:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21323]: pam_unix(cron:session): session closed for user root
Oct 13 16:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: Invalid user zeeshan from 103.18.79.204
Oct 13 16:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: input_userauth_request: invalid user zeeshan [preauth]
Oct 13 16:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 16:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: Failed password for invalid user zeeshan from 103.18.79.204 port 40114 ssh2
Oct 13 16:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: Received disconnect from 103.18.79.204 port 40114:11: Bye Bye [preauth]
Oct 13 16:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25660]: Disconnected from 103.18.79.204 port 40114 [preauth]
Oct 13 16:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195  user=root
Oct 13 16:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 16:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: Failed password for root from 45.9.116.195 port 51362 ssh2
Oct 13 16:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: Received disconnect from 45.9.116.195 port 51362:11: Bye Bye [preauth]
Oct 13 16:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25729]: Disconnected from 45.9.116.195 port 51362 [preauth]
Oct 13 16:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25191]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25736]: Failed password for root from 194.182.86.152 port 35318 ssh2
Oct 13 16:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25736]: Connection closed by 194.182.86.152 port 35318 [preauth]
Oct 13 16:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24169]: pam_unix(cron:session): session closed for user root
Oct 13 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26021]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26020]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26016]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26090]: Successful su for rubyman by root
Oct 13 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26090]: + ??? root:rubyman
Oct 13 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405992 of user rubyman.
Oct 13 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26090]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405992.
Oct 13 16:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21955]: pam_unix(cron:session): session closed for user root
Oct 13 16:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26017]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24691]: pam_unix(cron:session): session closed for user root
Oct 13 16:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: Invalid user smart from 103.18.79.204
Oct 13 16:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: input_userauth_request: invalid user smart [preauth]
Oct 13 16:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 16:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: Failed password for invalid user smart from 103.18.79.204 port 44546 ssh2
Oct 13 16:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: Received disconnect from 103.18.79.204 port 44546:11: Bye Bye [preauth]
Oct 13 16:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: Disconnected from 103.18.79.204 port 44546 [preauth]
Oct 13 16:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: Invalid user user from 45.9.116.195
Oct 13 16:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: input_userauth_request: invalid user user [preauth]
Oct 13 16:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 16:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: Failed password for invalid user user from 45.9.116.195 port 50774 ssh2
Oct 13 16:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: Received disconnect from 45.9.116.195 port 50774:11: Bye Bye [preauth]
Oct 13 16:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: Disconnected from 45.9.116.195 port 50774 [preauth]
Oct 13 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26587]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26586]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26583]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26659]: Successful su for rubyman by root
Oct 13 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26659]: + ??? root:rubyman
Oct 13 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26659]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 405995 of user rubyman.
Oct 13 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26659]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 405995.
Oct 13 16:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22486]: pam_unix(cron:session): session closed for user root
Oct 13 16:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26584]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25194]: pam_unix(cron:session): session closed for user root
Oct 13 16:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.38.148.202  user=root
Oct 13 16:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27258]: Failed password for root from 89.38.148.202 port 49190 ssh2
Oct 13 16:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27258]: Connection closed by 89.38.148.202 port 49190 [preauth]
Oct 13 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27279]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27278]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27276]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27360]: Successful su for rubyman by root
Oct 13 16:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27360]: + ??? root:rubyman
Oct 13 16:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406000 of user rubyman.
Oct 13 16:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27360]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406000.
Oct 13 16:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23335]: pam_unix(cron:session): session closed for user root
Oct 13 16:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27277]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: Invalid user ubuntu from 103.18.79.204
Oct 13 16:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 16:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 16:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: Failed password for invalid user ubuntu from 103.18.79.204 port 48982 ssh2
Oct 13 16:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: Received disconnect from 103.18.79.204 port 48982:11: Bye Bye [preauth]
Oct 13 16:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: Disconnected from 103.18.79.204 port 48982 [preauth]
Oct 13 16:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: Invalid user marci from 45.9.116.195
Oct 13 16:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: input_userauth_request: invalid user marci [preauth]
Oct 13 16:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 16:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: Failed password for invalid user marci from 45.9.116.195 port 54336 ssh2
Oct 13 16:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: Received disconnect from 45.9.116.195 port 54336:11: Bye Bye [preauth]
Oct 13 16:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: Disconnected from 45.9.116.195 port 54336 [preauth]
Oct 13 16:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26021]: pam_unix(cron:session): session closed for user root
Oct 13 16:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 16:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: Failed password for root from 80.211.129.128 port 34360 ssh2
Oct 13 16:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: Connection closed by 80.211.129.128 port 34360 [preauth]
Oct 13 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28062]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28060]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28059]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28058]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28058]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28134]: Successful su for rubyman by root
Oct 13 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28134]: + ??? root:rubyman
Oct 13 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406003 of user rubyman.
Oct 13 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28134]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406003.
Oct 13 16:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24168]: pam_unix(cron:session): session closed for user root
Oct 13 16:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28059]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26587]: pam_unix(cron:session): session closed for user root
Oct 13 16:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204  user=root
Oct 13 16:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28757]: Failed password for root from 103.18.79.204 port 53418 ssh2
Oct 13 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28757]: Received disconnect from 103.18.79.204 port 53418:11: Bye Bye [preauth]
Oct 13 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28757]: Disconnected from 103.18.79.204 port 53418 [preauth]
Oct 13 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28768]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28766]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28765]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28767]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28768]: pam_unix(cron:session): session closed for user root
Oct 13 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28763]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28865]: Successful su for rubyman by root
Oct 13 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28865]: + ??? root:rubyman
Oct 13 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406007 of user rubyman.
Oct 13 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28865]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406007.
Oct 13 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195  user=root
Oct 13 16:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28898]: Failed password for root from 45.9.116.195 port 36016 ssh2
Oct 13 16:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28898]: Received disconnect from 45.9.116.195 port 36016:11: Bye Bye [preauth]
Oct 13 16:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28898]: Disconnected from 45.9.116.195 port 36016 [preauth]
Oct 13 16:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28765]: pam_unix(cron:session): session closed for user root
Oct 13 16:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24690]: pam_unix(cron:session): session closed for user root
Oct 13 16:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28764]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27279]: pam_unix(cron:session): session closed for user root
Oct 13 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29410]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29409]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29406]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29510]: Successful su for rubyman by root
Oct 13 16:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29510]: + ??? root:rubyman
Oct 13 16:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29510]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406013 of user rubyman.
Oct 13 16:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29510]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406013.
Oct 13 16:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25193]: pam_unix(cron:session): session closed for user root
Oct 13 16:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29407]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: Invalid user user01 from 45.9.116.195
Oct 13 16:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: input_userauth_request: invalid user user01 [preauth]
Oct 13 16:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 16:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: Failed password for invalid user user01 from 45.9.116.195 port 48154 ssh2
Oct 13 16:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: Received disconnect from 45.9.116.195 port 48154:11: Bye Bye [preauth]
Oct 13 16:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: Disconnected from 45.9.116.195 port 48154 [preauth]
Oct 13 16:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28062]: pam_unix(cron:session): session closed for user root
Oct 13 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29918]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29917]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29914]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30000]: Successful su for rubyman by root
Oct 13 16:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30000]: + ??? root:rubyman
Oct 13 16:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406017 of user rubyman.
Oct 13 16:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30000]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406017.
Oct 13 16:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26020]: pam_unix(cron:session): session closed for user root
Oct 13 16:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204  user=root
Oct 13 16:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29915]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: Failed password for root from 103.18.79.204 port 57898 ssh2
Oct 13 16:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: Received disconnect from 103.18.79.204 port 57898:11: Bye Bye [preauth]
Oct 13 16:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: Disconnected from 103.18.79.204 port 57898 [preauth]
Oct 13 16:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28767]: pam_unix(cron:session): session closed for user root
Oct 13 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30457]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30458]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30443]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30607]: Successful su for rubyman by root
Oct 13 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30607]: + ??? root:rubyman
Oct 13 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406023 of user rubyman.
Oct 13 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30607]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406023.
Oct 13 16:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: Invalid user egarcia from 45.9.116.195
Oct 13 16:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: input_userauth_request: invalid user egarcia [preauth]
Oct 13 16:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 16:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: Failed password for invalid user egarcia from 45.9.116.195 port 41750 ssh2
Oct 13 16:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: Received disconnect from 45.9.116.195 port 41750:11: Bye Bye [preauth]
Oct 13 16:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: Disconnected from 45.9.116.195 port 41750 [preauth]
Oct 13 16:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26586]: pam_unix(cron:session): session closed for user root
Oct 13 16:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30456]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29410]: pam_unix(cron:session): session closed for user root
Oct 13 16:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: Invalid user mpp from 103.18.79.204
Oct 13 16:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: input_userauth_request: invalid user mpp [preauth]
Oct 13 16:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 16:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: Failed password for invalid user mpp from 103.18.79.204 port 34100 ssh2
Oct 13 16:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: Received disconnect from 103.18.79.204 port 34100:11: Bye Bye [preauth]
Oct 13 16:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: Disconnected from 103.18.79.204 port 34100 [preauth]
Oct 13 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30993]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30994]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30991]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31080]: Successful su for rubyman by root
Oct 13 16:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31080]: + ??? root:rubyman
Oct 13 16:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406027 of user rubyman.
Oct 13 16:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31080]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406027.
Oct 13 16:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27278]: pam_unix(cron:session): session closed for user root
Oct 13 16:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30992]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29918]: pam_unix(cron:session): session closed for user root
Oct 13 16:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31400]: Invalid user ts3 from 45.9.116.195
Oct 13 16:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31400]: input_userauth_request: invalid user ts3 [preauth]
Oct 13 16:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31400]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 16:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31400]: Failed password for invalid user ts3 from 45.9.116.195 port 47190 ssh2
Oct 13 16:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31400]: Received disconnect from 45.9.116.195 port 47190:11: Bye Bye [preauth]
Oct 13 16:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31400]: Disconnected from 45.9.116.195 port 47190 [preauth]
Oct 13 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31521]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31517]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31519]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31516]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31520]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31521]: pam_unix(cron:session): session closed for user root
Oct 13 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31515]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31713]: Successful su for rubyman by root
Oct 13 16:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31713]: + ??? root:rubyman
Oct 13 16:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406029 of user rubyman.
Oct 13 16:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31713]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406029.
Oct 13 16:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31517]: pam_unix(cron:session): session closed for user root
Oct 13 16:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28060]: pam_unix(cron:session): session closed for user root
Oct 13 16:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31516]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: Invalid user jona from 103.18.79.204
Oct 13 16:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: input_userauth_request: invalid user jona [preauth]
Oct 13 16:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 16:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: Failed password for invalid user jona from 103.18.79.204 port 38530 ssh2
Oct 13 16:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: Received disconnect from 103.18.79.204 port 38530:11: Bye Bye [preauth]
Oct 13 16:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: Disconnected from 103.18.79.204 port 38530 [preauth]
Oct 13 16:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30458]: pam_unix(cron:session): session closed for user root
Oct 13 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32204]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32205]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32201]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32287]: Successful su for rubyman by root
Oct 13 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32287]: + ??? root:rubyman
Oct 13 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406036 of user rubyman.
Oct 13 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32287]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406036.
Oct 13 16:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: Did not receive identification string from 194.0.234.20
Oct 13 16:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28766]: pam_unix(cron:session): session closed for user root
Oct 13 16:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: Invalid user baidu from 45.9.116.195
Oct 13 16:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: input_userauth_request: invalid user baidu [preauth]
Oct 13 16:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 16:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32203]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: Failed password for invalid user baidu from 45.9.116.195 port 33800 ssh2
Oct 13 16:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: Received disconnect from 45.9.116.195 port 33800:11: Bye Bye [preauth]
Oct 13 16:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: Disconnected from 45.9.116.195 port 33800 [preauth]
Oct 13 16:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30994]: pam_unix(cron:session): session closed for user root
Oct 13 16:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204  user=root
Oct 13 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32681]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32680]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32679]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32678]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32678]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32659]: Failed password for root from 103.18.79.204 port 42970 ssh2
Oct 13 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32659]: Received disconnect from 103.18.79.204 port 42970:11: Bye Bye [preauth]
Oct 13 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32659]: Disconnected from 103.18.79.204 port 42970 [preauth]
Oct 13 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32757]: Successful su for rubyman by root
Oct 13 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32757]: + ??? root:rubyman
Oct 13 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406041 of user rubyman.
Oct 13 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32757]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406041.
Oct 13 16:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32672]: Failed password for root from 194.182.86.152 port 39204 ssh2
Oct 13 16:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32672]: Connection closed by 194.182.86.152 port 39204 [preauth]
Oct 13 16:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29409]: pam_unix(cron:session): session closed for user root
Oct 13 16:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32679]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31520]: pam_unix(cron:session): session closed for user root
Oct 13 16:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: Invalid user ubuntu from 45.9.116.195
Oct 13 16:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 16:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 16:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: Failed password for invalid user ubuntu from 45.9.116.195 port 35276 ssh2
Oct 13 16:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: Received disconnect from 45.9.116.195 port 35276:11: Bye Bye [preauth]
Oct 13 16:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: Disconnected from 45.9.116.195 port 35276 [preauth]
Oct 13 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[688]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[686]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[683]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[758]: Successful su for rubyman by root
Oct 13 16:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[758]: + ??? root:rubyman
Oct 13 16:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406044 of user rubyman.
Oct 13 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[758]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406044.
Oct 13 16:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29917]: pam_unix(cron:session): session closed for user root
Oct 13 16:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[684]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204  user=root
Oct 13 16:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1159]: Failed password for root from 103.18.79.204 port 47408 ssh2
Oct 13 16:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1159]: Received disconnect from 103.18.79.204 port 47408:11: Bye Bye [preauth]
Oct 13 16:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1159]: Disconnected from 103.18.79.204 port 47408 [preauth]
Oct 13 16:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32205]: pam_unix(cron:session): session closed for user root
Oct 13 16:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1253]: Invalid user  from 129.212.186.142
Oct 13 16:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1253]: input_userauth_request: invalid user  [preauth]
Oct 13 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1261]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1260]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1256]: pam_unix(cron:session): session closed for user p13x
Oct 13 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1332]: Successful su for rubyman by root
Oct 13 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1332]: + ??? root:rubyman
Oct 13 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406048 of user rubyman.
Oct 13 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1332]: pam_unix(su:session): session closed for user rubyman
Oct 13 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406048.
Oct 13 16:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1253]: Connection closed by 129.212.186.142 port 53916 [preauth]
Oct 13 16:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30457]: pam_unix(cron:session): session closed for user root
Oct 13 16:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 16:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Failed password for root from 194.182.86.152 port 53584 ssh2
Oct 13 16:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Connection closed by 194.182.86.152 port 53584 [preauth]
Oct 13 16:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1257]: pam_unix(cron:session): session closed for user samftp
Oct 13 16:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: Invalid user tiptop from 45.9.116.195
Oct 13 16:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: input_userauth_request: invalid user tiptop [preauth]
Oct 13 16:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 16:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: Failed password for invalid user tiptop from 45.9.116.195 port 46648 ssh2
Oct 13 16:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: Received disconnect from 45.9.116.195 port 46648:11: Bye Bye [preauth]
Oct 13 16:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: Disconnected from 45.9.116.195 port 46648 [preauth]
Oct 13 16:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32681]: pam_unix(cron:session): session closed for user root
Oct 13 16:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 16:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: Failed password for root from 194.182.86.152 port 42608 ssh2
Oct 13 16:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: Connection closed by 194.182.86.152 port 42608 [preauth]
Oct 13 16:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: Invalid user ftpuser from 129.212.186.142
Oct 13 16:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 16:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 16:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: Failed password for invalid user ftpuser from 129.212.186.142 port 49004 ssh2
Oct 13 16:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: Connection closed by 129.212.186.142 port 49004 [preauth]
Oct 13 16:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: Invalid user uftp from 129.212.186.142
Oct 13 16:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: input_userauth_request: invalid user uftp [preauth]
Oct 13 16:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 16:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: Failed password for invalid user uftp from 129.212.186.142 port 49026 ssh2
Oct 13 16:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: Connection closed by 129.212.186.142 port 49026 [preauth]
Oct 13 16:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 16:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Invalid user dspace from 129.212.186.142
Oct 13 16:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: input_userauth_request: invalid user dspace [preauth]
Oct 13 16:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 16:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 16:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Failed password for invalid user dspace from 129.212.186.142 port 49032 ssh2
Oct 13 16:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Connection closed by 129.212.186.142 port 49032 [preauth]
Oct 13 17:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: Invalid user user from 129.212.186.142
Oct 13 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: input_userauth_request: invalid user user [preauth]
Oct 13 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1790]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1786]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1787]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1788]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1789]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1786]: pam_unix(cron:session): session closed for user root
Oct 13 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1790]: pam_unix(cron:session): session closed for user root
Oct 13 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1782]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: Failed password for invalid user user from 129.212.186.142 port 49608 ssh2
Oct 13 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: Connection closed by 129.212.186.142 port 49608 [preauth]
Oct 13 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[2014]: Successful su for rubyman by root
Oct 13 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[2014]: + ??? root:rubyman
Oct 13 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[2014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: Invalid user odoo from 129.212.186.142
Oct 13 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: input_userauth_request: invalid user odoo [preauth]
Oct 13 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406052 of user rubyman.
Oct 13 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[2014]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406052.
Oct 13 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: Failed password for invalid user odoo from 129.212.186.142 port 49614 ssh2
Oct 13 17:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: Connection closed by 129.212.186.142 port 49614 [preauth]
Oct 13 17:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Invalid user guest from 129.212.186.142
Oct 13 17:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: input_userauth_request: invalid user guest [preauth]
Oct 13 17:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Failed password for invalid user guest from 129.212.186.142 port 49620 ssh2
Oct 13 17:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Connection closed by 129.212.186.142 port 49620 [preauth]
Oct 13 17:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: Invalid user deploy from 103.18.79.204
Oct 13 17:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: input_userauth_request: invalid user deploy [preauth]
Oct 13 17:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 17:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30993]: pam_unix(cron:session): session closed for user root
Oct 13 17:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1787]: pam_unix(cron:session): session closed for user root
Oct 13 17:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2149]: Failed password for root from 129.212.186.142 port 55024 ssh2
Oct 13 17:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2149]: Connection closed by 129.212.186.142 port 55024 [preauth]
Oct 13 17:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Invalid user pi from 129.212.186.142
Oct 13 17:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: input_userauth_request: invalid user pi [preauth]
Oct 13 17:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: Failed password for invalid user deploy from 103.18.79.204 port 51842 ssh2
Oct 13 17:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: Received disconnect from 103.18.79.204 port 51842:11: Bye Bye [preauth]
Oct 13 17:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: Disconnected from 103.18.79.204 port 51842 [preauth]
Oct 13 17:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Failed password for invalid user pi from 129.212.186.142 port 55040 ssh2
Oct 13 17:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Connection closed by 129.212.186.142 port 55040 [preauth]
Oct 13 17:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: Invalid user redis from 129.212.186.142
Oct 13 17:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: input_userauth_request: invalid user redis [preauth]
Oct 13 17:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: Failed password for invalid user redis from 129.212.186.142 port 55048 ssh2
Oct 13 17:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: Connection closed by 129.212.186.142 port 55048 [preauth]
Oct 13 17:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2276]: Invalid user adminuser from 129.212.186.142
Oct 13 17:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2276]: input_userauth_request: invalid user adminuser [preauth]
Oct 13 17:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2276]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2276]: Failed password for invalid user adminuser from 129.212.186.142 port 49728 ssh2
Oct 13 17:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1784]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2276]: Connection closed by 129.212.186.142 port 49728 [preauth]
Oct 13 17:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: Invalid user nagios from 129.212.186.142
Oct 13 17:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: input_userauth_request: invalid user nagios [preauth]
Oct 13 17:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: Failed password for invalid user nagios from 129.212.186.142 port 49732 ssh2
Oct 13 17:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: Connection closed by 129.212.186.142 port 49732 [preauth]
Oct 13 17:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2310]: Failed password for root from 129.212.186.142 port 49746 ssh2
Oct 13 17:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2310]: Connection closed by 129.212.186.142 port 49746 [preauth]
Oct 13 17:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2320]: Invalid user sonar from 129.212.186.142
Oct 13 17:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2320]: input_userauth_request: invalid user sonar [preauth]
Oct 13 17:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2320]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2320]: Failed password for invalid user sonar from 129.212.186.142 port 50912 ssh2
Oct 13 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2320]: Connection closed by 129.212.186.142 port 50912 [preauth]
Oct 13 17:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2372]: Invalid user packer from 129.212.186.142
Oct 13 17:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2372]: input_userauth_request: invalid user packer [preauth]
Oct 13 17:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2372]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2372]: Failed password for invalid user packer from 129.212.186.142 port 50914 ssh2
Oct 13 17:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2372]: Connection closed by 129.212.186.142 port 50914 [preauth]
Oct 13 17:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: Invalid user jenkins from 129.212.186.142
Oct 13 17:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: input_userauth_request: invalid user jenkins [preauth]
Oct 13 17:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[688]: pam_unix(cron:session): session closed for user root
Oct 13 17:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: Failed password for invalid user jenkins from 129.212.186.142 port 50918 ssh2
Oct 13 17:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: Connection closed by 129.212.186.142 port 50918 [preauth]
Oct 13 17:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2401]: Failed password for root from 129.212.186.142 port 51200 ssh2
Oct 13 17:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2401]: Connection closed by 129.212.186.142 port 51200 [preauth]
Oct 13 17:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2415]: Invalid user kingbase from 129.212.186.142
Oct 13 17:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2415]: input_userauth_request: invalid user kingbase [preauth]
Oct 13 17:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2415]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2415]: Failed password for invalid user kingbase from 129.212.186.142 port 51208 ssh2
Oct 13 17:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2415]: Connection closed by 129.212.186.142 port 51208 [preauth]
Oct 13 17:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: Invalid user testuser from 129.212.186.142
Oct 13 17:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: input_userauth_request: invalid user testuser [preauth]
Oct 13 17:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: Failed password for invalid user testuser from 129.212.186.142 port 51232 ssh2
Oct 13 17:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: Connection closed by 129.212.186.142 port 51232 [preauth]
Oct 13 17:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Invalid user vagrant from 129.212.186.142
Oct 13 17:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: input_userauth_request: invalid user vagrant [preauth]
Oct 13 17:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Failed password for invalid user vagrant from 129.212.186.142 port 46458 ssh2
Oct 13 17:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Connection closed by 129.212.186.142 port 46458 [preauth]
Oct 13 17:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2486]: Invalid user admin from 129.212.186.142
Oct 13 17:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2486]: input_userauth_request: invalid user admin [preauth]
Oct 13 17:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2486]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2486]: Failed password for invalid user admin from 129.212.186.142 port 46474 ssh2
Oct 13 17:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2486]: Connection closed by 129.212.186.142 port 46474 [preauth]
Oct 13 17:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: Invalid user teamspeak from 129.212.186.142
Oct 13 17:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: input_userauth_request: invalid user teamspeak [preauth]
Oct 13 17:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: Failed password for invalid user teamspeak from 129.212.186.142 port 46478 ssh2
Oct 13 17:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: Connection closed by 129.212.186.142 port 46478 [preauth]
Oct 13 17:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2505]: Invalid user dev from 129.212.186.142
Oct 13 17:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2505]: input_userauth_request: invalid user dev [preauth]
Oct 13 17:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2505]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2511]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2512]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2509]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2505]: Failed password for invalid user dev from 129.212.186.142 port 42680 ssh2
Oct 13 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2505]: Connection closed by 129.212.186.142 port 42680 [preauth]
Oct 13 17:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2585]: Successful su for rubyman by root
Oct 13 17:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2585]: + ??? root:rubyman
Oct 13 17:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406059 of user rubyman.
Oct 13 17:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2585]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406059.
Oct 13 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Invalid user steam from 129.212.186.142
Oct 13 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: input_userauth_request: invalid user steam [preauth]
Oct 13 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Failed password for invalid user steam from 129.212.186.142 port 42694 ssh2
Oct 13 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Connection closed by 129.212.186.142 port 42694 [preauth]
Oct 13 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195  user=root
Oct 13 17:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: Invalid user deployer from 129.212.186.142
Oct 13 17:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: input_userauth_request: invalid user deployer [preauth]
Oct 13 17:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Failed password for root from 45.9.116.195 port 50064 ssh2
Oct 13 17:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Received disconnect from 45.9.116.195 port 50064:11: Bye Bye [preauth]
Oct 13 17:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Disconnected from 45.9.116.195 port 50064 [preauth]
Oct 13 17:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: Failed password for invalid user deployer from 129.212.186.142 port 42696 ssh2
Oct 13 17:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: Connection closed by 129.212.186.142 port 42696 [preauth]
Oct 13 17:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2739]: Invalid user user1 from 129.212.186.142
Oct 13 17:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2739]: input_userauth_request: invalid user user1 [preauth]
Oct 13 17:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2739]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2739]: Failed password for invalid user user1 from 129.212.186.142 port 48134 ssh2
Oct 13 17:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2739]: Connection closed by 129.212.186.142 port 48134 [preauth]
Oct 13 17:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31519]: pam_unix(cron:session): session closed for user root
Oct 13 17:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: Failed password for root from 129.212.186.142 port 48136 ssh2
Oct 13 17:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2780]: Connection closed by 129.212.186.142 port 48136 [preauth]
Oct 13 17:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2800]: Invalid user guest from 129.212.186.142
Oct 13 17:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2800]: input_userauth_request: invalid user guest [preauth]
Oct 13 17:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2800]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2510]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2800]: Failed password for invalid user guest from 129.212.186.142 port 48140 ssh2
Oct 13 17:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2800]: Connection closed by 129.212.186.142 port 48140 [preauth]
Oct 13 17:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2825]: Failed password for root from 129.212.186.142 port 35344 ssh2
Oct 13 17:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2825]: Connection closed by 129.212.186.142 port 35344 [preauth]
Oct 13 17:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: Invalid user dev from 129.212.186.142
Oct 13 17:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: input_userauth_request: invalid user dev [preauth]
Oct 13 17:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: Failed password for invalid user dev from 129.212.186.142 port 35370 ssh2
Oct 13 17:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2837]: Connection closed by 129.212.186.142 port 35370 [preauth]
Oct 13 17:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2839]: Invalid user basit from 129.212.186.142
Oct 13 17:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2839]: input_userauth_request: invalid user basit [preauth]
Oct 13 17:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2839]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2839]: Failed password for invalid user basit from 129.212.186.142 port 35398 ssh2
Oct 13 17:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2839]: Connection closed by 129.212.186.142 port 35398 [preauth]
Oct 13 17:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: Invalid user ansible from 129.212.186.142
Oct 13 17:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: input_userauth_request: invalid user ansible [preauth]
Oct 13 17:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: Failed password for invalid user ansible from 129.212.186.142 port 41798 ssh2
Oct 13 17:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2868]: Connection closed by 129.212.186.142 port 41798 [preauth]
Oct 13 17:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: Failed password for root from 129.212.186.142 port 41800 ssh2
Oct 13 17:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: Connection closed by 129.212.186.142 port 41800 [preauth]
Oct 13 17:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: Invalid user oracle from 129.212.186.142
Oct 13 17:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: input_userauth_request: invalid user oracle [preauth]
Oct 13 17:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1261]: pam_unix(cron:session): session closed for user root
Oct 13 17:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: Failed password for invalid user oracle from 129.212.186.142 port 41812 ssh2
Oct 13 17:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: Connection closed by 129.212.186.142 port 41812 [preauth]
Oct 13 17:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2931]: Invalid user tom from 129.212.186.142
Oct 13 17:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2931]: input_userauth_request: invalid user tom [preauth]
Oct 13 17:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2931]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2931]: Failed password for invalid user tom from 129.212.186.142 port 36318 ssh2
Oct 13 17:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2931]: Connection closed by 129.212.186.142 port 36318 [preauth]
Oct 13 17:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: Failed password for root from 129.212.186.142 port 36332 ssh2
Oct 13 17:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: Connection closed by 129.212.186.142 port 36332 [preauth]
Oct 13 17:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Invalid user user from 129.212.186.142
Oct 13 17:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: input_userauth_request: invalid user user [preauth]
Oct 13 17:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Failed password for invalid user user from 129.212.186.142 port 36336 ssh2
Oct 13 17:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Connection closed by 129.212.186.142 port 36336 [preauth]
Oct 13 17:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2955]: Invalid user dmdba from 129.212.186.142
Oct 13 17:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2955]: input_userauth_request: invalid user dmdba [preauth]
Oct 13 17:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2955]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2961]: Invalid user egarcia from 103.18.79.204
Oct 13 17:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2961]: input_userauth_request: invalid user egarcia [preauth]
Oct 13 17:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2961]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 17:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2955]: Failed password for invalid user dmdba from 129.212.186.142 port 39182 ssh2
Oct 13 17:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2955]: Connection closed by 129.212.186.142 port 39182 [preauth]
Oct 13 17:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2961]: Failed password for invalid user egarcia from 103.18.79.204 port 56278 ssh2
Oct 13 17:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2961]: Received disconnect from 103.18.79.204 port 56278:11: Bye Bye [preauth]
Oct 13 17:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2961]: Disconnected from 103.18.79.204 port 56278 [preauth]
Oct 13 17:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: Failed password for root from 129.212.186.142 port 39216 ssh2
Oct 13 17:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: Connection closed by 129.212.186.142 port 39216 [preauth]
Oct 13 17:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Invalid user angel from 129.212.186.142
Oct 13 17:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: input_userauth_request: invalid user angel [preauth]
Oct 13 17:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Failed password for invalid user angel from 129.212.186.142 port 39242 ssh2
Oct 13 17:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Connection closed by 129.212.186.142 port 39242 [preauth]
Oct 13 17:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: Invalid user deploy from 129.212.186.142
Oct 13 17:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: input_userauth_request: invalid user deploy [preauth]
Oct 13 17:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3001]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3002]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2999]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: Failed password for invalid user deploy from 129.212.186.142 port 46810 ssh2
Oct 13 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: Connection closed by 129.212.186.142 port 46810 [preauth]
Oct 13 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3071]: Successful su for rubyman by root
Oct 13 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3071]: + ??? root:rubyman
Oct 13 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406062 of user rubyman.
Oct 13 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3071]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406062.
Oct 13 17:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3099]: Invalid user git from 129.212.186.142
Oct 13 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3099]: input_userauth_request: invalid user git [preauth]
Oct 13 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3099]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3099]: Failed password for invalid user git from 129.212.186.142 port 46818 ssh2
Oct 13 17:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3099]: Connection closed by 129.212.186.142 port 46818 [preauth]
Oct 13 17:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: Invalid user user1 from 129.212.186.142
Oct 13 17:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: input_userauth_request: invalid user user1 [preauth]
Oct 13 17:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: Failed password for invalid user user1 from 129.212.186.142 port 46834 ssh2
Oct 13 17:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: Connection closed by 129.212.186.142 port 46834 [preauth]
Oct 13 17:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32204]: pam_unix(cron:session): session closed for user root
Oct 13 17:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: Invalid user ts from 129.212.186.142
Oct 13 17:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: input_userauth_request: invalid user ts [preauth]
Oct 13 17:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: Failed password for invalid user ts from 129.212.186.142 port 60724 ssh2
Oct 13 17:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: Connection closed by 129.212.186.142 port 60724 [preauth]
Oct 13 17:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: Failed password for root from 129.212.186.142 port 60730 ssh2
Oct 13 17:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: Connection closed by 129.212.186.142 port 60730 [preauth]
Oct 13 17:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3000]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3287]: Failed password for root from 129.212.186.142 port 60740 ssh2
Oct 13 17:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3287]: Connection closed by 129.212.186.142 port 60740 [preauth]
Oct 13 17:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: Invalid user es from 129.212.186.142
Oct 13 17:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: input_userauth_request: invalid user es [preauth]
Oct 13 17:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: Failed password for invalid user es from 129.212.186.142 port 35218 ssh2
Oct 13 17:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: Connection closed by 129.212.186.142 port 35218 [preauth]
Oct 13 17:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3340]: Invalid user rocky from 129.212.186.142
Oct 13 17:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3340]: input_userauth_request: invalid user rocky [preauth]
Oct 13 17:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3340]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3340]: Failed password for invalid user rocky from 129.212.186.142 port 35226 ssh2
Oct 13 17:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3340]: Connection closed by 129.212.186.142 port 35226 [preauth]
Oct 13 17:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: Invalid user bigdata from 129.212.186.142
Oct 13 17:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: input_userauth_request: invalid user bigdata [preauth]
Oct 13 17:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: Failed password for invalid user bigdata from 129.212.186.142 port 35234 ssh2
Oct 13 17:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: Connection closed by 129.212.186.142 port 35234 [preauth]
Oct 13 17:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: Invalid user esuser from 129.212.186.142
Oct 13 17:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: input_userauth_request: invalid user esuser [preauth]
Oct 13 17:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: Failed password for invalid user esuser from 129.212.186.142 port 57228 ssh2
Oct 13 17:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: Connection closed by 129.212.186.142 port 57228 [preauth]
Oct 13 17:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Invalid user app from 129.212.186.142
Oct 13 17:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: input_userauth_request: invalid user app [preauth]
Oct 13 17:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Failed password for invalid user app from 129.212.186.142 port 57244 ssh2
Oct 13 17:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Connection closed by 129.212.186.142 port 57244 [preauth]
Oct 13 17:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: Failed password for root from 129.212.186.142 port 57260 ssh2
Oct 13 17:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: Connection closed by 129.212.186.142 port 57260 [preauth]
Oct 13 17:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: Invalid user centos from 129.212.186.142
Oct 13 17:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: input_userauth_request: invalid user centos [preauth]
Oct 13 17:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: Failed password for invalid user centos from 129.212.186.142 port 36390 ssh2
Oct 13 17:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: Connection closed by 129.212.186.142 port 36390 [preauth]
Oct 13 17:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: Invalid user user from 129.212.186.142
Oct 13 17:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: input_userauth_request: invalid user user [preauth]
Oct 13 17:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1789]: pam_unix(cron:session): session closed for user root
Oct 13 17:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3434]: Invalid user johnathan from 45.9.116.195
Oct 13 17:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3434]: input_userauth_request: invalid user johnathan [preauth]
Oct 13 17:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3434]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 17:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: Failed password for invalid user user from 129.212.186.142 port 36416 ssh2
Oct 13 17:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3438]: Connection closed by 129.212.186.142 port 36416 [preauth]
Oct 13 17:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3434]: Failed password for invalid user johnathan from 45.9.116.195 port 41208 ssh2
Oct 13 17:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3434]: Received disconnect from 45.9.116.195 port 41208:11: Bye Bye [preauth]
Oct 13 17:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3434]: Disconnected from 45.9.116.195 port 41208 [preauth]
Oct 13 17:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3444]: Failed password for root from 129.212.186.142 port 36440 ssh2
Oct 13 17:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3444]: Connection closed by 129.212.186.142 port 36440 [preauth]
Oct 13 17:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3464]: Failed password for root from 129.212.186.142 port 60892 ssh2
Oct 13 17:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3464]: Connection closed by 129.212.186.142 port 60892 [preauth]
Oct 13 17:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3475]: Failed password for root from 129.212.186.142 port 60910 ssh2
Oct 13 17:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3475]: Connection closed by 129.212.186.142 port 60910 [preauth]
Oct 13 17:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: Invalid user alex from 129.212.186.142
Oct 13 17:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: input_userauth_request: invalid user alex [preauth]
Oct 13 17:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: Failed password for invalid user alex from 129.212.186.142 port 60928 ssh2
Oct 13 17:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3490]: Connection closed by 129.212.186.142 port 60928 [preauth]
Oct 13 17:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: Invalid user postgres from 129.212.186.142
Oct 13 17:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: input_userauth_request: invalid user postgres [preauth]
Oct 13 17:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3506]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3503]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3507]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3504]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3503]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: Failed password for invalid user postgres from 129.212.186.142 port 60552 ssh2
Oct 13 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3496]: Connection closed by 129.212.186.142 port 60552 [preauth]
Oct 13 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3580]: Successful su for rubyman by root
Oct 13 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3580]: + ??? root:rubyman
Oct 13 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3580]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406067 of user rubyman.
Oct 13 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3580]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406067.
Oct 13 17:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: Invalid user testuser from 129.212.186.142
Oct 13 17:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: input_userauth_request: invalid user testuser [preauth]
Oct 13 17:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: Failed password for invalid user testuser from 129.212.186.142 port 60578 ssh2
Oct 13 17:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: Connection closed by 129.212.186.142 port 60578 [preauth]
Oct 13 17:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3665]: Invalid user zabbix from 129.212.186.142
Oct 13 17:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3665]: input_userauth_request: invalid user zabbix [preauth]
Oct 13 17:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3665]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3665]: Failed password for invalid user zabbix from 129.212.186.142 port 60594 ssh2
Oct 13 17:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3665]: Connection closed by 129.212.186.142 port 60594 [preauth]
Oct 13 17:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32680]: pam_unix(cron:session): session closed for user root
Oct 13 17:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3755]: Invalid user odoo18 from 129.212.186.142
Oct 13 17:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3755]: input_userauth_request: invalid user odoo18 [preauth]
Oct 13 17:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3755]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3755]: Failed password for invalid user odoo18 from 129.212.186.142 port 44754 ssh2
Oct 13 17:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3755]: Connection closed by 129.212.186.142 port 44754 [preauth]
Oct 13 17:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: Failed password for root from 129.212.186.142 port 44766 ssh2
Oct 13 17:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: Connection closed by 129.212.186.142 port 44766 [preauth]
Oct 13 17:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: Invalid user user3 from 129.212.186.142
Oct 13 17:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: input_userauth_request: invalid user user3 [preauth]
Oct 13 17:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: Failed password for invalid user user3 from 129.212.186.142 port 44774 ssh2
Oct 13 17:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: Connection closed by 129.212.186.142 port 44774 [preauth]
Oct 13 17:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: Invalid user es from 129.212.186.142
Oct 13 17:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: input_userauth_request: invalid user es [preauth]
Oct 13 17:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3504]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: Failed password for invalid user es from 129.212.186.142 port 49222 ssh2
Oct 13 17:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: Connection closed by 129.212.186.142 port 49222 [preauth]
Oct 13 17:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3847]: Invalid user rancher from 129.212.186.142
Oct 13 17:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3847]: input_userauth_request: invalid user rancher [preauth]
Oct 13 17:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3847]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: Invalid user marilia from 103.18.79.204
Oct 13 17:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: input_userauth_request: invalid user marilia [preauth]
Oct 13 17:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 17:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3847]: Failed password for invalid user rancher from 129.212.186.142 port 49236 ssh2
Oct 13 17:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3847]: Connection closed by 129.212.186.142 port 49236 [preauth]
Oct 13 17:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: Invalid user admin from 129.212.186.142
Oct 13 17:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: input_userauth_request: invalid user admin [preauth]
Oct 13 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: Failed password for invalid user marilia from 103.18.79.204 port 60708 ssh2
Oct 13 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: Received disconnect from 103.18.79.204 port 60708:11: Bye Bye [preauth]
Oct 13 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: Disconnected from 103.18.79.204 port 60708 [preauth]
Oct 13 17:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: Failed password for invalid user admin from 129.212.186.142 port 49250 ssh2
Oct 13 17:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3852]: Connection closed by 129.212.186.142 port 49250 [preauth]
Oct 13 17:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: Invalid user git from 129.212.186.142
Oct 13 17:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: input_userauth_request: invalid user git [preauth]
Oct 13 17:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: Failed password for invalid user git from 129.212.186.142 port 37398 ssh2
Oct 13 17:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: Connection closed by 129.212.186.142 port 37398 [preauth]
Oct 13 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: Invalid user odoo16 from 129.212.186.142
Oct 13 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: input_userauth_request: invalid user odoo16 [preauth]
Oct 13 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: Failed password for invalid user odoo16 from 129.212.186.142 port 37412 ssh2
Oct 13 17:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: Connection closed by 129.212.186.142 port 37412 [preauth]
Oct 13 17:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: Invalid user jack from 129.212.186.142
Oct 13 17:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: input_userauth_request: invalid user jack [preauth]
Oct 13 17:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: Failed password for invalid user jack from 129.212.186.142 port 37440 ssh2
Oct 13 17:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: Connection closed by 129.212.186.142 port 37440 [preauth]
Oct 13 17:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2512]: pam_unix(cron:session): session closed for user root
Oct 13 17:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: Invalid user hadoop from 129.212.186.142
Oct 13 17:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 17:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: Failed password for invalid user hadoop from 129.212.186.142 port 55716 ssh2
Oct 13 17:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: Connection closed by 129.212.186.142 port 55716 [preauth]
Oct 13 17:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3935]: Invalid user dmdba from 129.212.186.142
Oct 13 17:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3935]: input_userauth_request: invalid user dmdba [preauth]
Oct 13 17:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3935]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3935]: Failed password for invalid user dmdba from 129.212.186.142 port 55726 ssh2
Oct 13 17:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3935]: Connection closed by 129.212.186.142 port 55726 [preauth]
Oct 13 17:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: Invalid user developer from 129.212.186.142
Oct 13 17:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: input_userauth_request: invalid user developer [preauth]
Oct 13 17:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: Failed password for invalid user developer from 129.212.186.142 port 55732 ssh2
Oct 13 17:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3947]: Connection closed by 129.212.186.142 port 55732 [preauth]
Oct 13 17:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3965]: Failed password for root from 129.212.186.142 port 38482 ssh2
Oct 13 17:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3965]: Connection closed by 129.212.186.142 port 38482 [preauth]
Oct 13 17:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3976]: Failed password for root from 129.212.186.142 port 38494 ssh2
Oct 13 17:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3976]: Connection closed by 129.212.186.142 port 38494 [preauth]
Oct 13 17:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3981]: Invalid user username from 129.212.186.142
Oct 13 17:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3981]: input_userauth_request: invalid user username [preauth]
Oct 13 17:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3981]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3981]: Failed password for invalid user username from 129.212.186.142 port 38508 ssh2
Oct 13 17:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3981]: Connection closed by 129.212.186.142 port 38508 [preauth]
Oct 13 17:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 17:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: Invalid user tomcat from 129.212.186.142
Oct 13 17:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: input_userauth_request: invalid user tomcat [preauth]
Oct 13 17:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3983]: Failed password for root from 194.182.86.152 port 43736 ssh2
Oct 13 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4004]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4006]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3997]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3983]: Connection closed by 194.182.86.152 port 43736 [preauth]
Oct 13 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: Failed password for invalid user tomcat from 129.212.186.142 port 44766 ssh2
Oct 13 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3994]: Connection closed by 129.212.186.142 port 44766 [preauth]
Oct 13 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4073]: Invalid user deploy from 129.212.186.142
Oct 13 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4073]: input_userauth_request: invalid user deploy [preauth]
Oct 13 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4075]: Successful su for rubyman by root
Oct 13 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4075]: + ??? root:rubyman
Oct 13 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406070 of user rubyman.
Oct 13 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4075]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4073]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406070.
Oct 13 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4073]: Failed password for invalid user deploy from 129.212.186.142 port 44778 ssh2
Oct 13 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4073]: Connection closed by 129.212.186.142 port 44778 [preauth]
Oct 13 17:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4181]: User mysql from 129.212.186.142 not allowed because not listed in AllowUsers
Oct 13 17:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4181]: input_userauth_request: invalid user mysql [preauth]
Oct 13 17:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=mysql
Oct 13 17:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4181]: Failed password for invalid user mysql from 129.212.186.142 port 44794 ssh2
Oct 13 17:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4181]: Connection closed by 129.212.186.142 port 44794 [preauth]
Oct 13 17:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[686]: pam_unix(cron:session): session closed for user root
Oct 13 17:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4272]: Failed password for root from 129.212.186.142 port 55414 ssh2
Oct 13 17:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4272]: Connection closed by 129.212.186.142 port 55414 [preauth]
Oct 13 17:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: Invalid user server from 129.212.186.142
Oct 13 17:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: input_userauth_request: invalid user server [preauth]
Oct 13 17:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: Failed password for invalid user server from 129.212.186.142 port 55432 ssh2
Oct 13 17:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4321]: Connection closed by 129.212.186.142 port 55432 [preauth]
Oct 13 17:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4344]: Invalid user bot from 129.212.186.142
Oct 13 17:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4344]: input_userauth_request: invalid user bot [preauth]
Oct 13 17:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4344]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4344]: Failed password for invalid user bot from 129.212.186.142 port 55460 ssh2
Oct 13 17:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4344]: Connection closed by 129.212.186.142 port 55460 [preauth]
Oct 13 17:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: Invalid user asterisk from 129.212.186.142
Oct 13 17:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: input_userauth_request: invalid user asterisk [preauth]
Oct 13 17:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: Invalid user smart from 45.9.116.195
Oct 13 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: input_userauth_request: invalid user smart [preauth]
Oct 13 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4003]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: Failed password for invalid user asterisk from 129.212.186.142 port 34536 ssh2
Oct 13 17:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: Connection closed by 129.212.186.142 port 34536 [preauth]
Oct 13 17:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: Failed password for invalid user smart from 45.9.116.195 port 33142 ssh2
Oct 13 17:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: Received disconnect from 45.9.116.195 port 33142:11: Bye Bye [preauth]
Oct 13 17:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4362]: Disconnected from 45.9.116.195 port 33142 [preauth]
Oct 13 17:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: Failed password for root from 129.212.186.142 port 34544 ssh2
Oct 13 17:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: Connection closed by 129.212.186.142 port 34544 [preauth]
Oct 13 17:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: Failed password for root from 129.212.186.142 port 34546 ssh2
Oct 13 17:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: Connection closed by 129.212.186.142 port 34546 [preauth]
Oct 13 17:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: Invalid user ubuntu from 129.212.186.142
Oct 13 17:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 17:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: Failed password for invalid user ubuntu from 129.212.186.142 port 42388 ssh2
Oct 13 17:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4415]: Connection closed by 129.212.186.142 port 42388 [preauth]
Oct 13 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: Invalid user docker from 129.212.186.142
Oct 13 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: input_userauth_request: invalid user docker [preauth]
Oct 13 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: Failed password for invalid user docker from 129.212.186.142 port 42396 ssh2
Oct 13 17:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4431]: Connection closed by 129.212.186.142 port 42396 [preauth]
Oct 13 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: Invalid user steam from 129.212.186.142
Oct 13 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: input_userauth_request: invalid user steam [preauth]
Oct 13 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: Failed password for invalid user steam from 129.212.186.142 port 42402 ssh2
Oct 13 17:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: Connection closed by 129.212.186.142 port 42402 [preauth]
Oct 13 17:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3002]: pam_unix(cron:session): session closed for user root
Oct 13 17:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4472]: Invalid user oscar from 129.212.186.142
Oct 13 17:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4472]: input_userauth_request: invalid user oscar [preauth]
Oct 13 17:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4472]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4472]: Failed password for invalid user oscar from 129.212.186.142 port 44562 ssh2
Oct 13 17:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4472]: Connection closed by 129.212.186.142 port 44562 [preauth]
Oct 13 17:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4481]: Invalid user elasticsearch from 129.212.186.142
Oct 13 17:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4481]: input_userauth_request: invalid user elasticsearch [preauth]
Oct 13 17:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4481]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4481]: Failed password for invalid user elasticsearch from 129.212.186.142 port 44572 ssh2
Oct 13 17:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4481]: Connection closed by 129.212.186.142 port 44572 [preauth]
Oct 13 17:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4492]: Failed password for root from 129.212.186.142 port 44576 ssh2
Oct 13 17:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4492]: Connection closed by 129.212.186.142 port 44576 [preauth]
Oct 13 17:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Invalid user grid from 129.212.186.142
Oct 13 17:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: input_userauth_request: invalid user grid [preauth]
Oct 13 17:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Failed password for invalid user grid from 129.212.186.142 port 38056 ssh2
Oct 13 17:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Connection closed by 129.212.186.142 port 38056 [preauth]
Oct 13 17:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: Invalid user server from 129.212.186.142
Oct 13 17:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: input_userauth_request: invalid user server [preauth]
Oct 13 17:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4526]: Invalid user vinay from 103.18.79.204
Oct 13 17:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4526]: input_userauth_request: invalid user vinay [preauth]
Oct 13 17:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4526]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 17:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: Failed password for invalid user server from 129.212.186.142 port 38072 ssh2
Oct 13 17:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4523]: Connection closed by 129.212.186.142 port 38072 [preauth]
Oct 13 17:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4526]: Failed password for invalid user vinay from 103.18.79.204 port 36902 ssh2
Oct 13 17:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: Invalid user www from 129.212.186.142
Oct 13 17:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: input_userauth_request: invalid user www [preauth]
Oct 13 17:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4526]: Received disconnect from 103.18.79.204 port 36902:11: Bye Bye [preauth]
Oct 13 17:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4526]: Disconnected from 103.18.79.204 port 36902 [preauth]
Oct 13 17:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: Failed password for invalid user www from 129.212.186.142 port 38082 ssh2
Oct 13 17:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4528]: Connection closed by 129.212.186.142 port 38082 [preauth]
Oct 13 17:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4543]: Invalid user hadoop from 129.212.186.142
Oct 13 17:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4543]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 17:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4543]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4543]: Failed password for invalid user hadoop from 129.212.186.142 port 52016 ssh2
Oct 13 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4543]: Connection closed by 129.212.186.142 port 52016 [preauth]
Oct 13 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4554]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4548]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4550]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4549]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4554]: pam_unix(cron:session): session closed for user root
Oct 13 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4546]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: Invalid user hadoop from 129.212.186.142
Oct 13 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: Failed password for invalid user hadoop from 129.212.186.142 port 52024 ssh2
Oct 13 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: Connection closed by 129.212.186.142 port 52024 [preauth]
Oct 13 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4686]: Successful su for rubyman by root
Oct 13 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4686]: + ??? root:rubyman
Oct 13 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406076 of user rubyman.
Oct 13 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4686]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406076.
Oct 13 17:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: Invalid user ftpuser from 129.212.186.142
Oct 13 17:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 17:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: Failed password for invalid user ftpuser from 129.212.186.142 port 52040 ssh2
Oct 13 17:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: Connection closed by 129.212.186.142 port 52040 [preauth]
Oct 13 17:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: Invalid user steam from 129.212.186.142
Oct 13 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: input_userauth_request: invalid user steam [preauth]
Oct 13 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4548]: pam_unix(cron:session): session closed for user root
Oct 13 17:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: Failed password for invalid user steam from 129.212.186.142 port 54040 ssh2
Oct 13 17:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1260]: pam_unix(cron:session): session closed for user root
Oct 13 17:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: Connection closed by 129.212.186.142 port 54040 [preauth]
Oct 13 17:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4879]: Invalid user postgres from 129.212.186.142
Oct 13 17:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4879]: input_userauth_request: invalid user postgres [preauth]
Oct 13 17:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4879]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4879]: Failed password for invalid user postgres from 129.212.186.142 port 54050 ssh2
Oct 13 17:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4879]: Connection closed by 129.212.186.142 port 54050 [preauth]
Oct 13 17:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: Invalid user admin1 from 129.212.186.142
Oct 13 17:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: input_userauth_request: invalid user admin1 [preauth]
Oct 13 17:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: Failed password for invalid user admin1 from 129.212.186.142 port 54064 ssh2
Oct 13 17:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: Connection closed by 129.212.186.142 port 54064 [preauth]
Oct 13 17:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5113]: Invalid user oscar from 129.212.186.142
Oct 13 17:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5113]: input_userauth_request: invalid user oscar [preauth]
Oct 13 17:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5113]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5113]: Failed password for invalid user oscar from 129.212.186.142 port 35662 ssh2
Oct 13 17:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5113]: Connection closed by 129.212.186.142 port 35662 [preauth]
Oct 13 17:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: Invalid user user from 129.212.186.142
Oct 13 17:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: input_userauth_request: invalid user user [preauth]
Oct 13 17:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4547]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: Failed password for invalid user user from 129.212.186.142 port 35666 ssh2
Oct 13 17:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5191]: Connection closed by 129.212.186.142 port 35666 [preauth]
Oct 13 17:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5218]: Failed password for root from 129.212.186.142 port 35672 ssh2
Oct 13 17:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5218]: Connection closed by 129.212.186.142 port 35672 [preauth]
Oct 13 17:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: Invalid user myuser from 129.212.186.142
Oct 13 17:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: input_userauth_request: invalid user myuser [preauth]
Oct 13 17:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: Failed password for invalid user myuser from 129.212.186.142 port 44128 ssh2
Oct 13 17:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: Connection closed by 129.212.186.142 port 44128 [preauth]
Oct 13 17:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: Invalid user nginx from 129.212.186.142
Oct 13 17:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: input_userauth_request: invalid user nginx [preauth]
Oct 13 17:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: Failed password for invalid user nginx from 129.212.186.142 port 44150 ssh2
Oct 13 17:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: Connection closed by 129.212.186.142 port 44150 [preauth]
Oct 13 17:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: Invalid user plex from 129.212.186.142
Oct 13 17:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: input_userauth_request: invalid user plex [preauth]
Oct 13 17:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: Failed password for invalid user plex from 129.212.186.142 port 44186 ssh2
Oct 13 17:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: Connection closed by 129.212.186.142 port 44186 [preauth]
Oct 13 17:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3507]: pam_unix(cron:session): session closed for user root
Oct 13 17:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: Failed password for root from 129.212.186.142 port 36084 ssh2
Oct 13 17:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: Connection closed by 129.212.186.142 port 36084 [preauth]
Oct 13 17:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: Invalid user kafka from 129.212.186.142
Oct 13 17:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: input_userauth_request: invalid user kafka [preauth]
Oct 13 17:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: Failed password for invalid user kafka from 129.212.186.142 port 36088 ssh2
Oct 13 17:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: Connection closed by 129.212.186.142 port 36088 [preauth]
Oct 13 17:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5563]: Failed password for root from 129.212.186.142 port 36090 ssh2
Oct 13 17:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5563]: Connection closed by 129.212.186.142 port 36090 [preauth]
Oct 13 17:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: Invalid user test2 from 129.212.186.142
Oct 13 17:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: input_userauth_request: invalid user test2 [preauth]
Oct 13 17:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: Failed password for invalid user test2 from 129.212.186.142 port 58998 ssh2
Oct 13 17:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: Connection closed by 129.212.186.142 port 58998 [preauth]
Oct 13 17:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5595]: Invalid user chenhui from 45.9.116.195
Oct 13 17:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5595]: input_userauth_request: invalid user chenhui [preauth]
Oct 13 17:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5595]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 17:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5595]: Failed password for invalid user chenhui from 45.9.116.195 port 49678 ssh2
Oct 13 17:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5595]: Received disconnect from 45.9.116.195 port 49678:11: Bye Bye [preauth]
Oct 13 17:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5595]: Disconnected from 45.9.116.195 port 49678 [preauth]
Oct 13 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: Failed password for root from 129.212.186.142 port 59000 ssh2
Oct 13 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5598]: Connection closed by 129.212.186.142 port 59000 [preauth]
Oct 13 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: User ftp from 129.212.186.142 not allowed because not listed in AllowUsers
Oct 13 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: input_userauth_request: invalid user ftp [preauth]
Oct 13 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=ftp
Oct 13 17:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: Failed password for invalid user ftp from 129.212.186.142 port 59014 ssh2
Oct 13 17:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5601]: Connection closed by 129.212.186.142 port 59014 [preauth]
Oct 13 17:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: Invalid user esearch from 129.212.186.142
Oct 13 17:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: input_userauth_request: invalid user esearch [preauth]
Oct 13 17:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: Failed password for invalid user esearch from 129.212.186.142 port 34130 ssh2
Oct 13 17:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: Connection closed by 129.212.186.142 port 34130 [preauth]
Oct 13 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: Invalid user centos from 129.212.186.142
Oct 13 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: input_userauth_request: invalid user centos [preauth]
Oct 13 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5628]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5625]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5626]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5623]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5714]: Successful su for rubyman by root
Oct 13 17:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5714]: + ??? root:rubyman
Oct 13 17:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406081 of user rubyman.
Oct 13 17:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5714]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406081.
Oct 13 17:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: Failed password for invalid user centos from 129.212.186.142 port 34134 ssh2
Oct 13 17:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5618]: Connection closed by 129.212.186.142 port 34134 [preauth]
Oct 13 17:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5756]: Failed password for root from 129.212.186.142 port 34150 ssh2
Oct 13 17:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5756]: Connection closed by 129.212.186.142 port 34150 [preauth]
Oct 13 17:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5824]: Failed password for root from 129.212.186.142 port 45732 ssh2
Oct 13 17:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5824]: Connection closed by 129.212.186.142 port 45732 [preauth]
Oct 13 17:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5917]: Failed password for root from 129.212.186.142 port 45748 ssh2
Oct 13 17:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5917]: Connection closed by 129.212.186.142 port 45748 [preauth]
Oct 13 17:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1788]: pam_unix(cron:session): session closed for user root
Oct 13 17:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Invalid user init from 129.212.186.142
Oct 13 17:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: input_userauth_request: invalid user init [preauth]
Oct 13 17:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Failed password for invalid user init from 129.212.186.142 port 45770 ssh2
Oct 13 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Connection closed by 129.212.186.142 port 45770 [preauth]
Oct 13 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Invalid user git from 129.212.186.142
Oct 13 17:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: input_userauth_request: invalid user git [preauth]
Oct 13 17:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5625]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Failed password for invalid user git from 129.212.186.142 port 42376 ssh2
Oct 13 17:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Connection closed by 129.212.186.142 port 42376 [preauth]
Oct 13 17:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5993]: Invalid user ftpuser from 129.212.186.142
Oct 13 17:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5993]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 17:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5993]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5993]: Failed password for invalid user ftpuser from 129.212.186.142 port 42394 ssh2
Oct 13 17:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5993]: Connection closed by 129.212.186.142 port 42394 [preauth]
Oct 13 17:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6003]: Invalid user david from 129.212.186.142
Oct 13 17:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6003]: input_userauth_request: invalid user david [preauth]
Oct 13 17:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6003]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: Invalid user ts3 from 103.18.79.204
Oct 13 17:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: input_userauth_request: invalid user ts3 [preauth]
Oct 13 17:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 17:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6003]: Failed password for invalid user david from 129.212.186.142 port 42408 ssh2
Oct 13 17:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6003]: Connection closed by 129.212.186.142 port 42408 [preauth]
Oct 13 17:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: Failed password for invalid user ts3 from 103.18.79.204 port 41332 ssh2
Oct 13 17:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: Received disconnect from 103.18.79.204 port 41332:11: Bye Bye [preauth]
Oct 13 17:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: Disconnected from 103.18.79.204 port 41332 [preauth]
Oct 13 17:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Failed password for root from 129.212.186.142 port 42428 ssh2
Oct 13 17:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Connection closed by 129.212.186.142 port 42428 [preauth]
Oct 13 17:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: Invalid user student from 129.212.186.142
Oct 13 17:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: input_userauth_request: invalid user student [preauth]
Oct 13 17:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: Failed password for invalid user student from 129.212.186.142 port 33410 ssh2
Oct 13 17:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6037]: Connection closed by 129.212.186.142 port 33410 [preauth]
Oct 13 17:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: Invalid user nvidia from 129.212.186.142
Oct 13 17:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: input_userauth_request: invalid user nvidia [preauth]
Oct 13 17:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: Failed password for invalid user nvidia from 129.212.186.142 port 33430 ssh2
Oct 13 17:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: Connection closed by 129.212.186.142 port 33430 [preauth]
Oct 13 17:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 17:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: Invalid user user2 from 129.212.186.142
Oct 13 17:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: input_userauth_request: invalid user user2 [preauth]
Oct 13 17:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6053]: Failed password for root from 194.182.86.152 port 43834 ssh2
Oct 13 17:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6053]: Connection closed by 194.182.86.152 port 43834 [preauth]
Oct 13 17:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: Failed password for invalid user user2 from 129.212.186.142 port 33446 ssh2
Oct 13 17:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: Connection closed by 129.212.186.142 port 33446 [preauth]
Oct 13 17:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4006]: pam_unix(cron:session): session closed for user root
Oct 13 17:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Invalid user git from 129.212.186.142
Oct 13 17:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: input_userauth_request: invalid user git [preauth]
Oct 13 17:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Failed password for invalid user git from 129.212.186.142 port 36612 ssh2
Oct 13 17:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Connection closed by 129.212.186.142 port 36612 [preauth]
Oct 13 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6090]: Invalid user es from 129.212.186.142
Oct 13 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6090]: input_userauth_request: invalid user es [preauth]
Oct 13 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6090]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6090]: Failed password for invalid user es from 129.212.186.142 port 36620 ssh2
Oct 13 17:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6090]: Connection closed by 129.212.186.142 port 36620 [preauth]
Oct 13 17:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: Invalid user niaoyun from 129.212.186.142
Oct 13 17:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: input_userauth_request: invalid user niaoyun [preauth]
Oct 13 17:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: Failed password for invalid user niaoyun from 129.212.186.142 port 36652 ssh2
Oct 13 17:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: Connection closed by 129.212.186.142 port 36652 [preauth]
Oct 13 17:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6116]: Invalid user www from 129.212.186.142
Oct 13 17:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6116]: input_userauth_request: invalid user www [preauth]
Oct 13 17:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6116]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6116]: Failed password for invalid user www from 129.212.186.142 port 44874 ssh2
Oct 13 17:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6116]: Connection closed by 129.212.186.142 port 44874 [preauth]
Oct 13 17:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6135]: Invalid user root1 from 129.212.186.142
Oct 13 17:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6135]: input_userauth_request: invalid user root1 [preauth]
Oct 13 17:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6135]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6135]: Failed password for invalid user root1 from 129.212.186.142 port 44894 ssh2
Oct 13 17:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6135]: Connection closed by 129.212.186.142 port 44894 [preauth]
Oct 13 17:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: Invalid user linux from 129.212.186.142
Oct 13 17:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: input_userauth_request: invalid user linux [preauth]
Oct 13 17:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: Failed password for invalid user linux from 129.212.186.142 port 44916 ssh2
Oct 13 17:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: Connection closed by 129.212.186.142 port 44916 [preauth]
Oct 13 17:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: Invalid user admin from 129.212.186.142
Oct 13 17:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: input_userauth_request: invalid user admin [preauth]
Oct 13 17:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6166]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6163]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6160]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: Failed password for invalid user admin from 129.212.186.142 port 43728 ssh2
Oct 13 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: Connection closed by 129.212.186.142 port 43728 [preauth]
Oct 13 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6227]: Successful su for rubyman by root
Oct 13 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6227]: + ??? root:rubyman
Oct 13 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406085 of user rubyman.
Oct 13 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6227]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406085.
Oct 13 17:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: Failed password for root from 129.212.186.142 port 43744 ssh2
Oct 13 17:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: Connection closed by 129.212.186.142 port 43744 [preauth]
Oct 13 17:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6321]: Failed password for root from 129.212.186.142 port 43758 ssh2
Oct 13 17:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6321]: Connection closed by 129.212.186.142 port 43758 [preauth]
Oct 13 17:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2511]: pam_unix(cron:session): session closed for user root
Oct 13 17:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6411]: Invalid user admin from 129.212.186.142
Oct 13 17:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6411]: input_userauth_request: invalid user admin [preauth]
Oct 13 17:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6411]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6411]: Failed password for invalid user admin from 129.212.186.142 port 54626 ssh2
Oct 13 17:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6411]: Connection closed by 129.212.186.142 port 54626 [preauth]
Oct 13 17:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: Invalid user appuser from 129.212.186.142
Oct 13 17:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: input_userauth_request: invalid user appuser [preauth]
Oct 13 17:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: Failed password for invalid user appuser from 129.212.186.142 port 54646 ssh2
Oct 13 17:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: Connection closed by 129.212.186.142 port 54646 [preauth]
Oct 13 17:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: Invalid user runner from 129.212.186.142
Oct 13 17:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: input_userauth_request: invalid user runner [preauth]
Oct 13 17:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6161]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: Failed password for invalid user runner from 129.212.186.142 port 54662 ssh2
Oct 13 17:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: Connection closed by 129.212.186.142 port 54662 [preauth]
Oct 13 17:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Invalid user debian from 129.212.186.142
Oct 13 17:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: input_userauth_request: invalid user debian [preauth]
Oct 13 17:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Failed password for invalid user debian from 129.212.186.142 port 41768 ssh2
Oct 13 17:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Connection closed by 129.212.186.142 port 41768 [preauth]
Oct 13 17:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6489]: Invalid user debian from 129.212.186.142
Oct 13 17:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6489]: input_userauth_request: invalid user debian [preauth]
Oct 13 17:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6489]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6489]: Failed password for invalid user debian from 129.212.186.142 port 41780 ssh2
Oct 13 17:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195  user=root
Oct 13 17:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6489]: Connection closed by 129.212.186.142 port 41780 [preauth]
Oct 13 17:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: Invalid user admin from 129.212.186.142
Oct 13 17:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: input_userauth_request: invalid user admin [preauth]
Oct 13 17:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Failed password for root from 45.9.116.195 port 42612 ssh2
Oct 13 17:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Received disconnect from 45.9.116.195 port 42612:11: Bye Bye [preauth]
Oct 13 17:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6491]: Disconnected from 45.9.116.195 port 42612 [preauth]
Oct 13 17:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: Failed password for invalid user admin from 129.212.186.142 port 41790 ssh2
Oct 13 17:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: Connection closed by 129.212.186.142 port 41790 [preauth]
Oct 13 17:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6539]: Invalid user factorio from 129.212.186.142
Oct 13 17:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6539]: input_userauth_request: invalid user factorio [preauth]
Oct 13 17:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6539]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6539]: Failed password for invalid user factorio from 129.212.186.142 port 38914 ssh2
Oct 13 17:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6539]: Connection closed by 129.212.186.142 port 38914 [preauth]
Oct 13 17:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: Invalid user test from 129.212.186.142
Oct 13 17:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: input_userauth_request: invalid user test [preauth]
Oct 13 17:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: Failed password for invalid user test from 129.212.186.142 port 38918 ssh2
Oct 13 17:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6556]: Connection closed by 129.212.186.142 port 38918 [preauth]
Oct 13 17:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6560]: Failed password for root from 129.212.186.142 port 38934 ssh2
Oct 13 17:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6560]: Connection closed by 129.212.186.142 port 38934 [preauth]
Oct 13 17:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4550]: pam_unix(cron:session): session closed for user root
Oct 13 17:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: Failed password for root from 129.212.186.142 port 42594 ssh2
Oct 13 17:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: Connection closed by 129.212.186.142 port 42594 [preauth]
Oct 13 17:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6604]: Failed password for root from 129.212.186.142 port 42600 ssh2
Oct 13 17:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6604]: Connection closed by 129.212.186.142 port 42600 [preauth]
Oct 13 17:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: Invalid user oracle from 129.212.186.142
Oct 13 17:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: input_userauth_request: invalid user oracle [preauth]
Oct 13 17:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: Failed password for invalid user oracle from 129.212.186.142 port 42604 ssh2
Oct 13 17:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: Connection closed by 129.212.186.142 port 42604 [preauth]
Oct 13 17:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: Invalid user oracle from 129.212.186.142
Oct 13 17:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: input_userauth_request: invalid user oracle [preauth]
Oct 13 17:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: Failed password for invalid user oracle from 129.212.186.142 port 54910 ssh2
Oct 13 17:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: Connection closed by 129.212.186.142 port 54910 [preauth]
Oct 13 17:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: Invalid user administrator from 129.212.186.142
Oct 13 17:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: input_userauth_request: invalid user administrator [preauth]
Oct 13 17:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: Failed password for invalid user administrator from 129.212.186.142 port 54926 ssh2
Oct 13 17:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: Connection closed by 129.212.186.142 port 54926 [preauth]
Oct 13 17:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: Invalid user test from 129.212.186.142
Oct 13 17:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: input_userauth_request: invalid user test [preauth]
Oct 13 17:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: Failed password for invalid user test from 129.212.186.142 port 54936 ssh2
Oct 13 17:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6737]: Connection closed by 129.212.186.142 port 54936 [preauth]
Oct 13 17:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6739]: Invalid user tiptop from 103.18.79.204
Oct 13 17:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6739]: input_userauth_request: invalid user tiptop [preauth]
Oct 13 17:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6739]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 17:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6739]: Failed password for invalid user tiptop from 103.18.79.204 port 45762 ssh2
Oct 13 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6739]: Received disconnect from 103.18.79.204 port 45762:11: Bye Bye [preauth]
Oct 13 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6739]: Disconnected from 103.18.79.204 port 45762 [preauth]
Oct 13 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6741]: Failed password for root from 129.212.186.142 port 47898 ssh2
Oct 13 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6741]: Connection closed by 129.212.186.142 port 47898 [preauth]
Oct 13 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6759]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6758]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6756]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6825]: Successful su for rubyman by root
Oct 13 17:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6825]: + ??? root:rubyman
Oct 13 17:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406088 of user rubyman.
Oct 13 17:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6825]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406088.
Oct 13 17:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: Failed password for root from 129.212.186.142 port 47910 ssh2
Oct 13 17:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: Connection closed by 129.212.186.142 port 47910 [preauth]
Oct 13 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6907]: Invalid user minecraft from 129.212.186.142
Oct 13 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6907]: input_userauth_request: invalid user minecraft [preauth]
Oct 13 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6907]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6907]: Failed password for invalid user minecraft from 129.212.186.142 port 47912 ssh2
Oct 13 17:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6907]: Connection closed by 129.212.186.142 port 47912 [preauth]
Oct 13 17:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3001]: pam_unix(cron:session): session closed for user root
Oct 13 17:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6996]: Failed password for root from 129.212.186.142 port 39958 ssh2
Oct 13 17:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6996]: Connection closed by 129.212.186.142 port 39958 [preauth]
Oct 13 17:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7029]: Invalid user elasticsearch from 129.212.186.142
Oct 13 17:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7029]: input_userauth_request: invalid user elasticsearch [preauth]
Oct 13 17:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7029]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7029]: Failed password for invalid user elasticsearch from 129.212.186.142 port 39974 ssh2
Oct 13 17:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7029]: Connection closed by 129.212.186.142 port 39974 [preauth]
Oct 13 17:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: Invalid user postgres from 129.212.186.142
Oct 13 17:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: input_userauth_request: invalid user postgres [preauth]
Oct 13 17:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6757]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: Failed password for invalid user postgres from 129.212.186.142 port 39976 ssh2
Oct 13 17:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: Connection closed by 129.212.186.142 port 39976 [preauth]
Oct 13 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: Invalid user ubuntu from 129.212.186.142
Oct 13 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: Failed password for invalid user ubuntu from 129.212.186.142 port 32958 ssh2
Oct 13 17:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: Connection closed by 129.212.186.142 port 32958 [preauth]
Oct 13 17:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: Invalid user dolphinscheduler from 129.212.186.142
Oct 13 17:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: input_userauth_request: invalid user dolphinscheduler [preauth]
Oct 13 17:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: Failed password for invalid user dolphinscheduler from 129.212.186.142 port 32970 ssh2
Oct 13 17:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: Connection closed by 129.212.186.142 port 32970 [preauth]
Oct 13 17:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: Failed password for root from 129.212.186.142 port 32976 ssh2
Oct 13 17:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7131]: Connection closed by 129.212.186.142 port 32976 [preauth]
Oct 13 17:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7155]: Invalid user dev from 129.212.186.142
Oct 13 17:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7155]: input_userauth_request: invalid user dev [preauth]
Oct 13 17:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7155]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7155]: Failed password for invalid user dev from 129.212.186.142 port 40230 ssh2
Oct 13 17:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7155]: Connection closed by 129.212.186.142 port 40230 [preauth]
Oct 13 17:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: Invalid user support from 129.212.186.142
Oct 13 17:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: input_userauth_request: invalid user support [preauth]
Oct 13 17:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: Failed password for invalid user support from 129.212.186.142 port 40258 ssh2
Oct 13 17:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: Connection closed by 129.212.186.142 port 40258 [preauth]
Oct 13 17:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: Invalid user tom from 129.212.186.142
Oct 13 17:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: input_userauth_request: invalid user tom [preauth]
Oct 13 17:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: Failed password for invalid user tom from 129.212.186.142 port 40286 ssh2
Oct 13 17:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7235]: Connection closed by 129.212.186.142 port 40286 [preauth]
Oct 13 17:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5628]: pam_unix(cron:session): session closed for user root
Oct 13 17:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: Invalid user devops from 129.212.186.142
Oct 13 17:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: input_userauth_request: invalid user devops [preauth]
Oct 13 17:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: Failed password for invalid user devops from 129.212.186.142 port 41362 ssh2
Oct 13 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: Connection closed by 129.212.186.142 port 41362 [preauth]
Oct 13 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: Invalid user kubernetes from 129.212.186.142
Oct 13 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: input_userauth_request: invalid user kubernetes [preauth]
Oct 13 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: Failed password for invalid user kubernetes from 129.212.186.142 port 41378 ssh2
Oct 13 17:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: Connection closed by 129.212.186.142 port 41378 [preauth]
Oct 13 17:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: Invalid user postgres from 129.212.186.142
Oct 13 17:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: input_userauth_request: invalid user postgres [preauth]
Oct 13 17:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: Failed password for invalid user postgres from 129.212.186.142 port 41386 ssh2
Oct 13 17:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: Connection closed by 129.212.186.142 port 41386 [preauth]
Oct 13 17:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: Invalid user weblogic from 129.212.186.142
Oct 13 17:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: input_userauth_request: invalid user weblogic [preauth]
Oct 13 17:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: Failed password for invalid user weblogic from 129.212.186.142 port 48530 ssh2
Oct 13 17:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: Connection closed by 129.212.186.142 port 48530 [preauth]
Oct 13 17:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7314]: Failed password for root from 129.212.186.142 port 48542 ssh2
Oct 13 17:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7314]: Connection closed by 129.212.186.142 port 48542 [preauth]
Oct 13 17:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: Invalid user elastic from 129.212.186.142
Oct 13 17:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: input_userauth_request: invalid user elastic [preauth]
Oct 13 17:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: Failed password for invalid user elastic from 129.212.186.142 port 48546 ssh2
Oct 13 17:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: Connection closed by 129.212.186.142 port 48546 [preauth]
Oct 13 17:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: Invalid user gitlab from 129.212.186.142
Oct 13 17:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: input_userauth_request: invalid user gitlab [preauth]
Oct 13 17:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195  user=root
Oct 13 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: Failed password for invalid user gitlab from 129.212.186.142 port 35772 ssh2
Oct 13 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: Connection closed by 129.212.186.142 port 35772 [preauth]
Oct 13 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7341]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7342]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7334]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7339]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Invalid user ubuntu from 129.212.186.142
Oct 13 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Failed password for root from 45.9.116.195 port 48102 ssh2
Oct 13 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Received disconnect from 45.9.116.195 port 48102:11: Bye Bye [preauth]
Oct 13 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Disconnected from 45.9.116.195 port 48102 [preauth]
Oct 13 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7531]: Successful su for rubyman by root
Oct 13 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7531]: + ??? root:rubyman
Oct 13 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406093 of user rubyman.
Oct 13 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7531]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406093.
Oct 13 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7334]: pam_unix(cron:session): session closed for user root
Oct 13 17:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Failed password for invalid user ubuntu from 129.212.186.142 port 35784 ssh2
Oct 13 17:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7473]: Connection closed by 129.212.186.142 port 35784 [preauth]
Oct 13 17:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7615]: Invalid user g from 129.212.186.142
Oct 13 17:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7615]: input_userauth_request: invalid user g [preauth]
Oct 13 17:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7615]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7615]: Failed password for invalid user g from 129.212.186.142 port 35796 ssh2
Oct 13 17:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7615]: Connection closed by 129.212.186.142 port 35796 [preauth]
Oct 13 17:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Invalid user guest from 129.212.186.142
Oct 13 17:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: input_userauth_request: invalid user guest [preauth]
Oct 13 17:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3506]: pam_unix(cron:session): session closed for user root
Oct 13 17:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Failed password for invalid user guest from 129.212.186.142 port 37962 ssh2
Oct 13 17:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Connection closed by 129.212.186.142 port 37962 [preauth]
Oct 13 17:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: User mysql from 129.212.186.142 not allowed because not listed in AllowUsers
Oct 13 17:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: input_userauth_request: invalid user mysql [preauth]
Oct 13 17:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=mysql
Oct 13 17:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: Failed password for invalid user mysql from 129.212.186.142 port 37966 ssh2
Oct 13 17:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: Connection closed by 129.212.186.142 port 37966 [preauth]
Oct 13 17:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Failed password for root from 129.212.186.142 port 37978 ssh2
Oct 13 17:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Connection closed by 129.212.186.142 port 37978 [preauth]
Oct 13 17:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7340]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: Invalid user odoo17 from 129.212.186.142
Oct 13 17:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: input_userauth_request: invalid user odoo17 [preauth]
Oct 13 17:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: Failed password for invalid user odoo17 from 129.212.186.142 port 60602 ssh2
Oct 13 17:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: Connection closed by 129.212.186.142 port 60602 [preauth]
Oct 13 17:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: Failed password for root from 129.212.186.142 port 60624 ssh2
Oct 13 17:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: Connection closed by 129.212.186.142 port 60624 [preauth]
Oct 13 17:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7818]: Invalid user samba from 129.212.186.142
Oct 13 17:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7818]: input_userauth_request: invalid user samba [preauth]
Oct 13 17:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7818]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7818]: Failed password for invalid user samba from 129.212.186.142 port 60644 ssh2
Oct 13 17:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7818]: Connection closed by 129.212.186.142 port 60644 [preauth]
Oct 13 17:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7822]: Failed password for root from 129.212.186.142 port 49240 ssh2
Oct 13 17:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7822]: Connection closed by 129.212.186.142 port 49240 [preauth]
Oct 13 17:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7857]: Invalid user deploy from 129.212.186.142
Oct 13 17:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7857]: input_userauth_request: invalid user deploy [preauth]
Oct 13 17:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7857]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7853]: Invalid user data from 103.18.79.204
Oct 13 17:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7853]: input_userauth_request: invalid user data [preauth]
Oct 13 17:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7853]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7857]: Failed password for invalid user deploy from 129.212.186.142 port 49246 ssh2
Oct 13 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7853]: Failed password for invalid user data from 103.18.79.204 port 50192 ssh2
Oct 13 17:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7857]: Connection closed by 129.212.186.142 port 49246 [preauth]
Oct 13 17:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7853]: Received disconnect from 103.18.79.204 port 50192:11: Bye Bye [preauth]
Oct 13 17:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7853]: Disconnected from 103.18.79.204 port 50192 [preauth]
Oct 13 17:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Invalid user minecraft from 129.212.186.142
Oct 13 17:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: input_userauth_request: invalid user minecraft [preauth]
Oct 13 17:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Failed password for invalid user minecraft from 129.212.186.142 port 49256 ssh2
Oct 13 17:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Connection closed by 129.212.186.142 port 49256 [preauth]
Oct 13 17:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6166]: pam_unix(cron:session): session closed for user root
Oct 13 17:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: Invalid user master from 129.212.186.142
Oct 13 17:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: input_userauth_request: invalid user master [preauth]
Oct 13 17:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: Failed password for invalid user master from 129.212.186.142 port 46108 ssh2
Oct 13 17:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8312]: Connection closed by 129.212.186.142 port 46108 [preauth]
Oct 13 17:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8322]: Invalid user demo from 129.212.186.142
Oct 13 17:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8322]: input_userauth_request: invalid user demo [preauth]
Oct 13 17:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8322]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8322]: Failed password for invalid user demo from 129.212.186.142 port 46116 ssh2
Oct 13 17:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8322]: Connection closed by 129.212.186.142 port 46116 [preauth]
Oct 13 17:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: User nobody from 129.212.186.142 not allowed because not listed in AllowUsers
Oct 13 17:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: input_userauth_request: invalid user nobody [preauth]
Oct 13 17:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=nobody
Oct 13 17:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: Failed password for invalid user nobody from 129.212.186.142 port 46130 ssh2
Oct 13 17:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: Connection closed by 129.212.186.142 port 46130 [preauth]
Oct 13 17:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8359]: Failed password for root from 129.212.186.142 port 52374 ssh2
Oct 13 17:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8359]: Connection closed by 129.212.186.142 port 52374 [preauth]
Oct 13 17:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: Failed password for root from 129.212.186.142 port 52382 ssh2
Oct 13 17:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: Connection closed by 129.212.186.142 port 52382 [preauth]
Oct 13 17:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: Invalid user user2 from 129.212.186.142
Oct 13 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: input_userauth_request: invalid user user2 [preauth]
Oct 13 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: Failed password for invalid user user2 from 129.212.186.142 port 52390 ssh2
Oct 13 17:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: Connection closed by 129.212.186.142 port 52390 [preauth]
Oct 13 17:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8395]: Failed password for root from 129.212.186.142 port 34486 ssh2
Oct 13 17:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8395]: Connection closed by 129.212.186.142 port 34486 [preauth]
Oct 13 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8418]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8417]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8415]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8416]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8418]: pam_unix(cron:session): session closed for user root
Oct 13 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8412]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8493]: Successful su for rubyman by root
Oct 13 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8493]: + ??? root:rubyman
Oct 13 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406098 of user rubyman.
Oct 13 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8493]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406098.
Oct 13 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: Failed password for root from 129.212.186.142 port 34488 ssh2
Oct 13 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: Connection closed by 129.212.186.142 port 34488 [preauth]
Oct 13 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8557]: Invalid user gitlab-runner from 129.212.186.142
Oct 13 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8557]: input_userauth_request: invalid user gitlab-runner [preauth]
Oct 13 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8557]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8557]: Failed password for invalid user gitlab-runner from 129.212.186.142 port 34498 ssh2
Oct 13 17:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8557]: Connection closed by 129.212.186.142 port 34498 [preauth]
Oct 13 17:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: Invalid user pi from 129.212.186.142
Oct 13 17:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: input_userauth_request: invalid user pi [preauth]
Oct 13 17:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8415]: pam_unix(cron:session): session closed for user root
Oct 13 17:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: Failed password for invalid user pi from 129.212.186.142 port 34182 ssh2
Oct 13 17:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: Connection closed by 129.212.186.142 port 34182 [preauth]
Oct 13 17:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4004]: pam_unix(cron:session): session closed for user root
Oct 13 17:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: Invalid user test from 129.212.186.142
Oct 13 17:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: input_userauth_request: invalid user test [preauth]
Oct 13 17:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: Failed password for invalid user test from 129.212.186.142 port 34202 ssh2
Oct 13 17:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: Connection closed by 129.212.186.142 port 34202 [preauth]
Oct 13 17:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: User ftp from 129.212.186.142 not allowed because not listed in AllowUsers
Oct 13 17:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: input_userauth_request: invalid user ftp [preauth]
Oct 13 17:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=ftp
Oct 13 17:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: Failed password for invalid user ftp from 129.212.186.142 port 34216 ssh2
Oct 13 17:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: Connection closed by 129.212.186.142 port 34216 [preauth]
Oct 13 17:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8873]: Failed password for root from 129.212.186.142 port 46344 ssh2
Oct 13 17:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8873]: Connection closed by 129.212.186.142 port 46344 [preauth]
Oct 13 17:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8413]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8900]: Failed password for root from 129.212.186.142 port 46360 ssh2
Oct 13 17:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8900]: Connection closed by 129.212.186.142 port 46360 [preauth]
Oct 13 17:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: Failed password for root from 129.212.186.142 port 46386 ssh2
Oct 13 17:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: Connection closed by 129.212.186.142 port 46386 [preauth]
Oct 13 17:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142  user=root
Oct 13 17:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: Failed password for root from 129.212.186.142 port 54870 ssh2
Oct 13 17:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: Connection closed by 129.212.186.142 port 54870 [preauth]
Oct 13 17:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: Invalid user esuser from 129.212.186.142
Oct 13 17:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: input_userauth_request: invalid user esuser [preauth]
Oct 13 17:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: Failed password for invalid user esuser from 129.212.186.142 port 54886 ssh2
Oct 13 17:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: Connection closed by 129.212.186.142 port 54886 [preauth]
Oct 13 17:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: Invalid user zeeshan from 45.9.116.195
Oct 13 17:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: input_userauth_request: invalid user zeeshan [preauth]
Oct 13 17:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 17:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: Invalid user nexus from 129.212.186.142
Oct 13 17:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: input_userauth_request: invalid user nexus [preauth]
Oct 13 17:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: Failed password for invalid user zeeshan from 45.9.116.195 port 57128 ssh2
Oct 13 17:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: Received disconnect from 45.9.116.195 port 57128:11: Bye Bye [preauth]
Oct 13 17:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: Disconnected from 45.9.116.195 port 57128 [preauth]
Oct 13 17:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: Failed password for invalid user nexus from 129.212.186.142 port 54900 ssh2
Oct 13 17:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: Connection closed by 129.212.186.142 port 54900 [preauth]
Oct 13 17:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: Invalid user user from 129.212.186.142
Oct 13 17:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: input_userauth_request: invalid user user [preauth]
Oct 13 17:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.142
Oct 13 17:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6759]: pam_unix(cron:session): session closed for user root
Oct 13 17:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: Failed password for invalid user user from 129.212.186.142 port 39516 ssh2
Oct 13 17:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: Connection closed by 129.212.186.142 port 39516 [preauth]
Oct 13 17:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: Invalid user git from 103.18.79.204
Oct 13 17:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: input_userauth_request: invalid user git [preauth]
Oct 13 17:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9066]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9065]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9060]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9239]: Successful su for rubyman by root
Oct 13 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9239]: + ??? root:rubyman
Oct 13 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406104 of user rubyman.
Oct 13 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9239]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406104.
Oct 13 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: Failed password for invalid user git from 103.18.79.204 port 54618 ssh2
Oct 13 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: Received disconnect from 103.18.79.204 port 54618:11: Bye Bye [preauth]
Oct 13 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: Disconnected from 103.18.79.204 port 54618 [preauth]
Oct 13 17:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4549]: pam_unix(cron:session): session closed for user root
Oct 13 17:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9064]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Invalid user ela from 20.163.71.109
Oct 13 17:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: input_userauth_request: invalid user ela [preauth]
Oct 13 17:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 13 17:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Failed password for invalid user ela from 20.163.71.109 port 40654 ssh2
Oct 13 17:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9545]: Connection closed by 20.163.71.109 port 40654 [preauth]
Oct 13 17:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7342]: pam_unix(cron:session): session closed for user root
Oct 13 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9751]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9755]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9741]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9881]: Successful su for rubyman by root
Oct 13 17:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9881]: + ??? root:rubyman
Oct 13 17:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406108 of user rubyman.
Oct 13 17:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9881]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406108.
Oct 13 17:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195  user=root
Oct 13 17:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5626]: pam_unix(cron:session): session closed for user root
Oct 13 17:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Failed password for root from 45.9.116.195 port 56642 ssh2
Oct 13 17:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Received disconnect from 45.9.116.195 port 56642:11: Bye Bye [preauth]
Oct 13 17:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Disconnected from 45.9.116.195 port 56642 [preauth]
Oct 13 17:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9746]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204  user=root
Oct 13 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Failed password for root from 103.18.79.204 port 59060 ssh2
Oct 13 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Received disconnect from 103.18.79.204 port 59060:11: Bye Bye [preauth]
Oct 13 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Disconnected from 103.18.79.204 port 59060 [preauth]
Oct 13 17:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8417]: pam_unix(cron:session): session closed for user root
Oct 13 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10285]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10284]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10281]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10368]: Successful su for rubyman by root
Oct 13 17:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10368]: + ??? root:rubyman
Oct 13 17:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10368]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406113 of user rubyman.
Oct 13 17:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10368]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406113.
Oct 13 17:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6163]: pam_unix(cron:session): session closed for user root
Oct 13 17:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10283]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9066]: pam_unix(cron:session): session closed for user root
Oct 13 17:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195  user=root
Oct 13 17:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10726]: Failed password for root from 45.9.116.195 port 36124 ssh2
Oct 13 17:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10726]: Received disconnect from 45.9.116.195 port 36124:11: Bye Bye [preauth]
Oct 13 17:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10726]: Disconnected from 45.9.116.195 port 36124 [preauth]
Oct 13 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10762]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10763]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10759]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10837]: Successful su for rubyman by root
Oct 13 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10837]: + ??? root:rubyman
Oct 13 17:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10837]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406116 of user rubyman.
Oct 13 17:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10837]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406116.
Oct 13 17:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6758]: pam_unix(cron:session): session closed for user root
Oct 13 17:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10760]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9755]: pam_unix(cron:session): session closed for user root
Oct 13 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11207]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11206]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11209]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11208]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11209]: pam_unix(cron:session): session closed for user root
Oct 13 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11204]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11297]: Successful su for rubyman by root
Oct 13 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11297]: + ??? root:rubyman
Oct 13 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406121 of user rubyman.
Oct 13 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11297]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406121.
Oct 13 17:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11392]: Invalid user user from 103.18.79.204
Oct 13 17:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11392]: input_userauth_request: invalid user user [preauth]
Oct 13 17:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11392]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 17:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11392]: Failed password for invalid user user from 103.18.79.204 port 35306 ssh2
Oct 13 17:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11206]: pam_unix(cron:session): session closed for user root
Oct 13 17:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11392]: Received disconnect from 103.18.79.204 port 35306:11: Bye Bye [preauth]
Oct 13 17:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11392]: Disconnected from 103.18.79.204 port 35306 [preauth]
Oct 13 17:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7341]: pam_unix(cron:session): session closed for user root
Oct 13 17:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11205]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195  user=root
Oct 13 17:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: Failed password for root from 45.9.116.195 port 56516 ssh2
Oct 13 17:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: Received disconnect from 45.9.116.195 port 56516:11: Bye Bye [preauth]
Oct 13 17:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: Disconnected from 45.9.116.195 port 56516 [preauth]
Oct 13 17:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10285]: pam_unix(cron:session): session closed for user root
Oct 13 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11815]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11818]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11816]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11813]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11897]: Successful su for rubyman by root
Oct 13 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11897]: + ??? root:rubyman
Oct 13 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406127 of user rubyman.
Oct 13 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11897]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406127.
Oct 13 17:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8416]: pam_unix(cron:session): session closed for user root
Oct 13 17:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11815]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10763]: pam_unix(cron:session): session closed for user root
Oct 13 17:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: Invalid user andrey from 103.18.79.204
Oct 13 17:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: input_userauth_request: invalid user andrey [preauth]
Oct 13 17:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 17:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: Failed password for invalid user andrey from 103.18.79.204 port 39736 ssh2
Oct 13 17:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: Received disconnect from 103.18.79.204 port 39736:11: Bye Bye [preauth]
Oct 13 17:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: Disconnected from 103.18.79.204 port 39736 [preauth]
Oct 13 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12302]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12301]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12303]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12298]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12298]: pam_unix(cron:session): session closed for user root
Oct 13 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12300]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12379]: Successful su for rubyman by root
Oct 13 17:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12379]: + ??? root:rubyman
Oct 13 17:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406132 of user rubyman.
Oct 13 17:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12379]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406132.
Oct 13 17:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195  user=root
Oct 13 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: Failed password for root from 45.9.116.195 port 52502 ssh2
Oct 13 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: Received disconnect from 45.9.116.195 port 52502:11: Bye Bye [preauth]
Oct 13 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: Disconnected from 45.9.116.195 port 52502 [preauth]
Oct 13 17:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9065]: pam_unix(cron:session): session closed for user root
Oct 13 17:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12301]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11208]: pam_unix(cron:session): session closed for user root
Oct 13 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12875]: Successful su for rubyman by root
Oct 13 17:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12875]: + ??? root:rubyman
Oct 13 17:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406134 of user rubyman.
Oct 13 17:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12875]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406134.
Oct 13 17:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9751]: pam_unix(cron:session): session closed for user root
Oct 13 17:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13079]: Invalid user chenhui from 103.18.79.204
Oct 13 17:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13079]: input_userauth_request: invalid user chenhui [preauth]
Oct 13 17:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13079]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 17:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13079]: Failed password for invalid user chenhui from 103.18.79.204 port 44164 ssh2
Oct 13 17:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13079]: Received disconnect from 103.18.79.204 port 44164:11: Bye Bye [preauth]
Oct 13 17:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13079]: Disconnected from 103.18.79.204 port 44164 [preauth]
Oct 13 17:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11818]: pam_unix(cron:session): session closed for user root
Oct 13 17:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: Invalid user andrey from 45.9.116.195
Oct 13 17:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: input_userauth_request: invalid user andrey [preauth]
Oct 13 17:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195
Oct 13 17:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: Failed password for invalid user andrey from 45.9.116.195 port 39620 ssh2
Oct 13 17:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: Received disconnect from 45.9.116.195 port 39620:11: Bye Bye [preauth]
Oct 13 17:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13235]: Disconnected from 45.9.116.195 port 39620 [preauth]
Oct 13 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13397]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13402]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13394]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13394]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13482]: Successful su for rubyman by root
Oct 13 17:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13482]: + ??? root:rubyman
Oct 13 17:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406140 of user rubyman.
Oct 13 17:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13482]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406140.
Oct 13 17:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10284]: pam_unix(cron:session): session closed for user root
Oct 13 17:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13396]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12303]: pam_unix(cron:session): session closed for user root
Oct 13 17:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13835]: Invalid user johnathan from 103.18.79.204
Oct 13 17:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13835]: input_userauth_request: invalid user johnathan [preauth]
Oct 13 17:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13835]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 17:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13835]: Failed password for invalid user johnathan from 103.18.79.204 port 48596 ssh2
Oct 13 17:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13835]: Received disconnect from 103.18.79.204 port 48596:11: Bye Bye [preauth]
Oct 13 17:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13835]: Disconnected from 103.18.79.204 port 48596 [preauth]
Oct 13 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13896]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13892]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13895]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13894]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13896]: pam_unix(cron:session): session closed for user root
Oct 13 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13890]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13969]: Successful su for rubyman by root
Oct 13 17:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13969]: + ??? root:rubyman
Oct 13 17:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13969]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406146 of user rubyman.
Oct 13 17:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13969]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406146.
Oct 13 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13892]: pam_unix(cron:session): session closed for user root
Oct 13 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: Invalid user admin from 2.57.121.112
Oct 13 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: input_userauth_request: invalid user admin [preauth]
Oct 13 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 17:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10762]: pam_unix(cron:session): session closed for user root
Oct 13 17:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: Failed password for invalid user admin from 2.57.121.112 port 18981 ssh2
Oct 13 17:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: Failed password for invalid user admin from 2.57.121.112 port 18981 ssh2
Oct 13 17:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: Failed password for invalid user admin from 2.57.121.112 port 18981 ssh2
Oct 13 17:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.9.116.195  user=root
Oct 13 17:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: Failed password for invalid user admin from 2.57.121.112 port 18981 ssh2
Oct 13 17:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: Failed password for root from 45.9.116.195 port 36072 ssh2
Oct 13 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: Received disconnect from 45.9.116.195 port 36072:11: Bye Bye [preauth]
Oct 13 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: Disconnected from 45.9.116.195 port 36072 [preauth]
Oct 13 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: Failed password for invalid user admin from 2.57.121.112 port 18981 ssh2
Oct 13 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: Received disconnect from 2.57.121.112 port 18981:11: Bye [preauth]
Oct 13 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: Disconnected from 2.57.121.112 port 18981 [preauth]
Oct 13 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14183]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13891]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: Invalid user  from 62.60.131.157
Oct 13 17:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: input_userauth_request: invalid user  [preauth]
Oct 13 17:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: Failed none for invalid user  from 62.60.131.157 port 63284 ssh2
Oct 13 17:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: Received disconnect from 62.60.131.157 port 63284:11: Bye [preauth]
Oct 13 17:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: Disconnected from 62.60.131.157 port 63284 [preauth]
Oct 13 17:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session closed for user root
Oct 13 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14445]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14447]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14443]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14536]: Successful su for rubyman by root
Oct 13 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14536]: + ??? root:rubyman
Oct 13 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14536]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406149 of user rubyman.
Oct 13 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14536]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406149.
Oct 13 17:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 17:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: Failed password for root from 194.182.86.152 port 43798 ssh2
Oct 13 17:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14533]: Connection closed by 194.182.86.152 port 43798 [preauth]
Oct 13 17:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11207]: pam_unix(cron:session): session closed for user root
Oct 13 17:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204  user=root
Oct 13 17:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14444]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: Failed password for root from 103.18.79.204 port 53034 ssh2
Oct 13 17:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: Received disconnect from 103.18.79.204 port 53034:11: Bye Bye [preauth]
Oct 13 17:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: Disconnected from 103.18.79.204 port 53034 [preauth]
Oct 13 17:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13402]: pam_unix(cron:session): session closed for user root
Oct 13 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14921]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14920]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14917]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14996]: Successful su for rubyman by root
Oct 13 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14996]: + ??? root:rubyman
Oct 13 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406153 of user rubyman.
Oct 13 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14996]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406153.
Oct 13 17:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11816]: pam_unix(cron:session): session closed for user root
Oct 13 17:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14919]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13895]: pam_unix(cron:session): session closed for user root
Oct 13 17:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: Invalid user user01 from 103.18.79.204
Oct 13 17:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: input_userauth_request: invalid user user01 [preauth]
Oct 13 17:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.79.204
Oct 13 17:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: Failed password for invalid user user01 from 103.18.79.204 port 57468 ssh2
Oct 13 17:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: Received disconnect from 103.18.79.204 port 57468:11: Bye Bye [preauth]
Oct 13 17:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: Disconnected from 103.18.79.204 port 57468 [preauth]
Oct 13 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15479]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15480]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15476]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15542]: Successful su for rubyman by root
Oct 13 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15542]: + ??? root:rubyman
Oct 13 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406156 of user rubyman.
Oct 13 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15542]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406156.
Oct 13 17:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12302]: pam_unix(cron:session): session closed for user root
Oct 13 17:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15477]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14447]: pam_unix(cron:session): session closed for user root
Oct 13 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15920]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15921]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15918]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15918]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15995]: Successful su for rubyman by root
Oct 13 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15995]: + ??? root:rubyman
Oct 13 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406160 of user rubyman.
Oct 13 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15995]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406160.
Oct 13 17:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session closed for user root
Oct 13 17:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15919]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14921]: pam_unix(cron:session): session closed for user root
Oct 13 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16385]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16390]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16387]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16386]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16390]: pam_unix(cron:session): session closed for user root
Oct 13 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16383]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16463]: Successful su for rubyman by root
Oct 13 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16463]: + ??? root:rubyman
Oct 13 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406166 of user rubyman.
Oct 13 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16463]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406166.
Oct 13 17:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16385]: pam_unix(cron:session): session closed for user root
Oct 13 17:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13397]: pam_unix(cron:session): session closed for user root
Oct 13 17:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16731]: Did not receive identification string from 116.177.173.185
Oct 13 17:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16384]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15480]: pam_unix(cron:session): session closed for user root
Oct 13 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16871]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16870]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16868]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16940]: Successful su for rubyman by root
Oct 13 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16940]: + ??? root:rubyman
Oct 13 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406170 of user rubyman.
Oct 13 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16940]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406170.
Oct 13 17:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13894]: pam_unix(cron:session): session closed for user root
Oct 13 17:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16869]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17220]: Did not receive identification string from 80.211.205.25
Oct 13 17:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15921]: pam_unix(cron:session): session closed for user root
Oct 13 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17347]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17345]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17343]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17417]: Successful su for rubyman by root
Oct 13 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17417]: + ??? root:rubyman
Oct 13 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17417]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406175 of user rubyman.
Oct 13 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17417]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406175.
Oct 13 17:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14445]: pam_unix(cron:session): session closed for user root
Oct 13 17:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17344]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16387]: pam_unix(cron:session): session closed for user root
Oct 13 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17872]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17871]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17869]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17946]: Successful su for rubyman by root
Oct 13 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17946]: + ??? root:rubyman
Oct 13 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406178 of user rubyman.
Oct 13 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17946]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406178.
Oct 13 17:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14920]: pam_unix(cron:session): session closed for user root
Oct 13 17:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17870]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16871]: pam_unix(cron:session): session closed for user root
Oct 13 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18577]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18579]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18576]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18575]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18575]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18655]: Successful su for rubyman by root
Oct 13 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18655]: + ??? root:rubyman
Oct 13 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406182 of user rubyman.
Oct 13 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18655]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406182.
Oct 13 17:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15479]: pam_unix(cron:session): session closed for user root
Oct 13 17:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18576]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17347]: pam_unix(cron:session): session closed for user root
Oct 13 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19171]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19169]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19170]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19168]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19171]: pam_unix(cron:session): session closed for user root
Oct 13 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19160]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19276]: Successful su for rubyman by root
Oct 13 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19276]: + ??? root:rubyman
Oct 13 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19276]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406186 of user rubyman.
Oct 13 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19276]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406186.
Oct 13 17:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19168]: pam_unix(cron:session): session closed for user root
Oct 13 17:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15920]: pam_unix(cron:session): session closed for user root
Oct 13 17:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19167]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17872]: pam_unix(cron:session): session closed for user root
Oct 13 17:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 17:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19965]: Failed password for root from 194.182.86.152 port 53582 ssh2
Oct 13 17:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19965]: Connection closed by 194.182.86.152 port 53582 [preauth]
Oct 13 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20027]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20026]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20028]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20025]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20025]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20128]: Successful su for rubyman by root
Oct 13 17:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20128]: + ??? root:rubyman
Oct 13 17:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406195 of user rubyman.
Oct 13 17:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20128]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406195.
Oct 13 17:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16386]: pam_unix(cron:session): session closed for user root
Oct 13 17:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20026]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18579]: pam_unix(cron:session): session closed for user root
Oct 13 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20545]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20547]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20546]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20544]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20617]: Successful su for rubyman by root
Oct 13 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20617]: + ??? root:rubyman
Oct 13 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406197 of user rubyman.
Oct 13 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20617]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406197.
Oct 13 17:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16870]: pam_unix(cron:session): session closed for user root
Oct 13 17:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20545]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19170]: pam_unix(cron:session): session closed for user root
Oct 13 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21001]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21000]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20998]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21073]: Successful su for rubyman by root
Oct 13 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21073]: + ??? root:rubyman
Oct 13 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406201 of user rubyman.
Oct 13 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21073]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406201.
Oct 13 17:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17345]: pam_unix(cron:session): session closed for user root
Oct 13 17:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20999]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20028]: pam_unix(cron:session): session closed for user root
Oct 13 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21519]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21520]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21516]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21592]: Successful su for rubyman by root
Oct 13 17:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21592]: + ??? root:rubyman
Oct 13 17:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406204 of user rubyman.
Oct 13 17:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21592]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406204.
Oct 13 17:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17871]: pam_unix(cron:session): session closed for user root
Oct 13 17:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21517]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20547]: pam_unix(cron:session): session closed for user root
Oct 13 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21979]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21982]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21985]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21984]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21985]: pam_unix(cron:session): session closed for user root
Oct 13 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21977]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22064]: Successful su for rubyman by root
Oct 13 17:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22064]: + ??? root:rubyman
Oct 13 17:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22064]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406209 of user rubyman.
Oct 13 17:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22064]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406209.
Oct 13 17:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21979]: pam_unix(cron:session): session closed for user root
Oct 13 17:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18577]: pam_unix(cron:session): session closed for user root
Oct 13 17:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21978]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21001]: pam_unix(cron:session): session closed for user root
Oct 13 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22508]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22507]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22505]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22594]: Successful su for rubyman by root
Oct 13 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22594]: + ??? root:rubyman
Oct 13 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406217 of user rubyman.
Oct 13 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22594]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406217.
Oct 13 17:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19169]: pam_unix(cron:session): session closed for user root
Oct 13 17:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22506]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21520]: pam_unix(cron:session): session closed for user root
Oct 13 17:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: Invalid user admin from 2.57.121.25
Oct 13 17:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: input_userauth_request: invalid user admin [preauth]
Oct 13 17:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 17:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: Failed password for invalid user admin from 2.57.121.25 port 56662 ssh2
Oct 13 17:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: Failed password for invalid user admin from 2.57.121.25 port 56662 ssh2
Oct 13 17:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: Failed password for invalid user admin from 2.57.121.25 port 56662 ssh2
Oct 13 17:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: Failed password for invalid user admin from 2.57.121.25 port 56662 ssh2
Oct 13 17:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 17:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: Failed password for invalid user admin from 2.57.121.25 port 56662 ssh2
Oct 13 17:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: Received disconnect from 2.57.121.25 port 56662:11: Bye [preauth]
Oct 13 17:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: Disconnected from 2.57.121.25 port 56662 [preauth]
Oct 13 17:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 17:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23462]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23477]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23459]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23762]: Successful su for rubyman by root
Oct 13 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23762]: + ??? root:rubyman
Oct 13 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23762]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406220 of user rubyman.
Oct 13 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23762]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406220.
Oct 13 17:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20027]: pam_unix(cron:session): session closed for user root
Oct 13 17:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23460]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21984]: pam_unix(cron:session): session closed for user root
Oct 13 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24190]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24189]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24186]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24273]: Successful su for rubyman by root
Oct 13 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24273]: + ??? root:rubyman
Oct 13 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406223 of user rubyman.
Oct 13 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24273]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406223.
Oct 13 17:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20546]: pam_unix(cron:session): session closed for user root
Oct 13 17:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24188]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22508]: pam_unix(cron:session): session closed for user root
Oct 13 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24705]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24700]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24704]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24698]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24700]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24879]: Successful su for rubyman by root
Oct 13 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24879]: + ??? root:rubyman
Oct 13 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406228 of user rubyman.
Oct 13 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24879]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406228.
Oct 13 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24698]: pam_unix(cron:session): session closed for user root
Oct 13 17:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21000]: pam_unix(cron:session): session closed for user root
Oct 13 17:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24701]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23477]: pam_unix(cron:session): session closed for user root
Oct 13 17:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 17:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: Failed password for root from 194.182.86.152 port 54026 ssh2
Oct 13 17:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: Connection closed by 194.182.86.152 port 54026 [preauth]
Oct 13 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25543]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25544]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25542]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25541]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25544]: pam_unix(cron:session): session closed for user root
Oct 13 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25538]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25615]: Successful su for rubyman by root
Oct 13 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25615]: + ??? root:rubyman
Oct 13 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25615]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406232 of user rubyman.
Oct 13 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25615]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406232.
Oct 13 17:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25541]: pam_unix(cron:session): session closed for user root
Oct 13 17:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21519]: pam_unix(cron:session): session closed for user root
Oct 13 17:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25540]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24190]: pam_unix(cron:session): session closed for user root
Oct 13 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26127]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26126]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26124]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26207]: Successful su for rubyman by root
Oct 13 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26207]: + ??? root:rubyman
Oct 13 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406238 of user rubyman.
Oct 13 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26207]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406238.
Oct 13 17:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21982]: pam_unix(cron:session): session closed for user root
Oct 13 17:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26125]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24705]: pam_unix(cron:session): session closed for user root
Oct 13 17:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26699]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26695]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26693]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26692]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26692]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: Failed password for root from 194.182.86.152 port 41330 ssh2
Oct 13 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: Connection closed by 194.182.86.152 port 41330 [preauth]
Oct 13 17:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26800]: Successful su for rubyman by root
Oct 13 17:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26800]: + ??? root:rubyman
Oct 13 17:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406242 of user rubyman.
Oct 13 17:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26800]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406242.
Oct 13 17:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22507]: pam_unix(cron:session): session closed for user root
Oct 13 17:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26693]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25543]: pam_unix(cron:session): session closed for user root
Oct 13 17:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27398]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27399]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27396]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27473]: Successful su for rubyman by root
Oct 13 17:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27473]: + ??? root:rubyman
Oct 13 17:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406246 of user rubyman.
Oct 13 17:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27473]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406246.
Oct 13 17:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23462]: pam_unix(cron:session): session closed for user root
Oct 13 17:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27397]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 17:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28066]: Failed password for root from 194.182.86.152 port 49736 ssh2
Oct 13 17:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28066]: Connection closed by 194.182.86.152 port 49736 [preauth]
Oct 13 17:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26127]: pam_unix(cron:session): session closed for user root
Oct 13 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28177]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28179]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28175]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28238]: Successful su for rubyman by root
Oct 13 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28238]: + ??? root:rubyman
Oct 13 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406250 of user rubyman.
Oct 13 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28238]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406250.
Oct 13 17:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24189]: pam_unix(cron:session): session closed for user root
Oct 13 17:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28176]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26699]: pam_unix(cron:session): session closed for user root
Oct 13 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28886]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28887]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28888]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28889]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28880]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28889]: pam_unix(cron:session): session closed for user root
Oct 13 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28880]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29072]: Successful su for rubyman by root
Oct 13 17:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29072]: + ??? root:rubyman
Oct 13 17:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406255 of user rubyman.
Oct 13 17:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29072]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406255.
Oct 13 17:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28886]: pam_unix(cron:session): session closed for user root
Oct 13 17:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24704]: pam_unix(cron:session): session closed for user root
Oct 13 17:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28885]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27399]: pam_unix(cron:session): session closed for user root
Oct 13 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29524]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29523]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29520]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29606]: Successful su for rubyman by root
Oct 13 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29606]: + ??? root:rubyman
Oct 13 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406259 of user rubyman.
Oct 13 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29606]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406259.
Oct 13 17:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25542]: pam_unix(cron:session): session closed for user root
Oct 13 17:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29521]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28179]: pam_unix(cron:session): session closed for user root
Oct 13 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30033]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30032]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30028]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30112]: Successful su for rubyman by root
Oct 13 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30112]: + ??? root:rubyman
Oct 13 17:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406263 of user rubyman.
Oct 13 17:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30112]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406263.
Oct 13 17:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26126]: pam_unix(cron:session): session closed for user root
Oct 13 17:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30031]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28888]: pam_unix(cron:session): session closed for user root
Oct 13 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30630]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30634]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30628]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30712]: Successful su for rubyman by root
Oct 13 17:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30712]: + ??? root:rubyman
Oct 13 17:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406270 of user rubyman.
Oct 13 17:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30712]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406270.
Oct 13 17:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26695]: pam_unix(cron:session): session closed for user root
Oct 13 17:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30629]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 13 17:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30966]: Failed password for root from 190.103.202.7 port 44700 ssh2
Oct 13 17:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30966]: Connection closed by 190.103.202.7 port 44700 [preauth]
Oct 13 17:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29524]: pam_unix(cron:session): session closed for user root
Oct 13 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31115]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31116]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31113]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31112]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31184]: Successful su for rubyman by root
Oct 13 17:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31184]: + ??? root:rubyman
Oct 13 17:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406273 of user rubyman.
Oct 13 17:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31184]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406273.
Oct 13 17:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27398]: pam_unix(cron:session): session closed for user root
Oct 13 17:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31113]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 17:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31521]: Failed password for root from 194.182.86.152 port 56870 ssh2
Oct 13 17:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31521]: Connection closed by 194.182.86.152 port 56870 [preauth]
Oct 13 17:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30033]: pam_unix(cron:session): session closed for user root
Oct 13 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31734]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31735]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31732]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31736]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31733]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31736]: pam_unix(cron:session): session closed for user root
Oct 13 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31730]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31813]: Successful su for rubyman by root
Oct 13 17:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31813]: + ??? root:rubyman
Oct 13 17:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406277 of user rubyman.
Oct 13 17:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31813]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406277.
Oct 13 17:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31733]: pam_unix(cron:session): session closed for user root
Oct 13 17:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28177]: pam_unix(cron:session): session closed for user root
Oct 13 17:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31732]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30634]: pam_unix(cron:session): session closed for user root
Oct 13 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32306]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32307]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32304]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32386]: Successful su for rubyman by root
Oct 13 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32386]: + ??? root:rubyman
Oct 13 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406283 of user rubyman.
Oct 13 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32386]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406283.
Oct 13 17:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28887]: pam_unix(cron:session): session closed for user root
Oct 13 17:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32305]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31116]: pam_unix(cron:session): session closed for user root
Oct 13 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[301]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[300]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32767]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32766]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[377]: Successful su for rubyman by root
Oct 13 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[377]: + ??? root:rubyman
Oct 13 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406287 of user rubyman.
Oct 13 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[377]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406287.
Oct 13 17:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29523]: pam_unix(cron:session): session closed for user root
Oct 13 17:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 17:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32767]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[599]: Failed password for root from 194.182.86.152 port 37080 ssh2
Oct 13 17:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[599]: Connection closed by 194.182.86.152 port 37080 [preauth]
Oct 13 17:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31735]: pam_unix(cron:session): session closed for user root
Oct 13 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[763]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[759]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[757]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[885]: Successful su for rubyman by root
Oct 13 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[885]: + ??? root:rubyman
Oct 13 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406290 of user rubyman.
Oct 13 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[885]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406290.
Oct 13 17:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30032]: pam_unix(cron:session): session closed for user root
Oct 13 17:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[758]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32307]: pam_unix(cron:session): session closed for user root
Oct 13 17:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 17:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1321]: Failed password for root from 194.182.86.152 port 34738 ssh2
Oct 13 17:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1321]: Connection closed by 194.182.86.152 port 34738 [preauth]
Oct 13 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1338]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1339]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1336]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1419]: Successful su for rubyman by root
Oct 13 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1419]: + ??? root:rubyman
Oct 13 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1419]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406294 of user rubyman.
Oct 13 17:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1419]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406294.
Oct 13 17:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30630]: pam_unix(cron:session): session closed for user root
Oct 13 17:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1337]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[301]: pam_unix(cron:session): session closed for user root
Oct 13 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1844]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1841]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1842]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1840]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1844]: pam_unix(cron:session): session closed for user root
Oct 13 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1837]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2027]: Successful su for rubyman by root
Oct 13 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2027]: + ??? root:rubyman
Oct 13 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406300 of user rubyman.
Oct 13 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2027]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406300.
Oct 13 17:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1840]: pam_unix(cron:session): session closed for user root
Oct 13 17:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31115]: pam_unix(cron:session): session closed for user root
Oct 13 17:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1839]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[763]: pam_unix(cron:session): session closed for user root
Oct 13 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2421]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2419]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2415]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2521]: Successful su for rubyman by root
Oct 13 17:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2521]: + ??? root:rubyman
Oct 13 17:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406303 of user rubyman.
Oct 13 17:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2521]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406303.
Oct 13 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 17:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: Failed password for root from 194.182.86.152 port 39666 ssh2
Oct 13 17:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: Connection closed by 194.182.86.152 port 39666 [preauth]
Oct 13 17:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31734]: pam_unix(cron:session): session closed for user root
Oct 13 17:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2418]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1339]: pam_unix(cron:session): session closed for user root
Oct 13 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2888]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2885]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2883]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2967]: Successful su for rubyman by root
Oct 13 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2967]: + ??? root:rubyman
Oct 13 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406307 of user rubyman.
Oct 13 17:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2967]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406307.
Oct 13 17:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32306]: pam_unix(cron:session): session closed for user root
Oct 13 17:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2884]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1842]: pam_unix(cron:session): session closed for user root
Oct 13 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3339]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3340]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3336]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3415]: Successful su for rubyman by root
Oct 13 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3415]: + ??? root:rubyman
Oct 13 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406311 of user rubyman.
Oct 13 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3415]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406311.
Oct 13 17:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[300]: pam_unix(cron:session): session closed for user root
Oct 13 17:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3337]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2421]: pam_unix(cron:session): session closed for user root
Oct 13 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3794]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3792]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3790]: pam_unix(cron:session): session closed for user p13x
Oct 13 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3868]: Successful su for rubyman by root
Oct 13 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3868]: + ??? root:rubyman
Oct 13 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406315 of user rubyman.
Oct 13 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3868]: pam_unix(su:session): session closed for user rubyman
Oct 13 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406315.
Oct 13 17:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 17:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: Failed password for root from 47.243.251.225 port 46390 ssh2
Oct 13 17:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[759]: pam_unix(cron:session): session closed for user root
Oct 13 17:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: Failed password for root from 47.243.251.225 port 46390 ssh2
Oct 13 17:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: Failed password for root from 47.243.251.225 port 46390 ssh2
Oct 13 17:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3791]: pam_unix(cron:session): session closed for user samftp
Oct 13 17:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: Failed password for root from 47.243.251.225 port 46390 ssh2
Oct 13 17:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: message repeated 2 times: [ Failed password for root from 47.243.251.225 port 46390 ssh2]
Oct 13 17:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 46390 ssh2 [preauth]
Oct 13 17:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: Disconnecting: Too many authentication failures [preauth]
Oct 13 17:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 17:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3927]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 17:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 17:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: Failed password for root from 47.243.251.225 port 47672 ssh2
Oct 13 17:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: message repeated 5 times: [ Failed password for root from 47.243.251.225 port 47672 ssh2]
Oct 13 17:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 47672 ssh2 [preauth]
Oct 13 17:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: Disconnecting: Too many authentication failures [preauth]
Oct 13 17:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 17:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4125]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 17:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 17:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2888]: pam_unix(cron:session): session closed for user root
Oct 13 17:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4183]: Failed password for root from 47.243.251.225 port 47982 ssh2
Oct 13 17:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4183]: message repeated 5 times: [ Failed password for root from 47.243.251.225 port 47982 ssh2]
Oct 13 17:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4183]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 47982 ssh2 [preauth]
Oct 13 17:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4183]: Disconnecting: Too many authentication failures [preauth]
Oct 13 17:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4183]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 17:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4183]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 17:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 17:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 17:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: Failed password for root from 47.243.251.225 port 48316 ssh2
Oct 13 18:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: Failed password for root from 47.243.251.225 port 48316 ssh2
Oct 13 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4315]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4316]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4317]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4318]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4314]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4314]: pam_unix(cron:session): session closed for user root
Oct 13 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4318]: pam_unix(cron:session): session closed for user root
Oct 13 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4312]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: Failed password for root from 47.243.251.225 port 48316 ssh2
Oct 13 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4433]: Successful su for rubyman by root
Oct 13 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4433]: + ??? root:rubyman
Oct 13 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406323 of user rubyman.
Oct 13 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4433]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406323.
Oct 13 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: Failed password for root from 47.243.251.225 port 48316 ssh2
Oct 13 18:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: Failed password for root from 47.243.251.225 port 48316 ssh2
Oct 13 18:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: Failed password for root from 47.243.251.225 port 48316 ssh2
Oct 13 18:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 48316 ssh2 [preauth]
Oct 13 18:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4315]: pam_unix(cron:session): session closed for user root
Oct 13 18:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1338]: pam_unix(cron:session): session closed for user root
Oct 13 18:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: Failed password for root from 47.243.251.225 port 49692 ssh2
Oct 13 18:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: message repeated 5 times: [ Failed password for root from 47.243.251.225 port 49692 ssh2]
Oct 13 18:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 49692 ssh2 [preauth]
Oct 13 18:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4313]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: Failed password for root from 47.243.251.225 port 49988 ssh2
Oct 13 18:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: message repeated 3 times: [ Failed password for root from 47.243.251.225 port 49988 ssh2]
Oct 13 18:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3340]: pam_unix(cron:session): session closed for user root
Oct 13 18:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: Failed password for root from 47.243.251.225 port 49988 ssh2
Oct 13 18:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: Failed password for root from 47.243.251.225 port 49988 ssh2
Oct 13 18:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 49988 ssh2 [preauth]
Oct 13 18:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: Failed password for root from 47.243.251.225 port 50260 ssh2
Oct 13 18:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: message repeated 5 times: [ Failed password for root from 47.243.251.225 port 50260 ssh2]
Oct 13 18:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 50260 ssh2 [preauth]
Oct 13 18:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: Failed password for root from 47.243.251.225 port 50544 ssh2
Oct 13 18:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: message repeated 2 times: [ Failed password for root from 47.243.251.225 port 50544 ssh2]
Oct 13 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5081]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5080]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5069]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: Failed password for root from 47.243.251.225 port 50544 ssh2
Oct 13 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5498]: Successful su for rubyman by root
Oct 13 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5498]: + ??? root:rubyman
Oct 13 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406328 of user rubyman.
Oct 13 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5498]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406328.
Oct 13 18:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: Failed password for root from 47.243.251.225 port 50544 ssh2
Oct 13 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: Failed password for root from 47.243.251.225 port 50544 ssh2
Oct 13 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 50544 ssh2 [preauth]
Oct 13 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: Failed password for root from 47.243.251.225 port 51870 ssh2
Oct 13 18:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: Failed password for root from 47.243.251.225 port 51870 ssh2
Oct 13 18:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1841]: pam_unix(cron:session): session closed for user root
Oct 13 18:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5077]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: Failed password for root from 47.243.251.225 port 51870 ssh2
Oct 13 18:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: message repeated 3 times: [ Failed password for root from 47.243.251.225 port 51870 ssh2]
Oct 13 18:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 51870 ssh2 [preauth]
Oct 13 18:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5768]: Failed password for root from 47.243.251.225 port 52196 ssh2
Oct 13 18:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5768]: message repeated 5 times: [ Failed password for root from 47.243.251.225 port 52196 ssh2]
Oct 13 18:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5768]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 52196 ssh2 [preauth]
Oct 13 18:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5768]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5768]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5768]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3794]: pam_unix(cron:session): session closed for user root
Oct 13 18:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5831]: Failed password for root from 47.243.251.225 port 52516 ssh2
Oct 13 18:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5831]: message repeated 5 times: [ Failed password for root from 47.243.251.225 port 52516 ssh2]
Oct 13 18:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5831]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 52516 ssh2 [preauth]
Oct 13 18:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5831]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5831]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5831]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: Failed password for root from 47.243.251.225 port 52878 ssh2
Oct 13 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5916]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5917]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5914]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: Failed password for root from 47.243.251.225 port 52878 ssh2
Oct 13 18:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5983]: Successful su for rubyman by root
Oct 13 18:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5983]: + ??? root:rubyman
Oct 13 18:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406331 of user rubyman.
Oct 13 18:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5983]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406331.
Oct 13 18:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: Failed password for root from 47.243.251.225 port 52878 ssh2
Oct 13 18:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: message repeated 2 times: [ Failed password for root from 47.243.251.225 port 52878 ssh2]
Oct 13 18:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2419]: pam_unix(cron:session): session closed for user root
Oct 13 18:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: Failed password for root from 47.243.251.225 port 52878 ssh2
Oct 13 18:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 52878 ssh2 [preauth]
Oct 13 18:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: Failed password for root from 47.243.251.225 port 54078 ssh2
Oct 13 18:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: Failed password for root from 47.243.251.225 port 54078 ssh2
Oct 13 18:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5915]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: Failed password for root from 47.243.251.225 port 54078 ssh2
Oct 13 18:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: message repeated 3 times: [ Failed password for root from 47.243.251.225 port 54078 ssh2]
Oct 13 18:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 54078 ssh2 [preauth]
Oct 13 18:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: Failed password for root from 47.243.251.225 port 54300 ssh2
Oct 13 18:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: message repeated 5 times: [ Failed password for root from 47.243.251.225 port 54300 ssh2]
Oct 13 18:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 54300 ssh2 [preauth]
Oct 13 18:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: Failed password for root from 47.243.251.225 port 54474 ssh2
Oct 13 18:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4317]: pam_unix(cron:session): session closed for user root
Oct 13 18:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: Failed password for root from 47.243.251.225 port 54474 ssh2
Oct 13 18:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: message repeated 4 times: [ Failed password for root from 47.243.251.225 port 54474 ssh2]
Oct 13 18:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 54474 ssh2 [preauth]
Oct 13 18:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: Failed password for root from 47.243.251.225 port 54648 ssh2
Oct 13 18:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: Did not receive identification string from 152.69.233.26
Oct 13 18:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: Failed password for root from 47.243.251.225 port 54648 ssh2
Oct 13 18:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: Failed password for root from 47.243.251.225 port 54648 ssh2
Oct 13 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6372]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6370]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6366]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: Failed password for root from 47.243.251.225 port 54648 ssh2
Oct 13 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6437]: Successful su for rubyman by root
Oct 13 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6437]: + ??? root:rubyman
Oct 13 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6437]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406334 of user rubyman.
Oct 13 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6437]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406334.
Oct 13 18:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: Failed password for root from 47.243.251.225 port 54648 ssh2
Oct 13 18:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: Failed password for root from 47.243.251.225 port 54648 ssh2
Oct 13 18:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 54648 ssh2 [preauth]
Oct 13 18:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: Failed password for root from 47.243.251.225 port 55840 ssh2
Oct 13 18:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2885]: pam_unix(cron:session): session closed for user root
Oct 13 18:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: Failed password for root from 47.243.251.225 port 55840 ssh2
Oct 13 18:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.69.233.26  user=root
Oct 13 18:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: Failed password for root from 47.243.251.225 port 55840 ssh2
Oct 13 18:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Failed password for root from 152.69.233.26 port 59680 ssh2
Oct 13 18:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: Failed password for root from 47.243.251.225 port 55840 ssh2
Oct 13 18:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Connection closed by 152.69.233.26 port 59680 [preauth]
Oct 13 18:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: Failed password for root from 47.243.251.225 port 55840 ssh2
Oct 13 18:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6367]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: Failed password for root from 47.243.251.225 port 55840 ssh2
Oct 13 18:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 55840 ssh2 [preauth]
Oct 13 18:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: Failed password for root from 47.243.251.225 port 56020 ssh2
Oct 13 18:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: message repeated 5 times: [ Failed password for root from 47.243.251.225 port 56020 ssh2]
Oct 13 18:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 56020 ssh2 [preauth]
Oct 13 18:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6789]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: Failed password for root from 47.243.251.225 port 56182 ssh2
Oct 13 18:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.69.233.26  user=root
Oct 13 18:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5081]: pam_unix(cron:session): session closed for user root
Oct 13 18:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: Failed password for root from 47.243.251.225 port 56182 ssh2
Oct 13 18:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6777]: Failed password for root from 152.69.233.26 port 50846 ssh2
Oct 13 18:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: Failed password for root from 47.243.251.225 port 56182 ssh2
Oct 13 18:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: Failed password for root from 47.243.251.225 port 56182 ssh2
Oct 13 18:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6777]: Connection closed by 152.69.233.26 port 50846 [preauth]
Oct 13 18:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: Failed password for root from 47.243.251.225 port 56182 ssh2
Oct 13 18:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: Failed password for root from 47.243.251.225 port 56182 ssh2
Oct 13 18:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 56182 ssh2 [preauth]
Oct 13 18:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6905]: Failed password for root from 47.243.251.225 port 56340 ssh2
Oct 13 18:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6905]: message repeated 4 times: [ Failed password for root from 47.243.251.225 port 56340 ssh2]
Oct 13 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6933]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6932]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6930]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6905]: Failed password for root from 47.243.251.225 port 56340 ssh2
Oct 13 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6905]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 56340 ssh2 [preauth]
Oct 13 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6905]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6905]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6905]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7003]: Successful su for rubyman by root
Oct 13 18:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7003]: + ??? root:rubyman
Oct 13 18:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406339 of user rubyman.
Oct 13 18:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7003]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406339.
Oct 13 18:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.69.233.26  user=root
Oct 13 18:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: Failed password for root from 47.243.251.225 port 57510 ssh2
Oct 13 18:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: Failed password for root from 152.69.233.26 port 37704 ssh2
Oct 13 18:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: Failed password for root from 47.243.251.225 port 57510 ssh2
Oct 13 18:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: Connection closed by 152.69.233.26 port 37704 [preauth]
Oct 13 18:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3339]: pam_unix(cron:session): session closed for user root
Oct 13 18:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: Failed password for root from 47.243.251.225 port 57510 ssh2
Oct 13 18:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: message repeated 3 times: [ Failed password for root from 47.243.251.225 port 57510 ssh2]
Oct 13 18:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 57510 ssh2 [preauth]
Oct 13 18:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7320]: Did not receive identification string from 152.69.233.26
Oct 13 18:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6931]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: Failed password for root from 47.243.251.225 port 57668 ssh2
Oct 13 18:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: message repeated 5 times: [ Failed password for root from 47.243.251.225 port 57668 ssh2]
Oct 13 18:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 57668 ssh2 [preauth]
Oct 13 18:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: Failed password for root from 47.243.251.225 port 57828 ssh2
Oct 13 18:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: Failed password for root from 47.243.251.225 port 57828 ssh2
Oct 13 18:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5917]: pam_unix(cron:session): session closed for user root
Oct 13 18:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: Failed password for root from 47.243.251.225 port 57828 ssh2
Oct 13 18:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: message repeated 3 times: [ Failed password for root from 47.243.251.225 port 57828 ssh2]
Oct 13 18:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 57828 ssh2 [preauth]
Oct 13 18:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7404]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: Failed password for root from 47.243.251.225 port 58968 ssh2
Oct 13 18:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: message repeated 5 times: [ Failed password for root from 47.243.251.225 port 58968 ssh2]
Oct 13 18:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 58968 ssh2 [preauth]
Oct 13 18:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7507]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7502]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7505]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7506]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7504]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7501]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7507]: pam_unix(cron:session): session closed for user root
Oct 13 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7501]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7582]: Successful su for rubyman by root
Oct 13 18:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7582]: + ??? root:rubyman
Oct 13 18:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406342 of user rubyman.
Oct 13 18:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7582]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406342.
Oct 13 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7496]: Failed password for root from 47.243.251.225 port 59114 ssh2
Oct 13 18:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7496]: Failed password for root from 47.243.251.225 port 59114 ssh2
Oct 13 18:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7496]: Failed password for root from 47.243.251.225 port 59114 ssh2
Oct 13 18:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7504]: pam_unix(cron:session): session closed for user root
Oct 13 18:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7496]: Failed password for root from 47.243.251.225 port 59114 ssh2
Oct 13 18:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3792]: pam_unix(cron:session): session closed for user root
Oct 13 18:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7496]: Failed password for root from 47.243.251.225 port 59114 ssh2
Oct 13 18:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7496]: Failed password for root from 47.243.251.225 port 59114 ssh2
Oct 13 18:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7496]: error: maximum authentication attempts exceeded for root from 47.243.251.225 port 59114 ssh2 [preauth]
Oct 13 18:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7496]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7496]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7496]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7812]: Failed password for root from 47.243.251.225 port 59276 ssh2
Oct 13 18:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7812]: Failed password for root from 47.243.251.225 port 59276 ssh2
Oct 13 18:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7812]: Disconnecting: Change of username or service not allowed: (root,ssh-connection) -> (dev,ssh-connection) [preauth]
Oct 13 18:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7812]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225  user=root
Oct 13 18:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7502]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Invalid user dev from 47.243.251.225
Oct 13 18:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: input_userauth_request: invalid user dev [preauth]
Oct 13 18:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225
Oct 13 18:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Failed password for invalid user dev from 47.243.251.225 port 59352 ssh2
Oct 13 18:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Failed password for invalid user dev from 47.243.251.225 port 59352 ssh2
Oct 13 18:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Failed password for invalid user dev from 47.243.251.225 port 59352 ssh2
Oct 13 18:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Failed password for invalid user dev from 47.243.251.225 port 59352 ssh2
Oct 13 18:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Failed password for invalid user dev from 47.243.251.225 port 59352 ssh2
Oct 13 18:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Failed password for invalid user dev from 47.243.251.225 port 59352 ssh2
Oct 13 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: error: maximum authentication attempts exceeded for invalid user dev from 47.243.251.225 port 59352 ssh2 [preauth]
Oct 13 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225
Oct 13 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: Invalid user dev from 47.243.251.225
Oct 13 18:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: input_userauth_request: invalid user dev [preauth]
Oct 13 18:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225
Oct 13 18:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: Failed password for invalid user dev from 47.243.251.225 port 59530 ssh2
Oct 13 18:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: Failed password for invalid user dev from 47.243.251.225 port 59530 ssh2
Oct 13 18:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6372]: pam_unix(cron:session): session closed for user root
Oct 13 18:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: Failed password for invalid user dev from 47.243.251.225 port 59530 ssh2
Oct 13 18:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: Failed password for invalid user dev from 47.243.251.225 port 59530 ssh2
Oct 13 18:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: Failed password for invalid user dev from 47.243.251.225 port 59530 ssh2
Oct 13 18:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: Failed password for invalid user dev from 47.243.251.225 port 59530 ssh2
Oct 13 18:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: error: maximum authentication attempts exceeded for invalid user dev from 47.243.251.225 port 59530 ssh2 [preauth]
Oct 13 18:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225
Oct 13 18:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: Invalid user dev from 47.243.251.225
Oct 13 18:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: input_userauth_request: invalid user dev [preauth]
Oct 13 18:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225
Oct 13 18:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: Failed password for invalid user dev from 47.243.251.225 port 60710 ssh2
Oct 13 18:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: Failed password for invalid user dev from 47.243.251.225 port 60710 ssh2
Oct 13 18:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 13 18:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Failed password for root from 62.60.131.157 port 62235 ssh2
Oct 13 18:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: Failed password for invalid user dev from 47.243.251.225 port 60710 ssh2
Oct 13 18:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Failed password for root from 62.60.131.157 port 62235 ssh2
Oct 13 18:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: Failed password for invalid user dev from 47.243.251.225 port 60710 ssh2
Oct 13 18:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Failed password for root from 62.60.131.157 port 62235 ssh2
Oct 13 18:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: Failed password for invalid user dev from 47.243.251.225 port 60710 ssh2
Oct 13 18:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: Disconnecting: Change of username or service not allowed: (dev,ssh-connection) -> (test,ssh-connection) [preauth]
Oct 13 18:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225
Oct 13 18:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 18:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Failed password for root from 62.60.131.157 port 62235 ssh2
Oct 13 18:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Invalid user test from 47.243.251.225
Oct 13 18:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: input_userauth_request: invalid user test [preauth]
Oct 13 18:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225
Oct 13 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8450]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8451]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8448]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Failed password for root from 62.60.131.157 port 62235 ssh2
Oct 13 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Failed password for invalid user test from 47.243.251.225 port 32830 ssh2
Oct 13 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Received disconnect from 62.60.131.157 port 62235:11: Bye [preauth]
Oct 13 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Disconnected from 62.60.131.157 port 62235 [preauth]
Oct 13 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 13 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: PAM service(sshd) ignoring max retries; 4 > 3
Oct 13 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8530]: Successful su for rubyman by root
Oct 13 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8530]: + ??? root:rubyman
Oct 13 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406350 of user rubyman.
Oct 13 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8530]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406350.
Oct 13 18:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Failed password for invalid user test from 47.243.251.225 port 32830 ssh2
Oct 13 18:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Failed password for invalid user test from 47.243.251.225 port 32830 ssh2
Oct 13 18:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Failed password for invalid user test from 47.243.251.225 port 32830 ssh2
Oct 13 18:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Failed password for invalid user test from 47.243.251.225 port 32830 ssh2
Oct 13 18:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Failed password for invalid user test from 47.243.251.225 port 32830 ssh2
Oct 13 18:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: error: maximum authentication attempts exceeded for invalid user test from 47.243.251.225 port 32830 ssh2 [preauth]
Oct 13 18:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225
Oct 13 18:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Invalid user test from 47.243.251.225
Oct 13 18:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: input_userauth_request: invalid user test [preauth]
Oct 13 18:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225
Oct 13 18:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4316]: pam_unix(cron:session): session closed for user root
Oct 13 18:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Failed password for invalid user test from 47.243.251.225 port 33024 ssh2
Oct 13 18:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Failed password for invalid user test from 47.243.251.225 port 33024 ssh2
Oct 13 18:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8449]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Failed password for invalid user test from 47.243.251.225 port 33024 ssh2
Oct 13 18:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Failed password for invalid user test from 47.243.251.225 port 33024 ssh2
Oct 13 18:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Failed password for invalid user test from 47.243.251.225 port 33024 ssh2
Oct 13 18:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Disconnecting: Change of username or service not allowed: (test,ssh-connection) -> (ubuntu,ssh-connection) [preauth]
Oct 13 18:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225
Oct 13 18:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 18:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: Invalid user ubuntu from 47.243.251.225
Oct 13 18:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 18:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225
Oct 13 18:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: Failed password for invalid user ubuntu from 47.243.251.225 port 33184 ssh2
Oct 13 18:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: Failed password for invalid user ubuntu from 47.243.251.225 port 33184 ssh2
Oct 13 18:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: Failed password for invalid user ubuntu from 47.243.251.225 port 33184 ssh2
Oct 13 18:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: Failed password for invalid user ubuntu from 47.243.251.225 port 33184 ssh2
Oct 13 18:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: Failed password for invalid user ubuntu from 47.243.251.225 port 33184 ssh2
Oct 13 18:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: Failed password for invalid user ubuntu from 47.243.251.225 port 33184 ssh2
Oct 13 18:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: error: maximum authentication attempts exceeded for invalid user ubuntu from 47.243.251.225 port 33184 ssh2 [preauth]
Oct 13 18:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: Disconnecting: Too many authentication failures [preauth]
Oct 13 18:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225
Oct 13 18:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8903]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 13 18:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: Invalid user ubuntu from 47.243.251.225
Oct 13 18:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 18:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225
Oct 13 18:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6933]: pam_unix(cron:session): session closed for user root
Oct 13 18:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: Failed password for invalid user ubuntu from 47.243.251.225 port 33374 ssh2
Oct 13 18:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: Failed password for invalid user ubuntu from 47.243.251.225 port 33374 ssh2
Oct 13 18:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: Failed password for invalid user ubuntu from 47.243.251.225 port 33374 ssh2
Oct 13 18:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: Failed password for invalid user ubuntu from 47.243.251.225 port 33374 ssh2
Oct 13 18:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: Connection closed by 47.243.251.225 port 33374 [preauth]
Oct 13 18:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.251.225
Oct 13 18:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: PAM service(sshd) ignoring max retries; 4 > 3
Oct 13 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9041]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9042]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9039]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9117]: Successful su for rubyman by root
Oct 13 18:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9117]: + ??? root:rubyman
Oct 13 18:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9117]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406352 of user rubyman.
Oct 13 18:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9117]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406352.
Oct 13 18:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5080]: pam_unix(cron:session): session closed for user root
Oct 13 18:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9040]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 18:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9511]: Failed password for root from 194.182.86.152 port 42302 ssh2
Oct 13 18:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9511]: Connection closed by 194.182.86.152 port 42302 [preauth]
Oct 13 18:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7506]: pam_unix(cron:session): session closed for user root
Oct 13 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9660]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9657]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9655]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9656]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9655]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9844]: Successful su for rubyman by root
Oct 13 18:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9844]: + ??? root:rubyman
Oct 13 18:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406356 of user rubyman.
Oct 13 18:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9844]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406356.
Oct 13 18:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5916]: pam_unix(cron:session): session closed for user root
Oct 13 18:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9656]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: Did not receive identification string from 31.58.220.239
Oct 13 18:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8451]: pam_unix(cron:session): session closed for user root
Oct 13 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10259]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10260]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10252]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10254]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10450]: Successful su for rubyman by root
Oct 13 18:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10450]: + ??? root:rubyman
Oct 13 18:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406361 of user rubyman.
Oct 13 18:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10450]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406361.
Oct 13 18:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10252]: pam_unix(cron:session): session closed for user root
Oct 13 18:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6370]: pam_unix(cron:session): session closed for user root
Oct 13 18:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10256]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9042]: pam_unix(cron:session): session closed for user root
Oct 13 18:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 18:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: Failed password for root from 194.182.86.152 port 58096 ssh2
Oct 13 18:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: Connection closed by 194.182.86.152 port 58096 [preauth]
Oct 13 18:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 13 18:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: Failed password for root from 190.103.202.7 port 33512 ssh2
Oct 13 18:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: Connection closed by 190.103.202.7 port 33512 [preauth]
Oct 13 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10846]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10847]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10845]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session closed for user root
Oct 13 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10843]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10929]: Successful su for rubyman by root
Oct 13 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10929]: + ??? root:rubyman
Oct 13 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406366 of user rubyman.
Oct 13 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10929]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406366.
Oct 13 18:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10845]: pam_unix(cron:session): session closed for user root
Oct 13 18:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6932]: pam_unix(cron:session): session closed for user root
Oct 13 18:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10844]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9660]: pam_unix(cron:session): session closed for user root
Oct 13 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11334]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11333]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11330]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11411]: Successful su for rubyman by root
Oct 13 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11411]: + ??? root:rubyman
Oct 13 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406372 of user rubyman.
Oct 13 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11411]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406372.
Oct 13 18:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7505]: pam_unix(cron:session): session closed for user root
Oct 13 18:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11332]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10260]: pam_unix(cron:session): session closed for user root
Oct 13 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11909]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11906]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11907]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11905]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11905]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11977]: Successful su for rubyman by root
Oct 13 18:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11977]: + ??? root:rubyman
Oct 13 18:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406376 of user rubyman.
Oct 13 18:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11977]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406376.
Oct 13 18:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8450]: pam_unix(cron:session): session closed for user root
Oct 13 18:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11906]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10847]: pam_unix(cron:session): session closed for user root
Oct 13 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12373]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12374]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12370]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12447]: Successful su for rubyman by root
Oct 13 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12447]: + ??? root:rubyman
Oct 13 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406381 of user rubyman.
Oct 13 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12447]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406381.
Oct 13 18:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9041]: pam_unix(cron:session): session closed for user root
Oct 13 18:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12372]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11334]: pam_unix(cron:session): session closed for user root
Oct 13 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12861]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12859]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12858]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12856]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12948]: Successful su for rubyman by root
Oct 13 18:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12948]: + ??? root:rubyman
Oct 13 18:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406383 of user rubyman.
Oct 13 18:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12948]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406383.
Oct 13 18:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9657]: pam_unix(cron:session): session closed for user root
Oct 13 18:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12858]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11909]: pam_unix(cron:session): session closed for user root
Oct 13 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13466]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13467]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13465]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13468]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13468]: pam_unix(cron:session): session closed for user root
Oct 13 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13463]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13549]: Successful su for rubyman by root
Oct 13 18:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13549]: + ??? root:rubyman
Oct 13 18:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406388 of user rubyman.
Oct 13 18:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13549]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406388.
Oct 13 18:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13465]: pam_unix(cron:session): session closed for user root
Oct 13 18:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10259]: pam_unix(cron:session): session closed for user root
Oct 13 18:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13464]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12374]: pam_unix(cron:session): session closed for user root
Oct 13 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13972]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13974]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13973]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13971]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13971]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14140]: Successful su for rubyman by root
Oct 13 18:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14140]: + ??? root:rubyman
Oct 13 18:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406393 of user rubyman.
Oct 13 18:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14140]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406393.
Oct 13 18:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10846]: pam_unix(cron:session): session closed for user root
Oct 13 18:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13972]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12861]: pam_unix(cron:session): session closed for user root
Oct 13 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14514]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14515]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14509]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14509]: pam_unix(cron:session): session closed for user root
Oct 13 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14512]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14588]: Successful su for rubyman by root
Oct 13 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14588]: + ??? root:rubyman
Oct 13 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406399 of user rubyman.
Oct 13 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14588]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406399.
Oct 13 18:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11333]: pam_unix(cron:session): session closed for user root
Oct 13 18:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14513]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13467]: pam_unix(cron:session): session closed for user root
Oct 13 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14982]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14981]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14980]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14979]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15148]: Successful su for rubyman by root
Oct 13 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15148]: + ??? root:rubyman
Oct 13 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406404 of user rubyman.
Oct 13 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15148]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406404.
Oct 13 18:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11907]: pam_unix(cron:session): session closed for user root
Oct 13 18:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14980]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74  user=root
Oct 13 18:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: Failed password for root from 78.128.112.74 port 56336 ssh2
Oct 13 18:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: Connection closed by 78.128.112.74 port 56336 [preauth]
Oct 13 18:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13974]: pam_unix(cron:session): session closed for user root
Oct 13 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15529]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15528]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15526]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15605]: Successful su for rubyman by root
Oct 13 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15605]: + ??? root:rubyman
Oct 13 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15605]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406407 of user rubyman.
Oct 13 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15605]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406407.
Oct 13 18:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12373]: pam_unix(cron:session): session closed for user root
Oct 13 18:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15527]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14515]: pam_unix(cron:session): session closed for user root
Oct 13 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15981]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15986]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15988]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15984]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15980]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15988]: pam_unix(cron:session): session closed for user root
Oct 13 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15979]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16067]: Successful su for rubyman by root
Oct 13 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16067]: + ??? root:rubyman
Oct 13 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406413 of user rubyman.
Oct 13 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16067]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406413.
Oct 13 18:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15981]: pam_unix(cron:session): session closed for user root
Oct 13 18:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12859]: pam_unix(cron:session): session closed for user root
Oct 13 18:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15980]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14982]: pam_unix(cron:session): session closed for user root
Oct 13 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16478]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16475]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16473]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16560]: Successful su for rubyman by root
Oct 13 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16560]: + ??? root:rubyman
Oct 13 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406418 of user rubyman.
Oct 13 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16560]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406418.
Oct 13 18:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13466]: pam_unix(cron:session): session closed for user root
Oct 13 18:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16474]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15529]: pam_unix(cron:session): session closed for user root
Oct 13 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16943]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16941]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16939]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17016]: Successful su for rubyman by root
Oct 13 18:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17016]: + ??? root:rubyman
Oct 13 18:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406420 of user rubyman.
Oct 13 18:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17016]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406420.
Oct 13 18:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 18:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: Failed password for root from 194.182.86.152 port 45542 ssh2
Oct 13 18:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: Connection closed by 194.182.86.152 port 45542 [preauth]
Oct 13 18:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13973]: pam_unix(cron:session): session closed for user root
Oct 13 18:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16940]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 18:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17325]: Failed password for root from 194.182.86.152 port 43418 ssh2
Oct 13 18:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15986]: pam_unix(cron:session): session closed for user root
Oct 13 18:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17325]: Connection closed by 194.182.86.152 port 43418 [preauth]
Oct 13 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17415]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17412]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17410]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17478]: Successful su for rubyman by root
Oct 13 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17478]: + ??? root:rubyman
Oct 13 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406424 of user rubyman.
Oct 13 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17478]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406424.
Oct 13 18:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14514]: pam_unix(cron:session): session closed for user root
Oct 13 18:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17411]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16478]: pam_unix(cron:session): session closed for user root
Oct 13 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17942]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17941]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17939]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18026]: Successful su for rubyman by root
Oct 13 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18026]: + ??? root:rubyman
Oct 13 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18026]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406428 of user rubyman.
Oct 13 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18026]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406428.
Oct 13 18:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14981]: pam_unix(cron:session): session closed for user root
Oct 13 18:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: Bad protocol version identification '\026\003\001' from 93.123.109.214 port 53234
Oct 13 18:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: Bad protocol version identification 'GET / HTTP/1.1' from 93.123.109.214 port 53246
Oct 13 18:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17940]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16943]: pam_unix(cron:session): session closed for user root
Oct 13 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18656]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18653]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18655]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18654]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18656]: pam_unix(cron:session): session closed for user root
Oct 13 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18649]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18736]: Successful su for rubyman by root
Oct 13 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18736]: + ??? root:rubyman
Oct 13 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406436 of user rubyman.
Oct 13 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18736]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406436.
Oct 13 18:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18653]: pam_unix(cron:session): session closed for user root
Oct 13 18:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15528]: pam_unix(cron:session): session closed for user root
Oct 13 18:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: Invalid user xd from 164.68.105.9
Oct 13 18:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: input_userauth_request: invalid user xd [preauth]
Oct 13 18:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 18:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18652]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: Failed password for invalid user xd from 164.68.105.9 port 43664 ssh2
Oct 13 18:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: Connection closed by 164.68.105.9 port 43664 [preauth]
Oct 13 18:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17415]: pam_unix(cron:session): session closed for user root
Oct 13 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19330]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19328]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19313]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19565]: Successful su for rubyman by root
Oct 13 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19565]: + ??? root:rubyman
Oct 13 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406438 of user rubyman.
Oct 13 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19565]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406438.
Oct 13 18:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15984]: pam_unix(cron:session): session closed for user root
Oct 13 18:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19314]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17942]: pam_unix(cron:session): session closed for user root
Oct 13 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20116]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20117]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20113]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20203]: Successful su for rubyman by root
Oct 13 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20203]: + ??? root:rubyman
Oct 13 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406445 of user rubyman.
Oct 13 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20203]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406445.
Oct 13 18:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16475]: pam_unix(cron:session): session closed for user root
Oct 13 18:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20115]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18655]: pam_unix(cron:session): session closed for user root
Oct 13 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20617]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20618]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20613]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20693]: Successful su for rubyman by root
Oct 13 18:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20693]: + ??? root:rubyman
Oct 13 18:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406446 of user rubyman.
Oct 13 18:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20693]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406446.
Oct 13 18:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16941]: pam_unix(cron:session): session closed for user root
Oct 13 18:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20616]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19330]: pam_unix(cron:session): session closed for user root
Oct 13 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21071]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21073]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21072]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21070]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21070]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21148]: Successful su for rubyman by root
Oct 13 18:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21148]: + ??? root:rubyman
Oct 13 18:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406452 of user rubyman.
Oct 13 18:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21148]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406452.
Oct 13 18:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17412]: pam_unix(cron:session): session closed for user root
Oct 13 18:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21071]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20117]: pam_unix(cron:session): session closed for user root
Oct 13 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21588]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21592]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21593]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21594]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21594]: pam_unix(cron:session): session closed for user root
Oct 13 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21586]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21672]: Successful su for rubyman by root
Oct 13 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21672]: + ??? root:rubyman
Oct 13 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21672]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406454 of user rubyman.
Oct 13 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21672]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406454.
Oct 13 18:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21588]: pam_unix(cron:session): session closed for user root
Oct 13 18:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17941]: pam_unix(cron:session): session closed for user root
Oct 13 18:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21587]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20618]: pam_unix(cron:session): session closed for user root
Oct 13 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22092]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22093]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22090]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22090]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22212]: Successful su for rubyman by root
Oct 13 18:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22212]: + ??? root:rubyman
Oct 13 18:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406462 of user rubyman.
Oct 13 18:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22212]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406462.
Oct 13 18:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18654]: pam_unix(cron:session): session closed for user root
Oct 13 18:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22091]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 18:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21073]: pam_unix(cron:session): session closed for user root
Oct 13 18:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22496]: Failed password for root from 80.211.129.128 port 52872 ssh2
Oct 13 18:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22496]: Connection closed by 80.211.129.128 port 52872 [preauth]
Oct 13 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22595]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22596]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22593]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22689]: Successful su for rubyman by root
Oct 13 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22689]: + ??? root:rubyman
Oct 13 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406464 of user rubyman.
Oct 13 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22689]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406464.
Oct 13 18:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19328]: pam_unix(cron:session): session closed for user root
Oct 13 18:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22594]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21593]: pam_unix(cron:session): session closed for user root
Oct 13 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23776]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23775]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23770]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23849]: Successful su for rubyman by root
Oct 13 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23849]: + ??? root:rubyman
Oct 13 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406468 of user rubyman.
Oct 13 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23849]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406468.
Oct 13 18:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20116]: pam_unix(cron:session): session closed for user root
Oct 13 18:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23773]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22093]: pam_unix(cron:session): session closed for user root
Oct 13 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24281]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24280]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24277]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24358]: Successful su for rubyman by root
Oct 13 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24358]: + ??? root:rubyman
Oct 13 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406473 of user rubyman.
Oct 13 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24358]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406473.
Oct 13 18:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20617]: pam_unix(cron:session): session closed for user root
Oct 13 18:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24278]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22596]: pam_unix(cron:session): session closed for user root
Oct 13 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24793]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24794]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24792]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24790]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24794]: pam_unix(cron:session): session closed for user root
Oct 13 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24788]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24863]: Successful su for rubyman by root
Oct 13 18:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24863]: + ??? root:rubyman
Oct 13 18:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24863]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406476 of user rubyman.
Oct 13 18:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24863]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406476.
Oct 13 18:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24790]: pam_unix(cron:session): session closed for user root
Oct 13 18:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21072]: pam_unix(cron:session): session closed for user root
Oct 13 18:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24789]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Invalid user admin from 2.57.121.112
Oct 13 18:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: input_userauth_request: invalid user admin [preauth]
Oct 13 18:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 18:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Failed password for invalid user admin from 2.57.121.112 port 26493 ssh2
Oct 13 18:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Failed password for invalid user admin from 2.57.121.112 port 26493 ssh2
Oct 13 18:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Failed password for invalid user admin from 2.57.121.112 port 26493 ssh2
Oct 13 18:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Failed password for invalid user admin from 2.57.121.112 port 26493 ssh2
Oct 13 18:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Failed password for invalid user admin from 2.57.121.112 port 26493 ssh2
Oct 13 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Received disconnect from 2.57.121.112 port 26493:11: Bye [preauth]
Oct 13 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Disconnected from 2.57.121.112 port 26493 [preauth]
Oct 13 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 18:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23776]: pam_unix(cron:session): session closed for user root
Oct 13 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25542]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25541]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25538]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25624]: Successful su for rubyman by root
Oct 13 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25624]: + ??? root:rubyman
Oct 13 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406484 of user rubyman.
Oct 13 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25624]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406484.
Oct 13 18:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21592]: pam_unix(cron:session): session closed for user root
Oct 13 18:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25540]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24281]: pam_unix(cron:session): session closed for user root
Oct 13 18:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: Invalid user deployuser from 186.96.145.241
Oct 13 18:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: input_userauth_request: invalid user deployuser [preauth]
Oct 13 18:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 13 18:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: Failed password for invalid user deployuser from 186.96.145.241 port 33538 ssh2
Oct 13 18:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: Connection closed by 186.96.145.241 port 33538 [preauth]
Oct 13 18:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: Invalid user oracleadmin from 164.68.105.9
Oct 13 18:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: input_userauth_request: invalid user oracleadmin [preauth]
Oct 13 18:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 18:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: Failed password for invalid user oracleadmin from 164.68.105.9 port 33956 ssh2
Oct 13 18:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: Connection closed by 164.68.105.9 port 33956 [preauth]
Oct 13 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26113]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26112]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26109]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26176]: Successful su for rubyman by root
Oct 13 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26176]: + ??? root:rubyman
Oct 13 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406487 of user rubyman.
Oct 13 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26176]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406487.
Oct 13 18:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22092]: pam_unix(cron:session): session closed for user root
Oct 13 18:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26110]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24793]: pam_unix(cron:session): session closed for user root
Oct 13 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26675]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26673]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26673]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26767]: Successful su for rubyman by root
Oct 13 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26767]: + ??? root:rubyman
Oct 13 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406491 of user rubyman.
Oct 13 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26767]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406491.
Oct 13 18:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22595]: pam_unix(cron:session): session closed for user root
Oct 13 18:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 13 18:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: Failed password for root from 20.163.71.109 port 58926 ssh2
Oct 13 18:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: Connection closed by 20.163.71.109 port 58926 [preauth]
Oct 13 18:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26674]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25542]: pam_unix(cron:session): session closed for user root
Oct 13 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27388]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27389]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27383]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27386]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27854]: Successful su for rubyman by root
Oct 13 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27854]: + ??? root:rubyman
Oct 13 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406496 of user rubyman.
Oct 13 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27854]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406496.
Oct 13 18:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27383]: pam_unix(cron:session): session closed for user root
Oct 13 18:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23775]: pam_unix(cron:session): session closed for user root
Oct 13 18:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27387]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26113]: pam_unix(cron:session): session closed for user root
Oct 13 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28263]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28262]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28265]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28261]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28265]: pam_unix(cron:session): session closed for user root
Oct 13 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28256]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28349]: Successful su for rubyman by root
Oct 13 18:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28349]: + ??? root:rubyman
Oct 13 18:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406499 of user rubyman.
Oct 13 18:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28349]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406499.
Oct 13 18:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28261]: pam_unix(cron:session): session closed for user root
Oct 13 18:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24280]: pam_unix(cron:session): session closed for user root
Oct 13 18:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28259]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session closed for user root
Oct 13 18:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 18:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: Failed password for root from 194.182.86.152 port 60434 ssh2
Oct 13 18:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: Connection closed by 194.182.86.152 port 60434 [preauth]
Oct 13 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29129]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29128]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29124]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29225]: Successful su for rubyman by root
Oct 13 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29225]: + ??? root:rubyman
Oct 13 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406506 of user rubyman.
Oct 13 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29225]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406506.
Oct 13 18:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24792]: pam_unix(cron:session): session closed for user root
Oct 13 18:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29125]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27389]: pam_unix(cron:session): session closed for user root
Oct 13 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29641]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29639]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29712]: Successful su for rubyman by root
Oct 13 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29712]: + ??? root:rubyman
Oct 13 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406511 of user rubyman.
Oct 13 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29712]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406511.
Oct 13 18:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25541]: pam_unix(cron:session): session closed for user root
Oct 13 18:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29635]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28263]: pam_unix(cron:session): session closed for user root
Oct 13 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30149]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30148]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30144]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30232]: Successful su for rubyman by root
Oct 13 18:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30232]: + ??? root:rubyman
Oct 13 18:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406513 of user rubyman.
Oct 13 18:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30232]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406513.
Oct 13 18:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26112]: pam_unix(cron:session): session closed for user root
Oct 13 18:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30145]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29129]: pam_unix(cron:session): session closed for user root
Oct 13 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30747]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30749]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30744]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30812]: Successful su for rubyman by root
Oct 13 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30812]: + ??? root:rubyman
Oct 13 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406518 of user rubyman.
Oct 13 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30812]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406518.
Oct 13 18:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26675]: pam_unix(cron:session): session closed for user root
Oct 13 18:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30745]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29641]: pam_unix(cron:session): session closed for user root
Oct 13 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31224]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31223]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31226]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31225]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31226]: pam_unix(cron:session): session closed for user root
Oct 13 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31221]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31300]: Successful su for rubyman by root
Oct 13 18:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31300]: + ??? root:rubyman
Oct 13 18:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406526 of user rubyman.
Oct 13 18:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31300]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406526.
Oct 13 18:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31223]: pam_unix(cron:session): session closed for user root
Oct 13 18:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27388]: pam_unix(cron:session): session closed for user root
Oct 13 18:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31222]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30149]: pam_unix(cron:session): session closed for user root
Oct 13 18:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 18:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Failed password for root from 80.211.129.128 port 50644 ssh2
Oct 13 18:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31832]: Connection closed by 80.211.129.128 port 50644 [preauth]
Oct 13 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31871]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31870]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31868]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31965]: Successful su for rubyman by root
Oct 13 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31965]: + ??? root:rubyman
Oct 13 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406528 of user rubyman.
Oct 13 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31965]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406528.
Oct 13 18:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28262]: pam_unix(cron:session): session closed for user root
Oct 13 18:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31869]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30749]: pam_unix(cron:session): session closed for user root
Oct 13 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32425]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32424]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32421]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32491]: Successful su for rubyman by root
Oct 13 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32491]: + ??? root:rubyman
Oct 13 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406531 of user rubyman.
Oct 13 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32491]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406531.
Oct 13 18:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29128]: pam_unix(cron:session): session closed for user root
Oct 13 18:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32422]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31225]: pam_unix(cron:session): session closed for user root
Oct 13 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[433]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[432]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[429]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[429]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[509]: Successful su for rubyman by root
Oct 13 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[509]: + ??? root:rubyman
Oct 13 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406536 of user rubyman.
Oct 13 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[509]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406536.
Oct 13 18:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29639]: pam_unix(cron:session): session closed for user root
Oct 13 18:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[431]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31871]: pam_unix(cron:session): session closed for user root
Oct 13 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[967]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[969]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[965]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1075]: Successful su for rubyman by root
Oct 13 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1075]: + ??? root:rubyman
Oct 13 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406540 of user rubyman.
Oct 13 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1075]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406540.
Oct 13 18:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30148]: pam_unix(cron:session): session closed for user root
Oct 13 18:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: Invalid user  from 62.60.131.157
Oct 13 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: input_userauth_request: invalid user  [preauth]
Oct 13 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: Failed none for invalid user  from 62.60.131.157 port 61366 ssh2
Oct 13 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[966]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: Received disconnect from 62.60.131.157 port 61366:11: Bye [preauth]
Oct 13 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: Disconnected from 62.60.131.157 port 61366 [preauth]
Oct 13 18:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32425]: pam_unix(cron:session): session closed for user root
Oct 13 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1502]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1500]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1504]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1501]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1504]: pam_unix(cron:session): session closed for user root
Oct 13 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1498]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1575]: Successful su for rubyman by root
Oct 13 18:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1575]: + ??? root:rubyman
Oct 13 18:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406544 of user rubyman.
Oct 13 18:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1575]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406544.
Oct 13 18:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1500]: pam_unix(cron:session): session closed for user root
Oct 13 18:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30747]: pam_unix(cron:session): session closed for user root
Oct 13 18:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1499]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[433]: pam_unix(cron:session): session closed for user root
Oct 13 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2106]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2103]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2105]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2104]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2103]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2196]: Successful su for rubyman by root
Oct 13 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2196]: + ??? root:rubyman
Oct 13 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406550 of user rubyman.
Oct 13 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2196]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406550.
Oct 13 18:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31224]: pam_unix(cron:session): session closed for user root
Oct 13 18:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2104]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[969]: pam_unix(cron:session): session closed for user root
Oct 13 18:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 135.237.126.194 port 36012
Oct 13 18:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Connection closed by 135.237.126.194 port 36004 [preauth]
Oct 13 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2581]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2580]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2578]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2644]: Successful su for rubyman by root
Oct 13 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2644]: + ??? root:rubyman
Oct 13 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406553 of user rubyman.
Oct 13 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2644]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406553.
Oct 13 18:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31870]: pam_unix(cron:session): session closed for user root
Oct 13 18:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2579]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1502]: pam_unix(cron:session): session closed for user root
Oct 13 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3026]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3027]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3024]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3093]: Successful su for rubyman by root
Oct 13 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3093]: + ??? root:rubyman
Oct 13 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406560 of user rubyman.
Oct 13 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3093]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406560.
Oct 13 18:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32424]: pam_unix(cron:session): session closed for user root
Oct 13 18:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3025]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2106]: pam_unix(cron:session): session closed for user root
Oct 13 18:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: Invalid user admin from 2.57.121.25
Oct 13 18:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: input_userauth_request: invalid user admin [preauth]
Oct 13 18:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 18:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: Failed password for invalid user admin from 2.57.121.25 port 12637 ssh2
Oct 13 18:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: Failed password for invalid user admin from 2.57.121.25 port 12637 ssh2
Oct 13 18:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: Failed password for invalid user admin from 2.57.121.25 port 12637 ssh2
Oct 13 18:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: Failed password for invalid user admin from 2.57.121.25 port 12637 ssh2
Oct 13 18:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 18:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: Failed password for invalid user admin from 2.57.121.25 port 12637 ssh2
Oct 13 18:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: Received disconnect from 2.57.121.25 port 12637:11: Bye [preauth]
Oct 13 18:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: Disconnected from 2.57.121.25 port 12637 [preauth]
Oct 13 18:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 18:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3486]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3487]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3484]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3558]: Successful su for rubyman by root
Oct 13 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3558]: + ??? root:rubyman
Oct 13 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406562 of user rubyman.
Oct 13 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3558]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406562.
Oct 13 18:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[432]: pam_unix(cron:session): session closed for user root
Oct 13 18:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3485]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2581]: pam_unix(cron:session): session closed for user root
Oct 13 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3930]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3933]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3931]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3932]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3933]: pam_unix(cron:session): session closed for user root
Oct 13 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3928]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4031]: Successful su for rubyman by root
Oct 13 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4031]: + ??? root:rubyman
Oct 13 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406570 of user rubyman.
Oct 13 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4031]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406570.
Oct 13 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 18:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4016]: Failed password for root from 194.182.86.152 port 43256 ssh2
Oct 13 18:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4016]: Connection closed by 194.182.86.152 port 43256 [preauth]
Oct 13 18:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[967]: pam_unix(cron:session): session closed for user root
Oct 13 18:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3930]: pam_unix(cron:session): session closed for user root
Oct 13 18:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4295]: Bad protocol version identification '\026\003\001' from 64.62.156.94 port 41616
Oct 13 18:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3929]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3027]: pam_unix(cron:session): session closed for user root
Oct 13 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4476]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4478]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4474]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4556]: Successful su for rubyman by root
Oct 13 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4556]: + ??? root:rubyman
Oct 13 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406572 of user rubyman.
Oct 13 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4556]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406572.
Oct 13 18:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1501]: pam_unix(cron:session): session closed for user root
Oct 13 18:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4475]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3487]: pam_unix(cron:session): session closed for user root
Oct 13 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5232]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5283]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5309]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5232]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5549]: Successful su for rubyman by root
Oct 13 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5549]: + ??? root:rubyman
Oct 13 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406575 of user rubyman.
Oct 13 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5549]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406575.
Oct 13 18:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2105]: pam_unix(cron:session): session closed for user root
Oct 13 18:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5264]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 18:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: Failed password for root from 194.182.86.152 port 33602 ssh2
Oct 13 18:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: Connection closed by 194.182.86.152 port 33602 [preauth]
Oct 13 18:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3932]: pam_unix(cron:session): session closed for user root
Oct 13 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5962]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5963]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5960]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6028]: Successful su for rubyman by root
Oct 13 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6028]: + ??? root:rubyman
Oct 13 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406579 of user rubyman.
Oct 13 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6028]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406579.
Oct 13 18:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2580]: pam_unix(cron:session): session closed for user root
Oct 13 18:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5961]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4478]: pam_unix(cron:session): session closed for user root
Oct 13 18:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 18:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 18:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Failed password for root from 194.182.86.152 port 49666 ssh2
Oct 13 18:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Connection closed by 194.182.86.152 port 49666 [preauth]
Oct 13 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6395]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6396]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6397]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6394]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6394]: pam_unix(cron:session): session closed for user p13x
Oct 13 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6469]: Successful su for rubyman by root
Oct 13 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6469]: + ??? root:rubyman
Oct 13 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406585 of user rubyman.
Oct 13 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6469]: pam_unix(su:session): session closed for user rubyman
Oct 13 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406585.
Oct 13 18:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3026]: pam_unix(cron:session): session closed for user root
Oct 13 18:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6395]: pam_unix(cron:session): session closed for user samftp
Oct 13 18:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5309]: pam_unix(cron:session): session closed for user root
Oct 13 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6950]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6951]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6955]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6954]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6948]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6953]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6955]: pam_unix(cron:session): session closed for user root
Oct 13 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6950]: pam_unix(cron:session): session closed for user root
Oct 13 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6948]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[7105]: Successful su for rubyman by root
Oct 13 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[7105]: + ??? root:rubyman
Oct 13 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[7105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406592 of user rubyman.
Oct 13 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[7105]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406592.
Oct 13 19:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3486]: pam_unix(cron:session): session closed for user root
Oct 13 19:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6951]: pam_unix(cron:session): session closed for user root
Oct 13 19:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6949]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5963]: pam_unix(cron:session): session closed for user root
Oct 13 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7627]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7625]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7626]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7624]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7624]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7713]: Successful su for rubyman by root
Oct 13 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7713]: + ??? root:rubyman
Oct 13 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406595 of user rubyman.
Oct 13 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7713]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406595.
Oct 13 19:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3931]: pam_unix(cron:session): session closed for user root
Oct 13 19:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7625]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6397]: pam_unix(cron:session): session closed for user root
Oct 13 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8540]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8539]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8537]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8620]: Successful su for rubyman by root
Oct 13 19:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8620]: + ??? root:rubyman
Oct 13 19:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406599 of user rubyman.
Oct 13 19:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8620]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406599.
Oct 13 19:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4476]: pam_unix(cron:session): session closed for user root
Oct 13 19:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8538]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6954]: pam_unix(cron:session): session closed for user root
Oct 13 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9120]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9122]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9118]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9298]: Successful su for rubyman by root
Oct 13 19:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9298]: + ??? root:rubyman
Oct 13 19:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406605 of user rubyman.
Oct 13 19:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9298]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406605.
Oct 13 19:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5283]: pam_unix(cron:session): session closed for user root
Oct 13 19:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9119]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7627]: pam_unix(cron:session): session closed for user root
Oct 13 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9850]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9845]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9843]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9925]: Successful su for rubyman by root
Oct 13 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9925]: + ??? root:rubyman
Oct 13 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9925]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406607 of user rubyman.
Oct 13 19:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9925]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406607.
Oct 13 19:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5962]: pam_unix(cron:session): session closed for user root
Oct 13 19:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9844]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8540]: pam_unix(cron:session): session closed for user root
Oct 13 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10340]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10337]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10339]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10336]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10335]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10338]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10340]: pam_unix(cron:session): session closed for user root
Oct 13 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10335]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10420]: Successful su for rubyman by root
Oct 13 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10420]: + ??? root:rubyman
Oct 13 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406612 of user rubyman.
Oct 13 19:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10420]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406612.
Oct 13 19:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10337]: pam_unix(cron:session): session closed for user root
Oct 13 19:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6396]: pam_unix(cron:session): session closed for user root
Oct 13 19:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10336]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9122]: pam_unix(cron:session): session closed for user root
Oct 13 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10855]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10846]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10927]: Successful su for rubyman by root
Oct 13 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10927]: + ??? root:rubyman
Oct 13 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406616 of user rubyman.
Oct 13 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10927]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406616.
Oct 13 19:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6953]: pam_unix(cron:session): session closed for user root
Oct 13 19:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10847]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.85.77  user=root
Oct 13 19:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11170]: Failed password for root from 164.92.85.77 port 56808 ssh2
Oct 13 19:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11170]: Connection closed by 164.92.85.77 port 56808 [preauth]
Oct 13 19:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9850]: pam_unix(cron:session): session closed for user root
Oct 13 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11312]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11311]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11309]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11386]: Successful su for rubyman by root
Oct 13 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11386]: + ??? root:rubyman
Oct 13 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406620 of user rubyman.
Oct 13 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11386]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406620.
Oct 13 19:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7626]: pam_unix(cron:session): session closed for user root
Oct 13 19:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11310]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10339]: pam_unix(cron:session): session closed for user root
Oct 13 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11883]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11882]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11880]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11881]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11880]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11949]: Successful su for rubyman by root
Oct 13 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11949]: + ??? root:rubyman
Oct 13 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406625 of user rubyman.
Oct 13 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11949]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406625.
Oct 13 19:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8539]: pam_unix(cron:session): session closed for user root
Oct 13 19:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11881]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10855]: pam_unix(cron:session): session closed for user root
Oct 13 19:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.85.77  user=root
Oct 13 19:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: Failed password for root from 164.92.85.77 port 45324 ssh2
Oct 13 19:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: Invalid user pi from 164.92.85.77
Oct 13 19:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: input_userauth_request: invalid user pi [preauth]
Oct 13 19:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12325]: Connection closed by 164.92.85.77 port 45324 [preauth]
Oct 13 19:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.85.77
Oct 13 19:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: Failed password for invalid user pi from 164.92.85.77 port 45336 ssh2
Oct 13 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12366]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12367]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12362]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12364]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12340]: Invalid user hive from 164.92.85.77
Oct 13 19:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12340]: input_userauth_request: invalid user hive [preauth]
Oct 13 19:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12552]: Successful su for rubyman by root
Oct 13 19:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12552]: + ??? root:rubyman
Oct 13 19:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406630 of user rubyman.
Oct 13 19:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12552]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406630.
Oct 13 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12362]: pam_unix(cron:session): session closed for user root
Oct 13 19:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: Connection closed by 164.92.85.77 port 45336 [preauth]
Oct 13 19:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12340]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.85.77
Oct 13 19:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12340]: Failed password for invalid user hive from 164.92.85.77 port 45356 ssh2
Oct 13 19:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9120]: pam_unix(cron:session): session closed for user root
Oct 13 19:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: Invalid user git from 164.92.85.77
Oct 13 19:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: input_userauth_request: invalid user git [preauth]
Oct 13 19:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12340]: Connection closed by 164.92.85.77 port 45356 [preauth]
Oct 13 19:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.85.77
Oct 13 19:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12355]: Invalid user wang from 164.92.85.77
Oct 13 19:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12355]: input_userauth_request: invalid user wang [preauth]
Oct 13 19:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: Failed password for invalid user git from 164.92.85.77 port 37028 ssh2
Oct 13 19:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Invalid user nginx from 164.92.85.77
Oct 13 19:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: input_userauth_request: invalid user nginx [preauth]
Oct 13 19:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12365]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12355]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.85.77
Oct 13 19:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: Invalid user mongo from 164.92.85.77
Oct 13 19:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: input_userauth_request: invalid user mongo [preauth]
Oct 13 19:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: Connection closed by 164.92.85.77 port 37028 [preauth]
Oct 13 19:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.85.77
Oct 13 19:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12355]: Failed password for invalid user wang from 164.92.85.77 port 37040 ssh2
Oct 13 19:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: Invalid user user from 164.92.85.77
Oct 13 19:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: input_userauth_request: invalid user user [preauth]
Oct 13 19:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Failed password for invalid user nginx from 164.92.85.77 port 37056 ssh2
Oct 13 19:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Connection reset by 164.92.85.77 port 37056 [preauth]
Oct 13 19:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12355]: Connection reset by 164.92.85.77 port 37040 [preauth]
Oct 13 19:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: Connection reset by 164.92.85.77 port 57700 [preauth]
Oct 13 19:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12823]: Did not receive identification string from 164.92.85.77
Oct 13 19:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12657]: Connection reset by 164.92.85.77 port 37060 [preauth]
Oct 13 19:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12705]: Connection reset by 164.92.85.77 port 57692 [preauth]
Oct 13 19:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12839]: Did not receive identification string from 164.92.85.77
Oct 13 19:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11312]: pam_unix(cron:session): session closed for user root
Oct 13 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13001]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13008]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12998]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12997]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13008]: pam_unix(cron:session): session closed for user root
Oct 13 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12994]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13086]: Successful su for rubyman by root
Oct 13 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13086]: + ??? root:rubyman
Oct 13 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13086]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406633 of user rubyman.
Oct 13 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13086]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406633.
Oct 13 19:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12997]: pam_unix(cron:session): session closed for user root
Oct 13 19:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9845]: pam_unix(cron:session): session closed for user root
Oct 13 19:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12996]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11883]: pam_unix(cron:session): session closed for user root
Oct 13 19:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 13 19:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: Failed password for root from 20.163.71.109 port 36778 ssh2
Oct 13 19:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: Connection closed by 20.163.71.109 port 36778 [preauth]
Oct 13 19:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13606]: Failed password for root from 194.182.86.152 port 48352 ssh2
Oct 13 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13606]: Connection closed by 194.182.86.152 port 48352 [preauth]
Oct 13 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13628]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13627]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13625]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13701]: Bad protocol version identification '\026\003\001' from 93.123.109.214 port 57434
Oct 13 19:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13702]: Successful su for rubyman by root
Oct 13 19:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13702]: + ??? root:rubyman
Oct 13 19:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406639 of user rubyman.
Oct 13 19:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13702]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406639.
Oct 13 19:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13739]: Bad protocol version identification 'GET / HTTP/1.1' from 93.123.109.214 port 57444
Oct 13 19:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10338]: pam_unix(cron:session): session closed for user root
Oct 13 19:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13626]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12367]: pam_unix(cron:session): session closed for user root
Oct 13 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14193]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14266]: Successful su for rubyman by root
Oct 13 19:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14266]: + ??? root:rubyman
Oct 13 19:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406646 of user rubyman.
Oct 13 19:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14266]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406646.
Oct 13 19:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session closed for user root
Oct 13 19:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14194]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13001]: pam_unix(cron:session): session closed for user root
Oct 13 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14643]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14642]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14640]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14705]: Successful su for rubyman by root
Oct 13 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14705]: + ??? root:rubyman
Oct 13 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406647 of user rubyman.
Oct 13 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14705]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406647.
Oct 13 19:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11311]: pam_unix(cron:session): session closed for user root
Oct 13 19:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14641]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13628]: pam_unix(cron:session): session closed for user root
Oct 13 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15199]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15201]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15197]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15275]: Successful su for rubyman by root
Oct 13 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15275]: + ??? root:rubyman
Oct 13 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406652 of user rubyman.
Oct 13 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15275]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406652.
Oct 13 19:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11882]: pam_unix(cron:session): session closed for user root
Oct 13 19:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15198]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session closed for user root
Oct 13 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15667]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15665]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15664]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15666]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15667]: pam_unix(cron:session): session closed for user root
Oct 13 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15662]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15744]: Successful su for rubyman by root
Oct 13 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15744]: + ??? root:rubyman
Oct 13 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406659 of user rubyman.
Oct 13 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15744]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406659.
Oct 13 19:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15664]: pam_unix(cron:session): session closed for user root
Oct 13 19:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12366]: pam_unix(cron:session): session closed for user root
Oct 13 19:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14643]: pam_unix(cron:session): session closed for user root
Oct 13 19:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 19:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: Failed password for root from 80.211.129.128 port 34830 ssh2
Oct 13 19:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: Connection closed by 80.211.129.128 port 34830 [preauth]
Oct 13 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16153]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16154]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16151]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16229]: Successful su for rubyman by root
Oct 13 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16229]: + ??? root:rubyman
Oct 13 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406661 of user rubyman.
Oct 13 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16229]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406661.
Oct 13 19:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12998]: pam_unix(cron:session): session closed for user root
Oct 13 19:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16152]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15201]: pam_unix(cron:session): session closed for user root
Oct 13 19:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 13 19:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Failed password for root from 116.177.173.185 port 45554 ssh2
Oct 13 19:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Connection closed by 116.177.173.185 port 45554 [preauth]
Oct 13 19:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16627]: Invalid user admin from 116.177.173.185
Oct 13 19:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16627]: input_userauth_request: invalid user admin [preauth]
Oct 13 19:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16627]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16634]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16633]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16631]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16629]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16629]: pam_unix(cron:session): session closed for user root
Oct 13 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16631]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16627]: Failed password for invalid user admin from 116.177.173.185 port 47810 ssh2
Oct 13 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16627]: Connection closed by 116.177.173.185 port 47810 [preauth]
Oct 13 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16709]: Successful su for rubyman by root
Oct 13 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16709]: + ??? root:rubyman
Oct 13 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406666 of user rubyman.
Oct 13 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16709]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406666.
Oct 13 19:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: Invalid user ubuntu from 116.177.173.185
Oct 13 19:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 19:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: Failed password for invalid user ubuntu from 116.177.173.185 port 50400 ssh2
Oct 13 19:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: Connection closed by 116.177.173.185 port 50400 [preauth]
Oct 13 19:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: Invalid user pi from 116.177.173.185
Oct 13 19:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: input_userauth_request: invalid user pi [preauth]
Oct 13 19:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: Failed password for invalid user pi from 116.177.173.185 port 53062 ssh2
Oct 13 19:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: Connection closed by 116.177.173.185 port 53062 [preauth]
Oct 13 19:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13627]: pam_unix(cron:session): session closed for user root
Oct 13 19:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 13 19:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: Failed password for root from 116.177.173.185 port 55288 ssh2
Oct 13 19:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16882]: Connection closed by 116.177.173.185 port 55288 [preauth]
Oct 13 19:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: Invalid user kafka from 116.177.173.185
Oct 13 19:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: input_userauth_request: invalid user kafka [preauth]
Oct 13 19:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: Failed password for invalid user kafka from 116.177.173.185 port 57456 ssh2
Oct 13 19:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16914]: Connection closed by 116.177.173.185 port 57456 [preauth]
Oct 13 19:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16632]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16928]: Invalid user user from 116.177.173.185
Oct 13 19:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16928]: input_userauth_request: invalid user user [preauth]
Oct 13 19:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16928]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16928]: Failed password for invalid user user from 116.177.173.185 port 60050 ssh2
Oct 13 19:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16928]: Connection closed by 116.177.173.185 port 60050 [preauth]
Oct 13 19:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16971]: Invalid user orangepi from 116.177.173.185
Oct 13 19:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16971]: input_userauth_request: invalid user orangepi [preauth]
Oct 13 19:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16971]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16971]: Failed password for invalid user orangepi from 116.177.173.185 port 34150 ssh2
Oct 13 19:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16971]: Connection closed by 116.177.173.185 port 34150 [preauth]
Oct 13 19:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: Invalid user deploy from 116.177.173.185
Oct 13 19:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: input_userauth_request: invalid user deploy [preauth]
Oct 13 19:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: Failed password for invalid user deploy from 116.177.173.185 port 36472 ssh2
Oct 13 19:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: Connection closed by 116.177.173.185 port 36472 [preauth]
Oct 13 19:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: Invalid user odoo from 116.177.173.185
Oct 13 19:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: input_userauth_request: invalid user odoo [preauth]
Oct 13 19:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: Failed password for invalid user odoo from 116.177.173.185 port 39306 ssh2
Oct 13 19:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: Connection closed by 116.177.173.185 port 39306 [preauth]
Oct 13 19:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 13 19:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17001]: Failed password for root from 116.177.173.185 port 41928 ssh2
Oct 13 19:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17001]: Connection closed by 116.177.173.185 port 41928 [preauth]
Oct 13 19:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: Invalid user odoo18 from 116.177.173.185
Oct 13 19:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: input_userauth_request: invalid user odoo18 [preauth]
Oct 13 19:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: Failed password for invalid user odoo18 from 116.177.173.185 port 44652 ssh2
Oct 13 19:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: Connection closed by 116.177.173.185 port 44652 [preauth]
Oct 13 19:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 13 19:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17025]: Failed password for root from 116.177.173.185 port 47452 ssh2
Oct 13 19:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17025]: Connection closed by 116.177.173.185 port 47452 [preauth]
Oct 13 19:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15666]: pam_unix(cron:session): session closed for user root
Oct 13 19:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: User ftp from 116.177.173.185 not allowed because not listed in AllowUsers
Oct 13 19:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: input_userauth_request: invalid user ftp [preauth]
Oct 13 19:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=ftp
Oct 13 19:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: Failed password for invalid user ftp from 116.177.173.185 port 50368 ssh2
Oct 13 19:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: Connection closed by 116.177.173.185 port 50368 [preauth]
Oct 13 19:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: Invalid user deployer from 116.177.173.185
Oct 13 19:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: input_userauth_request: invalid user deployer [preauth]
Oct 13 19:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: Failed password for invalid user deployer from 116.177.173.185 port 53260 ssh2
Oct 13 19:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: Connection closed by 116.177.173.185 port 53260 [preauth]
Oct 13 19:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: Invalid user ubuntu from 116.177.173.185
Oct 13 19:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 19:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: Failed password for invalid user ubuntu from 116.177.173.185 port 55302 ssh2
Oct 13 19:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: Connection closed by 116.177.173.185 port 55302 [preauth]
Oct 13 19:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 13 19:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: Failed password for root from 116.177.173.185 port 57752 ssh2
Oct 13 19:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: Connection closed by 116.177.173.185 port 57752 [preauth]
Oct 13 19:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17110]: Invalid user ansible from 116.177.173.185
Oct 13 19:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17110]: input_userauth_request: invalid user ansible [preauth]
Oct 13 19:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17110]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17110]: Failed password for invalid user ansible from 116.177.173.185 port 60120 ssh2
Oct 13 19:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17110]: Connection closed by 116.177.173.185 port 60120 [preauth]
Oct 13 19:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: Invalid user oracle from 116.177.173.185
Oct 13 19:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: input_userauth_request: invalid user oracle [preauth]
Oct 13 19:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: Failed password for invalid user oracle from 116.177.173.185 port 34482 ssh2
Oct 13 19:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: Connection closed by 116.177.173.185 port 34482 [preauth]
Oct 13 19:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17134]: Invalid user odroid from 116.177.173.185
Oct 13 19:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17134]: input_userauth_request: invalid user odroid [preauth]
Oct 13 19:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17134]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17144]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17143]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17140]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17134]: Failed password for invalid user odroid from 116.177.173.185 port 37152 ssh2
Oct 13 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17134]: Connection closed by 116.177.173.185 port 37152 [preauth]
Oct 13 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17217]: Successful su for rubyman by root
Oct 13 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17217]: + ??? root:rubyman
Oct 13 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17217]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406672 of user rubyman.
Oct 13 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17217]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406672.
Oct 13 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17215]: Invalid user git from 116.177.173.185
Oct 13 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17215]: input_userauth_request: invalid user git [preauth]
Oct 13 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17215]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17215]: Failed password for invalid user git from 116.177.173.185 port 39820 ssh2
Oct 13 19:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17215]: Connection closed by 116.177.173.185 port 39820 [preauth]
Oct 13 19:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17304]: Invalid user esuser from 116.177.173.185
Oct 13 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17304]: input_userauth_request: invalid user esuser [preauth]
Oct 13 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17304]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17304]: Failed password for invalid user esuser from 116.177.173.185 port 41898 ssh2
Oct 13 19:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17304]: Connection closed by 116.177.173.185 port 41898 [preauth]
Oct 13 19:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: Invalid user pi from 116.177.173.185
Oct 13 19:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: input_userauth_request: invalid user pi [preauth]
Oct 13 19:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session closed for user root
Oct 13 19:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: Failed password for invalid user pi from 116.177.173.185 port 44236 ssh2
Oct 13 19:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: Connection closed by 116.177.173.185 port 44236 [preauth]
Oct 13 19:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17431]: Did not receive identification string from 196.251.114.29
Oct 13 19:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: Invalid user ubuntu from 116.177.173.185
Oct 13 19:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 19:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: Failed password for invalid user ubuntu from 116.177.173.185 port 46876 ssh2
Oct 13 19:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: Connection closed by 116.177.173.185 port 46876 [preauth]
Oct 13 19:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17141]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Invalid user guest from 116.177.173.185
Oct 13 19:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: input_userauth_request: invalid user guest [preauth]
Oct 13 19:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Failed password for invalid user guest from 116.177.173.185 port 49284 ssh2
Oct 13 19:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Connection closed by 116.177.173.185 port 49284 [preauth]
Oct 13 19:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 13 19:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: Failed password for root from 116.177.173.185 port 51816 ssh2
Oct 13 19:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: Connection closed by 116.177.173.185 port 51816 [preauth]
Oct 13 19:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 13 19:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Failed password for root from 116.177.173.185 port 54314 ssh2
Oct 13 19:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Connection closed by 116.177.173.185 port 54314 [preauth]
Oct 13 19:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: Invalid user testuser from 116.177.173.185
Oct 13 19:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: input_userauth_request: invalid user testuser [preauth]
Oct 13 19:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: Failed password for invalid user testuser from 116.177.173.185 port 56608 ssh2
Oct 13 19:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: Connection closed by 116.177.173.185 port 56608 [preauth]
Oct 13 19:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Invalid user moxa from 116.177.173.185
Oct 13 19:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: input_userauth_request: invalid user moxa [preauth]
Oct 13 19:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Failed password for invalid user moxa from 116.177.173.185 port 58542 ssh2
Oct 13 19:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Connection closed by 116.177.173.185 port 58542 [preauth]
Oct 13 19:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17521]: Invalid user pi from 116.177.173.185
Oct 13 19:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17521]: input_userauth_request: invalid user pi [preauth]
Oct 13 19:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17521]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17521]: Failed password for invalid user pi from 116.177.173.185 port 60900 ssh2
Oct 13 19:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17521]: Connection closed by 116.177.173.185 port 60900 [preauth]
Oct 13 19:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17523]: Invalid user fa from 116.177.173.185
Oct 13 19:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17523]: input_userauth_request: invalid user fa [preauth]
Oct 13 19:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17523]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17523]: Failed password for invalid user fa from 116.177.173.185 port 34842 ssh2
Oct 13 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16154]: pam_unix(cron:session): session closed for user root
Oct 13 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17523]: Connection closed by 116.177.173.185 port 34842 [preauth]
Oct 13 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: Invalid user test from 116.177.173.185
Oct 13 19:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: input_userauth_request: invalid user test [preauth]
Oct 13 19:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: Failed password for invalid user test from 116.177.173.185 port 37554 ssh2
Oct 13 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: Connection closed by 116.177.173.185 port 37554 [preauth]
Oct 13 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: Invalid user deploy from 116.177.173.185
Oct 13 19:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: input_userauth_request: invalid user deploy [preauth]
Oct 13 19:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: Failed password for invalid user deploy from 116.177.173.185 port 39552 ssh2
Oct 13 19:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: Connection closed by 116.177.173.185 port 39552 [preauth]
Oct 13 19:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: Invalid user postgres from 116.177.173.185
Oct 13 19:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: input_userauth_request: invalid user postgres [preauth]
Oct 13 19:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: Failed password for invalid user postgres from 116.177.173.185 port 41876 ssh2
Oct 13 19:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: Connection closed by 116.177.173.185 port 41876 [preauth]
Oct 13 19:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Invalid user elastic from 116.177.173.185
Oct 13 19:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: input_userauth_request: invalid user elastic [preauth]
Oct 13 19:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Failed password for invalid user elastic from 116.177.173.185 port 44074 ssh2
Oct 13 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Connection closed by 116.177.173.185 port 44074 [preauth]
Oct 13 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 13 19:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Failed password for root from 116.177.173.185 port 46398 ssh2
Oct 13 19:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Connection closed by 116.177.173.185 port 46398 [preauth]
Oct 13 19:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 13 19:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: Failed password for root from 116.177.173.185 port 48784 ssh2
Oct 13 19:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: Connection closed by 116.177.173.185 port 48784 [preauth]
Oct 13 19:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 13 19:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17627]: Failed password for root from 116.177.173.185 port 50908 ssh2
Oct 13 19:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17627]: Connection closed by 116.177.173.185 port 50908 [preauth]
Oct 13 19:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17646]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17647]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17643]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17639]: Invalid user openvpn from 116.177.173.185
Oct 13 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17639]: input_userauth_request: invalid user openvpn [preauth]
Oct 13 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17639]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: Successful su for rubyman by root
Oct 13 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: + ??? root:rubyman
Oct 13 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406674 of user rubyman.
Oct 13 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406674.
Oct 13 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17639]: Failed password for invalid user openvpn from 116.177.173.185 port 53140 ssh2
Oct 13 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17639]: Connection closed by 116.177.173.185 port 53140 [preauth]
Oct 13 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17876]: Invalid user vyos from 116.177.173.185
Oct 13 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17876]: input_userauth_request: invalid user vyos [preauth]
Oct 13 19:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17876]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17876]: Failed password for invalid user vyos from 116.177.173.185 port 55482 ssh2
Oct 13 19:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17876]: Connection closed by 116.177.173.185 port 55482 [preauth]
Oct 13 19:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Invalid user testuser from 116.177.173.185
Oct 13 19:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: input_userauth_request: invalid user testuser [preauth]
Oct 13 19:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14642]: pam_unix(cron:session): session closed for user root
Oct 13 19:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Failed password for invalid user testuser from 116.177.173.185 port 57902 ssh2
Oct 13 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Connection closed by 116.177.173.185 port 57902 [preauth]
Oct 13 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: Invalid user guest from 116.177.173.185
Oct 13 19:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: input_userauth_request: invalid user guest [preauth]
Oct 13 19:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: Failed password for invalid user guest from 116.177.173.185 port 60008 ssh2
Oct 13 19:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: Connection closed by 116.177.173.185 port 60008 [preauth]
Oct 13 19:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17645]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: Invalid user steam from 116.177.173.185
Oct 13 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: input_userauth_request: invalid user steam [preauth]
Oct 13 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: Failed password for invalid user steam from 116.177.173.185 port 34386 ssh2
Oct 13 19:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: Connection closed by 116.177.173.185 port 34386 [preauth]
Oct 13 19:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: Invalid user ubuntu from 116.177.173.185
Oct 13 19:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 19:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: Failed password for invalid user ubuntu from 116.177.173.185 port 36482 ssh2
Oct 13 19:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: Connection closed by 116.177.173.185 port 36482 [preauth]
Oct 13 19:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: Invalid user linaro from 116.177.173.185
Oct 13 19:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: input_userauth_request: invalid user linaro [preauth]
Oct 13 19:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: Failed password for invalid user linaro from 116.177.173.185 port 38672 ssh2
Oct 13 19:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: Connection closed by 116.177.173.185 port 38672 [preauth]
Oct 13 19:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: User mysql from 116.177.173.185 not allowed because not listed in AllowUsers
Oct 13 19:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: input_userauth_request: invalid user mysql [preauth]
Oct 13 19:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=mysql
Oct 13 19:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: Failed password for invalid user mysql from 116.177.173.185 port 40886 ssh2
Oct 13 19:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: Connection closed by 116.177.173.185 port 40886 [preauth]
Oct 13 19:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18123]: Invalid user hadoop from 116.177.173.185
Oct 13 19:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18123]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 19:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18123]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18123]: Failed password for invalid user hadoop from 116.177.173.185 port 42958 ssh2
Oct 13 19:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18123]: Connection closed by 116.177.173.185 port 42958 [preauth]
Oct 13 19:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18244]: Invalid user vpn from 116.177.173.185
Oct 13 19:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18244]: input_userauth_request: invalid user vpn [preauth]
Oct 13 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18244]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18244]: Failed password for invalid user vpn from 116.177.173.185 port 45230 ssh2
Oct 13 19:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18244]: Connection closed by 116.177.173.185 port 45230 [preauth]
Oct 13 19:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 13 19:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16634]: pam_unix(cron:session): session closed for user root
Oct 13 19:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: Failed password for root from 116.177.173.185 port 47408 ssh2
Oct 13 19:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: Connection closed by 116.177.173.185 port 47408 [preauth]
Oct 13 19:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18282]: Invalid user admin from 116.177.173.185
Oct 13 19:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18282]: input_userauth_request: invalid user admin [preauth]
Oct 13 19:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18282]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 13 19:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18282]: Failed password for invalid user admin from 116.177.173.185 port 49866 ssh2
Oct 13 19:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18282]: Connection closed by 116.177.173.185 port 49866 [preauth]
Oct 13 19:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 13 19:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18296]: Failed password for root from 116.177.173.185 port 52038 ssh2
Oct 13 19:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18296]: Connection closed by 116.177.173.185 port 52038 [preauth]
Oct 13 19:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 13 19:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: Failed password for root from 116.177.173.185 port 54482 ssh2
Oct 13 19:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: Connection closed by 116.177.173.185 port 54482 [preauth]
Oct 13 19:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: Failed password for root from 193.32.162.157 port 33538 ssh2
Oct 13 19:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: Connection closed by 193.32.162.157 port 33538 [preauth]
Oct 13 19:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18468]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18463]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18465]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18464]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18468]: pam_unix(cron:session): session closed for user root
Oct 13 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18461]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18554]: Successful su for rubyman by root
Oct 13 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18554]: + ??? root:rubyman
Oct 13 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406678 of user rubyman.
Oct 13 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18554]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406678.
Oct 13 19:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18463]: pam_unix(cron:session): session closed for user root
Oct 13 19:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15199]: pam_unix(cron:session): session closed for user root
Oct 13 19:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18446]: Failed password for root from 193.32.162.157 port 42690 ssh2
Oct 13 19:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18446]: Connection closed by 193.32.162.157 port 42690 [preauth]
Oct 13 19:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18462]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18805]: Failed password for root from 193.32.162.157 port 35562 ssh2
Oct 13 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18805]: Connection closed by 193.32.162.157 port 35562 [preauth]
Oct 13 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17144]: pam_unix(cron:session): session closed for user root
Oct 13 19:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18898]: Failed password for root from 193.32.162.157 port 56350 ssh2
Oct 13 19:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18898]: Connection closed by 193.32.162.157 port 56350 [preauth]
Oct 13 19:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19110]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19107]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19105]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19204]: Successful su for rubyman by root
Oct 13 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19204]: + ??? root:rubyman
Oct 13 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406685 of user rubyman.
Oct 13 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19204]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406685.
Oct 13 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19088]: Failed password for root from 193.32.162.157 port 60816 ssh2
Oct 13 19:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15665]: pam_unix(cron:session): session closed for user root
Oct 13 19:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19088]: Connection closed by 193.32.162.157 port 60816 [preauth]
Oct 13 19:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19106]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 13 19:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19612]: Failed password for root from 193.32.162.157 port 36242 ssh2
Oct 13 19:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: Failed password for root from 190.103.202.7 port 45462 ssh2
Oct 13 19:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: Connection closed by 190.103.202.7 port 45462 [preauth]
Oct 13 19:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19612]: Connection closed by 193.32.162.157 port 36242 [preauth]
Oct 13 19:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17647]: pam_unix(cron:session): session closed for user root
Oct 13 19:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19816]: Failed password for root from 193.32.162.157 port 43360 ssh2
Oct 13 19:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19816]: Connection closed by 193.32.162.157 port 43360 [preauth]
Oct 13 19:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19951]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19950]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19948]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19948]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20032]: Successful su for rubyman by root
Oct 13 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20032]: + ??? root:rubyman
Oct 13 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406688 of user rubyman.
Oct 13 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20032]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406688.
Oct 13 19:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19916]: Failed password for root from 193.32.162.157 port 54074 ssh2
Oct 13 19:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19916]: Connection closed by 193.32.162.157 port 54074 [preauth]
Oct 13 19:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16153]: pam_unix(cron:session): session closed for user root
Oct 13 19:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19949]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: Invalid user zhangxu from 164.68.105.9
Oct 13 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: input_userauth_request: invalid user zhangxu [preauth]
Oct 13 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 19:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: Failed password for invalid user zhangxu from 164.68.105.9 port 55852 ssh2
Oct 13 19:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: Connection closed by 164.68.105.9 port 55852 [preauth]
Oct 13 19:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: Failed password for root from 193.32.162.157 port 38434 ssh2
Oct 13 19:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: Connection closed by 193.32.162.157 port 38434 [preauth]
Oct 13 19:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18465]: pam_unix(cron:session): session closed for user root
Oct 13 19:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20344]: Failed password for root from 193.32.162.157 port 51730 ssh2
Oct 13 19:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20344]: Connection closed by 193.32.162.157 port 51730 [preauth]
Oct 13 19:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20481]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20482]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20476]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20554]: Successful su for rubyman by root
Oct 13 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20554]: + ??? root:rubyman
Oct 13 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406693 of user rubyman.
Oct 13 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20554]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406693.
Oct 13 19:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20430]: Failed password for root from 193.32.162.157 port 59362 ssh2
Oct 13 19:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20430]: Connection closed by 193.32.162.157 port 59362 [preauth]
Oct 13 19:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16633]: pam_unix(cron:session): session closed for user root
Oct 13 19:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20480]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20698]: Failed password for root from 193.32.162.157 port 58750 ssh2
Oct 13 19:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20698]: Connection closed by 193.32.162.157 port 58750 [preauth]
Oct 13 19:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19110]: pam_unix(cron:session): session closed for user root
Oct 13 19:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: Failed password for root from 193.32.162.157 port 40896 ssh2
Oct 13 19:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: Connection closed by 193.32.162.157 port 40896 [preauth]
Oct 13 19:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: Failed password for root from 193.32.162.157 port 38892 ssh2
Oct 13 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20957]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20955]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20953]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21025]: Successful su for rubyman by root
Oct 13 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21025]: + ??? root:rubyman
Oct 13 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406696 of user rubyman.
Oct 13 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21025]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406696.
Oct 13 19:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20901]: Connection closed by 193.32.162.157 port 38892 [preauth]
Oct 13 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: Connection closed by 167.94.145.109 port 54612 [preauth]
Oct 13 19:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17143]: pam_unix(cron:session): session closed for user root
Oct 13 19:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20954]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: Failed password for root from 193.32.162.157 port 59330 ssh2
Oct 13 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: Connection closed by 193.32.162.157 port 59330 [preauth]
Oct 13 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19951]: pam_unix(cron:session): session closed for user root
Oct 13 19:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: Failed password for root from 193.32.162.157 port 38576 ssh2
Oct 13 19:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: Connection closed by 193.32.162.157 port 38576 [preauth]
Oct 13 19:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: Failed password for root from 193.32.162.157 port 57274 ssh2
Oct 13 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21487]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21489]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21488]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21486]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21489]: pam_unix(cron:session): session closed for user root
Oct 13 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21484]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21413]: Connection closed by 193.32.162.157 port 57274 [preauth]
Oct 13 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21566]: Successful su for rubyman by root
Oct 13 19:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21566]: + ??? root:rubyman
Oct 13 19:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406700 of user rubyman.
Oct 13 19:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21566]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406700.
Oct 13 19:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21486]: pam_unix(cron:session): session closed for user root
Oct 13 19:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17646]: pam_unix(cron:session): session closed for user root
Oct 13 19:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: Failed password for root from 193.32.162.157 port 54418 ssh2
Oct 13 19:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21485]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21553]: Connection closed by 193.32.162.157 port 54418 [preauth]
Oct 13 19:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: Failed password for root from 193.32.162.157 port 46696 ssh2
Oct 13 19:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20482]: pam_unix(cron:session): session closed for user root
Oct 13 19:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: Connection closed by 193.32.162.157 port 46696 [preauth]
Oct 13 19:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21927]: Failed password for root from 193.32.162.157 port 32968 ssh2
Oct 13 19:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21927]: Connection closed by 193.32.162.157 port 32968 [preauth]
Oct 13 19:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21993]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21994]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21991]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22073]: Successful su for rubyman by root
Oct 13 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22073]: + ??? root:rubyman
Oct 13 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406706 of user rubyman.
Oct 13 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22073]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406706.
Oct 13 19:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18464]: pam_unix(cron:session): session closed for user root
Oct 13 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21992]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21986]: Failed password for root from 193.32.162.157 port 57790 ssh2
Oct 13 19:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.160.96  user=root
Oct 13 19:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21986]: Connection closed by 193.32.162.157 port 57790 [preauth]
Oct 13 19:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22348]: Failed password for root from 94.177.160.96 port 53352 ssh2
Oct 13 19:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22348]: Connection closed by 94.177.160.96 port 53352 [preauth]
Oct 13 19:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: Failed password for root from 193.32.162.157 port 56188 ssh2
Oct 13 19:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22366]: Connection closed by 193.32.162.157 port 56188 [preauth]
Oct 13 19:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20957]: pam_unix(cron:session): session closed for user root
Oct 13 19:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: Failed password for root from 193.32.162.157 port 50486 ssh2
Oct 13 19:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: Connection closed by 193.32.162.157 port 50486 [preauth]
Oct 13 19:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22507]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22506]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22504]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=havanazz@mediuscorp.com@198.199.94.12 rhost=::ffff:79.124.49.146
Oct 13 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22584]: Successful su for rubyman by root
Oct 13 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22584]: + ??? root:rubyman
Oct 13 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22584]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406711 of user rubyman.
Oct 13 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22584]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406711.
Oct 13 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 13 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=havanazz@mediuscorp.com rhost=::ffff:79.124.49.146
Oct 13 19:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19107]: pam_unix(cron:session): session closed for user root
Oct 13 19:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22492]: Failed password for root from 193.32.162.157 port 58150 ssh2
Oct 13 19:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22505]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22492]: Connection closed by 193.32.162.157 port 58150 [preauth]
Oct 13 19:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: Failed password for root from 193.32.162.157 port 41364 ssh2
Oct 13 19:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23194]: Connection closed by 193.32.162.157 port 41364 [preauth]
Oct 13 19:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21488]: pam_unix(cron:session): session closed for user root
Oct 13 19:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: Failed password for root from 193.32.162.157 port 46906 ssh2
Oct 13 19:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: Connection closed by 193.32.162.157 port 46906 [preauth]
Oct 13 19:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23503]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23502]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23496]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23780]: Successful su for rubyman by root
Oct 13 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23780]: + ??? root:rubyman
Oct 13 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406714 of user rubyman.
Oct 13 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23780]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406714.
Oct 13 19:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19950]: pam_unix(cron:session): session closed for user root
Oct 13 19:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Failed password for root from 193.32.162.157 port 57792 ssh2
Oct 13 19:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Connection closed by 193.32.162.157 port 57792 [preauth]
Oct 13 19:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23498]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24008]: Failed password for root from 193.32.162.157 port 35372 ssh2
Oct 13 19:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24008]: Connection closed by 193.32.162.157 port 35372 [preauth]
Oct 13 19:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21994]: pam_unix(cron:session): session closed for user root
Oct 13 19:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: Failed password for root from 193.32.162.157 port 51208 ssh2
Oct 13 19:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24104]: Connection closed by 193.32.162.157 port 51208 [preauth]
Oct 13 19:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24226]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24228]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24224]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24305]: Successful su for rubyman by root
Oct 13 19:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24305]: + ??? root:rubyman
Oct 13 19:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406721 of user rubyman.
Oct 13 19:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24305]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406721.
Oct 13 19:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: Failed password for root from 193.32.162.157 port 43740 ssh2
Oct 13 19:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20481]: pam_unix(cron:session): session closed for user root
Oct 13 19:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: Connection closed by 193.32.162.157 port 43740 [preauth]
Oct 13 19:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Invalid user zhangxu from 164.68.105.9
Oct 13 19:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: input_userauth_request: invalid user zhangxu [preauth]
Oct 13 19:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 19:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Failed password for invalid user zhangxu from 164.68.105.9 port 60986 ssh2
Oct 13 19:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Connection closed by 164.68.105.9 port 60986 [preauth]
Oct 13 19:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24225]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 13 19:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24521]: Failed password for root from 193.32.162.157 port 53598 ssh2
Oct 13 19:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24521]: Connection closed by 193.32.162.157 port 53598 [preauth]
Oct 13 19:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22507]: pam_unix(cron:session): session closed for user root
Oct 13 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24746]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24744]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24743]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24745]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24746]: pam_unix(cron:session): session closed for user root
Oct 13 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24741]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24826]: Successful su for rubyman by root
Oct 13 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24826]: + ??? root:rubyman
Oct 13 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406726 of user rubyman.
Oct 13 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24826]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406726.
Oct 13 19:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24743]: pam_unix(cron:session): session closed for user root
Oct 13 19:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20955]: pam_unix(cron:session): session closed for user root
Oct 13 19:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24742]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23503]: pam_unix(cron:session): session closed for user root
Oct 13 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25302]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25304]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25298]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25583]: Successful su for rubyman by root
Oct 13 19:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25583]: + ??? root:rubyman
Oct 13 19:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406730 of user rubyman.
Oct 13 19:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25583]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406730.
Oct 13 19:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21487]: pam_unix(cron:session): session closed for user root
Oct 13 19:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25299]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 19:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: Failed password for root from 80.211.129.128 port 43548 ssh2
Oct 13 19:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: Connection closed by 80.211.129.128 port 43548 [preauth]
Oct 13 19:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24228]: pam_unix(cron:session): session closed for user root
Oct 13 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26067]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26066]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26064]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26135]: Successful su for rubyman by root
Oct 13 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26135]: + ??? root:rubyman
Oct 13 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26135]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406733 of user rubyman.
Oct 13 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26135]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406733.
Oct 13 19:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21993]: pam_unix(cron:session): session closed for user root
Oct 13 19:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26065]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24745]: pam_unix(cron:session): session closed for user root
Oct 13 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26630]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26631]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26627]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26714]: Successful su for rubyman by root
Oct 13 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26714]: + ??? root:rubyman
Oct 13 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406736 of user rubyman.
Oct 13 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26714]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406736.
Oct 13 19:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22506]: pam_unix(cron:session): session closed for user root
Oct 13 19:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.182.86.152  user=root
Oct 13 19:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: Failed password for root from 194.182.86.152 port 37116 ssh2
Oct 13 19:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: Connection closed by 194.182.86.152 port 37116 [preauth]
Oct 13 19:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26628]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25304]: pam_unix(cron:session): session closed for user root
Oct 13 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27324]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27325]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27320]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27406]: Successful su for rubyman by root
Oct 13 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27406]: + ??? root:rubyman
Oct 13 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406742 of user rubyman.
Oct 13 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27406]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406742.
Oct 13 19:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23502]: pam_unix(cron:session): session closed for user root
Oct 13 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27322]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27964]: Invalid user  from 62.60.131.157
Oct 13 19:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27964]: input_userauth_request: invalid user  [preauth]
Oct 13 19:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27964]: Failed none for invalid user  from 62.60.131.157 port 61353 ssh2
Oct 13 19:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27964]: Received disconnect from 62.60.131.157 port 61353:11: Bye [preauth]
Oct 13 19:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27964]: Disconnected from 62.60.131.157 port 61353 [preauth]
Oct 13 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26067]: pam_unix(cron:session): session closed for user root
Oct 13 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28100]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28096]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28097]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28098]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28092]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28100]: pam_unix(cron:session): session closed for user root
Oct 13 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28092]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28193]: Successful su for rubyman by root
Oct 13 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28193]: + ??? root:rubyman
Oct 13 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406744 of user rubyman.
Oct 13 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28193]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406744.
Oct 13 19:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28096]: pam_unix(cron:session): session closed for user root
Oct 13 19:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24226]: pam_unix(cron:session): session closed for user root
Oct 13 19:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28094]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26631]: pam_unix(cron:session): session closed for user root
Oct 13 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28859]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28858]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28855]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29024]: Successful su for rubyman by root
Oct 13 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29024]: + ??? root:rubyman
Oct 13 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406750 of user rubyman.
Oct 13 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29024]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406750.
Oct 13 19:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: Invalid user nxuser from 20.163.71.109
Oct 13 19:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: input_userauth_request: invalid user nxuser [preauth]
Oct 13 19:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 13 19:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: Failed password for invalid user nxuser from 20.163.71.109 port 40396 ssh2
Oct 13 19:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: Connection closed by 20.163.71.109 port 40396 [preauth]
Oct 13 19:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24744]: pam_unix(cron:session): session closed for user root
Oct 13 19:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28857]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27325]: pam_unix(cron:session): session closed for user root
Oct 13 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29481]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29484]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29478]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29553]: Successful su for rubyman by root
Oct 13 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29553]: + ??? root:rubyman
Oct 13 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406755 of user rubyman.
Oct 13 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29553]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406755.
Oct 13 19:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25302]: pam_unix(cron:session): session closed for user root
Oct 13 19:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29479]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28098]: pam_unix(cron:session): session closed for user root
Oct 13 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29982]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29983]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29979]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30060]: Successful su for rubyman by root
Oct 13 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30060]: + ??? root:rubyman
Oct 13 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406759 of user rubyman.
Oct 13 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30060]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406759.
Oct 13 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26066]: pam_unix(cron:session): session closed for user root
Oct 13 19:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29981]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: Did not receive identification string from 138.68.190.216
Oct 13 19:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28859]: pam_unix(cron:session): session closed for user root
Oct 13 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30595]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30596]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30590]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30592]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30773]: Successful su for rubyman by root
Oct 13 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30773]: + ??? root:rubyman
Oct 13 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30773]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406764 of user rubyman.
Oct 13 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30773]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406764.
Oct 13 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30590]: pam_unix(cron:session): session closed for user root
Oct 13 19:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26630]: pam_unix(cron:session): session closed for user root
Oct 13 19:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30594]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29484]: pam_unix(cron:session): session closed for user root
Oct 13 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31184]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31183]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31185]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31182]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31185]: pam_unix(cron:session): session closed for user root
Oct 13 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31180]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31266]: Successful su for rubyman by root
Oct 13 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31266]: + ??? root:rubyman
Oct 13 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406769 of user rubyman.
Oct 13 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31266]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406769.
Oct 13 19:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31182]: pam_unix(cron:session): session closed for user root
Oct 13 19:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27324]: pam_unix(cron:session): session closed for user root
Oct 13 19:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31181]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29983]: pam_unix(cron:session): session closed for user root
Oct 13 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31835]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31834]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31831]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31908]: Successful su for rubyman by root
Oct 13 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31908]: + ??? root:rubyman
Oct 13 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406773 of user rubyman.
Oct 13 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31908]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406773.
Oct 13 19:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28097]: pam_unix(cron:session): session closed for user root
Oct 13 19:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31832]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32292]: Invalid user front from 41.203.213.8
Oct 13 19:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32292]: input_userauth_request: invalid user front [preauth]
Oct 13 19:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32292]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 19:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32292]: Failed password for invalid user front from 41.203.213.8 port 60506 ssh2
Oct 13 19:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32292]: Received disconnect from 41.203.213.8 port 60506:11: Bye Bye [preauth]
Oct 13 19:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32292]: Disconnected from 41.203.213.8 port 60506 [preauth]
Oct 13 19:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30596]: pam_unix(cron:session): session closed for user root
Oct 13 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32389]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32390]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32387]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32387]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32458]: Successful su for rubyman by root
Oct 13 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32458]: + ??? root:rubyman
Oct 13 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406777 of user rubyman.
Oct 13 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32458]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406777.
Oct 13 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28858]: pam_unix(cron:session): session closed for user root
Oct 13 19:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32388]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31184]: pam_unix(cron:session): session closed for user root
Oct 13 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[390]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[387]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[385]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[475]: Successful su for rubyman by root
Oct 13 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[475]: + ??? root:rubyman
Oct 13 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[475]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406781 of user rubyman.
Oct 13 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[475]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406781.
Oct 13 19:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29481]: pam_unix(cron:session): session closed for user root
Oct 13 19:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[386]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31835]: pam_unix(cron:session): session closed for user root
Oct 13 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[907]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[906]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[902]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1031]: Successful su for rubyman by root
Oct 13 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1031]: + ??? root:rubyman
Oct 13 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406786 of user rubyman.
Oct 13 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1031]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406786.
Oct 13 19:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29982]: pam_unix(cron:session): session closed for user root
Oct 13 19:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[905]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32390]: pam_unix(cron:session): session closed for user root
Oct 13 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1461]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1462]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1460]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1458]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1462]: pam_unix(cron:session): session closed for user root
Oct 13 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1441]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: Invalid user liam from 41.203.213.8
Oct 13 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: input_userauth_request: invalid user liam [preauth]
Oct 13 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1538]: Successful su for rubyman by root
Oct 13 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1538]: + ??? root:rubyman
Oct 13 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406789 of user rubyman.
Oct 13 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1538]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406789.
Oct 13 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: Failed password for invalid user liam from 41.203.213.8 port 59460 ssh2
Oct 13 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: Received disconnect from 41.203.213.8 port 59460:11: Bye Bye [preauth]
Oct 13 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: Disconnected from 41.203.213.8 port 59460 [preauth]
Oct 13 19:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1458]: pam_unix(cron:session): session closed for user root
Oct 13 19:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30595]: pam_unix(cron:session): session closed for user root
Oct 13 19:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1456]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[390]: pam_unix(cron:session): session closed for user root
Oct 13 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2067]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2070]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2065]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2147]: Successful su for rubyman by root
Oct 13 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2147]: + ??? root:rubyman
Oct 13 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406796 of user rubyman.
Oct 13 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2147]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406796.
Oct 13 19:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31183]: pam_unix(cron:session): session closed for user root
Oct 13 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2066]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[907]: pam_unix(cron:session): session closed for user root
Oct 13 19:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: Invalid user server from 41.203.213.8
Oct 13 19:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: input_userauth_request: invalid user server [preauth]
Oct 13 19:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 19:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: Failed password for invalid user server from 41.203.213.8 port 38244 ssh2
Oct 13 19:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: Received disconnect from 41.203.213.8 port 38244:11: Bye Bye [preauth]
Oct 13 19:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: Disconnected from 41.203.213.8 port 38244 [preauth]
Oct 13 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2544]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2545]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2543]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2542]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2542]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2610]: Successful su for rubyman by root
Oct 13 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2610]: + ??? root:rubyman
Oct 13 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406802 of user rubyman.
Oct 13 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2610]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406802.
Oct 13 19:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31834]: pam_unix(cron:session): session closed for user root
Oct 13 19:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2543]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1461]: pam_unix(cron:session): session closed for user root
Oct 13 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2989]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2988]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2987]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2986]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2986]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3060]: Successful su for rubyman by root
Oct 13 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3060]: + ??? root:rubyman
Oct 13 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406803 of user rubyman.
Oct 13 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3060]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406803.
Oct 13 19:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32389]: pam_unix(cron:session): session closed for user root
Oct 13 19:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2987]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2070]: pam_unix(cron:session): session closed for user root
Oct 13 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: Invalid user redmine from 41.203.213.8
Oct 13 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: input_userauth_request: invalid user redmine [preauth]
Oct 13 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 19:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: Failed password for invalid user redmine from 41.203.213.8 port 49416 ssh2
Oct 13 19:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: Received disconnect from 41.203.213.8 port 49416:11: Bye Bye [preauth]
Oct 13 19:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3355]: Disconnected from 41.203.213.8 port 49416 [preauth]
Oct 13 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3440]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3439]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3435]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3508]: Successful su for rubyman by root
Oct 13 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3508]: + ??? root:rubyman
Oct 13 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406808 of user rubyman.
Oct 13 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3508]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406808.
Oct 13 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[387]: pam_unix(cron:session): session closed for user root
Oct 13 19:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3438]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2545]: pam_unix(cron:session): session closed for user root
Oct 13 19:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: Invalid user validator from 138.68.190.216
Oct 13 19:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: input_userauth_request: invalid user validator [preauth]
Oct 13 19:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.190.216
Oct 13 19:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: Failed password for invalid user validator from 138.68.190.216 port 53384 ssh2
Oct 13 19:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: Connection closed by 138.68.190.216 port 53384 [preauth]
Oct 13 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3901]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3899]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3900]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3898]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3901]: pam_unix(cron:session): session closed for user root
Oct 13 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3895]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 13 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3975]: Successful su for rubyman by root
Oct 13 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3975]: + ??? root:rubyman
Oct 13 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406815 of user rubyman.
Oct 13 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3975]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406815.
Oct 13 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: Failed password for root from 62.60.131.157 port 62185 ssh2
Oct 13 19:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: Failed password for root from 62.60.131.157 port 62185 ssh2
Oct 13 19:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3898]: pam_unix(cron:session): session closed for user root
Oct 13 19:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: Failed password for root from 62.60.131.157 port 62185 ssh2
Oct 13 19:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[906]: pam_unix(cron:session): session closed for user root
Oct 13 19:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: Failed password for root from 62.60.131.157 port 62185 ssh2
Oct 13 19:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Invalid user brs from 103.26.136.173
Oct 13 19:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: input_userauth_request: invalid user brs [preauth]
Oct 13 19:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 19:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: Failed password for root from 62.60.131.157 port 62185 ssh2
Oct 13 19:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Failed password for invalid user brs from 103.26.136.173 port 41624 ssh2
Oct 13 19:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: Received disconnect from 62.60.131.157 port 62185:11: Bye [preauth]
Oct 13 19:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: Disconnected from 62.60.131.157 port 62185 [preauth]
Oct 13 19:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 13 19:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 19:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Received disconnect from 103.26.136.173 port 41624:11: Bye Bye [preauth]
Oct 13 19:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Disconnected from 103.26.136.173 port 41624 [preauth]
Oct 13 19:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8  user=root
Oct 13 19:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: Invalid user admin from 2.57.121.112
Oct 13 19:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: input_userauth_request: invalid user admin [preauth]
Oct 13 19:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 19:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: Failed password for root from 41.203.213.8 port 54286 ssh2
Oct 13 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: Failed password for invalid user admin from 2.57.121.112 port 27428 ssh2
Oct 13 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: Received disconnect from 41.203.213.8 port 54286:11: Bye Bye [preauth]
Oct 13 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: Disconnected from 41.203.213.8 port 54286 [preauth]
Oct 13 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3896]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: Failed password for invalid user admin from 2.57.121.112 port 27428 ssh2
Oct 13 19:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: Failed password for invalid user admin from 2.57.121.112 port 27428 ssh2
Oct 13 19:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: Failed password for invalid user admin from 2.57.121.112 port 27428 ssh2
Oct 13 19:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: Failed password for invalid user admin from 2.57.121.112 port 27428 ssh2
Oct 13 19:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: Received disconnect from 2.57.121.112 port 27428:11: Bye [preauth]
Oct 13 19:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: Disconnected from 2.57.121.112 port 27428 [preauth]
Oct 13 19:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 19:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 19:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2989]: pam_unix(cron:session): session closed for user root
Oct 13 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4450]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4453]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4448]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4523]: Successful su for rubyman by root
Oct 13 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4523]: + ??? root:rubyman
Oct 13 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406817 of user rubyman.
Oct 13 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4523]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406817.
Oct 13 19:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1460]: pam_unix(cron:session): session closed for user root
Oct 13 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4449]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 19:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Failed password for root from 80.211.129.128 port 40210 ssh2
Oct 13 19:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Connection closed by 80.211.129.128 port 40210 [preauth]
Oct 13 19:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3440]: pam_unix(cron:session): session closed for user root
Oct 13 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5174]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5166]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5164]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5519]: Successful su for rubyman by root
Oct 13 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5519]: + ??? root:rubyman
Oct 13 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406821 of user rubyman.
Oct 13 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5519]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406821.
Oct 13 19:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2067]: pam_unix(cron:session): session closed for user root
Oct 13 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: Invalid user camera from 41.203.213.8
Oct 13 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: input_userauth_request: invalid user camera [preauth]
Oct 13 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 19:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: Failed password for invalid user camera from 41.203.213.8 port 36082 ssh2
Oct 13 19:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: Received disconnect from 41.203.213.8 port 36082:11: Bye Bye [preauth]
Oct 13 19:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5701]: Disconnected from 41.203.213.8 port 36082 [preauth]
Oct 13 19:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5165]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 13 19:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: Failed password for root from 103.234.151.178 port 33232 ssh2
Oct 13 19:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: Received disconnect from 103.234.151.178 port 33232:11: Bye Bye [preauth]
Oct 13 19:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: Disconnected from 103.234.151.178 port 33232 [preauth]
Oct 13 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3900]: pam_unix(cron:session): session closed for user root
Oct 13 19:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.145.201.53  user=root
Oct 13 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5937]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5936]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5933]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6012]: Successful su for rubyman by root
Oct 13 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6012]: + ??? root:rubyman
Oct 13 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406825 of user rubyman.
Oct 13 19:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6012]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406825.
Oct 13 19:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Failed password for root from 118.145.201.53 port 41782 ssh2
Oct 13 19:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Received disconnect from 118.145.201.53 port 41782:11: Bye Bye [preauth]
Oct 13 19:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Disconnected from 118.145.201.53 port 41782 [preauth]
Oct 13 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2544]: pam_unix(cron:session): session closed for user root
Oct 13 19:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: Invalid user manasa from 103.26.136.173
Oct 13 19:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: input_userauth_request: invalid user manasa [preauth]
Oct 13 19:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 19:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5934]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: Failed password for invalid user manasa from 103.26.136.173 port 36464 ssh2
Oct 13 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: Received disconnect from 103.26.136.173 port 36464:11: Bye Bye [preauth]
Oct 13 19:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6210]: Disconnected from 103.26.136.173 port 36464 [preauth]
Oct 13 19:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4453]: pam_unix(cron:session): session closed for user root
Oct 13 19:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8  user=root
Oct 13 19:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: Failed password for root from 41.203.213.8 port 33856 ssh2
Oct 13 19:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: Received disconnect from 41.203.213.8 port 33856:11: Bye Bye [preauth]
Oct 13 19:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: Disconnected from 41.203.213.8 port 33856 [preauth]
Oct 13 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6382]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6381]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6379]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6451]: Successful su for rubyman by root
Oct 13 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6451]: + ??? root:rubyman
Oct 13 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406829 of user rubyman.
Oct 13 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6451]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406829.
Oct 13 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2988]: pam_unix(cron:session): session closed for user root
Oct 13 19:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 13 19:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6380]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: Failed password for root from 103.234.151.178 port 4868 ssh2
Oct 13 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: Received disconnect from 103.234.151.178 port 4868:11: Bye Bye [preauth]
Oct 13 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: Disconnected from 103.234.151.178 port 4868 [preauth]
Oct 13 19:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5174]: pam_unix(cron:session): session closed for user root
Oct 13 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6936]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6941]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6938]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6942]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6939]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6937]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6942]: pam_unix(cron:session): session closed for user root
Oct 13 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6936]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7018]: Successful su for rubyman by root
Oct 13 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7018]: + ??? root:rubyman
Oct 13 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406835 of user rubyman.
Oct 13 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7018]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406835.
Oct 13 19:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: Invalid user oracle from 103.26.136.173
Oct 13 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: input_userauth_request: invalid user oracle [preauth]
Oct 13 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: Failed password for invalid user oracle from 103.26.136.173 port 44948 ssh2
Oct 13 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: Received disconnect from 103.26.136.173 port 44948:11: Bye Bye [preauth]
Oct 13 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: Disconnected from 103.26.136.173 port 44948 [preauth]
Oct 13 19:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6938]: pam_unix(cron:session): session closed for user root
Oct 13 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3439]: pam_unix(cron:session): session closed for user root
Oct 13 19:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6937]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: Invalid user elasticsearch from 41.203.213.8
Oct 13 19:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: input_userauth_request: invalid user elasticsearch [preauth]
Oct 13 19:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 19:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: Failed password for invalid user elasticsearch from 41.203.213.8 port 57442 ssh2
Oct 13 19:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: Received disconnect from 41.203.213.8 port 57442:11: Bye Bye [preauth]
Oct 13 19:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7419]: Disconnected from 41.203.213.8 port 57442 [preauth]
Oct 13 19:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5937]: pam_unix(cron:session): session closed for user root
Oct 13 19:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7526]: Invalid user yinshishu from 103.234.151.178
Oct 13 19:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7526]: input_userauth_request: invalid user yinshishu [preauth]
Oct 13 19:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7526]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 19:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7526]: Failed password for invalid user yinshishu from 103.234.151.178 port 37452 ssh2
Oct 13 19:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7526]: Received disconnect from 103.234.151.178 port 37452:11: Bye Bye [preauth]
Oct 13 19:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7526]: Disconnected from 103.234.151.178 port 37452 [preauth]
Oct 13 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7541]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7539]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7537]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7619]: Successful su for rubyman by root
Oct 13 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7619]: + ??? root:rubyman
Oct 13 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406840 of user rubyman.
Oct 13 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7619]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406840.
Oct 13 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3899]: pam_unix(cron:session): session closed for user root
Oct 13 19:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7538]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: Invalid user ps from 138.68.190.216
Oct 13 19:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: input_userauth_request: invalid user ps [preauth]
Oct 13 19:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.190.216
Oct 13 19:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: Failed password for invalid user ps from 138.68.190.216 port 35918 ssh2
Oct 13 19:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: Connection closed by 138.68.190.216 port 35918 [preauth]
Oct 13 19:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6382]: pam_unix(cron:session): session closed for user root
Oct 13 19:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8409]: Invalid user shellinabox from 103.26.136.173
Oct 13 19:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8409]: input_userauth_request: invalid user shellinabox [preauth]
Oct 13 19:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8409]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 19:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8409]: Failed password for invalid user shellinabox from 103.26.136.173 port 53418 ssh2
Oct 13 19:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8409]: Received disconnect from 103.26.136.173 port 53418:11: Bye Bye [preauth]
Oct 13 19:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8409]: Disconnected from 103.26.136.173 port 53418 [preauth]
Oct 13 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8457]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8458]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8455]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8533]: Successful su for rubyman by root
Oct 13 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8533]: + ??? root:rubyman
Oct 13 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406844 of user rubyman.
Oct 13 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8533]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406844.
Oct 13 19:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: User bin from 41.203.213.8 not allowed because not listed in AllowUsers
Oct 13 19:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: input_userauth_request: invalid user bin [preauth]
Oct 13 19:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8  user=bin
Oct 13 19:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: Failed password for invalid user bin from 41.203.213.8 port 53222 ssh2
Oct 13 19:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: Received disconnect from 41.203.213.8 port 53222:11: Bye Bye [preauth]
Oct 13 19:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8531]: Disconnected from 41.203.213.8 port 53222 [preauth]
Oct 13 19:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4450]: pam_unix(cron:session): session closed for user root
Oct 13 19:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8456]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: Invalid user tester from 103.234.151.178
Oct 13 19:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: input_userauth_request: invalid user tester [preauth]
Oct 13 19:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 19:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: Failed password for invalid user tester from 103.234.151.178 port 6496 ssh2
Oct 13 19:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: Received disconnect from 103.234.151.178 port 6496:11: Bye Bye [preauth]
Oct 13 19:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: Disconnected from 103.234.151.178 port 6496 [preauth]
Oct 13 19:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6941]: pam_unix(cron:session): session closed for user root
Oct 13 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9050]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9051]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9048]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9047]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9047]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9119]: Successful su for rubyman by root
Oct 13 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9119]: + ??? root:rubyman
Oct 13 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406848 of user rubyman.
Oct 13 19:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9119]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406848.
Oct 13 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5166]: pam_unix(cron:session): session closed for user root
Oct 13 19:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9048]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173  user=root
Oct 13 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Failed password for root from 103.26.136.173 port 33666 ssh2
Oct 13 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Received disconnect from 103.26.136.173 port 33666:11: Bye Bye [preauth]
Oct 13 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Disconnected from 103.26.136.173 port 33666 [preauth]
Oct 13 19:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7541]: pam_unix(cron:session): session closed for user root
Oct 13 19:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: Invalid user kdm from 41.203.213.8
Oct 13 19:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: input_userauth_request: invalid user kdm [preauth]
Oct 13 19:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 19:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: Failed password for invalid user kdm from 41.203.213.8 port 58338 ssh2
Oct 13 19:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: Received disconnect from 41.203.213.8 port 58338:11: Bye Bye [preauth]
Oct 13 19:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: Disconnected from 41.203.213.8 port 58338 [preauth]
Oct 13 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9692]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9698]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9709]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9692]: pam_unix(cron:session): session closed for user p13x
Oct 13 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9862]: Successful su for rubyman by root
Oct 13 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9862]: + ??? root:rubyman
Oct 13 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406854 of user rubyman.
Oct 13 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9862]: pam_unix(su:session): session closed for user rubyman
Oct 13 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406854.
Oct 13 19:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5936]: pam_unix(cron:session): session closed for user root
Oct 13 19:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9697]: pam_unix(cron:session): session closed for user samftp
Oct 13 19:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8458]: pam_unix(cron:session): session closed for user root
Oct 13 19:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10252]: Invalid user brs from 103.234.151.178
Oct 13 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10252]: input_userauth_request: invalid user brs [preauth]
Oct 13 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10252]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10252]: Failed password for invalid user brs from 103.234.151.178 port 39108 ssh2
Oct 13 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10252]: Received disconnect from 103.234.151.178 port 39108:11: Bye Bye [preauth]
Oct 13 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10252]: Disconnected from 103.234.151.178 port 39108 [preauth]
Oct 13 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10270]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10269]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10271]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10274]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10268]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10274]: pam_unix(cron:session): session closed for user root
Oct 13 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10268]: pam_unix(cron:session): session closed for user root
Oct 13 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10264]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[10406]: Successful su for rubyman by root
Oct 13 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[10406]: + ??? root:rubyman
Oct 13 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[10406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406860 of user rubyman.
Oct 13 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[10406]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406860.
Oct 13 20:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: Invalid user admin from 20.163.71.109
Oct 13 20:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: input_userauth_request: invalid user admin [preauth]
Oct 13 20:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 13 20:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6381]: pam_unix(cron:session): session closed for user root
Oct 13 20:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10269]: pam_unix(cron:session): session closed for user root
Oct 13 20:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: Failed password for invalid user admin from 20.163.71.109 port 48620 ssh2
Oct 13 20:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: Connection closed by 20.163.71.109 port 48620 [preauth]
Oct 13 20:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10641]: Invalid user daniele from 103.26.136.173
Oct 13 20:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10641]: input_userauth_request: invalid user daniele [preauth]
Oct 13 20:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10641]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10641]: Failed password for invalid user daniele from 103.26.136.173 port 42140 ssh2
Oct 13 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10641]: Received disconnect from 103.26.136.173 port 42140:11: Bye Bye [preauth]
Oct 13 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10641]: Disconnected from 103.26.136.173 port 42140 [preauth]
Oct 13 20:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10266]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8  user=root
Oct 13 20:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10712]: Failed password for root from 41.203.213.8 port 38338 ssh2
Oct 13 20:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10712]: Received disconnect from 41.203.213.8 port 38338:11: Bye Bye [preauth]
Oct 13 20:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10712]: Disconnected from 41.203.213.8 port 38338 [preauth]
Oct 13 20:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9051]: pam_unix(cron:session): session closed for user root
Oct 13 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10864]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10863]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10862]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10865]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10862]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10946]: Successful su for rubyman by root
Oct 13 20:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10946]: + ??? root:rubyman
Oct 13 20:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406862 of user rubyman.
Oct 13 20:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10946]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406862.
Oct 13 20:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6939]: pam_unix(cron:session): session closed for user root
Oct 13 20:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10863]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 13 20:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11224]: Failed password for root from 103.234.151.178 port 8124 ssh2
Oct 13 20:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11224]: Received disconnect from 103.234.151.178 port 8124:11: Bye Bye [preauth]
Oct 13 20:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11224]: Disconnected from 103.234.151.178 port 8124 [preauth]
Oct 13 20:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9709]: pam_unix(cron:session): session closed for user root
Oct 13 20:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: Invalid user nikola from 103.26.136.173
Oct 13 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: input_userauth_request: invalid user nikola [preauth]
Oct 13 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: Failed password for invalid user nikola from 103.26.136.173 port 50608 ssh2
Oct 13 20:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: Received disconnect from 103.26.136.173 port 50608:11: Bye Bye [preauth]
Oct 13 20:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11317]: Disconnected from 103.26.136.173 port 50608 [preauth]
Oct 13 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11334]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11333]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11330]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11401]: Successful su for rubyman by root
Oct 13 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11401]: + ??? root:rubyman
Oct 13 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406867 of user rubyman.
Oct 13 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11401]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406867.
Oct 13 20:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7539]: pam_unix(cron:session): session closed for user root
Oct 13 20:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: Invalid user sistema from 41.203.213.8
Oct 13 20:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: input_userauth_request: invalid user sistema [preauth]
Oct 13 20:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 20:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: Failed password for invalid user sistema from 41.203.213.8 port 59758 ssh2
Oct 13 20:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: Received disconnect from 41.203.213.8 port 59758:11: Bye Bye [preauth]
Oct 13 20:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: Disconnected from 41.203.213.8 port 59758 [preauth]
Oct 13 20:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11332]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10271]: pam_unix(cron:session): session closed for user root
Oct 13 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11904]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11902]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11900]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11971]: Successful su for rubyman by root
Oct 13 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11971]: + ??? root:rubyman
Oct 13 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406870 of user rubyman.
Oct 13 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11971]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406870.
Oct 13 20:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8457]: pam_unix(cron:session): session closed for user root
Oct 13 20:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12133]: Invalid user daniele from 103.234.151.178
Oct 13 20:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12133]: input_userauth_request: invalid user daniele [preauth]
Oct 13 20:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12133]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12133]: Failed password for invalid user daniele from 103.234.151.178 port 40704 ssh2
Oct 13 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12133]: Received disconnect from 103.234.151.178 port 40704:11: Bye Bye [preauth]
Oct 13 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12133]: Disconnected from 103.234.151.178 port 40704 [preauth]
Oct 13 20:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12185]: Invalid user mapr from 138.68.190.216
Oct 13 20:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12185]: input_userauth_request: invalid user mapr [preauth]
Oct 13 20:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12185]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.190.216
Oct 13 20:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12185]: Failed password for invalid user mapr from 138.68.190.216 port 56736 ssh2
Oct 13 20:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12185]: Connection closed by 138.68.190.216 port 56736 [preauth]
Oct 13 20:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11901]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: Invalid user ftpuser from 103.26.136.173
Oct 13 20:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 20:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10865]: pam_unix(cron:session): session closed for user root
Oct 13 20:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: Failed password for invalid user ftpuser from 103.26.136.173 port 59078 ssh2
Oct 13 20:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: Received disconnect from 103.26.136.173 port 59078:11: Bye Bye [preauth]
Oct 13 20:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: Disconnected from 103.26.136.173 port 59078 [preauth]
Oct 13 20:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8  user=root
Oct 13 20:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Failed password for root from 41.203.213.8 port 54670 ssh2
Oct 13 20:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Received disconnect from 41.203.213.8 port 54670:11: Bye Bye [preauth]
Oct 13 20:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Disconnected from 41.203.213.8 port 54670 [preauth]
Oct 13 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12379]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12377]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12375]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12461]: Successful su for rubyman by root
Oct 13 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12461]: + ??? root:rubyman
Oct 13 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406875 of user rubyman.
Oct 13 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12461]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406875.
Oct 13 20:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9050]: pam_unix(cron:session): session closed for user root
Oct 13 20:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12376]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11334]: pam_unix(cron:session): session closed for user root
Oct 13 20:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: Invalid user hanif from 103.234.151.178
Oct 13 20:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: input_userauth_request: invalid user hanif [preauth]
Oct 13 20:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: Failed password for invalid user hanif from 103.234.151.178 port 9736 ssh2
Oct 13 20:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: Received disconnect from 103.234.151.178 port 9736:11: Bye Bye [preauth]
Oct 13 20:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: Disconnected from 103.234.151.178 port 9736 [preauth]
Oct 13 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12881]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12879]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12880]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12877]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12872]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12881]: pam_unix(cron:session): session closed for user root
Oct 13 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12872]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12967]: Successful su for rubyman by root
Oct 13 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12967]: + ??? root:rubyman
Oct 13 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406882 of user rubyman.
Oct 13 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12967]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406882.
Oct 13 20:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12877]: pam_unix(cron:session): session closed for user root
Oct 13 20:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9698]: pam_unix(cron:session): session closed for user root
Oct 13 20:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12875]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13380]: Invalid user dima from 103.26.136.173
Oct 13 20:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13380]: input_userauth_request: invalid user dima [preauth]
Oct 13 20:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13380]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13380]: Failed password for invalid user dima from 103.26.136.173 port 39318 ssh2
Oct 13 20:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13380]: Received disconnect from 103.26.136.173 port 39318:11: Bye Bye [preauth]
Oct 13 20:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13380]: Disconnected from 103.26.136.173 port 39318 [preauth]
Oct 13 20:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13420]: Invalid user MC from 41.203.213.8
Oct 13 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13420]: input_userauth_request: invalid user MC [preauth]
Oct 13 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13420]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 20:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13420]: Failed password for invalid user MC from 41.203.213.8 port 41670 ssh2
Oct 13 20:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13420]: Received disconnect from 41.203.213.8 port 41670:11: Bye Bye [preauth]
Oct 13 20:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13420]: Disconnected from 41.203.213.8 port 41670 [preauth]
Oct 13 20:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11904]: pam_unix(cron:session): session closed for user root
Oct 13 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13533]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13532]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13529]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13606]: Successful su for rubyman by root
Oct 13 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13606]: + ??? root:rubyman
Oct 13 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406884 of user rubyman.
Oct 13 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13606]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406884.
Oct 13 20:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10270]: pam_unix(cron:session): session closed for user root
Oct 13 20:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Invalid user admin from 103.234.151.178
Oct 13 20:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: input_userauth_request: invalid user admin [preauth]
Oct 13 20:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Failed password for invalid user admin from 103.234.151.178 port 42312 ssh2
Oct 13 20:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Received disconnect from 103.234.151.178 port 42312:11: Bye Bye [preauth]
Oct 13 20:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Disconnected from 103.234.151.178 port 42312 [preauth]
Oct 13 20:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12379]: pam_unix(cron:session): session closed for user root
Oct 13 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14011]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14010]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14008]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14171]: Successful su for rubyman by root
Oct 13 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14171]: + ??? root:rubyman
Oct 13 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14171]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406891 of user rubyman.
Oct 13 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14171]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406891.
Oct 13 20:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10864]: pam_unix(cron:session): session closed for user root
Oct 13 20:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: Invalid user cosmo from 41.203.213.8
Oct 13 20:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: input_userauth_request: invalid user cosmo [preauth]
Oct 13 20:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 20:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: Failed password for invalid user cosmo from 41.203.213.8 port 34860 ssh2
Oct 13 20:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: Invalid user alvaro from 103.26.136.173
Oct 13 20:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: input_userauth_request: invalid user alvaro [preauth]
Oct 13 20:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: Received disconnect from 41.203.213.8 port 34860:11: Bye Bye [preauth]
Oct 13 20:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14353]: Disconnected from 41.203.213.8 port 34860 [preauth]
Oct 13 20:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: Failed password for invalid user alvaro from 103.26.136.173 port 47792 ssh2
Oct 13 20:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: Received disconnect from 103.26.136.173 port 47792:11: Bye Bye [preauth]
Oct 13 20:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: Disconnected from 103.26.136.173 port 47792 [preauth]
Oct 13 20:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14009]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12880]: pam_unix(cron:session): session closed for user root
Oct 13 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14553]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14554]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14548]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14623]: Successful su for rubyman by root
Oct 13 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14623]: + ??? root:rubyman
Oct 13 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406894 of user rubyman.
Oct 13 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14623]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406894.
Oct 13 20:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 13 20:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14690]: Failed password for root from 103.234.151.178 port 11354 ssh2
Oct 13 20:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14690]: Received disconnect from 103.234.151.178 port 11354:11: Bye Bye [preauth]
Oct 13 20:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14690]: Disconnected from 103.234.151.178 port 11354 [preauth]
Oct 13 20:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11333]: pam_unix(cron:session): session closed for user root
Oct 13 20:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14552]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13533]: pam_unix(cron:session): session closed for user root
Oct 13 20:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14974]: Invalid user max from 41.203.213.8
Oct 13 20:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14974]: input_userauth_request: invalid user max [preauth]
Oct 13 20:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14974]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 20:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14974]: Failed password for invalid user max from 41.203.213.8 port 46022 ssh2
Oct 13 20:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14974]: Received disconnect from 41.203.213.8 port 46022:11: Bye Bye [preauth]
Oct 13 20:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14974]: Disconnected from 41.203.213.8 port 46022 [preauth]
Oct 13 20:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173  user=root
Oct 13 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15031]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15030]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15025]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15028]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15305]: Successful su for rubyman by root
Oct 13 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15305]: + ??? root:rubyman
Oct 13 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406896 of user rubyman.
Oct 13 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15305]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406896.
Oct 13 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: Failed password for root from 103.26.136.173 port 56272 ssh2
Oct 13 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15025]: pam_unix(cron:session): session closed for user root
Oct 13 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: Received disconnect from 103.26.136.173 port 56272:11: Bye Bye [preauth]
Oct 13 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15011]: Disconnected from 103.26.136.173 port 56272 [preauth]
Oct 13 20:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11902]: pam_unix(cron:session): session closed for user root
Oct 13 20:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15029]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14011]: pam_unix(cron:session): session closed for user root
Oct 13 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15682]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15684]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15679]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15680]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15684]: pam_unix(cron:session): session closed for user root
Oct 13 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15677]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: Successful su for rubyman by root
Oct 13 20:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: + ??? root:rubyman
Oct 13 20:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406901 of user rubyman.
Oct 13 20:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406901.
Oct 13 20:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15679]: pam_unix(cron:session): session closed for user root
Oct 13 20:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12377]: pam_unix(cron:session): session closed for user root
Oct 13 20:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15678]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: Invalid user admin from 2.57.121.25
Oct 13 20:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: input_userauth_request: invalid user admin [preauth]
Oct 13 20:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 20:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: Invalid user ubuntu from 41.203.213.8
Oct 13 20:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 20:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 20:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: Failed password for invalid user admin from 2.57.121.25 port 43736 ssh2
Oct 13 20:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: Failed password for invalid user ubuntu from 41.203.213.8 port 43440 ssh2
Oct 13 20:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: Received disconnect from 41.203.213.8 port 43440:11: Bye Bye [preauth]
Oct 13 20:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: Disconnected from 41.203.213.8 port 43440 [preauth]
Oct 13 20:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: Failed password for invalid user admin from 2.57.121.25 port 43736 ssh2
Oct 13 20:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: Failed password for invalid user admin from 2.57.121.25 port 43736 ssh2
Oct 13 20:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: Failed password for invalid user admin from 2.57.121.25 port 43736 ssh2
Oct 13 20:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: Failed password for invalid user admin from 2.57.121.25 port 43736 ssh2
Oct 13 20:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: Received disconnect from 2.57.121.25 port 43736:11: Bye [preauth]
Oct 13 20:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: Disconnected from 2.57.121.25 port 43736 [preauth]
Oct 13 20:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 20:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 20:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14554]: pam_unix(cron:session): session closed for user root
Oct 13 20:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16124]: Invalid user yinshishu from 103.26.136.173
Oct 13 20:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16124]: input_userauth_request: invalid user yinshishu [preauth]
Oct 13 20:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16124]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16124]: Failed password for invalid user yinshishu from 103.26.136.173 port 36510 ssh2
Oct 13 20:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16124]: Received disconnect from 103.26.136.173 port 36510:11: Bye Bye [preauth]
Oct 13 20:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16124]: Disconnected from 103.26.136.173 port 36510 [preauth]
Oct 13 20:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16135]: Invalid user nikola from 103.234.151.178
Oct 13 20:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16135]: input_userauth_request: invalid user nikola [preauth]
Oct 13 20:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16135]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16135]: Failed password for invalid user nikola from 103.234.151.178 port 43974 ssh2
Oct 13 20:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16135]: Received disconnect from 103.234.151.178 port 43974:11: Bye Bye [preauth]
Oct 13 20:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16135]: Disconnected from 103.234.151.178 port 43974 [preauth]
Oct 13 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16176]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16177]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16174]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16257]: Successful su for rubyman by root
Oct 13 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16257]: + ??? root:rubyman
Oct 13 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406907 of user rubyman.
Oct 13 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16257]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406907.
Oct 13 20:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12879]: pam_unix(cron:session): session closed for user root
Oct 13 20:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16175]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15031]: pam_unix(cron:session): session closed for user root
Oct 13 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16655]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16654]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16652]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16719]: Successful su for rubyman by root
Oct 13 20:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16719]: + ??? root:rubyman
Oct 13 20:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406912 of user rubyman.
Oct 13 20:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16719]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406912.
Oct 13 20:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13532]: pam_unix(cron:session): session closed for user root
Oct 13 20:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16653]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: Invalid user sduran from 103.234.151.178
Oct 13 20:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: input_userauth_request: invalid user sduran [preauth]
Oct 13 20:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: Invalid user gitlab from 103.26.136.173
Oct 13 20:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: input_userauth_request: invalid user gitlab [preauth]
Oct 13 20:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: Failed password for invalid user sduran from 103.234.151.178 port 13020 ssh2
Oct 13 20:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: Received disconnect from 103.234.151.178 port 13020:11: Bye Bye [preauth]
Oct 13 20:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: Disconnected from 103.234.151.178 port 13020 [preauth]
Oct 13 20:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: Failed password for invalid user gitlab from 103.26.136.173 port 44982 ssh2
Oct 13 20:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: Received disconnect from 103.26.136.173 port 44982:11: Bye Bye [preauth]
Oct 13 20:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: Disconnected from 103.26.136.173 port 44982 [preauth]
Oct 13 20:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15682]: pam_unix(cron:session): session closed for user root
Oct 13 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17119]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17118]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17111]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17184]: Successful su for rubyman by root
Oct 13 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17184]: + ??? root:rubyman
Oct 13 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406915 of user rubyman.
Oct 13 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17184]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406915.
Oct 13 20:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14010]: pam_unix(cron:session): session closed for user root
Oct 13 20:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.38.148.202  user=root
Oct 13 20:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: Failed password for root from 89.38.148.202 port 45266 ssh2
Oct 13 20:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: Connection closed by 89.38.148.202 port 45266 [preauth]
Oct 13 20:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17112]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16177]: pam_unix(cron:session): session closed for user root
Oct 13 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17565]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17563]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17564]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17566]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17563]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17640]: Successful su for rubyman by root
Oct 13 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17640]: + ??? root:rubyman
Oct 13 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406919 of user rubyman.
Oct 13 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17640]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406919.
Oct 13 20:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14553]: pam_unix(cron:session): session closed for user root
Oct 13 20:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 13 20:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: Failed password for root from 103.234.151.178 port 45592 ssh2
Oct 13 20:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: Received disconnect from 103.234.151.178 port 45592:11: Bye Bye [preauth]
Oct 13 20:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: Disconnected from 103.234.151.178 port 45592 [preauth]
Oct 13 20:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17564]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: Invalid user hanif from 103.26.136.173
Oct 13 20:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: input_userauth_request: invalid user hanif [preauth]
Oct 13 20:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: Failed password for invalid user hanif from 103.26.136.173 port 53460 ssh2
Oct 13 20:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: Received disconnect from 103.26.136.173 port 53460:11: Bye Bye [preauth]
Oct 13 20:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: Disconnected from 103.26.136.173 port 53460 [preauth]
Oct 13 20:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16655]: pam_unix(cron:session): session closed for user root
Oct 13 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18249]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18247]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18246]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18248]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18249]: pam_unix(cron:session): session closed for user root
Oct 13 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18244]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18418]: Successful su for rubyman by root
Oct 13 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18418]: + ??? root:rubyman
Oct 13 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406924 of user rubyman.
Oct 13 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18418]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406924.
Oct 13 20:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18246]: pam_unix(cron:session): session closed for user root
Oct 13 20:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15030]: pam_unix(cron:session): session closed for user root
Oct 13 20:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18245]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17119]: pam_unix(cron:session): session closed for user root
Oct 13 20:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Invalid user laura from 103.234.151.178
Oct 13 20:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: input_userauth_request: invalid user laura [preauth]
Oct 13 20:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Failed password for invalid user laura from 103.234.151.178 port 14630 ssh2
Oct 13 20:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Received disconnect from 103.234.151.178 port 14630:11: Bye Bye [preauth]
Oct 13 20:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Disconnected from 103.234.151.178 port 14630 [preauth]
Oct 13 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18876]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18875]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18869]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19080]: Successful su for rubyman by root
Oct 13 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19080]: + ??? root:rubyman
Oct 13 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406929 of user rubyman.
Oct 13 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19080]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406929.
Oct 13 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: Invalid user zhangyi from 103.26.136.173
Oct 13 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: input_userauth_request: invalid user zhangyi [preauth]
Oct 13 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: Failed password for invalid user zhangyi from 103.26.136.173 port 33696 ssh2
Oct 13 20:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: Received disconnect from 103.26.136.173 port 33696:11: Bye Bye [preauth]
Oct 13 20:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19075]: Disconnected from 103.26.136.173 port 33696 [preauth]
Oct 13 20:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15680]: pam_unix(cron:session): session closed for user root
Oct 13 20:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Invalid user ftpuser from 41.203.213.8
Oct 13 20:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 20:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 20:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18870]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Failed password for invalid user ftpuser from 41.203.213.8 port 47742 ssh2
Oct 13 20:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Received disconnect from 41.203.213.8 port 47742:11: Bye Bye [preauth]
Oct 13 20:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Disconnected from 41.203.213.8 port 47742 [preauth]
Oct 13 20:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17566]: pam_unix(cron:session): session closed for user root
Oct 13 20:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19800]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19802]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19794]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19794]: pam_unix(cron:session): session closed for user root
Oct 13 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19796]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19909]: Successful su for rubyman by root
Oct 13 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19909]: + ??? root:rubyman
Oct 13 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406934 of user rubyman.
Oct 13 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19909]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406934.
Oct 13 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74  user=root
Oct 13 20:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19791]: Failed password for root from 78.128.112.74 port 58830 ssh2
Oct 13 20:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19791]: Connection closed by 78.128.112.74 port 58830 [preauth]
Oct 13 20:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16176]: pam_unix(cron:session): session closed for user root
Oct 13 20:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19799]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 13 20:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20197]: Failed password for root from 103.234.151.178 port 47204 ssh2
Oct 13 20:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20197]: Received disconnect from 103.234.151.178 port 47204:11: Bye Bye [preauth]
Oct 13 20:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20197]: Disconnected from 103.234.151.178 port 47204 [preauth]
Oct 13 20:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18248]: pam_unix(cron:session): session closed for user root
Oct 13 20:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20325]: Invalid user postgres from 103.26.136.173
Oct 13 20:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20325]: input_userauth_request: invalid user postgres [preauth]
Oct 13 20:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20325]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20325]: Failed password for invalid user postgres from 103.26.136.173 port 42170 ssh2
Oct 13 20:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20325]: Received disconnect from 103.26.136.173 port 42170:11: Bye Bye [preauth]
Oct 13 20:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20325]: Disconnected from 103.26.136.173 port 42170 [preauth]
Oct 13 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20360]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20357]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20358]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20355]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20439]: Successful su for rubyman by root
Oct 13 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20439]: + ??? root:rubyman
Oct 13 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20439]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406939 of user rubyman.
Oct 13 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20439]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406939.
Oct 13 20:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: Invalid user steam from 41.203.213.8
Oct 13 20:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: input_userauth_request: invalid user steam [preauth]
Oct 13 20:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 20:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: Failed password for invalid user steam from 41.203.213.8 port 52082 ssh2
Oct 13 20:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: Received disconnect from 41.203.213.8 port 52082:11: Bye Bye [preauth]
Oct 13 20:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: Disconnected from 41.203.213.8 port 52082 [preauth]
Oct 13 20:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16654]: pam_unix(cron:session): session closed for user root
Oct 13 20:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20357]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20736]: Did not receive identification string from 95.84.134.186
Oct 13 20:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18876]: pam_unix(cron:session): session closed for user root
Oct 13 20:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: Invalid user brainy from 164.68.105.9
Oct 13 20:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: input_userauth_request: invalid user brainy [preauth]
Oct 13 20:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 20:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: Failed password for invalid user brainy from 164.68.105.9 port 43344 ssh2
Oct 13 20:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: Connection closed by 164.68.105.9 port 43344 [preauth]
Oct 13 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20841]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20840]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20838]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20913]: Successful su for rubyman by root
Oct 13 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20913]: + ??? root:rubyman
Oct 13 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406943 of user rubyman.
Oct 13 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20913]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406943.
Oct 13 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 13 20:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20899]: Failed password for root from 103.234.151.178 port 16232 ssh2
Oct 13 20:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20899]: Received disconnect from 103.234.151.178 port 16232:11: Bye Bye [preauth]
Oct 13 20:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20899]: Disconnected from 103.234.151.178 port 16232 [preauth]
Oct 13 20:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17118]: pam_unix(cron:session): session closed for user root
Oct 13 20:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20839]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19802]: pam_unix(cron:session): session closed for user root
Oct 13 20:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: Invalid user peace from 103.26.136.173
Oct 13 20:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: input_userauth_request: invalid user peace [preauth]
Oct 13 20:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: Failed password for invalid user peace from 103.26.136.173 port 50644 ssh2
Oct 13 20:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: Received disconnect from 103.26.136.173 port 50644:11: Bye Bye [preauth]
Oct 13 20:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: Disconnected from 103.26.136.173 port 50644 [preauth]
Oct 13 20:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20738]: Invalid user a from 95.84.134.186
Oct 13 20:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20738]: input_userauth_request: invalid user a [preauth]
Oct 13 20:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21244]: Invalid user odoo from 41.203.213.8
Oct 13 20:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21244]: input_userauth_request: invalid user odoo [preauth]
Oct 13 20:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21244]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 20:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20738]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.84.134.186
Oct 13 20:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21244]: Failed password for invalid user odoo from 41.203.213.8 port 56056 ssh2
Oct 13 20:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21244]: Received disconnect from 41.203.213.8 port 56056:11: Bye Bye [preauth]
Oct 13 20:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21244]: Disconnected from 41.203.213.8 port 56056 [preauth]
Oct 13 20:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20738]: Failed password for invalid user a from 95.84.134.186 port 39570 ssh2
Oct 13 20:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20738]: Connection closed by 95.84.134.186 port 39570 [preauth]
Oct 13 20:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21318]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21319]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21317]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21315]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21319]: pam_unix(cron:session): session closed for user root
Oct 13 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21313]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21444]: Successful su for rubyman by root
Oct 13 20:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21444]: + ??? root:rubyman
Oct 13 20:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406946 of user rubyman.
Oct 13 20:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21444]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406946.
Oct 13 20:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21315]: pam_unix(cron:session): session closed for user root
Oct 13 20:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17565]: pam_unix(cron:session): session closed for user root
Oct 13 20:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21314]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21300]: Invalid user nil from 95.84.134.186
Oct 13 20:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21300]: input_userauth_request: invalid user nil [preauth]
Oct 13 20:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20360]: pam_unix(cron:session): session closed for user root
Oct 13 20:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21300]: Failed none for invalid user nil from 95.84.134.186 port 34642 ssh2
Oct 13 20:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: Invalid user behzad from 103.234.151.178
Oct 13 20:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: input_userauth_request: invalid user behzad [preauth]
Oct 13 20:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: Failed password for invalid user behzad from 103.234.151.178 port 48802 ssh2
Oct 13 20:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21300]: Connection closed by 95.84.134.186 port 34642 [preauth]
Oct 13 20:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: Received disconnect from 103.234.151.178 port 48802:11: Bye Bye [preauth]
Oct 13 20:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: Disconnected from 103.234.151.178 port 48802 [preauth]
Oct 13 20:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21881]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21880]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21878]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21952]: Successful su for rubyman by root
Oct 13 20:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21952]: + ??? root:rubyman
Oct 13 20:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406954 of user rubyman.
Oct 13 20:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21952]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406954.
Oct 13 20:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18247]: pam_unix(cron:session): session closed for user root
Oct 13 20:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21879]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173  user=root
Oct 13 20:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: Failed password for root from 103.26.136.173 port 59112 ssh2
Oct 13 20:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: Received disconnect from 103.26.136.173 port 59112:11: Bye Bye [preauth]
Oct 13 20:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: Disconnected from 103.26.136.173 port 59112 [preauth]
Oct 13 20:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22252]: Invalid user admin from 41.203.213.8
Oct 13 20:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22252]: input_userauth_request: invalid user admin [preauth]
Oct 13 20:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22252]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 20:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22252]: Failed password for invalid user admin from 41.203.213.8 port 56768 ssh2
Oct 13 20:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22252]: Received disconnect from 41.203.213.8 port 56768:11: Bye Bye [preauth]
Oct 13 20:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22252]: Disconnected from 41.203.213.8 port 56768 [preauth]
Oct 13 20:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21834]: Invalid user admin from 95.84.134.186
Oct 13 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21834]: input_userauth_request: invalid user admin [preauth]
Oct 13 20:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21834]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.84.134.186
Oct 13 20:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: Invalid user moth3r from 62.60.131.157
Oct 13 20:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: input_userauth_request: invalid user moth3r [preauth]
Oct 13 20:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 20:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20841]: pam_unix(cron:session): session closed for user root
Oct 13 20:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21834]: Failed password for invalid user admin from 95.84.134.186 port 54438 ssh2
Oct 13 20:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: Failed password for invalid user moth3r from 62.60.131.157 port 62985 ssh2
Oct 13 20:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21834]: Connection closed by 95.84.134.186 port 54438 [preauth]
Oct 13 20:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: Failed password for invalid user moth3r from 62.60.131.157 port 62985 ssh2
Oct 13 20:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: Failed password for invalid user moth3r from 62.60.131.157 port 62985 ssh2
Oct 13 20:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: Failed password for invalid user moth3r from 62.60.131.157 port 62985 ssh2
Oct 13 20:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: Failed password for invalid user moth3r from 62.60.131.157 port 62985 ssh2
Oct 13 20:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22348]: Did not receive identification string from 171.36.250.49
Oct 13 20:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: Received disconnect from 62.60.131.157 port 62985:11: Bye [preauth]
Oct 13 20:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: Disconnected from 62.60.131.157 port 62985 [preauth]
Oct 13 20:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 20:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22294]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 20:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: Invalid user user from 62.60.131.157
Oct 13 20:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: input_userauth_request: invalid user user [preauth]
Oct 13 20:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 20:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: Failed password for invalid user user from 62.60.131.157 port 17039 ssh2
Oct 13 20:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: Failed password for invalid user user from 62.60.131.157 port 17039 ssh2
Oct 13 20:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: Failed password for invalid user user from 62.60.131.157 port 17039 ssh2
Oct 13 20:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22392]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22391]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22389]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: Failed password for invalid user user from 62.60.131.157 port 17039 ssh2
Oct 13 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22466]: Successful su for rubyman by root
Oct 13 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22466]: + ??? root:rubyman
Oct 13 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406958 of user rubyman.
Oct 13 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22466]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406958.
Oct 13 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: Failed password for invalid user user from 62.60.131.157 port 17039 ssh2
Oct 13 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: Received disconnect from 62.60.131.157 port 17039:11: Bye [preauth]
Oct 13 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: Disconnected from 62.60.131.157 port 17039 [preauth]
Oct 13 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 20:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18875]: pam_unix(cron:session): session closed for user root
Oct 13 20:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Invalid user dima from 103.234.151.178
Oct 13 20:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: input_userauth_request: invalid user dima [preauth]
Oct 13 20:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Failed password for invalid user dima from 103.234.151.178 port 17830 ssh2
Oct 13 20:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Received disconnect from 103.234.151.178 port 17830:11: Bye Bye [preauth]
Oct 13 20:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Disconnected from 103.234.151.178 port 17830 [preauth]
Oct 13 20:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22390]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21318]: pam_unix(cron:session): session closed for user root
Oct 13 20:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8  user=root
Oct 13 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23230]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23229]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23223]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23204]: Failed password for root from 41.203.213.8 port 60620 ssh2
Oct 13 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23204]: Received disconnect from 41.203.213.8 port 60620:11: Bye Bye [preauth]
Oct 13 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23204]: Disconnected from 41.203.213.8 port 60620 [preauth]
Oct 13 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23310]: Successful su for rubyman by root
Oct 13 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23310]: + ??? root:rubyman
Oct 13 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23310]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406960 of user rubyman.
Oct 13 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23310]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406960.
Oct 13 20:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23348]: Invalid user sduran from 103.26.136.173
Oct 13 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23348]: input_userauth_request: invalid user sduran [preauth]
Oct 13 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23348]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23348]: Failed password for invalid user sduran from 103.26.136.173 port 39356 ssh2
Oct 13 20:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23348]: Received disconnect from 103.26.136.173 port 39356:11: Bye Bye [preauth]
Oct 13 20:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23348]: Disconnected from 103.26.136.173 port 39356 [preauth]
Oct 13 20:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19800]: pam_unix(cron:session): session closed for user root
Oct 13 20:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23228]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21881]: pam_unix(cron:session): session closed for user root
Oct 13 20:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23984]: Invalid user cmu from 138.68.190.216
Oct 13 20:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23984]: input_userauth_request: invalid user cmu [preauth]
Oct 13 20:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23984]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.190.216
Oct 13 20:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23984]: Failed password for invalid user cmu from 138.68.190.216 port 48006 ssh2
Oct 13 20:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23984]: Connection closed by 138.68.190.216 port 48006 [preauth]
Oct 13 20:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24015]: Invalid user zhangyi from 103.234.151.178
Oct 13 20:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24015]: input_userauth_request: invalid user zhangyi [preauth]
Oct 13 20:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24015]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24015]: Failed password for invalid user zhangyi from 103.234.151.178 port 50410 ssh2
Oct 13 20:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24015]: Received disconnect from 103.234.151.178 port 50410:11: Bye Bye [preauth]
Oct 13 20:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24015]: Disconnected from 103.234.151.178 port 50410 [preauth]
Oct 13 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24056]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24055]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24053]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24152]: Successful su for rubyman by root
Oct 13 20:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24152]: + ??? root:rubyman
Oct 13 20:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406967 of user rubyman.
Oct 13 20:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24152]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406967.
Oct 13 20:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20358]: pam_unix(cron:session): session closed for user root
Oct 13 20:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24054]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22392]: pam_unix(cron:session): session closed for user root
Oct 13 20:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: Invalid user egarcia from 41.203.213.8
Oct 13 20:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: input_userauth_request: invalid user egarcia [preauth]
Oct 13 20:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 20:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: Failed password for invalid user egarcia from 41.203.213.8 port 52020 ssh2
Oct 13 20:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: Received disconnect from 41.203.213.8 port 52020:11: Bye Bye [preauth]
Oct 13 20:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: Disconnected from 41.203.213.8 port 52020 [preauth]
Oct 13 20:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173  user=root
Oct 13 20:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24561]: Failed password for root from 103.26.136.173 port 47832 ssh2
Oct 13 20:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24561]: Received disconnect from 103.26.136.173 port 47832:11: Bye Bye [preauth]
Oct 13 20:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24561]: Disconnected from 103.26.136.173 port 47832 [preauth]
Oct 13 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24587]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24586]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24590]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24585]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24590]: pam_unix(cron:session): session closed for user root
Oct 13 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24583]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24670]: Successful su for rubyman by root
Oct 13 20:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24670]: + ??? root:rubyman
Oct 13 20:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406968 of user rubyman.
Oct 13 20:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24670]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406968.
Oct 13 20:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24585]: pam_unix(cron:session): session closed for user root
Oct 13 20:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20840]: pam_unix(cron:session): session closed for user root
Oct 13 20:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24584]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: Invalid user manasa from 103.234.151.178
Oct 13 20:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: input_userauth_request: invalid user manasa [preauth]
Oct 13 20:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: Failed password for invalid user manasa from 103.234.151.178 port 19462 ssh2
Oct 13 20:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: Received disconnect from 103.234.151.178 port 19462:11: Bye Bye [preauth]
Oct 13 20:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24997]: Disconnected from 103.234.151.178 port 19462 [preauth]
Oct 13 20:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23230]: pam_unix(cron:session): session closed for user root
Oct 13 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25110]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25109]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25105]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25210]: Successful su for rubyman by root
Oct 13 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25210]: + ??? root:rubyman
Oct 13 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406974 of user rubyman.
Oct 13 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25210]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406974.
Oct 13 20:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21317]: pam_unix(cron:session): session closed for user root
Oct 13 20:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25106]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: Invalid user premier from 41.203.213.8
Oct 13 20:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: input_userauth_request: invalid user premier [preauth]
Oct 13 20:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 20:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: Failed password for invalid user premier from 41.203.213.8 port 59644 ssh2
Oct 13 20:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: Received disconnect from 41.203.213.8 port 59644:11: Bye Bye [preauth]
Oct 13 20:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: Disconnected from 41.203.213.8 port 59644 [preauth]
Oct 13 20:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173  user=root
Oct 13 20:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24056]: pam_unix(cron:session): session closed for user root
Oct 13 20:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: Failed password for root from 103.26.136.173 port 56302 ssh2
Oct 13 20:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: Received disconnect from 103.26.136.173 port 56302:11: Bye Bye [preauth]
Oct 13 20:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: Disconnected from 103.26.136.173 port 56302 [preauth]
Oct 13 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25911]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25913]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25909]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25999]: Successful su for rubyman by root
Oct 13 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25999]: + ??? root:rubyman
Oct 13 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406980 of user rubyman.
Oct 13 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25999]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406980.
Oct 13 20:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21880]: pam_unix(cron:session): session closed for user root
Oct 13 20:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: Invalid user nemo from 103.234.151.178
Oct 13 20:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: input_userauth_request: invalid user nemo [preauth]
Oct 13 20:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: Failed password for invalid user nemo from 103.234.151.178 port 52038 ssh2
Oct 13 20:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: Received disconnect from 103.234.151.178 port 52038:11: Bye Bye [preauth]
Oct 13 20:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: Disconnected from 103.234.151.178 port 52038 [preauth]
Oct 13 20:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25910]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24587]: pam_unix(cron:session): session closed for user root
Oct 13 20:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26386]: Invalid user pablo from 41.203.213.8
Oct 13 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26386]: input_userauth_request: invalid user pablo [preauth]
Oct 13 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26386]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26492]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26491]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26401]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26561]: Successful su for rubyman by root
Oct 13 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26561]: + ??? root:rubyman
Oct 13 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406983 of user rubyman.
Oct 13 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26561]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406983.
Oct 13 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26386]: Failed password for invalid user pablo from 41.203.213.8 port 35882 ssh2
Oct 13 20:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26386]: Received disconnect from 41.203.213.8 port 35882:11: Bye Bye [preauth]
Oct 13 20:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26386]: Disconnected from 41.203.213.8 port 35882 [preauth]
Oct 13 20:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22391]: pam_unix(cron:session): session closed for user root
Oct 13 20:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26402]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: Invalid user glassfish from 103.26.136.173
Oct 13 20:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: input_userauth_request: invalid user glassfish [preauth]
Oct 13 20:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: Failed password for invalid user glassfish from 103.26.136.173 port 36544 ssh2
Oct 13 20:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: Received disconnect from 103.26.136.173 port 36544:11: Bye Bye [preauth]
Oct 13 20:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: Disconnected from 103.26.136.173 port 36544 [preauth]
Oct 13 20:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25110]: pam_unix(cron:session): session closed for user root
Oct 13 20:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Invalid user alvaro from 103.234.151.178
Oct 13 20:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: input_userauth_request: invalid user alvaro [preauth]
Oct 13 20:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Failed password for invalid user alvaro from 103.234.151.178 port 21080 ssh2
Oct 13 20:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Received disconnect from 103.234.151.178 port 21080:11: Bye Bye [preauth]
Oct 13 20:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Disconnected from 103.234.151.178 port 21080 [preauth]
Oct 13 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27207]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27210]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27204]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27275]: Successful su for rubyman by root
Oct 13 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27275]: + ??? root:rubyman
Oct 13 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406987 of user rubyman.
Oct 13 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27275]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406987.
Oct 13 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23229]: pam_unix(cron:session): session closed for user root
Oct 13 20:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27206]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25913]: pam_unix(cron:session): session closed for user root
Oct 13 20:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27902]: Invalid user test_user from 41.203.213.8
Oct 13 20:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27902]: input_userauth_request: invalid user test_user [preauth]
Oct 13 20:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27902]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 20:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27902]: Failed password for invalid user test_user from 41.203.213.8 port 41264 ssh2
Oct 13 20:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27902]: Received disconnect from 41.203.213.8 port 41264:11: Bye Bye [preauth]
Oct 13 20:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27902]: Disconnected from 41.203.213.8 port 41264 [preauth]
Oct 13 20:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27919]: Invalid user testsite from 190.103.202.7
Oct 13 20:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27919]: input_userauth_request: invalid user testsite [preauth]
Oct 13 20:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27919]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 13 20:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27919]: Failed password for invalid user testsite from 190.103.202.7 port 49006 ssh2
Oct 13 20:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27919]: Connection closed by 190.103.202.7 port 49006 [preauth]
Oct 13 20:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27970]: Invalid user behzad from 103.26.136.173
Oct 13 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27970]: input_userauth_request: invalid user behzad [preauth]
Oct 13 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27970]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27981]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27984]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27980]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27982]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27983]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27984]: pam_unix(cron:session): session closed for user root
Oct 13 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27977]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27970]: Failed password for invalid user behzad from 103.26.136.173 port 45012 ssh2
Oct 13 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28066]: Successful su for rubyman by root
Oct 13 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28066]: + ??? root:rubyman
Oct 13 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406990 of user rubyman.
Oct 13 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28066]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406990.
Oct 13 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27970]: Received disconnect from 103.26.136.173 port 45012:11: Bye Bye [preauth]
Oct 13 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27970]: Disconnected from 103.26.136.173 port 45012 [preauth]
Oct 13 20:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27981]: pam_unix(cron:session): session closed for user root
Oct 13 20:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24055]: pam_unix(cron:session): session closed for user root
Oct 13 20:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27980]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: Invalid user hari from 103.234.151.178
Oct 13 20:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: input_userauth_request: invalid user hari [preauth]
Oct 13 20:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: Failed password for invalid user hari from 103.234.151.178 port 53658 ssh2
Oct 13 20:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: Received disconnect from 103.234.151.178 port 53658:11: Bye Bye [preauth]
Oct 13 20:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: Disconnected from 103.234.151.178 port 53658 [preauth]
Oct 13 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: Invalid user grid from 138.68.190.216
Oct 13 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: input_userauth_request: invalid user grid [preauth]
Oct 13 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.190.216
Oct 13 20:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: Failed password for invalid user grid from 138.68.190.216 port 34818 ssh2
Oct 13 20:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: Connection closed by 138.68.190.216 port 34818 [preauth]
Oct 13 20:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26492]: pam_unix(cron:session): session closed for user root
Oct 13 20:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: Invalid user filipe from 118.145.201.53
Oct 13 20:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: input_userauth_request: invalid user filipe [preauth]
Oct 13 20:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.145.201.53
Oct 13 20:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: Failed password for invalid user filipe from 118.145.201.53 port 41052 ssh2
Oct 13 20:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: Received disconnect from 118.145.201.53 port 41052:11: Bye Bye [preauth]
Oct 13 20:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: Disconnected from 118.145.201.53 port 41052 [preauth]
Oct 13 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28737]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28736]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28734]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28825]: Successful su for rubyman by root
Oct 13 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28825]: + ??? root:rubyman
Oct 13 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 406996 of user rubyman.
Oct 13 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28825]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 406996.
Oct 13 20:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24586]: pam_unix(cron:session): session closed for user root
Oct 13 20:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28735]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8  user=root
Oct 13 20:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29206]: Failed password for root from 41.203.213.8 port 40728 ssh2
Oct 13 20:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29206]: Received disconnect from 41.203.213.8 port 40728:11: Bye Bye [preauth]
Oct 13 20:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29206]: Disconnected from 41.203.213.8 port 40728 [preauth]
Oct 13 20:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27210]: pam_unix(cron:session): session closed for user root
Oct 13 20:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: Invalid user laura from 103.26.136.173
Oct 13 20:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: input_userauth_request: invalid user laura [preauth]
Oct 13 20:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: Failed password for invalid user laura from 103.26.136.173 port 53482 ssh2
Oct 13 20:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: Received disconnect from 103.26.136.173 port 53482:11: Bye Bye [preauth]
Oct 13 20:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: Disconnected from 103.26.136.173 port 53482 [preauth]
Oct 13 20:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: Invalid user oracle from 103.234.151.178
Oct 13 20:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: input_userauth_request: invalid user oracle [preauth]
Oct 13 20:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: Failed password for invalid user oracle from 103.234.151.178 port 22706 ssh2
Oct 13 20:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: Received disconnect from 103.234.151.178 port 22706:11: Bye Bye [preauth]
Oct 13 20:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: Disconnected from 103.234.151.178 port 22706 [preauth]
Oct 13 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29363]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29364]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29361]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29362]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29361]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29435]: Successful su for rubyman by root
Oct 13 20:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29435]: + ??? root:rubyman
Oct 13 20:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407000 of user rubyman.
Oct 13 20:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29435]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407000.
Oct 13 20:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25109]: pam_unix(cron:session): session closed for user root
Oct 13 20:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.145.201.53  user=root
Oct 13 20:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29542]: Failed password for root from 118.145.201.53 port 24934 ssh2
Oct 13 20:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29542]: Received disconnect from 118.145.201.53 port 24934:11: Bye Bye [preauth]
Oct 13 20:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29542]: Disconnected from 118.145.201.53 port 24934 [preauth]
Oct 13 20:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29362]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27983]: pam_unix(cron:session): session closed for user root
Oct 13 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29862]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29865]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29860]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29946]: Successful su for rubyman by root
Oct 13 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29946]: + ??? root:rubyman
Oct 13 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407004 of user rubyman.
Oct 13 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29946]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407004.
Oct 13 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: Invalid user github from 41.203.213.8
Oct 13 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: input_userauth_request: invalid user github [preauth]
Oct 13 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 20:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: Failed password for invalid user github from 41.203.213.8 port 37436 ssh2
Oct 13 20:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: Received disconnect from 41.203.213.8 port 37436:11: Bye Bye [preauth]
Oct 13 20:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: Disconnected from 41.203.213.8 port 37436 [preauth]
Oct 13 20:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25911]: pam_unix(cron:session): session closed for user root
Oct 13 20:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49  user=root
Oct 13 20:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30171]: Failed password for root from 171.36.250.49 port 35190 ssh2
Oct 13 20:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30171]: Connection closed by 171.36.250.49 port 35190 [preauth]
Oct 13 20:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29861]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: Invalid user admin from 171.36.250.49
Oct 13 20:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: input_userauth_request: invalid user admin [preauth]
Oct 13 20:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: Failed password for invalid user admin from 171.36.250.49 port 46274 ssh2
Oct 13 20:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: Connection closed by 171.36.250.49 port 46274 [preauth]
Oct 13 20:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49  user=root
Oct 13 20:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: Failed password for root from 171.36.250.49 port 57256 ssh2
Oct 13 20:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: Connection closed by 171.36.250.49 port 57256 [preauth]
Oct 13 20:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49  user=root
Oct 13 20:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: Failed password for root from 171.36.250.49 port 38606 ssh2
Oct 13 20:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: Connection closed by 171.36.250.49 port 38606 [preauth]
Oct 13 20:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30264]: Invalid user ubuntu from 171.36.250.49
Oct 13 20:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30264]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 20:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30264]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30264]: Failed password for invalid user ubuntu from 171.36.250.49 port 49676 ssh2
Oct 13 20:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30264]: Connection closed by 171.36.250.49 port 49676 [preauth]
Oct 13 20:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30281]: Invalid user dspace from 171.36.250.49
Oct 13 20:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30281]: input_userauth_request: invalid user dspace [preauth]
Oct 13 20:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30281]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173  user=root
Oct 13 20:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30286]: Invalid user shellinabox from 103.234.151.178
Oct 13 20:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30286]: input_userauth_request: invalid user shellinabox [preauth]
Oct 13 20:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30286]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30281]: Failed password for invalid user dspace from 171.36.250.49 port 58692 ssh2
Oct 13 20:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30281]: Connection closed by 171.36.250.49 port 58692 [preauth]
Oct 13 20:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30283]: Failed password for root from 103.26.136.173 port 33728 ssh2
Oct 13 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30283]: Received disconnect from 103.26.136.173 port 33728:11: Bye Bye [preauth]
Oct 13 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30283]: Disconnected from 103.26.136.173 port 33728 [preauth]
Oct 13 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30286]: Failed password for invalid user shellinabox from 103.234.151.178 port 55280 ssh2
Oct 13 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30286]: Received disconnect from 103.234.151.178 port 55280:11: Bye Bye [preauth]
Oct 13 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30286]: Disconnected from 103.234.151.178 port 55280 [preauth]
Oct 13 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: Invalid user deploy from 171.36.250.49
Oct 13 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: input_userauth_request: invalid user deploy [preauth]
Oct 13 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: Invalid user rr from 118.145.201.53
Oct 13 20:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: input_userauth_request: invalid user rr [preauth]
Oct 13 20:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.145.201.53
Oct 13 20:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: Failed password for invalid user deploy from 171.36.250.49 port 40750 ssh2
Oct 13 20:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30303]: Connection closed by 171.36.250.49 port 40750 [preauth]
Oct 13 20:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: Failed password for invalid user rr from 118.145.201.53 port 32092 ssh2
Oct 13 20:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: Received disconnect from 118.145.201.53 port 32092:11: Bye Bye [preauth]
Oct 13 20:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: Disconnected from 118.145.201.53 port 32092 [preauth]
Oct 13 20:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30306]: Invalid user devuser from 171.36.250.49
Oct 13 20:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30306]: input_userauth_request: invalid user devuser [preauth]
Oct 13 20:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30306]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28737]: pam_unix(cron:session): session closed for user root
Oct 13 20:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30306]: Failed password for invalid user devuser from 171.36.250.49 port 50166 ssh2
Oct 13 20:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30306]: Connection closed by 171.36.250.49 port 50166 [preauth]
Oct 13 20:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: Invalid user fa from 171.36.250.49
Oct 13 20:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: input_userauth_request: invalid user fa [preauth]
Oct 13 20:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: Failed password for invalid user fa from 171.36.250.49 port 59570 ssh2
Oct 13 20:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30362]: Connection closed by 171.36.250.49 port 59570 [preauth]
Oct 13 20:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30365]: Invalid user postgres from 171.36.250.49
Oct 13 20:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30365]: input_userauth_request: invalid user postgres [preauth]
Oct 13 20:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30365]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30365]: Failed password for invalid user postgres from 171.36.250.49 port 42224 ssh2
Oct 13 20:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30365]: Connection closed by 171.36.250.49 port 42224 [preauth]
Oct 13 20:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49  user=root
Oct 13 20:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: Failed password for root from 171.36.250.49 port 51804 ssh2
Oct 13 20:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: Connection closed by 171.36.250.49 port 51804 [preauth]
Oct 13 20:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: Invalid user db2inst1 from 171.36.250.49
Oct 13 20:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: input_userauth_request: invalid user db2inst1 [preauth]
Oct 13 20:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: Failed password for invalid user db2inst1 from 171.36.250.49 port 32896 ssh2
Oct 13 20:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30388]: Connection closed by 171.36.250.49 port 32896 [preauth]
Oct 13 20:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30410]: Invalid user odoo from 171.36.250.49
Oct 13 20:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30410]: input_userauth_request: invalid user odoo [preauth]
Oct 13 20:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30410]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30410]: Failed password for invalid user odoo from 171.36.250.49 port 42106 ssh2
Oct 13 20:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30410]: Connection closed by 171.36.250.49 port 42106 [preauth]
Oct 13 20:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: Invalid user testuser from 171.36.250.49
Oct 13 20:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: input_userauth_request: invalid user testuser [preauth]
Oct 13 20:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: Failed password for invalid user testuser from 171.36.250.49 port 52066 ssh2
Oct 13 20:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30420]: Connection closed by 171.36.250.49 port 52066 [preauth]
Oct 13 20:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: Invalid user odoo18 from 171.36.250.49
Oct 13 20:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: input_userauth_request: invalid user odoo18 [preauth]
Oct 13 20:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: Failed password for invalid user odoo18 from 171.36.250.49 port 34022 ssh2
Oct 13 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: Connection closed by 171.36.250.49 port 34022 [preauth]
Oct 13 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30466]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30465]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30462]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30462]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49  user=root
Oct 13 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30615]: Successful su for rubyman by root
Oct 13 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30615]: + ??? root:rubyman
Oct 13 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30615]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407008 of user rubyman.
Oct 13 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30615]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407008.
Oct 13 20:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: Failed password for root from 171.36.250.49 port 45764 ssh2
Oct 13 20:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: Connection closed by 171.36.250.49 port 45764 [preauth]
Oct 13 20:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49  user=root
Oct 13 20:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30694]: Failed password for root from 171.36.250.49 port 56550 ssh2
Oct 13 20:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30694]: Connection closed by 171.36.250.49 port 56550 [preauth]
Oct 13 20:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26491]: pam_unix(cron:session): session closed for user root
Oct 13 20:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49  user=root
Oct 13 20:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30786]: Failed password for root from 171.36.250.49 port 39840 ssh2
Oct 13 20:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30786]: Connection closed by 171.36.250.49 port 39840 [preauth]
Oct 13 20:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30812]: Invalid user vyos from 171.36.250.49
Oct 13 20:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30812]: input_userauth_request: invalid user vyos [preauth]
Oct 13 20:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30812]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30812]: Failed password for invalid user vyos from 171.36.250.49 port 50120 ssh2
Oct 13 20:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30812]: Connection closed by 171.36.250.49 port 50120 [preauth]
Oct 13 20:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: Invalid user oracle from 171.36.250.49
Oct 13 20:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: input_userauth_request: invalid user oracle [preauth]
Oct 13 20:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30463]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: Failed password for invalid user oracle from 171.36.250.49 port 60518 ssh2
Oct 13 20:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: Connection closed by 171.36.250.49 port 60518 [preauth]
Oct 13 20:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30861]: Invalid user nanopi from 171.36.250.49
Oct 13 20:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30861]: input_userauth_request: invalid user nanopi [preauth]
Oct 13 20:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30861]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30861]: Failed password for invalid user nanopi from 171.36.250.49 port 41646 ssh2
Oct 13 20:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30861]: Connection closed by 171.36.250.49 port 41646 [preauth]
Oct 13 20:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49  user=root
Oct 13 20:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30878]: Failed password for root from 171.36.250.49 port 49846 ssh2
Oct 13 20:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30878]: Connection closed by 171.36.250.49 port 49846 [preauth]
Oct 13 20:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49  user=root
Oct 13 20:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30882]: Failed password for root from 171.36.250.49 port 60850 ssh2
Oct 13 20:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30882]: Connection closed by 171.36.250.49 port 60850 [preauth]
Oct 13 20:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: Invalid user elastic from 171.36.250.49
Oct 13 20:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: input_userauth_request: invalid user elastic [preauth]
Oct 13 20:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: Failed password for invalid user elastic from 171.36.250.49 port 45952 ssh2
Oct 13 20:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: Connection closed by 171.36.250.49 port 45952 [preauth]
Oct 13 20:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49  user=root
Oct 13 20:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: Failed password for root from 171.36.250.49 port 55612 ssh2
Oct 13 20:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: Connection closed by 171.36.250.49 port 55612 [preauth]
Oct 13 20:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: Invalid user vpnuser from 171.36.250.49
Oct 13 20:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: input_userauth_request: invalid user vpnuser [preauth]
Oct 13 20:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29364]: pam_unix(cron:session): session closed for user root
Oct 13 20:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: Failed password for invalid user vpnuser from 171.36.250.49 port 39244 ssh2
Oct 13 20:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30924]: Connection closed by 171.36.250.49 port 39244 [preauth]
Oct 13 20:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30966]: Invalid user openhabian from 171.36.250.49
Oct 13 20:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30966]: input_userauth_request: invalid user openhabian [preauth]
Oct 13 20:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30966]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30966]: Failed password for invalid user openhabian from 171.36.250.49 port 49946 ssh2
Oct 13 20:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30966]: Connection closed by 171.36.250.49 port 49946 [preauth]
Oct 13 20:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30969]: Invalid user hadoop from 171.36.250.49
Oct 13 20:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30969]: input_userauth_request: invalid user hadoop [preauth]
Oct 13 20:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30969]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: Invalid user newuser from 41.203.213.8
Oct 13 20:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: input_userauth_request: invalid user newuser [preauth]
Oct 13 20:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 20:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30969]: Failed password for invalid user hadoop from 171.36.250.49 port 59236 ssh2
Oct 13 20:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30969]: Connection closed by 171.36.250.49 port 59236 [preauth]
Oct 13 20:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30983]: Invalid user devopsuser from 171.36.250.49
Oct 13 20:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30983]: input_userauth_request: invalid user devopsuser [preauth]
Oct 13 20:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30983]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: Failed password for invalid user newuser from 41.203.213.8 port 43244 ssh2
Oct 13 20:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: Received disconnect from 41.203.213.8 port 43244:11: Bye Bye [preauth]
Oct 13 20:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30971]: Disconnected from 41.203.213.8 port 43244 [preauth]
Oct 13 20:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30983]: Failed password for invalid user devopsuser from 171.36.250.49 port 40412 ssh2
Oct 13 20:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30983]: Connection closed by 171.36.250.49 port 40412 [preauth]
Oct 13 20:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: Invalid user test from 171.36.250.49
Oct 13 20:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: input_userauth_request: invalid user test [preauth]
Oct 13 20:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: Failed password for invalid user test from 171.36.250.49 port 51124 ssh2
Oct 13 20:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31008]: Connection closed by 171.36.250.49 port 51124 [preauth]
Oct 13 20:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49  user=root
Oct 13 20:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: Failed password for root from 171.36.250.49 port 60898 ssh2
Oct 13 20:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31024]: Connection closed by 171.36.250.49 port 60898 [preauth]
Oct 13 20:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: Invalid user odroid from 171.36.250.49
Oct 13 20:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: input_userauth_request: invalid user odroid [preauth]
Oct 13 20:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: Failed password for invalid user odroid from 171.36.250.49 port 43386 ssh2
Oct 13 20:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: Connection closed by 171.36.250.49 port 43386 [preauth]
Oct 13 20:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: Invalid user linaro from 171.36.250.49
Oct 13 20:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: input_userauth_request: invalid user linaro [preauth]
Oct 13 20:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31065]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31066]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31067]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31068]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31068]: pam_unix(cron:session): session closed for user root
Oct 13 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31061]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: Failed password for invalid user linaro from 171.36.250.49 port 54200 ssh2
Oct 13 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: Connection closed by 171.36.250.49 port 54200 [preauth]
Oct 13 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: Invalid user glassfish from 103.234.151.178
Oct 13 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: input_userauth_request: invalid user glassfish [preauth]
Oct 13 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Invalid user admin from 171.36.250.49
Oct 13 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: input_userauth_request: invalid user admin [preauth]
Oct 13 20:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31162]: Successful su for rubyman by root
Oct 13 20:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31162]: + ??? root:rubyman
Oct 13 20:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407016 of user rubyman.
Oct 13 20:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31162]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407016.
Oct 13 20:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: Failed password for invalid user glassfish from 103.234.151.178 port 24318 ssh2
Oct 13 20:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: Received disconnect from 103.234.151.178 port 24318:11: Bye Bye [preauth]
Oct 13 20:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: Disconnected from 103.234.151.178 port 24318 [preauth]
Oct 13 20:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Failed password for invalid user admin from 171.36.250.49 port 35850 ssh2
Oct 13 20:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Connection closed by 171.36.250.49 port 35850 [preauth]
Oct 13 20:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: Invalid user ts3 from 171.36.250.49
Oct 13 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: input_userauth_request: invalid user ts3 [preauth]
Oct 13 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: Failed password for invalid user ts3 from 171.36.250.49 port 46772 ssh2
Oct 13 20:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: Connection closed by 171.36.250.49 port 46772 [preauth]
Oct 13 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31065]: pam_unix(cron:session): session closed for user root
Oct 13 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27207]: pam_unix(cron:session): session closed for user root
Oct 13 20:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: Invalid user deploy from 171.36.250.49
Oct 13 20:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: input_userauth_request: invalid user deploy [preauth]
Oct 13 20:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: Failed password for invalid user deploy from 171.36.250.49 port 58236 ssh2
Oct 13 20:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: Connection closed by 171.36.250.49 port 58236 [preauth]
Oct 13 20:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49  user=root
Oct 13 20:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: Failed password for root from 171.36.250.49 port 40014 ssh2
Oct 13 20:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31371]: Connection closed by 171.36.250.49 port 40014 [preauth]
Oct 13 20:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31387]: Invalid user ubuntu from 171.36.250.49
Oct 13 20:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31387]: input_userauth_request: invalid user ubuntu [preauth]
Oct 13 20:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31387]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173  user=root
Oct 13 20:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31387]: Failed password for invalid user ubuntu from 171.36.250.49 port 48916 ssh2
Oct 13 20:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31387]: Connection closed by 171.36.250.49 port 48916 [preauth]
Oct 13 20:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31064]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: Failed password for root from 103.26.136.173 port 42206 ssh2
Oct 13 20:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: Received disconnect from 103.26.136.173 port 42206:11: Bye Bye [preauth]
Oct 13 20:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: Disconnected from 103.26.136.173 port 42206 [preauth]
Oct 13 20:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31459]: Invalid user user from 171.36.250.49
Oct 13 20:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31459]: input_userauth_request: invalid user user [preauth]
Oct 13 20:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31459]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31459]: Failed password for invalid user user from 171.36.250.49 port 59984 ssh2
Oct 13 20:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31459]: Connection closed by 171.36.250.49 port 59984 [preauth]
Oct 13 20:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31492]: Invalid user moxa from 171.36.250.49
Oct 13 20:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31492]: input_userauth_request: invalid user moxa [preauth]
Oct 13 20:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31492]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31492]: Failed password for invalid user moxa from 171.36.250.49 port 42294 ssh2
Oct 13 20:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31492]: Connection closed by 171.36.250.49 port 42294 [preauth]
Oct 13 20:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31504]: Invalid user minecraft from 171.36.250.49
Oct 13 20:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31504]: input_userauth_request: invalid user minecraft [preauth]
Oct 13 20:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31504]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31504]: Failed password for invalid user minecraft from 171.36.250.49 port 54178 ssh2
Oct 13 20:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31504]: Connection closed by 171.36.250.49 port 54178 [preauth]
Oct 13 20:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: Invalid user admin from 171.36.250.49
Oct 13 20:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: input_userauth_request: invalid user admin [preauth]
Oct 13 20:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: Failed password for invalid user admin from 171.36.250.49 port 35514 ssh2
Oct 13 20:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: Connection closed by 171.36.250.49 port 35514 [preauth]
Oct 13 20:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: Invalid user jenkins from 171.36.250.49
Oct 13 20:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: input_userauth_request: invalid user jenkins [preauth]
Oct 13 20:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: Failed password for invalid user jenkins from 171.36.250.49 port 48652 ssh2
Oct 13 20:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: Connection closed by 171.36.250.49 port 48652 [preauth]
Oct 13 20:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49  user=root
Oct 13 20:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29865]: pam_unix(cron:session): session closed for user root
Oct 13 20:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: Failed password for root from 171.36.250.49 port 58830 ssh2
Oct 13 20:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: Connection closed by 171.36.250.49 port 58830 [preauth]
Oct 13 20:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49  user=root
Oct 13 20:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31685]: Failed password for root from 171.36.250.49 port 44416 ssh2
Oct 13 20:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31685]: Connection closed by 171.36.250.49 port 44416 [preauth]
Oct 13 20:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49  user=root
Oct 13 20:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31703]: Failed password for root from 171.36.250.49 port 59084 ssh2
Oct 13 20:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31703]: Connection closed by 171.36.250.49 port 59084 [preauth]
Oct 13 20:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31713]: Invalid user admin from 171.36.250.49
Oct 13 20:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31713]: input_userauth_request: invalid user admin [preauth]
Oct 13 20:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31713]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31713]: Failed password for invalid user admin from 171.36.250.49 port 40256 ssh2
Oct 13 20:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31713]: Connection closed by 171.36.250.49 port 40256 [preauth]
Oct 13 20:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49  user=root
Oct 13 20:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Failed password for root from 171.36.250.49 port 51420 ssh2
Oct 13 20:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Connection closed by 171.36.250.49 port 51420 [preauth]
Oct 13 20:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31748]: Invalid user admin from 171.36.250.49
Oct 13 20:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31748]: input_userauth_request: invalid user admin [preauth]
Oct 13 20:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31748]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31748]: Failed password for invalid user admin from 171.36.250.49 port 34282 ssh2
Oct 13 20:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31748]: Connection closed by 171.36.250.49 port 34282 [preauth]
Oct 13 20:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: Invalid user vpn from 171.36.250.49
Oct 13 20:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: input_userauth_request: invalid user vpn [preauth]
Oct 13 20:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: Failed password for invalid user vpn from 171.36.250.49 port 46180 ssh2
Oct 13 20:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: Connection closed by 171.36.250.49 port 46180 [preauth]
Oct 13 20:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31770]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31769]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31766]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31762]: Invalid user ansible from 171.36.250.49
Oct 13 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31762]: input_userauth_request: invalid user ansible [preauth]
Oct 13 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31762]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49
Oct 13 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31845]: Successful su for rubyman by root
Oct 13 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31845]: + ??? root:rubyman
Oct 13 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407018 of user rubyman.
Oct 13 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31845]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407018.
Oct 13 20:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31762]: Failed password for invalid user ansible from 171.36.250.49 port 58128 ssh2
Oct 13 20:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31762]: Connection closed by 171.36.250.49 port 58128 [preauth]
Oct 13 20:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31905]: User ftp from 171.36.250.49 not allowed because not listed in AllowUsers
Oct 13 20:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31905]: input_userauth_request: invalid user ftp [preauth]
Oct 13 20:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.36.250.49  user=ftp
Oct 13 20:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31905]: Failed password for invalid user ftp from 171.36.250.49 port 39808 ssh2
Oct 13 20:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31905]: Connection closed by 171.36.250.49 port 39808 [preauth]
Oct 13 20:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27982]: pam_unix(cron:session): session closed for user root
Oct 13 20:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31768]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8  user=root
Oct 13 20:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: Failed password for root from 41.203.213.8 port 37654 ssh2
Oct 13 20:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: Received disconnect from 41.203.213.8 port 37654:11: Bye Bye [preauth]
Oct 13 20:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: Disconnected from 41.203.213.8 port 37654 [preauth]
Oct 13 20:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: Invalid user umair from 103.234.151.178
Oct 13 20:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: input_userauth_request: invalid user umair [preauth]
Oct 13 20:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: Failed password for invalid user umair from 103.234.151.178 port 56882 ssh2
Oct 13 20:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: Received disconnect from 103.234.151.178 port 56882:11: Bye Bye [preauth]
Oct 13 20:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32232]: Disconnected from 103.234.151.178 port 56882 [preauth]
Oct 13 20:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30466]: pam_unix(cron:session): session closed for user root
Oct 13 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32331]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32332]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32326]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32401]: Successful su for rubyman by root
Oct 13 20:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32401]: + ??? root:rubyman
Oct 13 20:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407024 of user rubyman.
Oct 13 20:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32401]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407024.
Oct 13 20:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: Invalid user hari from 103.26.136.173
Oct 13 20:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: input_userauth_request: invalid user hari [preauth]
Oct 13 20:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: Failed password for invalid user hari from 103.26.136.173 port 50680 ssh2
Oct 13 20:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: Received disconnect from 103.26.136.173 port 50680:11: Bye Bye [preauth]
Oct 13 20:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32387]: Disconnected from 103.26.136.173 port 50680 [preauth]
Oct 13 20:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28736]: pam_unix(cron:session): session closed for user root
Oct 13 20:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32327]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31067]: pam_unix(cron:session): session closed for user root
Oct 13 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[327]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[326]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[324]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[398]: Successful su for rubyman by root
Oct 13 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[398]: + ??? root:rubyman
Oct 13 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407026 of user rubyman.
Oct 13 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[398]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407026.
Oct 13 20:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29363]: pam_unix(cron:session): session closed for user root
Oct 13 20:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[325]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: Invalid user peace from 103.234.151.178
Oct 13 20:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: input_userauth_request: invalid user peace [preauth]
Oct 13 20:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: Failed password for invalid user peace from 103.234.151.178 port 25920 ssh2
Oct 13 20:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: Received disconnect from 103.234.151.178 port 25920:11: Bye Bye [preauth]
Oct 13 20:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: Disconnected from 103.234.151.178 port 25920 [preauth]
Oct 13 20:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: Invalid user aan from 41.203.213.8
Oct 13 20:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: input_userauth_request: invalid user aan [preauth]
Oct 13 20:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 20:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: Failed password for invalid user aan from 41.203.213.8 port 50576 ssh2
Oct 13 20:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: Received disconnect from 41.203.213.8 port 50576:11: Bye Bye [preauth]
Oct 13 20:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[650]: Disconnected from 41.203.213.8 port 50576 [preauth]
Oct 13 20:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31770]: pam_unix(cron:session): session closed for user root
Oct 13 20:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173  user=root
Oct 13 20:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: Failed password for root from 103.26.136.173 port 59162 ssh2
Oct 13 20:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: Received disconnect from 103.26.136.173 port 59162:11: Bye Bye [preauth]
Oct 13 20:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[779]: Disconnected from 103.26.136.173 port 59162 [preauth]
Oct 13 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[821]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[817]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[812]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[815]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1095]: Successful su for rubyman by root
Oct 13 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1095]: + ??? root:rubyman
Oct 13 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407030 of user rubyman.
Oct 13 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1095]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407030.
Oct 13 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[812]: pam_unix(cron:session): session closed for user root
Oct 13 20:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29862]: pam_unix(cron:session): session closed for user root
Oct 13 20:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[816]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32332]: pam_unix(cron:session): session closed for user root
Oct 13 20:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 13 20:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1490]: Failed password for root from 103.234.151.178 port 58494 ssh2
Oct 13 20:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1490]: Received disconnect from 103.234.151.178 port 58494:11: Bye Bye [preauth]
Oct 13 20:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1490]: Disconnected from 103.234.151.178 port 58494 [preauth]
Oct 13 20:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8  user=root
Oct 13 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1502]: Failed password for root from 41.203.213.8 port 46466 ssh2
Oct 13 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1518]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1519]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1516]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1517]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1519]: pam_unix(cron:session): session closed for user root
Oct 13 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1514]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1502]: Received disconnect from 41.203.213.8 port 46466:11: Bye Bye [preauth]
Oct 13 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1502]: Disconnected from 41.203.213.8 port 46466 [preauth]
Oct 13 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1594]: Successful su for rubyman by root
Oct 13 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1594]: + ??? root:rubyman
Oct 13 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407035 of user rubyman.
Oct 13 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1594]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407035.
Oct 13 20:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1516]: pam_unix(cron:session): session closed for user root
Oct 13 20:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30465]: pam_unix(cron:session): session closed for user root
Oct 13 20:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1515]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2046]: Invalid user umair from 103.26.136.173
Oct 13 20:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2046]: input_userauth_request: invalid user umair [preauth]
Oct 13 20:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2046]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[327]: pam_unix(cron:session): session closed for user root
Oct 13 20:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2046]: Failed password for invalid user umair from 103.26.136.173 port 39408 ssh2
Oct 13 20:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2046]: Received disconnect from 103.26.136.173 port 39408:11: Bye Bye [preauth]
Oct 13 20:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2046]: Disconnected from 103.26.136.173 port 39408 [preauth]
Oct 13 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2128]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2127]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2126]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2125]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2125]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2216]: Successful su for rubyman by root
Oct 13 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2216]: + ??? root:rubyman
Oct 13 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407042 of user rubyman.
Oct 13 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2216]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407042.
Oct 13 20:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31066]: pam_unix(cron:session): session closed for user root
Oct 13 20:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2126]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2509]: Invalid user vpn from 103.234.151.178
Oct 13 20:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2509]: input_userauth_request: invalid user vpn [preauth]
Oct 13 20:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2509]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2509]: Failed password for invalid user vpn from 103.234.151.178 port 27534 ssh2
Oct 13 20:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2509]: Received disconnect from 103.234.151.178 port 27534:11: Bye Bye [preauth]
Oct 13 20:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2509]: Disconnected from 103.234.151.178 port 27534 [preauth]
Oct 13 20:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: Invalid user homeassistant from 41.203.213.8
Oct 13 20:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: input_userauth_request: invalid user homeassistant [preauth]
Oct 13 20:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 20:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[821]: pam_unix(cron:session): session closed for user root
Oct 13 20:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: Failed password for invalid user homeassistant from 41.203.213.8 port 35196 ssh2
Oct 13 20:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: Received disconnect from 41.203.213.8 port 35196:11: Bye Bye [preauth]
Oct 13 20:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: Disconnected from 41.203.213.8 port 35196 [preauth]
Oct 13 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2602]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2601]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2598]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2598]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2682]: Successful su for rubyman by root
Oct 13 20:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2682]: + ??? root:rubyman
Oct 13 20:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407047 of user rubyman.
Oct 13 20:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2682]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407047.
Oct 13 20:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: Invalid user admin from 116.110.20.102
Oct 13 20:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: input_userauth_request: invalid user admin [preauth]
Oct 13 20:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.20.102
Oct 13 20:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: Failed password for invalid user admin from 116.110.20.102 port 33192 ssh2
Oct 13 20:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: Connection closed by 116.110.20.102 port 33192 [preauth]
Oct 13 20:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31769]: pam_unix(cron:session): session closed for user root
Oct 13 20:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: Invalid user dspace from 138.68.58.124
Oct 13 20:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: input_userauth_request: invalid user dspace [preauth]
Oct 13 20:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Oct 13 20:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2600]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: Failed password for invalid user dspace from 138.68.58.124 port 50818 ssh2
Oct 13 20:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: Connection closed by 138.68.58.124 port 50818 [preauth]
Oct 13 20:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2924]: Invalid user vpn from 103.26.136.173
Oct 13 20:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2924]: input_userauth_request: invalid user vpn [preauth]
Oct 13 20:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2924]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2924]: Failed password for invalid user vpn from 103.26.136.173 port 47876 ssh2
Oct 13 20:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2924]: Received disconnect from 103.26.136.173 port 47876:11: Bye Bye [preauth]
Oct 13 20:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2924]: Disconnected from 103.26.136.173 port 47876 [preauth]
Oct 13 20:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1518]: pam_unix(cron:session): session closed for user root
Oct 13 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3074]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3075]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3072]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3136]: Successful su for rubyman by root
Oct 13 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3136]: + ??? root:rubyman
Oct 13 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407050 of user rubyman.
Oct 13 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3136]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407050.
Oct 13 20:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32331]: pam_unix(cron:session): session closed for user root
Oct 13 20:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 13 20:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Failed password for root from 103.234.151.178 port 60104 ssh2
Oct 13 20:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Received disconnect from 103.234.151.178 port 60104:11: Bye Bye [preauth]
Oct 13 20:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Disconnected from 103.234.151.178 port 60104 [preauth]
Oct 13 20:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3073]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: Invalid user appadmin from 41.203.213.8
Oct 13 20:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: input_userauth_request: invalid user appadmin [preauth]
Oct 13 20:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.203.213.8
Oct 13 20:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: Failed password for invalid user appadmin from 41.203.213.8 port 42666 ssh2
Oct 13 20:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: Received disconnect from 41.203.213.8 port 42666:11: Bye Bye [preauth]
Oct 13 20:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: Disconnected from 41.203.213.8 port 42666 [preauth]
Oct 13 20:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2128]: pam_unix(cron:session): session closed for user root
Oct 13 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3541]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3540]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3536]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3607]: Successful su for rubyman by root
Oct 13 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3607]: + ??? root:rubyman
Oct 13 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407055 of user rubyman.
Oct 13 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3607]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407055.
Oct 13 20:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3671]: Invalid user admin from 103.26.136.173
Oct 13 20:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3671]: input_userauth_request: invalid user admin [preauth]
Oct 13 20:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3671]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3671]: Failed password for invalid user admin from 103.26.136.173 port 56352 ssh2
Oct 13 20:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3671]: Received disconnect from 103.26.136.173 port 56352:11: Bye Bye [preauth]
Oct 13 20:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3671]: Disconnected from 103.26.136.173 port 56352 [preauth]
Oct 13 20:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[326]: pam_unix(cron:session): session closed for user root
Oct 13 20:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3538]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2602]: pam_unix(cron:session): session closed for user root
Oct 13 20:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.22.233  user=root
Oct 13 20:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3934]: Failed password for root from 116.110.22.233 port 49814 ssh2
Oct 13 20:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3934]: Connection closed by 116.110.22.233 port 49814 [preauth]
Oct 13 20:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3970]: Invalid user gitlab from 103.234.151.178
Oct 13 20:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3970]: input_userauth_request: invalid user gitlab [preauth]
Oct 13 20:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3970]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3970]: Failed password for invalid user gitlab from 103.234.151.178 port 29134 ssh2
Oct 13 20:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3970]: Received disconnect from 103.234.151.178 port 29134:11: Bye Bye [preauth]
Oct 13 20:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3970]: Disconnected from 103.234.151.178 port 29134 [preauth]
Oct 13 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3997]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3996]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4004]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4003]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4004]: pam_unix(cron:session): session closed for user root
Oct 13 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3994]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4078]: Successful su for rubyman by root
Oct 13 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4078]: + ??? root:rubyman
Oct 13 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4078]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407059 of user rubyman.
Oct 13 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4078]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407059.
Oct 13 20:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3996]: pam_unix(cron:session): session closed for user root
Oct 13 20:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[817]: pam_unix(cron:session): session closed for user root
Oct 13 20:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3995]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3075]: pam_unix(cron:session): session closed for user root
Oct 13 20:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: Invalid user nemo from 103.26.136.173
Oct 13 20:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: input_userauth_request: invalid user nemo [preauth]
Oct 13 20:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: Failed password for invalid user nemo from 103.26.136.173 port 36590 ssh2
Oct 13 20:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: Received disconnect from 103.26.136.173 port 36590:11: Bye Bye [preauth]
Oct 13 20:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4503]: Disconnected from 103.26.136.173 port 36590 [preauth]
Oct 13 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4538]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4533]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4537]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4534]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4533]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4662]: Successful su for rubyman by root
Oct 13 20:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4662]: + ??? root:rubyman
Oct 13 20:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407063 of user rubyman.
Oct 13 20:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4662]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407063.
Oct 13 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: Invalid user admin from 20.163.71.109
Oct 13 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: input_userauth_request: invalid user admin [preauth]
Oct 13 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 13 20:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: Failed password for invalid user admin from 20.163.71.109 port 37524 ssh2
Oct 13 20:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: Connection closed by 20.163.71.109 port 37524 [preauth]
Oct 13 20:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1517]: pam_unix(cron:session): session closed for user root
Oct 13 20:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4534]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: Invalid user postgres from 103.234.151.178
Oct 13 20:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: input_userauth_request: invalid user postgres [preauth]
Oct 13 20:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: Failed password for invalid user postgres from 103.234.151.178 port 61692 ssh2
Oct 13 20:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: Received disconnect from 103.234.151.178 port 61692:11: Bye Bye [preauth]
Oct 13 20:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: Disconnected from 103.234.151.178 port 61692 [preauth]
Oct 13 20:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3541]: pam_unix(cron:session): session closed for user root
Oct 13 20:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: Invalid user user from 116.110.20.102
Oct 13 20:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: input_userauth_request: invalid user user [preauth]
Oct 13 20:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.20.102
Oct 13 20:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: Failed password for invalid user user from 116.110.20.102 port 42646 ssh2
Oct 13 20:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5217]: Connection closed by 116.110.20.102 port 42646 [preauth]
Oct 13 20:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5510]: Invalid user installer from 116.110.20.102
Oct 13 20:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5510]: input_userauth_request: invalid user installer [preauth]
Oct 13 20:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5510]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.20.102
Oct 13 20:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5510]: Failed password for invalid user installer from 116.110.20.102 port 59614 ssh2
Oct 13 20:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5510]: Connection closed by 116.110.20.102 port 59614 [preauth]
Oct 13 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5547]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5549]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5544]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5619]: Successful su for rubyman by root
Oct 13 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5619]: + ??? root:rubyman
Oct 13 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407069 of user rubyman.
Oct 13 20:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5619]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407069.
Oct 13 20:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2127]: pam_unix(cron:session): session closed for user root
Oct 13 20:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5546]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173  user=root
Oct 13 20:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Failed password for root from 103.26.136.173 port 45066 ssh2
Oct 13 20:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Received disconnect from 103.26.136.173 port 45066:11: Bye Bye [preauth]
Oct 13 20:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Disconnected from 103.26.136.173 port 45066 [preauth]
Oct 13 20:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.160.96  user=root
Oct 13 20:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4003]: pam_unix(cron:session): session closed for user root
Oct 13 20:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Failed password for root from 94.177.160.96 port 44070 ssh2
Oct 13 20:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Connection closed by 94.177.160.96 port 44070 [preauth]
Oct 13 20:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6019]: Invalid user ftpuser from 103.234.151.178
Oct 13 20:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6019]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 20:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6019]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 13 20:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6019]: Failed password for invalid user ftpuser from 103.234.151.178 port 30728 ssh2
Oct 13 20:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6019]: Received disconnect from 103.234.151.178 port 30728:11: Bye Bye [preauth]
Oct 13 20:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6019]: Disconnected from 103.234.151.178 port 30728 [preauth]
Oct 13 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6034]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6036]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6032]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6099]: Successful su for rubyman by root
Oct 13 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6099]: + ??? root:rubyman
Oct 13 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407071 of user rubyman.
Oct 13 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6099]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407071.
Oct 13 20:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2601]: pam_unix(cron:session): session closed for user root
Oct 13 20:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6033]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4538]: pam_unix(cron:session): session closed for user root
Oct 13 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6478]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6479]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6475]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6475]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6569]: Successful su for rubyman by root
Oct 13 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6569]: + ??? root:rubyman
Oct 13 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407075 of user rubyman.
Oct 13 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6569]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407075.
Oct 13 20:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3074]: pam_unix(cron:session): session closed for user root
Oct 13 20:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6477]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Invalid user tester from 103.26.136.173
Oct 13 20:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: input_userauth_request: invalid user tester [preauth]
Oct 13 20:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
Oct 13 20:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Failed password for invalid user tester from 103.26.136.173 port 53544 ssh2
Oct 13 20:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Received disconnect from 103.26.136.173 port 53544:11: Bye Bye [preauth]
Oct 13 20:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Disconnected from 103.26.136.173 port 53544 [preauth]
Oct 13 20:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5549]: pam_unix(cron:session): session closed for user root
Oct 13 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7041]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7038]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7040]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7036]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7041]: pam_unix(cron:session): session closed for user root
Oct 13 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7034]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7169]: Successful su for rubyman by root
Oct 13 20:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7169]: + ??? root:rubyman
Oct 13 20:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7169]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407081 of user rubyman.
Oct 13 20:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7169]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407081.
Oct 13 20:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Invalid user ubnt from 116.110.20.102
Oct 13 20:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: input_userauth_request: invalid user ubnt [preauth]
Oct 13 20:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7036]: pam_unix(cron:session): session closed for user root
Oct 13 20:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.20.102
Oct 13 20:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3540]: pam_unix(cron:session): session closed for user root
Oct 13 20:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Failed password for invalid user ubnt from 116.110.20.102 port 46608 ssh2
Oct 13 20:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Connection closed by 116.110.20.102 port 46608 [preauth]
Oct 13 20:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7035]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6036]: pam_unix(cron:session): session closed for user root
Oct 13 20:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.171.177  user=root
Oct 13 20:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7578]: Failed password for root from 94.177.171.177 port 44856 ssh2
Oct 13 20:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7578]: Connection closed by 94.177.171.177 port 44856 [preauth]
Oct 13 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7628]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7627]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7625]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7714]: Successful su for rubyman by root
Oct 13 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7714]: + ??? root:rubyman
Oct 13 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407085 of user rubyman.
Oct 13 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7714]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407085.
Oct 13 20:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3997]: pam_unix(cron:session): session closed for user root
Oct 13 20:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7626]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6479]: pam_unix(cron:session): session closed for user root
Oct 13 20:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: Invalid user apiadmin from 164.68.105.9
Oct 13 20:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: input_userauth_request: invalid user apiadmin [preauth]
Oct 13 20:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 20:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: Failed password for invalid user apiadmin from 164.68.105.9 port 58860 ssh2
Oct 13 20:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: Connection closed by 164.68.105.9 port 58860 [preauth]
Oct 13 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8545]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8543]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8541]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8541]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8625]: Successful su for rubyman by root
Oct 13 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8625]: + ??? root:rubyman
Oct 13 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8625]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407089 of user rubyman.
Oct 13 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8625]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407089.
Oct 13 20:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4537]: pam_unix(cron:session): session closed for user root
Oct 13 20:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8542]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8994]: Invalid user squid from 116.110.22.233
Oct 13 20:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8994]: input_userauth_request: invalid user squid [preauth]
Oct 13 20:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8994]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.22.233
Oct 13 20:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8994]: Failed password for invalid user squid from 116.110.22.233 port 58262 ssh2
Oct 13 20:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8994]: Connection closed by 116.110.22.233 port 58262 [preauth]
Oct 13 20:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7040]: pam_unix(cron:session): session closed for user root
Oct 13 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9132]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9133]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9131]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9129]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9314]: Successful su for rubyman by root
Oct 13 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9314]: + ??? root:rubyman
Oct 13 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9314]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407093 of user rubyman.
Oct 13 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9314]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407093.
Oct 13 20:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5547]: pam_unix(cron:session): session closed for user root
Oct 13 20:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9131]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 20:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: Failed password for root from 80.211.129.128 port 41966 ssh2
Oct 13 20:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: Connection closed by 80.211.129.128 port 41966 [preauth]
Oct 13 20:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7628]: pam_unix(cron:session): session closed for user root
Oct 13 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9875]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9876]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9870]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9944]: Successful su for rubyman by root
Oct 13 20:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9944]: + ??? root:rubyman
Oct 13 20:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407099 of user rubyman.
Oct 13 20:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9944]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407099.
Oct 13 20:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6034]: pam_unix(cron:session): session closed for user root
Oct 13 20:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9873]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8545]: pam_unix(cron:session): session closed for user root
Oct 13 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10365]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10368]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10364]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10362]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10368]: pam_unix(cron:session): session closed for user root
Oct 13 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10360]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10444]: Successful su for rubyman by root
Oct 13 20:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10444]: + ??? root:rubyman
Oct 13 20:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407103 of user rubyman.
Oct 13 20:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10444]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407103.
Oct 13 20:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10362]: pam_unix(cron:session): session closed for user root
Oct 13 20:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: Invalid user config from 116.110.22.233
Oct 13 20:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: input_userauth_request: invalid user config [preauth]
Oct 13 20:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6478]: pam_unix(cron:session): session closed for user root
Oct 13 20:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.22.233
Oct 13 20:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: Failed password for invalid user config from 116.110.22.233 port 49082 ssh2
Oct 13 20:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: Connection closed by 116.110.22.233 port 49082 [preauth]
Oct 13 20:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10361]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9133]: pam_unix(cron:session): session closed for user root
Oct 13 20:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: Invalid user support from 116.110.20.102
Oct 13 20:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: input_userauth_request: invalid user support [preauth]
Oct 13 20:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.20.102
Oct 13 20:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: Failed password for invalid user support from 116.110.20.102 port 36940 ssh2
Oct 13 20:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: Connection closed by 116.110.20.102 port 36940 [preauth]
Oct 13 20:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: Did not receive identification string from 103.31.144.11
Oct 13 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10871]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10872]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10868]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10946]: Successful su for rubyman by root
Oct 13 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10946]: + ??? root:rubyman
Oct 13 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407108 of user rubyman.
Oct 13 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10946]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407108.
Oct 13 20:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10932]: Received disconnect from 103.31.144.11 port 41228:11: Bye Bye [preauth]
Oct 13 20:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10932]: Disconnected from 103.31.144.11 port 41228 [preauth]
Oct 13 20:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7038]: pam_unix(cron:session): session closed for user root
Oct 13 20:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10869]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9876]: pam_unix(cron:session): session closed for user root
Oct 13 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11337]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11336]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11335]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11334]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11334]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11404]: Successful su for rubyman by root
Oct 13 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11404]: + ??? root:rubyman
Oct 13 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407111 of user rubyman.
Oct 13 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11404]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407111.
Oct 13 20:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7627]: pam_unix(cron:session): session closed for user root
Oct 13 20:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11335]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10365]: pam_unix(cron:session): session closed for user root
Oct 13 20:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.20.102  user=root
Oct 13 20:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Failed password for root from 116.110.20.102 port 46726 ssh2
Oct 13 20:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Connection closed by 116.110.20.102 port 46726 [preauth]
Oct 13 20:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11894]: Invalid user erpuser from 138.68.190.216
Oct 13 20:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11894]: input_userauth_request: invalid user erpuser [preauth]
Oct 13 20:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11894]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 20:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.190.216
Oct 13 20:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11894]: Failed password for invalid user erpuser from 138.68.190.216 port 41368 ssh2
Oct 13 20:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11894]: Connection closed by 138.68.190.216 port 41368 [preauth]
Oct 13 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11911]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11909]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11906]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11978]: Successful su for rubyman by root
Oct 13 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11978]: + ??? root:rubyman
Oct 13 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407115 of user rubyman.
Oct 13 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11978]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407115.
Oct 13 20:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8543]: pam_unix(cron:session): session closed for user root
Oct 13 20:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11907]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10872]: pam_unix(cron:session): session closed for user root
Oct 13 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12386]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12385]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12383]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12382]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12382]: pam_unix(cron:session): session closed for user p13x
Oct 13 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12460]: Successful su for rubyman by root
Oct 13 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12460]: + ??? root:rubyman
Oct 13 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407122 of user rubyman.
Oct 13 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12460]: pam_unix(su:session): session closed for user rubyman
Oct 13 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407122.
Oct 13 20:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9132]: pam_unix(cron:session): session closed for user root
Oct 13 20:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12383]: pam_unix(cron:session): session closed for user samftp
Oct 13 20:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11337]: pam_unix(cron:session): session closed for user root
Oct 13 20:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 20:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.20.102  user=root
Oct 13 21:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12849]: Failed password for root from 116.110.20.102 port 41440 ssh2
Oct 13 21:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12849]: Connection closed by 116.110.20.102 port 41440 [preauth]
Oct 13 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12877]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12866]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12875]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12872]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12865]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12879]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12879]: pam_unix(cron:session): session closed for user root
Oct 13 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12866]: pam_unix(cron:session): session closed for user root
Oct 13 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12863]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13023]: Successful su for rubyman by root
Oct 13 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13023]: + ??? root:rubyman
Oct 13 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407123 of user rubyman.
Oct 13 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13023]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407123.
Oct 13 21:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9875]: pam_unix(cron:session): session closed for user root
Oct 13 21:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12872]: pam_unix(cron:session): session closed for user root
Oct 13 21:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12865]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11911]: pam_unix(cron:session): session closed for user root
Oct 13 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13589]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13590]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13587]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13667]: Successful su for rubyman by root
Oct 13 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13667]: + ??? root:rubyman
Oct 13 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13667]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407130 of user rubyman.
Oct 13 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13667]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407130.
Oct 13 21:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10364]: pam_unix(cron:session): session closed for user root
Oct 13 21:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13588]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12386]: pam_unix(cron:session): session closed for user root
Oct 13 21:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: Invalid user admin from 116.110.22.233
Oct 13 21:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: input_userauth_request: invalid user admin [preauth]
Oct 13 21:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.22.233
Oct 13 21:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: Failed password for invalid user admin from 116.110.22.233 port 46828 ssh2
Oct 13 21:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: Connection closed by 116.110.22.233 port 46828 [preauth]
Oct 13 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14161]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14162]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14157]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14233]: Successful su for rubyman by root
Oct 13 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14233]: + ??? root:rubyman
Oct 13 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407135 of user rubyman.
Oct 13 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14233]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407135.
Oct 13 21:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 13 21:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: Failed password for root from 20.163.71.109 port 54298 ssh2
Oct 13 21:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: Connection closed by 20.163.71.109 port 54298 [preauth]
Oct 13 21:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10871]: pam_unix(cron:session): session closed for user root
Oct 13 21:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14160]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12877]: pam_unix(cron:session): session closed for user root
Oct 13 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14613]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14612]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14610]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14676]: Successful su for rubyman by root
Oct 13 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14676]: + ??? root:rubyman
Oct 13 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407138 of user rubyman.
Oct 13 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14676]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407138.
Oct 13 21:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11336]: pam_unix(cron:session): session closed for user root
Oct 13 21:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14611]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13590]: pam_unix(cron:session): session closed for user root
Oct 13 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15168]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15169]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15166]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15239]: Successful su for rubyman by root
Oct 13 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15239]: + ??? root:rubyman
Oct 13 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407142 of user rubyman.
Oct 13 21:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15239]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407142.
Oct 13 21:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11909]: pam_unix(cron:session): session closed for user root
Oct 13 21:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15167]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14162]: pam_unix(cron:session): session closed for user root
Oct 13 21:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.22.233  user=root
Oct 13 21:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: Failed password for root from 116.110.22.233 port 58400 ssh2
Oct 13 21:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: Connection closed by 116.110.22.233 port 58400 [preauth]
Oct 13 21:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: Invalid user admin from 2.57.121.112
Oct 13 21:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: input_userauth_request: invalid user admin [preauth]
Oct 13 21:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 21:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: Failed password for invalid user admin from 2.57.121.112 port 29631 ssh2
Oct 13 21:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: Failed password for invalid user admin from 2.57.121.112 port 29631 ssh2
Oct 13 21:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: Failed password for invalid user admin from 2.57.121.112 port 29631 ssh2
Oct 13 21:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15625]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15628]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15629]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15624]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15622]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15629]: pam_unix(cron:session): session closed for user root
Oct 13 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15622]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: Failed password for invalid user admin from 2.57.121.112 port 29631 ssh2
Oct 13 21:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: Invalid user system from 116.110.20.102
Oct 13 21:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: input_userauth_request: invalid user system [preauth]
Oct 13 21:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15719]: Successful su for rubyman by root
Oct 13 21:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15719]: + ??? root:rubyman
Oct 13 21:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407147 of user rubyman.
Oct 13 21:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15719]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.20.102
Oct 13 21:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407147.
Oct 13 21:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: Failed password for invalid user admin from 2.57.121.112 port 29631 ssh2
Oct 13 21:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: Failed password for invalid user system from 116.110.20.102 port 34516 ssh2
Oct 13 21:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: Received disconnect from 2.57.121.112 port 29631:11: Bye [preauth]
Oct 13 21:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: Disconnected from 2.57.121.112 port 29631 [preauth]
Oct 13 21:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 21:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15605]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 21:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: Connection closed by 116.110.20.102 port 34516 [preauth]
Oct 13 21:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15624]: pam_unix(cron:session): session closed for user root
Oct 13 21:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12385]: pam_unix(cron:session): session closed for user root
Oct 13 21:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15623]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14613]: pam_unix(cron:session): session closed for user root
Oct 13 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16119]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16118]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16116]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16193]: Successful su for rubyman by root
Oct 13 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16193]: + ??? root:rubyman
Oct 13 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407152 of user rubyman.
Oct 13 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16193]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407152.
Oct 13 21:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12875]: pam_unix(cron:session): session closed for user root
Oct 13 21:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16117]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15169]: pam_unix(cron:session): session closed for user root
Oct 13 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16600]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16597]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16595]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16663]: Successful su for rubyman by root
Oct 13 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16663]: + ??? root:rubyman
Oct 13 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407156 of user rubyman.
Oct 13 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16663]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407156.
Oct 13 21:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13589]: pam_unix(cron:session): session closed for user root
Oct 13 21:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16596]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15628]: pam_unix(cron:session): session closed for user root
Oct 13 21:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: Invalid user guest from 116.110.22.233
Oct 13 21:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: input_userauth_request: invalid user guest [preauth]
Oct 13 21:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.22.233
Oct 13 21:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: Failed password for invalid user guest from 116.110.22.233 port 40836 ssh2
Oct 13 21:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: Connection closed by 116.110.22.233 port 40836 [preauth]
Oct 13 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17049]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17050]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17048]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17047]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17047]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17132]: Successful su for rubyman by root
Oct 13 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17132]: + ??? root:rubyman
Oct 13 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17132]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407162 of user rubyman.
Oct 13 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17132]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407162.
Oct 13 21:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14161]: pam_unix(cron:session): session closed for user root
Oct 13 21:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17048]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16119]: pam_unix(cron:session): session closed for user root
Oct 13 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17514]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17512]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17507]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17510]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17710]: Successful su for rubyman by root
Oct 13 21:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17710]: + ??? root:rubyman
Oct 13 21:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407164 of user rubyman.
Oct 13 21:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17710]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407164.
Oct 13 21:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17507]: pam_unix(cron:session): session closed for user root
Oct 13 21:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14612]: pam_unix(cron:session): session closed for user root
Oct 13 21:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17511]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16600]: pam_unix(cron:session): session closed for user root
Oct 13 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18281]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18282]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18283]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18284]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18284]: pam_unix(cron:session): session closed for user root
Oct 13 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18279]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18478]: Successful su for rubyman by root
Oct 13 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18478]: + ??? root:rubyman
Oct 13 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407171 of user rubyman.
Oct 13 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18478]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407171.
Oct 13 21:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18281]: pam_unix(cron:session): session closed for user root
Oct 13 21:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15168]: pam_unix(cron:session): session closed for user root
Oct 13 21:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18280]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17050]: pam_unix(cron:session): session closed for user root
Oct 13 21:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18868]: Invalid user test from 116.110.20.102
Oct 13 21:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18868]: input_userauth_request: invalid user test [preauth]
Oct 13 21:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18868]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.20.102
Oct 13 21:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18868]: Failed password for invalid user test from 116.110.20.102 port 57702 ssh2
Oct 13 21:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18868]: Connection closed by 116.110.20.102 port 57702 [preauth]
Oct 13 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18928]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18927]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18924]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19121]: Successful su for rubyman by root
Oct 13 21:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19121]: + ??? root:rubyman
Oct 13 21:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407178 of user rubyman.
Oct 13 21:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19121]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407178.
Oct 13 21:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15625]: pam_unix(cron:session): session closed for user root
Oct 13 21:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18925]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: Invalid user admin from 116.110.22.233
Oct 13 21:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: input_userauth_request: invalid user admin [preauth]
Oct 13 21:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.22.233
Oct 13 21:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: Failed password for invalid user admin from 116.110.22.233 port 45714 ssh2
Oct 13 21:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: Connection closed by 116.110.22.233 port 45714 [preauth]
Oct 13 21:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17514]: pam_unix(cron:session): session closed for user root
Oct 13 21:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.190.216  user=root
Oct 13 21:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.160.96  user=root
Oct 13 21:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19779]: Failed password for root from 138.68.190.216 port 35560 ssh2
Oct 13 21:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19767]: Failed password for root from 94.177.160.96 port 51792 ssh2
Oct 13 21:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19779]: Connection closed by 138.68.190.216 port 35560 [preauth]
Oct 13 21:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19767]: Connection closed by 94.177.160.96 port 51792 [preauth]
Oct 13 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19862]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19858]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19861]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19857]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19953]: Successful su for rubyman by root
Oct 13 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19953]: + ??? root:rubyman
Oct 13 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407179 of user rubyman.
Oct 13 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19953]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407179.
Oct 13 21:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16118]: pam_unix(cron:session): session closed for user root
Oct 13 21:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19858]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18283]: pam_unix(cron:session): session closed for user root
Oct 13 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20394]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20393]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20389]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20473]: Successful su for rubyman by root
Oct 13 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20473]: + ??? root:rubyman
Oct 13 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407183 of user rubyman.
Oct 13 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20473]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407183.
Oct 13 21:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16597]: pam_unix(cron:session): session closed for user root
Oct 13 21:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20633]: Invalid user admin from 116.110.20.102
Oct 13 21:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20633]: input_userauth_request: invalid user admin [preauth]
Oct 13 21:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20633]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.20.102
Oct 13 21:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20633]: Failed password for invalid user admin from 116.110.20.102 port 49772 ssh2
Oct 13 21:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20633]: Connection closed by 116.110.20.102 port 49772 [preauth]
Oct 13 21:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20392]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18928]: pam_unix(cron:session): session closed for user root
Oct 13 21:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20814]: Invalid user  from 62.60.131.157
Oct 13 21:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20814]: input_userauth_request: invalid user  [preauth]
Oct 13 21:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20814]: Failed none for invalid user  from 62.60.131.157 port 62732 ssh2
Oct 13 21:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20814]: Received disconnect from 62.60.131.157 port 62732:11: Bye [preauth]
Oct 13 21:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20814]: Disconnected from 62.60.131.157 port 62732 [preauth]
Oct 13 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20867]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20866]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20865]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20860]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20931]: Successful su for rubyman by root
Oct 13 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20931]: + ??? root:rubyman
Oct 13 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407188 of user rubyman.
Oct 13 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20931]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407188.
Oct 13 21:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17049]: pam_unix(cron:session): session closed for user root
Oct 13 21:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20865]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19862]: pam_unix(cron:session): session closed for user root
Oct 13 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21385]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21375]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21377]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21374]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21385]: pam_unix(cron:session): session closed for user root
Oct 13 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21351]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21465]: Successful su for rubyman by root
Oct 13 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21465]: + ??? root:rubyman
Oct 13 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407194 of user rubyman.
Oct 13 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21465]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407194.
Oct 13 21:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21374]: pam_unix(cron:session): session closed for user root
Oct 13 21:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17512]: pam_unix(cron:session): session closed for user root
Oct 13 21:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: Invalid user ansible from 186.96.145.241
Oct 13 21:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: input_userauth_request: invalid user ansible [preauth]
Oct 13 21:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 13 21:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21353]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: Failed password for invalid user ansible from 186.96.145.241 port 45506 ssh2
Oct 13 21:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: Connection closed by 186.96.145.241 port 45506 [preauth]
Oct 13 21:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20394]: pam_unix(cron:session): session closed for user root
Oct 13 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21903]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21905]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21900]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21973]: Successful su for rubyman by root
Oct 13 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21973]: + ??? root:rubyman
Oct 13 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407197 of user rubyman.
Oct 13 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21973]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407197.
Oct 13 21:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18282]: pam_unix(cron:session): session closed for user root
Oct 13 21:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21902]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20867]: pam_unix(cron:session): session closed for user root
Oct 13 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22401]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22402]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22397]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22397]: pam_unix(cron:session): session closed for user root
Oct 13 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22399]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22477]: Successful su for rubyman by root
Oct 13 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22477]: + ??? root:rubyman
Oct 13 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407201 of user rubyman.
Oct 13 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22477]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407201.
Oct 13 21:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Invalid user admin from 116.110.22.233
Oct 13 21:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: input_userauth_request: invalid user admin [preauth]
Oct 13 21:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.22.233
Oct 13 21:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18927]: pam_unix(cron:session): session closed for user root
Oct 13 21:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Failed password for invalid user admin from 116.110.22.233 port 53804 ssh2
Oct 13 21:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Connection closed by 116.110.22.233 port 53804 [preauth]
Oct 13 21:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22400]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21377]: pam_unix(cron:session): session closed for user root
Oct 13 21:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23207]: Invalid user admin from 116.110.22.233
Oct 13 21:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23207]: input_userauth_request: invalid user admin [preauth]
Oct 13 21:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23207]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.22.233
Oct 13 21:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23207]: Failed password for invalid user admin from 116.110.22.233 port 46372 ssh2
Oct 13 21:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23207]: Connection closed by 116.110.22.233 port 46372 [preauth]
Oct 13 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23244]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23245]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23241]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23321]: Successful su for rubyman by root
Oct 13 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23321]: + ??? root:rubyman
Oct 13 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407207 of user rubyman.
Oct 13 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23321]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407207.
Oct 13 21:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19861]: pam_unix(cron:session): session closed for user root
Oct 13 21:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23243]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.190.216  user=root
Oct 13 21:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23947]: Failed password for root from 138.68.190.216 port 49900 ssh2
Oct 13 21:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23947]: Connection closed by 138.68.190.216 port 49900 [preauth]
Oct 13 21:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21905]: pam_unix(cron:session): session closed for user root
Oct 13 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24055]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24054]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24052]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24160]: Successful su for rubyman by root
Oct 13 21:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24160]: + ??? root:rubyman
Oct 13 21:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24160]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407212 of user rubyman.
Oct 13 21:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24160]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407212.
Oct 13 21:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20393]: pam_unix(cron:session): session closed for user root
Oct 13 21:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24053]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22402]: pam_unix(cron:session): session closed for user root
Oct 13 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24594]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24595]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24593]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24592]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24595]: pam_unix(cron:session): session closed for user root
Oct 13 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24590]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24680]: Successful su for rubyman by root
Oct 13 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24680]: + ??? root:rubyman
Oct 13 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407215 of user rubyman.
Oct 13 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24680]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407215.
Oct 13 21:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24592]: pam_unix(cron:session): session closed for user root
Oct 13 21:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20866]: pam_unix(cron:session): session closed for user root
Oct 13 21:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24591]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24971]: Invalid user admin from 27.79.46.194
Oct 13 21:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24971]: input_userauth_request: invalid user admin [preauth]
Oct 13 21:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24971]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.79.46.194
Oct 13 21:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24971]: Failed password for invalid user admin from 27.79.46.194 port 51414 ssh2
Oct 13 21:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24971]: Connection closed by 27.79.46.194 port 51414 [preauth]
Oct 13 21:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23245]: pam_unix(cron:session): session closed for user root
Oct 13 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25128]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25131]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25126]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25235]: Successful su for rubyman by root
Oct 13 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25235]: + ??? root:rubyman
Oct 13 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407220 of user rubyman.
Oct 13 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25235]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407220.
Oct 13 21:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21375]: pam_unix(cron:session): session closed for user root
Oct 13 21:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25127]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24055]: pam_unix(cron:session): session closed for user root
Oct 13 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25924]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25923]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25920]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26012]: Successful su for rubyman by root
Oct 13 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26012]: + ??? root:rubyman
Oct 13 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407225 of user rubyman.
Oct 13 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26012]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407225.
Oct 13 21:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21903]: pam_unix(cron:session): session closed for user root
Oct 13 21:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25922]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: Invalid user admin from 116.110.218.199
Oct 13 21:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: input_userauth_request: invalid user admin [preauth]
Oct 13 21:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.218.199
Oct 13 21:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: Failed password for invalid user admin from 116.110.218.199 port 51460 ssh2
Oct 13 21:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: Connection closed by 116.110.218.199 port 51460 [preauth]
Oct 13 21:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24594]: pam_unix(cron:session): session closed for user root
Oct 13 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26503]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26502]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26497]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26571]: Successful su for rubyman by root
Oct 13 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26571]: + ??? root:rubyman
Oct 13 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407230 of user rubyman.
Oct 13 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26571]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407230.
Oct 13 21:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22401]: pam_unix(cron:session): session closed for user root
Oct 13 21:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26499]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 21:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26903]: Failed password for root from 80.211.129.128 port 43276 ssh2
Oct 13 21:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26903]: Connection closed by 80.211.129.128 port 43276 [preauth]
Oct 13 21:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25131]: pam_unix(cron:session): session closed for user root
Oct 13 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27206]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27204]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27202]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27271]: Successful su for rubyman by root
Oct 13 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27271]: + ??? root:rubyman
Oct 13 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407233 of user rubyman.
Oct 13 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27271]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407233.
Oct 13 21:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23244]: pam_unix(cron:session): session closed for user root
Oct 13 21:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27203]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25924]: pam_unix(cron:session): session closed for user root
Oct 13 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27968]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27970]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27967]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27966]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27970]: pam_unix(cron:session): session closed for user root
Oct 13 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27964]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28054]: Successful su for rubyman by root
Oct 13 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28054]: + ??? root:rubyman
Oct 13 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407238 of user rubyman.
Oct 13 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28054]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407238.
Oct 13 21:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27966]: pam_unix(cron:session): session closed for user root
Oct 13 21:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24054]: pam_unix(cron:session): session closed for user root
Oct 13 21:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: Invalid user user from 116.110.218.199
Oct 13 21:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: input_userauth_request: invalid user user [preauth]
Oct 13 21:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.218.199
Oct 13 21:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: Failed password for invalid user user from 116.110.218.199 port 57494 ssh2
Oct 13 21:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: Connection closed by 116.110.218.199 port 57494 [preauth]
Oct 13 21:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27965]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26503]: pam_unix(cron:session): session closed for user root
Oct 13 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28720]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28721]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28717]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28798]: Successful su for rubyman by root
Oct 13 21:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28798]: + ??? root:rubyman
Oct 13 21:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407244 of user rubyman.
Oct 13 21:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28798]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407244.
Oct 13 21:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24593]: pam_unix(cron:session): session closed for user root
Oct 13 21:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28719]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: Invalid user admin from 2.57.121.25
Oct 13 21:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: input_userauth_request: invalid user admin [preauth]
Oct 13 21:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 21:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: Failed password for invalid user admin from 2.57.121.25 port 45380 ssh2
Oct 13 21:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: Failed password for invalid user admin from 2.57.121.25 port 45380 ssh2
Oct 13 21:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 13 21:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: Failed password for invalid user admin from 2.57.121.25 port 45380 ssh2
Oct 13 21:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: Failed password for root from 80.211.129.128 port 42882 ssh2
Oct 13 21:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: Failed password for invalid user admin from 2.57.121.25 port 45380 ssh2
Oct 13 21:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: Connection closed by 80.211.129.128 port 42882 [preauth]
Oct 13 21:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: Failed password for invalid user admin from 2.57.121.25 port 45380 ssh2
Oct 13 21:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: Received disconnect from 2.57.121.25 port 45380:11: Bye [preauth]
Oct 13 21:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: Disconnected from 2.57.121.25 port 45380 [preauth]
Oct 13 21:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 21:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 21:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27206]: pam_unix(cron:session): session closed for user root
Oct 13 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29335]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29337]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29331]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29414]: Successful su for rubyman by root
Oct 13 21:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29414]: + ??? root:rubyman
Oct 13 21:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407247 of user rubyman.
Oct 13 21:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29414]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407247.
Oct 13 21:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25128]: pam_unix(cron:session): session closed for user root
Oct 13 21:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29642]: Invalid user admin from 27.79.46.194
Oct 13 21:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29642]: input_userauth_request: invalid user admin [preauth]
Oct 13 21:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29642]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.79.46.194
Oct 13 21:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29332]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29642]: Failed password for invalid user admin from 27.79.46.194 port 59884 ssh2
Oct 13 21:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29642]: Connection closed by 27.79.46.194 port 59884 [preauth]
Oct 13 21:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27968]: pam_unix(cron:session): session closed for user root
Oct 13 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29828]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29826]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29822]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29913]: Successful su for rubyman by root
Oct 13 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29913]: + ??? root:rubyman
Oct 13 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407251 of user rubyman.
Oct 13 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29913]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407251.
Oct 13 21:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25923]: pam_unix(cron:session): session closed for user root
Oct 13 21:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29825]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28721]: pam_unix(cron:session): session closed for user root
Oct 13 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30366]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30365]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30364]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30362]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30443]: Successful su for rubyman by root
Oct 13 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30443]: + ??? root:rubyman
Oct 13 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407256 of user rubyman.
Oct 13 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30443]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407256.
Oct 13 21:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26502]: pam_unix(cron:session): session closed for user root
Oct 13 21:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30364]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: User ftp from 116.110.218.199 not allowed because not listed in AllowUsers
Oct 13 21:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: input_userauth_request: invalid user ftp [preauth]
Oct 13 21:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.218.199  user=ftp
Oct 13 21:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: Failed password for invalid user ftp from 116.110.218.199 port 45410 ssh2
Oct 13 21:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: Connection closed by 116.110.218.199 port 45410 [preauth]
Oct 13 21:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29337]: pam_unix(cron:session): session closed for user root
Oct 13 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30918]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30921]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30922]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30919]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30922]: pam_unix(cron:session): session closed for user root
Oct 13 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30914]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31009]: Successful su for rubyman by root
Oct 13 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31009]: + ??? root:rubyman
Oct 13 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407262 of user rubyman.
Oct 13 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31009]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407262.
Oct 13 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: Invalid user casa from 190.103.202.7
Oct 13 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: input_userauth_request: invalid user casa [preauth]
Oct 13 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 13 21:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: Failed password for invalid user casa from 190.103.202.7 port 33504 ssh2
Oct 13 21:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: Connection closed by 190.103.202.7 port 33504 [preauth]
Oct 13 21:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30918]: pam_unix(cron:session): session closed for user root
Oct 13 21:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27204]: pam_unix(cron:session): session closed for user root
Oct 13 21:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30915]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29828]: pam_unix(cron:session): session closed for user root
Oct 13 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31458]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31459]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31455]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31677]: Successful su for rubyman by root
Oct 13 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31677]: + ??? root:rubyman
Oct 13 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407264 of user rubyman.
Oct 13 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31677]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407264.
Oct 13 21:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27967]: pam_unix(cron:session): session closed for user root
Oct 13 21:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31456]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30366]: pam_unix(cron:session): session closed for user root
Oct 13 21:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: Invalid user operator from 116.110.218.199
Oct 13 21:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: input_userauth_request: invalid user operator [preauth]
Oct 13 21:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.110.218.199
Oct 13 21:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: Failed password for invalid user operator from 116.110.218.199 port 45372 ssh2
Oct 13 21:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: Connection closed by 116.110.218.199 port 45372 [preauth]
Oct 13 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32074]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32073]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32071]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32224]: Successful su for rubyman by root
Oct 13 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32224]: + ??? root:rubyman
Oct 13 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407269 of user rubyman.
Oct 13 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32224]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407269.
Oct 13 21:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28720]: pam_unix(cron:session): session closed for user root
Oct 13 21:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: Invalid user support from 27.79.46.194
Oct 13 21:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: input_userauth_request: invalid user support [preauth]
Oct 13 21:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 21:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.79.46.194
Oct 13 21:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: Failed password for invalid user support from 27.79.46.194 port 57880 ssh2
Oct 13 21:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: Connection closed by 27.79.46.194 port 57880 [preauth]
Oct 13 21:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32072]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30921]: pam_unix(cron:session): session closed for user root
Oct 13 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32603]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32604]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32601]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32680]: Successful su for rubyman by root
Oct 13 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32680]: + ??? root:rubyman
Oct 13 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407274 of user rubyman.
Oct 13 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32680]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407274.
Oct 13 21:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29335]: pam_unix(cron:session): session closed for user root
Oct 13 21:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32602]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31459]: pam_unix(cron:session): session closed for user root
Oct 13 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[616]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[615]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[613]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[686]: Successful su for rubyman by root
Oct 13 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[686]: + ??? root:rubyman
Oct 13 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407276 of user rubyman.
Oct 13 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[686]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407276.
Oct 13 21:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29826]: pam_unix(cron:session): session closed for user root
Oct 13 21:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[614]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.79.46.194  user=root
Oct 13 21:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1053]: Failed password for root from 27.79.46.194 port 50670 ssh2
Oct 13 21:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1053]: Connection closed by 27.79.46.194 port 50670 [preauth]
Oct 13 21:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32074]: pam_unix(cron:session): session closed for user root
Oct 13 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1187]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1188]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1186]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1184]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1188]: pam_unix(cron:session): session closed for user root
Oct 13 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1182]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1271]: Successful su for rubyman by root
Oct 13 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1271]: + ??? root:rubyman
Oct 13 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407282 of user rubyman.
Oct 13 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1271]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407282.
Oct 13 21:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1184]: pam_unix(cron:session): session closed for user root
Oct 13 21:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30365]: pam_unix(cron:session): session closed for user root
Oct 13 21:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1183]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32604]: pam_unix(cron:session): session closed for user root
Oct 13 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1730]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1729]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1726]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1806]: Successful su for rubyman by root
Oct 13 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1806]: + ??? root:rubyman
Oct 13 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407288 of user rubyman.
Oct 13 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1806]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407288.
Oct 13 21:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30919]: pam_unix(cron:session): session closed for user root
Oct 13 21:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1727]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[616]: pam_unix(cron:session): session closed for user root
Oct 13 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2296]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2295]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2293]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2293]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2357]: Successful su for rubyman by root
Oct 13 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2357]: + ??? root:rubyman
Oct 13 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407290 of user rubyman.
Oct 13 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2357]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407290.
Oct 13 21:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31458]: pam_unix(cron:session): session closed for user root
Oct 13 21:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2294]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1187]: pam_unix(cron:session): session closed for user root
Oct 13 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2741]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2740]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2738]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2738]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2807]: Successful su for rubyman by root
Oct 13 21:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2807]: + ??? root:rubyman
Oct 13 21:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407294 of user rubyman.
Oct 13 21:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2807]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407294.
Oct 13 21:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32073]: pam_unix(cron:session): session closed for user root
Oct 13 21:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2739]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1730]: pam_unix(cron:session): session closed for user root
Oct 13 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3181]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3182]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3176]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3179]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3379]: Successful su for rubyman by root
Oct 13 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3379]: + ??? root:rubyman
Oct 13 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407299 of user rubyman.
Oct 13 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3379]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407299.
Oct 13 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.190.216  user=root
Oct 13 21:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3176]: pam_unix(cron:session): session closed for user root
Oct 13 21:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3391]: Failed password for root from 138.68.190.216 port 52852 ssh2
Oct 13 21:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3391]: Connection closed by 138.68.190.216 port 52852 [preauth]
Oct 13 21:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32603]: pam_unix(cron:session): session closed for user root
Oct 13 21:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3180]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2296]: pam_unix(cron:session): session closed for user root
Oct 13 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3759]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3755]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3757]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3760]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3760]: pam_unix(cron:session): session closed for user root
Oct 13 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3749]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3838]: Successful su for rubyman by root
Oct 13 21:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3838]: + ??? root:rubyman
Oct 13 21:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3838]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407303 of user rubyman.
Oct 13 21:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3838]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407303.
Oct 13 21:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3755]: pam_unix(cron:session): session closed for user root
Oct 13 21:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[615]: pam_unix(cron:session): session closed for user root
Oct 13 21:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3754]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2741]: pam_unix(cron:session): session closed for user root
Oct 13 21:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4250]: Connection reset by 198.235.24.84 port 63224 [preauth]
Oct 13 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4311]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4309]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4308]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4307]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4307]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4380]: Successful su for rubyman by root
Oct 13 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4380]: + ??? root:rubyman
Oct 13 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407309 of user rubyman.
Oct 13 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4380]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407309.
Oct 13 21:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1186]: pam_unix(cron:session): session closed for user root
Oct 13 21:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4308]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3182]: pam_unix(cron:session): session closed for user root
Oct 13 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4811]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4813]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4808]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4880]: Successful su for rubyman by root
Oct 13 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4880]: + ??? root:rubyman
Oct 13 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407315 of user rubyman.
Oct 13 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4880]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407315.
Oct 13 21:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1729]: pam_unix(cron:session): session closed for user root
Oct 13 21:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4810]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3759]: pam_unix(cron:session): session closed for user root
Oct 13 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5771]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5770]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5769]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5768]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5768]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5852]: Successful su for rubyman by root
Oct 13 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5852]: + ??? root:rubyman
Oct 13 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407318 of user rubyman.
Oct 13 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5852]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407318.
Oct 13 21:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2295]: pam_unix(cron:session): session closed for user root
Oct 13 21:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5769]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4311]: pam_unix(cron:session): session closed for user root
Oct 13 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6227]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6228]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6225]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6297]: Successful su for rubyman by root
Oct 13 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6297]: + ??? root:rubyman
Oct 13 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407323 of user rubyman.
Oct 13 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6297]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407323.
Oct 13 21:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2740]: pam_unix(cron:session): session closed for user root
Oct 13 21:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6226]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4813]: pam_unix(cron:session): session closed for user root
Oct 13 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6795]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6792]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6793]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6794]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6795]: pam_unix(cron:session): session closed for user root
Oct 13 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6790]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6869]: Successful su for rubyman by root
Oct 13 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6869]: + ??? root:rubyman
Oct 13 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407325 of user rubyman.
Oct 13 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6869]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407325.
Oct 13 21:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6792]: pam_unix(cron:session): session closed for user root
Oct 13 21:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3181]: pam_unix(cron:session): session closed for user root
Oct 13 21:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6791]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5771]: pam_unix(cron:session): session closed for user root
Oct 13 21:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.190.216  user=root
Oct 13 21:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: Failed password for root from 138.68.190.216 port 40180 ssh2
Oct 13 21:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: Connection closed by 138.68.190.216 port 40180 [preauth]
Oct 13 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7398]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7399]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7396]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7476]: Successful su for rubyman by root
Oct 13 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7476]: + ??? root:rubyman
Oct 13 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407332 of user rubyman.
Oct 13 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7476]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407332.
Oct 13 21:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3757]: pam_unix(cron:session): session closed for user root
Oct 13 21:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7397]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6228]: pam_unix(cron:session): session closed for user root
Oct 13 21:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7840]: Did not receive identification string from 216.218.206.69
Oct 13 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8020]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8004]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8001]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8367]: Successful su for rubyman by root
Oct 13 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8367]: + ??? root:rubyman
Oct 13 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407335 of user rubyman.
Oct 13 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8367]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407335.
Oct 13 21:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4309]: pam_unix(cron:session): session closed for user root
Oct 13 21:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8003]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6794]: pam_unix(cron:session): session closed for user root
Oct 13 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8876]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8877]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8878]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8874]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8949]: Successful su for rubyman by root
Oct 13 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8949]: + ??? root:rubyman
Oct 13 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407339 of user rubyman.
Oct 13 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8949]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407339.
Oct 13 21:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4811]: pam_unix(cron:session): session closed for user root
Oct 13 21:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8876]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7399]: pam_unix(cron:session): session closed for user root
Oct 13 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9461]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9460]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9456]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9549]: Successful su for rubyman by root
Oct 13 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9549]: + ??? root:rubyman
Oct 13 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407343 of user rubyman.
Oct 13 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9549]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407343.
Oct 13 21:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5770]: pam_unix(cron:session): session closed for user root
Oct 13 21:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9458]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8020]: pam_unix(cron:session): session closed for user root
Oct 13 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10080]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10082]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10078]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10079]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10082]: pam_unix(cron:session): session closed for user root
Oct 13 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10076]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10162]: Successful su for rubyman by root
Oct 13 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10162]: + ??? root:rubyman
Oct 13 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407347 of user rubyman.
Oct 13 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10162]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407347.
Oct 13 21:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10078]: pam_unix(cron:session): session closed for user root
Oct 13 21:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6227]: pam_unix(cron:session): session closed for user root
Oct 13 21:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10077]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8878]: pam_unix(cron:session): session closed for user root
Oct 13 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10608]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10610]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10607]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10606]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10606]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10695]: Successful su for rubyman by root
Oct 13 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10695]: + ??? root:rubyman
Oct 13 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10695]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407353 of user rubyman.
Oct 13 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10695]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407353.
Oct 13 21:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6793]: pam_unix(cron:session): session closed for user root
Oct 13 21:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10607]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9461]: pam_unix(cron:session): session closed for user root
Oct 13 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11080]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11081]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11075]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11078]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11075]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11149]: Successful su for rubyman by root
Oct 13 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11149]: + ??? root:rubyman
Oct 13 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407358 of user rubyman.
Oct 13 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11149]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407358.
Oct 13 21:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7398]: pam_unix(cron:session): session closed for user root
Oct 13 21:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11078]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10080]: pam_unix(cron:session): session closed for user root
Oct 13 21:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.190.216  user=root
Oct 13 21:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: Failed password for root from 138.68.190.216 port 57718 ssh2
Oct 13 21:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: Connection closed by 138.68.190.216 port 57718 [preauth]
Oct 13 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11542]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11543]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11541]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11540]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11540]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11626]: Successful su for rubyman by root
Oct 13 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11626]: + ??? root:rubyman
Oct 13 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407362 of user rubyman.
Oct 13 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11626]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407362.
Oct 13 21:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8004]: pam_unix(cron:session): session closed for user root
Oct 13 21:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11541]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10610]: pam_unix(cron:session): session closed for user root
Oct 13 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12110]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12109]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12108]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12111]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12108]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12190]: Successful su for rubyman by root
Oct 13 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12190]: + ??? root:rubyman
Oct 13 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407365 of user rubyman.
Oct 13 21:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12190]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407365.
Oct 13 21:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8877]: pam_unix(cron:session): session closed for user root
Oct 13 21:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12109]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11081]: pam_unix(cron:session): session closed for user root
Oct 13 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12586]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12588]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12583]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12585]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12588]: pam_unix(cron:session): session closed for user root
Oct 13 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12581]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12694]: Successful su for rubyman by root
Oct 13 21:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12694]: + ??? root:rubyman
Oct 13 21:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407369 of user rubyman.
Oct 13 21:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12694]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407369.
Oct 13 21:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12583]: pam_unix(cron:session): session closed for user root
Oct 13 21:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9460]: pam_unix(cron:session): session closed for user root
Oct 13 21:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12582]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11543]: pam_unix(cron:session): session closed for user root
Oct 13 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13134]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13135]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13136]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13133]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13212]: Successful su for rubyman by root
Oct 13 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13212]: + ??? root:rubyman
Oct 13 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407375 of user rubyman.
Oct 13 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13212]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407375.
Oct 13 21:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10079]: pam_unix(cron:session): session closed for user root
Oct 13 21:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13134]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 21:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13627]: Did not receive identification string from 176.65.148.44
Oct 13 21:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12111]: pam_unix(cron:session): session closed for user root
Oct 13 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13728]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13723]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13720]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13826]: Successful su for rubyman by root
Oct 13 21:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13826]: + ??? root:rubyman
Oct 13 21:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407379 of user rubyman.
Oct 13 21:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13826]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407379.
Oct 13 21:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10608]: pam_unix(cron:session): session closed for user root
Oct 13 21:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13721]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12586]: pam_unix(cron:session): session closed for user root
Oct 13 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14283]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14285]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14281]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14349]: Successful su for rubyman by root
Oct 13 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14349]: + ??? root:rubyman
Oct 13 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407383 of user rubyman.
Oct 13 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14349]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407383.
Oct 13 21:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11080]: pam_unix(cron:session): session closed for user root
Oct 13 21:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14282]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13136]: pam_unix(cron:session): session closed for user root
Oct 13 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14723]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14722]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14719]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14719]: pam_unix(cron:session): session closed for user p13x
Oct 13 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14806]: Successful su for rubyman by root
Oct 13 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14806]: + ??? root:rubyman
Oct 13 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407389 of user rubyman.
Oct 13 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14806]: pam_unix(su:session): session closed for user rubyman
Oct 13 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407389.
Oct 13 21:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11542]: pam_unix(cron:session): session closed for user root
Oct 13 21:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14721]: pam_unix(cron:session): session closed for user samftp
Oct 13 21:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13728]: pam_unix(cron:session): session closed for user root
Oct 13 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15308]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15303]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15305]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15301]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15307]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15301]: pam_unix(cron:session): session closed for user root
Oct 13 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15308]: pam_unix(cron:session): session closed for user root
Oct 13 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15298]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15424]: Successful su for rubyman by root
Oct 13 22:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15424]: + ??? root:rubyman
Oct 13 22:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407391 of user rubyman.
Oct 13 22:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15424]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407391.
Oct 13 22:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12110]: pam_unix(cron:session): session closed for user root
Oct 13 22:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15303]: pam_unix(cron:session): session closed for user root
Oct 13 22:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15299]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14285]: pam_unix(cron:session): session closed for user root
Oct 13 22:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.97.62.121  user=root
Oct 13 22:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: Failed password for root from 23.97.62.121 port 23112 ssh2
Oct 13 22:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: Connection closed by 23.97.62.121 port 23112 [preauth]
Oct 13 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15861]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15860]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15857]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15931]: Successful su for rubyman by root
Oct 13 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15931]: + ??? root:rubyman
Oct 13 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407398 of user rubyman.
Oct 13 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15931]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407398.
Oct 13 22:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12585]: pam_unix(cron:session): session closed for user root
Oct 13 22:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15859]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14723]: pam_unix(cron:session): session closed for user root
Oct 13 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16326]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16325]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16318]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16318]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16399]: Successful su for rubyman by root
Oct 13 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16399]: + ??? root:rubyman
Oct 13 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407402 of user rubyman.
Oct 13 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16399]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407402.
Oct 13 22:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13135]: pam_unix(cron:session): session closed for user root
Oct 13 22:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16320]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15307]: pam_unix(cron:session): session closed for user root
Oct 13 22:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: Invalid user admin from 62.60.131.157
Oct 13 22:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: input_userauth_request: invalid user admin [preauth]
Oct 13 22:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 22:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: Failed password for invalid user admin from 62.60.131.157 port 62513 ssh2
Oct 13 22:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: Failed password for invalid user admin from 62.60.131.157 port 62513 ssh2
Oct 13 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16803]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16804]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16801]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16869]: Successful su for rubyman by root
Oct 13 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16869]: + ??? root:rubyman
Oct 13 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407407 of user rubyman.
Oct 13 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16869]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407407.
Oct 13 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: Failed password for invalid user admin from 62.60.131.157 port 62513 ssh2
Oct 13 22:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: Failed password for invalid user admin from 62.60.131.157 port 62513 ssh2
Oct 13 22:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13723]: pam_unix(cron:session): session closed for user root
Oct 13 22:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: Failed password for invalid user admin from 62.60.131.157 port 62513 ssh2
Oct 13 22:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: Received disconnect from 62.60.131.157 port 62513:11: Bye [preauth]
Oct 13 22:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: Disconnected from 62.60.131.157 port 62513 [preauth]
Oct 13 22:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 22:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16784]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 22:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16802]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15861]: pam_unix(cron:session): session closed for user root
Oct 13 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17265]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17263]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17261]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17333]: Successful su for rubyman by root
Oct 13 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17333]: + ??? root:rubyman
Oct 13 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17333]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407411 of user rubyman.
Oct 13 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17333]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407411.
Oct 13 22:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14283]: pam_unix(cron:session): session closed for user root
Oct 13 22:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17262]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16326]: pam_unix(cron:session): session closed for user root
Oct 13 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17731]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17730]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17724]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17729]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17731]: pam_unix(cron:session): session closed for user root
Oct 13 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17722]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17877]: Successful su for rubyman by root
Oct 13 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17877]: + ??? root:rubyman
Oct 13 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407416 of user rubyman.
Oct 13 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17877]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407416.
Oct 13 22:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17724]: pam_unix(cron:session): session closed for user root
Oct 13 22:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14722]: pam_unix(cron:session): session closed for user root
Oct 13 22:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17723]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.97.62.121  user=root
Oct 13 22:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18255]: Failed password for root from 23.97.62.121 port 23112 ssh2
Oct 13 22:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18255]: Connection closed by 23.97.62.121 port 23112 [preauth]
Oct 13 22:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16804]: pam_unix(cron:session): session closed for user root
Oct 13 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18527]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18525]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18523]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18523]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18621]: Successful su for rubyman by root
Oct 13 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18621]: + ??? root:rubyman
Oct 13 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407420 of user rubyman.
Oct 13 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18621]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407420.
Oct 13 22:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15305]: pam_unix(cron:session): session closed for user root
Oct 13 22:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18524]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: Invalid user mario from 138.68.190.216
Oct 13 22:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: input_userauth_request: invalid user mario [preauth]
Oct 13 22:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.190.216
Oct 13 22:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: Failed password for invalid user mario from 138.68.190.216 port 46682 ssh2
Oct 13 22:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: Connection closed by 138.68.190.216 port 46682 [preauth]
Oct 13 22:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17265]: pam_unix(cron:session): session closed for user root
Oct 13 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19140]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19139]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19136]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19221]: Successful su for rubyman by root
Oct 13 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19221]: + ??? root:rubyman
Oct 13 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407427 of user rubyman.
Oct 13 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19221]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407427.
Oct 13 22:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15860]: pam_unix(cron:session): session closed for user root
Oct 13 22:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19137]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17730]: pam_unix(cron:session): session closed for user root
Oct 13 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19956]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19955]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19953]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20038]: Successful su for rubyman by root
Oct 13 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20038]: + ??? root:rubyman
Oct 13 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407428 of user rubyman.
Oct 13 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20038]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407428.
Oct 13 22:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16325]: pam_unix(cron:session): session closed for user root
Oct 13 22:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19954]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18527]: pam_unix(cron:session): session closed for user root
Oct 13 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20482]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20481]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20474]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20476]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20657]: Successful su for rubyman by root
Oct 13 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20657]: + ??? root:rubyman
Oct 13 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407434 of user rubyman.
Oct 13 22:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20657]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407434.
Oct 13 22:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20474]: pam_unix(cron:session): session closed for user root
Oct 13 22:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16803]: pam_unix(cron:session): session closed for user root
Oct 13 22:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20480]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19140]: pam_unix(cron:session): session closed for user root
Oct 13 22:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.97.62.121  user=root
Oct 13 22:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: Failed password for root from 23.97.62.121 port 23112 ssh2
Oct 13 22:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: Connection closed by 23.97.62.121 port 23112 [preauth]
Oct 13 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21061]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21063]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21057]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21060]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21059]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21063]: pam_unix(cron:session): session closed for user root
Oct 13 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21056]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21138]: Successful su for rubyman by root
Oct 13 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21138]: + ??? root:rubyman
Oct 13 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407437 of user rubyman.
Oct 13 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21138]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407437.
Oct 13 22:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21059]: pam_unix(cron:session): session closed for user root
Oct 13 22:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17263]: pam_unix(cron:session): session closed for user root
Oct 13 22:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21057]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19956]: pam_unix(cron:session): session closed for user root
Oct 13 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21606]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21605]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21602]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21687]: Successful su for rubyman by root
Oct 13 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21687]: + ??? root:rubyman
Oct 13 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407443 of user rubyman.
Oct 13 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21687]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407443.
Oct 13 22:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17729]: pam_unix(cron:session): session closed for user root
Oct 13 22:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21604]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 13 22:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: Failed password for root from 190.103.202.7 port 38454 ssh2
Oct 13 22:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: Connection closed by 190.103.202.7 port 38454 [preauth]
Oct 13 22:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20482]: pam_unix(cron:session): session closed for user root
Oct 13 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22090]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22088]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22086]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22174]: Successful su for rubyman by root
Oct 13 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22174]: + ??? root:rubyman
Oct 13 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407447 of user rubyman.
Oct 13 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22174]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407447.
Oct 13 22:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18525]: pam_unix(cron:session): session closed for user root
Oct 13 22:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22087]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21061]: pam_unix(cron:session): session closed for user root
Oct 13 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22581]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22582]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22579]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22667]: Successful su for rubyman by root
Oct 13 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22667]: + ??? root:rubyman
Oct 13 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22667]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407452 of user rubyman.
Oct 13 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22667]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407452.
Oct 13 22:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19139]: pam_unix(cron:session): session closed for user root
Oct 13 22:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22580]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21606]: pam_unix(cron:session): session closed for user root
Oct 13 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23757]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23758]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23755]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23835]: Successful su for rubyman by root
Oct 13 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23835]: + ??? root:rubyman
Oct 13 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23835]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407456 of user rubyman.
Oct 13 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23835]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407456.
Oct 13 22:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.97.62.121  user=root
Oct 13 22:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19955]: pam_unix(cron:session): session closed for user root
Oct 13 22:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: Failed password for root from 23.97.62.121 port 23112 ssh2
Oct 13 22:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: Connection closed by 23.97.62.121 port 23112 [preauth]
Oct 13 22:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23756]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74  user=root
Oct 13 22:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24089]: Failed password for root from 78.128.112.74 port 42578 ssh2
Oct 13 22:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24089]: Connection closed by 78.128.112.74 port 42578 [preauth]
Oct 13 22:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22090]: pam_unix(cron:session): session closed for user root
Oct 13 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24285]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24284]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24281]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24283]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24278]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24285]: pam_unix(cron:session): session closed for user root
Oct 13 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24278]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24373]: Successful su for rubyman by root
Oct 13 22:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24373]: + ??? root:rubyman
Oct 13 22:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407460 of user rubyman.
Oct 13 22:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24373]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407460.
Oct 13 22:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24281]: pam_unix(cron:session): session closed for user root
Oct 13 22:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20481]: pam_unix(cron:session): session closed for user root
Oct 13 22:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24280]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22582]: pam_unix(cron:session): session closed for user root
Oct 13 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24821]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24820]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24819]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24818]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24900]: Successful su for rubyman by root
Oct 13 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24900]: + ??? root:rubyman
Oct 13 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407465 of user rubyman.
Oct 13 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24900]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407465.
Oct 13 22:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21060]: pam_unix(cron:session): session closed for user root
Oct 13 22:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24819]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23758]: pam_unix(cron:session): session closed for user root
Oct 13 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25551]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25552]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25547]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25547]: pam_unix(cron:session): session closed for user root
Oct 13 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25549]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25619]: Successful su for rubyman by root
Oct 13 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25619]: + ??? root:rubyman
Oct 13 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407472 of user rubyman.
Oct 13 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25619]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407472.
Oct 13 22:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21605]: pam_unix(cron:session): session closed for user root
Oct 13 22:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25550]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24284]: pam_unix(cron:session): session closed for user root
Oct 13 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26113]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26112]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26109]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26176]: Successful su for rubyman by root
Oct 13 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26176]: + ??? root:rubyman
Oct 13 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407474 of user rubyman.
Oct 13 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26176]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407474.
Oct 13 22:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22088]: pam_unix(cron:session): session closed for user root
Oct 13 22:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.97.62.121  user=root
Oct 13 22:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: Failed password for root from 23.97.62.121 port 23112 ssh2
Oct 13 22:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26385]: Connection closed by 23.97.62.121 port 23112 [preauth]
Oct 13 22:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26110]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24821]: pam_unix(cron:session): session closed for user root
Oct 13 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26679]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26678]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26675]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26772]: Successful su for rubyman by root
Oct 13 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26772]: + ??? root:rubyman
Oct 13 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407478 of user rubyman.
Oct 13 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26772]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407478.
Oct 13 22:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22581]: pam_unix(cron:session): session closed for user root
Oct 13 22:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Invalid user admin from 2.57.121.112
Oct 13 22:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: input_userauth_request: invalid user admin [preauth]
Oct 13 22:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 22:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Failed password for invalid user admin from 2.57.121.112 port 37290 ssh2
Oct 13 22:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Failed password for invalid user admin from 2.57.121.112 port 37290 ssh2
Oct 13 22:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Failed password for invalid user admin from 2.57.121.112 port 37290 ssh2
Oct 13 22:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Failed password for invalid user admin from 2.57.121.112 port 37290 ssh2
Oct 13 22:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Failed password for invalid user admin from 2.57.121.112 port 37290 ssh2
Oct 13 22:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Received disconnect from 2.57.121.112 port 37290:11: Bye [preauth]
Oct 13 22:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Disconnected from 2.57.121.112 port 37290 [preauth]
Oct 13 22:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 22:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 22:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25552]: pam_unix(cron:session): session closed for user root
Oct 13 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27388]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27389]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27387]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27386]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27389]: pam_unix(cron:session): session closed for user root
Oct 13 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27383]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27466]: Successful su for rubyman by root
Oct 13 22:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27466]: + ??? root:rubyman
Oct 13 22:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407484 of user rubyman.
Oct 13 22:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27466]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407484.
Oct 13 22:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27386]: pam_unix(cron:session): session closed for user root
Oct 13 22:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23757]: pam_unix(cron:session): session closed for user root
Oct 13 22:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27385]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26113]: pam_unix(cron:session): session closed for user root
Oct 13 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28191]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28190]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28188]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28188]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28265]: Successful su for rubyman by root
Oct 13 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28265]: + ??? root:rubyman
Oct 13 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407488 of user rubyman.
Oct 13 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28265]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407488.
Oct 13 22:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24283]: pam_unix(cron:session): session closed for user root
Oct 13 22:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28189]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26679]: pam_unix(cron:session): session closed for user root
Oct 13 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28992]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28993]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28921]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29091]: Successful su for rubyman by root
Oct 13 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29091]: + ??? root:rubyman
Oct 13 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407493 of user rubyman.
Oct 13 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29091]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407493.
Oct 13 22:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24820]: pam_unix(cron:session): session closed for user root
Oct 13 22:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28991]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.97.62.121  user=root
Oct 13 22:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: Failed password for root from 23.97.62.121 port 23112 ssh2
Oct 13 22:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: Connection closed by 23.97.62.121 port 23112 [preauth]
Oct 13 22:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27388]: pam_unix(cron:session): session closed for user root
Oct 13 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29527]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29528]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29524]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29524]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29598]: Successful su for rubyman by root
Oct 13 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29598]: + ??? root:rubyman
Oct 13 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29598]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407497 of user rubyman.
Oct 13 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29598]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407497.
Oct 13 22:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25551]: pam_unix(cron:session): session closed for user root
Oct 13 22:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29526]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28191]: pam_unix(cron:session): session closed for user root
Oct 13 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30026]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30027]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30024]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30108]: Successful su for rubyman by root
Oct 13 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30108]: + ??? root:rubyman
Oct 13 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407501 of user rubyman.
Oct 13 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30108]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407501.
Oct 13 22:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26112]: pam_unix(cron:session): session closed for user root
Oct 13 22:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30025]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28993]: pam_unix(cron:session): session closed for user root
Oct 13 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30634]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30630]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30629]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30628]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30634]: pam_unix(cron:session): session closed for user root
Oct 13 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30626]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30721]: Successful su for rubyman by root
Oct 13 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30721]: + ??? root:rubyman
Oct 13 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407506 of user rubyman.
Oct 13 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30721]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407506.
Oct 13 22:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30628]: pam_unix(cron:session): session closed for user root
Oct 13 22:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26678]: pam_unix(cron:session): session closed for user root
Oct 13 22:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30627]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29528]: pam_unix(cron:session): session closed for user root
Oct 13 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31155]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31156]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31153]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31225]: Successful su for rubyman by root
Oct 13 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31225]: + ??? root:rubyman
Oct 13 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407511 of user rubyman.
Oct 13 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31225]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407511.
Oct 13 22:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27387]: pam_unix(cron:session): session closed for user root
Oct 13 22:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31154]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.97.62.121  user=root
Oct 13 22:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: Failed password for root from 23.97.62.121 port 23112 ssh2
Oct 13 22:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: Connection closed by 23.97.62.121 port 23112 [preauth]
Oct 13 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Invalid user user from 62.60.131.157
Oct 13 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: input_userauth_request: invalid user user [preauth]
Oct 13 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 22:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30027]: pam_unix(cron:session): session closed for user root
Oct 13 22:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Failed password for invalid user user from 62.60.131.157 port 54593 ssh2
Oct 13 22:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Failed password for invalid user user from 62.60.131.157 port 54593 ssh2
Oct 13 22:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Failed password for invalid user user from 62.60.131.157 port 54593 ssh2
Oct 13 22:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Failed password for invalid user user from 62.60.131.157 port 54593 ssh2
Oct 13 22:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Failed password for invalid user user from 62.60.131.157 port 54593 ssh2
Oct 13 22:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Received disconnect from 62.60.131.157 port 54593:11: Bye [preauth]
Oct 13 22:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Disconnected from 62.60.131.157 port 54593 [preauth]
Oct 13 22:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 22:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31779]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31778]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31776]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31848]: Successful su for rubyman by root
Oct 13 22:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31848]: + ??? root:rubyman
Oct 13 22:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407516 of user rubyman.
Oct 13 22:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31848]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407516.
Oct 13 22:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28190]: pam_unix(cron:session): session closed for user root
Oct 13 22:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31777]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30630]: pam_unix(cron:session): session closed for user root
Oct 13 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32315]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32313]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32310]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32385]: Successful su for rubyman by root
Oct 13 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32385]: + ??? root:rubyman
Oct 13 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407520 of user rubyman.
Oct 13 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32385]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407520.
Oct 13 22:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28992]: pam_unix(cron:session): session closed for user root
Oct 13 22:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32311]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31156]: pam_unix(cron:session): session closed for user root
Oct 13 22:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 13 22:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: Failed password for root from 190.103.202.7 port 33840 ssh2
Oct 13 22:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: Connection closed by 190.103.202.7 port 33840 [preauth]
Oct 13 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[314]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[315]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[311]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[383]: Successful su for rubyman by root
Oct 13 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[383]: + ??? root:rubyman
Oct 13 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[383]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407523 of user rubyman.
Oct 13 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[383]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407523.
Oct 13 22:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29527]: pam_unix(cron:session): session closed for user root
Oct 13 22:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[313]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31779]: pam_unix(cron:session): session closed for user root
Oct 13 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[797]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[796]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[795]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[790]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[797]: pam_unix(cron:session): session closed for user root
Oct 13 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[788]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[911]: Successful su for rubyman by root
Oct 13 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[911]: + ??? root:rubyman
Oct 13 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407529 of user rubyman.
Oct 13 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[911]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407529.
Oct 13 22:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[790]: pam_unix(cron:session): session closed for user root
Oct 13 22:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30026]: pam_unix(cron:session): session closed for user root
Oct 13 22:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[789]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.97.62.121  user=root
Oct 13 22:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: Failed password for root from 23.97.62.121 port 23112 ssh2
Oct 13 22:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: Connection closed by 23.97.62.121 port 23112 [preauth]
Oct 13 22:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32315]: pam_unix(cron:session): session closed for user root
Oct 13 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1392]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1391]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1389]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1502]: Successful su for rubyman by root
Oct 13 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1502]: + ??? root:rubyman
Oct 13 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407534 of user rubyman.
Oct 13 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1502]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407534.
Oct 13 22:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30629]: pam_unix(cron:session): session closed for user root
Oct 13 22:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1390]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[315]: pam_unix(cron:session): session closed for user root
Oct 13 22:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.205.25  user=root
Oct 13 22:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1846]: Failed password for root from 80.211.205.25 port 47136 ssh2
Oct 13 22:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1846]: Connection closed by 80.211.205.25 port 47136 [preauth]
Oct 13 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2007]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2006]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2004]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2075]: Successful su for rubyman by root
Oct 13 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2075]: + ??? root:rubyman
Oct 13 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407537 of user rubyman.
Oct 13 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2075]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407537.
Oct 13 22:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31155]: pam_unix(cron:session): session closed for user root
Oct 13 22:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2005]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[796]: pam_unix(cron:session): session closed for user root
Oct 13 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2461]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2459]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2463]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2457]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2540]: Successful su for rubyman by root
Oct 13 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2540]: + ??? root:rubyman
Oct 13 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407541 of user rubyman.
Oct 13 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2540]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407541.
Oct 13 22:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31778]: pam_unix(cron:session): session closed for user root
Oct 13 22:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2459]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.160.96  user=root
Oct 13 22:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: Failed password for root from 94.177.160.96 port 51134 ssh2
Oct 13 22:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: Connection closed by 94.177.160.96 port 51134 [preauth]
Oct 13 22:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1392]: pam_unix(cron:session): session closed for user root
Oct 13 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2911]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2912]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2908]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2987]: Successful su for rubyman by root
Oct 13 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2987]: + ??? root:rubyman
Oct 13 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2987]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407546 of user rubyman.
Oct 13 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2987]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407546.
Oct 13 22:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32313]: pam_unix(cron:session): session closed for user root
Oct 13 22:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2910]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2007]: pam_unix(cron:session): session closed for user root
Oct 13 22:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.97.62.121  user=root
Oct 13 22:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: Failed password for root from 23.97.62.121 port 23112 ssh2
Oct 13 22:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: Connection closed by 23.97.62.121 port 23112 [preauth]
Oct 13 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3379]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3378]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3380]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3377]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3380]: pam_unix(cron:session): session closed for user root
Oct 13 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3375]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3455]: Successful su for rubyman by root
Oct 13 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3455]: + ??? root:rubyman
Oct 13 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407550 of user rubyman.
Oct 13 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3455]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407550.
Oct 13 22:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3377]: pam_unix(cron:session): session closed for user root
Oct 13 22:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[314]: pam_unix(cron:session): session closed for user root
Oct 13 22:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3376]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2463]: pam_unix(cron:session): session closed for user root
Oct 13 22:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234  user=root
Oct 13 22:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: Failed password for root from 66.116.199.234 port 48730 ssh2
Oct 13 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: Received disconnect from 66.116.199.234 port 48730:11: Bye Bye [preauth]
Oct 13 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: Disconnected from 66.116.199.234 port 48730 [preauth]
Oct 13 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3868]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3866]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3869]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3866]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3948]: Successful su for rubyman by root
Oct 13 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3948]: + ??? root:rubyman
Oct 13 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407554 of user rubyman.
Oct 13 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3948]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407554.
Oct 13 22:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[795]: pam_unix(cron:session): session closed for user root
Oct 13 22:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3867]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2912]: pam_unix(cron:session): session closed for user root
Oct 13 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4373]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4372]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4370]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4447]: Successful su for rubyman by root
Oct 13 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4447]: + ??? root:rubyman
Oct 13 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407558 of user rubyman.
Oct 13 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4447]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407558.
Oct 13 22:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1391]: pam_unix(cron:session): session closed for user root
Oct 13 22:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22  user=root
Oct 13 22:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4371]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Failed password for root from 45.249.245.22 port 43000 ssh2
Oct 13 22:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Received disconnect from 45.249.245.22 port 43000:11: Bye Bye [preauth]
Oct 13 22:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Disconnected from 45.249.245.22 port 43000 [preauth]
Oct 13 22:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3379]: pam_unix(cron:session): session closed for user root
Oct 13 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4875]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4874]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4872]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4872]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5152]: Successful su for rubyman by root
Oct 13 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5152]: + ??? root:rubyman
Oct 13 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407563 of user rubyman.
Oct 13 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5152]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407563.
Oct 13 22:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2006]: pam_unix(cron:session): session closed for user root
Oct 13 22:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4873]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3869]: pam_unix(cron:session): session closed for user root
Oct 13 22:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.97.62.121  user=root
Oct 13 22:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5786]: Failed password for root from 23.97.62.121 port 23112 ssh2
Oct 13 22:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5786]: Connection closed by 23.97.62.121 port 23112 [preauth]
Oct 13 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5850]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5851]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5841]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5848]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6028]: Successful su for rubyman by root
Oct 13 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6028]: + ??? root:rubyman
Oct 13 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407567 of user rubyman.
Oct 13 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6028]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407567.
Oct 13 22:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5841]: pam_unix(cron:session): session closed for user root
Oct 13 22:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2461]: pam_unix(cron:session): session closed for user root
Oct 13 22:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5849]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234  user=root
Oct 13 22:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: Failed password for root from 66.116.199.234 port 35636 ssh2
Oct 13 22:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: Received disconnect from 66.116.199.234 port 35636:11: Bye Bye [preauth]
Oct 13 22:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6262]: Disconnected from 66.116.199.234 port 35636 [preauth]
Oct 13 22:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4373]: pam_unix(cron:session): session closed for user root
Oct 13 22:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22  user=root
Oct 13 22:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: Failed password for root from 45.249.245.22 port 57364 ssh2
Oct 13 22:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: Received disconnect from 45.249.245.22 port 57364:11: Bye Bye [preauth]
Oct 13 22:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: Disconnected from 45.249.245.22 port 57364 [preauth]
Oct 13 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6410]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6408]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6409]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session closed for user root
Oct 13 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6406]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6489]: Successful su for rubyman by root
Oct 13 22:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6489]: + ??? root:rubyman
Oct 13 22:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407573 of user rubyman.
Oct 13 22:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6489]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407573.
Oct 13 22:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6408]: pam_unix(cron:session): session closed for user root
Oct 13 22:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2911]: pam_unix(cron:session): session closed for user root
Oct 13 22:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6407]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4875]: pam_unix(cron:session): session closed for user root
Oct 13 22:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6978]: Invalid user oracle from 66.116.199.234
Oct 13 22:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6978]: input_userauth_request: invalid user oracle [preauth]
Oct 13 22:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6978]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 22:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6978]: Failed password for invalid user oracle from 66.116.199.234 port 53770 ssh2
Oct 13 22:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6978]: Received disconnect from 66.116.199.234 port 53770:11: Bye Bye [preauth]
Oct 13 22:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6978]: Disconnected from 66.116.199.234 port 53770 [preauth]
Oct 13 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7000]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6997]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6995]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7107]: Successful su for rubyman by root
Oct 13 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7107]: + ??? root:rubyman
Oct 13 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407577 of user rubyman.
Oct 13 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7107]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407577.
Oct 13 22:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3378]: pam_unix(cron:session): session closed for user root
Oct 13 22:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6996]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: Invalid user oracle from 45.249.245.22
Oct 13 22:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: input_userauth_request: invalid user oracle [preauth]
Oct 13 22:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 22:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: Failed password for invalid user oracle from 45.249.245.22 port 49880 ssh2
Oct 13 22:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: Received disconnect from 45.249.245.22 port 49880:11: Bye Bye [preauth]
Oct 13 22:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: Disconnected from 45.249.245.22 port 49880 [preauth]
Oct 13 22:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5851]: pam_unix(cron:session): session closed for user root
Oct 13 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7568]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7566]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7564]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7563]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7563]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: Successful su for rubyman by root
Oct 13 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: + ??? root:rubyman
Oct 13 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407582 of user rubyman.
Oct 13 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407582.
Oct 13 22:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3868]: pam_unix(cron:session): session closed for user root
Oct 13 22:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7564]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: Invalid user admin from 2.57.121.25
Oct 13 22:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: input_userauth_request: invalid user admin [preauth]
Oct 13 22:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 22:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: Failed password for invalid user admin from 2.57.121.25 port 25563 ssh2
Oct 13 22:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: Invalid user sam from 66.116.199.234
Oct 13 22:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: input_userauth_request: invalid user sam [preauth]
Oct 13 22:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 22:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: Failed password for invalid user admin from 2.57.121.25 port 25563 ssh2
Oct 13 22:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: Failed password for invalid user sam from 66.116.199.234 port 38370 ssh2
Oct 13 22:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: Received disconnect from 66.116.199.234 port 38370:11: Bye Bye [preauth]
Oct 13 22:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: Disconnected from 66.116.199.234 port 38370 [preauth]
Oct 13 22:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: Failed password for invalid user admin from 2.57.121.25 port 25563 ssh2
Oct 13 22:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: Failed password for invalid user admin from 2.57.121.25 port 25563 ssh2
Oct 13 22:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: Failed password for invalid user admin from 2.57.121.25 port 25563 ssh2
Oct 13 22:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: Received disconnect from 2.57.121.25 port 25563:11: Bye [preauth]
Oct 13 22:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: Disconnected from 2.57.121.25 port 25563 [preauth]
Oct 13 22:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 22:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8323]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 22:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6410]: pam_unix(cron:session): session closed for user root
Oct 13 22:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22  user=root
Oct 13 22:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.97.62.121  user=root
Oct 13 22:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8452]: Failed password for root from 45.249.245.22 port 38912 ssh2
Oct 13 22:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: Failed password for root from 23.97.62.121 port 23112 ssh2
Oct 13 22:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8452]: Received disconnect from 45.249.245.22 port 38912:11: Bye Bye [preauth]
Oct 13 22:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8452]: Disconnected from 45.249.245.22 port 38912 [preauth]
Oct 13 22:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: Connection closed by 23.97.62.121 port 23112 [preauth]
Oct 13 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8481]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8478]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8476]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8550]: Successful su for rubyman by root
Oct 13 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8550]: + ??? root:rubyman
Oct 13 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407585 of user rubyman.
Oct 13 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8550]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407585.
Oct 13 22:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4372]: pam_unix(cron:session): session closed for user root
Oct 13 22:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8477]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7000]: pam_unix(cron:session): session closed for user root
Oct 13 22:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9052]: Invalid user jean from 66.116.199.234
Oct 13 22:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9052]: input_userauth_request: invalid user jean [preauth]
Oct 13 22:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9052]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 22:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9052]: Failed password for invalid user jean from 66.116.199.234 port 46378 ssh2
Oct 13 22:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9052]: Received disconnect from 66.116.199.234 port 46378:11: Bye Bye [preauth]
Oct 13 22:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9052]: Disconnected from 66.116.199.234 port 46378 [preauth]
Oct 13 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9069]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9070]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9067]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9237]: Successful su for rubyman by root
Oct 13 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9237]: + ??? root:rubyman
Oct 13 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407591 of user rubyman.
Oct 13 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9237]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407591.
Oct 13 22:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4874]: pam_unix(cron:session): session closed for user root
Oct 13 22:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9068]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9533]: Invalid user graphsql from 45.249.245.22
Oct 13 22:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9533]: input_userauth_request: invalid user graphsql [preauth]
Oct 13 22:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9533]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 22:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9533]: Failed password for invalid user graphsql from 45.249.245.22 port 53878 ssh2
Oct 13 22:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9533]: Received disconnect from 45.249.245.22 port 53878:11: Bye Bye [preauth]
Oct 13 22:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9533]: Disconnected from 45.249.245.22 port 53878 [preauth]
Oct 13 22:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7568]: pam_unix(cron:session): session closed for user root
Oct 13 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9792]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9791]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9781]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9790]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9792]: pam_unix(cron:session): session closed for user root
Oct 13 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9763]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9890]: Successful su for rubyman by root
Oct 13 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9890]: + ??? root:rubyman
Oct 13 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9890]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407596 of user rubyman.
Oct 13 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9890]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407596.
Oct 13 22:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9781]: pam_unix(cron:session): session closed for user root
Oct 13 22:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5850]: pam_unix(cron:session): session closed for user root
Oct 13 22:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9775]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234  user=root
Oct 13 22:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Failed password for root from 66.116.199.234 port 35432 ssh2
Oct 13 22:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Received disconnect from 66.116.199.234 port 35432:11: Bye Bye [preauth]
Oct 13 22:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Disconnected from 66.116.199.234 port 35432 [preauth]
Oct 13 22:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8481]: pam_unix(cron:session): session closed for user root
Oct 13 22:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10287]: Invalid user cxy from 45.249.245.22
Oct 13 22:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10287]: input_userauth_request: invalid user cxy [preauth]
Oct 13 22:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10287]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 22:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10287]: Failed password for invalid user cxy from 45.249.245.22 port 53622 ssh2
Oct 13 22:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10287]: Received disconnect from 45.249.245.22 port 53622:11: Bye Bye [preauth]
Oct 13 22:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10287]: Disconnected from 45.249.245.22 port 53622 [preauth]
Oct 13 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10336]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10335]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10329]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10419]: Successful su for rubyman by root
Oct 13 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10419]: + ??? root:rubyman
Oct 13 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10419]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407601 of user rubyman.
Oct 13 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10419]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407601.
Oct 13 22:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6409]: pam_unix(cron:session): session closed for user root
Oct 13 22:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10333]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9070]: pam_unix(cron:session): session closed for user root
Oct 13 22:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234  user=root
Oct 13 22:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: Failed password for root from 66.116.199.234 port 57848 ssh2
Oct 13 22:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.97.62.121  user=root
Oct 13 22:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: Received disconnect from 66.116.199.234 port 57848:11: Bye Bye [preauth]
Oct 13 22:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10799]: Disconnected from 66.116.199.234 port 57848 [preauth]
Oct 13 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10820]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10821]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10817]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Failed password for root from 23.97.62.121 port 23112 ssh2
Oct 13 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Connection closed by 23.97.62.121 port 23112 [preauth]
Oct 13 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10891]: Successful su for rubyman by root
Oct 13 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10891]: + ??? root:rubyman
Oct 13 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407604 of user rubyman.
Oct 13 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10891]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407604.
Oct 13 22:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6997]: pam_unix(cron:session): session closed for user root
Oct 13 22:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11070]: Invalid user office from 45.249.245.22
Oct 13 22:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11070]: input_userauth_request: invalid user office [preauth]
Oct 13 22:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11070]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 22:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11070]: Failed password for invalid user office from 45.249.245.22 port 56330 ssh2
Oct 13 22:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11070]: Received disconnect from 45.249.245.22 port 56330:11: Bye Bye [preauth]
Oct 13 22:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11070]: Disconnected from 45.249.245.22 port 56330 [preauth]
Oct 13 22:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10818]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9791]: pam_unix(cron:session): session closed for user root
Oct 13 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11280]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11279]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11275]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11349]: Successful su for rubyman by root
Oct 13 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11349]: + ??? root:rubyman
Oct 13 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407608 of user rubyman.
Oct 13 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11349]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407608.
Oct 13 22:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7566]: pam_unix(cron:session): session closed for user root
Oct 13 22:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11278]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Invalid user maman from 66.116.199.234
Oct 13 22:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: input_userauth_request: invalid user maman [preauth]
Oct 13 22:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 22:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Failed password for invalid user maman from 66.116.199.234 port 56942 ssh2
Oct 13 22:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Received disconnect from 66.116.199.234 port 56942:11: Bye Bye [preauth]
Oct 13 22:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Disconnected from 66.116.199.234 port 56942 [preauth]
Oct 13 22:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11741]: Invalid user jean from 45.249.245.22
Oct 13 22:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11741]: input_userauth_request: invalid user jean [preauth]
Oct 13 22:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11741]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 22:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11741]: Failed password for invalid user jean from 45.249.245.22 port 44418 ssh2
Oct 13 22:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11741]: Received disconnect from 45.249.245.22 port 44418:11: Bye Bye [preauth]
Oct 13 22:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11741]: Disconnected from 45.249.245.22 port 44418 [preauth]
Oct 13 22:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10336]: pam_unix(cron:session): session closed for user root
Oct 13 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11854]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11851]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11855]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11851]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11923]: Successful su for rubyman by root
Oct 13 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11923]: + ??? root:rubyman
Oct 13 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407611 of user rubyman.
Oct 13 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11923]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407611.
Oct 13 22:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8478]: pam_unix(cron:session): session closed for user root
Oct 13 22:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11852]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10821]: pam_unix(cron:session): session closed for user root
Oct 13 22:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: Invalid user graphsql from 66.116.199.234
Oct 13 22:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: input_userauth_request: invalid user graphsql [preauth]
Oct 13 22:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 22:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: Failed password for invalid user graphsql from 66.116.199.234 port 54464 ssh2
Oct 13 22:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: Received disconnect from 66.116.199.234 port 54464:11: Bye Bye [preauth]
Oct 13 22:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: Disconnected from 66.116.199.234 port 54464 [preauth]
Oct 13 22:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: Invalid user ftpuser from 45.249.245.22
Oct 13 22:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 22:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 22:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: Failed password for invalid user ftpuser from 45.249.245.22 port 51568 ssh2
Oct 13 22:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: Received disconnect from 45.249.245.22 port 51568:11: Bye Bye [preauth]
Oct 13 22:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: Disconnected from 45.249.245.22 port 51568 [preauth]
Oct 13 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12330]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12333]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12329]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12332]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12333]: pam_unix(cron:session): session closed for user root
Oct 13 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12326]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12415]: Successful su for rubyman by root
Oct 13 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12415]: + ??? root:rubyman
Oct 13 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407616 of user rubyman.
Oct 13 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12415]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407616.
Oct 13 22:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12329]: pam_unix(cron:session): session closed for user root
Oct 13 22:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9069]: pam_unix(cron:session): session closed for user root
Oct 13 22:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12328]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11280]: pam_unix(cron:session): session closed for user root
Oct 13 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12850]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12849]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12847]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12953]: Successful su for rubyman by root
Oct 13 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12953]: + ??? root:rubyman
Oct 13 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407621 of user rubyman.
Oct 13 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12953]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407621.
Oct 13 22:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.97.62.121  user=root
Oct 13 22:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: Failed password for root from 23.97.62.121 port 23112 ssh2
Oct 13 22:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9790]: pam_unix(cron:session): session closed for user root
Oct 13 22:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: Connection closed by 23.97.62.121 port 23112 [preauth]
Oct 13 22:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12848]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13232]: Invalid user admin from 66.116.199.234
Oct 13 22:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13232]: input_userauth_request: invalid user admin [preauth]
Oct 13 22:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13232]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 22:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13232]: Failed password for invalid user admin from 66.116.199.234 port 54788 ssh2
Oct 13 22:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13232]: Received disconnect from 66.116.199.234 port 54788:11: Bye Bye [preauth]
Oct 13 22:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13232]: Disconnected from 66.116.199.234 port 54788 [preauth]
Oct 13 22:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22  user=root
Oct 13 22:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Failed password for root from 45.249.245.22 port 55018 ssh2
Oct 13 22:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Received disconnect from 45.249.245.22 port 55018:11: Bye Bye [preauth]
Oct 13 22:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Disconnected from 45.249.245.22 port 55018 [preauth]
Oct 13 22:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11855]: pam_unix(cron:session): session closed for user root
Oct 13 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13476]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13480]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13474]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13553]: Successful su for rubyman by root
Oct 13 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13553]: + ??? root:rubyman
Oct 13 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407626 of user rubyman.
Oct 13 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13553]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407626.
Oct 13 22:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10335]: pam_unix(cron:session): session closed for user root
Oct 13 22:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13475]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12332]: pam_unix(cron:session): session closed for user root
Oct 13 22:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22  user=root
Oct 13 22:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: Failed password for root from 45.249.245.22 port 55046 ssh2
Oct 13 22:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: Received disconnect from 45.249.245.22 port 55046:11: Bye Bye [preauth]
Oct 13 22:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: Disconnected from 45.249.245.22 port 55046 [preauth]
Oct 13 22:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234  user=root
Oct 13 22:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13939]: Failed password for root from 66.116.199.234 port 41934 ssh2
Oct 13 22:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13939]: Received disconnect from 66.116.199.234 port 41934:11: Bye Bye [preauth]
Oct 13 22:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13939]: Disconnected from 66.116.199.234 port 41934 [preauth]
Oct 13 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13965]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13964]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13962]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14030]: Successful su for rubyman by root
Oct 13 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14030]: + ??? root:rubyman
Oct 13 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407629 of user rubyman.
Oct 13 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14030]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407629.
Oct 13 22:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10820]: pam_unix(cron:session): session closed for user root
Oct 13 22:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13963]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12850]: pam_unix(cron:session): session closed for user root
Oct 13 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14494]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14495]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14487]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14487]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14561]: Successful su for rubyman by root
Oct 13 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14561]: + ??? root:rubyman
Oct 13 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407634 of user rubyman.
Oct 13 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14561]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407634.
Oct 13 22:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11279]: pam_unix(cron:session): session closed for user root
Oct 13 22:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14488]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14778]: Invalid user test from 45.249.245.22
Oct 13 22:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14778]: input_userauth_request: invalid user test [preauth]
Oct 13 22:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14778]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 22:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14778]: Failed password for invalid user test from 45.249.245.22 port 53676 ssh2
Oct 13 22:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14778]: Received disconnect from 45.249.245.22 port 53676:11: Bye Bye [preauth]
Oct 13 22:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14778]: Disconnected from 45.249.245.22 port 53676 [preauth]
Oct 13 22:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234  user=root
Oct 13 22:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14823]: Failed password for root from 66.116.199.234 port 46318 ssh2
Oct 13 22:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14823]: Received disconnect from 66.116.199.234 port 46318:11: Bye Bye [preauth]
Oct 13 22:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14823]: Disconnected from 66.116.199.234 port 46318 [preauth]
Oct 13 22:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13480]: pam_unix(cron:session): session closed for user root
Oct 13 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14966]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14967]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14964]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14968]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14962]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14968]: pam_unix(cron:session): session closed for user root
Oct 13 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14961]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15041]: Successful su for rubyman by root
Oct 13 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15041]: + ??? root:rubyman
Oct 13 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407639 of user rubyman.
Oct 13 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15041]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407639.
Oct 13 22:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14964]: pam_unix(cron:session): session closed for user root
Oct 13 22:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11854]: pam_unix(cron:session): session closed for user root
Oct 13 22:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.97.62.121  user=root
Oct 13 22:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14962]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: Failed password for root from 23.97.62.121 port 23112 ssh2
Oct 13 22:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: Connection closed by 23.97.62.121 port 23112 [preauth]
Oct 13 22:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13965]: pam_unix(cron:session): session closed for user root
Oct 13 22:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 13 22:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: Invalid user fff from 45.249.245.22
Oct 13 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: input_userauth_request: invalid user fff [preauth]
Oct 13 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: Failed password for root from 164.68.105.9 port 41730 ssh2
Oct 13 22:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: Connection closed by 164.68.105.9 port 41730 [preauth]
Oct 13 22:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: Failed password for invalid user fff from 45.249.245.22 port 52356 ssh2
Oct 13 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: Received disconnect from 45.249.245.22 port 52356:11: Bye Bye [preauth]
Oct 13 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: Disconnected from 45.249.245.22 port 52356 [preauth]
Oct 13 22:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15550]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15551]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15548]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Invalid user tableau from 66.116.199.234
Oct 13 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: input_userauth_request: invalid user tableau [preauth]
Oct 13 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15633]: Successful su for rubyman by root
Oct 13 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15633]: + ??? root:rubyman
Oct 13 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407645 of user rubyman.
Oct 13 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15633]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407645.
Oct 13 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Failed password for invalid user tableau from 66.116.199.234 port 38448 ssh2
Oct 13 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Received disconnect from 66.116.199.234 port 38448:11: Bye Bye [preauth]
Oct 13 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Disconnected from 66.116.199.234 port 38448 [preauth]
Oct 13 22:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12330]: pam_unix(cron:session): session closed for user root
Oct 13 22:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15549]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14495]: pam_unix(cron:session): session closed for user root
Oct 13 22:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16002]: Bad protocol version identification '\026\003\001' from 93.123.109.214 port 45366
Oct 13 22:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16004]: Bad protocol version identification 'GET / HTTP/1.1' from 93.123.109.214 port 45380
Oct 13 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16021]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16023]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16019]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16018]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16089]: Successful su for rubyman by root
Oct 13 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16089]: + ??? root:rubyman
Oct 13 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407647 of user rubyman.
Oct 13 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16089]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407647.
Oct 13 22:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12849]: pam_unix(cron:session): session closed for user root
Oct 13 22:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16019]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22  user=root
Oct 13 22:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16331]: Failed password for root from 45.249.245.22 port 58304 ssh2
Oct 13 22:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16331]: Received disconnect from 45.249.245.22 port 58304:11: Bye Bye [preauth]
Oct 13 22:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16331]: Disconnected from 45.249.245.22 port 58304 [preauth]
Oct 13 22:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234  user=root
Oct 13 22:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: Failed password for root from 66.116.199.234 port 45712 ssh2
Oct 13 22:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: Received disconnect from 66.116.199.234 port 45712:11: Bye Bye [preauth]
Oct 13 22:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16391]: Disconnected from 66.116.199.234 port 45712 [preauth]
Oct 13 22:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14967]: pam_unix(cron:session): session closed for user root
Oct 13 22:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: Invalid user kvm from 46.101.170.54
Oct 13 22:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: input_userauth_request: invalid user kvm [preauth]
Oct 13 22:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Oct 13 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: Failed password for invalid user kvm from 46.101.170.54 port 34938 ssh2
Oct 13 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16414]: Connection closed by 46.101.170.54 port 34938 [preauth]
Oct 13 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16490]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16492]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16485]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16485]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16564]: Successful su for rubyman by root
Oct 13 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16564]: + ??? root:rubyman
Oct 13 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407653 of user rubyman.
Oct 13 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16564]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407653.
Oct 13 22:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13476]: pam_unix(cron:session): session closed for user root
Oct 13 22:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16488]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15551]: pam_unix(cron:session): session closed for user root
Oct 13 22:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22  user=root
Oct 13 22:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16905]: Failed password for root from 45.249.245.22 port 56338 ssh2
Oct 13 22:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16905]: Received disconnect from 45.249.245.22 port 56338:11: Bye Bye [preauth]
Oct 13 22:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16905]: Disconnected from 45.249.245.22 port 56338 [preauth]
Oct 13 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16949]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16948]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16946]: pam_unix(cron:session): session closed for user p13x
Oct 13 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17022]: Successful su for rubyman by root
Oct 13 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17022]: + ??? root:rubyman
Oct 13 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407655 of user rubyman.
Oct 13 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17022]: pam_unix(su:session): session closed for user rubyman
Oct 13 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407655.
Oct 13 22:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17157]: Invalid user test from 66.116.199.234
Oct 13 22:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17157]: input_userauth_request: invalid user test [preauth]
Oct 13 22:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17157]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 22:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 22:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13964]: pam_unix(cron:session): session closed for user root
Oct 13 22:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17157]: Failed password for invalid user test from 66.116.199.234 port 54646 ssh2
Oct 13 22:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17157]: Received disconnect from 66.116.199.234 port 54646:11: Bye Bye [preauth]
Oct 13 22:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17157]: Disconnected from 66.116.199.234 port 54646 [preauth]
Oct 13 22:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16947]: pam_unix(cron:session): session closed for user samftp
Oct 13 22:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 22:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.97.62.121  user=root
Oct 13 22:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Failed password for root from 23.97.62.121 port 23112 ssh2
Oct 13 22:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Connection closed by 23.97.62.121 port 23112 [preauth]
Oct 13 22:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16023]: pam_unix(cron:session): session closed for user root
Oct 13 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17430]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17429]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17428]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17426]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17427]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17430]: pam_unix(cron:session): session closed for user root
Oct 13 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17426]: pam_unix(cron:session): session closed for user root
Oct 13 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17424]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17538]: Successful su for rubyman by root
Oct 13 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17538]: + ??? root:rubyman
Oct 13 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407660 of user rubyman.
Oct 13 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17538]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407660.
Oct 13 23:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22  user=root
Oct 13 23:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14494]: pam_unix(cron:session): session closed for user root
Oct 13 23:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17427]: pam_unix(cron:session): session closed for user root
Oct 13 23:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: Failed password for root from 45.249.245.22 port 44810 ssh2
Oct 13 23:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: Received disconnect from 45.249.245.22 port 44810:11: Bye Bye [preauth]
Oct 13 23:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: Disconnected from 45.249.245.22 port 44810 [preauth]
Oct 13 23:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17425]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Invalid user cxy from 66.116.199.234
Oct 13 23:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: input_userauth_request: invalid user cxy [preauth]
Oct 13 23:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 23:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Failed password for invalid user cxy from 66.116.199.234 port 59484 ssh2
Oct 13 23:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Received disconnect from 66.116.199.234 port 59484:11: Bye Bye [preauth]
Oct 13 23:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Disconnected from 66.116.199.234 port 59484 [preauth]
Oct 13 23:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16492]: pam_unix(cron:session): session closed for user root
Oct 13 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18088]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18087]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18085]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18282]: Successful su for rubyman by root
Oct 13 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18282]: + ??? root:rubyman
Oct 13 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407666 of user rubyman.
Oct 13 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18282]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407666.
Oct 13 23:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14966]: pam_unix(cron:session): session closed for user root
Oct 13 23:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18086]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22  user=root
Oct 13 23:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18711]: Failed password for root from 45.249.245.22 port 33154 ssh2
Oct 13 23:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18711]: Received disconnect from 45.249.245.22 port 33154:11: Bye Bye [preauth]
Oct 13 23:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18711]: Disconnected from 45.249.245.22 port 33154 [preauth]
Oct 13 23:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16949]: pam_unix(cron:session): session closed for user root
Oct 13 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18816]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18814]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18812]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234  user=root
Oct 13 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18891]: Successful su for rubyman by root
Oct 13 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18891]: + ??? root:rubyman
Oct 13 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407671 of user rubyman.
Oct 13 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18891]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407671.
Oct 13 23:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: Failed password for root from 66.116.199.234 port 45096 ssh2
Oct 13 23:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: Received disconnect from 66.116.199.234 port 45096:11: Bye Bye [preauth]
Oct 13 23:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18806]: Disconnected from 66.116.199.234 port 45096 [preauth]
Oct 13 23:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15550]: pam_unix(cron:session): session closed for user root
Oct 13 23:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18813]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17429]: pam_unix(cron:session): session closed for user root
Oct 13 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19621]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19620]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19617]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: Invalid user sam from 45.249.245.22
Oct 13 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: input_userauth_request: invalid user sam [preauth]
Oct 13 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19802]: Successful su for rubyman by root
Oct 13 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19802]: + ??? root:rubyman
Oct 13 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19802]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407674 of user rubyman.
Oct 13 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19802]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407674.
Oct 13 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: Failed password for invalid user sam from 45.249.245.22 port 42860 ssh2
Oct 13 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: Received disconnect from 45.249.245.22 port 42860:11: Bye Bye [preauth]
Oct 13 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: Disconnected from 45.249.245.22 port 42860 [preauth]
Oct 13 23:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16021]: pam_unix(cron:session): session closed for user root
Oct 13 23:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19618]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.97.62.121  user=root
Oct 13 23:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: Failed password for root from 23.97.62.121 port 23112 ssh2
Oct 13 23:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: Connection closed by 23.97.62.121 port 23112 [preauth]
Oct 13 23:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20153]: Invalid user odin from 66.116.199.234
Oct 13 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20153]: input_userauth_request: invalid user odin [preauth]
Oct 13 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20153]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 23:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20153]: Failed password for invalid user odin from 66.116.199.234 port 37462 ssh2
Oct 13 23:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20153]: Received disconnect from 66.116.199.234 port 37462:11: Bye Bye [preauth]
Oct 13 23:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20153]: Disconnected from 66.116.199.234 port 37462 [preauth]
Oct 13 23:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18088]: pam_unix(cron:session): session closed for user root
Oct 13 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20289]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20288]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20286]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20357]: Successful su for rubyman by root
Oct 13 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20357]: + ??? root:rubyman
Oct 13 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407678 of user rubyman.
Oct 13 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20357]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407678.
Oct 13 23:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16490]: pam_unix(cron:session): session closed for user root
Oct 13 23:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20287]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: Invalid user maman from 45.249.245.22
Oct 13 23:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: input_userauth_request: invalid user maman [preauth]
Oct 13 23:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 23:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: Failed password for invalid user maman from 45.249.245.22 port 35254 ssh2
Oct 13 23:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: Received disconnect from 45.249.245.22 port 35254:11: Bye Bye [preauth]
Oct 13 23:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20647]: Disconnected from 45.249.245.22 port 35254 [preauth]
Oct 13 23:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18816]: pam_unix(cron:session): session closed for user root
Oct 13 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20761]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20759]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20760]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20762]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20762]: pam_unix(cron:session): session closed for user root
Oct 13 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20757]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20843]: Successful su for rubyman by root
Oct 13 23:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20843]: + ??? root:rubyman
Oct 13 23:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20843]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407684 of user rubyman.
Oct 13 23:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20843]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407684.
Oct 13 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234  user=root
Oct 13 23:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Failed password for root from 66.116.199.234 port 40462 ssh2
Oct 13 23:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Received disconnect from 66.116.199.234 port 40462:11: Bye Bye [preauth]
Oct 13 23:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Disconnected from 66.116.199.234 port 40462 [preauth]
Oct 13 23:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20759]: pam_unix(cron:session): session closed for user root
Oct 13 23:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16948]: pam_unix(cron:session): session closed for user root
Oct 13 23:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20758]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19621]: pam_unix(cron:session): session closed for user root
Oct 13 23:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22  user=root
Oct 13 23:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21229]: Failed password for root from 45.249.245.22 port 44272 ssh2
Oct 13 23:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21229]: Received disconnect from 45.249.245.22 port 44272:11: Bye Bye [preauth]
Oct 13 23:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21229]: Disconnected from 45.249.245.22 port 44272 [preauth]
Oct 13 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21244]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21245]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21242]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21392]: Successful su for rubyman by root
Oct 13 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21392]: + ??? root:rubyman
Oct 13 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407689 of user rubyman.
Oct 13 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21392]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407689.
Oct 13 23:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17428]: pam_unix(cron:session): session closed for user root
Oct 13 23:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21243]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: Invalid user adrian from 66.116.199.234
Oct 13 23:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: input_userauth_request: invalid user adrian [preauth]
Oct 13 23:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 23:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: Failed password for invalid user adrian from 66.116.199.234 port 44322 ssh2
Oct 13 23:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: Received disconnect from 66.116.199.234 port 44322:11: Bye Bye [preauth]
Oct 13 23:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: Disconnected from 66.116.199.234 port 44322 [preauth]
Oct 13 23:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20289]: pam_unix(cron:session): session closed for user root
Oct 13 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21791]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21790]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21788]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21876]: Successful su for rubyman by root
Oct 13 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21876]: + ??? root:rubyman
Oct 13 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407693 of user rubyman.
Oct 13 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21876]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407693.
Oct 13 23:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18087]: pam_unix(cron:session): session closed for user root
Oct 13 23:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21789]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22128]: Invalid user yy from 45.249.245.22
Oct 13 23:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22128]: input_userauth_request: invalid user yy [preauth]
Oct 13 23:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22128]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 23:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22128]: Failed password for invalid user yy from 45.249.245.22 port 56582 ssh2
Oct 13 23:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22128]: Received disconnect from 45.249.245.22 port 56582:11: Bye Bye [preauth]
Oct 13 23:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22128]: Disconnected from 45.249.245.22 port 56582 [preauth]
Oct 13 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.97.62.121  user=root
Oct 13 23:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: Failed password for root from 23.97.62.121 port 23112 ssh2
Oct 13 23:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: Connection closed by 23.97.62.121 port 23112 [preauth]
Oct 13 23:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20761]: pam_unix(cron:session): session closed for user root
Oct 13 23:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22299]: Invalid user fff from 66.116.199.234
Oct 13 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22299]: input_userauth_request: invalid user fff [preauth]
Oct 13 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22299]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22306]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22309]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22302]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22374]: Successful su for rubyman by root
Oct 13 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22374]: + ??? root:rubyman
Oct 13 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407697 of user rubyman.
Oct 13 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22374]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407697.
Oct 13 23:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22299]: Failed password for invalid user fff from 66.116.199.234 port 36962 ssh2
Oct 13 23:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22299]: Received disconnect from 66.116.199.234 port 36962:11: Bye Bye [preauth]
Oct 13 23:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22299]: Disconnected from 66.116.199.234 port 36962 [preauth]
Oct 13 23:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18814]: pam_unix(cron:session): session closed for user root
Oct 13 23:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22303]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: Invalid user nancy from 190.103.202.7
Oct 13 23:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: input_userauth_request: invalid user nancy [preauth]
Oct 13 23:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 13 23:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: Failed password for invalid user nancy from 190.103.202.7 port 56644 ssh2
Oct 13 23:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: Connection closed by 190.103.202.7 port 56644 [preauth]
Oct 13 23:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21245]: pam_unix(cron:session): session closed for user root
Oct 13 23:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: Invalid user cass from 45.249.245.22
Oct 13 23:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: input_userauth_request: invalid user cass [preauth]
Oct 13 23:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 23:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: Failed password for invalid user cass from 45.249.245.22 port 41612 ssh2
Oct 13 23:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: Received disconnect from 45.249.245.22 port 41612:11: Bye Bye [preauth]
Oct 13 23:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: Disconnected from 45.249.245.22 port 41612 [preauth]
Oct 13 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23107]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23108]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23101]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23096]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23100]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23328]: Successful su for rubyman by root
Oct 13 23:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23328]: + ??? root:rubyman
Oct 13 23:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407702 of user rubyman.
Oct 13 23:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23328]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407702.
Oct 13 23:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23096]: pam_unix(cron:session): session closed for user root
Oct 13 23:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19620]: pam_unix(cron:session): session closed for user root
Oct 13 23:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23101]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: Invalid user ftpuser from 66.116.199.234
Oct 13 23:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: input_userauth_request: invalid user ftpuser [preauth]
Oct 13 23:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 23:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21791]: pam_unix(cron:session): session closed for user root
Oct 13 23:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: Failed password for invalid user ftpuser from 66.116.199.234 port 53908 ssh2
Oct 13 23:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: Received disconnect from 66.116.199.234 port 53908:11: Bye Bye [preauth]
Oct 13 23:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: Disconnected from 66.116.199.234 port 53908 [preauth]
Oct 13 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24077]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24075]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24078]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24079]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24079]: pam_unix(cron:session): session closed for user root
Oct 13 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24072]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24177]: Successful su for rubyman by root
Oct 13 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24177]: + ??? root:rubyman
Oct 13 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407708 of user rubyman.
Oct 13 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24177]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407708.
Oct 13 23:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24075]: pam_unix(cron:session): session closed for user root
Oct 13 23:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20288]: pam_unix(cron:session): session closed for user root
Oct 13 23:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24073]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: Invalid user odin from 45.249.245.22
Oct 13 23:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: input_userauth_request: invalid user odin [preauth]
Oct 13 23:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 23:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: Failed password for invalid user odin from 45.249.245.22 port 55260 ssh2
Oct 13 23:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: Received disconnect from 45.249.245.22 port 55260:11: Bye Bye [preauth]
Oct 13 23:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: Disconnected from 45.249.245.22 port 55260 [preauth]
Oct 13 23:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22309]: pam_unix(cron:session): session closed for user root
Oct 13 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24637]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24639]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24635]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24727]: Successful su for rubyman by root
Oct 13 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24727]: + ??? root:rubyman
Oct 13 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407712 of user rubyman.
Oct 13 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24727]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407712.
Oct 13 23:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234  user=root
Oct 13 23:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20760]: pam_unix(cron:session): session closed for user root
Oct 13 23:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: Failed password for root from 66.116.199.234 port 41770 ssh2
Oct 13 23:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: Received disconnect from 66.116.199.234 port 41770:11: Bye Bye [preauth]
Oct 13 23:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: Disconnected from 66.116.199.234 port 41770 [preauth]
Oct 13 23:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24636]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23108]: pam_unix(cron:session): session closed for user root
Oct 13 23:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: Invalid user ppr from 45.249.245.22
Oct 13 23:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: input_userauth_request: invalid user ppr [preauth]
Oct 13 23:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 23:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: Failed password for invalid user ppr from 45.249.245.22 port 49818 ssh2
Oct 13 23:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: Received disconnect from 45.249.245.22 port 49818:11: Bye Bye [preauth]
Oct 13 23:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: Disconnected from 45.249.245.22 port 49818 [preauth]
Oct 13 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25143]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25144]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25141]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: Successful su for rubyman by root
Oct 13 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: + ??? root:rubyman
Oct 13 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407715 of user rubyman.
Oct 13 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407715.
Oct 13 23:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21244]: pam_unix(cron:session): session closed for user root
Oct 13 23:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25142]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24078]: pam_unix(cron:session): session closed for user root
Oct 13 23:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25764]: Invalid user ppr from 66.116.199.234
Oct 13 23:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25764]: input_userauth_request: invalid user ppr [preauth]
Oct 13 23:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25764]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 23:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25764]: Failed password for invalid user ppr from 66.116.199.234 port 51032 ssh2
Oct 13 23:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25764]: Received disconnect from 66.116.199.234 port 51032:11: Bye Bye [preauth]
Oct 13 23:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25764]: Disconnected from 66.116.199.234 port 51032 [preauth]
Oct 13 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25938]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25937]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25930]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26024]: Successful su for rubyman by root
Oct 13 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26024]: + ??? root:rubyman
Oct 13 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407719 of user rubyman.
Oct 13 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26024]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407719.
Oct 13 23:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21790]: pam_unix(cron:session): session closed for user root
Oct 13 23:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26237]: Invalid user auction from 45.249.245.22
Oct 13 23:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26237]: input_userauth_request: invalid user auction [preauth]
Oct 13 23:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26237]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 23:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25931]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26237]: Failed password for invalid user auction from 45.249.245.22 port 38238 ssh2
Oct 13 23:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26237]: Received disconnect from 45.249.245.22 port 38238:11: Bye Bye [preauth]
Oct 13 23:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26237]: Disconnected from 45.249.245.22 port 38238 [preauth]
Oct 13 23:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24639]: pam_unix(cron:session): session closed for user root
Oct 13 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26513]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26509]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26507]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26579]: Successful su for rubyman by root
Oct 13 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26579]: + ??? root:rubyman
Oct 13 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26579]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407723 of user rubyman.
Oct 13 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26579]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407723.
Oct 13 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234  user=root
Oct 13 23:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26657]: Failed password for root from 66.116.199.234 port 57028 ssh2
Oct 13 23:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26657]: Received disconnect from 66.116.199.234 port 57028:11: Bye Bye [preauth]
Oct 13 23:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26657]: Disconnected from 66.116.199.234 port 57028 [preauth]
Oct 13 23:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22306]: pam_unix(cron:session): session closed for user root
Oct 13 23:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26508]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25144]: pam_unix(cron:session): session closed for user root
Oct 13 23:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: Invalid user panorama from 45.249.245.22
Oct 13 23:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: input_userauth_request: invalid user panorama [preauth]
Oct 13 23:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 23:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: Failed password for invalid user panorama from 45.249.245.22 port 46142 ssh2
Oct 13 23:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: Received disconnect from 45.249.245.22 port 46142:11: Bye Bye [preauth]
Oct 13 23:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: Disconnected from 45.249.245.22 port 46142 [preauth]
Oct 13 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27220]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27221]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27216]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27217]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27221]: pam_unix(cron:session): session closed for user root
Oct 13 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27214]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27289]: Successful su for rubyman by root
Oct 13 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27289]: + ??? root:rubyman
Oct 13 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27289]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407728 of user rubyman.
Oct 13 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27289]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407728.
Oct 13 23:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27216]: pam_unix(cron:session): session closed for user root
Oct 13 23:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23107]: pam_unix(cron:session): session closed for user root
Oct 13 23:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27215]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27919]: Invalid user office from 66.116.199.234
Oct 13 23:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27919]: input_userauth_request: invalid user office [preauth]
Oct 13 23:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27919]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 23:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25938]: pam_unix(cron:session): session closed for user root
Oct 13 23:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27919]: Failed password for invalid user office from 66.116.199.234 port 44686 ssh2
Oct 13 23:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27919]: Received disconnect from 66.116.199.234 port 44686:11: Bye Bye [preauth]
Oct 13 23:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27919]: Disconnected from 66.116.199.234 port 44686 [preauth]
Oct 13 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28026]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28027]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28028]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28024]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28106]: Successful su for rubyman by root
Oct 13 23:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28106]: + ??? root:rubyman
Oct 13 23:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28106]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407735 of user rubyman.
Oct 13 23:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28106]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407735.
Oct 13 23:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: Invalid user tableau from 45.249.245.22
Oct 13 23:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: input_userauth_request: invalid user tableau [preauth]
Oct 13 23:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 23:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: Failed password for invalid user tableau from 45.249.245.22 port 60668 ssh2
Oct 13 23:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: Received disconnect from 45.249.245.22 port 60668:11: Bye Bye [preauth]
Oct 13 23:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: Disconnected from 45.249.245.22 port 60668 [preauth]
Oct 13 23:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24077]: pam_unix(cron:session): session closed for user root
Oct 13 23:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28026]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26513]: pam_unix(cron:session): session closed for user root
Oct 13 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28744]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28743]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28738]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28738]: pam_unix(cron:session): session closed for user root
Oct 13 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28740]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28827]: Successful su for rubyman by root
Oct 13 23:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28827]: + ??? root:rubyman
Oct 13 23:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407737 of user rubyman.
Oct 13 23:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28827]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407737.
Oct 13 23:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 13 23:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28885]: Invalid user cass from 66.116.199.234
Oct 13 23:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28885]: input_userauth_request: invalid user cass [preauth]
Oct 13 23:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28885]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 23:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28863]: Failed password for root from 190.103.202.7 port 55360 ssh2
Oct 13 23:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28863]: Connection closed by 190.103.202.7 port 55360 [preauth]
Oct 13 23:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28885]: Failed password for invalid user cass from 66.116.199.234 port 53002 ssh2
Oct 13 23:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28885]: Received disconnect from 66.116.199.234 port 53002:11: Bye Bye [preauth]
Oct 13 23:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28885]: Disconnected from 66.116.199.234 port 53002 [preauth]
Oct 13 23:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24637]: pam_unix(cron:session): session closed for user root
Oct 13 23:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28741]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29259]: Invalid user admin from 45.249.245.22
Oct 13 23:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29259]: input_userauth_request: invalid user admin [preauth]
Oct 13 23:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29259]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 23:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29259]: Failed password for invalid user admin from 45.249.245.22 port 51120 ssh2
Oct 13 23:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29259]: Received disconnect from 45.249.245.22 port 51120:11: Bye Bye [preauth]
Oct 13 23:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29259]: Disconnected from 45.249.245.22 port 51120 [preauth]
Oct 13 23:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27220]: pam_unix(cron:session): session closed for user root
Oct 13 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29366]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29367]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29364]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29441]: Successful su for rubyman by root
Oct 13 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29441]: + ??? root:rubyman
Oct 13 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407743 of user rubyman.
Oct 13 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29441]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407743.
Oct 13 23:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25143]: pam_unix(cron:session): session closed for user root
Oct 13 23:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29365]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: Invalid user auction from 66.116.199.234
Oct 13 23:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: input_userauth_request: invalid user auction [preauth]
Oct 13 23:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 23:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: Failed password for invalid user auction from 66.116.199.234 port 47816 ssh2
Oct 13 23:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: Received disconnect from 66.116.199.234 port 47816:11: Bye Bye [preauth]
Oct 13 23:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: Disconnected from 66.116.199.234 port 47816 [preauth]
Oct 13 23:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28028]: pam_unix(cron:session): session closed for user root
Oct 13 23:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: Invalid user adrian from 45.249.245.22
Oct 13 23:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: input_userauth_request: invalid user adrian [preauth]
Oct 13 23:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29877]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29876]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29870]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: Failed password for invalid user adrian from 45.249.245.22 port 59538 ssh2
Oct 13 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: Received disconnect from 45.249.245.22 port 59538:11: Bye Bye [preauth]
Oct 13 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: Disconnected from 45.249.245.22 port 59538 [preauth]
Oct 13 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29955]: Successful su for rubyman by root
Oct 13 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29955]: + ??? root:rubyman
Oct 13 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407746 of user rubyman.
Oct 13 23:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29955]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407746.
Oct 13 23:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25937]: pam_unix(cron:session): session closed for user root
Oct 13 23:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29872]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28744]: pam_unix(cron:session): session closed for user root
Oct 13 23:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: Invalid user yy from 66.116.199.234
Oct 13 23:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: input_userauth_request: invalid user yy [preauth]
Oct 13 23:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30400]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30398]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30402]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30399]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30402]: pam_unix(cron:session): session closed for user root
Oct 13 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: Failed password for invalid user yy from 66.116.199.234 port 54990 ssh2
Oct 13 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30395]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: Received disconnect from 66.116.199.234 port 54990:11: Bye Bye [preauth]
Oct 13 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: Disconnected from 66.116.199.234 port 54990 [preauth]
Oct 13 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30575]: Successful su for rubyman by root
Oct 13 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30575]: + ??? root:rubyman
Oct 13 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407751 of user rubyman.
Oct 13 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30575]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407751.
Oct 13 23:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30398]: pam_unix(cron:session): session closed for user root
Oct 13 23:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26509]: pam_unix(cron:session): session closed for user root
Oct 13 23:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30397]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22  user=root
Oct 13 23:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: Failed password for root from 45.249.245.22 port 54380 ssh2
Oct 13 23:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: Received disconnect from 45.249.245.22 port 54380:11: Bye Bye [preauth]
Oct 13 23:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: Disconnected from 45.249.245.22 port 54380 [preauth]
Oct 13 23:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29367]: pam_unix(cron:session): session closed for user root
Oct 13 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30993]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30992]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30990]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31096]: Successful su for rubyman by root
Oct 13 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31096]: + ??? root:rubyman
Oct 13 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407757 of user rubyman.
Oct 13 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31096]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407757.
Oct 13 23:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27217]: pam_unix(cron:session): session closed for user root
Oct 13 23:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30991]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: Invalid user panorama from 66.116.199.234
Oct 13 23:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: input_userauth_request: invalid user panorama [preauth]
Oct 13 23:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 23:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: Failed password for invalid user panorama from 66.116.199.234 port 37122 ssh2
Oct 13 23:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: Received disconnect from 66.116.199.234 port 37122:11: Bye Bye [preauth]
Oct 13 23:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31350]: Disconnected from 66.116.199.234 port 37122 [preauth]
Oct 13 23:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29877]: pam_unix(cron:session): session closed for user root
Oct 13 23:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22  user=root
Oct 13 23:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: Failed password for root from 45.249.245.22 port 56926 ssh2
Oct 13 23:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: Received disconnect from 45.249.245.22 port 56926:11: Bye Bye [preauth]
Oct 13 23:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: Disconnected from 45.249.245.22 port 56926 [preauth]
Oct 13 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31645]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31644]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31641]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31714]: Successful su for rubyman by root
Oct 13 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31714]: + ??? root:rubyman
Oct 13 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407760 of user rubyman.
Oct 13 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31714]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407760.
Oct 13 23:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28027]: pam_unix(cron:session): session closed for user root
Oct 13 23:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31642]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30400]: pam_unix(cron:session): session closed for user root
Oct 13 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32116]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32113]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32111]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32265]: Successful su for rubyman by root
Oct 13 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32265]: + ??? root:rubyman
Oct 13 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407764 of user rubyman.
Oct 13 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32265]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407764.
Oct 13 23:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234  user=root
Oct 13 23:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Failed password for root from 66.116.199.234 port 43702 ssh2
Oct 13 23:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Received disconnect from 66.116.199.234 port 43702:11: Bye Bye [preauth]
Oct 13 23:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Disconnected from 66.116.199.234 port 43702 [preauth]
Oct 13 23:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28743]: pam_unix(cron:session): session closed for user root
Oct 13 23:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32112]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22  user=root
Oct 13 23:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32539]: Failed password for root from 45.249.245.22 port 51524 ssh2
Oct 13 23:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32539]: Received disconnect from 45.249.245.22 port 51524:11: Bye Bye [preauth]
Oct 13 23:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32539]: Disconnected from 45.249.245.22 port 51524 [preauth]
Oct 13 23:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30993]: pam_unix(cron:session): session closed for user root
Oct 13 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32647]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32646]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32644]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32719]: Successful su for rubyman by root
Oct 13 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32719]: + ??? root:rubyman
Oct 13 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407769 of user rubyman.
Oct 13 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32719]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407769.
Oct 13 23:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29366]: pam_unix(cron:session): session closed for user root
Oct 13 23:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32645]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31645]: pam_unix(cron:session): session closed for user root
Oct 13 23:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234  user=root
Oct 13 23:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[596]: Failed password for root from 66.116.199.234 port 52322 ssh2
Oct 13 23:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[596]: Received disconnect from 66.116.199.234 port 52322:11: Bye Bye [preauth]
Oct 13 23:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[596]: Disconnected from 66.116.199.234 port 52322 [preauth]
Oct 13 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[663]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[654]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[655]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[656]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[663]: pam_unix(cron:session): session closed for user root
Oct 13 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: Invalid user ts3 from 164.68.105.9
Oct 13 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: input_userauth_request: invalid user ts3 [preauth]
Oct 13 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 13 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[652]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22  user=root
Oct 13 23:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: Failed password for invalid user ts3 from 164.68.105.9 port 50150 ssh2
Oct 13 23:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: Connection closed by 164.68.105.9 port 50150 [preauth]
Oct 13 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 su[739]: Successful su for rubyman by root
Oct 13 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 su[739]: + ??? root:rubyman
Oct 13 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 su[739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407776 of user rubyman.
Oct 13 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 su[739]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407776.
Oct 13 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: Failed password for root from 45.249.245.22 port 51992 ssh2
Oct 13 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: Received disconnect from 45.249.245.22 port 51992:11: Bye Bye [preauth]
Oct 13 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: Disconnected from 45.249.245.22 port 51992 [preauth]
Oct 13 23:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29876]: pam_unix(cron:session): session closed for user root
Oct 13 23:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[654]: pam_unix(cron:session): session closed for user root
Oct 13 23:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[653]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32116]: pam_unix(cron:session): session closed for user root
Oct 13 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1254]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1255]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1252]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1252]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1333]: Successful su for rubyman by root
Oct 13 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1333]: + ??? root:rubyman
Oct 13 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1333]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407778 of user rubyman.
Oct 13 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1333]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407778.
Oct 13 23:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30399]: pam_unix(cron:session): session closed for user root
Oct 13 23:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1568]: Invalid user aman from 66.116.199.234
Oct 13 23:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1568]: input_userauth_request: invalid user aman [preauth]
Oct 13 23:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1568]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234
Oct 13 23:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1253]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1568]: Failed password for invalid user aman from 66.116.199.234 port 53468 ssh2
Oct 13 23:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1568]: Received disconnect from 66.116.199.234 port 53468:11: Bye Bye [preauth]
Oct 13 23:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1568]: Disconnected from 66.116.199.234 port 53468 [preauth]
Oct 13 23:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: Invalid user aman from 45.249.245.22
Oct 13 23:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: input_userauth_request: invalid user aman [preauth]
Oct 13 23:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.249.245.22
Oct 13 23:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: Failed password for invalid user aman from 45.249.245.22 port 53152 ssh2
Oct 13 23:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: Received disconnect from 45.249.245.22 port 53152:11: Bye Bye [preauth]
Oct 13 23:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: Disconnected from 45.249.245.22 port 53152 [preauth]
Oct 13 23:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32647]: pam_unix(cron:session): session closed for user root
Oct 13 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1774]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1775]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1772]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1841]: Successful su for rubyman by root
Oct 13 23:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1841]: + ??? root:rubyman
Oct 13 23:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407783 of user rubyman.
Oct 13 23:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1841]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407783.
Oct 13 23:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30992]: pam_unix(cron:session): session closed for user root
Oct 13 23:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1773]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.116.199.234  user=root
Oct 13 23:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[656]: pam_unix(cron:session): session closed for user root
Oct 13 23:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Failed password for root from 66.116.199.234 port 37084 ssh2
Oct 13 23:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Received disconnect from 66.116.199.234 port 37084:11: Bye Bye [preauth]
Oct 13 23:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Disconnected from 66.116.199.234 port 37084 [preauth]
Oct 13 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2320]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2321]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2318]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2318]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2390]: Successful su for rubyman by root
Oct 13 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2390]: + ??? root:rubyman
Oct 13 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407786 of user rubyman.
Oct 13 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2390]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407786.
Oct 13 23:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31644]: pam_unix(cron:session): session closed for user root
Oct 13 23:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2319]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1255]: pam_unix(cron:session): session closed for user root
Oct 13 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2768]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2769]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2767]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2765]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2837]: Successful su for rubyman by root
Oct 13 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2837]: + ??? root:rubyman
Oct 13 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2837]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407791 of user rubyman.
Oct 13 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2837]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407791.
Oct 13 23:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32113]: pam_unix(cron:session): session closed for user root
Oct 13 23:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2767]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1775]: pam_unix(cron:session): session closed for user root
Oct 13 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3216]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3217]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3215]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3214]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3217]: pam_unix(cron:session): session closed for user root
Oct 13 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3212]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3308]: Successful su for rubyman by root
Oct 13 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3308]: + ??? root:rubyman
Oct 13 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3308]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407794 of user rubyman.
Oct 13 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3308]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407794.
Oct 13 23:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3214]: pam_unix(cron:session): session closed for user root
Oct 13 23:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32646]: pam_unix(cron:session): session closed for user root
Oct 13 23:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3213]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2321]: pam_unix(cron:session): session closed for user root
Oct 13 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3716]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3717]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3713]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3805]: Successful su for rubyman by root
Oct 13 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3805]: + ??? root:rubyman
Oct 13 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407801 of user rubyman.
Oct 13 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3805]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407801.
Oct 13 23:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[655]: pam_unix(cron:session): session closed for user root
Oct 13 23:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3714]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2769]: pam_unix(cron:session): session closed for user root
Oct 13 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4226]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4227]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4218]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4314]: Successful su for rubyman by root
Oct 13 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4314]: + ??? root:rubyman
Oct 13 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4314]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407806 of user rubyman.
Oct 13 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4314]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407806.
Oct 13 23:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1254]: pam_unix(cron:session): session closed for user root
Oct 13 23:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4222]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4566]: Did not receive identification string from 118.145.74.48
Oct 13 23:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.145.74.48  user=root
Oct 13 23:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: Failed password for root from 118.145.74.48 port 46964 ssh2
Oct 13 23:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: Connection closed by 118.145.74.48 port 46964 [preauth]
Oct 13 23:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.145.74.48  user=root
Oct 13 23:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: Failed password for root from 118.145.74.48 port 46978 ssh2
Oct 13 23:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: Connection closed by 118.145.74.48 port 46978 [preauth]
Oct 13 23:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.145.74.48  user=root
Oct 13 23:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: Failed password for root from 118.145.74.48 port 46986 ssh2
Oct 13 23:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4639]: Connection closed by 118.145.74.48 port 46986 [preauth]
Oct 13 23:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3216]: pam_unix(cron:session): session closed for user root
Oct 13 23:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.145.74.48  user=root
Oct 13 23:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: Failed password for root from 118.145.74.48 port 39460 ssh2
Oct 13 23:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: Connection closed by 118.145.74.48 port 39460 [preauth]
Oct 13 23:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.145.74.48  user=root
Oct 13 23:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4693]: Failed password for root from 118.145.74.48 port 39474 ssh2
Oct 13 23:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4693]: Connection closed by 118.145.74.48 port 39474 [preauth]
Oct 13 23:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.145.74.48  user=root
Oct 13 23:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4713]: Failed password for root from 118.145.74.48 port 45818 ssh2
Oct 13 23:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4713]: Connection closed by 118.145.74.48 port 45818 [preauth]
Oct 13 23:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.145.74.48  user=root
Oct 13 23:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: Failed password for root from 118.145.74.48 port 45820 ssh2
Oct 13 23:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4721]: Connection closed by 118.145.74.48 port 45820 [preauth]
Oct 13 23:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4748]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4751]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4746]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4746]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4830]: Successful su for rubyman by root
Oct 13 23:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4830]: + ??? root:rubyman
Oct 13 23:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407809 of user rubyman.
Oct 13 23:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4830]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407809.
Oct 13 23:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1774]: pam_unix(cron:session): session closed for user root
Oct 13 23:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4747]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Invalid user admin from 2.57.121.112
Oct 13 23:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: input_userauth_request: invalid user admin [preauth]
Oct 13 23:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 23:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Failed password for invalid user admin from 2.57.121.112 port 21971 ssh2
Oct 13 23:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3717]: pam_unix(cron:session): session closed for user root
Oct 13 23:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Failed password for invalid user admin from 2.57.121.112 port 21971 ssh2
Oct 13 23:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Failed password for invalid user admin from 2.57.121.112 port 21971 ssh2
Oct 13 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Failed password for invalid user admin from 2.57.121.112 port 21971 ssh2
Oct 13 23:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Failed password for invalid user admin from 2.57.121.112 port 21971 ssh2
Oct 13 23:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Received disconnect from 2.57.121.112 port 21971:11: Bye [preauth]
Oct 13 23:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Disconnected from 2.57.121.112 port 21971 [preauth]
Oct 13 23:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 13 23:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5711]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5712]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5708]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5787]: Successful su for rubyman by root
Oct 13 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5787]: + ??? root:rubyman
Oct 13 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407812 of user rubyman.
Oct 13 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5787]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407812.
Oct 13 23:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2320]: pam_unix(cron:session): session closed for user root
Oct 13 23:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5710]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4227]: pam_unix(cron:session): session closed for user root
Oct 13 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6187]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6185]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6186]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6188]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6188]: pam_unix(cron:session): session closed for user root
Oct 13 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6183]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6260]: Successful su for rubyman by root
Oct 13 23:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6260]: + ??? root:rubyman
Oct 13 23:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407816 of user rubyman.
Oct 13 23:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6260]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407816.
Oct 13 23:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6185]: pam_unix(cron:session): session closed for user root
Oct 13 23:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2768]: pam_unix(cron:session): session closed for user root
Oct 13 23:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6184]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4751]: pam_unix(cron:session): session closed for user root
Oct 13 23:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: Invalid user secuser from 138.68.190.216
Oct 13 23:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: input_userauth_request: invalid user secuser [preauth]
Oct 13 23:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.190.216
Oct 13 23:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: Failed password for invalid user secuser from 138.68.190.216 port 39734 ssh2
Oct 13 23:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: Connection closed by 138.68.190.216 port 39734 [preauth]
Oct 13 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6769]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6770]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6765]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6845]: Successful su for rubyman by root
Oct 13 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6845]: + ??? root:rubyman
Oct 13 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407823 of user rubyman.
Oct 13 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6845]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407823.
Oct 13 23:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3215]: pam_unix(cron:session): session closed for user root
Oct 13 23:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6768]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5712]: pam_unix(cron:session): session closed for user root
Oct 13 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7318]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7317]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7314]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7404]: Successful su for rubyman by root
Oct 13 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7404]: + ??? root:rubyman
Oct 13 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407826 of user rubyman.
Oct 13 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7404]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407826.
Oct 13 23:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3716]: pam_unix(cron:session): session closed for user root
Oct 13 23:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7316]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6187]: pam_unix(cron:session): session closed for user root
Oct 13 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7795]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7794]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7791]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8003]: Successful su for rubyman by root
Oct 13 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8003]: + ??? root:rubyman
Oct 13 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407832 of user rubyman.
Oct 13 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8003]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407832.
Oct 13 23:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4226]: pam_unix(cron:session): session closed for user root
Oct 13 23:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7793]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6770]: pam_unix(cron:session): session closed for user root
Oct 13 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8690]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8689]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8682]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8686]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8988]: Successful su for rubyman by root
Oct 13 23:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8988]: + ??? root:rubyman
Oct 13 23:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407834 of user rubyman.
Oct 13 23:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8988]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407834.
Oct 13 23:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8682]: pam_unix(cron:session): session closed for user root
Oct 13 23:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4748]: pam_unix(cron:session): session closed for user root
Oct 13 23:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8688]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7318]: pam_unix(cron:session): session closed for user root
Oct 13 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9511]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9509]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9508]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9510]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9511]: pam_unix(cron:session): session closed for user root
Oct 13 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9506]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9596]: Successful su for rubyman by root
Oct 13 23:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9596]: + ??? root:rubyman
Oct 13 23:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9596]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407842 of user rubyman.
Oct 13 23:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9596]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407842.
Oct 13 23:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9508]: pam_unix(cron:session): session closed for user root
Oct 13 23:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5711]: pam_unix(cron:session): session closed for user root
Oct 13 23:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9507]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7795]: pam_unix(cron:session): session closed for user root
Oct 13 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10157]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10155]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10156]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10154]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10154]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10244]: Successful su for rubyman by root
Oct 13 23:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10244]: + ??? root:rubyman
Oct 13 23:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407845 of user rubyman.
Oct 13 23:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10244]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407845.
Oct 13 23:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6186]: pam_unix(cron:session): session closed for user root
Oct 13 23:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10155]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8690]: pam_unix(cron:session): session closed for user root
Oct 13 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10662]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10663]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10660]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10737]: Successful su for rubyman by root
Oct 13 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10737]: + ??? root:rubyman
Oct 13 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407851 of user rubyman.
Oct 13 23:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10737]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407851.
Oct 13 23:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6769]: pam_unix(cron:session): session closed for user root
Oct 13 23:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10661]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9510]: pam_unix(cron:session): session closed for user root
Oct 13 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11103]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11102]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11101]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11100]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11182]: Successful su for rubyman by root
Oct 13 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11182]: + ??? root:rubyman
Oct 13 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407854 of user rubyman.
Oct 13 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11182]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407854.
Oct 13 23:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7317]: pam_unix(cron:session): session closed for user root
Oct 13 23:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11101]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10157]: pam_unix(cron:session): session closed for user root
Oct 13 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11570]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11569]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11567]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11736]: Successful su for rubyman by root
Oct 13 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11736]: + ??? root:rubyman
Oct 13 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407859 of user rubyman.
Oct 13 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11736]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407859.
Oct 13 23:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7794]: pam_unix(cron:session): session closed for user root
Oct 13 23:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11568]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10663]: pam_unix(cron:session): session closed for user root
Oct 13 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12142]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12140]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12139]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12143]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12143]: pam_unix(cron:session): session closed for user root
Oct 13 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12134]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12232]: Successful su for rubyman by root
Oct 13 23:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12232]: + ??? root:rubyman
Oct 13 23:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407861 of user rubyman.
Oct 13 23:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12232]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407861.
Oct 13 23:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12139]: pam_unix(cron:session): session closed for user root
Oct 13 23:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8689]: pam_unix(cron:session): session closed for user root
Oct 13 23:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12135]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11103]: pam_unix(cron:session): session closed for user root
Oct 13 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12679]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12677]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12676]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12675]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12755]: Successful su for rubyman by root
Oct 13 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12755]: + ??? root:rubyman
Oct 13 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12755]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407869 of user rubyman.
Oct 13 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12755]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407869.
Oct 13 23:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9509]: pam_unix(cron:session): session closed for user root
Oct 13 23:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12676]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11570]: pam_unix(cron:session): session closed for user root
Oct 13 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13164]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13165]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13162]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13353]: Successful su for rubyman by root
Oct 13 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13353]: + ??? root:rubyman
Oct 13 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13353]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407871 of user rubyman.
Oct 13 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13353]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407871.
Oct 13 23:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10156]: pam_unix(cron:session): session closed for user root
Oct 13 23:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13163]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12142]: pam_unix(cron:session): session closed for user root
Oct 13 23:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: Did not receive identification string from 80.211.129.128
Oct 13 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13754]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13750]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13749]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13847]: Successful su for rubyman by root
Oct 13 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13847]: + ??? root:rubyman
Oct 13 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407875 of user rubyman.
Oct 13 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13847]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407875.
Oct 13 23:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10662]: pam_unix(cron:session): session closed for user root
Oct 13 23:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13750]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12679]: pam_unix(cron:session): session closed for user root
Oct 13 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14308]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14309]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14306]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14373]: Successful su for rubyman by root
Oct 13 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14373]: + ??? root:rubyman
Oct 13 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407880 of user rubyman.
Oct 13 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14373]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407880.
Oct 13 23:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11102]: pam_unix(cron:session): session closed for user root
Oct 13 23:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14307]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13165]: pam_unix(cron:session): session closed for user root
Oct 13 23:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Invalid user admin from 62.60.131.157
Oct 13 23:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: input_userauth_request: invalid user admin [preauth]
Oct 13 23:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 23:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Failed password for invalid user admin from 62.60.131.157 port 63191 ssh2
Oct 13 23:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Failed password for invalid user admin from 62.60.131.157 port 63191 ssh2
Oct 13 23:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Failed password for invalid user admin from 62.60.131.157 port 63191 ssh2
Oct 13 23:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Failed password for invalid user admin from 62.60.131.157 port 63191 ssh2
Oct 13 23:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Failed password for invalid user admin from 62.60.131.157 port 63191 ssh2
Oct 13 23:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Received disconnect from 62.60.131.157 port 63191:11: Bye [preauth]
Oct 13 23:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Disconnected from 62.60.131.157 port 63191 [preauth]
Oct 13 23:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 23:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 23:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14736]: Invalid user user from 62.60.131.157
Oct 13 23:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14736]: input_userauth_request: invalid user user [preauth]
Oct 13 23:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14736]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 23:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14736]: Failed password for invalid user user from 62.60.131.157 port 42897 ssh2
Oct 13 23:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14736]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14736]: Failed password for invalid user user from 62.60.131.157 port 42897 ssh2
Oct 13 23:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14736]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14759]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14763]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14758]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14757]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14763]: pam_unix(cron:session): session closed for user root
Oct 13 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14755]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14856]: Successful su for rubyman by root
Oct 13 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14856]: + ??? root:rubyman
Oct 13 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407883 of user rubyman.
Oct 13 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14856]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407883.
Oct 13 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14736]: Failed password for invalid user user from 62.60.131.157 port 42897 ssh2
Oct 13 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14736]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14736]: Failed password for invalid user user from 62.60.131.157 port 42897 ssh2
Oct 13 23:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14736]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14736]: Failed password for invalid user user from 62.60.131.157 port 42897 ssh2
Oct 13 23:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14736]: Received disconnect from 62.60.131.157 port 42897:11: Bye [preauth]
Oct 13 23:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14736]: Disconnected from 62.60.131.157 port 42897 [preauth]
Oct 13 23:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14736]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 13 23:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14736]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 23:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14757]: pam_unix(cron:session): session closed for user root
Oct 13 23:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11569]: pam_unix(cron:session): session closed for user root
Oct 13 23:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14756]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13754]: pam_unix(cron:session): session closed for user root
Oct 13 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15371]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15370]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15368]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15448]: Successful su for rubyman by root
Oct 13 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15448]: + ??? root:rubyman
Oct 13 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407889 of user rubyman.
Oct 13 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15448]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407889.
Oct 13 23:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12140]: pam_unix(cron:session): session closed for user root
Oct 13 23:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15369]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14309]: pam_unix(cron:session): session closed for user root
Oct 13 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15815]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15816]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15813]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15888]: Successful su for rubyman by root
Oct 13 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15888]: + ??? root:rubyman
Oct 13 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407895 of user rubyman.
Oct 13 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15888]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407895.
Oct 13 23:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12677]: pam_unix(cron:session): session closed for user root
Oct 13 23:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15814]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14759]: pam_unix(cron:session): session closed for user root
Oct 13 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16273]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16274]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16270]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16270]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16349]: Successful su for rubyman by root
Oct 13 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16349]: + ??? root:rubyman
Oct 13 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407897 of user rubyman.
Oct 13 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16349]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407897.
Oct 13 23:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13164]: pam_unix(cron:session): session closed for user root
Oct 13 23:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16272]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15371]: pam_unix(cron:session): session closed for user root
Oct 13 23:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16713]: Invalid user ansible from 186.96.145.241
Oct 13 23:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16713]: input_userauth_request: invalid user ansible [preauth]
Oct 13 23:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16713]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 13 23:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16713]: Failed password for invalid user ansible from 186.96.145.241 port 57888 ssh2
Oct 13 23:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16713]: Connection closed by 186.96.145.241 port 57888 [preauth]
Oct 13 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16739]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16738]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16737]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16736]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16822]: Successful su for rubyman by root
Oct 13 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16822]: + ??? root:rubyman
Oct 13 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407901 of user rubyman.
Oct 13 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16822]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407901.
Oct 13 23:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session closed for user root
Oct 13 23:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16737]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15816]: pam_unix(cron:session): session closed for user root
Oct 13 23:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.38.148.202  user=root
Oct 13 23:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17118]: Failed password for root from 89.38.148.202 port 57966 ssh2
Oct 13 23:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17118]: Connection closed by 89.38.148.202 port 57966 [preauth]
Oct 13 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17203]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17205]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17207]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17204]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17207]: pam_unix(cron:session): session closed for user root
Oct 13 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17200]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17292]: Successful su for rubyman by root
Oct 13 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17292]: + ??? root:rubyman
Oct 13 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407906 of user rubyman.
Oct 13 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17292]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407906.
Oct 13 23:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17203]: pam_unix(cron:session): session closed for user root
Oct 13 23:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14308]: pam_unix(cron:session): session closed for user root
Oct 13 23:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17201]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16274]: pam_unix(cron:session): session closed for user root
Oct 13 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17714]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17712]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17710]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17854]: Successful su for rubyman by root
Oct 13 23:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17854]: + ??? root:rubyman
Oct 13 23:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407912 of user rubyman.
Oct 13 23:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17854]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407912.
Oct 13 23:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14758]: pam_unix(cron:session): session closed for user root
Oct 13 23:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17711]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16739]: pam_unix(cron:session): session closed for user root
Oct 13 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18471]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18470]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18468]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18560]: Successful su for rubyman by root
Oct 13 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18560]: + ??? root:rubyman
Oct 13 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407917 of user rubyman.
Oct 13 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18560]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407917.
Oct 13 23:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15370]: pam_unix(cron:session): session closed for user root
Oct 13 23:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18469]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17205]: pam_unix(cron:session): session closed for user root
Oct 13 23:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: Invalid user admin from 2.57.121.25
Oct 13 23:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: input_userauth_request: invalid user admin [preauth]
Oct 13 23:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 23:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: Failed password for invalid user admin from 2.57.121.25 port 59014 ssh2
Oct 13 23:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19079]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19076]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19078]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19075]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19075]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: Failed password for invalid user admin from 2.57.121.25 port 59014 ssh2
Oct 13 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19150]: Successful su for rubyman by root
Oct 13 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19150]: + ??? root:rubyman
Oct 13 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407920 of user rubyman.
Oct 13 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19150]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407920.
Oct 13 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: Failed password for invalid user admin from 2.57.121.25 port 59014 ssh2
Oct 13 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: Failed password for invalid user admin from 2.57.121.25 port 59014 ssh2
Oct 13 23:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: pam_unix(sshd:auth): check pass; user unknown
Oct 13 23:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: Failed password for invalid user admin from 2.57.121.25 port 59014 ssh2
Oct 13 23:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: Received disconnect from 2.57.121.25 port 59014:11: Bye [preauth]
Oct 13 23:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: Disconnected from 2.57.121.25 port 59014 [preauth]
Oct 13 23:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 13 23:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19019]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 13 23:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15815]: pam_unix(cron:session): session closed for user root
Oct 13 23:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19076]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17714]: pam_unix(cron:session): session closed for user root
Oct 13 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19906]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19908]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 13 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 13 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19903]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 13 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19903]: pam_unix(cron:session): session closed for user p13x
Oct 13 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19980]: Successful su for rubyman by root
Oct 13 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19980]: + ??? root:rubyman
Oct 13 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 13 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407925 of user rubyman.
Oct 13 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19980]: pam_unix(su:session): session closed for user rubyman
Oct 13 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407925.
Oct 13 23:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 13 23:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16273]: pam_unix(cron:session): session closed for user root
Oct 13 23:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: Invalid user  from 60.188.249.64
Oct 13 23:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: input_userauth_request: invalid user  [preauth]
Oct 13 23:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19905]: pam_unix(cron:session): session closed for user samftp
Oct 13 23:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: Connection closed by 60.188.249.64 port 32984 [preauth]
Oct 13 23:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18471]: pam_unix(cron:session): session closed for user root
Oct 14 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20437]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20435]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20432]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20434]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20429]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20436]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20437]: pam_unix(cron:session): session closed for user root
Oct 14 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20432]: pam_unix(cron:session): session closed for user root
Oct 14 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20429]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20555]: Successful su for rubyman by root
Oct 14 00:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20555]: + ??? root:rubyman
Oct 14 00:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407928 of user rubyman.
Oct 14 00:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20555]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407928.
Oct 14 00:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16738]: pam_unix(cron:session): session closed for user root
Oct 14 00:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20434]: pam_unix(cron:session): session closed for user root
Oct 14 00:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20430]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19079]: pam_unix(cron:session): session closed for user root
Oct 14 00:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: Did not receive identification string from 80.211.129.128
Oct 14 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21009]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21008]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21005]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21002]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21002]: pam_unix(cron:session): session closed for user root
Oct 14 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21005]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21093]: Successful su for rubyman by root
Oct 14 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21093]: + ??? root:rubyman
Oct 14 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407934 of user rubyman.
Oct 14 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21093]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407934.
Oct 14 00:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17204]: pam_unix(cron:session): session closed for user root
Oct 14 00:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21007]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19908]: pam_unix(cron:session): session closed for user root
Oct 14 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21535]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21534]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21531]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21610]: Successful su for rubyman by root
Oct 14 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21610]: + ??? root:rubyman
Oct 14 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407939 of user rubyman.
Oct 14 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21610]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407939.
Oct 14 00:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17712]: pam_unix(cron:session): session closed for user root
Oct 14 00:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21533]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20436]: pam_unix(cron:session): session closed for user root
Oct 14 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22006]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22005]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22003]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22079]: Successful su for rubyman by root
Oct 14 00:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22079]: + ??? root:rubyman
Oct 14 00:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407944 of user rubyman.
Oct 14 00:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22079]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407944.
Oct 14 00:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18470]: pam_unix(cron:session): session closed for user root
Oct 14 00:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22004]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21009]: pam_unix(cron:session): session closed for user root
Oct 14 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22495]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22496]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22493]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22570]: Successful su for rubyman by root
Oct 14 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22570]: + ??? root:rubyman
Oct 14 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407948 of user rubyman.
Oct 14 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22570]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407948.
Oct 14 00:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22935]: Invalid user dm from 103.234.151.178
Oct 14 00:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22935]: input_userauth_request: invalid user dm [preauth]
Oct 14 00:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22935]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19078]: pam_unix(cron:session): session closed for user root
Oct 14 00:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22935]: Failed password for invalid user dm from 103.234.151.178 port 13618 ssh2
Oct 14 00:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22935]: Received disconnect from 103.234.151.178 port 13618:11: Bye Bye [preauth]
Oct 14 00:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22935]: Disconnected from 103.234.151.178 port 13618 [preauth]
Oct 14 00:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22494]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21535]: pam_unix(cron:session): session closed for user root
Oct 14 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23386]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23347]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23348]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23350]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23386]: pam_unix(cron:session): session closed for user root
Oct 14 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23344]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23755]: Successful su for rubyman by root
Oct 14 00:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23755]: + ??? root:rubyman
Oct 14 00:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23755]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407955 of user rubyman.
Oct 14 00:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23755]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407955.
Oct 14 00:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23347]: pam_unix(cron:session): session closed for user root
Oct 14 00:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19906]: pam_unix(cron:session): session closed for user root
Oct 14 00:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23345]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22006]: pam_unix(cron:session): session closed for user root
Oct 14 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24214]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24212]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24209]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24302]: Successful su for rubyman by root
Oct 14 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24302]: + ??? root:rubyman
Oct 14 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407957 of user rubyman.
Oct 14 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24302]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407957.
Oct 14 00:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20435]: pam_unix(cron:session): session closed for user root
Oct 14 00:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24211]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22496]: pam_unix(cron:session): session closed for user root
Oct 14 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24736]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24732]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24728]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24728]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24810]: Successful su for rubyman by root
Oct 14 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24810]: + ??? root:rubyman
Oct 14 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24810]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407961 of user rubyman.
Oct 14 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24810]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407961.
Oct 14 00:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 14 00:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: Failed password for root from 103.234.151.178 port 59584 ssh2
Oct 14 00:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: Received disconnect from 103.234.151.178 port 59584:11: Bye Bye [preauth]
Oct 14 00:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24843]: Disconnected from 103.234.151.178 port 59584 [preauth]
Oct 14 00:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21008]: pam_unix(cron:session): session closed for user root
Oct 14 00:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24731]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23350]: pam_unix(cron:session): session closed for user root
Oct 14 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25247]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25246]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25243]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25531]: Successful su for rubyman by root
Oct 14 00:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25531]: + ??? root:rubyman
Oct 14 00:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407965 of user rubyman.
Oct 14 00:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25531]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407965.
Oct 14 00:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21534]: pam_unix(cron:session): session closed for user root
Oct 14 00:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 14 00:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25244]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25722]: Failed password for root from 190.103.202.7 port 36720 ssh2
Oct 14 00:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25722]: Connection closed by 190.103.202.7 port 36720 [preauth]
Oct 14 00:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 00:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=rml500@mediuscorp.com@198.199.94.12 rhost=::ffff:79.124.49.146
Oct 14 00:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 00:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=rml500@mediuscorp.com rhost=::ffff:79.124.49.146
Oct 14 00:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24214]: pam_unix(cron:session): session closed for user root
Oct 14 00:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: Invalid user ctarazona from 103.234.151.178
Oct 14 00:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: input_userauth_request: invalid user ctarazona [preauth]
Oct 14 00:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: Failed password for invalid user ctarazona from 103.234.151.178 port 29330 ssh2
Oct 14 00:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: Received disconnect from 103.234.151.178 port 29330:11: Bye Bye [preauth]
Oct 14 00:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: Disconnected from 103.234.151.178 port 29330 [preauth]
Oct 14 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26045]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26046]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26040]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26043]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26220]: Successful su for rubyman by root
Oct 14 00:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26220]: + ??? root:rubyman
Oct 14 00:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407969 of user rubyman.
Oct 14 00:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26220]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407969.
Oct 14 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26040]: pam_unix(cron:session): session closed for user root
Oct 14 00:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22005]: pam_unix(cron:session): session closed for user root
Oct 14 00:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26044]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: Did not receive identification string from 209.38.110.157
Oct 14 00:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24736]: pam_unix(cron:session): session closed for user root
Oct 14 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26723]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26725]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26724]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26728]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26728]: pam_unix(cron:session): session closed for user root
Oct 14 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26721]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[26835]: Successful su for rubyman by root
Oct 14 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[26835]: + ??? root:rubyman
Oct 14 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[26835]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407977 of user rubyman.
Oct 14 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[26835]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407977.
Oct 14 00:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26723]: pam_unix(cron:session): session closed for user root
Oct 14 00:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22495]: pam_unix(cron:session): session closed for user root
Oct 14 00:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26722]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: Invalid user poc from 103.234.151.178
Oct 14 00:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: input_userauth_request: invalid user poc [preauth]
Oct 14 00:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: Failed password for invalid user poc from 103.234.151.178 port 62606 ssh2
Oct 14 00:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: Received disconnect from 103.234.151.178 port 62606:11: Bye Bye [preauth]
Oct 14 00:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: Disconnected from 103.234.151.178 port 62606 [preauth]
Oct 14 00:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25247]: pam_unix(cron:session): session closed for user root
Oct 14 00:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=root
Oct 14 00:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27428]: Failed password for root from 209.38.110.157 port 55952 ssh2
Oct 14 00:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27428]: Connection closed by 209.38.110.157 port 55952 [preauth]
Oct 14 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27450]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27454]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27448]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27707]: Successful su for rubyman by root
Oct 14 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27707]: + ??? root:rubyman
Oct 14 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407982 of user rubyman.
Oct 14 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27707]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407982.
Oct 14 00:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23348]: pam_unix(cron:session): session closed for user root
Oct 14 00:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27449]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26046]: pam_unix(cron:session): session closed for user root
Oct 14 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28230]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28229]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28227]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28300]: Successful su for rubyman by root
Oct 14 00:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28300]: + ??? root:rubyman
Oct 14 00:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407985 of user rubyman.
Oct 14 00:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28300]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407985.
Oct 14 00:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74  user=root
Oct 14 00:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24212]: pam_unix(cron:session): session closed for user root
Oct 14 00:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28415]: Failed password for root from 78.128.112.74 port 58998 ssh2
Oct 14 00:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28415]: Connection closed by 78.128.112.74 port 58998 [preauth]
Oct 14 00:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: Invalid user ftpuser from 103.234.151.178
Oct 14 00:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 00:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: Failed password for invalid user ftpuser from 103.234.151.178 port 32344 ssh2
Oct 14 00:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: Received disconnect from 103.234.151.178 port 32344:11: Bye Bye [preauth]
Oct 14 00:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: Disconnected from 103.234.151.178 port 32344 [preauth]
Oct 14 00:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28228]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=root
Oct 14 00:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: Failed password for root from 209.38.110.157 port 45992 ssh2
Oct 14 00:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: Connection closed by 209.38.110.157 port 45992 [preauth]
Oct 14 00:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26725]: pam_unix(cron:session): session closed for user root
Oct 14 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29067]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29066]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29064]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29142]: Successful su for rubyman by root
Oct 14 00:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29142]: + ??? root:rubyman
Oct 14 00:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407988 of user rubyman.
Oct 14 00:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29142]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407988.
Oct 14 00:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24732]: pam_unix(cron:session): session closed for user root
Oct 14 00:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29065]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27454]: pam_unix(cron:session): session closed for user root
Oct 14 00:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=root
Oct 14 00:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: Failed password for root from 209.38.110.157 port 59176 ssh2
Oct 14 00:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: Connection closed by 209.38.110.157 port 59176 [preauth]
Oct 14 00:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 14 00:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29548]: Failed password for root from 103.234.151.178 port 2094 ssh2
Oct 14 00:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29548]: Received disconnect from 103.234.151.178 port 2094:11: Bye Bye [preauth]
Oct 14 00:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29548]: Disconnected from 103.234.151.178 port 2094 [preauth]
Oct 14 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29566]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29565]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29564]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29563]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29563]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29645]: Successful su for rubyman by root
Oct 14 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29645]: + ??? root:rubyman
Oct 14 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407993 of user rubyman.
Oct 14 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29645]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407993.
Oct 14 00:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25246]: pam_unix(cron:session): session closed for user root
Oct 14 00:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29564]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28230]: pam_unix(cron:session): session closed for user root
Oct 14 00:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=root
Oct 14 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30080]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30079]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30077]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30081]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30076]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30075]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30081]: pam_unix(cron:session): session closed for user root
Oct 14 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30075]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: Failed password for root from 209.38.110.157 port 58056 ssh2
Oct 14 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: Connection closed by 209.38.110.157 port 58056 [preauth]
Oct 14 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30163]: Successful su for rubyman by root
Oct 14 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30163]: + ??? root:rubyman
Oct 14 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 407996 of user rubyman.
Oct 14 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30163]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 407996.
Oct 14 00:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30077]: pam_unix(cron:session): session closed for user root
Oct 14 00:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26045]: pam_unix(cron:session): session closed for user root
Oct 14 00:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30076]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: Invalid user acct from 103.234.151.178
Oct 14 00:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: input_userauth_request: invalid user acct [preauth]
Oct 14 00:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: Failed password for invalid user acct from 103.234.151.178 port 35374 ssh2
Oct 14 00:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: Received disconnect from 103.234.151.178 port 35374:11: Bye Bye [preauth]
Oct 14 00:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: Disconnected from 103.234.151.178 port 35374 [preauth]
Oct 14 00:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29067]: pam_unix(cron:session): session closed for user root
Oct 14 00:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 14 00:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: Failed password for root from 164.68.105.9 port 44488 ssh2
Oct 14 00:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: Connection closed by 164.68.105.9 port 44488 [preauth]
Oct 14 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30728]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30727]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30723]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30800]: Successful su for rubyman by root
Oct 14 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30800]: + ??? root:rubyman
Oct 14 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408002 of user rubyman.
Oct 14 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30800]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408002.
Oct 14 00:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26724]: pam_unix(cron:session): session closed for user root
Oct 14 00:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30725]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=root
Oct 14 00:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31057]: Failed password for root from 209.38.110.157 port 51498 ssh2
Oct 14 00:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31057]: Connection closed by 209.38.110.157 port 51498 [preauth]
Oct 14 00:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29566]: pam_unix(cron:session): session closed for user root
Oct 14 00:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 00:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: Failed password for root from 80.211.129.128 port 53982 ssh2
Oct 14 00:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: Connection closed by 80.211.129.128 port 53982 [preauth]
Oct 14 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31210]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31208]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31203]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31203]: pam_unix(cron:session): session closed for user root
Oct 14 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31206]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31290]: Successful su for rubyman by root
Oct 14 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31290]: + ??? root:rubyman
Oct 14 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408007 of user rubyman.
Oct 14 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31290]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408007.
Oct 14 00:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27450]: pam_unix(cron:session): session closed for user root
Oct 14 00:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31516]: Invalid user user123 from 103.234.151.178
Oct 14 00:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31516]: input_userauth_request: invalid user user123 [preauth]
Oct 14 00:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31516]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31516]: Failed password for invalid user user123 from 103.234.151.178 port 5116 ssh2
Oct 14 00:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31516]: Received disconnect from 103.234.151.178 port 5116:11: Bye Bye [preauth]
Oct 14 00:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31516]: Disconnected from 103.234.151.178 port 5116 [preauth]
Oct 14 00:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31207]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=root
Oct 14 00:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31737]: Failed password for root from 209.38.110.157 port 59202 ssh2
Oct 14 00:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31737]: Connection closed by 209.38.110.157 port 59202 [preauth]
Oct 14 00:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30080]: pam_unix(cron:session): session closed for user root
Oct 14 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31834]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31835]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31831]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31902]: Successful su for rubyman by root
Oct 14 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31902]: + ??? root:rubyman
Oct 14 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408011 of user rubyman.
Oct 14 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31902]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408011.
Oct 14 00:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28229]: pam_unix(cron:session): session closed for user root
Oct 14 00:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31832]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30728]: pam_unix(cron:session): session closed for user root
Oct 14 00:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=root
Oct 14 00:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 14 00:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32332]: Failed password for root from 209.38.110.157 port 40512 ssh2
Oct 14 00:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32332]: Connection closed by 209.38.110.157 port 40512 [preauth]
Oct 14 00:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32343]: Failed password for root from 103.234.151.178 port 38396 ssh2
Oct 14 00:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32343]: Received disconnect from 103.234.151.178 port 38396:11: Bye Bye [preauth]
Oct 14 00:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32343]: Disconnected from 103.234.151.178 port 38396 [preauth]
Oct 14 00:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.71.158.155  user=root
Oct 14 00:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: Failed password for root from 120.71.158.155 port 57668 ssh2
Oct 14 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32387]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32388]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32385]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32456]: Successful su for rubyman by root
Oct 14 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32456]: + ??? root:rubyman
Oct 14 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408017 of user rubyman.
Oct 14 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32456]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408017.
Oct 14 00:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29066]: pam_unix(cron:session): session closed for user root
Oct 14 00:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32386]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31210]: pam_unix(cron:session): session closed for user root
Oct 14 00:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=root
Oct 14 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[369]: Failed password for root from 209.38.110.157 port 38644 ssh2
Oct 14 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[385]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[387]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[386]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[390]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[369]: Connection closed by 209.38.110.157 port 38644 [preauth]
Oct 14 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[390]: pam_unix(cron:session): session closed for user root
Oct 14 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[383]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[480]: Successful su for rubyman by root
Oct 14 00:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[480]: + ??? root:rubyman
Oct 14 00:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408023 of user rubyman.
Oct 14 00:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[480]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408023.
Oct 14 00:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[385]: pam_unix(cron:session): session closed for user root
Oct 14 00:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29565]: pam_unix(cron:session): session closed for user root
Oct 14 00:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[384]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: Invalid user zwj from 103.234.151.178
Oct 14 00:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: input_userauth_request: invalid user zwj [preauth]
Oct 14 00:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: Failed password for invalid user zwj from 103.234.151.178 port 8146 ssh2
Oct 14 00:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: Received disconnect from 103.234.151.178 port 8146:11: Bye Bye [preauth]
Oct 14 00:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[810]: Disconnected from 103.234.151.178 port 8146 [preauth]
Oct 14 00:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31835]: pam_unix(cron:session): session closed for user root
Oct 14 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[960]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[943]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[947]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[942]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[942]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1087]: Successful su for rubyman by root
Oct 14 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1087]: + ??? root:rubyman
Oct 14 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1087]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408025 of user rubyman.
Oct 14 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1087]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408025.
Oct 14 00:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30079]: pam_unix(cron:session): session closed for user root
Oct 14 00:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=root
Oct 14 00:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: Failed password for root from 209.38.110.157 port 51052 ssh2
Oct 14 00:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: Connection closed by 209.38.110.157 port 51052 [preauth]
Oct 14 00:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[943]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32388]: pam_unix(cron:session): session closed for user root
Oct 14 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1500]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1501]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1498]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1568]: Successful su for rubyman by root
Oct 14 00:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1568]: + ??? root:rubyman
Oct 14 00:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408031 of user rubyman.
Oct 14 00:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1568]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408031.
Oct 14 00:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30727]: pam_unix(cron:session): session closed for user root
Oct 14 00:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1499]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: Invalid user puneet from 103.234.151.178
Oct 14 00:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: input_userauth_request: invalid user puneet [preauth]
Oct 14 00:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: Failed password for invalid user puneet from 103.234.151.178 port 41420 ssh2
Oct 14 00:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: Received disconnect from 103.234.151.178 port 41420:11: Bye Bye [preauth]
Oct 14 00:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: Disconnected from 103.234.151.178 port 41420 [preauth]
Oct 14 00:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=root
Oct 14 00:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1842]: Failed password for root from 209.38.110.157 port 34320 ssh2
Oct 14 00:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1842]: Connection closed by 209.38.110.157 port 34320 [preauth]
Oct 14 00:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[387]: pam_unix(cron:session): session closed for user root
Oct 14 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2084]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2082]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2080]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2159]: Successful su for rubyman by root
Oct 14 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2159]: + ??? root:rubyman
Oct 14 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408034 of user rubyman.
Oct 14 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2159]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408034.
Oct 14 00:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31208]: pam_unix(cron:session): session closed for user root
Oct 14 00:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 14 00:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2081]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Failed password for root from 190.103.202.7 port 46210 ssh2
Oct 14 00:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Connection closed by 190.103.202.7 port 46210 [preauth]
Oct 14 00:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=root
Oct 14 00:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2440]: Failed password for root from 209.38.110.157 port 49694 ssh2
Oct 14 00:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2440]: Connection closed by 209.38.110.157 port 49694 [preauth]
Oct 14 00:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[960]: pam_unix(cron:session): session closed for user root
Oct 14 00:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2558]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2559]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2552]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 14 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2621]: Successful su for rubyman by root
Oct 14 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2621]: + ??? root:rubyman
Oct 14 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408038 of user rubyman.
Oct 14 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2621]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408038.
Oct 14 00:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2548]: Failed password for root from 103.234.151.178 port 11176 ssh2
Oct 14 00:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2548]: Received disconnect from 103.234.151.178 port 11176:11: Bye Bye [preauth]
Oct 14 00:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2548]: Disconnected from 103.234.151.178 port 11176 [preauth]
Oct 14 00:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 00:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2537]: Failed password for root from 80.211.129.128 port 58604 ssh2
Oct 14 00:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2537]: Connection closed by 80.211.129.128 port 58604 [preauth]
Oct 14 00:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31834]: pam_unix(cron:session): session closed for user root
Oct 14 00:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2556]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1501]: pam_unix(cron:session): session closed for user root
Oct 14 00:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=root
Oct 14 00:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: Failed password for root from 209.38.110.157 port 37428 ssh2
Oct 14 00:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: Connection closed by 209.38.110.157 port 37428 [preauth]
Oct 14 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3002]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3001]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3000]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3003]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2996]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3003]: pam_unix(cron:session): session closed for user root
Oct 14 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2996]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3080]: Successful su for rubyman by root
Oct 14 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3080]: + ??? root:rubyman
Oct 14 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408041 of user rubyman.
Oct 14 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3080]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408041.
Oct 14 00:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3000]: pam_unix(cron:session): session closed for user root
Oct 14 00:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32387]: pam_unix(cron:session): session closed for user root
Oct 14 00:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2998]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2084]: pam_unix(cron:session): session closed for user root
Oct 14 00:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: Invalid user proxyuser from 103.234.151.178
Oct 14 00:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: input_userauth_request: invalid user proxyuser [preauth]
Oct 14 00:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: Failed password for invalid user proxyuser from 103.234.151.178 port 44450 ssh2
Oct 14 00:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: Received disconnect from 103.234.151.178 port 44450:11: Bye Bye [preauth]
Oct 14 00:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: Disconnected from 103.234.151.178 port 44450 [preauth]
Oct 14 00:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=root
Oct 14 00:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: Failed password for root from 209.38.110.157 port 50978 ssh2
Oct 14 00:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: Connection closed by 209.38.110.157 port 50978 [preauth]
Oct 14 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3497]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3496]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3494]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3574]: Successful su for rubyman by root
Oct 14 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3574]: + ??? root:rubyman
Oct 14 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408047 of user rubyman.
Oct 14 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3574]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408047.
Oct 14 00:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[386]: pam_unix(cron:session): session closed for user root
Oct 14 00:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3495]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2559]: pam_unix(cron:session): session closed for user root
Oct 14 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3953]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3952]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3950]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4024]: Successful su for rubyman by root
Oct 14 00:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4024]: + ??? root:rubyman
Oct 14 00:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408051 of user rubyman.
Oct 14 00:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4024]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408051.
Oct 14 00:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=root
Oct 14 00:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[947]: pam_unix(cron:session): session closed for user root
Oct 14 00:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4131]: Failed password for root from 209.38.110.157 port 39528 ssh2
Oct 14 00:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4131]: Connection closed by 209.38.110.157 port 39528 [preauth]
Oct 14 00:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3951]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: Invalid user devserver from 103.234.151.178
Oct 14 00:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: input_userauth_request: invalid user devserver [preauth]
Oct 14 00:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: Failed password for invalid user devserver from 103.234.151.178 port 14192 ssh2
Oct 14 00:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: Received disconnect from 103.234.151.178 port 14192:11: Bye Bye [preauth]
Oct 14 00:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4336]: Disconnected from 103.234.151.178 port 14192 [preauth]
Oct 14 00:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3002]: pam_unix(cron:session): session closed for user root
Oct 14 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4459]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4460]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4457]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4524]: Successful su for rubyman by root
Oct 14 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4524]: + ??? root:rubyman
Oct 14 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408055 of user rubyman.
Oct 14 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4524]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408055.
Oct 14 00:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1500]: pam_unix(cron:session): session closed for user root
Oct 14 00:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4458]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=root
Oct 14 00:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: Failed password for root from 209.38.110.157 port 46514 ssh2
Oct 14 00:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: Connection closed by 209.38.110.157 port 46514 [preauth]
Oct 14 00:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3497]: pam_unix(cron:session): session closed for user root
Oct 14 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5166]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5174]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5164]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: Successful su for rubyman by root
Oct 14 00:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: + ??? root:rubyman
Oct 14 00:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408059 of user rubyman.
Oct 14 00:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408059.
Oct 14 00:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5554]: Invalid user lruiz from 103.234.151.178
Oct 14 00:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5554]: input_userauth_request: invalid user lruiz [preauth]
Oct 14 00:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5554]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5554]: Failed password for invalid user lruiz from 103.234.151.178 port 47470 ssh2
Oct 14 00:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5554]: Received disconnect from 103.234.151.178 port 47470:11: Bye Bye [preauth]
Oct 14 00:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5554]: Disconnected from 103.234.151.178 port 47470 [preauth]
Oct 14 00:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2082]: pam_unix(cron:session): session closed for user root
Oct 14 00:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5165]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=root
Oct 14 00:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: Failed password for root from 209.38.110.157 port 36474 ssh2
Oct 14 00:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: Connection closed by 209.38.110.157 port 36474 [preauth]
Oct 14 00:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3953]: pam_unix(cron:session): session closed for user root
Oct 14 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5945]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5949]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5946]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5943]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5949]: pam_unix(cron:session): session closed for user root
Oct 14 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5940]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6017]: Successful su for rubyman by root
Oct 14 00:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6017]: + ??? root:rubyman
Oct 14 00:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408065 of user rubyman.
Oct 14 00:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6017]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408065.
Oct 14 00:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5943]: pam_unix(cron:session): session closed for user root
Oct 14 00:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2558]: pam_unix(cron:session): session closed for user root
Oct 14 00:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5941]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4460]: pam_unix(cron:session): session closed for user root
Oct 14 00:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6356]: Invalid user sysop from 103.234.151.178
Oct 14 00:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6356]: input_userauth_request: invalid user sysop [preauth]
Oct 14 00:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6356]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6356]: Failed password for invalid user sysop from 103.234.151.178 port 17212 ssh2
Oct 14 00:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6356]: Received disconnect from 103.234.151.178 port 17212:11: Bye Bye [preauth]
Oct 14 00:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6356]: Disconnected from 103.234.151.178 port 17212 [preauth]
Oct 14 00:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=root
Oct 14 00:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6373]: Failed password for root from 209.38.110.157 port 39398 ssh2
Oct 14 00:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6373]: Connection closed by 209.38.110.157 port 39398 [preauth]
Oct 14 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6413]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6498]: Successful su for rubyman by root
Oct 14 00:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6498]: + ??? root:rubyman
Oct 14 00:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408070 of user rubyman.
Oct 14 00:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6498]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408070.
Oct 14 00:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3001]: pam_unix(cron:session): session closed for user root
Oct 14 00:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6412]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5174]: pam_unix(cron:session): session closed for user root
Oct 14 00:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=root
Oct 14 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6963]: Failed password for root from 209.38.110.157 port 53672 ssh2
Oct 14 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6963]: Connection closed by 209.38.110.157 port 53672 [preauth]
Oct 14 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6979]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6984]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6977]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7060]: Successful su for rubyman by root
Oct 14 00:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7060]: + ??? root:rubyman
Oct 14 00:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408073 of user rubyman.
Oct 14 00:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7060]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408073.
Oct 14 00:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3496]: pam_unix(cron:session): session closed for user root
Oct 14 00:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6978]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 14 00:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7414]: Failed password for root from 103.234.151.178 port 50498 ssh2
Oct 14 00:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7414]: Received disconnect from 103.234.151.178 port 50498:11: Bye Bye [preauth]
Oct 14 00:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7414]: Disconnected from 103.234.151.178 port 50498 [preauth]
Oct 14 00:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5946]: pam_unix(cron:session): session closed for user root
Oct 14 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7545]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7542]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7541]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7539]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7614]: Successful su for rubyman by root
Oct 14 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7614]: + ??? root:rubyman
Oct 14 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408077 of user rubyman.
Oct 14 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7614]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408077.
Oct 14 00:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3952]: pam_unix(cron:session): session closed for user root
Oct 14 00:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: Invalid user admin from 209.38.110.157
Oct 14 00:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 00:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: Failed password for invalid user admin from 209.38.110.157 port 41600 ssh2
Oct 14 00:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7541]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: Connection closed by 209.38.110.157 port 41600 [preauth]
Oct 14 00:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8302]: Connection closed by 149.100.11.243 port 44424 [preauth]
Oct 14 00:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session closed for user root
Oct 14 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8452]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8453]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8450]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8523]: Successful su for rubyman by root
Oct 14 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8523]: + ??? root:rubyman
Oct 14 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408081 of user rubyman.
Oct 14 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8523]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408081.
Oct 14 00:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 14 00:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4459]: pam_unix(cron:session): session closed for user root
Oct 14 00:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8667]: Failed password for root from 103.234.151.178 port 20246 ssh2
Oct 14 00:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8667]: Received disconnect from 103.234.151.178 port 20246:11: Bye Bye [preauth]
Oct 14 00:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8667]: Disconnected from 103.234.151.178 port 20246 [preauth]
Oct 14 00:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8451]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: Invalid user admin from 209.38.110.157
Oct 14 00:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 00:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: Failed password for invalid user admin from 209.38.110.157 port 51070 ssh2
Oct 14 00:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: Connection closed by 209.38.110.157 port 51070 [preauth]
Oct 14 00:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6984]: pam_unix(cron:session): session closed for user root
Oct 14 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9046]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9044]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9047]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9045]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9047]: pam_unix(cron:session): session closed for user root
Oct 14 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9041]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9123]: Successful su for rubyman by root
Oct 14 00:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9123]: + ??? root:rubyman
Oct 14 00:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408086 of user rubyman.
Oct 14 00:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9123]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408086.
Oct 14 00:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9044]: pam_unix(cron:session): session closed for user root
Oct 14 00:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5166]: pam_unix(cron:session): session closed for user root
Oct 14 00:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9042]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: Invalid user admin from 209.38.110.157
Oct 14 00:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 00:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: Failed password for invalid user admin from 209.38.110.157 port 52364 ssh2
Oct 14 00:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9572]: Connection closed by 209.38.110.157 port 52364 [preauth]
Oct 14 00:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7545]: pam_unix(cron:session): session closed for user root
Oct 14 00:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Invalid user almalinux from 103.234.151.178
Oct 14 00:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: input_userauth_request: invalid user almalinux [preauth]
Oct 14 00:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Failed password for invalid user almalinux from 103.234.151.178 port 53536 ssh2
Oct 14 00:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Received disconnect from 103.234.151.178 port 53536:11: Bye Bye [preauth]
Oct 14 00:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Disconnected from 103.234.151.178 port 53536 [preauth]
Oct 14 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9793]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9794]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9791]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9901]: Successful su for rubyman by root
Oct 14 00:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9901]: + ??? root:rubyman
Oct 14 00:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408091 of user rubyman.
Oct 14 00:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9901]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408091.
Oct 14 00:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5945]: pam_unix(cron:session): session closed for user root
Oct 14 00:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9792]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8453]: pam_unix(cron:session): session closed for user root
Oct 14 00:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: Invalid user admin from 209.38.110.157
Oct 14 00:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 00:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: Failed password for invalid user admin from 209.38.110.157 port 49208 ssh2
Oct 14 00:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: Connection closed by 209.38.110.157 port 49208 [preauth]
Oct 14 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10306]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10303]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10300]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10386]: Successful su for rubyman by root
Oct 14 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10386]: + ??? root:rubyman
Oct 14 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408095 of user rubyman.
Oct 14 00:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10386]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408095.
Oct 14 00:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6413]: pam_unix(cron:session): session closed for user root
Oct 14 00:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10302]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: Invalid user cuckoo from 103.234.151.178
Oct 14 00:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: input_userauth_request: invalid user cuckoo [preauth]
Oct 14 00:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: Failed password for invalid user cuckoo from 103.234.151.178 port 23278 ssh2
Oct 14 00:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: Received disconnect from 103.234.151.178 port 23278:11: Bye Bye [preauth]
Oct 14 00:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: Disconnected from 103.234.151.178 port 23278 [preauth]
Oct 14 00:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9046]: pam_unix(cron:session): session closed for user root
Oct 14 00:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: Invalid user admin from 209.38.110.157
Oct 14 00:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 00:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: Failed password for invalid user admin from 209.38.110.157 port 42348 ssh2
Oct 14 00:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: Connection closed by 209.38.110.157 port 42348 [preauth]
Oct 14 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10794]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10795]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10792]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10865]: Successful su for rubyman by root
Oct 14 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10865]: + ??? root:rubyman
Oct 14 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408102 of user rubyman.
Oct 14 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10865]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408102.
Oct 14 00:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6979]: pam_unix(cron:session): session closed for user root
Oct 14 00:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10793]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9794]: pam_unix(cron:session): session closed for user root
Oct 14 00:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Invalid user admin from 209.38.110.157
Oct 14 00:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 00:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Failed password for invalid user admin from 209.38.110.157 port 52232 ssh2
Oct 14 00:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Connection closed by 209.38.110.157 port 52232 [preauth]
Oct 14 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11249]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11246]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11241]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11243]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11430]: Successful su for rubyman by root
Oct 14 00:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11430]: + ??? root:rubyman
Oct 14 00:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408105 of user rubyman.
Oct 14 00:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11430]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408105.
Oct 14 00:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11241]: pam_unix(cron:session): session closed for user root
Oct 14 00:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7542]: pam_unix(cron:session): session closed for user root
Oct 14 00:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11244]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: Invalid user egarcia from 103.234.151.178
Oct 14 00:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: input_userauth_request: invalid user egarcia [preauth]
Oct 14 00:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: Failed password for invalid user egarcia from 103.234.151.178 port 56556 ssh2
Oct 14 00:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: Received disconnect from 103.234.151.178 port 56556:11: Bye Bye [preauth]
Oct 14 00:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: Disconnected from 103.234.151.178 port 56556 [preauth]
Oct 14 00:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10306]: pam_unix(cron:session): session closed for user root
Oct 14 00:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: Invalid user ubuntu from 209.141.53.162
Oct 14 00:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 00:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.53.162
Oct 14 00:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: Invalid user admin from 209.38.110.157
Oct 14 00:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 00:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: Failed password for invalid user ubuntu from 209.141.53.162 port 36648 ssh2
Oct 14 00:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: Connection closed by 209.141.53.162 port 36648 [preauth]
Oct 14 00:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11924]: Invalid user ubuntu from 209.141.53.162
Oct 14 00:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11924]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 00:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11924]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.53.162
Oct 14 00:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: Failed password for invalid user admin from 209.38.110.157 port 34284 ssh2
Oct 14 00:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: Connection closed by 209.38.110.157 port 34284 [preauth]
Oct 14 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11924]: Failed password for invalid user ubuntu from 209.141.53.162 port 36664 ssh2
Oct 14 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11924]: Connection closed by 209.141.53.162 port 36664 [preauth]
Oct 14 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: Invalid user ubuntu from 209.141.53.162
Oct 14 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.53.162
Oct 14 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11935]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11934]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11936]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11933]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11936]: pam_unix(cron:session): session closed for user root
Oct 14 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11931]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12008]: Successful su for rubyman by root
Oct 14 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12008]: + ??? root:rubyman
Oct 14 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408108 of user rubyman.
Oct 14 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12008]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408108.
Oct 14 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: Failed password for invalid user ubuntu from 209.141.53.162 port 36666 ssh2
Oct 14 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: Connection closed by 209.141.53.162 port 36666 [preauth]
Oct 14 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: Invalid user ubuntu from 209.141.53.162
Oct 14 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.53.162
Oct 14 00:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: Failed password for invalid user ubuntu from 209.141.53.162 port 46374 ssh2
Oct 14 00:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: Connection closed by 209.141.53.162 port 46374 [preauth]
Oct 14 00:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: Invalid user ubuntu from 209.141.53.162
Oct 14 00:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 00:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: Failed none for invalid user ubuntu from 209.141.53.162 port 46388 ssh2
Oct 14 00:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: Connection closed by 209.141.53.162 port 46388 [preauth]
Oct 14 00:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11933]: pam_unix(cron:session): session closed for user root
Oct 14 00:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8452]: pam_unix(cron:session): session closed for user root
Oct 14 00:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11932]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10795]: pam_unix(cron:session): session closed for user root
Oct 14 00:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 14 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12456]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12457]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12453]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: Failed password for root from 103.234.151.178 port 26300 ssh2
Oct 14 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: Received disconnect from 103.234.151.178 port 26300:11: Bye Bye [preauth]
Oct 14 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: Disconnected from 103.234.151.178 port 26300 [preauth]
Oct 14 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12543]: Successful su for rubyman by root
Oct 14 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12543]: + ??? root:rubyman
Oct 14 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408114 of user rubyman.
Oct 14 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12543]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408114.
Oct 14 00:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: Invalid user admin from 209.38.110.157
Oct 14 00:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 00:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: Failed password for invalid user admin from 209.38.110.157 port 56436 ssh2
Oct 14 00:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: Connection closed by 209.38.110.157 port 56436 [preauth]
Oct 14 00:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9045]: pam_unix(cron:session): session closed for user root
Oct 14 00:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12455]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11249]: pam_unix(cron:session): session closed for user root
Oct 14 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12969]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12971]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12967]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13055]: Successful su for rubyman by root
Oct 14 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13055]: + ??? root:rubyman
Oct 14 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408120 of user rubyman.
Oct 14 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13055]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408120.
Oct 14 00:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9793]: pam_unix(cron:session): session closed for user root
Oct 14 00:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: Invalid user admin from 209.38.110.157
Oct 14 00:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 00:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: Failed password for invalid user admin from 209.38.110.157 port 47068 ssh2
Oct 14 00:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: Connection closed by 209.38.110.157 port 47068 [preauth]
Oct 14 00:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12968]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 14 00:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11935]: pam_unix(cron:session): session closed for user root
Oct 14 00:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13490]: Failed password for root from 103.234.151.178 port 59588 ssh2
Oct 14 00:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13490]: Received disconnect from 103.234.151.178 port 59588:11: Bye Bye [preauth]
Oct 14 00:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13490]: Disconnected from 103.234.151.178 port 59588 [preauth]
Oct 14 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13576]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13574]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13577]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13573]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13573]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13636]: Successful su for rubyman by root
Oct 14 00:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13636]: + ??? root:rubyman
Oct 14 00:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13636]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408122 of user rubyman.
Oct 14 00:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13636]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408122.
Oct 14 00:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10303]: pam_unix(cron:session): session closed for user root
Oct 14 00:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: Invalid user admin from 209.38.110.157
Oct 14 00:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 00:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13574]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: Failed password for invalid user admin from 209.38.110.157 port 56776 ssh2
Oct 14 00:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: Connection closed by 209.38.110.157 port 56776 [preauth]
Oct 14 00:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12457]: pam_unix(cron:session): session closed for user root
Oct 14 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14126]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14124]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14122]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14201]: Successful su for rubyman by root
Oct 14 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14201]: + ??? root:rubyman
Oct 14 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14201]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408127 of user rubyman.
Oct 14 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14201]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408127.
Oct 14 00:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10794]: pam_unix(cron:session): session closed for user root
Oct 14 00:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14123]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: Invalid user mqm from 103.234.151.178
Oct 14 00:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: input_userauth_request: invalid user mqm [preauth]
Oct 14 00:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: Invalid user admin from 209.38.110.157
Oct 14 00:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 00:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: Failed password for invalid user mqm from 103.234.151.178 port 29330 ssh2
Oct 14 00:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: Received disconnect from 103.234.151.178 port 29330:11: Bye Bye [preauth]
Oct 14 00:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: Disconnected from 103.234.151.178 port 29330 [preauth]
Oct 14 00:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: Failed password for invalid user admin from 209.38.110.157 port 58104 ssh2
Oct 14 00:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: Connection closed by 209.38.110.157 port 58104 [preauth]
Oct 14 00:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12971]: pam_unix(cron:session): session closed for user root
Oct 14 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14582]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14581]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14583]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14585]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14585]: pam_unix(cron:session): session closed for user root
Oct 14 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14579]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14653]: Successful su for rubyman by root
Oct 14 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14653]: + ??? root:rubyman
Oct 14 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14653]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408133 of user rubyman.
Oct 14 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14653]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408133.
Oct 14 00:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14581]: pam_unix(cron:session): session closed for user root
Oct 14 00:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11246]: pam_unix(cron:session): session closed for user root
Oct 14 00:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14580]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Invalid user admin from 209.38.110.157
Oct 14 00:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 00:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Failed password for invalid user admin from 209.38.110.157 port 53686 ssh2
Oct 14 00:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Connection closed by 209.38.110.157 port 53686 [preauth]
Oct 14 00:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13577]: pam_unix(cron:session): session closed for user root
Oct 14 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15178]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15177]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15175]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15256]: Successful su for rubyman by root
Oct 14 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15256]: + ??? root:rubyman
Oct 14 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408137 of user rubyman.
Oct 14 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15256]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408137.
Oct 14 00:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 14 00:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Failed password for root from 103.234.151.178 port 62618 ssh2
Oct 14 00:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Received disconnect from 103.234.151.178 port 62618:11: Bye Bye [preauth]
Oct 14 00:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Disconnected from 103.234.151.178 port 62618 [preauth]
Oct 14 00:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11934]: pam_unix(cron:session): session closed for user root
Oct 14 00:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15176]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14126]: pam_unix(cron:session): session closed for user root
Oct 14 00:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Invalid user admin from 209.38.110.157
Oct 14 00:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 00:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Failed password for invalid user admin from 209.38.110.157 port 39738 ssh2
Oct 14 00:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Connection closed by 209.38.110.157 port 39738 [preauth]
Oct 14 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15655]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15654]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15651]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15650]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15723]: Successful su for rubyman by root
Oct 14 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15723]: + ??? root:rubyman
Oct 14 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408140 of user rubyman.
Oct 14 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15723]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408140.
Oct 14 00:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12456]: pam_unix(cron:session): session closed for user root
Oct 14 00:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15651]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: Invalid user admin from 2.57.121.112
Oct 14 00:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 00:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: Failed password for invalid user admin from 2.57.121.112 port 18680 ssh2
Oct 14 00:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: Failed password for invalid user admin from 2.57.121.112 port 18680 ssh2
Oct 14 00:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: Failed password for invalid user admin from 2.57.121.112 port 18680 ssh2
Oct 14 00:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: Failed password for invalid user admin from 2.57.121.112 port 18680 ssh2
Oct 14 00:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: Failed password for invalid user admin from 2.57.121.112 port 18680 ssh2
Oct 14 00:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: Received disconnect from 2.57.121.112 port 18680:11: Bye [preauth]
Oct 14 00:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: Disconnected from 2.57.121.112 port 18680 [preauth]
Oct 14 00:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 00:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 00:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14583]: pam_unix(cron:session): session closed for user root
Oct 14 00:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: Invalid user admin from 209.38.110.157
Oct 14 00:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 14 00:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 00:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: Failed password for root from 103.234.151.178 port 32374 ssh2
Oct 14 00:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: Received disconnect from 103.234.151.178 port 32374:11: Bye Bye [preauth]
Oct 14 00:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16069]: Disconnected from 103.234.151.178 port 32374 [preauth]
Oct 14 00:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: Failed password for invalid user admin from 209.38.110.157 port 53976 ssh2
Oct 14 00:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16065]: Connection closed by 209.38.110.157 port 53976 [preauth]
Oct 14 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16101]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16100]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16097]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16097]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16178]: Successful su for rubyman by root
Oct 14 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16178]: + ??? root:rubyman
Oct 14 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16178]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408144 of user rubyman.
Oct 14 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16178]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408144.
Oct 14 00:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12969]: pam_unix(cron:session): session closed for user root
Oct 14 00:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16099]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15178]: pam_unix(cron:session): session closed for user root
Oct 14 00:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: Invalid user admin from 209.38.110.157
Oct 14 00:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 00:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: Failed password for invalid user admin from 209.38.110.157 port 40486 ssh2
Oct 14 00:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: Connection closed by 209.38.110.157 port 40486 [preauth]
Oct 14 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16574]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16573]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16568]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16649]: Successful su for rubyman by root
Oct 14 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16649]: + ??? root:rubyman
Oct 14 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408150 of user rubyman.
Oct 14 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16649]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408150.
Oct 14 00:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13576]: pam_unix(cron:session): session closed for user root
Oct 14 00:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16569]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15655]: pam_unix(cron:session): session closed for user root
Oct 14 00:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Invalid user pavel from 103.234.151.178
Oct 14 00:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: input_userauth_request: invalid user pavel [preauth]
Oct 14 00:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: Invalid user admin from 209.38.110.157
Oct 14 00:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 00:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Failed password for invalid user pavel from 103.234.151.178 port 2144 ssh2
Oct 14 00:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Received disconnect from 103.234.151.178 port 2144:11: Bye Bye [preauth]
Oct 14 00:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Disconnected from 103.234.151.178 port 2144 [preauth]
Oct 14 00:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: Failed password for invalid user admin from 209.38.110.157 port 37658 ssh2
Oct 14 00:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17030]: Connection closed by 209.38.110.157 port 37658 [preauth]
Oct 14 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17051]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17048]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17050]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17047]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17049]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17046]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17051]: pam_unix(cron:session): session closed for user root
Oct 14 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17046]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17144]: Successful su for rubyman by root
Oct 14 00:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17144]: + ??? root:rubyman
Oct 14 00:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17144]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408153 of user rubyman.
Oct 14 00:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17144]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408153.
Oct 14 00:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17048]: pam_unix(cron:session): session closed for user root
Oct 14 00:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14124]: pam_unix(cron:session): session closed for user root
Oct 14 00:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17047]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16101]: pam_unix(cron:session): session closed for user root
Oct 14 00:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: Invalid user admin from 209.38.110.157
Oct 14 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17549]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17550]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17546]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17631]: Successful su for rubyman by root
Oct 14 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17631]: + ??? root:rubyman
Oct 14 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408158 of user rubyman.
Oct 14 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17631]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408158.
Oct 14 00:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: Failed password for invalid user admin from 209.38.110.157 port 38480 ssh2
Oct 14 00:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: Connection closed by 209.38.110.157 port 38480 [preauth]
Oct 14 00:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14582]: pam_unix(cron:session): session closed for user root
Oct 14 00:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17548]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16574]: pam_unix(cron:session): session closed for user root
Oct 14 00:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18054]: Invalid user silas from 103.234.151.178
Oct 14 00:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18054]: input_userauth_request: invalid user silas [preauth]
Oct 14 00:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18054]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18054]: Failed password for invalid user silas from 103.234.151.178 port 35436 ssh2
Oct 14 00:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18054]: Received disconnect from 103.234.151.178 port 35436:11: Bye Bye [preauth]
Oct 14 00:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18054]: Disconnected from 103.234.151.178 port 35436 [preauth]
Oct 14 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18238]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18237]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18125]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18125]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18305]: Successful su for rubyman by root
Oct 14 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18305]: + ??? root:rubyman
Oct 14 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408162 of user rubyman.
Oct 14 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18305]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408162.
Oct 14 00:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: Invalid user admin from 209.38.110.157
Oct 14 00:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: input_userauth_request: invalid user admin [preauth]
Oct 14 00:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 00:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15177]: pam_unix(cron:session): session closed for user root
Oct 14 00:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: Failed password for invalid user admin from 209.38.110.157 port 45330 ssh2
Oct 14 00:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: Connection closed by 209.38.110.157 port 45330 [preauth]
Oct 14 00:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18236]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17050]: pam_unix(cron:session): session closed for user root
Oct 14 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18832]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18827]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18828]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18826]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18826]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18907]: Successful su for rubyman by root
Oct 14 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18907]: + ??? root:rubyman
Oct 14 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408167 of user rubyman.
Oct 14 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18907]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408167.
Oct 14 00:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15654]: pam_unix(cron:session): session closed for user root
Oct 14 00:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: User mysql from 209.38.110.157 not allowed because not listed in AllowUsers
Oct 14 00:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: input_userauth_request: invalid user mysql [preauth]
Oct 14 00:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=mysql
Oct 14 00:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: Failed password for invalid user mysql from 209.38.110.157 port 52678 ssh2
Oct 14 00:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: Connection closed by 209.38.110.157 port 52678 [preauth]
Oct 14 00:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18827]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: Invalid user daniel from 103.234.151.178
Oct 14 00:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: input_userauth_request: invalid user daniel [preauth]
Oct 14 00:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: Failed password for invalid user daniel from 103.234.151.178 port 5184 ssh2
Oct 14 00:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: Received disconnect from 103.234.151.178 port 5184:11: Bye Bye [preauth]
Oct 14 00:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: Disconnected from 103.234.151.178 port 5184 [preauth]
Oct 14 00:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17550]: pam_unix(cron:session): session closed for user root
Oct 14 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19696]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19695]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19690]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19833]: Successful su for rubyman by root
Oct 14 00:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19833]: + ??? root:rubyman
Oct 14 00:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408170 of user rubyman.
Oct 14 00:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19833]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408170.
Oct 14 00:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16100]: pam_unix(cron:session): session closed for user root
Oct 14 00:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: User mysql from 209.38.110.157 not allowed because not listed in AllowUsers
Oct 14 00:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: input_userauth_request: invalid user mysql [preauth]
Oct 14 00:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=mysql
Oct 14 00:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: Failed password for invalid user mysql from 209.38.110.157 port 37950 ssh2
Oct 14 00:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: Connection closed by 209.38.110.157 port 37950 [preauth]
Oct 14 00:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19694]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18238]: pam_unix(cron:session): session closed for user root
Oct 14 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20297]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20298]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20296]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20298]: pam_unix(cron:session): session closed for user root
Oct 14 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20291]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20384]: Successful su for rubyman by root
Oct 14 00:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20384]: + ??? root:rubyman
Oct 14 00:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408177 of user rubyman.
Oct 14 00:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20384]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408177.
Oct 14 00:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20398]: Invalid user will from 103.234.151.178
Oct 14 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20398]: input_userauth_request: invalid user will [preauth]
Oct 14 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20398]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20398]: Failed password for invalid user will from 103.234.151.178 port 38464 ssh2
Oct 14 00:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20398]: Received disconnect from 103.234.151.178 port 38464:11: Bye Bye [preauth]
Oct 14 00:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20398]: Disconnected from 103.234.151.178 port 38464 [preauth]
Oct 14 00:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session closed for user root
Oct 14 00:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16573]: pam_unix(cron:session): session closed for user root
Oct 14 00:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: User mysql from 209.38.110.157 not allowed because not listed in AllowUsers
Oct 14 00:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: input_userauth_request: invalid user mysql [preauth]
Oct 14 00:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=mysql
Oct 14 00:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: Failed password for invalid user mysql from 209.38.110.157 port 60616 ssh2
Oct 14 00:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: Connection closed by 209.38.110.157 port 60616 [preauth]
Oct 14 00:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18832]: pam_unix(cron:session): session closed for user root
Oct 14 00:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20787]: Invalid user ping from 36.67.70.198
Oct 14 00:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20787]: input_userauth_request: invalid user ping [preauth]
Oct 14 00:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20787]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 00:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20787]: Failed password for invalid user ping from 36.67.70.198 port 44442 ssh2
Oct 14 00:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20787]: Received disconnect from 36.67.70.198 port 44442:11: Bye Bye [preauth]
Oct 14 00:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20787]: Disconnected from 36.67.70.198 port 44442 [preauth]
Oct 14 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20813]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20814]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20810]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20888]: Successful su for rubyman by root
Oct 14 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20888]: + ??? root:rubyman
Oct 14 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408182 of user rubyman.
Oct 14 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20888]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408182.
Oct 14 00:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17049]: pam_unix(cron:session): session closed for user root
Oct 14 00:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: User mysql from 209.38.110.157 not allowed because not listed in AllowUsers
Oct 14 00:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: input_userauth_request: invalid user mysql [preauth]
Oct 14 00:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=mysql
Oct 14 00:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: Failed password for invalid user mysql from 209.38.110.157 port 60590 ssh2
Oct 14 00:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: Connection closed by 209.38.110.157 port 60590 [preauth]
Oct 14 00:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20811]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19696]: pam_unix(cron:session): session closed for user root
Oct 14 00:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 14 00:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21222]: Failed password for root from 103.234.151.178 port 8212 ssh2
Oct 14 00:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21222]: Received disconnect from 103.234.151.178 port 8212:11: Bye Bye [preauth]
Oct 14 00:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21222]: Disconnected from 103.234.151.178 port 8212 [preauth]
Oct 14 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21286]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21268]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21266]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21406]: Successful su for rubyman by root
Oct 14 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21406]: + ??? root:rubyman
Oct 14 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408185 of user rubyman.
Oct 14 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21406]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408185.
Oct 14 00:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17549]: pam_unix(cron:session): session closed for user root
Oct 14 00:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: User mysql from 209.38.110.157 not allowed because not listed in AllowUsers
Oct 14 00:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: input_userauth_request: invalid user mysql [preauth]
Oct 14 00:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=mysql
Oct 14 00:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21267]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: Failed password for invalid user mysql from 209.38.110.157 port 49920 ssh2
Oct 14 00:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: Connection closed by 209.38.110.157 port 49920 [preauth]
Oct 14 00:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20297]: pam_unix(cron:session): session closed for user root
Oct 14 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21798]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21797]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21795]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21893]: Successful su for rubyman by root
Oct 14 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21893]: + ??? root:rubyman
Oct 14 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408189 of user rubyman.
Oct 14 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21893]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408189.
Oct 14 00:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18237]: pam_unix(cron:session): session closed for user root
Oct 14 00:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21796]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: User mysql from 209.38.110.157 not allowed because not listed in AllowUsers
Oct 14 00:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: input_userauth_request: invalid user mysql [preauth]
Oct 14 00:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=mysql
Oct 14 00:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: Failed password for invalid user mysql from 209.38.110.157 port 54822 ssh2
Oct 14 00:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22142]: Connection closed by 209.38.110.157 port 54822 [preauth]
Oct 14 00:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: Invalid user test from 103.234.151.178
Oct 14 00:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: input_userauth_request: invalid user test [preauth]
Oct 14 00:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 00:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 00:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: Failed password for invalid user test from 103.234.151.178 port 41506 ssh2
Oct 14 00:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: Received disconnect from 103.234.151.178 port 41506:11: Bye Bye [preauth]
Oct 14 00:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: Disconnected from 103.234.151.178 port 41506 [preauth]
Oct 14 00:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10  user=root
Oct 14 00:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: Failed password for root from 107.172.76.10 port 56598 ssh2
Oct 14 00:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: Received disconnect from 107.172.76.10 port 56598:11: Bye Bye [preauth]
Oct 14 00:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: Disconnected from 107.172.76.10 port 56598 [preauth]
Oct 14 00:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20814]: pam_unix(cron:session): session closed for user root
Oct 14 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22317]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22315]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22313]: pam_unix(cron:session): session closed for user p13x
Oct 14 00:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22385]: Successful su for rubyman by root
Oct 14 00:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22385]: + ??? root:rubyman
Oct 14 00:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 00:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408193 of user rubyman.
Oct 14 00:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22385]: pam_unix(su:session): session closed for user rubyman
Oct 14 00:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408193.
Oct 14 00:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18828]: pam_unix(cron:session): session closed for user root
Oct 14 00:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22314]: pam_unix(cron:session): session closed for user samftp
Oct 14 00:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 00:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: User mysql from 209.38.110.157 not allowed because not listed in AllowUsers
Oct 14 00:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: input_userauth_request: invalid user mysql [preauth]
Oct 14 00:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=mysql
Oct 14 00:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: Failed password for invalid user mysql from 209.38.110.157 port 54160 ssh2
Oct 14 00:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: Connection closed by 209.38.110.157 port 54160 [preauth]
Oct 14 00:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21286]: pam_unix(cron:session): session closed for user root
Oct 14 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23114]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23119]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23113]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23115]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23112]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23119]: pam_unix(cron:session): session closed for user root
Oct 14 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23112]: pam_unix(cron:session): session closed for user root
Oct 14 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23109]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[23277]: Successful su for rubyman by root
Oct 14 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[23277]: + ??? root:rubyman
Oct 14 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[23277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408201 of user rubyman.
Oct 14 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[23277]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408201.
Oct 14 01:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19695]: pam_unix(cron:session): session closed for user root
Oct 14 01:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23113]: pam_unix(cron:session): session closed for user root
Oct 14 01:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178  user=root
Oct 14 01:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23741]: Failed password for root from 103.234.151.178 port 11260 ssh2
Oct 14 01:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23741]: Received disconnect from 103.234.151.178 port 11260:11: Bye Bye [preauth]
Oct 14 01:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23741]: Disconnected from 103.234.151.178 port 11260 [preauth]
Oct 14 01:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10  user=root
Oct 14 01:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23852]: Failed password for root from 107.172.76.10 port 47026 ssh2
Oct 14 01:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23852]: Received disconnect from 107.172.76.10 port 47026:11: Bye Bye [preauth]
Oct 14 01:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23852]: Disconnected from 107.172.76.10 port 47026 [preauth]
Oct 14 01:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23110]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: Invalid user uni from 36.67.70.198
Oct 14 01:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: input_userauth_request: invalid user uni [preauth]
Oct 14 01:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: Failed password for invalid user uni from 36.67.70.198 port 35640 ssh2
Oct 14 01:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: Received disconnect from 36.67.70.198 port 35640:11: Bye Bye [preauth]
Oct 14 01:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: Disconnected from 36.67.70.198 port 35640 [preauth]
Oct 14 01:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: User mysql from 209.38.110.157 not allowed because not listed in AllowUsers
Oct 14 01:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: input_userauth_request: invalid user mysql [preauth]
Oct 14 01:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=mysql
Oct 14 01:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: Failed password for invalid user mysql from 209.38.110.157 port 46334 ssh2
Oct 14 01:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23920]: Connection closed by 209.38.110.157 port 46334 [preauth]
Oct 14 01:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21798]: pam_unix(cron:session): session closed for user root
Oct 14 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24101]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24095]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24093]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24204]: Successful su for rubyman by root
Oct 14 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24204]: + ??? root:rubyman
Oct 14 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408203 of user rubyman.
Oct 14 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24204]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408203.
Oct 14 01:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20296]: pam_unix(cron:session): session closed for user root
Oct 14 01:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24094]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24521]: User mysql from 209.38.110.157 not allowed because not listed in AllowUsers
Oct 14 01:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24521]: input_userauth_request: invalid user mysql [preauth]
Oct 14 01:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=mysql
Oct 14 01:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10  user=root
Oct 14 01:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24521]: Failed password for invalid user mysql from 209.38.110.157 port 39196 ssh2
Oct 14 01:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24521]: Connection closed by 209.38.110.157 port 39196 [preauth]
Oct 14 01:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: Failed password for root from 107.172.76.10 port 39000 ssh2
Oct 14 01:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: Received disconnect from 107.172.76.10 port 39000:11: Bye Bye [preauth]
Oct 14 01:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: Disconnected from 107.172.76.10 port 39000 [preauth]
Oct 14 01:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22317]: pam_unix(cron:session): session closed for user root
Oct 14 01:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Invalid user njs from 103.234.151.178
Oct 14 01:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: input_userauth_request: invalid user njs [preauth]
Oct 14 01:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.151.178
Oct 14 01:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Failed password for invalid user njs from 103.234.151.178 port 44536 ssh2
Oct 14 01:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Received disconnect from 103.234.151.178 port 44536:11: Bye Bye [preauth]
Oct 14 01:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Disconnected from 103.234.151.178 port 44536 [preauth]
Oct 14 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24641]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24639]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24636]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24717]: Successful su for rubyman by root
Oct 14 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24717]: + ??? root:rubyman
Oct 14 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408207 of user rubyman.
Oct 14 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24717]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408207.
Oct 14 01:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20813]: pam_unix(cron:session): session closed for user root
Oct 14 01:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24637]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24938]: Invalid user elasticsearch from 36.67.70.198
Oct 14 01:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24938]: input_userauth_request: invalid user elasticsearch [preauth]
Oct 14 01:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24938]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24938]: Failed password for invalid user elasticsearch from 36.67.70.198 port 54672 ssh2
Oct 14 01:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24938]: Received disconnect from 36.67.70.198 port 54672:11: Bye Bye [preauth]
Oct 14 01:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24938]: Disconnected from 36.67.70.198 port 54672 [preauth]
Oct 14 01:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: Invalid user amssys from 190.103.202.7
Oct 14 01:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: input_userauth_request: invalid user amssys [preauth]
Oct 14 01:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 14 01:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: Failed password for invalid user amssys from 190.103.202.7 port 38524 ssh2
Oct 14 01:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24996]: Connection closed by 190.103.202.7 port 38524 [preauth]
Oct 14 01:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: User mysql from 209.38.110.157 not allowed because not listed in AllowUsers
Oct 14 01:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: input_userauth_request: invalid user mysql [preauth]
Oct 14 01:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=mysql
Oct 14 01:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: Failed password for invalid user mysql from 209.38.110.157 port 32964 ssh2
Oct 14 01:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: Connection closed by 209.38.110.157 port 32964 [preauth]
Oct 14 01:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23115]: pam_unix(cron:session): session closed for user root
Oct 14 01:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25124]: Invalid user tmpuser from 107.172.76.10
Oct 14 01:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25124]: input_userauth_request: invalid user tmpuser [preauth]
Oct 14 01:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25124]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25124]: Failed password for invalid user tmpuser from 107.172.76.10 port 56988 ssh2
Oct 14 01:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25124]: Received disconnect from 107.172.76.10 port 56988:11: Bye Bye [preauth]
Oct 14 01:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25124]: Disconnected from 107.172.76.10 port 56988 [preauth]
Oct 14 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25144]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25143]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25141]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: Successful su for rubyman by root
Oct 14 01:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: + ??? root:rubyman
Oct 14 01:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408213 of user rubyman.
Oct 14 01:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408213.
Oct 14 01:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21268]: pam_unix(cron:session): session closed for user root
Oct 14 01:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25142]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: User mysql from 209.38.110.157 not allowed because not listed in AllowUsers
Oct 14 01:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: input_userauth_request: invalid user mysql [preauth]
Oct 14 01:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=mysql
Oct 14 01:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24101]: pam_unix(cron:session): session closed for user root
Oct 14 01:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: Failed password for invalid user mysql from 209.38.110.157 port 49550 ssh2
Oct 14 01:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: Connection closed by 209.38.110.157 port 49550 [preauth]
Oct 14 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25931]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25937]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25930]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25928]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26023]: Successful su for rubyman by root
Oct 14 01:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26023]: + ??? root:rubyman
Oct 14 01:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408217 of user rubyman.
Oct 14 01:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26023]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408217.
Oct 14 01:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21797]: pam_unix(cron:session): session closed for user root
Oct 14 01:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198  user=root
Oct 14 01:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: Failed password for root from 36.67.70.198 port 54566 ssh2
Oct 14 01:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: Received disconnect from 36.67.70.198 port 54566:11: Bye Bye [preauth]
Oct 14 01:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: Disconnected from 36.67.70.198 port 54566 [preauth]
Oct 14 01:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25930]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: Invalid user uni from 107.172.76.10
Oct 14 01:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: input_userauth_request: invalid user uni [preauth]
Oct 14 01:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26281]: Did not receive identification string from 121.186.31.54
Oct 14 01:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26282]: Did not receive identification string from 121.186.31.54
Oct 14 01:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: Did not receive identification string from 121.186.31.54
Oct 14 01:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: Failed password for invalid user uni from 107.172.76.10 port 46232 ssh2
Oct 14 01:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: Received disconnect from 107.172.76.10 port 46232:11: Bye Bye [preauth]
Oct 14 01:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: Disconnected from 107.172.76.10 port 46232 [preauth]
Oct 14 01:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26285]: Failed password for root from 121.186.31.54 port 40514 ssh2
Oct 14 01:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26285]: Connection closed by 121.186.31.54 port 40514 [preauth]
Oct 14 01:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26284]: Failed password for root from 121.186.31.54 port 40502 ssh2
Oct 14 01:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26295]: Failed password for root from 121.186.31.54 port 40536 ssh2
Oct 14 01:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26284]: Connection closed by 121.186.31.54 port 40502 [preauth]
Oct 14 01:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26295]: Connection closed by 121.186.31.54 port 40536 [preauth]
Oct 14 01:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26320]: Invalid user admin from 121.186.31.54
Oct 14 01:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26320]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: Invalid user admin from 121.186.31.54
Oct 14 01:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26320]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: Invalid user admin from 121.186.31.54
Oct 14 01:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26320]: Failed password for invalid user admin from 121.186.31.54 port 40544 ssh2
Oct 14 01:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26320]: Connection closed by 121.186.31.54 port 40544 [preauth]
Oct 14 01:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: Failed password for invalid user admin from 121.186.31.54 port 40558 ssh2
Oct 14 01:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: Connection closed by 121.186.31.54 port 40558 [preauth]
Oct 14 01:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: Failed password for invalid user admin from 121.186.31.54 port 40572 ssh2
Oct 14 01:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: Invalid user testuser from 121.186.31.54
Oct 14 01:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: input_userauth_request: invalid user testuser [preauth]
Oct 14 01:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: Invalid user deploy from 121.186.31.54
Oct 14 01:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: input_userauth_request: invalid user deploy [preauth]
Oct 14 01:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: Connection closed by 121.186.31.54 port 40572 [preauth]
Oct 14 01:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24641]: pam_unix(cron:session): session closed for user root
Oct 14 01:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: Invalid user kafka from 121.186.31.54
Oct 14 01:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: input_userauth_request: invalid user kafka [preauth]
Oct 14 01:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: Failed password for invalid user testuser from 121.186.31.54 port 35180 ssh2
Oct 14 01:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: Connection closed by 121.186.31.54 port 35180 [preauth]
Oct 14 01:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: Failed password for invalid user deploy from 121.186.31.54 port 40586 ssh2
Oct 14 01:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: Connection closed by 121.186.31.54 port 40586 [preauth]
Oct 14 01:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26395]: User mysql from 209.38.110.157 not allowed because not listed in AllowUsers
Oct 14 01:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26395]: input_userauth_request: invalid user mysql [preauth]
Oct 14 01:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=mysql
Oct 14 01:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: Failed password for invalid user kafka from 121.186.31.54 port 35194 ssh2
Oct 14 01:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: Connection closed by 121.186.31.54 port 35194 [preauth]
Oct 14 01:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: Invalid user user from 121.186.31.54
Oct 14 01:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: input_userauth_request: invalid user user [preauth]
Oct 14 01:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: Invalid user admin from 121.186.31.54
Oct 14 01:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26395]: Failed password for invalid user mysql from 209.38.110.157 port 57940 ssh2
Oct 14 01:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26395]: Connection closed by 209.38.110.157 port 57940 [preauth]
Oct 14 01:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: Failed password for invalid user user from 121.186.31.54 port 35208 ssh2
Oct 14 01:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26396]: Connection closed by 121.186.31.54 port 35208 [preauth]
Oct 14 01:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: Invalid user guest from 121.186.31.54
Oct 14 01:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: input_userauth_request: invalid user guest [preauth]
Oct 14 01:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: Failed password for invalid user admin from 121.186.31.54 port 35202 ssh2
Oct 14 01:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: Connection closed by 121.186.31.54 port 35202 [preauth]
Oct 14 01:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: Invalid user devuser from 121.186.31.54
Oct 14 01:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: input_userauth_request: invalid user devuser [preauth]
Oct 14 01:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: Failed password for invalid user guest from 121.186.31.54 port 35216 ssh2
Oct 14 01:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26399]: Connection closed by 121.186.31.54 port 35216 [preauth]
Oct 14 01:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: Failed password for root from 121.186.31.54 port 56528 ssh2
Oct 14 01:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: Failed password for invalid user devuser from 121.186.31.54 port 56520 ssh2
Oct 14 01:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26502]: Connection closed by 121.186.31.54 port 56528 [preauth]
Oct 14 01:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26496]: Connection closed by 121.186.31.54 port 56520 [preauth]
Oct 14 01:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: Invalid user oracle from 121.186.31.54
Oct 14 01:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: input_userauth_request: invalid user oracle [preauth]
Oct 14 01:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26509]: Failed password for root from 121.186.31.54 port 56534 ssh2
Oct 14 01:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: Failed password for invalid user oracle from 121.186.31.54 port 56554 ssh2
Oct 14 01:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26509]: Connection closed by 121.186.31.54 port 56534 [preauth]
Oct 14 01:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26517]: Connection closed by 121.186.31.54 port 56554 [preauth]
Oct 14 01:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: Failed password for root from 121.186.31.54 port 56548 ssh2
Oct 14 01:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26516]: Connection closed by 121.186.31.54 port 56548 [preauth]
Oct 14 01:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26542]: Invalid user ts3 from 121.186.31.54
Oct 14 01:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26542]: input_userauth_request: invalid user ts3 [preauth]
Oct 14 01:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26542]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26540]: Failed password for root from 121.186.31.54 port 56566 ssh2
Oct 14 01:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26542]: Failed password for invalid user ts3 from 121.186.31.54 port 56582 ssh2
Oct 14 01:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: Failed password for root from 121.186.31.54 port 56592 ssh2
Oct 14 01:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26540]: Connection closed by 121.186.31.54 port 56566 [preauth]
Oct 14 01:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26542]: Connection closed by 121.186.31.54 port 56582 [preauth]
Oct 14 01:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26543]: Connection closed by 121.186.31.54 port 56592 [preauth]
Oct 14 01:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: Invalid user devuser from 121.186.31.54
Oct 14 01:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: input_userauth_request: invalid user devuser [preauth]
Oct 14 01:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: Invalid user hadoop from 121.186.31.54
Oct 14 01:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 01:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: Invalid user oracle from 121.186.31.54
Oct 14 01:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: input_userauth_request: invalid user oracle [preauth]
Oct 14 01:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: Failed password for invalid user devuser from 121.186.31.54 port 42504 ssh2
Oct 14 01:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: Connection closed by 121.186.31.54 port 42504 [preauth]
Oct 14 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26579]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26578]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26577]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26580]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26575]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26574]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26580]: pam_unix(cron:session): session closed for user root
Oct 14 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26574]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: Failed password for invalid user hadoop from 121.186.31.54 port 42488 ssh2
Oct 14 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: Failed password for invalid user oracle from 121.186.31.54 port 42508 ssh2
Oct 14 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26556]: Connection closed by 121.186.31.54 port 42488 [preauth]
Oct 14 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: Connection closed by 121.186.31.54 port 42508 [preauth]
Oct 14 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26666]: Successful su for rubyman by root
Oct 14 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26666]: + ??? root:rubyman
Oct 14 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408220 of user rubyman.
Oct 14 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26666]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408220.
Oct 14 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26649]: Invalid user ubuntu from 121.186.31.54
Oct 14 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26649]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26649]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26649]: Failed password for invalid user ubuntu from 121.186.31.54 port 42518 ssh2
Oct 14 01:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26649]: Connection closed by 121.186.31.54 port 42518 [preauth]
Oct 14 01:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: Failed password for root from 121.186.31.54 port 42526 ssh2
Oct 14 01:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: Connection closed by 121.186.31.54 port 42526 [preauth]
Oct 14 01:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Failed password for root from 121.186.31.54 port 42510 ssh2
Oct 14 01:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Connection closed by 121.186.31.54 port 42510 [preauth]
Oct 14 01:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26577]: pam_unix(cron:session): session closed for user root
Oct 14 01:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Invalid user testuser from 121.186.31.54
Oct 14 01:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: input_userauth_request: invalid user testuser [preauth]
Oct 14 01:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22315]: pam_unix(cron:session): session closed for user root
Oct 14 01:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: Failed password for root from 121.186.31.54 port 45102 ssh2
Oct 14 01:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: Connection closed by 121.186.31.54 port 45102 [preauth]
Oct 14 01:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26832]: Invalid user devuser from 121.186.31.54
Oct 14 01:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26832]: input_userauth_request: invalid user devuser [preauth]
Oct 14 01:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26832]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26962]: Invalid user vyos from 121.186.31.54
Oct 14 01:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26962]: input_userauth_request: invalid user vyos [preauth]
Oct 14 01:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26962]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Failed password for invalid user testuser from 121.186.31.54 port 45120 ssh2
Oct 14 01:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Connection closed by 121.186.31.54 port 45120 [preauth]
Oct 14 01:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26832]: Failed password for invalid user devuser from 121.186.31.54 port 45106 ssh2
Oct 14 01:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26962]: Failed password for invalid user vyos from 121.186.31.54 port 45132 ssh2
Oct 14 01:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26832]: Connection closed by 121.186.31.54 port 45106 [preauth]
Oct 14 01:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26962]: Connection closed by 121.186.31.54 port 45132 [preauth]
Oct 14 01:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: Invalid user postgres from 121.186.31.54
Oct 14 01:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Invalid user dspace from 121.186.31.54
Oct 14 01:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: input_userauth_request: invalid user dspace [preauth]
Oct 14 01:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: Failed password for root from 121.186.31.54 port 45134 ssh2
Oct 14 01:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: Connection closed by 121.186.31.54 port 45134 [preauth]
Oct 14 01:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: Failed password for invalid user postgres from 121.186.31.54 port 59764 ssh2
Oct 14 01:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: Connection closed by 121.186.31.54 port 59764 [preauth]
Oct 14 01:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27159]: Invalid user ts3 from 121.186.31.54
Oct 14 01:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27159]: input_userauth_request: invalid user ts3 [preauth]
Oct 14 01:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27159]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26575]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Failed password for invalid user dspace from 121.186.31.54 port 59766 ssh2
Oct 14 01:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Connection closed by 121.186.31.54 port 59766 [preauth]
Oct 14 01:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27196]: Invalid user test from 121.186.31.54
Oct 14 01:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27196]: input_userauth_request: invalid user test [preauth]
Oct 14 01:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27196]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27159]: Failed password for invalid user ts3 from 121.186.31.54 port 59776 ssh2
Oct 14 01:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27159]: Connection closed by 121.186.31.54 port 59776 [preauth]
Oct 14 01:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: Invalid user admin from 121.186.31.54
Oct 14 01:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27196]: Failed password for invalid user test from 121.186.31.54 port 59792 ssh2
Oct 14 01:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27196]: Connection closed by 121.186.31.54 port 59792 [preauth]
Oct 14 01:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: Failed password for invalid user admin from 121.186.31.54 port 59808 ssh2
Oct 14 01:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: Connection closed by 121.186.31.54 port 59808 [preauth]
Oct 14 01:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27210]: Invalid user minecraft from 121.186.31.54
Oct 14 01:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27210]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 01:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27210]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27222]: Invalid user vpn from 121.186.31.54
Oct 14 01:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27222]: input_userauth_request: invalid user vpn [preauth]
Oct 14 01:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27222]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27210]: Failed password for invalid user minecraft from 121.186.31.54 port 59824 ssh2
Oct 14 01:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27222]: Failed password for invalid user vpn from 121.186.31.54 port 47510 ssh2
Oct 14 01:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27210]: Connection closed by 121.186.31.54 port 59824 [preauth]
Oct 14 01:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27222]: Connection closed by 121.186.31.54 port 47510 [preauth]
Oct 14 01:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: Failed password for root from 121.186.31.54 port 47516 ssh2
Oct 14 01:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: Invalid user ubuntu from 121.186.31.54
Oct 14 01:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: Connection closed by 121.186.31.54 port 47516 [preauth]
Oct 14 01:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: Failed password for invalid user ubuntu from 121.186.31.54 port 47528 ssh2
Oct 14 01:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: Connection closed by 121.186.31.54 port 47528 [preauth]
Oct 14 01:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: Invalid user debian from 121.186.31.54
Oct 14 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27236]: Failed password for root from 121.186.31.54 port 47544 ssh2
Oct 14 01:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27236]: Connection closed by 121.186.31.54 port 47544 [preauth]
Oct 14 01:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: Failed password for invalid user debian from 121.186.31.54 port 47552 ssh2
Oct 14 01:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27254]: Failed password for root from 121.186.31.54 port 47556 ssh2
Oct 14 01:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27254]: Connection closed by 121.186.31.54 port 47556 [preauth]
Oct 14 01:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: Connection closed by 121.186.31.54 port 47552 [preauth]
Oct 14 01:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: Invalid user admin from 121.186.31.54
Oct 14 01:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: Invalid user kafka from 121.186.31.54
Oct 14 01:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: input_userauth_request: invalid user kafka [preauth]
Oct 14 01:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27269]: Failed password for root from 121.186.31.54 port 53240 ssh2
Oct 14 01:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25144]: pam_unix(cron:session): session closed for user root
Oct 14 01:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27269]: Connection closed by 121.186.31.54 port 53240 [preauth]
Oct 14 01:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: Failed password for invalid user admin from 121.186.31.54 port 53252 ssh2
Oct 14 01:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: Connection closed by 121.186.31.54 port 53252 [preauth]
Oct 14 01:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: Failed password for invalid user kafka from 121.186.31.54 port 53258 ssh2
Oct 14 01:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27310]: User mysql from 209.38.110.157 not allowed because not listed in AllowUsers
Oct 14 01:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27310]: input_userauth_request: invalid user mysql [preauth]
Oct 14 01:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=mysql
Oct 14 01:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: Invalid user cgonzalez from 107.172.76.10
Oct 14 01:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: input_userauth_request: invalid user cgonzalez [preauth]
Oct 14 01:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: Connection closed by 121.186.31.54 port 53258 [preauth]
Oct 14 01:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Failed password for root from 121.186.31.54 port 53264 ssh2
Oct 14 01:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: Failed password for root from 121.186.31.54 port 53280 ssh2
Oct 14 01:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27297]: Connection closed by 121.186.31.54 port 53264 [preauth]
Oct 14 01:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27310]: Failed password for invalid user mysql from 209.38.110.157 port 56472 ssh2
Oct 14 01:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27308]: Connection closed by 121.186.31.54 port 53280 [preauth]
Oct 14 01:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27310]: Connection closed by 209.38.110.157 port 56472 [preauth]
Oct 14 01:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: Invalid user test from 121.186.31.54
Oct 14 01:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: input_userauth_request: invalid user test [preauth]
Oct 14 01:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: Failed password for invalid user cgonzalez from 107.172.76.10 port 58586 ssh2
Oct 14 01:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: Received disconnect from 107.172.76.10 port 58586:11: Bye Bye [preauth]
Oct 14 01:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: Disconnected from 107.172.76.10 port 58586 [preauth]
Oct 14 01:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: Invalid user user from 121.186.31.54
Oct 14 01:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: input_userauth_request: invalid user user [preauth]
Oct 14 01:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: Failed password for invalid user test from 121.186.31.54 port 53286 ssh2
Oct 14 01:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: Connection closed by 121.186.31.54 port 53286 [preauth]
Oct 14 01:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: Failed password for invalid user user from 121.186.31.54 port 48400 ssh2
Oct 14 01:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27322]: Connection closed by 121.186.31.54 port 48400 [preauth]
Oct 14 01:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: Invalid user postgres from 121.186.31.54
Oct 14 01:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27325]: Failed password for root from 121.186.31.54 port 48402 ssh2
Oct 14 01:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27325]: Connection closed by 121.186.31.54 port 48402 [preauth]
Oct 14 01:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: Failed password for invalid user postgres from 121.186.31.54 port 48412 ssh2
Oct 14 01:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: Connection closed by 121.186.31.54 port 48412 [preauth]
Oct 14 01:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27360]: Failed password for root from 121.186.31.54 port 48418 ssh2
Oct 14 01:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27360]: Connection closed by 121.186.31.54 port 48418 [preauth]
Oct 14 01:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27387]: Invalid user deploy from 121.186.31.54
Oct 14 01:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27387]: input_userauth_request: invalid user deploy [preauth]
Oct 14 01:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27364]: Failed password for root from 121.186.31.54 port 48434 ssh2
Oct 14 01:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27387]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27364]: Connection closed by 121.186.31.54 port 48434 [preauth]
Oct 14 01:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27391]: User mysql from 121.186.31.54 not allowed because not listed in AllowUsers
Oct 14 01:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27391]: input_userauth_request: invalid user mysql [preauth]
Oct 14 01:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=mysql
Oct 14 01:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27387]: Failed password for invalid user deploy from 121.186.31.54 port 48446 ssh2
Oct 14 01:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27387]: Connection closed by 121.186.31.54 port 48446 [preauth]
Oct 14 01:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: Invalid user jenkins from 121.186.31.54
Oct 14 01:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 01:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: Invalid user satis from 36.67.70.198
Oct 14 01:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: input_userauth_request: invalid user satis [preauth]
Oct 14 01:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27391]: Failed password for invalid user mysql from 121.186.31.54 port 48392 ssh2
Oct 14 01:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27391]: Connection closed by 121.186.31.54 port 48392 [preauth]
Oct 14 01:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: Failed password for invalid user satis from 36.67.70.198 port 53054 ssh2
Oct 14 01:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: Failed password for root from 121.186.31.54 port 48396 ssh2
Oct 14 01:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: Received disconnect from 36.67.70.198 port 53054:11: Bye Bye [preauth]
Oct 14 01:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: Disconnected from 36.67.70.198 port 53054 [preauth]
Oct 14 01:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27405]: Invalid user odoo from 121.186.31.54
Oct 14 01:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27405]: input_userauth_request: invalid user odoo [preauth]
Oct 14 01:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27405]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: Failed password for invalid user jenkins from 121.186.31.54 port 48376 ssh2
Oct 14 01:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: Connection closed by 121.186.31.54 port 48396 [preauth]
Oct 14 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27413]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27412]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: Connection closed by 121.186.31.54 port 48376 [preauth]
Oct 14 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27410]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27405]: Failed password for invalid user odoo from 121.186.31.54 port 48408 ssh2
Oct 14 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27512]: Successful su for rubyman by root
Oct 14 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27512]: + ??? root:rubyman
Oct 14 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408227 of user rubyman.
Oct 14 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27512]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408227.
Oct 14 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27405]: Connection closed by 121.186.31.54 port 48408 [preauth]
Oct 14 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Invalid user admin from 121.186.31.54
Oct 14 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: Invalid user linaro from 121.186.31.54
Oct 14 01:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: input_userauth_request: invalid user linaro [preauth]
Oct 14 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: Invalid user vpn from 121.186.31.54
Oct 14 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: input_userauth_request: invalid user vpn [preauth]
Oct 14 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Failed password for invalid user admin from 121.186.31.54 port 48426 ssh2
Oct 14 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Connection closed by 121.186.31.54 port 48426 [preauth]
Oct 14 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: Failed password for invalid user vpn from 121.186.31.54 port 48414 ssh2
Oct 14 01:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: Failed password for invalid user linaro from 121.186.31.54 port 48436 ssh2
Oct 14 01:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: Connection closed by 121.186.31.54 port 48414 [preauth]
Oct 14 01:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: Connection closed by 121.186.31.54 port 48436 [preauth]
Oct 14 01:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: Invalid user minecraft from 121.186.31.54
Oct 14 01:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 01:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: Invalid user test from 121.186.31.54
Oct 14 01:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: input_userauth_request: invalid user test [preauth]
Oct 14 01:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: Failed password for invalid user minecraft from 121.186.31.54 port 54304 ssh2
Oct 14 01:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: Connection closed by 121.186.31.54 port 54304 [preauth]
Oct 14 01:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: Failed password for invalid user test from 121.186.31.54 port 54318 ssh2
Oct 14 01:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: Connection closed by 121.186.31.54 port 54318 [preauth]
Oct 14 01:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23114]: pam_unix(cron:session): session closed for user root
Oct 14 01:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Invalid user admin from 121.186.31.54
Oct 14 01:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: Failed password for root from 121.186.31.54 port 54322 ssh2
Oct 14 01:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: Invalid user devopsadmin from 121.186.31.54
Oct 14 01:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: input_userauth_request: invalid user devopsadmin [preauth]
Oct 14 01:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27974]: Connection closed by 121.186.31.54 port 54322 [preauth]
Oct 14 01:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28034]: Invalid user fa from 121.186.31.54
Oct 14 01:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28034]: input_userauth_request: invalid user fa [preauth]
Oct 14 01:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28034]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Failed password for invalid user admin from 121.186.31.54 port 54326 ssh2
Oct 14 01:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Connection closed by 121.186.31.54 port 54326 [preauth]
Oct 14 01:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27411]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: Failed password for invalid user devopsadmin from 121.186.31.54 port 54332 ssh2
Oct 14 01:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: Connection closed by 121.186.31.54 port 54332 [preauth]
Oct 14 01:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28034]: Failed password for invalid user fa from 121.186.31.54 port 45832 ssh2
Oct 14 01:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28046]: Invalid user git from 121.186.31.54
Oct 14 01:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28046]: input_userauth_request: invalid user git [preauth]
Oct 14 01:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28034]: Connection closed by 121.186.31.54 port 45832 [preauth]
Oct 14 01:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28046]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: Invalid user moxa from 121.186.31.54
Oct 14 01:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: input_userauth_request: invalid user moxa [preauth]
Oct 14 01:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28046]: Failed password for invalid user git from 121.186.31.54 port 45846 ssh2
Oct 14 01:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: Failed password for invalid user moxa from 121.186.31.54 port 45862 ssh2
Oct 14 01:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28046]: Connection closed by 121.186.31.54 port 45846 [preauth]
Oct 14 01:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28071]: Failed password for root from 121.186.31.54 port 45866 ssh2
Oct 14 01:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: Connection closed by 121.186.31.54 port 45862 [preauth]
Oct 14 01:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28071]: Connection closed by 121.186.31.54 port 45866 [preauth]
Oct 14 01:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Invalid user deploy from 121.186.31.54
Oct 14 01:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: input_userauth_request: invalid user deploy [preauth]
Oct 14 01:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: Invalid user ubuntu from 121.186.31.54
Oct 14 01:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: Invalid user guest from 121.186.31.54
Oct 14 01:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: input_userauth_request: invalid user guest [preauth]
Oct 14 01:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Failed password for invalid user deploy from 121.186.31.54 port 45882 ssh2
Oct 14 01:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: Failed password for invalid user ubuntu from 121.186.31.54 port 45868 ssh2
Oct 14 01:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Connection closed by 121.186.31.54 port 45882 [preauth]
Oct 14 01:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: Failed password for invalid user guest from 121.186.31.54 port 45876 ssh2
Oct 14 01:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: Connection closed by 121.186.31.54 port 45876 [preauth]
Oct 14 01:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: Connection closed by 121.186.31.54 port 45868 [preauth]
Oct 14 01:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28104]: Invalid user testuser from 121.186.31.54
Oct 14 01:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28104]: input_userauth_request: invalid user testuser [preauth]
Oct 14 01:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28106]: Invalid user pi from 121.186.31.54
Oct 14 01:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28106]: input_userauth_request: invalid user pi [preauth]
Oct 14 01:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28104]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28106]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28104]: Failed password for invalid user testuser from 121.186.31.54 port 52166 ssh2
Oct 14 01:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28106]: Failed password for invalid user pi from 121.186.31.54 port 52182 ssh2
Oct 14 01:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: Invalid user pi from 121.186.31.54
Oct 14 01:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: input_userauth_request: invalid user pi [preauth]
Oct 14 01:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28106]: Connection closed by 121.186.31.54 port 52182 [preauth]
Oct 14 01:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28104]: Connection closed by 121.186.31.54 port 52166 [preauth]
Oct 14 01:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: Failed password for invalid user pi from 121.186.31.54 port 52190 ssh2
Oct 14 01:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28140]: Invalid user kali from 121.186.31.54
Oct 14 01:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28140]: input_userauth_request: invalid user kali [preauth]
Oct 14 01:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28109]: Connection closed by 121.186.31.54 port 52190 [preauth]
Oct 14 01:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28140]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28147]: Invalid user devopsuser from 121.186.31.54
Oct 14 01:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28147]: input_userauth_request: invalid user devopsuser [preauth]
Oct 14 01:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28147]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28140]: Failed password for invalid user kali from 121.186.31.54 port 52200 ssh2
Oct 14 01:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: Failed password for root from 121.186.31.54 port 52202 ssh2
Oct 14 01:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28140]: Connection closed by 121.186.31.54 port 52200 [preauth]
Oct 14 01:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: Connection closed by 121.186.31.54 port 52202 [preauth]
Oct 14 01:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28147]: Failed password for invalid user devopsuser from 121.186.31.54 port 52214 ssh2
Oct 14 01:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28147]: Connection closed by 121.186.31.54 port 52214 [preauth]
Oct 14 01:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: Invalid user oracle from 121.186.31.54
Oct 14 01:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: input_userauth_request: invalid user oracle [preauth]
Oct 14 01:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25937]: pam_unix(cron:session): session closed for user root
Oct 14 01:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28180]: Invalid user devops from 121.186.31.54
Oct 14 01:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28180]: input_userauth_request: invalid user devops [preauth]
Oct 14 01:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: Invalid user ubuntu from 121.186.31.54
Oct 14 01:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28180]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: Failed password for invalid user oracle from 121.186.31.54 port 46350 ssh2
Oct 14 01:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: Connection closed by 121.186.31.54 port 46350 [preauth]
Oct 14 01:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: Failed password for invalid user ubuntu from 121.186.31.54 port 46360 ssh2
Oct 14 01:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28180]: Failed password for invalid user devops from 121.186.31.54 port 46368 ssh2
Oct 14 01:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28158]: Connection closed by 121.186.31.54 port 46360 [preauth]
Oct 14 01:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28180]: Connection closed by 121.186.31.54 port 46368 [preauth]
Oct 14 01:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28201]: Invalid user hadoop from 121.186.31.54
Oct 14 01:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28201]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 01:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28201]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28199]: Invalid user deploy from 121.186.31.54
Oct 14 01:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28199]: input_userauth_request: invalid user deploy [preauth]
Oct 14 01:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: User mysql from 209.38.110.157 not allowed because not listed in AllowUsers
Oct 14 01:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: input_userauth_request: invalid user mysql [preauth]
Oct 14 01:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=mysql
Oct 14 01:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28199]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28201]: Failed password for invalid user hadoop from 121.186.31.54 port 46400 ssh2
Oct 14 01:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28201]: Connection closed by 121.186.31.54 port 46400 [preauth]
Oct 14 01:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28204]: Failed password for root from 121.186.31.54 port 46402 ssh2
Oct 14 01:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: Failed password for invalid user mysql from 209.38.110.157 port 44290 ssh2
Oct 14 01:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28199]: Failed password for invalid user deploy from 121.186.31.54 port 46384 ssh2
Oct 14 01:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: Connection closed by 209.38.110.157 port 44290 [preauth]
Oct 14 01:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28216]: Invalid user oracle from 121.186.31.54
Oct 14 01:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28216]: input_userauth_request: invalid user oracle [preauth]
Oct 14 01:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28204]: Connection closed by 121.186.31.54 port 46402 [preauth]
Oct 14 01:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28216]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28199]: Connection closed by 121.186.31.54 port 46384 [preauth]
Oct 14 01:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28216]: Failed password for invalid user oracle from 121.186.31.54 port 41992 ssh2
Oct 14 01:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: Invalid user debian from 121.186.31.54
Oct 14 01:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28216]: Connection closed by 121.186.31.54 port 41992 [preauth]
Oct 14 01:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28218]: Invalid user postgres from 121.186.31.54
Oct 14 01:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28218]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28218]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: Failed password for invalid user debian from 121.186.31.54 port 42010 ssh2
Oct 14 01:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28218]: Failed password for invalid user postgres from 121.186.31.54 port 42004 ssh2
Oct 14 01:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: Connection closed by 121.186.31.54 port 42010 [preauth]
Oct 14 01:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28218]: Connection closed by 121.186.31.54 port 42004 [preauth]
Oct 14 01:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: Failed password for root from 121.186.31.54 port 42016 ssh2
Oct 14 01:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: Connection closed by 121.186.31.54 port 42016 [preauth]
Oct 14 01:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: Invalid user dspace from 121.186.31.54
Oct 14 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: input_userauth_request: invalid user dspace [preauth]
Oct 14 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: Invalid user odoo from 121.186.31.54
Oct 14 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: input_userauth_request: invalid user odoo [preauth]
Oct 14 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: Failed password for root from 121.186.31.54 port 42022 ssh2
Oct 14 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28249]: Connection closed by 121.186.31.54 port 42022 [preauth]
Oct 14 01:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: Failed password for invalid user dspace from 121.186.31.54 port 42030 ssh2
Oct 14 01:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: Connection closed by 121.186.31.54 port 42030 [preauth]
Oct 14 01:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: Invalid user deployer from 121.186.31.54
Oct 14 01:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: input_userauth_request: invalid user deployer [preauth]
Oct 14 01:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: Failed password for invalid user odoo from 121.186.31.54 port 42026 ssh2
Oct 14 01:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: Connection closed by 121.186.31.54 port 42026 [preauth]
Oct 14 01:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: Invalid user vyos from 121.186.31.54
Oct 14 01:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: input_userauth_request: invalid user vyos [preauth]
Oct 14 01:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: Failed password for invalid user deployer from 121.186.31.54 port 51538 ssh2
Oct 14 01:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: Invalid user kali from 121.186.31.54
Oct 14 01:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: input_userauth_request: invalid user kali [preauth]
Oct 14 01:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: Connection closed by 121.186.31.54 port 51538 [preauth]
Oct 14 01:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10  user=root
Oct 14 01:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: Failed password for invalid user vyos from 121.186.31.54 port 51552 ssh2
Oct 14 01:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: Failed password for invalid user kali from 121.186.31.54 port 51554 ssh2
Oct 14 01:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: Connection closed by 121.186.31.54 port 51552 [preauth]
Oct 14 01:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: Failed password for root from 107.172.76.10 port 45600 ssh2
Oct 14 01:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: Received disconnect from 107.172.76.10 port 45600:11: Bye Bye [preauth]
Oct 14 01:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: Disconnected from 107.172.76.10 port 45600 [preauth]
Oct 14 01:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: Connection closed by 121.186.31.54 port 51554 [preauth]
Oct 14 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Invalid user devopsuser from 121.186.31.54
Oct 14 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: input_userauth_request: invalid user devopsuser [preauth]
Oct 14 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: Invalid user odoo18 from 121.186.31.54
Oct 14 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: input_userauth_request: invalid user odoo18 [preauth]
Oct 14 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28301]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28298]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28379]: Successful su for rubyman by root
Oct 14 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28379]: + ??? root:rubyman
Oct 14 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408229 of user rubyman.
Oct 14 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28379]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408229.
Oct 14 01:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: Invalid user oracle from 121.186.31.54
Oct 14 01:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: input_userauth_request: invalid user oracle [preauth]
Oct 14 01:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: Failed password for invalid user odoo18 from 121.186.31.54 port 51582 ssh2
Oct 14 01:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Failed password for invalid user devopsuser from 121.186.31.54 port 51568 ssh2
Oct 14 01:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Connection closed by 121.186.31.54 port 51568 [preauth]
Oct 14 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28289]: Connection closed by 121.186.31.54 port 51582 [preauth]
Oct 14 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: Failed password for invalid user oracle from 121.186.31.54 port 51596 ssh2
Oct 14 01:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28292]: Connection closed by 121.186.31.54 port 51596 [preauth]
Oct 14 01:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: Failed password for root from 121.186.31.54 port 35514 ssh2
Oct 14 01:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28696]: Invalid user git from 121.186.31.54
Oct 14 01:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28696]: input_userauth_request: invalid user git [preauth]
Oct 14 01:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: Connection closed by 121.186.31.54 port 35514 [preauth]
Oct 14 01:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: Invalid user oracle from 121.186.31.54
Oct 14 01:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: input_userauth_request: invalid user oracle [preauth]
Oct 14 01:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28696]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24095]: pam_unix(cron:session): session closed for user root
Oct 14 01:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: Invalid user fa from 121.186.31.54
Oct 14 01:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: input_userauth_request: invalid user fa [preauth]
Oct 14 01:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28696]: Failed password for invalid user git from 121.186.31.54 port 35526 ssh2
Oct 14 01:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28696]: Connection closed by 121.186.31.54 port 35526 [preauth]
Oct 14 01:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: Failed password for invalid user oracle from 121.186.31.54 port 35540 ssh2
Oct 14 01:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: Connection closed by 121.186.31.54 port 35540 [preauth]
Oct 14 01:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28829]: Invalid user elastic from 121.186.31.54
Oct 14 01:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28829]: input_userauth_request: invalid user elastic [preauth]
Oct 14 01:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: Failed password for invalid user fa from 121.186.31.54 port 35554 ssh2
Oct 14 01:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28829]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: Connection closed by 121.186.31.54 port 35554 [preauth]
Oct 14 01:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28829]: Failed password for invalid user elastic from 121.186.31.54 port 35560 ssh2
Oct 14 01:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28829]: Connection closed by 121.186.31.54 port 35560 [preauth]
Oct 14 01:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: Invalid user guest from 121.186.31.54
Oct 14 01:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: input_userauth_request: invalid user guest [preauth]
Oct 14 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Invalid user postgres from 121.186.31.54
Oct 14 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28299]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: Invalid user es from 121.186.31.54
Oct 14 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: input_userauth_request: invalid user es [preauth]
Oct 14 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: Failed password for invalid user guest from 121.186.31.54 port 35574 ssh2
Oct 14 01:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: Connection closed by 121.186.31.54 port 35574 [preauth]
Oct 14 01:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Failed password for invalid user postgres from 121.186.31.54 port 35580 ssh2
Oct 14 01:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: Failed password for invalid user es from 121.186.31.54 port 44994 ssh2
Oct 14 01:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Connection closed by 121.186.31.54 port 35580 [preauth]
Oct 14 01:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: Connection closed by 121.186.31.54 port 44994 [preauth]
Oct 14 01:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: Invalid user postgres from 121.186.31.54
Oct 14 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28912]: Invalid user ubuntu from 121.186.31.54
Oct 14 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28912]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28912]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: Failed password for invalid user postgres from 121.186.31.54 port 45016 ssh2
Oct 14 01:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: Connection closed by 121.186.31.54 port 45016 [preauth]
Oct 14 01:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28912]: Failed password for invalid user ubuntu from 121.186.31.54 port 45046 ssh2
Oct 14 01:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28912]: Connection closed by 121.186.31.54 port 45046 [preauth]
Oct 14 01:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: Failed password for root from 121.186.31.54 port 45034 ssh2
Oct 14 01:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: Connection closed by 121.186.31.54 port 45034 [preauth]
Oct 14 01:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: Invalid user user from 121.186.31.54
Oct 14 01:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: input_userauth_request: invalid user user [preauth]
Oct 14 01:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29001]: Invalid user deploy from 121.186.31.54
Oct 14 01:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29001]: input_userauth_request: invalid user deploy [preauth]
Oct 14 01:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29001]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29009]: Invalid user orangepi from 121.186.31.54
Oct 14 01:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29009]: input_userauth_request: invalid user orangepi [preauth]
Oct 14 01:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29009]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: Failed password for invalid user user from 121.186.31.54 port 45070 ssh2
Oct 14 01:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: Connection closed by 121.186.31.54 port 45070 [preauth]
Oct 14 01:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29001]: Failed password for invalid user deploy from 121.186.31.54 port 45064 ssh2
Oct 14 01:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29009]: Failed password for invalid user orangepi from 121.186.31.54 port 45076 ssh2
Oct 14 01:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29001]: Connection closed by 121.186.31.54 port 45064 [preauth]
Oct 14 01:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29009]: Connection closed by 121.186.31.54 port 45076 [preauth]
Oct 14 01:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29019]: Invalid user user from 121.186.31.54
Oct 14 01:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29019]: input_userauth_request: invalid user user [preauth]
Oct 14 01:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29019]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: Invalid user ramp from 121.186.31.54
Oct 14 01:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: input_userauth_request: invalid user ramp [preauth]
Oct 14 01:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29019]: Failed password for invalid user user from 121.186.31.54 port 44142 ssh2
Oct 14 01:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29019]: Connection closed by 121.186.31.54 port 44142 [preauth]
Oct 14 01:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: Invalid user guest from 121.186.31.54
Oct 14 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: input_userauth_request: invalid user guest [preauth]
Oct 14 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: Failed password for invalid user ramp from 121.186.31.54 port 44156 ssh2
Oct 14 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29064]: Connection closed by 121.186.31.54 port 44156 [preauth]
Oct 14 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29066]: Failed password for root from 121.186.31.54 port 44164 ssh2
Oct 14 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29066]: Connection closed by 121.186.31.54 port 44164 [preauth]
Oct 14 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: Failed password for invalid user guest from 121.186.31.54 port 44172 ssh2
Oct 14 01:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29077]: Connection closed by 121.186.31.54 port 44172 [preauth]
Oct 14 01:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29079]: Invalid user admin from 121.186.31.54
Oct 14 01:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29079]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29079]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29089]: Invalid user ubuntu from 121.186.31.54
Oct 14 01:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29089]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29089]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29081]: Failed password for root from 121.186.31.54 port 59820 ssh2
Oct 14 01:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29081]: Connection closed by 121.186.31.54 port 59820 [preauth]
Oct 14 01:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29079]: Failed password for invalid user admin from 121.186.31.54 port 59810 ssh2
Oct 14 01:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29079]: Connection closed by 121.186.31.54 port 59810 [preauth]
Oct 14 01:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29089]: Failed password for invalid user ubuntu from 121.186.31.54 port 59832 ssh2
Oct 14 01:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26579]: pam_unix(cron:session): session closed for user root
Oct 14 01:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: Invalid user testuser from 121.186.31.54
Oct 14 01:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: input_userauth_request: invalid user testuser [preauth]
Oct 14 01:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29089]: Connection closed by 121.186.31.54 port 59832 [preauth]
Oct 14 01:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: Invalid user admin from 121.186.31.54
Oct 14 01:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29134]: Invalid user cdn from 36.67.70.198
Oct 14 01:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29134]: input_userauth_request: invalid user cdn [preauth]
Oct 14 01:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29134]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: Failed password for invalid user testuser from 121.186.31.54 port 59834 ssh2
Oct 14 01:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: Connection closed by 121.186.31.54 port 59834 [preauth]
Oct 14 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29134]: Failed password for invalid user cdn from 36.67.70.198 port 58772 ssh2
Oct 14 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: Failed password for invalid user admin from 121.186.31.54 port 59850 ssh2
Oct 14 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29134]: Received disconnect from 36.67.70.198 port 58772:11: Bye Bye [preauth]
Oct 14 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29134]: Disconnected from 36.67.70.198 port 58772 [preauth]
Oct 14 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29142]: User mysql from 209.38.110.157 not allowed because not listed in AllowUsers
Oct 14 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29142]: input_userauth_request: invalid user mysql [preauth]
Oct 14 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: Connection closed by 121.186.31.54 port 59850 [preauth]
Oct 14 01:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=mysql
Oct 14 01:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: Invalid user vyos from 121.186.31.54
Oct 14 01:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: input_userauth_request: invalid user vyos [preauth]
Oct 14 01:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29136]: Failed password for root from 121.186.31.54 port 59864 ssh2
Oct 14 01:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29136]: Connection closed by 121.186.31.54 port 59864 [preauth]
Oct 14 01:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29142]: Failed password for invalid user mysql from 209.38.110.157 port 52618 ssh2
Oct 14 01:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29142]: Connection closed by 209.38.110.157 port 52618 [preauth]
Oct 14 01:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: Failed password for invalid user vyos from 121.186.31.54 port 59878 ssh2
Oct 14 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Invalid user kali from 121.186.31.54
Oct 14 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: input_userauth_request: invalid user kali [preauth]
Oct 14 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: Connection closed by 121.186.31.54 port 59878 [preauth]
Oct 14 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: Invalid user user from 121.186.31.54
Oct 14 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: input_userauth_request: invalid user user [preauth]
Oct 14 01:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Failed password for invalid user kali from 121.186.31.54 port 32818 ssh2
Oct 14 01:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Connection closed by 121.186.31.54 port 32818 [preauth]
Oct 14 01:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: Failed password for invalid user user from 121.186.31.54 port 32824 ssh2
Oct 14 01:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: Connection closed by 121.186.31.54 port 32824 [preauth]
Oct 14 01:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29196]: Invalid user testuser from 121.186.31.54
Oct 14 01:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29196]: input_userauth_request: invalid user testuser [preauth]
Oct 14 01:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: Failed password for root from 121.186.31.54 port 32834 ssh2
Oct 14 01:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29196]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: Invalid user debian from 121.186.31.54
Oct 14 01:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: Connection closed by 121.186.31.54 port 32834 [preauth]
Oct 14 01:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: Failed password for invalid user debian from 121.186.31.54 port 32852 ssh2
Oct 14 01:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29196]: Failed password for invalid user testuser from 121.186.31.54 port 32846 ssh2
Oct 14 01:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29196]: Connection closed by 121.186.31.54 port 32846 [preauth]
Oct 14 01:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29199]: Connection closed by 121.186.31.54 port 32852 [preauth]
Oct 14 01:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29203]: Failed password for root from 121.186.31.54 port 32864 ssh2
Oct 14 01:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29203]: Connection closed by 121.186.31.54 port 32864 [preauth]
Oct 14 01:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: Invalid user ubuntu from 121.186.31.54
Oct 14 01:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: Invalid user oracle from 121.186.31.54
Oct 14 01:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: input_userauth_request: invalid user oracle [preauth]
Oct 14 01:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: Failed password for invalid user oracle from 121.186.31.54 port 38490 ssh2
Oct 14 01:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: Failed password for invalid user ubuntu from 121.186.31.54 port 38496 ssh2
Oct 14 01:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: Connection closed by 121.186.31.54 port 38490 [preauth]
Oct 14 01:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: Connection closed by 121.186.31.54 port 38496 [preauth]
Oct 14 01:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29245]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29246]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29241]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: Failed password for root from 121.186.31.54 port 38510 ssh2
Oct 14 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: Invalid user jenkins from 121.186.31.54
Oct 14 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Invalid user kafka from 121.186.31.54
Oct 14 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: input_userauth_request: invalid user kafka [preauth]
Oct 14 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: Connection closed by 121.186.31.54 port 38510 [preauth]
Oct 14 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29329]: Successful su for rubyman by root
Oct 14 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29329]: + ??? root:rubyman
Oct 14 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408234 of user rubyman.
Oct 14 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29329]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408234.
Oct 14 01:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Failed password for invalid user kafka from 121.186.31.54 port 38526 ssh2
Oct 14 01:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Connection closed by 121.186.31.54 port 38526 [preauth]
Oct 14 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: Failed password for invalid user jenkins from 121.186.31.54 port 38516 ssh2
Oct 14 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29222]: Connection closed by 121.186.31.54 port 38516 [preauth]
Oct 14 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29328]: Invalid user linaro from 121.186.31.54
Oct 14 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29328]: input_userauth_request: invalid user linaro [preauth]
Oct 14 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29328]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: Invalid user ansible from 121.186.31.54
Oct 14 01:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: input_userauth_request: invalid user ansible [preauth]
Oct 14 01:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: Invalid user deploy from 121.186.31.54
Oct 14 01:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: input_userauth_request: invalid user deploy [preauth]
Oct 14 01:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29328]: Failed password for invalid user linaro from 121.186.31.54 port 38532 ssh2
Oct 14 01:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29328]: Connection closed by 121.186.31.54 port 38532 [preauth]
Oct 14 01:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: Failed password for invalid user deploy from 121.186.31.54 port 48828 ssh2
Oct 14 01:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: Failed password for invalid user ansible from 121.186.31.54 port 48814 ssh2
Oct 14 01:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: Connection closed by 121.186.31.54 port 48828 [preauth]
Oct 14 01:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: Connection closed by 121.186.31.54 port 48814 [preauth]
Oct 14 01:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24639]: pam_unix(cron:session): session closed for user root
Oct 14 01:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: Invalid user ubnt from 121.186.31.54
Oct 14 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: input_userauth_request: invalid user ubnt [preauth]
Oct 14 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: Invalid user ubnt from 121.186.31.54
Oct 14 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: input_userauth_request: invalid user ubnt [preauth]
Oct 14 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29545]: Invalid user oracle from 121.186.31.54
Oct 14 01:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29545]: input_userauth_request: invalid user oracle [preauth]
Oct 14 01:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29545]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: Failed password for invalid user ubnt from 121.186.31.54 port 48862 ssh2
Oct 14 01:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: Connection closed by 121.186.31.54 port 48862 [preauth]
Oct 14 01:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: Failed password for invalid user ubnt from 121.186.31.54 port 48840 ssh2
Oct 14 01:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29545]: Failed password for invalid user oracle from 121.186.31.54 port 48852 ssh2
Oct 14 01:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: Connection closed by 121.186.31.54 port 48840 [preauth]
Oct 14 01:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: Invalid user desktop from 107.172.76.10
Oct 14 01:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: input_userauth_request: invalid user desktop [preauth]
Oct 14 01:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29545]: Connection closed by 121.186.31.54 port 48852 [preauth]
Oct 14 01:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: Failed password for invalid user desktop from 107.172.76.10 port 52996 ssh2
Oct 14 01:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29576]: User mysql from 121.186.31.54 not allowed because not listed in AllowUsers
Oct 14 01:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29576]: input_userauth_request: invalid user mysql [preauth]
Oct 14 01:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: Received disconnect from 107.172.76.10 port 52996:11: Bye Bye [preauth]
Oct 14 01:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: Disconnected from 107.172.76.10 port 52996 [preauth]
Oct 14 01:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=mysql
Oct 14 01:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29243]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29585]: Invalid user guest from 121.186.31.54
Oct 14 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29585]: input_userauth_request: invalid user guest [preauth]
Oct 14 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29576]: Failed password for invalid user mysql from 121.186.31.54 port 48874 ssh2
Oct 14 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29585]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29576]: Connection closed by 121.186.31.54 port 48874 [preauth]
Oct 14 01:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: Failed password for root from 121.186.31.54 port 48888 ssh2
Oct 14 01:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: Connection closed by 121.186.31.54 port 48888 [preauth]
Oct 14 01:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29585]: Failed password for invalid user guest from 121.186.31.54 port 52378 ssh2
Oct 14 01:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29585]: Connection closed by 121.186.31.54 port 52378 [preauth]
Oct 14 01:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29620]: Invalid user devops from 121.186.31.54
Oct 14 01:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29620]: input_userauth_request: invalid user devops [preauth]
Oct 14 01:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29620]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29628]: Invalid user testuser from 121.186.31.54
Oct 14 01:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29628]: input_userauth_request: invalid user testuser [preauth]
Oct 14 01:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29632]: Invalid user kali from 121.186.31.54
Oct 14 01:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29632]: input_userauth_request: invalid user kali [preauth]
Oct 14 01:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29620]: Failed password for invalid user devops from 121.186.31.54 port 52388 ssh2
Oct 14 01:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29628]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29620]: Connection closed by 121.186.31.54 port 52388 [preauth]
Oct 14 01:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29632]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124  user=root
Oct 14 01:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29628]: Failed password for invalid user testuser from 121.186.31.54 port 52400 ssh2
Oct 14 01:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29642]: Invalid user deploy from 121.186.31.54
Oct 14 01:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29642]: input_userauth_request: invalid user deploy [preauth]
Oct 14 01:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29642]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29628]: Connection closed by 121.186.31.54 port 52400 [preauth]
Oct 14 01:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29632]: Failed password for invalid user kali from 121.186.31.54 port 52408 ssh2
Oct 14 01:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29632]: Connection closed by 121.186.31.54 port 52408 [preauth]
Oct 14 01:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29604]: Failed password for root from 138.68.58.124 port 51320 ssh2
Oct 14 01:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29604]: Connection closed by 138.68.58.124 port 51320 [preauth]
Oct 14 01:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29642]: Failed password for invalid user deploy from 121.186.31.54 port 52420 ssh2
Oct 14 01:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29642]: Connection closed by 121.186.31.54 port 52420 [preauth]
Oct 14 01:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: User mysql from 121.186.31.54 not allowed because not listed in AllowUsers
Oct 14 01:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: input_userauth_request: invalid user mysql [preauth]
Oct 14 01:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=mysql
Oct 14 01:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29656]: Invalid user odoo18 from 121.186.31.54
Oct 14 01:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29656]: input_userauth_request: invalid user odoo18 [preauth]
Oct 14 01:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29656]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: Failed password for invalid user mysql from 121.186.31.54 port 54986 ssh2
Oct 14 01:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: Connection closed by 121.186.31.54 port 54986 [preauth]
Oct 14 01:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29656]: Failed password for invalid user odoo18 from 121.186.31.54 port 54998 ssh2
Oct 14 01:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29656]: Connection closed by 121.186.31.54 port 54998 [preauth]
Oct 14 01:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: Invalid user ftpuser from 121.186.31.54
Oct 14 01:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 01:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: Failed password for invalid user ftpuser from 121.186.31.54 port 55016 ssh2
Oct 14 01:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29683]: Connection closed by 121.186.31.54 port 55016 [preauth]
Oct 14 01:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54  user=root
Oct 14 01:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27413]: pam_unix(cron:session): session closed for user root
Oct 14 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: Failed password for root from 121.186.31.54 port 55012 ssh2
Oct 14 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: Connection closed by 121.186.31.54 port 55012 [preauth]
Oct 14 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29687]: Failed password for root from 121.186.31.54 port 33842 ssh2
Oct 14 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29687]: Connection closed by 121.186.31.54 port 33842 [preauth]
Oct 14 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: Invalid user testuser from 121.186.31.54
Oct 14 01:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: input_userauth_request: invalid user testuser [preauth]
Oct 14 01:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29732]: Invalid user deploy from 121.186.31.54
Oct 14 01:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29732]: input_userauth_request: invalid user deploy [preauth]
Oct 14 01:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29732]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: Failed password for invalid user testuser from 121.186.31.54 port 33848 ssh2
Oct 14 01:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29732]: Failed password for invalid user deploy from 121.186.31.54 port 33854 ssh2
Oct 14 01:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: Connection closed by 121.186.31.54 port 33848 [preauth]
Oct 14 01:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29732]: Connection closed by 121.186.31.54 port 33854 [preauth]
Oct 14 01:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29743]: Invalid user ansible from 121.186.31.54
Oct 14 01:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29743]: input_userauth_request: invalid user ansible [preauth]
Oct 14 01:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29747]: User mysql from 209.38.110.157 not allowed because not listed in AllowUsers
Oct 14 01:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29747]: input_userauth_request: invalid user mysql [preauth]
Oct 14 01:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=mysql
Oct 14 01:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29743]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.186.31.54
Oct 14 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29747]: Failed password for invalid user mysql from 209.38.110.157 port 51610 ssh2
Oct 14 01:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29743]: Failed password for invalid user ansible from 121.186.31.54 port 33860 ssh2
Oct 14 01:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29743]: Connection closed by 121.186.31.54 port 33860 [preauth]
Oct 14 01:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29747]: Connection closed by 209.38.110.157 port 51610 [preauth]
Oct 14 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29810]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29807]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29803]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29805]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30011]: Successful su for rubyman by root
Oct 14 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30011]: + ??? root:rubyman
Oct 14 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408237 of user rubyman.
Oct 14 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30011]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408237.
Oct 14 01:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29803]: pam_unix(cron:session): session closed for user root
Oct 14 01:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25143]: pam_unix(cron:session): session closed for user root
Oct 14 01:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29806]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Invalid user user from 62.60.131.157
Oct 14 01:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: input_userauth_request: invalid user user [preauth]
Oct 14 01:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 01:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Failed password for invalid user user from 62.60.131.157 port 46733 ssh2
Oct 14 01:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Invalid user cgpexpert from 36.67.70.198
Oct 14 01:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: input_userauth_request: invalid user cgpexpert [preauth]
Oct 14 01:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Failed password for invalid user user from 62.60.131.157 port 46733 ssh2
Oct 14 01:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Failed password for invalid user cgpexpert from 36.67.70.198 port 36352 ssh2
Oct 14 01:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Received disconnect from 36.67.70.198 port 36352:11: Bye Bye [preauth]
Oct 14 01:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Disconnected from 36.67.70.198 port 36352 [preauth]
Oct 14 01:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Failed password for invalid user user from 62.60.131.157 port 46733 ssh2
Oct 14 01:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10  user=root
Oct 14 01:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Failed password for invalid user user from 62.60.131.157 port 46733 ssh2
Oct 14 01:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30356]: Failed password for root from 107.172.76.10 port 42958 ssh2
Oct 14 01:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30356]: Received disconnect from 107.172.76.10 port 42958:11: Bye Bye [preauth]
Oct 14 01:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30356]: Disconnected from 107.172.76.10 port 42958 [preauth]
Oct 14 01:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Failed password for invalid user user from 62.60.131.157 port 46733 ssh2
Oct 14 01:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Received disconnect from 62.60.131.157 port 46733:11: Bye [preauth]
Oct 14 01:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Disconnected from 62.60.131.157 port 46733 [preauth]
Oct 14 01:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 01:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 01:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28301]: pam_unix(cron:session): session closed for user root
Oct 14 01:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30418]: User mysql from 209.38.110.157 not allowed because not listed in AllowUsers
Oct 14 01:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30418]: input_userauth_request: invalid user mysql [preauth]
Oct 14 01:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=mysql
Oct 14 01:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30418]: Failed password for invalid user mysql from 209.38.110.157 port 55648 ssh2
Oct 14 01:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30418]: Connection closed by 209.38.110.157 port 55648 [preauth]
Oct 14 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30533]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30537]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30536]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30528]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30537]: pam_unix(cron:session): session closed for user root
Oct 14 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30526]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30650]: Successful su for rubyman by root
Oct 14 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30650]: + ??? root:rubyman
Oct 14 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408246 of user rubyman.
Oct 14 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30650]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408246.
Oct 14 01:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30528]: pam_unix(cron:session): session closed for user root
Oct 14 01:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25931]: pam_unix(cron:session): session closed for user root
Oct 14 01:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30527]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29246]: pam_unix(cron:session): session closed for user root
Oct 14 01:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31042]: User mysql from 209.38.110.157 not allowed because not listed in AllowUsers
Oct 14 01:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31042]: input_userauth_request: invalid user mysql [preauth]
Oct 14 01:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157  user=mysql
Oct 14 01:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31042]: Failed password for invalid user mysql from 209.38.110.157 port 57486 ssh2
Oct 14 01:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31042]: Connection closed by 209.38.110.157 port 57486 [preauth]
Oct 14 01:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31056]: Invalid user elasticsearch from 107.172.76.10
Oct 14 01:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31056]: input_userauth_request: invalid user elasticsearch [preauth]
Oct 14 01:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31056]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31056]: Failed password for invalid user elasticsearch from 107.172.76.10 port 36102 ssh2
Oct 14 01:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31056]: Received disconnect from 107.172.76.10 port 36102:11: Bye Bye [preauth]
Oct 14 01:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31056]: Disconnected from 107.172.76.10 port 36102 [preauth]
Oct 14 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31086]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31087]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31080]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31172]: Successful su for rubyman by root
Oct 14 01:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31172]: + ??? root:rubyman
Oct 14 01:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31172]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408251 of user rubyman.
Oct 14 01:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31172]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408251.
Oct 14 01:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26578]: pam_unix(cron:session): session closed for user root
Oct 14 01:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31346]: Invalid user legion from 36.67.70.198
Oct 14 01:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31346]: input_userauth_request: invalid user legion [preauth]
Oct 14 01:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31346]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31346]: Failed password for invalid user legion from 36.67.70.198 port 42402 ssh2
Oct 14 01:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31346]: Received disconnect from 36.67.70.198 port 42402:11: Bye Bye [preauth]
Oct 14 01:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31346]: Disconnected from 36.67.70.198 port 42402 [preauth]
Oct 14 01:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31081]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29810]: pam_unix(cron:session): session closed for user root
Oct 14 01:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Invalid user postgres from 209.38.110.157
Oct 14 01:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Failed password for invalid user postgres from 209.38.110.157 port 42482 ssh2
Oct 14 01:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Connection closed by 209.38.110.157 port 42482 [preauth]
Oct 14 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31713]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31712]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31711]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31714]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31711]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31781]: Successful su for rubyman by root
Oct 14 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31781]: + ??? root:rubyman
Oct 14 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408253 of user rubyman.
Oct 14 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31781]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408253.
Oct 14 01:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27412]: pam_unix(cron:session): session closed for user root
Oct 14 01:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31974]: Invalid user tester from 107.172.76.10
Oct 14 01:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31974]: input_userauth_request: invalid user tester [preauth]
Oct 14 01:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31974]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31974]: Failed password for invalid user tester from 107.172.76.10 port 36920 ssh2
Oct 14 01:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31974]: Received disconnect from 107.172.76.10 port 36920:11: Bye Bye [preauth]
Oct 14 01:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31974]: Disconnected from 107.172.76.10 port 36920 [preauth]
Oct 14 01:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31712]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30536]: pam_unix(cron:session): session closed for user root
Oct 14 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Invalid user postgres from 209.38.110.157
Oct 14 01:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Failed password for invalid user postgres from 209.38.110.157 port 59844 ssh2
Oct 14 01:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Connection closed by 209.38.110.157 port 59844 [preauth]
Oct 14 01:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: Invalid user ems from 36.67.70.198
Oct 14 01:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: input_userauth_request: invalid user ems [preauth]
Oct 14 01:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32270]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32271]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32267]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: Failed password for invalid user ems from 36.67.70.198 port 49960 ssh2
Oct 14 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: Received disconnect from 36.67.70.198 port 49960:11: Bye Bye [preauth]
Oct 14 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32262]: Disconnected from 36.67.70.198 port 49960 [preauth]
Oct 14 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32337]: Successful su for rubyman by root
Oct 14 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32337]: + ??? root:rubyman
Oct 14 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408258 of user rubyman.
Oct 14 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32337]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408258.
Oct 14 01:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session closed for user root
Oct 14 01:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32268]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: Invalid user admin from 2.57.121.25
Oct 14 01:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 01:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: Failed password for invalid user admin from 2.57.121.25 port 36217 ssh2
Oct 14 01:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: Failed password for invalid user admin from 2.57.121.25 port 36217 ssh2
Oct 14 01:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10  user=root
Oct 14 01:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: Failed password for invalid user admin from 2.57.121.25 port 36217 ssh2
Oct 14 01:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: Failed password for root from 107.172.76.10 port 33242 ssh2
Oct 14 01:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: Received disconnect from 107.172.76.10 port 33242:11: Bye Bye [preauth]
Oct 14 01:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: Disconnected from 107.172.76.10 port 33242 [preauth]
Oct 14 01:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: Failed password for invalid user admin from 2.57.121.25 port 36217 ssh2
Oct 14 01:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: Failed password for invalid user admin from 2.57.121.25 port 36217 ssh2
Oct 14 01:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: Received disconnect from 2.57.121.25 port 36217:11: Bye [preauth]
Oct 14 01:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: Disconnected from 2.57.121.25 port 36217 [preauth]
Oct 14 01:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 01:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 01:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31087]: pam_unix(cron:session): session closed for user root
Oct 14 01:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: Invalid user postgres from 209.38.110.157
Oct 14 01:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: Failed password for invalid user postgres from 209.38.110.157 port 46250 ssh2
Oct 14 01:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32712]: Connection closed by 209.38.110.157 port 46250 [preauth]
Oct 14 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32732]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32735]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32734]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32727]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[338]: Successful su for rubyman by root
Oct 14 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[338]: + ??? root:rubyman
Oct 14 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408261 of user rubyman.
Oct 14 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[338]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408261.
Oct 14 01:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29245]: pam_unix(cron:session): session closed for user root
Oct 14 01:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32732]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: Failed password for root from 80.211.129.128 port 34780 ssh2
Oct 14 01:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[613]: Connection closed by 80.211.129.128 port 34780 [preauth]
Oct 14 01:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31714]: pam_unix(cron:session): session closed for user root
Oct 14 01:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[689]: Invalid user ftpuser from 107.172.76.10
Oct 14 01:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[689]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 01:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[689]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[689]: Failed password for invalid user ftpuser from 107.172.76.10 port 55558 ssh2
Oct 14 01:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[689]: Received disconnect from 107.172.76.10 port 55558:11: Bye Bye [preauth]
Oct 14 01:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[689]: Disconnected from 107.172.76.10 port 55558 [preauth]
Oct 14 01:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: Invalid user alvin from 36.67.70.198
Oct 14 01:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: input_userauth_request: invalid user alvin [preauth]
Oct 14 01:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: Failed password for invalid user alvin from 36.67.70.198 port 59918 ssh2
Oct 14 01:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: Received disconnect from 36.67.70.198 port 59918:11: Bye Bye [preauth]
Oct 14 01:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: Disconnected from 36.67.70.198 port 59918 [preauth]
Oct 14 01:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: Connection closed by 151.19.65.182 port 7458 [preauth]
Oct 14 01:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: Invalid user postgres from 209.38.110.157
Oct 14 01:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: Failed password for invalid user postgres from 209.38.110.157 port 39070 ssh2
Oct 14 01:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: Connection closed by 209.38.110.157 port 39070 [preauth]
Oct 14 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[752]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[749]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[751]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[748]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[752]: pam_unix(cron:session): session closed for user root
Oct 14 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[744]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[865]: Successful su for rubyman by root
Oct 14 01:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[865]: + ??? root:rubyman
Oct 14 01:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408268 of user rubyman.
Oct 14 01:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[865]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408268.
Oct 14 01:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[748]: pam_unix(cron:session): session closed for user root
Oct 14 01:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29807]: pam_unix(cron:session): session closed for user root
Oct 14 01:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[746]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32271]: pam_unix(cron:session): session closed for user root
Oct 14 01:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1315]: Invalid user tempuser from 122.166.49.42
Oct 14 01:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1315]: input_userauth_request: invalid user tempuser [preauth]
Oct 14 01:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1315]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1315]: Failed password for invalid user tempuser from 122.166.49.42 port 51610 ssh2
Oct 14 01:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1315]: Received disconnect from 122.166.49.42 port 51610:11: Bye Bye [preauth]
Oct 14 01:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1315]: Disconnected from 122.166.49.42 port 51610 [preauth]
Oct 14 01:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: Invalid user postgres from 209.38.110.157
Oct 14 01:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: Failed password for invalid user postgres from 209.38.110.157 port 38722 ssh2
Oct 14 01:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: Connection closed by 209.38.110.157 port 38722 [preauth]
Oct 14 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1363]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1362]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1360]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1359]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1477]: Successful su for rubyman by root
Oct 14 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1477]: + ??? root:rubyman
Oct 14 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408273 of user rubyman.
Oct 14 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1477]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408273.
Oct 14 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1558]: Invalid user hu from 107.172.76.10
Oct 14 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1558]: input_userauth_request: invalid user hu [preauth]
Oct 14 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1558]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1558]: Failed password for invalid user hu from 107.172.76.10 port 53076 ssh2
Oct 14 01:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1558]: Received disconnect from 107.172.76.10 port 53076:11: Bye Bye [preauth]
Oct 14 01:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1558]: Disconnected from 107.172.76.10 port 53076 [preauth]
Oct 14 01:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30533]: pam_unix(cron:session): session closed for user root
Oct 14 01:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1360]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32735]: pam_unix(cron:session): session closed for user root
Oct 14 01:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: Invalid user marcelo from 36.67.70.198
Oct 14 01:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: input_userauth_request: invalid user marcelo [preauth]
Oct 14 01:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: Failed password for invalid user marcelo from 36.67.70.198 port 42002 ssh2
Oct 14 01:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: Received disconnect from 36.67.70.198 port 42002:11: Bye Bye [preauth]
Oct 14 01:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1821]: Disconnected from 36.67.70.198 port 42002 [preauth]
Oct 14 01:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: Invalid user postgres from 209.38.110.157
Oct 14 01:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: Failed password for invalid user postgres from 209.38.110.157 port 38254 ssh2
Oct 14 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: Connection closed by 209.38.110.157 port 38254 [preauth]
Oct 14 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1984]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1987]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1980]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1980]: pam_unix(cron:session): session closed for user root
Oct 14 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1982]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2056]: Successful su for rubyman by root
Oct 14 01:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2056]: + ??? root:rubyman
Oct 14 01:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408276 of user rubyman.
Oct 14 01:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2056]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408276.
Oct 14 01:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2233]: Bad protocol version identification '\026\003\001' from 195.178.110.15 port 37114
Oct 14 01:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2234]: Bad protocol version identification 'GET / HTTP/1.1' from 195.178.110.15 port 37122
Oct 14 01:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31086]: pam_unix(cron:session): session closed for user root
Oct 14 01:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1983]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2320]: Invalid user k8s from 107.172.76.10
Oct 14 01:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2320]: input_userauth_request: invalid user k8s [preauth]
Oct 14 01:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2320]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2320]: Failed password for invalid user k8s from 107.172.76.10 port 33252 ssh2
Oct 14 01:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2320]: Received disconnect from 107.172.76.10 port 33252:11: Bye Bye [preauth]
Oct 14 01:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2320]: Disconnected from 107.172.76.10 port 33252 [preauth]
Oct 14 01:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[751]: pam_unix(cron:session): session closed for user root
Oct 14 01:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124  user=root
Oct 14 01:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: Failed password for root from 138.68.58.124 port 60932 ssh2
Oct 14 01:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2335]: Connection closed by 138.68.58.124 port 60932 [preauth]
Oct 14 01:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2446]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2445]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2442]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: Invalid user postgres from 209.38.110.157
Oct 14 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2531]: Successful su for rubyman by root
Oct 14 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2531]: + ??? root:rubyman
Oct 14 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408281 of user rubyman.
Oct 14 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2531]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408281.
Oct 14 01:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: Failed password for invalid user postgres from 209.38.110.157 port 46542 ssh2
Oct 14 01:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2438]: Connection closed by 209.38.110.157 port 46542 [preauth]
Oct 14 01:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31713]: pam_unix(cron:session): session closed for user root
Oct 14 01:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2444]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198  user=root
Oct 14 01:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: Failed password for root from 36.67.70.198 port 51520 ssh2
Oct 14 01:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: Received disconnect from 36.67.70.198 port 51520:11: Bye Bye [preauth]
Oct 14 01:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: Disconnected from 36.67.70.198 port 51520 [preauth]
Oct 14 01:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1363]: pam_unix(cron:session): session closed for user root
Oct 14 01:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10  user=root
Oct 14 01:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: Invalid user devuser from 122.166.49.42
Oct 14 01:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: input_userauth_request: invalid user devuser [preauth]
Oct 14 01:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: Failed password for root from 107.172.76.10 port 34060 ssh2
Oct 14 01:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: Received disconnect from 107.172.76.10 port 34060:11: Bye Bye [preauth]
Oct 14 01:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: Disconnected from 107.172.76.10 port 34060 [preauth]
Oct 14 01:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: Failed password for invalid user devuser from 122.166.49.42 port 44048 ssh2
Oct 14 01:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: Received disconnect from 122.166.49.42 port 44048:11: Bye Bye [preauth]
Oct 14 01:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: Disconnected from 122.166.49.42 port 44048 [preauth]
Oct 14 01:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2896]: Invalid user postgres from 209.38.110.157
Oct 14 01:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2896]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2896]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2910]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2911]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2907]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2986]: Successful su for rubyman by root
Oct 14 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2986]: + ??? root:rubyman
Oct 14 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408285 of user rubyman.
Oct 14 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2986]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408285.
Oct 14 01:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2896]: Failed password for invalid user postgres from 209.38.110.157 port 55246 ssh2
Oct 14 01:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2896]: Connection closed by 209.38.110.157 port 55246 [preauth]
Oct 14 01:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32270]: pam_unix(cron:session): session closed for user root
Oct 14 01:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2908]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1987]: pam_unix(cron:session): session closed for user root
Oct 14 01:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3358]: Invalid user prova from 107.172.76.10
Oct 14 01:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3358]: input_userauth_request: invalid user prova [preauth]
Oct 14 01:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3358]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: Invalid user postgres from 209.38.110.157
Oct 14 01:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3369]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3372]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3374]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3373]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3374]: pam_unix(cron:session): session closed for user root
Oct 14 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3367]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3358]: Failed password for invalid user prova from 107.172.76.10 port 41896 ssh2
Oct 14 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3358]: Received disconnect from 107.172.76.10 port 41896:11: Bye Bye [preauth]
Oct 14 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3358]: Disconnected from 107.172.76.10 port 41896 [preauth]
Oct 14 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: Failed password for invalid user postgres from 209.38.110.157 port 36406 ssh2
Oct 14 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: Connection closed by 209.38.110.157 port 36406 [preauth]
Oct 14 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3456]: Successful su for rubyman by root
Oct 14 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3456]: + ??? root:rubyman
Oct 14 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408291 of user rubyman.
Oct 14 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3456]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408291.
Oct 14 01:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3369]: pam_unix(cron:session): session closed for user root
Oct 14 01:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32734]: pam_unix(cron:session): session closed for user root
Oct 14 01:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3368]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: Invalid user hu from 36.67.70.198
Oct 14 01:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: input_userauth_request: invalid user hu [preauth]
Oct 14 01:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: Invalid user ali from 122.166.49.42
Oct 14 01:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: input_userauth_request: invalid user ali [preauth]
Oct 14 01:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: Failed password for invalid user hu from 36.67.70.198 port 59988 ssh2
Oct 14 01:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: Received disconnect from 36.67.70.198 port 59988:11: Bye Bye [preauth]
Oct 14 01:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: Disconnected from 36.67.70.198 port 59988 [preauth]
Oct 14 01:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: Failed password for invalid user ali from 122.166.49.42 port 48276 ssh2
Oct 14 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: Received disconnect from 122.166.49.42 port 48276:11: Bye Bye [preauth]
Oct 14 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: Disconnected from 122.166.49.42 port 48276 [preauth]
Oct 14 01:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2446]: pam_unix(cron:session): session closed for user root
Oct 14 01:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Invalid user postgres from 209.38.110.157
Oct 14 01:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3870]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3869]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3867]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3947]: Successful su for rubyman by root
Oct 14 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3947]: + ??? root:rubyman
Oct 14 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3947]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408293 of user rubyman.
Oct 14 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3947]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408293.
Oct 14 01:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Failed password for invalid user postgres from 209.38.110.157 port 57236 ssh2
Oct 14 01:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Connection closed by 209.38.110.157 port 57236 [preauth]
Oct 14 01:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[749]: pam_unix(cron:session): session closed for user root
Oct 14 01:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Invalid user ems from 107.172.76.10
Oct 14 01:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: input_userauth_request: invalid user ems [preauth]
Oct 14 01:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Failed password for invalid user ems from 107.172.76.10 port 42368 ssh2
Oct 14 01:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Received disconnect from 107.172.76.10 port 42368:11: Bye Bye [preauth]
Oct 14 01:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Disconnected from 107.172.76.10 port 42368 [preauth]
Oct 14 01:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3868]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2911]: pam_unix(cron:session): session closed for user root
Oct 14 01:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: Invalid user web from 122.166.49.42
Oct 14 01:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: input_userauth_request: invalid user web [preauth]
Oct 14 01:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: Failed password for invalid user web from 122.166.49.42 port 52478 ssh2
Oct 14 01:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: Received disconnect from 122.166.49.42 port 52478:11: Bye Bye [preauth]
Oct 14 01:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4359]: Disconnected from 122.166.49.42 port 52478 [preauth]
Oct 14 01:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Invalid user postgres from 209.38.110.157
Oct 14 01:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Failed password for invalid user postgres from 209.38.110.157 port 53610 ssh2
Oct 14 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4389]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4388]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4386]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Connection closed by 209.38.110.157 port 53610 [preauth]
Oct 14 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4463]: Successful su for rubyman by root
Oct 14 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4463]: + ??? root:rubyman
Oct 14 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408297 of user rubyman.
Oct 14 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4463]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408297.
Oct 14 01:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198  user=root
Oct 14 01:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: Failed password for root from 36.67.70.198 port 38996 ssh2
Oct 14 01:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: Received disconnect from 36.67.70.198 port 38996:11: Bye Bye [preauth]
Oct 14 01:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: Disconnected from 36.67.70.198 port 38996 [preauth]
Oct 14 01:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1362]: pam_unix(cron:session): session closed for user root
Oct 14 01:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4387]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10  user=root
Oct 14 01:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Failed password for root from 107.172.76.10 port 42234 ssh2
Oct 14 01:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Received disconnect from 107.172.76.10 port 42234:11: Bye Bye [preauth]
Oct 14 01:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Disconnected from 107.172.76.10 port 42234 [preauth]
Oct 14 01:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3373]: pam_unix(cron:session): session closed for user root
Oct 14 01:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: Invalid user postgres from 209.38.110.157
Oct 14 01:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4934]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4935]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4931]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5200]: Successful su for rubyman by root
Oct 14 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5200]: + ??? root:rubyman
Oct 14 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408303 of user rubyman.
Oct 14 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5200]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408303.
Oct 14 01:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: Failed password for invalid user postgres from 209.38.110.157 port 36284 ssh2
Oct 14 01:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: Connection closed by 209.38.110.157 port 36284 [preauth]
Oct 14 01:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1984]: pam_unix(cron:session): session closed for user root
Oct 14 01:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4933]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5716]: Invalid user vishal from 122.166.49.42
Oct 14 01:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5716]: input_userauth_request: invalid user vishal [preauth]
Oct 14 01:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5716]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5716]: Failed password for invalid user vishal from 122.166.49.42 port 56702 ssh2
Oct 14 01:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5716]: Received disconnect from 122.166.49.42 port 56702:11: Bye Bye [preauth]
Oct 14 01:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5716]: Disconnected from 122.166.49.42 port 56702 [preauth]
Oct 14 01:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3870]: pam_unix(cron:session): session closed for user root
Oct 14 01:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5840]: Invalid user alvin from 107.172.76.10
Oct 14 01:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5840]: input_userauth_request: invalid user alvin [preauth]
Oct 14 01:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5840]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5838]: Invalid user ftp_user from 36.67.70.198
Oct 14 01:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5838]: input_userauth_request: invalid user ftp_user [preauth]
Oct 14 01:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5838]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5840]: Failed password for invalid user alvin from 107.172.76.10 port 44182 ssh2
Oct 14 01:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5840]: Received disconnect from 107.172.76.10 port 44182:11: Bye Bye [preauth]
Oct 14 01:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5840]: Disconnected from 107.172.76.10 port 44182 [preauth]
Oct 14 01:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5838]: Failed password for invalid user ftp_user from 36.67.70.198 port 45694 ssh2
Oct 14 01:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5838]: Received disconnect from 36.67.70.198 port 45694:11: Bye Bye [preauth]
Oct 14 01:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5838]: Disconnected from 36.67.70.198 port 45694 [preauth]
Oct 14 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5864]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5861]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5859]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5953]: Successful su for rubyman by root
Oct 14 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5953]: + ??? root:rubyman
Oct 14 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408306 of user rubyman.
Oct 14 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5953]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408306.
Oct 14 01:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Invalid user postgres from 209.38.110.157
Oct 14 01:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Failed password for invalid user postgres from 209.38.110.157 port 46162 ssh2
Oct 14 01:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Connection closed by 209.38.110.157 port 46162 [preauth]
Oct 14 01:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2445]: pam_unix(cron:session): session closed for user root
Oct 14 01:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5860]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4389]: pam_unix(cron:session): session closed for user root
Oct 14 01:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: Invalid user administrator from 122.166.49.42
Oct 14 01:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: input_userauth_request: invalid user administrator [preauth]
Oct 14 01:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: Failed password for invalid user administrator from 122.166.49.42 port 60918 ssh2
Oct 14 01:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: Received disconnect from 122.166.49.42 port 60918:11: Bye Bye [preauth]
Oct 14 01:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: Disconnected from 122.166.49.42 port 60918 [preauth]
Oct 14 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6318]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6319]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6316]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6317]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6319]: pam_unix(cron:session): session closed for user root
Oct 14 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6314]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6399]: Successful su for rubyman by root
Oct 14 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6399]: + ??? root:rubyman
Oct 14 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408312 of user rubyman.
Oct 14 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6399]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408312.
Oct 14 01:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Invalid user postgres from 209.38.110.157
Oct 14 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Failed password for invalid user postgres from 209.38.110.157 port 57420 ssh2
Oct 14 01:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6427]: Connection closed by 209.38.110.157 port 57420 [preauth]
Oct 14 01:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6316]: pam_unix(cron:session): session closed for user root
Oct 14 01:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2910]: pam_unix(cron:session): session closed for user root
Oct 14 01:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: Invalid user zyx from 107.172.76.10
Oct 14 01:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: input_userauth_request: invalid user zyx [preauth]
Oct 14 01:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: Failed password for invalid user zyx from 107.172.76.10 port 34624 ssh2
Oct 14 01:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: Received disconnect from 107.172.76.10 port 34624:11: Bye Bye [preauth]
Oct 14 01:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: Disconnected from 107.172.76.10 port 34624 [preauth]
Oct 14 01:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6315]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4935]: pam_unix(cron:session): session closed for user root
Oct 14 01:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198  user=root
Oct 14 01:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: Failed password for root from 36.67.70.198 port 52754 ssh2
Oct 14 01:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: Received disconnect from 36.67.70.198 port 52754:11: Bye Bye [preauth]
Oct 14 01:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: Disconnected from 36.67.70.198 port 52754 [preauth]
Oct 14 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6919]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6918]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6912]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6995]: Successful su for rubyman by root
Oct 14 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6995]: + ??? root:rubyman
Oct 14 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408316 of user rubyman.
Oct 14 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6995]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408316.
Oct 14 01:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: Invalid user postgres from 209.38.110.157
Oct 14 01:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: Failed password for invalid user postgres from 209.38.110.157 port 34686 ssh2
Oct 14 01:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: Connection closed by 209.38.110.157 port 34686 [preauth]
Oct 14 01:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3372]: pam_unix(cron:session): session closed for user root
Oct 14 01:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6917]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: Invalid user ubuntu from 107.172.76.10
Oct 14 01:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: Invalid user steam from 122.166.49.42
Oct 14 01:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: input_userauth_request: invalid user steam [preauth]
Oct 14 01:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: Failed password for invalid user ubuntu from 107.172.76.10 port 53554 ssh2
Oct 14 01:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: Received disconnect from 107.172.76.10 port 53554:11: Bye Bye [preauth]
Oct 14 01:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: Disconnected from 107.172.76.10 port 53554 [preauth]
Oct 14 01:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: Failed password for invalid user steam from 122.166.49.42 port 36904 ssh2
Oct 14 01:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: Received disconnect from 122.166.49.42 port 36904:11: Bye Bye [preauth]
Oct 14 01:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7344]: Disconnected from 122.166.49.42 port 36904 [preauth]
Oct 14 01:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7398]: Did not receive identification string from 159.65.53.56
Oct 14 01:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5864]: pam_unix(cron:session): session closed for user root
Oct 14 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7491]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7490]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7488]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Invalid user postgres from 209.38.110.157
Oct 14 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7559]: Successful su for rubyman by root
Oct 14 01:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7559]: + ??? root:rubyman
Oct 14 01:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408319 of user rubyman.
Oct 14 01:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7559]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408319.
Oct 14 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Failed password for invalid user postgres from 209.38.110.157 port 56522 ssh2
Oct 14 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Connection closed by 209.38.110.157 port 56522 [preauth]
Oct 14 01:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3869]: pam_unix(cron:session): session closed for user root
Oct 14 01:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7489]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7826]: Invalid user django from 36.67.70.198
Oct 14 01:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7826]: input_userauth_request: invalid user django [preauth]
Oct 14 01:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7826]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7826]: Failed password for invalid user django from 36.67.70.198 port 33358 ssh2
Oct 14 01:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7826]: Received disconnect from 36.67.70.198 port 33358:11: Bye Bye [preauth]
Oct 14 01:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7826]: Disconnected from 36.67.70.198 port 33358 [preauth]
Oct 14 01:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6318]: pam_unix(cron:session): session closed for user root
Oct 14 01:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: Invalid user marcelo from 107.172.76.10
Oct 14 01:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: input_userauth_request: invalid user marcelo [preauth]
Oct 14 01:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: Failed password for invalid user marcelo from 107.172.76.10 port 41972 ssh2
Oct 14 01:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: Received disconnect from 107.172.76.10 port 41972:11: Bye Bye [preauth]
Oct 14 01:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: Disconnected from 107.172.76.10 port 41972 [preauth]
Oct 14 01:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: Invalid user ahmed from 122.166.49.42
Oct 14 01:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: input_userauth_request: invalid user ahmed [preauth]
Oct 14 01:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: Failed password for invalid user ahmed from 122.166.49.42 port 41130 ssh2
Oct 14 01:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: Received disconnect from 122.166.49.42 port 41130:11: Bye Bye [preauth]
Oct 14 01:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: Disconnected from 122.166.49.42 port 41130 [preauth]
Oct 14 01:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Invalid user postgres from 209.38.110.157
Oct 14 01:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8398]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8397]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8395]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8467]: Successful su for rubyman by root
Oct 14 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8467]: + ??? root:rubyman
Oct 14 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408323 of user rubyman.
Oct 14 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8467]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408323.
Oct 14 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Failed password for invalid user postgres from 209.38.110.157 port 52500 ssh2
Oct 14 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Connection closed by 209.38.110.157 port 52500 [preauth]
Oct 14 01:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4388]: pam_unix(cron:session): session closed for user root
Oct 14 01:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8396]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 01:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8710]: Failed password for root from 80.211.129.128 port 44254 ssh2
Oct 14 01:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8710]: Connection closed by 80.211.129.128 port 44254 [preauth]
Oct 14 01:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6919]: pam_unix(cron:session): session closed for user root
Oct 14 01:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: Invalid user postgres from 209.38.110.157
Oct 14 01:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: input_userauth_request: invalid user postgres [preauth]
Oct 14 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8985]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8986]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8983]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: Failed password for invalid user postgres from 209.38.110.157 port 44948 ssh2
Oct 14 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8959]: Connection closed by 209.38.110.157 port 44948 [preauth]
Oct 14 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9059]: Successful su for rubyman by root
Oct 14 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9059]: + ??? root:rubyman
Oct 14 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408329 of user rubyman.
Oct 14 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9059]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408329.
Oct 14 01:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: Invalid user mario from 107.172.76.10
Oct 14 01:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: input_userauth_request: invalid user mario [preauth]
Oct 14 01:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4934]: pam_unix(cron:session): session closed for user root
Oct 14 01:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: Failed password for invalid user mario from 107.172.76.10 port 59032 ssh2
Oct 14 01:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: Received disconnect from 107.172.76.10 port 59032:11: Bye Bye [preauth]
Oct 14 01:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9319]: Disconnected from 107.172.76.10 port 59032 [preauth]
Oct 14 01:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8984]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198  user=root
Oct 14 01:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: Failed password for root from 36.67.70.198 port 43626 ssh2
Oct 14 01:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: Received disconnect from 36.67.70.198 port 43626:11: Bye Bye [preauth]
Oct 14 01:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: Disconnected from 36.67.70.198 port 43626 [preauth]
Oct 14 01:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: Invalid user client from 122.166.49.42
Oct 14 01:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: input_userauth_request: invalid user client [preauth]
Oct 14 01:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: Failed password for invalid user client from 122.166.49.42 port 45358 ssh2
Oct 14 01:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: Received disconnect from 122.166.49.42 port 45358:11: Bye Bye [preauth]
Oct 14 01:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: Disconnected from 122.166.49.42 port 45358 [preauth]
Oct 14 01:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7491]: pam_unix(cron:session): session closed for user root
Oct 14 01:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: Invalid user user from 209.38.110.157
Oct 14 01:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: input_userauth_request: invalid user user [preauth]
Oct 14 01:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9600]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9602]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9599]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9601]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9602]: pam_unix(cron:session): session closed for user root
Oct 14 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9595]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: Failed password for invalid user user from 209.38.110.157 port 56918 ssh2
Oct 14 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9579]: Connection closed by 209.38.110.157 port 56918 [preauth]
Oct 14 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9804]: Successful su for rubyman by root
Oct 14 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9804]: + ??? root:rubyman
Oct 14 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9804]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408331 of user rubyman.
Oct 14 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9804]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408331.
Oct 14 01:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9599]: pam_unix(cron:session): session closed for user root
Oct 14 01:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5861]: pam_unix(cron:session): session closed for user root
Oct 14 01:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9596]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: Invalid user oracle from 107.172.76.10
Oct 14 01:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: input_userauth_request: invalid user oracle [preauth]
Oct 14 01:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: Failed password for invalid user oracle from 107.172.76.10 port 56704 ssh2
Oct 14 01:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: Received disconnect from 107.172.76.10 port 56704:11: Bye Bye [preauth]
Oct 14 01:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: Disconnected from 107.172.76.10 port 56704 [preauth]
Oct 14 01:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8398]: pam_unix(cron:session): session closed for user root
Oct 14 01:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: Invalid user user from 209.38.110.157
Oct 14 01:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: input_userauth_request: invalid user user [preauth]
Oct 14 01:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: Failed password for invalid user user from 209.38.110.157 port 55846 ssh2
Oct 14 01:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: Connection closed by 209.38.110.157 port 55846 [preauth]
Oct 14 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10245]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10246]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10243]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10336]: Successful su for rubyman by root
Oct 14 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10336]: + ??? root:rubyman
Oct 14 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10336]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408337 of user rubyman.
Oct 14 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10336]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408337.
Oct 14 01:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10456]: Invalid user www from 122.166.49.42
Oct 14 01:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10456]: input_userauth_request: invalid user www [preauth]
Oct 14 01:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10456]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10456]: Failed password for invalid user www from 122.166.49.42 port 49586 ssh2
Oct 14 01:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10456]: Received disconnect from 122.166.49.42 port 49586:11: Bye Bye [preauth]
Oct 14 01:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10456]: Disconnected from 122.166.49.42 port 49586 [preauth]
Oct 14 01:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6317]: pam_unix(cron:session): session closed for user root
Oct 14 01:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198  user=root
Oct 14 01:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10553]: Failed password for root from 36.67.70.198 port 54234 ssh2
Oct 14 01:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10553]: Received disconnect from 36.67.70.198 port 54234:11: Bye Bye [preauth]
Oct 14 01:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10553]: Disconnected from 36.67.70.198 port 54234 [preauth]
Oct 14 01:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10244]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Invalid user alex from 62.60.131.157
Oct 14 01:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: input_userauth_request: invalid user alex [preauth]
Oct 14 01:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 01:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Failed password for invalid user alex from 62.60.131.157 port 62163 ssh2
Oct 14 01:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Failed password for invalid user alex from 62.60.131.157 port 62163 ssh2
Oct 14 01:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Failed password for invalid user alex from 62.60.131.157 port 62163 ssh2
Oct 14 01:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Failed password for invalid user alex from 62.60.131.157 port 62163 ssh2
Oct 14 01:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Failed password for invalid user alex from 62.60.131.157 port 62163 ssh2
Oct 14 01:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Received disconnect from 62.60.131.157 port 62163:11: Bye [preauth]
Oct 14 01:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Disconnected from 62.60.131.157 port 62163 [preauth]
Oct 14 01:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 01:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 01:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8986]: pam_unix(cron:session): session closed for user root
Oct 14 01:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: Invalid user cgpexpert from 107.172.76.10
Oct 14 01:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: input_userauth_request: invalid user cgpexpert [preauth]
Oct 14 01:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: Invalid user justin from 159.65.53.56
Oct 14 01:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: input_userauth_request: invalid user justin [preauth]
Oct 14 01:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.53.56
Oct 14 01:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: Failed password for invalid user cgpexpert from 107.172.76.10 port 59414 ssh2
Oct 14 01:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: Received disconnect from 107.172.76.10 port 59414:11: Bye Bye [preauth]
Oct 14 01:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10697]: Disconnected from 107.172.76.10 port 59414 [preauth]
Oct 14 01:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: Failed password for invalid user justin from 159.65.53.56 port 35632 ssh2
Oct 14 01:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: Connection closed by 159.65.53.56 port 35632 [preauth]
Oct 14 01:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10733]: Invalid user user from 209.38.110.157
Oct 14 01:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10733]: input_userauth_request: invalid user user [preauth]
Oct 14 01:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10733]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10733]: Failed password for invalid user user from 209.38.110.157 port 41306 ssh2
Oct 14 01:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10733]: Connection closed by 209.38.110.157 port 41306 [preauth]
Oct 14 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10759]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10760]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10757]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10830]: Successful su for rubyman by root
Oct 14 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10830]: + ??? root:rubyman
Oct 14 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408342 of user rubyman.
Oct 14 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10830]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408342.
Oct 14 01:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6918]: pam_unix(cron:session): session closed for user root
Oct 14 01:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10758]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: Invalid user myuser from 20.163.71.109
Oct 14 01:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: input_userauth_request: invalid user myuser [preauth]
Oct 14 01:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 01:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9601]: pam_unix(cron:session): session closed for user root
Oct 14 01:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: Failed password for invalid user myuser from 20.163.71.109 port 42036 ssh2
Oct 14 01:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: Connection closed by 20.163.71.109 port 42036 [preauth]
Oct 14 01:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42  user=root
Oct 14 01:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11150]: Failed password for root from 122.166.49.42 port 53806 ssh2
Oct 14 01:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11150]: Received disconnect from 122.166.49.42 port 53806:11: Bye Bye [preauth]
Oct 14 01:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11150]: Disconnected from 122.166.49.42 port 53806 [preauth]
Oct 14 01:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Invalid user user from 209.38.110.157
Oct 14 01:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: input_userauth_request: invalid user user [preauth]
Oct 14 01:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Failed password for invalid user user from 209.38.110.157 port 50896 ssh2
Oct 14 01:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Connection closed by 209.38.110.157 port 50896 [preauth]
Oct 14 01:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: Invalid user ftp_user from 107.172.76.10
Oct 14 01:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: input_userauth_request: invalid user ftp_user [preauth]
Oct 14 01:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: Failed password for invalid user ftp_user from 107.172.76.10 port 54172 ssh2
Oct 14 01:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: Received disconnect from 107.172.76.10 port 54172:11: Bye Bye [preauth]
Oct 14 01:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: Disconnected from 107.172.76.10 port 54172 [preauth]
Oct 14 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11206]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11205]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11203]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11295]: Successful su for rubyman by root
Oct 14 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11295]: + ??? root:rubyman
Oct 14 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408345 of user rubyman.
Oct 14 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11295]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408345.
Oct 14 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11280]: Invalid user demo1 from 36.67.70.198
Oct 14 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11280]: input_userauth_request: invalid user demo1 [preauth]
Oct 14 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11280]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11280]: Failed password for invalid user demo1 from 36.67.70.198 port 36418 ssh2
Oct 14 01:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11280]: Received disconnect from 36.67.70.198 port 36418:11: Bye Bye [preauth]
Oct 14 01:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11280]: Disconnected from 36.67.70.198 port 36418 [preauth]
Oct 14 01:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7490]: pam_unix(cron:session): session closed for user root
Oct 14 01:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11204]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10246]: pam_unix(cron:session): session closed for user root
Oct 14 01:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Invalid user user from 209.38.110.157
Oct 14 01:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: input_userauth_request: invalid user user [preauth]
Oct 14 01:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Failed password for invalid user user from 209.38.110.157 port 57922 ssh2
Oct 14 01:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Connection closed by 209.38.110.157 port 57922 [preauth]
Oct 14 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11784]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11783]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11780]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11863]: Successful su for rubyman by root
Oct 14 01:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11863]: + ??? root:rubyman
Oct 14 01:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11863]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408351 of user rubyman.
Oct 14 01:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11863]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408351.
Oct 14 01:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8397]: pam_unix(cron:session): session closed for user root
Oct 14 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: Invalid user ping from 107.172.76.10
Oct 14 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: input_userauth_request: invalid user ping [preauth]
Oct 14 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: Failed password for invalid user ping from 107.172.76.10 port 37148 ssh2
Oct 14 01:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: Received disconnect from 107.172.76.10 port 37148:11: Bye Bye [preauth]
Oct 14 01:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: Disconnected from 107.172.76.10 port 37148 [preauth]
Oct 14 01:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11781]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: Invalid user amir from 122.166.49.42
Oct 14 01:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: input_userauth_request: invalid user amir [preauth]
Oct 14 01:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: Failed password for invalid user amir from 122.166.49.42 port 58038 ssh2
Oct 14 01:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: Received disconnect from 122.166.49.42 port 58038:11: Bye Bye [preauth]
Oct 14 01:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: Disconnected from 122.166.49.42 port 58038 [preauth]
Oct 14 01:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10760]: pam_unix(cron:session): session closed for user root
Oct 14 01:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: Invalid user user from 209.38.110.157
Oct 14 01:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: input_userauth_request: invalid user user [preauth]
Oct 14 01:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: Failed password for invalid user user from 209.38.110.157 port 37634 ssh2
Oct 14 01:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: Connection closed by 209.38.110.157 port 37634 [preauth]
Oct 14 01:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12228]: Invalid user tester from 36.67.70.198
Oct 14 01:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12228]: input_userauth_request: invalid user tester [preauth]
Oct 14 01:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12228]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12228]: Failed password for invalid user tester from 36.67.70.198 port 45880 ssh2
Oct 14 01:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12228]: Received disconnect from 36.67.70.198 port 45880:11: Bye Bye [preauth]
Oct 14 01:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12228]: Disconnected from 36.67.70.198 port 45880 [preauth]
Oct 14 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12266]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12260]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12265]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12261]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12257]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12266]: pam_unix(cron:session): session closed for user root
Oct 14 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12257]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12345]: Successful su for rubyman by root
Oct 14 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12345]: + ??? root:rubyman
Oct 14 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408358 of user rubyman.
Oct 14 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12345]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408358.
Oct 14 01:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12260]: pam_unix(cron:session): session closed for user root
Oct 14 01:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8985]: pam_unix(cron:session): session closed for user root
Oct 14 01:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12259]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: Invalid user cdn from 107.172.76.10
Oct 14 01:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: input_userauth_request: invalid user cdn [preauth]
Oct 14 01:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: Failed password for invalid user cdn from 107.172.76.10 port 40990 ssh2
Oct 14 01:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: Received disconnect from 107.172.76.10 port 40990:11: Bye Bye [preauth]
Oct 14 01:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: Disconnected from 107.172.76.10 port 40990 [preauth]
Oct 14 01:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11206]: pam_unix(cron:session): session closed for user root
Oct 14 01:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12740]: Invalid user user from 209.38.110.157
Oct 14 01:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12740]: input_userauth_request: invalid user user [preauth]
Oct 14 01:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12740]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12740]: Failed password for invalid user user from 209.38.110.157 port 57842 ssh2
Oct 14 01:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12740]: Connection closed by 209.38.110.157 port 57842 [preauth]
Oct 14 01:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: Invalid user deployer from 122.166.49.42
Oct 14 01:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: input_userauth_request: invalid user deployer [preauth]
Oct 14 01:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: Failed password for invalid user deployer from 122.166.49.42 port 34030 ssh2
Oct 14 01:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: Received disconnect from 122.166.49.42 port 34030:11: Bye Bye [preauth]
Oct 14 01:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: Disconnected from 122.166.49.42 port 34030 [preauth]
Oct 14 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12884]: Successful su for rubyman by root
Oct 14 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12884]: + ??? root:rubyman
Oct 14 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408361 of user rubyman.
Oct 14 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12884]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408361.
Oct 14 01:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9600]: pam_unix(cron:session): session closed for user root
Oct 14 01:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: Invalid user ftpuser from 36.67.70.198
Oct 14 01:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 01:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11784]: pam_unix(cron:session): session closed for user root
Oct 14 01:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: Failed password for invalid user ftpuser from 36.67.70.198 port 53318 ssh2
Oct 14 01:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: Received disconnect from 36.67.70.198 port 53318:11: Bye Bye [preauth]
Oct 14 01:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13195]: Disconnected from 36.67.70.198 port 53318 [preauth]
Oct 14 01:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: Invalid user user from 209.38.110.157
Oct 14 01:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: input_userauth_request: invalid user user [preauth]
Oct 14 01:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10  user=root
Oct 14 01:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: Failed password for invalid user user from 209.38.110.157 port 43454 ssh2
Oct 14 01:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: Connection closed by 209.38.110.157 port 43454 [preauth]
Oct 14 01:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: Failed password for root from 107.172.76.10 port 52794 ssh2
Oct 14 01:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: Received disconnect from 107.172.76.10 port 52794:11: Bye Bye [preauth]
Oct 14 01:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: Disconnected from 107.172.76.10 port 52794 [preauth]
Oct 14 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13411]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13409]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13407]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13496]: Successful su for rubyman by root
Oct 14 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13496]: + ??? root:rubyman
Oct 14 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408366 of user rubyman.
Oct 14 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13496]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408366.
Oct 14 01:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10245]: pam_unix(cron:session): session closed for user root
Oct 14 01:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13408]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13755]: Invalid user devuser from 122.166.49.42
Oct 14 01:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13755]: input_userauth_request: invalid user devuser [preauth]
Oct 14 01:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13755]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13755]: Failed password for invalid user devuser from 122.166.49.42 port 38256 ssh2
Oct 14 01:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13755]: Received disconnect from 122.166.49.42 port 38256:11: Bye Bye [preauth]
Oct 14 01:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13755]: Disconnected from 122.166.49.42 port 38256 [preauth]
Oct 14 01:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12265]: pam_unix(cron:session): session closed for user root
Oct 14 01:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: Invalid user user from 209.38.110.157
Oct 14 01:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: input_userauth_request: invalid user user [preauth]
Oct 14 01:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: Failed password for invalid user user from 209.38.110.157 port 48112 ssh2
Oct 14 01:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: Connection closed by 209.38.110.157 port 48112 [preauth]
Oct 14 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13906]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13905]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13903]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13904]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13903]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13973]: Successful su for rubyman by root
Oct 14 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13973]: + ??? root:rubyman
Oct 14 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408368 of user rubyman.
Oct 14 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13973]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408368.
Oct 14 01:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: Invalid user legion from 107.172.76.10
Oct 14 01:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: input_userauth_request: invalid user legion [preauth]
Oct 14 01:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10759]: pam_unix(cron:session): session closed for user root
Oct 14 01:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: Failed password for invalid user legion from 107.172.76.10 port 46270 ssh2
Oct 14 01:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: Received disconnect from 107.172.76.10 port 46270:11: Bye Bye [preauth]
Oct 14 01:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14190]: Disconnected from 107.172.76.10 port 46270 [preauth]
Oct 14 01:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13904]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: Invalid user prova from 36.67.70.198
Oct 14 01:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: input_userauth_request: invalid user prova [preauth]
Oct 14 01:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: Failed password for invalid user prova from 36.67.70.198 port 60250 ssh2
Oct 14 01:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: Received disconnect from 36.67.70.198 port 60250:11: Bye Bye [preauth]
Oct 14 01:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14308]: Disconnected from 36.67.70.198 port 60250 [preauth]
Oct 14 01:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session closed for user root
Oct 14 01:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: Invalid user user from 209.38.110.157
Oct 14 01:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: input_userauth_request: invalid user user [preauth]
Oct 14 01:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: Failed password for invalid user user from 209.38.110.157 port 45262 ssh2
Oct 14 01:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: Connection closed by 209.38.110.157 port 45262 [preauth]
Oct 14 01:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: Invalid user app from 122.166.49.42
Oct 14 01:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: input_userauth_request: invalid user app [preauth]
Oct 14 01:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: Failed password for invalid user app from 122.166.49.42 port 42480 ssh2
Oct 14 01:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: Received disconnect from 122.166.49.42 port 42480:11: Bye Bye [preauth]
Oct 14 01:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: Disconnected from 122.166.49.42 port 42480 [preauth]
Oct 14 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14435]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14434]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14430]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14432]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14620]: Successful su for rubyman by root
Oct 14 01:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14620]: + ??? root:rubyman
Oct 14 01:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408372 of user rubyman.
Oct 14 01:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14620]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408372.
Oct 14 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14430]: pam_unix(cron:session): session closed for user root
Oct 14 01:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11205]: pam_unix(cron:session): session closed for user root
Oct 14 01:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14433]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: Invalid user satis from 107.172.76.10
Oct 14 01:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: input_userauth_request: invalid user satis [preauth]
Oct 14 01:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: Failed password for invalid user satis from 107.172.76.10 port 45162 ssh2
Oct 14 01:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: Received disconnect from 107.172.76.10 port 45162:11: Bye Bye [preauth]
Oct 14 01:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14892]: Disconnected from 107.172.76.10 port 45162 [preauth]
Oct 14 01:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13411]: pam_unix(cron:session): session closed for user root
Oct 14 01:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14973]: Invalid user user from 209.38.110.157
Oct 14 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14973]: input_userauth_request: invalid user user [preauth]
Oct 14 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14973]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14973]: Failed password for invalid user user from 209.38.110.157 port 37920 ssh2
Oct 14 01:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14973]: Connection closed by 209.38.110.157 port 37920 [preauth]
Oct 14 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15029]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15027]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15025]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15028]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15029]: pam_unix(cron:session): session closed for user root
Oct 14 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15023]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15194]: Successful su for rubyman by root
Oct 14 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15194]: + ??? root:rubyman
Oct 14 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408377 of user rubyman.
Oct 14 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15194]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408377.
Oct 14 01:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: Invalid user mario from 36.67.70.198
Oct 14 01:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: input_userauth_request: invalid user mario [preauth]
Oct 14 01:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15025]: pam_unix(cron:session): session closed for user root
Oct 14 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11783]: pam_unix(cron:session): session closed for user root
Oct 14 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: Failed password for invalid user mario from 36.67.70.198 port 39326 ssh2
Oct 14 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: Received disconnect from 36.67.70.198 port 39326:11: Bye Bye [preauth]
Oct 14 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15325]: Disconnected from 36.67.70.198 port 39326 [preauth]
Oct 14 01:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15024]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: Invalid user web from 122.166.49.42
Oct 14 01:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: input_userauth_request: invalid user web [preauth]
Oct 14 01:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: Failed password for invalid user web from 122.166.49.42 port 46698 ssh2
Oct 14 01:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: Received disconnect from 122.166.49.42 port 46698:11: Bye Bye [preauth]
Oct 14 01:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15484]: Disconnected from 122.166.49.42 port 46698 [preauth]
Oct 14 01:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13906]: pam_unix(cron:session): session closed for user root
Oct 14 01:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Failed password for root from 114.205.67.42 port 26810 ssh2
Oct 14 01:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Connection closed by 114.205.67.42 port 26810 [preauth]
Oct 14 01:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: Invalid user user from 209.38.110.157
Oct 14 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: input_userauth_request: invalid user user [preauth]
Oct 14 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: Failed password for invalid user user from 209.38.110.157 port 49036 ssh2
Oct 14 01:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: Failed password for root from 114.205.67.42 port 29083 ssh2
Oct 14 01:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: Connection closed by 209.38.110.157 port 49036 [preauth]
Oct 14 01:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: Connection closed by 114.205.67.42 port 29083 [preauth]
Oct 14 01:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: Invalid user django from 107.172.76.10
Oct 14 01:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: input_userauth_request: invalid user django [preauth]
Oct 14 01:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: Failed password for invalid user django from 107.172.76.10 port 60302 ssh2
Oct 14 01:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: Received disconnect from 107.172.76.10 port 60302:11: Bye Bye [preauth]
Oct 14 01:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: Disconnected from 107.172.76.10 port 60302 [preauth]
Oct 14 01:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Failed password for root from 114.205.67.42 port 30763 ssh2
Oct 14 01:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Connection closed by 114.205.67.42 port 30763 [preauth]
Oct 14 01:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: Failed password for root from 114.205.67.42 port 33203 ssh2
Oct 14 01:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: Connection closed by 114.205.67.42 port 33203 [preauth]
Oct 14 01:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15609]: Failed password for root from 114.205.67.42 port 34959 ssh2
Oct 14 01:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15609]: Connection closed by 114.205.67.42 port 34959 [preauth]
Oct 14 01:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15611]: Failed password for root from 114.205.67.42 port 29271 ssh2
Oct 14 01:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15611]: Connection closed by 114.205.67.42 port 29271 [preauth]
Oct 14 01:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15631]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15630]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15628]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15712]: Successful su for rubyman by root
Oct 14 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15712]: + ??? root:rubyman
Oct 14 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408382 of user rubyman.
Oct 14 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15712]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408382.
Oct 14 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15623]: Failed password for root from 114.205.67.42 port 63597 ssh2
Oct 14 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15623]: Connection closed by 114.205.67.42 port 63597 [preauth]
Oct 14 01:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15739]: Failed password for root from 114.205.67.42 port 41184 ssh2
Oct 14 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15739]: Connection closed by 114.205.67.42 port 41184 [preauth]
Oct 14 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: Failed password for root from 114.205.67.42 port 33120 ssh2
Oct 14 01:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: Connection closed by 114.205.67.42 port 33120 [preauth]
Oct 14 01:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: Failed password for root from 114.205.67.42 port 45205 ssh2
Oct 14 01:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12261]: pam_unix(cron:session): session closed for user root
Oct 14 01:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: Connection closed by 114.205.67.42 port 45205 [preauth]
Oct 14 01:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: Failed password for root from 114.205.67.42 port 23876 ssh2
Oct 14 01:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15629]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15921]: Connection closed by 114.205.67.42 port 23876 [preauth]
Oct 14 01:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: Failed password for root from 114.205.67.42 port 27189 ssh2
Oct 14 01:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: Connection closed by 114.205.67.42 port 27189 [preauth]
Oct 14 01:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: Failed password for root from 114.205.67.42 port 27161 ssh2
Oct 14 01:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15964]: Connection closed by 114.205.67.42 port 27161 [preauth]
Oct 14 01:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: Failed password for root from 114.205.67.42 port 45074 ssh2
Oct 14 01:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: Connection closed by 114.205.67.42 port 45074 [preauth]
Oct 14 01:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15986]: Failed password for root from 114.205.67.42 port 54931 ssh2
Oct 14 01:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15986]: Connection closed by 114.205.67.42 port 54931 [preauth]
Oct 14 01:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: Failed password for root from 114.205.67.42 port 56751 ssh2
Oct 14 01:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: Connection closed by 114.205.67.42 port 56751 [preauth]
Oct 14 01:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16023]: Failed password for root from 114.205.67.42 port 58695 ssh2
Oct 14 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16023]: Connection closed by 114.205.67.42 port 58695 [preauth]
Oct 14 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16026]: Failed password for root from 114.205.67.42 port 60714 ssh2
Oct 14 01:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16026]: Connection closed by 114.205.67.42 port 60714 [preauth]
Oct 14 01:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14435]: pam_unix(cron:session): session closed for user root
Oct 14 01:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: Failed password for root from 114.205.67.42 port 63450 ssh2
Oct 14 01:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: Connection closed by 114.205.67.42 port 63450 [preauth]
Oct 14 01:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: Invalid user user from 209.38.110.157
Oct 14 01:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: input_userauth_request: invalid user user [preauth]
Oct 14 01:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16062]: Failed password for root from 114.205.67.42 port 1524 ssh2
Oct 14 01:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16062]: Connection closed by 114.205.67.42 port 1524 [preauth]
Oct 14 01:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: Failed password for invalid user user from 209.38.110.157 port 56810 ssh2
Oct 14 01:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: Connection closed by 209.38.110.157 port 56810 [preauth]
Oct 14 01:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Failed password for root from 114.205.67.42 port 2284 ssh2
Oct 14 01:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Connection closed by 114.205.67.42 port 2284 [preauth]
Oct 14 01:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16081]: Failed password for root from 114.205.67.42 port 4733 ssh2
Oct 14 01:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16081]: Connection closed by 114.205.67.42 port 4733 [preauth]
Oct 14 01:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: Failed password for root from 114.205.67.42 port 6733 ssh2
Oct 14 01:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: Connection closed by 114.205.67.42 port 6733 [preauth]
Oct 14 01:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: Failed password for root from 114.205.67.42 port 39121 ssh2
Oct 14 01:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: Connection closed by 114.205.67.42 port 39121 [preauth]
Oct 14 01:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198  user=root
Oct 14 01:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16125]: Failed password for root from 36.67.70.198 port 46908 ssh2
Oct 14 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16125]: Received disconnect from 36.67.70.198 port 46908:11: Bye Bye [preauth]
Oct 14 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16125]: Disconnected from 36.67.70.198 port 46908 [preauth]
Oct 14 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: Failed password for root from 114.205.67.42 port 45738 ssh2
Oct 14 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16127]: Connection closed by 114.205.67.42 port 45738 [preauth]
Oct 14 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16149]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16150]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16146]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16129]: Failed password for root from 114.205.67.42 port 12343 ssh2
Oct 14 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16129]: Connection closed by 114.205.67.42 port 12343 [preauth]
Oct 14 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: Invalid user newuser from 122.166.49.42
Oct 14 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: input_userauth_request: invalid user newuser [preauth]
Oct 14 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16220]: Successful su for rubyman by root
Oct 14 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16220]: + ??? root:rubyman
Oct 14 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408387 of user rubyman.
Oct 14 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16220]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408387.
Oct 14 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: Failed password for invalid user newuser from 122.166.49.42 port 50920 ssh2
Oct 14 01:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: Received disconnect from 122.166.49.42 port 50920:11: Bye Bye [preauth]
Oct 14 01:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: Disconnected from 122.166.49.42 port 50920 [preauth]
Oct 14 01:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: Failed password for root from 114.205.67.42 port 16056 ssh2
Oct 14 01:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: Connection closed by 114.205.67.42 port 16056 [preauth]
Oct 14 01:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Failed password for root from 114.205.67.42 port 10330 ssh2
Oct 14 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Connection closed by 114.205.67.42 port 10330 [preauth]
Oct 14 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16393]: Invalid user demo1 from 107.172.76.10
Oct 14 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16393]: input_userauth_request: invalid user demo1 [preauth]
Oct 14 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16393]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.76.10
Oct 14 01:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session closed for user root
Oct 14 01:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16393]: Failed password for invalid user demo1 from 107.172.76.10 port 60030 ssh2
Oct 14 01:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16393]: Received disconnect from 107.172.76.10 port 60030:11: Bye Bye [preauth]
Oct 14 01:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16393]: Disconnected from 107.172.76.10 port 60030 [preauth]
Oct 14 01:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16394]: Failed password for root from 114.205.67.42 port 20163 ssh2
Oct 14 01:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16394]: Connection closed by 114.205.67.42 port 20163 [preauth]
Oct 14 01:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: Failed password for root from 114.205.67.42 port 23280 ssh2
Oct 14 01:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: Connection closed by 114.205.67.42 port 23280 [preauth]
Oct 14 01:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16148]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Failed password for root from 114.205.67.42 port 33922 ssh2
Oct 14 01:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Connection closed by 114.205.67.42 port 33922 [preauth]
Oct 14 01:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16485]: Failed password for root from 114.205.67.42 port 27186 ssh2
Oct 14 01:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16485]: Connection closed by 114.205.67.42 port 27186 [preauth]
Oct 14 01:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16499]: Failed password for root from 114.205.67.42 port 28826 ssh2
Oct 14 01:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16499]: Connection closed by 114.205.67.42 port 28826 [preauth]
Oct 14 01:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16507]: Failed password for root from 114.205.67.42 port 31727 ssh2
Oct 14 01:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16507]: Connection closed by 114.205.67.42 port 31727 [preauth]
Oct 14 01:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: Failed password for root from 114.205.67.42 port 33842 ssh2
Oct 14 01:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: Connection closed by 114.205.67.42 port 33842 [preauth]
Oct 14 01:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: Failed password for root from 114.205.67.42 port 19393 ssh2
Oct 14 01:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: Connection closed by 114.205.67.42 port 19393 [preauth]
Oct 14 01:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16549]: Failed password for root from 114.205.67.42 port 38985 ssh2
Oct 14 01:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16549]: Connection closed by 114.205.67.42 port 38985 [preauth]
Oct 14 01:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: Failed password for root from 114.205.67.42 port 37373 ssh2
Oct 14 01:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16584]: Connection closed by 114.205.67.42 port 37373 [preauth]
Oct 14 01:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16590]: Invalid user user from 209.38.110.157
Oct 14 01:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16590]: input_userauth_request: invalid user user [preauth]
Oct 14 01:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16590]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15028]: pam_unix(cron:session): session closed for user root
Oct 14 01:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16590]: Failed password for invalid user user from 209.38.110.157 port 51458 ssh2
Oct 14 01:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16590]: Connection closed by 209.38.110.157 port 51458 [preauth]
Oct 14 01:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16592]: Failed password for root from 114.205.67.42 port 44468 ssh2
Oct 14 01:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16592]: Connection closed by 114.205.67.42 port 44468 [preauth]
Oct 14 01:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: Failed password for root from 114.205.67.42 port 46417 ssh2
Oct 14 01:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: Connection closed by 114.205.67.42 port 46417 [preauth]
Oct 14 01:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16621]: Failed password for root from 114.205.67.42 port 49016 ssh2
Oct 14 01:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16621]: Connection closed by 114.205.67.42 port 49016 [preauth]
Oct 14 01:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16642]: Failed password for root from 114.205.67.42 port 50306 ssh2
Oct 14 01:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16642]: Connection closed by 114.205.67.42 port 50306 [preauth]
Oct 14 01:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16647]: Failed password for root from 114.205.67.42 port 52959 ssh2
Oct 14 01:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16647]: Connection closed by 114.205.67.42 port 52959 [preauth]
Oct 14 01:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: Failed password for root from 114.205.67.42 port 55596 ssh2
Oct 14 01:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: Connection closed by 114.205.67.42 port 55596 [preauth]
Oct 14 01:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16670]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16669]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16667]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16737]: Successful su for rubyman by root
Oct 14 01:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16737]: + ??? root:rubyman
Oct 14 01:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408391 of user rubyman.
Oct 14 01:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16737]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408391.
Oct 14 01:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16664]: Failed password for root from 114.205.67.42 port 57767 ssh2
Oct 14 01:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16664]: Connection closed by 114.205.67.42 port 57767 [preauth]
Oct 14 01:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: Failed password for root from 114.205.67.42 port 60714 ssh2
Oct 14 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: Connection closed by 114.205.67.42 port 60714 [preauth]
Oct 14 01:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: Failed password for root from 114.205.67.42 port 62869 ssh2
Oct 14 01:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: Connection closed by 114.205.67.42 port 62869 [preauth]
Oct 14 01:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13409]: pam_unix(cron:session): session closed for user root
Oct 14 01:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16921]: Failed password for root from 114.205.67.42 port 64760 ssh2
Oct 14 01:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16921]: Connection closed by 114.205.67.42 port 64760 [preauth]
Oct 14 01:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16944]: Failed password for root from 114.205.67.42 port 1057 ssh2
Oct 14 01:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16944]: Connection closed by 114.205.67.42 port 1057 [preauth]
Oct 14 01:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16668]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: Failed password for root from 114.205.67.42 port 18246 ssh2
Oct 14 01:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16974]: Connection closed by 114.205.67.42 port 18246 [preauth]
Oct 14 01:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: Failed password for root from 114.205.67.42 port 5326 ssh2
Oct 14 01:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: Connection closed by 114.205.67.42 port 5326 [preauth]
Oct 14 01:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17012]: Failed password for root from 114.205.67.42 port 64508 ssh2
Oct 14 01:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17012]: Connection closed by 114.205.67.42 port 64508 [preauth]
Oct 14 01:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: Failed password for root from 114.205.67.42 port 7870 ssh2
Oct 14 01:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: Connection closed by 114.205.67.42 port 7870 [preauth]
Oct 14 01:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17025]: Failed password for root from 114.205.67.42 port 5769 ssh2
Oct 14 01:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17025]: Connection closed by 114.205.67.42 port 5769 [preauth]
Oct 14 01:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: Failed password for root from 114.205.67.42 port 11461 ssh2
Oct 14 01:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17045]: Connection closed by 114.205.67.42 port 11461 [preauth]
Oct 14 01:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: Failed password for root from 114.205.67.42 port 16790 ssh2
Oct 14 01:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: Connection closed by 114.205.67.42 port 16790 [preauth]
Oct 14 01:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15631]: pam_unix(cron:session): session closed for user root
Oct 14 01:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: Invalid user steam from 122.166.49.42
Oct 14 01:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: input_userauth_request: invalid user steam [preauth]
Oct 14 01:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: Failed password for root from 114.205.67.42 port 41668 ssh2
Oct 14 01:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: Connection closed by 114.205.67.42 port 41668 [preauth]
Oct 14 01:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: Invalid user user from 209.38.110.157
Oct 14 01:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: input_userauth_request: invalid user user [preauth]
Oct 14 01:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: Failed password for invalid user steam from 122.166.49.42 port 55142 ssh2
Oct 14 01:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: Received disconnect from 122.166.49.42 port 55142:11: Bye Bye [preauth]
Oct 14 01:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: Disconnected from 122.166.49.42 port 55142 [preauth]
Oct 14 01:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: Failed password for root from 114.205.67.42 port 21979 ssh2
Oct 14 01:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: Failed password for invalid user user from 209.38.110.157 port 48616 ssh2
Oct 14 01:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: Connection closed by 114.205.67.42 port 21979 [preauth]
Oct 14 01:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: Connection closed by 209.38.110.157 port 48616 [preauth]
Oct 14 01:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: Failed password for root from 114.205.67.42 port 24725 ssh2
Oct 14 01:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: Connection closed by 114.205.67.42 port 24725 [preauth]
Oct 14 01:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: Failed password for root from 114.205.67.42 port 53832 ssh2
Oct 14 01:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: Connection closed by 114.205.67.42 port 53832 [preauth]
Oct 14 01:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198  user=root
Oct 14 01:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: Failed password for root from 36.67.70.198 port 56328 ssh2
Oct 14 01:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: Failed password for root from 114.205.67.42 port 28838 ssh2
Oct 14 01:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: Received disconnect from 36.67.70.198 port 56328:11: Bye Bye [preauth]
Oct 14 01:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: Disconnected from 36.67.70.198 port 56328 [preauth]
Oct 14 01:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: Connection closed by 114.205.67.42 port 28838 [preauth]
Oct 14 01:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: Failed password for root from 114.205.67.42 port 30782 ssh2
Oct 14 01:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: Connection closed by 114.205.67.42 port 30782 [preauth]
Oct 14 01:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: Failed password for root from 114.205.67.42 port 34467 ssh2
Oct 14 01:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17163]: Connection closed by 114.205.67.42 port 34467 [preauth]
Oct 14 01:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: Failed password for root from 114.205.67.42 port 33933 ssh2
Oct 14 01:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17176]: Connection closed by 114.205.67.42 port 33933 [preauth]
Oct 14 01:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17199]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17198]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17196]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17271]: Successful su for rubyman by root
Oct 14 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17271]: + ??? root:rubyman
Oct 14 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408395 of user rubyman.
Oct 14 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17271]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408395.
Oct 14 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Failed password for root from 114.205.67.42 port 33959 ssh2
Oct 14 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Connection closed by 114.205.67.42 port 33959 [preauth]
Oct 14 01:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: Failed password for root from 114.205.67.42 port 40446 ssh2
Oct 14 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: Connection closed by 114.205.67.42 port 40446 [preauth]
Oct 14 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13905]: pam_unix(cron:session): session closed for user root
Oct 14 01:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17365]: Failed password for root from 114.205.67.42 port 43037 ssh2
Oct 14 01:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17365]: Connection closed by 114.205.67.42 port 43037 [preauth]
Oct 14 01:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: Failed password for root from 114.205.67.42 port 37335 ssh2
Oct 14 01:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17458]: Connection closed by 114.205.67.42 port 37335 [preauth]
Oct 14 01:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17468]: Failed password for root from 114.205.67.42 port 47785 ssh2
Oct 14 01:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17468]: Connection closed by 114.205.67.42 port 47785 [preauth]
Oct 14 01:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17197]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: Failed password for root from 114.205.67.42 port 49580 ssh2
Oct 14 01:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: Connection closed by 114.205.67.42 port 49580 [preauth]
Oct 14 01:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17512]: Failed password for root from 114.205.67.42 port 51503 ssh2
Oct 14 01:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17512]: Connection closed by 114.205.67.42 port 51503 [preauth]
Oct 14 01:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: Failed password for root from 114.205.67.42 port 54401 ssh2
Oct 14 01:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: Connection closed by 114.205.67.42 port 54401 [preauth]
Oct 14 01:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: Failed password for root from 114.205.67.42 port 56444 ssh2
Oct 14 01:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17533]: Connection closed by 114.205.67.42 port 56444 [preauth]
Oct 14 01:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17545]: Failed password for root from 114.205.67.42 port 63480 ssh2
Oct 14 01:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17545]: Connection closed by 114.205.67.42 port 63480 [preauth]
Oct 14 01:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: Failed password for root from 114.205.67.42 port 61865 ssh2
Oct 14 01:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: Connection closed by 114.205.67.42 port 61865 [preauth]
Oct 14 01:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: Failed password for root from 114.205.67.42 port 64016 ssh2
Oct 14 01:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: Connection closed by 114.205.67.42 port 64016 [preauth]
Oct 14 01:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Invalid user user from 209.38.110.157
Oct 14 01:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: input_userauth_request: invalid user user [preauth]
Oct 14 01:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16150]: pam_unix(cron:session): session closed for user root
Oct 14 01:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: Failed password for root from 114.205.67.42 port 28918 ssh2
Oct 14 01:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: Connection closed by 114.205.67.42 port 28918 [preauth]
Oct 14 01:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Failed password for invalid user user from 209.38.110.157 port 34984 ssh2
Oct 14 01:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Connection closed by 209.38.110.157 port 34984 [preauth]
Oct 14 01:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Failed password for root from 114.205.67.42 port 1734 ssh2
Oct 14 01:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Connection closed by 114.205.67.42 port 1734 [preauth]
Oct 14 01:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: Failed password for root from 114.205.67.42 port 62255 ssh2
Oct 14 01:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: Connection closed by 114.205.67.42 port 62255 [preauth]
Oct 14 01:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: Failed password for root from 114.205.67.42 port 23677 ssh2
Oct 14 01:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17638]: Connection closed by 114.205.67.42 port 23677 [preauth]
Oct 14 01:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: Failed password for root from 114.205.67.42 port 9992 ssh2
Oct 14 01:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: Connection closed by 114.205.67.42 port 9992 [preauth]
Oct 14 01:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=root
Oct 14 01:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17678]: Failed password for root from 114.205.67.42 port 11685 ssh2
Oct 14 01:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17678]: Connection closed by 114.205.67.42 port 11685 [preauth]
Oct 14 01:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: Invalid user user from 114.205.67.42
Oct 14 01:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: Failed password for invalid user user from 114.205.67.42 port 39537 ssh2
Oct 14 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17722]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17719]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17714]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17723]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17720]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17718]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17723]: pam_unix(cron:session): session closed for user root
Oct 14 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: Connection closed by 114.205.67.42 port 39537 [preauth]
Oct 14 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17714]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17838]: Invalid user user from 114.205.67.42
Oct 14 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17838]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17838]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17869]: Successful su for rubyman by root
Oct 14 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17869]: + ??? root:rubyman
Oct 14 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408398 of user rubyman.
Oct 14 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17869]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408398.
Oct 14 01:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17838]: Failed password for invalid user user from 114.205.67.42 port 2616 ssh2
Oct 14 01:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17838]: Connection closed by 114.205.67.42 port 2616 [preauth]
Oct 14 01:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: Invalid user user from 114.205.67.42
Oct 14 01:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: Failed password for invalid user user from 114.205.67.42 port 8090 ssh2
Oct 14 01:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17918]: Connection closed by 114.205.67.42 port 8090 [preauth]
Oct 14 01:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: Invalid user user from 114.205.67.42
Oct 14 01:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17719]: pam_unix(cron:session): session closed for user root
Oct 14 01:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14434]: pam_unix(cron:session): session closed for user root
Oct 14 01:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: Failed password for invalid user user from 114.205.67.42 port 25120 ssh2
Oct 14 01:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18014]: Connection closed by 114.205.67.42 port 25120 [preauth]
Oct 14 01:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: Invalid user user from 114.205.67.42
Oct 14 01:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: Failed password for invalid user user from 114.205.67.42 port 27021 ssh2
Oct 14 01:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: Connection closed by 114.205.67.42 port 27021 [preauth]
Oct 14 01:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18113]: Invalid user botuser from 122.166.49.42
Oct 14 01:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18113]: input_userauth_request: invalid user botuser [preauth]
Oct 14 01:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18113]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: Invalid user user from 114.205.67.42
Oct 14 01:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18113]: Failed password for invalid user botuser from 122.166.49.42 port 59358 ssh2
Oct 14 01:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18113]: Received disconnect from 122.166.49.42 port 59358:11: Bye Bye [preauth]
Oct 14 01:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18113]: Disconnected from 122.166.49.42 port 59358 [preauth]
Oct 14 01:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: Failed password for invalid user user from 114.205.67.42 port 29365 ssh2
Oct 14 01:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: Connection closed by 114.205.67.42 port 29365 [preauth]
Oct 14 01:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18259]: Invalid user user from 114.205.67.42
Oct 14 01:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18259]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18259]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17718]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18259]: Failed password for invalid user user from 114.205.67.42 port 31483 ssh2
Oct 14 01:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18259]: Connection closed by 114.205.67.42 port 31483 [preauth]
Oct 14 01:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18276]: Invalid user user from 114.205.67.42
Oct 14 01:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18276]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18276]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18276]: Failed password for invalid user user from 114.205.67.42 port 33543 ssh2
Oct 14 01:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18276]: Connection closed by 114.205.67.42 port 33543 [preauth]
Oct 14 01:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18296]: Invalid user user from 114.205.67.42
Oct 14 01:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18296]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18296]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18296]: Failed password for invalid user user from 114.205.67.42 port 36449 ssh2
Oct 14 01:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18296]: Connection closed by 114.205.67.42 port 36449 [preauth]
Oct 14 01:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18299]: Invalid user user from 114.205.67.42
Oct 14 01:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18299]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18299]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18299]: Failed password for invalid user user from 114.205.67.42 port 38387 ssh2
Oct 14 01:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18299]: Connection closed by 114.205.67.42 port 38387 [preauth]
Oct 14 01:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Invalid user user from 114.205.67.42
Oct 14 01:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Failed password for invalid user user from 114.205.67.42 port 52552 ssh2
Oct 14 01:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Connection closed by 114.205.67.42 port 52552 [preauth]
Oct 14 01:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: Invalid user user from 114.205.67.42
Oct 14 01:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18440]: Invalid user user from 209.38.110.157
Oct 14 01:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18440]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18440]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: Failed password for invalid user user from 114.205.67.42 port 43379 ssh2
Oct 14 01:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: Connection closed by 114.205.67.42 port 43379 [preauth]
Oct 14 01:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18440]: Failed password for invalid user user from 209.38.110.157 port 49158 ssh2
Oct 14 01:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: Invalid user user from 114.205.67.42
Oct 14 01:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18440]: Connection closed by 209.38.110.157 port 49158 [preauth]
Oct 14 01:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: Failed password for invalid user user from 114.205.67.42 port 8460 ssh2
Oct 14 01:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: Connection closed by 114.205.67.42 port 8460 [preauth]
Oct 14 01:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: Invalid user user from 114.205.67.42
Oct 14 01:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16670]: pam_unix(cron:session): session closed for user root
Oct 14 01:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: Failed password for invalid user user from 114.205.67.42 port 47657 ssh2
Oct 14 01:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: Connection closed by 114.205.67.42 port 47657 [preauth]
Oct 14 01:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18476]: Invalid user desktop from 36.67.70.198
Oct 14 01:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18476]: input_userauth_request: invalid user desktop [preauth]
Oct 14 01:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18476]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: Invalid user user from 114.205.67.42
Oct 14 01:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: Did not receive identification string from 205.210.31.131
Oct 14 01:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18476]: Failed password for invalid user desktop from 36.67.70.198 port 39168 ssh2
Oct 14 01:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18476]: Received disconnect from 36.67.70.198 port 39168:11: Bye Bye [preauth]
Oct 14 01:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18476]: Disconnected from 36.67.70.198 port 39168 [preauth]
Oct 14 01:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: Failed password for invalid user user from 114.205.67.42 port 50083 ssh2
Oct 14 01:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: Connection closed by 114.205.67.42 port 50083 [preauth]
Oct 14 01:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18500]: Invalid user user from 114.205.67.42
Oct 14 01:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18500]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18500]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18500]: Failed password for invalid user user from 114.205.67.42 port 46557 ssh2
Oct 14 01:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18500]: Connection closed by 114.205.67.42 port 46557 [preauth]
Oct 14 01:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18507]: Invalid user user from 114.205.67.42
Oct 14 01:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18507]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18507]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18507]: Failed password for invalid user user from 114.205.67.42 port 46370 ssh2
Oct 14 01:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18507]: Connection closed by 114.205.67.42 port 46370 [preauth]
Oct 14 01:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: Invalid user user from 114.205.67.42
Oct 14 01:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: Failed password for invalid user user from 114.205.67.42 port 52598 ssh2
Oct 14 01:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: Connection closed by 114.205.67.42 port 52598 [preauth]
Oct 14 01:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: Invalid user user from 114.205.67.42
Oct 14 01:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: Failed password for invalid user user from 114.205.67.42 port 48490 ssh2
Oct 14 01:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: Connection closed by 114.205.67.42 port 48490 [preauth]
Oct 14 01:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: Invalid user user from 114.205.67.42
Oct 14 01:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: Failed password for invalid user user from 114.205.67.42 port 1486 ssh2
Oct 14 01:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: Connection closed by 114.205.67.42 port 1486 [preauth]
Oct 14 01:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: Invalid user user from 114.205.67.42
Oct 14 01:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: input_userauth_request: invalid user user [preauth]
Oct 14 01:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: Failed password for invalid user user from 114.205.67.42 port 61858 ssh2
Oct 14 01:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: Connection closed by 114.205.67.42 port 61858 [preauth]
Oct 14 01:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18576]: Invalid user user from 114.205.67.42
Oct 14 01:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18576]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18576]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18582]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18583]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18580]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18576]: Failed password for invalid user user from 114.205.67.42 port 1375 ssh2
Oct 14 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18576]: Connection closed by 114.205.67.42 port 1375 [preauth]
Oct 14 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18670]: Successful su for rubyman by root
Oct 14 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18670]: + ??? root:rubyman
Oct 14 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408405 of user rubyman.
Oct 14 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18670]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408405.
Oct 14 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: Invalid user user from 114.205.67.42
Oct 14 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: Failed password for invalid user user from 114.205.67.42 port 1647 ssh2
Oct 14 01:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: Connection closed by 114.205.67.42 port 1647 [preauth]
Oct 14 01:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: Invalid user user from 114.205.67.42
Oct 14 01:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: Failed password for invalid user user from 114.205.67.42 port 1300 ssh2
Oct 14 01:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18758]: Connection closed by 114.205.67.42 port 1300 [preauth]
Oct 14 01:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Invalid user user from 114.205.67.42
Oct 14 01:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Failed password for invalid user user from 114.205.67.42 port 5651 ssh2
Oct 14 01:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Connection closed by 114.205.67.42 port 5651 [preauth]
Oct 14 01:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18865]: Invalid user user from 114.205.67.42
Oct 14 01:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18865]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18865]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15027]: pam_unix(cron:session): session closed for user root
Oct 14 01:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18865]: Failed password for invalid user user from 114.205.67.42 port 8328 ssh2
Oct 14 01:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18865]: Connection closed by 114.205.67.42 port 8328 [preauth]
Oct 14 01:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18903]: Invalid user user from 114.205.67.42
Oct 14 01:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18903]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18903]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18903]: Failed password for invalid user user from 114.205.67.42 port 10955 ssh2
Oct 14 01:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18903]: Connection closed by 114.205.67.42 port 10955 [preauth]
Oct 14 01:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18581]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: Invalid user user from 114.205.67.42
Oct 14 01:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: Failed password for invalid user user from 114.205.67.42 port 1347 ssh2
Oct 14 01:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: Connection closed by 114.205.67.42 port 1347 [preauth]
Oct 14 01:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: Invalid user user from 114.205.67.42
Oct 14 01:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: Failed password for invalid user user from 114.205.67.42 port 52170 ssh2
Oct 14 01:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19066]: Connection closed by 114.205.67.42 port 52170 [preauth]
Oct 14 01:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: Invalid user user from 114.205.67.42
Oct 14 01:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: Failed password for invalid user user from 114.205.67.42 port 46560 ssh2
Oct 14 01:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19068]: Connection closed by 114.205.67.42 port 46560 [preauth]
Oct 14 01:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: Invalid user user from 114.205.67.42
Oct 14 01:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: Failed password for invalid user user from 114.205.67.42 port 21491 ssh2
Oct 14 01:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19080]: Connection closed by 114.205.67.42 port 21491 [preauth]
Oct 14 01:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: Invalid user user from 114.205.67.42
Oct 14 01:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: Invalid user user from 209.38.110.157
Oct 14 01:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: Failed password for invalid user user from 114.205.67.42 port 23557 ssh2
Oct 14 01:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19104]: Connection closed by 114.205.67.42 port 23557 [preauth]
Oct 14 01:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: Invalid user user from 114.205.67.42
Oct 14 01:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: Failed password for invalid user user from 209.38.110.157 port 57832 ssh2
Oct 14 01:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19106]: Connection closed by 209.38.110.157 port 57832 [preauth]
Oct 14 01:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: Failed password for invalid user user from 114.205.67.42 port 26816 ssh2
Oct 14 01:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19119]: Connection closed by 114.205.67.42 port 26816 [preauth]
Oct 14 01:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Invalid user user from 114.205.67.42
Oct 14 01:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Failed password for invalid user user from 114.205.67.42 port 29160 ssh2
Oct 14 01:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Connection closed by 114.205.67.42 port 29160 [preauth]
Oct 14 01:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17199]: pam_unix(cron:session): session closed for user root
Oct 14 01:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: Invalid user user from 114.205.67.42
Oct 14 01:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: Failed password for invalid user user from 114.205.67.42 port 31459 ssh2
Oct 14 01:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: Connection closed by 114.205.67.42 port 31459 [preauth]
Oct 14 01:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: Invalid user user from 114.205.67.42
Oct 14 01:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: Failed password for invalid user user from 114.205.67.42 port 33825 ssh2
Oct 14 01:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: Connection closed by 114.205.67.42 port 33825 [preauth]
Oct 14 01:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: Invalid user user from 114.205.67.42
Oct 14 01:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: Failed password for invalid user user from 114.205.67.42 port 36777 ssh2
Oct 14 01:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: Connection closed by 114.205.67.42 port 36777 [preauth]
Oct 14 01:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19183]: Invalid user user from 114.205.67.42
Oct 14 01:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19183]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19183]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: Invalid user steam from 122.166.49.42
Oct 14 01:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: input_userauth_request: invalid user steam [preauth]
Oct 14 01:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19183]: Failed password for invalid user user from 114.205.67.42 port 38477 ssh2
Oct 14 01:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19183]: Connection closed by 114.205.67.42 port 38477 [preauth]
Oct 14 01:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19208]: Invalid user user from 114.205.67.42
Oct 14 01:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19208]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19208]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: Failed password for invalid user steam from 122.166.49.42 port 35348 ssh2
Oct 14 01:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: Received disconnect from 122.166.49.42 port 35348:11: Bye Bye [preauth]
Oct 14 01:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19185]: Disconnected from 122.166.49.42 port 35348 [preauth]
Oct 14 01:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19208]: Failed password for invalid user user from 114.205.67.42 port 41841 ssh2
Oct 14 01:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19208]: Connection closed by 114.205.67.42 port 41841 [preauth]
Oct 14 01:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: Invalid user user from 114.205.67.42
Oct 14 01:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: Failed password for invalid user user from 114.205.67.42 port 7534 ssh2
Oct 14 01:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19220]: Connection closed by 114.205.67.42 port 7534 [preauth]
Oct 14 01:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19235]: Invalid user user from 114.205.67.42
Oct 14 01:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19235]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19235]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19235]: Failed password for invalid user user from 114.205.67.42 port 46164 ssh2
Oct 14 01:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19235]: Connection closed by 114.205.67.42 port 46164 [preauth]
Oct 14 01:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: Invalid user user from 114.205.67.42
Oct 14 01:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: input_userauth_request: invalid user user [preauth]
Oct 14 01:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: Failed password for invalid user user from 114.205.67.42 port 48666 ssh2
Oct 14 01:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: Connection closed by 114.205.67.42 port 48666 [preauth]
Oct 14 01:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19252]: Invalid user user from 114.205.67.42
Oct 14 01:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19252]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19252]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19273]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19270]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19260]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19437]: Successful su for rubyman by root
Oct 14 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19437]: + ??? root:rubyman
Oct 14 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19437]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408408 of user rubyman.
Oct 14 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19437]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408408.
Oct 14 01:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19252]: Failed password for invalid user user from 114.205.67.42 port 38921 ssh2
Oct 14 01:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19252]: Connection closed by 114.205.67.42 port 38921 [preauth]
Oct 14 01:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19563]: Invalid user user from 114.205.67.42
Oct 14 01:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19563]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19563]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19563]: Failed password for invalid user user from 114.205.67.42 port 55205 ssh2
Oct 14 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19563]: Connection closed by 114.205.67.42 port 55205 [preauth]
Oct 14 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19744]: Invalid user user from 114.205.67.42
Oct 14 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19744]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19744]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19744]: Failed password for invalid user user from 114.205.67.42 port 56443 ssh2
Oct 14 01:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19744]: Connection closed by 114.205.67.42 port 56443 [preauth]
Oct 14 01:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15630]: pam_unix(cron:session): session closed for user root
Oct 14 01:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19840]: Invalid user user from 114.205.67.42
Oct 14 01:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19840]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19840]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19840]: Failed password for invalid user user from 114.205.67.42 port 60495 ssh2
Oct 14 01:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19840]: Connection closed by 114.205.67.42 port 60495 [preauth]
Oct 14 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19869]: Invalid user user from 114.205.67.42
Oct 14 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19869]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19869]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19869]: Failed password for invalid user user from 114.205.67.42 port 43504 ssh2
Oct 14 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19869]: Connection closed by 114.205.67.42 port 43504 [preauth]
Oct 14 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19910]: Invalid user user from 114.205.67.42
Oct 14 01:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19910]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19910]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19269]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19910]: Failed password for invalid user user from 114.205.67.42 port 63686 ssh2
Oct 14 01:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19910]: Connection closed by 114.205.67.42 port 63686 [preauth]
Oct 14 01:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19943]: Invalid user user from 114.205.67.42
Oct 14 01:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19943]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19943]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19943]: Failed password for invalid user user from 114.205.67.42 port 1313 ssh2
Oct 14 01:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19943]: Connection closed by 114.205.67.42 port 1313 [preauth]
Oct 14 01:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19953]: Invalid user user from 114.205.67.42
Oct 14 01:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19953]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19953]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19953]: Failed password for invalid user user from 114.205.67.42 port 2418 ssh2
Oct 14 01:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19953]: Connection closed by 114.205.67.42 port 2418 [preauth]
Oct 14 01:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: Invalid user user from 114.205.67.42
Oct 14 01:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: Failed password for invalid user user from 114.205.67.42 port 63716 ssh2
Oct 14 01:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19955]: Connection closed by 114.205.67.42 port 63716 [preauth]
Oct 14 01:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19973]: Invalid user user from 114.205.67.42
Oct 14 01:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19973]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: Invalid user test from 209.38.110.157
Oct 14 01:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: input_userauth_request: invalid user test [preauth]
Oct 14 01:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19973]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19973]: Failed password for invalid user user from 114.205.67.42 port 7506 ssh2
Oct 14 01:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: Failed password for invalid user test from 209.38.110.157 port 41112 ssh2
Oct 14 01:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19973]: Connection closed by 114.205.67.42 port 7506 [preauth]
Oct 14 01:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19970]: Connection closed by 209.38.110.157 port 41112 [preauth]
Oct 14 01:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: Invalid user user from 114.205.67.42
Oct 14 01:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198  user=root
Oct 14 01:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: Failed password for invalid user user from 114.205.67.42 port 9871 ssh2
Oct 14 01:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: Connection closed by 114.205.67.42 port 9871 [preauth]
Oct 14 01:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20000]: Failed password for root from 36.67.70.198 port 50062 ssh2
Oct 14 01:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20000]: Received disconnect from 36.67.70.198 port 50062:11: Bye Bye [preauth]
Oct 14 01:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20000]: Disconnected from 36.67.70.198 port 50062 [preauth]
Oct 14 01:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20013]: Invalid user user from 114.205.67.42
Oct 14 01:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20013]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20013]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20013]: Failed password for invalid user user from 114.205.67.42 port 12723 ssh2
Oct 14 01:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20013]: Connection closed by 114.205.67.42 port 12723 [preauth]
Oct 14 01:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: Invalid user user from 114.205.67.42
Oct 14 01:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: Failed password for invalid user user from 114.205.67.42 port 14534 ssh2
Oct 14 01:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20027]: Connection closed by 114.205.67.42 port 14534 [preauth]
Oct 14 01:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: Invalid user user from 114.205.67.42
Oct 14 01:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17722]: pam_unix(cron:session): session closed for user root
Oct 14 01:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: Failed password for invalid user user from 114.205.67.42 port 16714 ssh2
Oct 14 01:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: Connection closed by 114.205.67.42 port 16714 [preauth]
Oct 14 01:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20066]: Invalid user user from 114.205.67.42
Oct 14 01:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20066]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20066]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20066]: Failed password for invalid user user from 114.205.67.42 port 19725 ssh2
Oct 14 01:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20066]: Connection closed by 114.205.67.42 port 19725 [preauth]
Oct 14 01:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: Invalid user user from 114.205.67.42
Oct 14 01:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: Failed password for invalid user user from 114.205.67.42 port 1218 ssh2
Oct 14 01:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: Connection closed by 114.205.67.42 port 1218 [preauth]
Oct 14 01:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20102]: Invalid user user from 114.205.67.42
Oct 14 01:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20102]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20102]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20102]: Failed password for invalid user user from 114.205.67.42 port 10686 ssh2
Oct 14 01:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20102]: Connection closed by 114.205.67.42 port 10686 [preauth]
Oct 14 01:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20113]: Invalid user user from 114.205.67.42
Oct 14 01:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20113]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20113]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20113]: Failed password for invalid user user from 114.205.67.42 port 25759 ssh2
Oct 14 01:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20113]: Connection closed by 114.205.67.42 port 25759 [preauth]
Oct 14 01:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: Invalid user user from 114.205.67.42
Oct 14 01:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: Failed password for invalid user user from 114.205.67.42 port 22880 ssh2
Oct 14 01:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: Connection closed by 114.205.67.42 port 22880 [preauth]
Oct 14 01:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20130]: Invalid user user from 114.205.67.42
Oct 14 01:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20130]: input_userauth_request: invalid user user [preauth]
Oct 14 01:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20130]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20130]: Failed password for invalid user user from 114.205.67.42 port 31291 ssh2
Oct 14 01:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20130]: Connection closed by 114.205.67.42 port 31291 [preauth]
Oct 14 01:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: Invalid user user from 114.205.67.42
Oct 14 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20151]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20150]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20148]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20251]: Successful su for rubyman by root
Oct 14 01:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20251]: + ??? root:rubyman
Oct 14 01:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20251]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408412 of user rubyman.
Oct 14 01:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20251]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408412.
Oct 14 01:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: Failed password for invalid user user from 114.205.67.42 port 33143 ssh2
Oct 14 01:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: Connection closed by 114.205.67.42 port 33143 [preauth]
Oct 14 01:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: Invalid user user from 114.205.67.42
Oct 14 01:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: Failed password for invalid user user from 114.205.67.42 port 36197 ssh2
Oct 14 01:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: Connection closed by 114.205.67.42 port 36197 [preauth]
Oct 14 01:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: Invalid user user from 114.205.67.42
Oct 14 01:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16149]: pam_unix(cron:session): session closed for user root
Oct 14 01:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: Failed password for invalid user user from 114.205.67.42 port 38096 ssh2
Oct 14 01:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: Connection closed by 114.205.67.42 port 38096 [preauth]
Oct 14 01:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20452]: Invalid user user from 114.205.67.42
Oct 14 01:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20452]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20452]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20452]: Failed password for invalid user user from 114.205.67.42 port 40132 ssh2
Oct 14 01:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20452]: Connection closed by 114.205.67.42 port 40132 [preauth]
Oct 14 01:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Invalid user user from 114.205.67.42
Oct 14 01:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Failed password for invalid user user from 114.205.67.42 port 64211 ssh2
Oct 14 01:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Connection closed by 114.205.67.42 port 64211 [preauth]
Oct 14 01:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20490]: Invalid user user from 114.205.67.42
Oct 14 01:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20490]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20490]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20149]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20490]: Failed password for invalid user user from 114.205.67.42 port 56378 ssh2
Oct 14 01:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20490]: Connection closed by 114.205.67.42 port 56378 [preauth]
Oct 14 01:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Invalid user user from 114.205.67.42
Oct 14 01:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Failed password for invalid user user from 114.205.67.42 port 25766 ssh2
Oct 14 01:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Connection closed by 114.205.67.42 port 25766 [preauth]
Oct 14 01:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: Invalid user user from 114.205.67.42
Oct 14 01:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20538]: Invalid user admin1 from 122.166.49.42
Oct 14 01:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20538]: input_userauth_request: invalid user admin1 [preauth]
Oct 14 01:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20538]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: Failed password for invalid user user from 114.205.67.42 port 50018 ssh2
Oct 14 01:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: Connection closed by 114.205.67.42 port 50018 [preauth]
Oct 14 01:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20538]: Failed password for invalid user admin1 from 122.166.49.42 port 39570 ssh2
Oct 14 01:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20538]: Received disconnect from 122.166.49.42 port 39570:11: Bye Bye [preauth]
Oct 14 01:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20538]: Disconnected from 122.166.49.42 port 39570 [preauth]
Oct 14 01:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: Invalid user user from 114.205.67.42
Oct 14 01:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: Invalid user test from 209.38.110.157
Oct 14 01:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: input_userauth_request: invalid user test [preauth]
Oct 14 01:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: Failed password for invalid user user from 114.205.67.42 port 52343 ssh2
Oct 14 01:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: Connection closed by 114.205.67.42 port 52343 [preauth]
Oct 14 01:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: Invalid user user from 114.205.67.42
Oct 14 01:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: Failed password for invalid user test from 209.38.110.157 port 54054 ssh2
Oct 14 01:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: Connection closed by 209.38.110.157 port 54054 [preauth]
Oct 14 01:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: Failed password for invalid user user from 114.205.67.42 port 56078 ssh2
Oct 14 01:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: Connection closed by 114.205.67.42 port 56078 [preauth]
Oct 14 01:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: Invalid user user from 114.205.67.42
Oct 14 01:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: Failed password for invalid user user from 114.205.67.42 port 58546 ssh2
Oct 14 01:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: Connection closed by 114.205.67.42 port 58546 [preauth]
Oct 14 01:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: Invalid user user from 114.205.67.42
Oct 14 01:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: Failed password for invalid user user from 114.205.67.42 port 21404 ssh2
Oct 14 01:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: Connection closed by 114.205.67.42 port 21404 [preauth]
Oct 14 01:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20587]: Invalid user user from 114.205.67.42
Oct 14 01:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20587]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20587]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18583]: pam_unix(cron:session): session closed for user root
Oct 14 01:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20587]: Failed password for invalid user user from 114.205.67.42 port 65162 ssh2
Oct 14 01:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20587]: Connection closed by 114.205.67.42 port 65162 [preauth]
Oct 14 01:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: Invalid user user from 114.205.67.42
Oct 14 01:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: Failed password for invalid user user from 114.205.67.42 port 2899 ssh2
Oct 14 01:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: Connection closed by 114.205.67.42 port 2899 [preauth]
Oct 14 01:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: Invalid user user from 114.205.67.42
Oct 14 01:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: Failed password for invalid user user from 114.205.67.42 port 6002 ssh2
Oct 14 01:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20629]: Connection closed by 114.205.67.42 port 6002 [preauth]
Oct 14 01:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20643]: Invalid user user from 114.205.67.42
Oct 14 01:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20643]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20643]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20643]: Failed password for invalid user user from 114.205.67.42 port 61710 ssh2
Oct 14 01:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20643]: Connection closed by 114.205.67.42 port 61710 [preauth]
Oct 14 01:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20659]: Invalid user user from 114.205.67.42
Oct 14 01:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20659]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20659]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20659]: Failed password for invalid user user from 114.205.67.42 port 28781 ssh2
Oct 14 01:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20659]: Connection closed by 114.205.67.42 port 28781 [preauth]
Oct 14 01:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: Invalid user user from 114.205.67.42
Oct 14 01:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: Failed password for invalid user user from 114.205.67.42 port 24582 ssh2
Oct 14 01:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: Connection closed by 114.205.67.42 port 24582 [preauth]
Oct 14 01:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: Invalid user user from 114.205.67.42
Oct 14 01:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: Failed password for invalid user user from 114.205.67.42 port 17233 ssh2
Oct 14 01:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: Connection closed by 114.205.67.42 port 17233 [preauth]
Oct 14 01:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: Invalid user user from 114.205.67.42
Oct 14 01:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: input_userauth_request: invalid user user [preauth]
Oct 14 01:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20702]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20701]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20698]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: Failed password for invalid user user from 114.205.67.42 port 19616 ssh2
Oct 14 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: Connection closed by 114.205.67.42 port 19616 [preauth]
Oct 14 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20784]: Successful su for rubyman by root
Oct 14 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20784]: + ??? root:rubyman
Oct 14 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408416 of user rubyman.
Oct 14 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20784]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408416.
Oct 14 01:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20882]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20882]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20882]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20882]: Failed password for invalid user ubuntu from 114.205.67.42 port 3793 ssh2
Oct 14 01:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20882]: Connection closed by 114.205.67.42 port 3793 [preauth]
Oct 14 01:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16669]: pam_unix(cron:session): session closed for user root
Oct 14 01:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: Failed password for invalid user ubuntu from 114.205.67.42 port 17639 ssh2
Oct 14 01:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: Connection closed by 114.205.67.42 port 17639 [preauth]
Oct 14 01:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: Failed password for invalid user ubuntu from 114.205.67.42 port 24293 ssh2
Oct 14 01:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: Connection closed by 114.205.67.42 port 24293 [preauth]
Oct 14 01:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20996]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20996]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20996]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20699]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20996]: Failed password for invalid user ubuntu from 114.205.67.42 port 29588 ssh2
Oct 14 01:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20996]: Connection closed by 114.205.67.42 port 29588 [preauth]
Oct 14 01:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: Failed password for invalid user ubuntu from 114.205.67.42 port 32709 ssh2
Oct 14 01:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21025]: Connection closed by 114.205.67.42 port 32709 [preauth]
Oct 14 01:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Failed password for invalid user ubuntu from 114.205.67.42 port 36887 ssh2
Oct 14 01:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Connection closed by 114.205.67.42 port 36887 [preauth]
Oct 14 01:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21055]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21055]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21055]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21057]: Invalid user k8s from 36.67.70.198
Oct 14 01:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21057]: input_userauth_request: invalid user k8s [preauth]
Oct 14 01:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21057]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: Invalid user test from 209.38.110.157
Oct 14 01:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: input_userauth_request: invalid user test [preauth]
Oct 14 01:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21055]: Failed password for invalid user ubuntu from 114.205.67.42 port 40013 ssh2
Oct 14 01:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21055]: Connection closed by 114.205.67.42 port 40013 [preauth]
Oct 14 01:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21057]: Failed password for invalid user k8s from 36.67.70.198 port 32866 ssh2
Oct 14 01:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21057]: Received disconnect from 36.67.70.198 port 32866:11: Bye Bye [preauth]
Oct 14 01:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21057]: Disconnected from 36.67.70.198 port 32866 [preauth]
Oct 14 01:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: Failed password for invalid user test from 209.38.110.157 port 57480 ssh2
Oct 14 01:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: Connection closed by 209.38.110.157 port 57480 [preauth]
Oct 14 01:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: Failed password for invalid user ubuntu from 114.205.67.42 port 43904 ssh2
Oct 14 01:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: Connection closed by 114.205.67.42 port 43904 [preauth]
Oct 14 01:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: Failed password for invalid user ubuntu from 114.205.67.42 port 35648 ssh2
Oct 14 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: Connection closed by 114.205.67.42 port 35648 [preauth]
Oct 14 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: Failed password for invalid user ubuntu from 114.205.67.42 port 11213 ssh2
Oct 14 01:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: Connection closed by 114.205.67.42 port 11213 [preauth]
Oct 14 01:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21106]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21106]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21106]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19273]: pam_unix(cron:session): session closed for user root
Oct 14 01:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21106]: Failed password for invalid user ubuntu from 114.205.67.42 port 50631 ssh2
Oct 14 01:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21106]: Connection closed by 114.205.67.42 port 50631 [preauth]
Oct 14 01:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: Failed password for invalid user ubuntu from 114.205.67.42 port 54220 ssh2
Oct 14 01:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: Connection closed by 114.205.67.42 port 54220 [preauth]
Oct 14 01:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Failed password for invalid user ubuntu from 114.205.67.42 port 55516 ssh2
Oct 14 01:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Connection closed by 114.205.67.42 port 55516 [preauth]
Oct 14 01:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Failed password for invalid user ubuntu from 114.205.67.42 port 48213 ssh2
Oct 14 01:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Connection closed by 114.205.67.42 port 48213 [preauth]
Oct 14 01:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: Failed password for invalid user ubuntu from 114.205.67.42 port 61106 ssh2
Oct 14 01:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: Connection closed by 114.205.67.42 port 61106 [preauth]
Oct 14 01:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: Failed password for invalid user ubuntu from 114.205.67.42 port 63070 ssh2
Oct 14 01:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: Connection closed by 114.205.67.42 port 63070 [preauth]
Oct 14 01:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: Failed password for invalid user ubuntu from 114.205.67.42 port 1728 ssh2
Oct 14 01:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: Connection closed by 114.205.67.42 port 1728 [preauth]
Oct 14 01:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: Failed password for invalid user ubuntu from 114.205.67.42 port 1590 ssh2
Oct 14 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: Connection closed by 114.205.67.42 port 1590 [preauth]
Oct 14 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21200]: Invalid user vishal from 122.166.49.42
Oct 14 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21200]: input_userauth_request: invalid user vishal [preauth]
Oct 14 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21200]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21202]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21202]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21202]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21211]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21210]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21208]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21209]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21211]: pam_unix(cron:session): session closed for user root
Oct 14 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21206]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21200]: Failed password for invalid user vishal from 122.166.49.42 port 43798 ssh2
Oct 14 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21202]: Failed password for invalid user ubuntu from 114.205.67.42 port 5097 ssh2
Oct 14 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21200]: Received disconnect from 122.166.49.42 port 43798:11: Bye Bye [preauth]
Oct 14 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21200]: Disconnected from 122.166.49.42 port 43798 [preauth]
Oct 14 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21202]: Connection closed by 114.205.67.42 port 5097 [preauth]
Oct 14 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21303]: Successful su for rubyman by root
Oct 14 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21303]: + ??? root:rubyman
Oct 14 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408423 of user rubyman.
Oct 14 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21303]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408423.
Oct 14 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: Failed password for invalid user ubuntu from 114.205.67.42 port 6551 ssh2
Oct 14 01:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21301]: Connection closed by 114.205.67.42 port 6551 [preauth]
Oct 14 01:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: Failed password for invalid user ubuntu from 114.205.67.42 port 8394 ssh2
Oct 14 01:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: Connection closed by 114.205.67.42 port 8394 [preauth]
Oct 14 01:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17198]: pam_unix(cron:session): session closed for user root
Oct 14 01:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21208]: pam_unix(cron:session): session closed for user root
Oct 14 01:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: Failed password for invalid user ubuntu from 114.205.67.42 port 55652 ssh2
Oct 14 01:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21480]: Connection closed by 114.205.67.42 port 55652 [preauth]
Oct 14 01:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: Invalid user mytest from 164.68.105.9
Oct 14 01:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: input_userauth_request: invalid user mytest [preauth]
Oct 14 01:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 14 01:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: Failed password for invalid user mytest from 164.68.105.9 port 43916 ssh2
Oct 14 01:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: Connection closed by 164.68.105.9 port 43916 [preauth]
Oct 14 01:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Failed password for invalid user ubuntu from 114.205.67.42 port 13677 ssh2
Oct 14 01:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Connection closed by 114.205.67.42 port 13677 [preauth]
Oct 14 01:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21602]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21602]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21602]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21602]: Failed password for invalid user ubuntu from 114.205.67.42 port 29703 ssh2
Oct 14 01:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21602]: Connection closed by 114.205.67.42 port 29703 [preauth]
Oct 14 01:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21619]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21619]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21619]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21619]: Failed password for invalid user ubuntu from 114.205.67.42 port 18294 ssh2
Oct 14 01:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21619]: Connection closed by 114.205.67.42 port 18294 [preauth]
Oct 14 01:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21207]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: Failed password for invalid user ubuntu from 114.205.67.42 port 21267 ssh2
Oct 14 01:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: Connection closed by 114.205.67.42 port 21267 [preauth]
Oct 14 01:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21664]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21664]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21664]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21664]: Failed password for invalid user ubuntu from 114.205.67.42 port 18513 ssh2
Oct 14 01:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21664]: Connection closed by 114.205.67.42 port 18513 [preauth]
Oct 14 01:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21667]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21667]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21667]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21677]: Invalid user test from 209.38.110.157
Oct 14 01:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21677]: input_userauth_request: invalid user test [preauth]
Oct 14 01:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21677]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21667]: Failed password for invalid user ubuntu from 114.205.67.42 port 32457 ssh2
Oct 14 01:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21667]: Connection closed by 114.205.67.42 port 32457 [preauth]
Oct 14 01:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21677]: Failed password for invalid user test from 209.38.110.157 port 44474 ssh2
Oct 14 01:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21677]: Connection closed by 209.38.110.157 port 44474 [preauth]
Oct 14 01:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: Failed password for invalid user ubuntu from 114.205.67.42 port 28166 ssh2
Oct 14 01:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21682]: Connection closed by 114.205.67.42 port 28166 [preauth]
Oct 14 01:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Failed password for invalid user ubuntu from 114.205.67.42 port 30820 ssh2
Oct 14 01:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Connection closed by 114.205.67.42 port 30820 [preauth]
Oct 14 01:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20151]: pam_unix(cron:session): session closed for user root
Oct 14 01:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: Failed password for invalid user ubuntu from 114.205.67.42 port 10108 ssh2
Oct 14 01:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: Connection closed by 114.205.67.42 port 10108 [preauth]
Oct 14 01:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21729]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21729]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21729]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21729]: Failed password for invalid user ubuntu from 114.205.67.42 port 35490 ssh2
Oct 14 01:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21729]: Connection closed by 114.205.67.42 port 35490 [preauth]
Oct 14 01:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21755]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21755]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21755]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21755]: Failed password for invalid user ubuntu from 114.205.67.42 port 37244 ssh2
Oct 14 01:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21755]: Connection closed by 114.205.67.42 port 37244 [preauth]
Oct 14 01:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21761]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21761]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21761]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21761]: Failed password for invalid user ubuntu from 114.205.67.42 port 39910 ssh2
Oct 14 01:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21761]: Connection closed by 114.205.67.42 port 39910 [preauth]
Oct 14 01:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: Failed password for invalid user ubuntu from 114.205.67.42 port 42592 ssh2
Oct 14 01:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21781]: Connection closed by 114.205.67.42 port 42592 [preauth]
Oct 14 01:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21789]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21789]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21789]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21789]: Failed password for invalid user ubuntu from 114.205.67.42 port 44256 ssh2
Oct 14 01:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21789]: Connection closed by 114.205.67.42 port 44256 [preauth]
Oct 14 01:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: Failed password for invalid user ubuntu from 114.205.67.42 port 46978 ssh2
Oct 14 01:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21799]: Connection closed by 114.205.67.42 port 46978 [preauth]
Oct 14 01:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21815]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21815]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21815]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21815]: Failed password for invalid user ubuntu from 114.205.67.42 port 24991 ssh2
Oct 14 01:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21815]: Connection closed by 114.205.67.42 port 24991 [preauth]
Oct 14 01:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21825]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21824]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: Failed password for invalid user ubuntu from 114.205.67.42 port 51006 ssh2
Oct 14 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21822]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: Connection closed by 114.205.67.42 port 51006 [preauth]
Oct 14 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21923]: Successful su for rubyman by root
Oct 14 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21923]: + ??? root:rubyman
Oct 14 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408426 of user rubyman.
Oct 14 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21923]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408426.
Oct 14 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: Failed password for invalid user ubuntu from 114.205.67.42 port 53632 ssh2
Oct 14 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: Connection closed by 114.205.67.42 port 53632 [preauth]
Oct 14 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21956]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21956]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21956]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21956]: Failed password for invalid user ubuntu from 114.205.67.42 port 55565 ssh2
Oct 14 01:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21956]: Connection closed by 114.205.67.42 port 55565 [preauth]
Oct 14 01:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17720]: pam_unix(cron:session): session closed for user root
Oct 14 01:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: Failed password for invalid user ubuntu from 114.205.67.42 port 59269 ssh2
Oct 14 01:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: Connection closed by 114.205.67.42 port 59269 [preauth]
Oct 14 01:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22116]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22116]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22116]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22116]: Failed password for invalid user ubuntu from 114.205.67.42 port 60470 ssh2
Oct 14 01:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22116]: Connection closed by 114.205.67.42 port 60470 [preauth]
Oct 14 01:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22134]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22134]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22134]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22134]: Failed password for invalid user ubuntu from 114.205.67.42 port 40058 ssh2
Oct 14 01:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22134]: Connection closed by 114.205.67.42 port 40058 [preauth]
Oct 14 01:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21823]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: Invalid user cgonzalez from 36.67.70.198
Oct 14 01:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: input_userauth_request: invalid user cgonzalez [preauth]
Oct 14 01:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: Failed password for invalid user ubuntu from 114.205.67.42 port 55513 ssh2
Oct 14 01:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22154]: Connection closed by 114.205.67.42 port 55513 [preauth]
Oct 14 01:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: Failed password for invalid user cgonzalez from 36.67.70.198 port 42504 ssh2
Oct 14 01:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: Received disconnect from 36.67.70.198 port 42504:11: Bye Bye [preauth]
Oct 14 01:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: Disconnected from 36.67.70.198 port 42504 [preauth]
Oct 14 01:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: Failed password for invalid user ubuntu from 114.205.67.42 port 26277 ssh2
Oct 14 01:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22219]: Connection closed by 114.205.67.42 port 26277 [preauth]
Oct 14 01:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22222]: Invalid user test from 209.38.110.157
Oct 14 01:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22222]: input_userauth_request: invalid user test [preauth]
Oct 14 01:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22226]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22226]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22222]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22226]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22222]: Failed password for invalid user test from 209.38.110.157 port 55110 ssh2
Oct 14 01:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22226]: Failed password for invalid user ubuntu from 114.205.67.42 port 3199 ssh2
Oct 14 01:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22226]: Connection closed by 114.205.67.42 port 3199 [preauth]
Oct 14 01:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22222]: Connection closed by 209.38.110.157 port 55110 [preauth]
Oct 14 01:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: Failed password for invalid user ubuntu from 114.205.67.42 port 35522 ssh2
Oct 14 01:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22243]: Connection closed by 114.205.67.42 port 35522 [preauth]
Oct 14 01:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22262]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22262]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22262]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: Invalid user ubuntu from 122.166.49.42
Oct 14 01:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22262]: Failed password for invalid user ubuntu from 114.205.67.42 port 9469 ssh2
Oct 14 01:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22262]: Connection closed by 114.205.67.42 port 9469 [preauth]
Oct 14 01:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: Failed password for invalid user ubuntu from 122.166.49.42 port 48008 ssh2
Oct 14 01:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: Received disconnect from 122.166.49.42 port 48008:11: Bye Bye [preauth]
Oct 14 01:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22265]: Disconnected from 122.166.49.42 port 48008 [preauth]
Oct 14 01:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: Failed password for invalid user ubuntu from 114.205.67.42 port 13225 ssh2
Oct 14 01:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: Connection closed by 114.205.67.42 port 13225 [preauth]
Oct 14 01:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Failed password for invalid user ubuntu from 114.205.67.42 port 15555 ssh2
Oct 14 01:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Connection closed by 114.205.67.42 port 15555 [preauth]
Oct 14 01:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20702]: pam_unix(cron:session): session closed for user root
Oct 14 01:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22303]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22303]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22303]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22303]: Failed password for invalid user ubuntu from 114.205.67.42 port 37851 ssh2
Oct 14 01:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22303]: Connection closed by 114.205.67.42 port 37851 [preauth]
Oct 14 01:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22322]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22322]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22322]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22322]: Failed password for invalid user ubuntu from 114.205.67.42 port 20785 ssh2
Oct 14 01:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22322]: Connection closed by 114.205.67.42 port 20785 [preauth]
Oct 14 01:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: Failed password for invalid user ubuntu from 114.205.67.42 port 64178 ssh2
Oct 14 01:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: Connection closed by 114.205.67.42 port 64178 [preauth]
Oct 14 01:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: Failed password for invalid user ubuntu from 114.205.67.42 port 21075 ssh2
Oct 14 01:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: Connection closed by 114.205.67.42 port 21075 [preauth]
Oct 14 01:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22354]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22354]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22354]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22354]: Failed password for invalid user ubuntu from 114.205.67.42 port 28053 ssh2
Oct 14 01:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22354]: Connection closed by 114.205.67.42 port 28053 [preauth]
Oct 14 01:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: Failed password for invalid user ubuntu from 114.205.67.42 port 30397 ssh2
Oct 14 01:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: Connection closed by 114.205.67.42 port 30397 [preauth]
Oct 14 01:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22376]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22376]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22376]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22376]: Failed password for invalid user ubuntu from 114.205.67.42 port 33664 ssh2
Oct 14 01:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22376]: Connection closed by 114.205.67.42 port 33664 [preauth]
Oct 14 01:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22378]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22378]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22378]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22378]: Failed password for invalid user ubuntu from 114.205.67.42 port 35453 ssh2
Oct 14 01:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22378]: Connection closed by 114.205.67.42 port 35453 [preauth]
Oct 14 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22396]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22397]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22395]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22393]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22393]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22470]: Successful su for rubyman by root
Oct 14 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22470]: + ??? root:rubyman
Oct 14 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408431 of user rubyman.
Oct 14 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22470]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408431.
Oct 14 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: Failed password for invalid user ubuntu from 114.205.67.42 port 37968 ssh2
Oct 14 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: Connection closed by 114.205.67.42 port 37968 [preauth]
Oct 14 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22493]: Invalid user panyue from 159.65.53.56
Oct 14 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22493]: input_userauth_request: invalid user panyue [preauth]
Oct 14 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22493]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.53.56
Oct 14 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22493]: Failed password for invalid user panyue from 159.65.53.56 port 38158 ssh2
Oct 14 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22493]: Connection closed by 159.65.53.56 port 38158 [preauth]
Oct 14 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Failed password for invalid user ubuntu from 114.205.67.42 port 40675 ssh2
Oct 14 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Connection closed by 114.205.67.42 port 40675 [preauth]
Oct 14 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Failed password for invalid user ubuntu from 114.205.67.42 port 45498 ssh2
Oct 14 01:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Connection closed by 114.205.67.42 port 45498 [preauth]
Oct 14 01:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18582]: pam_unix(cron:session): session closed for user root
Oct 14 01:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: Failed password for invalid user ubuntu from 114.205.67.42 port 33872 ssh2
Oct 14 01:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: Connection closed by 114.205.67.42 port 33872 [preauth]
Oct 14 01:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: Failed password for invalid user ubuntu from 114.205.67.42 port 15268 ssh2
Oct 14 01:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: Connection closed by 114.205.67.42 port 15268 [preauth]
Oct 14 01:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22897]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22897]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22897]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22395]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22897]: Failed password for invalid user ubuntu from 114.205.67.42 port 50375 ssh2
Oct 14 01:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22897]: Connection closed by 114.205.67.42 port 50375 [preauth]
Oct 14 01:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: Failed password for invalid user ubuntu from 114.205.67.42 port 53858 ssh2
Oct 14 01:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22944]: Invalid user test from 209.38.110.157
Oct 14 01:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22944]: input_userauth_request: invalid user test [preauth]
Oct 14 01:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: Connection closed by 114.205.67.42 port 53858 [preauth]
Oct 14 01:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22944]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22949]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22949]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22949]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22944]: Failed password for invalid user test from 209.38.110.157 port 35880 ssh2
Oct 14 01:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22944]: Connection closed by 209.38.110.157 port 35880 [preauth]
Oct 14 01:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22949]: Failed password for invalid user ubuntu from 114.205.67.42 port 56524 ssh2
Oct 14 01:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22949]: Connection closed by 114.205.67.42 port 56524 [preauth]
Oct 14 01:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22954]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22954]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22954]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22954]: Failed password for invalid user ubuntu from 114.205.67.42 port 59732 ssh2
Oct 14 01:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22954]: Connection closed by 114.205.67.42 port 59732 [preauth]
Oct 14 01:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23097]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23097]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23097]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23097]: Failed password for invalid user ubuntu from 114.205.67.42 port 62163 ssh2
Oct 14 01:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23097]: Connection closed by 114.205.67.42 port 62163 [preauth]
Oct 14 01:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23122]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23122]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23122]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23122]: Failed password for invalid user ubuntu from 114.205.67.42 port 64781 ssh2
Oct 14 01:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23122]: Connection closed by 114.205.67.42 port 64781 [preauth]
Oct 14 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23132]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23132]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23132]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23132]: Failed password for invalid user ubuntu from 114.205.67.42 port 2064 ssh2
Oct 14 01:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23132]: Connection closed by 114.205.67.42 port 2064 [preauth]
Oct 14 01:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Failed password for invalid user ubuntu from 114.205.67.42 port 21284 ssh2
Oct 14 01:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Connection closed by 114.205.67.42 port 21284 [preauth]
Oct 14 01:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21210]: pam_unix(cron:session): session closed for user root
Oct 14 01:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Failed password for invalid user ubuntu from 114.205.67.42 port 62135 ssh2
Oct 14 01:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Connection closed by 114.205.67.42 port 62135 [preauth]
Oct 14 01:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: Failed password for invalid user ubuntu from 114.205.67.42 port 10569 ssh2
Oct 14 01:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: Connection closed by 114.205.67.42 port 10569 [preauth]
Oct 14 01:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23217]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23217]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23217]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23217]: Failed password for invalid user ubuntu from 114.205.67.42 port 37395 ssh2
Oct 14 01:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23217]: Connection closed by 114.205.67.42 port 37395 [preauth]
Oct 14 01:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23221]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23221]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23221]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23221]: Failed password for invalid user ubuntu from 114.205.67.42 port 10274 ssh2
Oct 14 01:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23221]: Connection closed by 114.205.67.42 port 10274 [preauth]
Oct 14 01:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23254]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23254]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23254]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: Invalid user fengyun from 190.103.202.7
Oct 14 01:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: input_userauth_request: invalid user fengyun [preauth]
Oct 14 01:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 14 01:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23254]: Failed password for invalid user ubuntu from 114.205.67.42 port 6620 ssh2
Oct 14 01:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: Failed password for invalid user fengyun from 190.103.202.7 port 45512 ssh2
Oct 14 01:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23254]: Connection closed by 114.205.67.42 port 6620 [preauth]
Oct 14 01:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: Connection closed by 190.103.202.7 port 45512 [preauth]
Oct 14 01:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: Failed password for invalid user ubuntu from 114.205.67.42 port 16747 ssh2
Oct 14 01:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23256]: Connection closed by 114.205.67.42 port 16747 [preauth]
Oct 14 01:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23274]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23274]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23274]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23274]: Failed password for invalid user ubuntu from 114.205.67.42 port 23651 ssh2
Oct 14 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23274]: Connection closed by 114.205.67.42 port 23651 [preauth]
Oct 14 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23296]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23297]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23276]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23276]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23294]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23276]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23495]: Successful su for rubyman by root
Oct 14 01:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23495]: + ??? root:rubyman
Oct 14 01:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408436 of user rubyman.
Oct 14 01:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23495]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408436.
Oct 14 01:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23276]: Failed password for invalid user ubuntu from 114.205.67.42 port 13643 ssh2
Oct 14 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23276]: Connection closed by 114.205.67.42 port 13643 [preauth]
Oct 14 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: Invalid user oracle from 36.67.70.198
Oct 14 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: input_userauth_request: invalid user oracle [preauth]
Oct 14 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23545]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23545]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23545]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42  user=root
Oct 14 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23545]: Failed password for invalid user ubuntu from 114.205.67.42 port 17707 ssh2
Oct 14 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23545]: Connection closed by 114.205.67.42 port 17707 [preauth]
Oct 14 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: Failed password for root from 122.166.49.42 port 52232 ssh2
Oct 14 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: Failed password for invalid user oracle from 36.67.70.198 port 49484 ssh2
Oct 14 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: Received disconnect from 122.166.49.42 port 52232:11: Bye Bye [preauth]
Oct 14 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: Disconnected from 122.166.49.42 port 52232 [preauth]
Oct 14 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: Received disconnect from 36.67.70.198 port 49484:11: Bye Bye [preauth]
Oct 14 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23489]: Disconnected from 36.67.70.198 port 49484 [preauth]
Oct 14 01:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23805]: Invalid user ubuntu from 114.205.67.42
Oct 14 01:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23805]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23805]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19270]: pam_unix(cron:session): session closed for user root
Oct 14 01:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23805]: Failed password for invalid user ubuntu from 114.205.67.42 port 31023 ssh2
Oct 14 01:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23805]: Connection closed by 114.205.67.42 port 31023 [preauth]
Oct 14 01:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: Invalid user debian from 114.205.67.42
Oct 14 01:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23295]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: Failed password for invalid user debian from 114.205.67.42 port 32215 ssh2
Oct 14 01:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23925]: Connection closed by 114.205.67.42 port 32215 [preauth]
Oct 14 01:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23959]: Invalid user debian from 114.205.67.42
Oct 14 01:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23959]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23959]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23963]: Invalid user test from 209.38.110.157
Oct 14 01:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23963]: input_userauth_request: invalid user test [preauth]
Oct 14 01:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23963]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23959]: Failed password for invalid user debian from 114.205.67.42 port 40677 ssh2
Oct 14 01:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23959]: Connection closed by 114.205.67.42 port 40677 [preauth]
Oct 14 01:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23963]: Failed password for invalid user test from 209.38.110.157 port 53572 ssh2
Oct 14 01:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23963]: Connection closed by 209.38.110.157 port 53572 [preauth]
Oct 14 01:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23977]: Invalid user debian from 114.205.67.42
Oct 14 01:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23977]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23977]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23977]: Failed password for invalid user debian from 114.205.67.42 port 22744 ssh2
Oct 14 01:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23977]: Connection closed by 114.205.67.42 port 22744 [preauth]
Oct 14 01:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: Invalid user debian from 114.205.67.42
Oct 14 01:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: Failed password for invalid user debian from 114.205.67.42 port 45978 ssh2
Oct 14 01:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: Connection closed by 114.205.67.42 port 45978 [preauth]
Oct 14 01:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: Invalid user debian from 114.205.67.42
Oct 14 01:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: Failed password for invalid user debian from 114.205.67.42 port 51466 ssh2
Oct 14 01:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: Connection closed by 114.205.67.42 port 51466 [preauth]
Oct 14 01:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24010]: Invalid user debian from 114.205.67.42
Oct 14 01:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24010]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24010]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24010]: Failed password for invalid user debian from 114.205.67.42 port 50693 ssh2
Oct 14 01:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24010]: Connection closed by 114.205.67.42 port 50693 [preauth]
Oct 14 01:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: Invalid user debian from 114.205.67.42
Oct 14 01:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: Failed password for invalid user debian from 114.205.67.42 port 52845 ssh2
Oct 14 01:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: Connection closed by 114.205.67.42 port 52845 [preauth]
Oct 14 01:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: Invalid user debian from 114.205.67.42
Oct 14 01:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: Failed password for invalid user debian from 114.205.67.42 port 54631 ssh2
Oct 14 01:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: Connection closed by 114.205.67.42 port 54631 [preauth]
Oct 14 01:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Invalid user debian from 114.205.67.42
Oct 14 01:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Failed password for invalid user debian from 114.205.67.42 port 58141 ssh2
Oct 14 01:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Connection closed by 114.205.67.42 port 58141 [preauth]
Oct 14 01:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21825]: pam_unix(cron:session): session closed for user root
Oct 14 01:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: Invalid user debian from 114.205.67.42
Oct 14 01:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: Failed password for invalid user debian from 114.205.67.42 port 59966 ssh2
Oct 14 01:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24082]: Connection closed by 114.205.67.42 port 59966 [preauth]
Oct 14 01:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: Invalid user debian from 114.205.67.42
Oct 14 01:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: Failed password for invalid user debian from 114.205.67.42 port 17453 ssh2
Oct 14 01:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24094]: Connection closed by 114.205.67.42 port 17453 [preauth]
Oct 14 01:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: Invalid user debian from 114.205.67.42
Oct 14 01:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: Failed password for invalid user debian from 114.205.67.42 port 1471 ssh2
Oct 14 01:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: Connection closed by 114.205.67.42 port 1471 [preauth]
Oct 14 01:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Invalid user debian from 114.205.67.42
Oct 14 01:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Failed password for invalid user debian from 114.205.67.42 port 20841 ssh2
Oct 14 01:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Connection closed by 114.205.67.42 port 20841 [preauth]
Oct 14 01:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: Invalid user debian from 114.205.67.42
Oct 14 01:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: Failed password for invalid user debian from 114.205.67.42 port 7903 ssh2
Oct 14 01:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24156]: Connection closed by 114.205.67.42 port 7903 [preauth]
Oct 14 01:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24158]: Invalid user debian from 114.205.67.42
Oct 14 01:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24158]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24158]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24158]: Failed password for invalid user debian from 114.205.67.42 port 11109 ssh2
Oct 14 01:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24158]: Connection closed by 114.205.67.42 port 11109 [preauth]
Oct 14 01:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: Invalid user debian from 114.205.67.42
Oct 14 01:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: Failed password for invalid user debian from 114.205.67.42 port 15535 ssh2
Oct 14 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: Connection closed by 114.205.67.42 port 15535 [preauth]
Oct 14 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24186]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24188]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24180]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24176]: Invalid user debian from 114.205.67.42
Oct 14 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24176]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24176]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24268]: Successful su for rubyman by root
Oct 14 01:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24268]: + ??? root:rubyman
Oct 14 01:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408440 of user rubyman.
Oct 14 01:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24268]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408440.
Oct 14 01:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24176]: Failed password for invalid user debian from 114.205.67.42 port 15870 ssh2
Oct 14 01:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24176]: Connection closed by 114.205.67.42 port 15870 [preauth]
Oct 14 01:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: Invalid user debian from 114.205.67.42
Oct 14 01:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: Failed password for invalid user debian from 114.205.67.42 port 19953 ssh2
Oct 14 01:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: Connection closed by 114.205.67.42 port 19953 [preauth]
Oct 14 01:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24384]: Invalid user debian from 114.205.67.42
Oct 14 01:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24384]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24384]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20150]: pam_unix(cron:session): session closed for user root
Oct 14 01:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24384]: Failed password for invalid user debian from 114.205.67.42 port 8113 ssh2
Oct 14 01:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24384]: Connection closed by 114.205.67.42 port 8113 [preauth]
Oct 14 01:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: Invalid user debian from 114.205.67.42
Oct 14 01:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: Failed password for invalid user debian from 114.205.67.42 port 65174 ssh2
Oct 14 01:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: Connection closed by 114.205.67.42 port 65174 [preauth]
Oct 14 01:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: Invalid user debian from 114.205.67.42
Oct 14 01:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: Failed password for invalid user debian from 114.205.67.42 port 26846 ssh2
Oct 14 01:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24509]: Connection closed by 114.205.67.42 port 26846 [preauth]
Oct 14 01:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: Invalid user test from 209.38.110.157
Oct 14 01:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: input_userauth_request: invalid user test [preauth]
Oct 14 01:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24185]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Invalid user debian from 114.205.67.42
Oct 14 01:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: Failed password for invalid user test from 209.38.110.157 port 60056 ssh2
Oct 14 01:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: Connection closed by 209.38.110.157 port 60056 [preauth]
Oct 14 01:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Failed password for invalid user debian from 114.205.67.42 port 17905 ssh2
Oct 14 01:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Connection closed by 114.205.67.42 port 17905 [preauth]
Oct 14 01:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: Invalid user debian from 114.205.67.42
Oct 14 01:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: Failed password for invalid user debian from 114.205.67.42 port 38510 ssh2
Oct 14 01:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: Connection closed by 114.205.67.42 port 38510 [preauth]
Oct 14 01:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: Invalid user debian from 114.205.67.42
Oct 14 01:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: Failed password for invalid user debian from 114.205.67.42 port 33316 ssh2
Oct 14 01:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24577]: Connection closed by 114.205.67.42 port 33316 [preauth]
Oct 14 01:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: Invalid user debian from 114.205.67.42
Oct 14 01:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: Failed password for invalid user debian from 114.205.67.42 port 40208 ssh2
Oct 14 01:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24590]: Connection closed by 114.205.67.42 port 40208 [preauth]
Oct 14 01:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: Invalid user debian from 114.205.67.42
Oct 14 01:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: Failed password for invalid user debian from 114.205.67.42 port 35955 ssh2
Oct 14 01:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: Connection closed by 114.205.67.42 port 35955 [preauth]
Oct 14 01:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24624]: Invalid user debian from 114.205.67.42
Oct 14 01:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24624]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24624]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24624]: Failed password for invalid user debian from 114.205.67.42 port 46469 ssh2
Oct 14 01:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24624]: Connection closed by 114.205.67.42 port 46469 [preauth]
Oct 14 01:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24627]: Invalid user debian from 114.205.67.42
Oct 14 01:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24627]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24627]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24627]: Failed password for invalid user debian from 114.205.67.42 port 22042 ssh2
Oct 14 01:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24627]: Connection closed by 114.205.67.42 port 22042 [preauth]
Oct 14 01:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22397]: pam_unix(cron:session): session closed for user root
Oct 14 01:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24648]: Invalid user debian from 114.205.67.42
Oct 14 01:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24648]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24648]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24648]: Failed password for invalid user debian from 114.205.67.42 port 53608 ssh2
Oct 14 01:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24648]: Connection closed by 114.205.67.42 port 53608 [preauth]
Oct 14 01:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Invalid user debian from 114.205.67.42
Oct 14 01:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Failed password for invalid user debian from 114.205.67.42 port 56386 ssh2
Oct 14 01:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Connection closed by 114.205.67.42 port 56386 [preauth]
Oct 14 01:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: Invalid user debian from 114.205.67.42
Oct 14 01:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24689]: Invalid user weblogic from 122.166.49.42
Oct 14 01:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24689]: input_userauth_request: invalid user weblogic [preauth]
Oct 14 01:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24689]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: Failed password for invalid user debian from 114.205.67.42 port 59448 ssh2
Oct 14 01:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: Connection closed by 114.205.67.42 port 59448 [preauth]
Oct 14 01:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: Invalid user debian from 114.205.67.42
Oct 14 01:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24689]: Failed password for invalid user weblogic from 122.166.49.42 port 56476 ssh2
Oct 14 01:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24689]: Received disconnect from 122.166.49.42 port 56476:11: Bye Bye [preauth]
Oct 14 01:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24689]: Disconnected from 122.166.49.42 port 56476 [preauth]
Oct 14 01:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: Failed password for invalid user debian from 114.205.67.42 port 63285 ssh2
Oct 14 01:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24711]: Connection closed by 114.205.67.42 port 63285 [preauth]
Oct 14 01:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: Invalid user debian from 114.205.67.42
Oct 14 01:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: Failed password for invalid user debian from 114.205.67.42 port 1842 ssh2
Oct 14 01:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: Invalid user zyx from 36.67.70.198
Oct 14 01:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: input_userauth_request: invalid user zyx [preauth]
Oct 14 01:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: Connection closed by 114.205.67.42 port 1842 [preauth]
Oct 14 01:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Invalid user debian from 114.205.67.42
Oct 14 01:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: Failed password for invalid user zyx from 36.67.70.198 port 57310 ssh2
Oct 14 01:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: Received disconnect from 36.67.70.198 port 57310:11: Bye Bye [preauth]
Oct 14 01:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: Disconnected from 36.67.70.198 port 57310 [preauth]
Oct 14 01:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Failed password for invalid user debian from 114.205.67.42 port 3859 ssh2
Oct 14 01:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Connection closed by 114.205.67.42 port 3859 [preauth]
Oct 14 01:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24742]: Invalid user debian from 114.205.67.42
Oct 14 01:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24742]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24742]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24742]: Failed password for invalid user debian from 114.205.67.42 port 62255 ssh2
Oct 14 01:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24742]: Connection closed by 114.205.67.42 port 62255 [preauth]
Oct 14 01:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24756]: Invalid user debian from 114.205.67.42
Oct 14 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24756]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24756]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24767]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24765]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24770]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24769]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24770]: pam_unix(cron:session): session closed for user root
Oct 14 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24760]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24756]: Failed password for invalid user debian from 114.205.67.42 port 9667 ssh2
Oct 14 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24842]: Successful su for rubyman by root
Oct 14 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24842]: + ??? root:rubyman
Oct 14 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408443 of user rubyman.
Oct 14 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24842]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408443.
Oct 14 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24756]: Connection closed by 114.205.67.42 port 9667 [preauth]
Oct 14 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: Invalid user debian from 114.205.67.42
Oct 14 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: Failed password for invalid user debian from 114.205.67.42 port 12339 ssh2
Oct 14 01:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: Connection closed by 114.205.67.42 port 12339 [preauth]
Oct 14 01:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: Invalid user debian from 114.205.67.42
Oct 14 01:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24765]: pam_unix(cron:session): session closed for user root
Oct 14 01:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: Failed password for invalid user debian from 114.205.67.42 port 16710 ssh2
Oct 14 01:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20701]: pam_unix(cron:session): session closed for user root
Oct 14 01:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: Connection closed by 114.205.67.42 port 16710 [preauth]
Oct 14 01:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: Invalid user debian from 114.205.67.42
Oct 14 01:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: Failed password for invalid user debian from 114.205.67.42 port 12771 ssh2
Oct 14 01:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: Connection closed by 114.205.67.42 port 12771 [preauth]
Oct 14 01:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: Invalid user debian from 114.205.67.42
Oct 14 01:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: Invalid user test from 209.38.110.157
Oct 14 01:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: input_userauth_request: invalid user test [preauth]
Oct 14 01:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: Failed password for invalid user debian from 114.205.67.42 port 23913 ssh2
Oct 14 01:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25090]: Connection closed by 114.205.67.42 port 23913 [preauth]
Oct 14 01:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: Invalid user debian from 114.205.67.42
Oct 14 01:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: Failed password for invalid user test from 209.38.110.157 port 55824 ssh2
Oct 14 01:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: Connection closed by 209.38.110.157 port 55824 [preauth]
Oct 14 01:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24761]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: Failed password for invalid user debian from 114.205.67.42 port 27139 ssh2
Oct 14 01:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25122]: Connection closed by 114.205.67.42 port 27139 [preauth]
Oct 14 01:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25151]: Invalid user debian from 114.205.67.42
Oct 14 01:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25151]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25151]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25151]: Failed password for invalid user debian from 114.205.67.42 port 28765 ssh2
Oct 14 01:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25151]: Connection closed by 114.205.67.42 port 28765 [preauth]
Oct 14 01:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Invalid user debian from 114.205.67.42
Oct 14 01:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Failed password for invalid user debian from 114.205.67.42 port 32379 ssh2
Oct 14 01:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Connection closed by 114.205.67.42 port 32379 [preauth]
Oct 14 01:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Invalid user debian from 114.205.67.42
Oct 14 01:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Failed password for invalid user debian from 114.205.67.42 port 60171 ssh2
Oct 14 01:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Connection closed by 114.205.67.42 port 60171 [preauth]
Oct 14 01:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Invalid user debian from 114.205.67.42
Oct 14 01:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Failed password for invalid user debian from 114.205.67.42 port 38746 ssh2
Oct 14 01:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Connection closed by 114.205.67.42 port 38746 [preauth]
Oct 14 01:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: Invalid user debian from 114.205.67.42
Oct 14 01:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: Failed password for invalid user debian from 114.205.67.42 port 41204 ssh2
Oct 14 01:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: Connection closed by 114.205.67.42 port 41204 [preauth]
Oct 14 01:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25243]: Invalid user debian from 114.205.67.42
Oct 14 01:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25243]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25243]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23297]: pam_unix(cron:session): session closed for user root
Oct 14 01:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25243]: Failed password for invalid user debian from 114.205.67.42 port 1658 ssh2
Oct 14 01:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25243]: Connection closed by 114.205.67.42 port 1658 [preauth]
Oct 14 01:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: Invalid user debian from 114.205.67.42
Oct 14 01:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: Failed password for invalid user debian from 114.205.67.42 port 43265 ssh2
Oct 14 01:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: Connection closed by 114.205.67.42 port 43265 [preauth]
Oct 14 01:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25304]: Invalid user debian from 114.205.67.42
Oct 14 01:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25304]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25304]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25304]: Failed password for invalid user debian from 114.205.67.42 port 50877 ssh2
Oct 14 01:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25304]: Connection closed by 114.205.67.42 port 50877 [preauth]
Oct 14 01:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25330]: Invalid user debian from 114.205.67.42
Oct 14 01:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25330]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25330]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25330]: Failed password for invalid user debian from 114.205.67.42 port 25766 ssh2
Oct 14 01:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25330]: Connection closed by 114.205.67.42 port 25766 [preauth]
Oct 14 01:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25520]: Invalid user debian from 114.205.67.42
Oct 14 01:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25520]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25520]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25520]: Failed password for invalid user debian from 114.205.67.42 port 55598 ssh2
Oct 14 01:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25520]: Connection closed by 114.205.67.42 port 55598 [preauth]
Oct 14 01:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: Invalid user debian from 114.205.67.42
Oct 14 01:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: Failed password for invalid user debian from 114.205.67.42 port 59317 ssh2
Oct 14 01:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25542]: Connection closed by 114.205.67.42 port 59317 [preauth]
Oct 14 01:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: Invalid user debian from 114.205.67.42
Oct 14 01:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: Failed password for invalid user debian from 114.205.67.42 port 62348 ssh2
Oct 14 01:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: Connection closed by 114.205.67.42 port 62348 [preauth]
Oct 14 01:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: Invalid user debian from 114.205.67.42
Oct 14 01:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: Failed password for invalid user debian from 114.205.67.42 port 64920 ssh2
Oct 14 01:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25557]: Connection closed by 114.205.67.42 port 64920 [preauth]
Oct 14 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25565]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25564]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25562]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25562]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25559]: Invalid user debian from 114.205.67.42
Oct 14 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25559]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25559]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25648]: Successful su for rubyman by root
Oct 14 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25648]: + ??? root:rubyman
Oct 14 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25648]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408448 of user rubyman.
Oct 14 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25648]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408448.
Oct 14 01:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25559]: Failed password for invalid user debian from 114.205.67.42 port 2813 ssh2
Oct 14 01:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25559]: Connection closed by 114.205.67.42 port 2813 [preauth]
Oct 14 01:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: Invalid user debian from 114.205.67.42
Oct 14 01:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: Failed password for invalid user debian from 114.205.67.42 port 5453 ssh2
Oct 14 01:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: Connection closed by 114.205.67.42 port 5453 [preauth]
Oct 14 01:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: Invalid user debian from 114.205.67.42
Oct 14 01:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: Failed password for invalid user debian from 114.205.67.42 port 9152 ssh2
Oct 14 01:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25772]: Connection closed by 114.205.67.42 port 9152 [preauth]
Oct 14 01:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: Invalid user debian from 114.205.67.42
Oct 14 01:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21209]: pam_unix(cron:session): session closed for user root
Oct 14 01:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: Failed password for invalid user debian from 114.205.67.42 port 10364 ssh2
Oct 14 01:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25910]: Connection closed by 114.205.67.42 port 10364 [preauth]
Oct 14 01:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: Invalid user debian from 114.205.67.42
Oct 14 01:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25969]: Invalid user test from 209.38.110.157
Oct 14 01:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25969]: input_userauth_request: invalid user test [preauth]
Oct 14 01:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25969]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25563]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: Failed password for invalid user debian from 114.205.67.42 port 14287 ssh2
Oct 14 01:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25961]: Connection closed by 114.205.67.42 port 14287 [preauth]
Oct 14 01:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26008]: Invalid user debian from 114.205.67.42
Oct 14 01:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26008]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26008]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25969]: Failed password for invalid user test from 209.38.110.157 port 60198 ssh2
Oct 14 01:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25969]: Connection closed by 209.38.110.157 port 60198 [preauth]
Oct 14 01:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26008]: Failed password for invalid user debian from 114.205.67.42 port 17226 ssh2
Oct 14 01:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26008]: Connection closed by 114.205.67.42 port 17226 [preauth]
Oct 14 01:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: Invalid user debian from 114.205.67.42
Oct 14 01:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: Failed password for invalid user debian from 114.205.67.42 port 19876 ssh2
Oct 14 01:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: Connection closed by 114.205.67.42 port 19876 [preauth]
Oct 14 01:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: Invalid user dmdba from 122.166.49.42
Oct 14 01:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: input_userauth_request: invalid user dmdba [preauth]
Oct 14 01:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: Invalid user debian from 114.205.67.42
Oct 14 01:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: Failed password for invalid user dmdba from 122.166.49.42 port 60694 ssh2
Oct 14 01:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: Received disconnect from 122.166.49.42 port 60694:11: Bye Bye [preauth]
Oct 14 01:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: Disconnected from 122.166.49.42 port 60694 [preauth]
Oct 14 01:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: Failed password for invalid user debian from 114.205.67.42 port 21632 ssh2
Oct 14 01:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: Connection closed by 114.205.67.42 port 21632 [preauth]
Oct 14 01:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: Invalid user debian from 114.205.67.42
Oct 14 01:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: Failed password for invalid user debian from 114.205.67.42 port 24832 ssh2
Oct 14 01:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: Connection closed by 114.205.67.42 port 24832 [preauth]
Oct 14 01:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: Invalid user debian from 114.205.67.42
Oct 14 01:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: Failed password for invalid user debian from 114.205.67.42 port 27158 ssh2
Oct 14 01:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: Connection closed by 114.205.67.42 port 27158 [preauth]
Oct 14 01:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Invalid user debian from 114.205.67.42
Oct 14 01:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Failed password for invalid user debian from 114.205.67.42 port 30559 ssh2
Oct 14 01:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Connection closed by 114.205.67.42 port 30559 [preauth]
Oct 14 01:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26068]: Invalid user debian from 114.205.67.42
Oct 14 01:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26068]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26068]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26068]: Failed password for invalid user debian from 114.205.67.42 port 36824 ssh2
Oct 14 01:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26068]: Connection closed by 114.205.67.42 port 36824 [preauth]
Oct 14 01:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: Invalid user debian from 114.205.67.42
Oct 14 01:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24188]: pam_unix(cron:session): session closed for user root
Oct 14 01:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: Failed password for invalid user debian from 114.205.67.42 port 35357 ssh2
Oct 14 01:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: Connection closed by 114.205.67.42 port 35357 [preauth]
Oct 14 01:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: Invalid user debian from 114.205.67.42
Oct 14 01:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: Invalid user tmpuser from 36.67.70.198
Oct 14 01:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: input_userauth_request: invalid user tmpuser [preauth]
Oct 14 01:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: Failed password for invalid user debian from 114.205.67.42 port 20206 ssh2
Oct 14 01:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: Connection closed by 114.205.67.42 port 20206 [preauth]
Oct 14 01:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: Invalid user debian from 114.205.67.42
Oct 14 01:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: Failed password for invalid user tmpuser from 36.67.70.198 port 36776 ssh2
Oct 14 01:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: Received disconnect from 36.67.70.198 port 36776:11: Bye Bye [preauth]
Oct 14 01:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: Disconnected from 36.67.70.198 port 36776 [preauth]
Oct 14 01:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: Failed password for invalid user debian from 114.205.67.42 port 39976 ssh2
Oct 14 01:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: Connection closed by 114.205.67.42 port 39976 [preauth]
Oct 14 01:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: Invalid user debian from 114.205.67.42
Oct 14 01:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: Failed password for invalid user debian from 114.205.67.42 port 43176 ssh2
Oct 14 01:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26134]: Connection closed by 114.205.67.42 port 43176 [preauth]
Oct 14 01:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: Invalid user debian from 114.205.67.42
Oct 14 01:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: Failed password for invalid user debian from 114.205.67.42 port 9229 ssh2
Oct 14 01:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: Connection closed by 114.205.67.42 port 9229 [preauth]
Oct 14 01:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26161]: Invalid user debian from 114.205.67.42
Oct 14 01:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26161]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26161]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26161]: Failed password for invalid user debian from 114.205.67.42 port 47502 ssh2
Oct 14 01:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26161]: Connection closed by 114.205.67.42 port 47502 [preauth]
Oct 14 01:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Invalid user debian from 114.205.67.42
Oct 14 01:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Failed password for invalid user debian from 114.205.67.42 port 50405 ssh2
Oct 14 01:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Connection closed by 114.205.67.42 port 50405 [preauth]
Oct 14 01:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: Invalid user debian from 114.205.67.42
Oct 14 01:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: Failed password for invalid user debian from 114.205.67.42 port 52687 ssh2
Oct 14 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26176]: Connection closed by 114.205.67.42 port 52687 [preauth]
Oct 14 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26194]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26190]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26187]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: Invalid user debian from 114.205.67.42
Oct 14 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26265]: Successful su for rubyman by root
Oct 14 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26265]: + ??? root:rubyman
Oct 14 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408452 of user rubyman.
Oct 14 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26265]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408452.
Oct 14 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: Failed password for invalid user debian from 114.205.67.42 port 25340 ssh2
Oct 14 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: Connection closed by 114.205.67.42 port 25340 [preauth]
Oct 14 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: Invalid user debian from 114.205.67.42
Oct 14 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: Failed password for invalid user debian from 114.205.67.42 port 58343 ssh2
Oct 14 01:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: Connection closed by 114.205.67.42 port 58343 [preauth]
Oct 14 01:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: Invalid user debian from 114.205.67.42
Oct 14 01:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: Failed password for invalid user debian from 114.205.67.42 port 61317 ssh2
Oct 14 01:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26390]: Connection closed by 114.205.67.42 port 61317 [preauth]
Oct 14 01:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21824]: pam_unix(cron:session): session closed for user root
Oct 14 01:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26551]: Invalid user debian from 114.205.67.42
Oct 14 01:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26551]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26551]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26551]: Failed password for invalid user debian from 114.205.67.42 port 25906 ssh2
Oct 14 01:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26551]: Connection closed by 114.205.67.42 port 25906 [preauth]
Oct 14 01:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26584]: Invalid user debian from 114.205.67.42
Oct 14 01:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26584]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: Invalid user test from 209.38.110.157
Oct 14 01:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: input_userauth_request: invalid user test [preauth]
Oct 14 01:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26584]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26584]: Failed password for invalid user debian from 114.205.67.42 port 5233 ssh2
Oct 14 01:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: Failed password for invalid user test from 209.38.110.157 port 36070 ssh2
Oct 14 01:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26584]: Connection closed by 114.205.67.42 port 5233 [preauth]
Oct 14 01:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: Connection closed by 209.38.110.157 port 36070 [preauth]
Oct 14 01:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26189]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26600]: Invalid user debian from 114.205.67.42
Oct 14 01:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26600]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26600]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26600]: Failed password for invalid user debian from 114.205.67.42 port 2703 ssh2
Oct 14 01:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26600]: Connection closed by 114.205.67.42 port 2703 [preauth]
Oct 14 01:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: Invalid user debian from 114.205.67.42
Oct 14 01:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: Failed password for invalid user debian from 114.205.67.42 port 30509 ssh2
Oct 14 01:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: Connection closed by 114.205.67.42 port 30509 [preauth]
Oct 14 01:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Invalid user debian from 114.205.67.42
Oct 14 01:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: input_userauth_request: invalid user debian [preauth]
Oct 14 01:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Failed password for invalid user debian from 114.205.67.42 port 8437 ssh2
Oct 14 01:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Connection closed by 114.205.67.42 port 8437 [preauth]
Oct 14 01:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26681]: Invalid user admin from 114.205.67.42
Oct 14 01:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26681]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26681]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26681]: Failed password for invalid user admin from 114.205.67.42 port 15677 ssh2
Oct 14 01:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26681]: Connection closed by 114.205.67.42 port 15677 [preauth]
Oct 14 01:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26686]: Invalid user admin from 114.205.67.42
Oct 14 01:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26686]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26686]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26686]: Failed password for invalid user admin from 114.205.67.42 port 18764 ssh2
Oct 14 01:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26686]: Connection closed by 114.205.67.42 port 18764 [preauth]
Oct 14 01:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: Invalid user admin from 114.205.67.42
Oct 14 01:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: Failed password for invalid user admin from 114.205.67.42 port 33485 ssh2
Oct 14 01:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: Connection closed by 114.205.67.42 port 33485 [preauth]
Oct 14 01:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24769]: pam_unix(cron:session): session closed for user root
Oct 14 01:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: Invalid user admin from 114.205.67.42
Oct 14 01:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: Failed password for invalid user admin from 114.205.67.42 port 4458 ssh2
Oct 14 01:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: Connection closed by 114.205.67.42 port 4458 [preauth]
Oct 14 01:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: Invalid user admin from 114.205.67.42
Oct 14 01:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: Failed password for invalid user admin from 114.205.67.42 port 26828 ssh2
Oct 14 01:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: Connection closed by 114.205.67.42 port 26828 [preauth]
Oct 14 01:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26761]: Invalid user admin from 114.205.67.42
Oct 14 01:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26761]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26761]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26761]: Failed password for invalid user admin from 114.205.67.42 port 30232 ssh2
Oct 14 01:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26761]: Connection closed by 114.205.67.42 port 30232 [preauth]
Oct 14 01:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: Invalid user admin from 114.205.67.42
Oct 14 01:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: Failed password for invalid user admin from 114.205.67.42 port 32042 ssh2
Oct 14 01:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: Connection closed by 114.205.67.42 port 32042 [preauth]
Oct 14 01:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: Invalid user sftpuser from 122.166.49.42
Oct 14 01:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: input_userauth_request: invalid user sftpuser [preauth]
Oct 14 01:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 01:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: Invalid user admin from 114.205.67.42
Oct 14 01:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: Failed password for invalid user sftpuser from 122.166.49.42 port 36686 ssh2
Oct 14 01:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: Failed password for invalid user admin from 114.205.67.42 port 61193 ssh2
Oct 14 01:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: Received disconnect from 122.166.49.42 port 36686:11: Bye Bye [preauth]
Oct 14 01:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: Disconnected from 122.166.49.42 port 36686 [preauth]
Oct 14 01:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: Connection closed by 114.205.67.42 port 61193 [preauth]
Oct 14 01:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: Invalid user admin from 114.205.67.42
Oct 14 01:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: Failed password for invalid user admin from 114.205.67.42 port 36909 ssh2
Oct 14 01:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: Connection closed by 114.205.67.42 port 36909 [preauth]
Oct 14 01:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: Invalid user admin from 114.205.67.42
Oct 14 01:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: Failed password for invalid user admin from 114.205.67.42 port 40276 ssh2
Oct 14 01:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: Connection closed by 114.205.67.42 port 40276 [preauth]
Oct 14 01:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26866]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26864]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26862]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26859]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26846]: Invalid user admin from 114.205.67.42
Oct 14 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26846]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26846]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26974]: Successful su for rubyman by root
Oct 14 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26974]: + ??? root:rubyman
Oct 14 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26974]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408456 of user rubyman.
Oct 14 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26974]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408456.
Oct 14 01:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26846]: Failed password for invalid user admin from 114.205.67.42 port 42471 ssh2
Oct 14 01:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26846]: Connection closed by 114.205.67.42 port 42471 [preauth]
Oct 14 01:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27190]: Invalid user admin from 114.205.67.42
Oct 14 01:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27190]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27190]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27190]: Failed password for invalid user admin from 114.205.67.42 port 33369 ssh2
Oct 14 01:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27190]: Connection closed by 114.205.67.42 port 33369 [preauth]
Oct 14 01:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: Invalid user admin from 114.205.67.42
Oct 14 01:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22396]: pam_unix(cron:session): session closed for user root
Oct 14 01:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: Failed password for invalid user admin from 114.205.67.42 port 47612 ssh2
Oct 14 01:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: Connection closed by 114.205.67.42 port 47612 [preauth]
Oct 14 01:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27302]: Invalid user admin from 114.205.67.42
Oct 14 01:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27302]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27302]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: Invalid user test from 209.38.110.157
Oct 14 01:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: input_userauth_request: invalid user test [preauth]
Oct 14 01:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27302]: Failed password for invalid user admin from 114.205.67.42 port 49060 ssh2
Oct 14 01:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27302]: Connection closed by 114.205.67.42 port 49060 [preauth]
Oct 14 01:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: Failed password for invalid user test from 209.38.110.157 port 60750 ssh2
Oct 14 01:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: Connection closed by 209.38.110.157 port 60750 [preauth]
Oct 14 01:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: Invalid user admin from 114.205.67.42
Oct 14 01:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: Failed password for invalid user admin from 114.205.67.42 port 48268 ssh2
Oct 14 01:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: Connection closed by 114.205.67.42 port 48268 [preauth]
Oct 14 01:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26862]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27361]: Invalid user admin from 114.205.67.42
Oct 14 01:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27361]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27361]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27361]: Failed password for invalid user admin from 114.205.67.42 port 55425 ssh2
Oct 14 01:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27361]: Connection closed by 114.205.67.42 port 55425 [preauth]
Oct 14 01:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27388]: Invalid user admin from 114.205.67.42
Oct 14 01:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27388]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27388]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27388]: Failed password for invalid user admin from 114.205.67.42 port 58024 ssh2
Oct 14 01:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27388]: Connection closed by 114.205.67.42 port 58024 [preauth]
Oct 14 01:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27398]: Invalid user admin from 114.205.67.42
Oct 14 01:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27398]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27398]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27398]: Failed password for invalid user admin from 114.205.67.42 port 55299 ssh2
Oct 14 01:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27398]: Connection closed by 114.205.67.42 port 55299 [preauth]
Oct 14 01:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: Invalid user admin from 114.205.67.42
Oct 14 01:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: Failed password for invalid user admin from 114.205.67.42 port 62062 ssh2
Oct 14 01:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27400]: Connection closed by 114.205.67.42 port 62062 [preauth]
Oct 14 01:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: Invalid user ubuntu from 36.67.70.198
Oct 14 01:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 01:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.67.70.198
Oct 14 01:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: Invalid user admin from 114.205.67.42
Oct 14 01:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: Failed password for invalid user ubuntu from 36.67.70.198 port 45178 ssh2
Oct 14 01:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: Received disconnect from 36.67.70.198 port 45178:11: Bye Bye [preauth]
Oct 14 01:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: Disconnected from 36.67.70.198 port 45178 [preauth]
Oct 14 01:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: Failed password for invalid user admin from 114.205.67.42 port 31968 ssh2
Oct 14 01:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: Connection closed by 114.205.67.42 port 31968 [preauth]
Oct 14 01:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27428]: Invalid user admin from 114.205.67.42
Oct 14 01:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27428]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27428]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27428]: Failed password for invalid user admin from 114.205.67.42 port 1290 ssh2
Oct 14 01:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27428]: Connection closed by 114.205.67.42 port 1290 [preauth]
Oct 14 01:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27446]: Invalid user admin from 114.205.67.42
Oct 14 01:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27446]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27446]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27446]: Failed password for invalid user admin from 114.205.67.42 port 41486 ssh2
Oct 14 01:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27446]: Connection closed by 114.205.67.42 port 41486 [preauth]
Oct 14 01:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Invalid user admin from 114.205.67.42
Oct 14 01:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25565]: pam_unix(cron:session): session closed for user root
Oct 14 01:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Failed password for invalid user admin from 114.205.67.42 port 6360 ssh2
Oct 14 01:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Connection closed by 114.205.67.42 port 6360 [preauth]
Oct 14 01:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Invalid user admin from 114.205.67.42
Oct 14 01:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Failed password for invalid user admin from 114.205.67.42 port 8951 ssh2
Oct 14 01:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Connection closed by 114.205.67.42 port 8951 [preauth]
Oct 14 01:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27502]: Invalid user admin from 114.205.67.42
Oct 14 01:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27502]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27502]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27502]: Failed password for invalid user admin from 114.205.67.42 port 11504 ssh2
Oct 14 01:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27502]: Connection closed by 114.205.67.42 port 11504 [preauth]
Oct 14 01:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27518]: Invalid user admin from 114.205.67.42
Oct 14 01:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27518]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27518]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27518]: Failed password for invalid user admin from 114.205.67.42 port 13568 ssh2
Oct 14 01:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27518]: Connection closed by 114.205.67.42 port 13568 [preauth]
Oct 14 01:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: Invalid user admin from 114.205.67.42
Oct 14 01:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: Failed password for invalid user admin from 114.205.67.42 port 15327 ssh2
Oct 14 01:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27542]: Connection closed by 114.205.67.42 port 15327 [preauth]
Oct 14 01:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: Invalid user admin from 114.205.67.42
Oct 14 01:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: Failed password for invalid user admin from 114.205.67.42 port 18317 ssh2
Oct 14 01:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: Connection closed by 114.205.67.42 port 18317 [preauth]
Oct 14 01:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: Invalid user admin from 114.205.67.42
Oct 14 01:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: Failed password for invalid user admin from 114.205.67.42 port 20274 ssh2
Oct 14 01:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: Connection closed by 114.205.67.42 port 20274 [preauth]
Oct 14 01:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27732]: Invalid user admin from 114.205.67.42
Oct 14 01:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27732]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27732]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27732]: Failed password for invalid user admin from 114.205.67.42 port 21863 ssh2
Oct 14 01:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27732]: Connection closed by 114.205.67.42 port 21863 [preauth]
Oct 14 01:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: Invalid user admin from 114.205.67.42
Oct 14 01:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: Failed password for invalid user admin from 114.205.67.42 port 18026 ssh2
Oct 14 01:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: Connection closed by 114.205.67.42 port 18026 [preauth]
Oct 14 01:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: Invalid user admin from 114.205.67.42
Oct 14 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27865]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27866]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27863]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27862]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27862]: pam_unix(cron:session): session closed for user p13x
Oct 14 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27936]: Successful su for rubyman by root
Oct 14 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27936]: + ??? root:rubyman
Oct 14 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408462 of user rubyman.
Oct 14 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27936]: pam_unix(su:session): session closed for user rubyman
Oct 14 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408462.
Oct 14 01:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: Failed password for invalid user admin from 114.205.67.42 port 27761 ssh2
Oct 14 01:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: Connection closed by 114.205.67.42 port 27761 [preauth]
Oct 14 01:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: Invalid user admin from 114.205.67.42
Oct 14 01:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: Invalid user test from 209.38.110.157
Oct 14 01:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: input_userauth_request: invalid user test [preauth]
Oct 14 01:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 01:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: Failed password for invalid user admin from 114.205.67.42 port 4155 ssh2
Oct 14 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: Connection closed by 114.205.67.42 port 4155 [preauth]
Oct 14 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: Invalid user admin from 114.205.67.42
Oct 14 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: Failed password for invalid user test from 209.38.110.157 port 37968 ssh2
Oct 14 01:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: Connection closed by 209.38.110.157 port 37968 [preauth]
Oct 14 01:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23296]: pam_unix(cron:session): session closed for user root
Oct 14 01:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: Failed password for invalid user admin from 114.205.67.42 port 30983 ssh2
Oct 14 01:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: Connection closed by 114.205.67.42 port 30983 [preauth]
Oct 14 01:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28147]: Invalid user admin from 114.205.67.42
Oct 14 01:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28147]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28147]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28147]: Failed password for invalid user admin from 114.205.67.42 port 34622 ssh2
Oct 14 01:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28147]: Connection closed by 114.205.67.42 port 34622 [preauth]
Oct 14 01:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28164]: Invalid user admin from 114.205.67.42
Oct 14 01:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28164]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28164]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28164]: Failed password for invalid user admin from 114.205.67.42 port 52552 ssh2
Oct 14 01:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28164]: Connection closed by 114.205.67.42 port 52552 [preauth]
Oct 14 01:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28190]: Invalid user admin from 114.205.67.42
Oct 14 01:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28190]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28190]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27863]: pam_unix(cron:session): session closed for user samftp
Oct 14 01:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28190]: Failed password for invalid user admin from 114.205.67.42 port 39922 ssh2
Oct 14 01:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28190]: Connection closed by 114.205.67.42 port 39922 [preauth]
Oct 14 01:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: Invalid user admin from 114.205.67.42
Oct 14 01:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: Failed password for invalid user admin from 114.205.67.42 port 23388 ssh2
Oct 14 01:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: Connection closed by 114.205.67.42 port 23388 [preauth]
Oct 14 01:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28227]: Invalid user admin from 114.205.67.42
Oct 14 01:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28227]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28227]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28227]: Failed password for invalid user admin from 114.205.67.42 port 45824 ssh2
Oct 14 01:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28227]: Connection closed by 114.205.67.42 port 45824 [preauth]
Oct 14 01:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42  user=root
Oct 14 01:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: Invalid user admin from 114.205.67.42
Oct 14 01:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: Failed password for root from 122.166.49.42 port 40908 ssh2
Oct 14 01:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: Received disconnect from 122.166.49.42 port 40908:11: Bye Bye [preauth]
Oct 14 01:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: Disconnected from 122.166.49.42 port 40908 [preauth]
Oct 14 01:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: Failed password for invalid user admin from 114.205.67.42 port 47938 ssh2
Oct 14 01:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: Connection closed by 114.205.67.42 port 47938 [preauth]
Oct 14 01:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28242]: Invalid user admin from 114.205.67.42
Oct 14 01:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28242]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28242]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28242]: Failed password for invalid user admin from 114.205.67.42 port 50213 ssh2
Oct 14 01:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28242]: Connection closed by 114.205.67.42 port 50213 [preauth]
Oct 14 01:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: Invalid user admin from 114.205.67.42
Oct 14 01:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: Failed password for invalid user admin from 114.205.67.42 port 52474 ssh2
Oct 14 01:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: Connection closed by 114.205.67.42 port 52474 [preauth]
Oct 14 01:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: Invalid user admin from 114.205.67.42
Oct 14 01:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: Failed password for invalid user admin from 114.205.67.42 port 54366 ssh2
Oct 14 01:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: Connection closed by 114.205.67.42 port 54366 [preauth]
Oct 14 01:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28278]: Invalid user admin from 114.205.67.42
Oct 14 01:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28278]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28278]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28278]: Failed password for invalid user admin from 114.205.67.42 port 57984 ssh2
Oct 14 01:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28278]: Connection closed by 114.205.67.42 port 57984 [preauth]
Oct 14 01:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: Invalid user admin from 114.205.67.42
Oct 14 01:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26194]: pam_unix(cron:session): session closed for user root
Oct 14 01:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: Failed password for invalid user admin from 114.205.67.42 port 59875 ssh2
Oct 14 01:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: Connection closed by 114.205.67.42 port 59875 [preauth]
Oct 14 01:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28318]: Invalid user admin from 114.205.67.42
Oct 14 01:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28318]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28318]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28318]: Failed password for invalid user admin from 114.205.67.42 port 62347 ssh2
Oct 14 01:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28318]: Connection closed by 114.205.67.42 port 62347 [preauth]
Oct 14 01:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28321]: Invalid user admin from 114.205.67.42
Oct 14 01:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28321]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28321]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28321]: Failed password for invalid user admin from 114.205.67.42 port 62908 ssh2
Oct 14 01:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28321]: Connection closed by 114.205.67.42 port 62908 [preauth]
Oct 14 01:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: Invalid user admin from 114.205.67.42
Oct 14 01:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: Failed password for invalid user admin from 114.205.67.42 port 2005 ssh2
Oct 14 01:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: Connection closed by 114.205.67.42 port 2005 [preauth]
Oct 14 01:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: Invalid user admin from 114.205.67.42
Oct 14 01:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: Failed password for invalid user admin from 114.205.67.42 port 3566 ssh2
Oct 14 01:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28359]: Connection closed by 114.205.67.42 port 3566 [preauth]
Oct 14 01:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Invalid user admin from 114.205.67.42
Oct 14 01:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Failed password for invalid user admin from 114.205.67.42 port 6671 ssh2
Oct 14 01:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Connection closed by 114.205.67.42 port 6671 [preauth]
Oct 14 01:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Invalid user admin from 114.205.67.42
Oct 14 01:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 01:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Failed password for invalid user admin from 114.205.67.42 port 45136 ssh2
Oct 14 01:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Connection closed by 114.205.67.42 port 45136 [preauth]
Oct 14 01:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 01:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28391]: Invalid user admin from 114.205.67.42
Oct 14 01:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28391]: input_userauth_request: invalid user admin [preauth]
Oct 14 01:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28391]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 01:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28391]: Failed password for invalid user admin from 114.205.67.42 port 13200 ssh2
Oct 14 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28391]: Connection closed by 114.205.67.42 port 13200 [preauth]
Oct 14 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28418]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28417]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28420]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28415]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28416]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28415]: pam_unix(cron:session): session closed for user root
Oct 14 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28420]: pam_unix(cron:session): session closed for user root
Oct 14 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28411]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: Invalid user admin from 114.205.67.42
Oct 14 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: Invalid user test from 209.38.110.157
Oct 14 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: input_userauth_request: invalid user test [preauth]
Oct 14 02:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: Failed password for invalid user admin from 114.205.67.42 port 12509 ssh2
Oct 14 02:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28404]: Connection closed by 114.205.67.42 port 12509 [preauth]
Oct 14 02:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28775]: Successful su for rubyman by root
Oct 14 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28775]: + ??? root:rubyman
Oct 14 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408466 of user rubyman.
Oct 14 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28775]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408466.
Oct 14 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28772]: Invalid user admin from 114.205.67.42
Oct 14 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28772]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28772]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: Failed password for invalid user test from 209.38.110.157 port 41554 ssh2
Oct 14 02:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: Connection closed by 209.38.110.157 port 41554 [preauth]
Oct 14 02:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28772]: Failed password for invalid user admin from 114.205.67.42 port 13553 ssh2
Oct 14 02:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28772]: Connection closed by 114.205.67.42 port 13553 [preauth]
Oct 14 02:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28894]: Invalid user admin from 114.205.67.42
Oct 14 02:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28894]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28894]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28894]: Failed password for invalid user admin from 114.205.67.42 port 19319 ssh2
Oct 14 02:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28894]: Connection closed by 114.205.67.42 port 19319 [preauth]
Oct 14 02:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28416]: pam_unix(cron:session): session closed for user root
Oct 14 02:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29030]: Invalid user admin from 114.205.67.42
Oct 14 02:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29030]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29030]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29067]: Bad protocol version identification '' from 3.132.23.201 port 51356
Oct 14 02:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29068]: Bad protocol version identification '\026\003\001' from 3.132.23.201 port 51386
Oct 14 02:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24186]: pam_unix(cron:session): session closed for user root
Oct 14 02:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29030]: Failed password for invalid user admin from 114.205.67.42 port 41584 ssh2
Oct 14 02:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29030]: Connection closed by 114.205.67.42 port 41584 [preauth]
Oct 14 02:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29131]: Bad protocol version identification 'GET / HTTP/1.1' from 3.132.23.201 port 51400
Oct 14 02:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29133]: Bad protocol version identification '\026\003\001' from 3.132.23.201 port 51412
Oct 14 02:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: Invalid user admin from 114.205.67.42
Oct 14 02:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29134]: Bad protocol version identification 'GET / HTTP/1.1' from 3.132.23.201 port 51422
Oct 14 02:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: Failed password for invalid user admin from 114.205.67.42 port 25328 ssh2
Oct 14 02:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: Connection closed by 114.205.67.42 port 25328 [preauth]
Oct 14 02:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: Invalid user admin from 114.205.67.42
Oct 14 02:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: Failed password for invalid user admin from 114.205.67.42 port 24102 ssh2
Oct 14 02:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29146]: Connection closed by 114.205.67.42 port 24102 [preauth]
Oct 14 02:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29184]: Invalid user admin from 114.205.67.42
Oct 14 02:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29184]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29184]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28414]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29184]: Failed password for invalid user admin from 114.205.67.42 port 30028 ssh2
Oct 14 02:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29184]: Connection closed by 114.205.67.42 port 30028 [preauth]
Oct 14 02:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29210]: Invalid user admin from 114.205.67.42
Oct 14 02:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29210]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29210]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29210]: Failed password for invalid user admin from 114.205.67.42 port 33233 ssh2
Oct 14 02:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29210]: Connection closed by 114.205.67.42 port 33233 [preauth]
Oct 14 02:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29221]: Invalid user admin from 114.205.67.42
Oct 14 02:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29221]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29221]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29221]: Failed password for invalid user admin from 114.205.67.42 port 35171 ssh2
Oct 14 02:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29221]: Connection closed by 114.205.67.42 port 35171 [preauth]
Oct 14 02:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29226]: Invalid user admin from 114.205.67.42
Oct 14 02:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29226]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29226]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29226]: Failed password for invalid user admin from 114.205.67.42 port 28195 ssh2
Oct 14 02:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29226]: Connection closed by 114.205.67.42 port 28195 [preauth]
Oct 14 02:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: Connection closed by 3.132.23.201 port 50288 [preauth]
Oct 14 02:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: Invalid user admin from 114.205.67.42
Oct 14 02:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: Failed password for invalid user admin from 114.205.67.42 port 38818 ssh2
Oct 14 02:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: Connection closed by 114.205.67.42 port 38818 [preauth]
Oct 14 02:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: Invalid user admin from 114.205.67.42
Oct 14 02:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: Failed password for invalid user admin from 114.205.67.42 port 43979 ssh2
Oct 14 02:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: Connection closed by 114.205.67.42 port 43979 [preauth]
Oct 14 02:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26866]: pam_unix(cron:session): session closed for user root
Oct 14 02:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29332]: Invalid user admin from 114.205.67.42
Oct 14 02:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29332]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29332]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29332]: Failed password for invalid user admin from 114.205.67.42 port 46538 ssh2
Oct 14 02:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29332]: Connection closed by 114.205.67.42 port 46538 [preauth]
Oct 14 02:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Invalid user admin from 114.205.67.42
Oct 14 02:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Failed password for invalid user admin from 114.205.67.42 port 63224 ssh2
Oct 14 02:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Connection closed by 114.205.67.42 port 63224 [preauth]
Oct 14 02:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: Invalid user admin from 114.205.67.42
Oct 14 02:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: Failed password for invalid user admin from 114.205.67.42 port 46395 ssh2
Oct 14 02:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: Connection closed by 114.205.67.42 port 46395 [preauth]
Oct 14 02:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: Invalid user admin from 114.205.67.42
Oct 14 02:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: Failed password for invalid user admin from 114.205.67.42 port 53342 ssh2
Oct 14 02:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: Connection closed by 114.205.67.42 port 53342 [preauth]
Oct 14 02:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: Invalid user admin from 114.205.67.42
Oct 14 02:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: Failed password for invalid user admin from 114.205.67.42 port 48775 ssh2
Oct 14 02:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: Connection closed by 114.205.67.42 port 48775 [preauth]
Oct 14 02:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: Invalid user admin from 114.205.67.42
Oct 14 02:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: Failed password for invalid user admin from 114.205.67.42 port 60233 ssh2
Oct 14 02:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: Connection closed by 114.205.67.42 port 60233 [preauth]
Oct 14 02:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: Invalid user admin from 114.205.67.42
Oct 14 02:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: Failed password for invalid user admin from 114.205.67.42 port 62438 ssh2
Oct 14 02:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: Connection closed by 114.205.67.42 port 62438 [preauth]
Oct 14 02:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29416]: Invalid user admin from 114.205.67.42
Oct 14 02:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29416]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29416]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29416]: Failed password for invalid user admin from 114.205.67.42 port 64298 ssh2
Oct 14 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29416]: Connection closed by 114.205.67.42 port 64298 [preauth]
Oct 14 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29435]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29432]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29433]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29431]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29431]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29437]: Invalid user admin from 114.205.67.42
Oct 14 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29437]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29437]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29532]: Successful su for rubyman by root
Oct 14 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29532]: + ??? root:rubyman
Oct 14 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29532]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408471 of user rubyman.
Oct 14 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29532]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408471.
Oct 14 02:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: Invalid user test from 209.38.110.157
Oct 14 02:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: input_userauth_request: invalid user test [preauth]
Oct 14 02:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Invalid user test01 from 122.166.49.42
Oct 14 02:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: input_userauth_request: invalid user test01 [preauth]
Oct 14 02:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 02:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29437]: Failed password for invalid user admin from 114.205.67.42 port 59012 ssh2
Oct 14 02:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29437]: Connection closed by 114.205.67.42 port 59012 [preauth]
Oct 14 02:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29582]: Invalid user admin from 114.205.67.42
Oct 14 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29582]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29582]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: Failed password for invalid user test from 209.38.110.157 port 47594 ssh2
Oct 14 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Failed password for invalid user test01 from 122.166.49.42 port 45150 ssh2
Oct 14 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29527]: Connection closed by 209.38.110.157 port 47594 [preauth]
Oct 14 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Received disconnect from 122.166.49.42 port 45150:11: Bye Bye [preauth]
Oct 14 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Disconnected from 122.166.49.42 port 45150 [preauth]
Oct 14 02:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29582]: Failed password for invalid user admin from 114.205.67.42 port 65324 ssh2
Oct 14 02:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29582]: Connection closed by 114.205.67.42 port 65324 [preauth]
Oct 14 02:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: Invalid user admin from 2.57.121.112
Oct 14 02:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 02:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29654]: Invalid user admin from 114.205.67.42
Oct 14 02:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29654]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29654]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: Failed password for invalid user admin from 2.57.121.112 port 15327 ssh2
Oct 14 02:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29654]: Failed password for invalid user admin from 114.205.67.42 port 6088 ssh2
Oct 14 02:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29654]: Connection closed by 114.205.67.42 port 6088 [preauth]
Oct 14 02:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: Invalid user admin from 114.205.67.42
Oct 14 02:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: Failed password for invalid user admin from 2.57.121.112 port 15327 ssh2
Oct 14 02:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24767]: pam_unix(cron:session): session closed for user root
Oct 14 02:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: Failed password for invalid user admin from 114.205.67.42 port 8021 ssh2
Oct 14 02:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: Connection closed by 114.205.67.42 port 8021 [preauth]
Oct 14 02:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: Invalid user admin from 114.205.67.42
Oct 14 02:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: Failed password for invalid user admin from 2.57.121.112 port 15327 ssh2
Oct 14 02:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: Failed password for invalid user admin from 114.205.67.42 port 9955 ssh2
Oct 14 02:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: Connection closed by 114.205.67.42 port 9955 [preauth]
Oct 14 02:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: Failed password for invalid user admin from 2.57.121.112 port 15327 ssh2
Oct 14 02:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: Invalid user admin from 114.205.67.42
Oct 14 02:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29432]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: Failed password for invalid user admin from 2.57.121.112 port 15327 ssh2
Oct 14 02:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: Received disconnect from 2.57.121.112 port 15327:11: Bye [preauth]
Oct 14 02:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: Disconnected from 2.57.121.112 port 15327 [preauth]
Oct 14 02:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 02:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29652]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 02:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: Failed password for invalid user admin from 114.205.67.42 port 11675 ssh2
Oct 14 02:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: Connection closed by 114.205.67.42 port 11675 [preauth]
Oct 14 02:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: Invalid user admin from 114.205.67.42
Oct 14 02:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: Failed password for invalid user admin from 114.205.67.42 port 14199 ssh2
Oct 14 02:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: Connection closed by 114.205.67.42 port 14199 [preauth]
Oct 14 02:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29820]: Invalid user admin from 114.205.67.42
Oct 14 02:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29820]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29820]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.160.96  user=root
Oct 14 02:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29820]: Failed password for invalid user admin from 114.205.67.42 port 15583 ssh2
Oct 14 02:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29820]: Connection closed by 114.205.67.42 port 15583 [preauth]
Oct 14 02:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: Invalid user admin from 114.205.67.42
Oct 14 02:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Failed password for root from 94.177.160.96 port 60862 ssh2
Oct 14 02:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29825]: Connection closed by 94.177.160.96 port 60862 [preauth]
Oct 14 02:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: Failed password for invalid user admin from 114.205.67.42 port 17790 ssh2
Oct 14 02:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: Connection closed by 114.205.67.42 port 17790 [preauth]
Oct 14 02:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: Invalid user admin from 114.205.67.42
Oct 14 02:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: Failed password for invalid user admin from 114.205.67.42 port 21128 ssh2
Oct 14 02:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: Connection closed by 114.205.67.42 port 21128 [preauth]
Oct 14 02:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: Invalid user pi from 114.205.67.42
Oct 14 02:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27866]: pam_unix(cron:session): session closed for user root
Oct 14 02:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42
Oct 14 02:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: Failed password for invalid user pi from 114.205.67.42 port 63407 ssh2
Oct 14 02:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29897]: Connection closed by 114.205.67.42 port 63407 [preauth]
Oct 14 02:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: User ftp from 114.205.67.42 not allowed because not listed in AllowUsers
Oct 14 02:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: input_userauth_request: invalid user ftp [preauth]
Oct 14 02:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.205.67.42  user=ftp
Oct 14 02:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: Failed password for invalid user ftp from 114.205.67.42 port 29645 ssh2
Oct 14 02:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29925]: Connection closed by 114.205.67.42 port 29645 [preauth]
Oct 14 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29995]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29996]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29991]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29987]: Invalid user test from 209.38.110.157
Oct 14 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29987]: input_userauth_request: invalid user test [preauth]
Oct 14 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29987]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30077]: Successful su for rubyman by root
Oct 14 02:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30077]: + ??? root:rubyman
Oct 14 02:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408476 of user rubyman.
Oct 14 02:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30077]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408476.
Oct 14 02:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29987]: Failed password for invalid user test from 209.38.110.157 port 58100 ssh2
Oct 14 02:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29987]: Connection closed by 209.38.110.157 port 58100 [preauth]
Oct 14 02:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25564]: pam_unix(cron:session): session closed for user root
Oct 14 02:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29994]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30466]: Invalid user ahmed from 122.166.49.42
Oct 14 02:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30466]: input_userauth_request: invalid user ahmed [preauth]
Oct 14 02:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30466]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 02:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28418]: pam_unix(cron:session): session closed for user root
Oct 14 02:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30466]: Failed password for invalid user ahmed from 122.166.49.42 port 49374 ssh2
Oct 14 02:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30466]: Received disconnect from 122.166.49.42 port 49374:11: Bye Bye [preauth]
Oct 14 02:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30466]: Disconnected from 122.166.49.42 port 49374 [preauth]
Oct 14 02:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: Did not receive identification string from 80.211.129.128
Oct 14 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30614]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30615]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30611]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: Invalid user test from 209.38.110.157
Oct 14 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: input_userauth_request: invalid user test [preauth]
Oct 14 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30690]: Successful su for rubyman by root
Oct 14 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30690]: + ??? root:rubyman
Oct 14 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408480 of user rubyman.
Oct 14 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30690]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408480.
Oct 14 02:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: Failed password for invalid user test from 209.38.110.157 port 48592 ssh2
Oct 14 02:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30675]: Connection closed by 209.38.110.157 port 48592 [preauth]
Oct 14 02:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26190]: pam_unix(cron:session): session closed for user root
Oct 14 02:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30612]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29435]: pam_unix(cron:session): session closed for user root
Oct 14 02:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: Invalid user test from 209.38.110.157
Oct 14 02:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: input_userauth_request: invalid user test [preauth]
Oct 14 02:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31089]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31090]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31087]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: Failed password for invalid user test from 209.38.110.157 port 50696 ssh2
Oct 14 02:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31165]: Successful su for rubyman by root
Oct 14 02:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31165]: + ??? root:rubyman
Oct 14 02:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: Connection closed by 209.38.110.157 port 50696 [preauth]
Oct 14 02:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408485 of user rubyman.
Oct 14 02:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31165]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408485.
Oct 14 02:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26864]: pam_unix(cron:session): session closed for user root
Oct 14 02:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: Invalid user test01 from 122.166.49.42
Oct 14 02:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: input_userauth_request: invalid user test01 [preauth]
Oct 14 02:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 02:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: Failed password for invalid user test01 from 122.166.49.42 port 53596 ssh2
Oct 14 02:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: Received disconnect from 122.166.49.42 port 53596:11: Bye Bye [preauth]
Oct 14 02:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: Disconnected from 122.166.49.42 port 53596 [preauth]
Oct 14 02:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31088]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29996]: pam_unix(cron:session): session closed for user root
Oct 14 02:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31697]: Invalid user ubuntu from 209.38.110.157
Oct 14 02:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31697]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31697]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31697]: Failed password for invalid user ubuntu from 209.38.110.157 port 33748 ssh2
Oct 14 02:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31697]: Connection closed by 209.38.110.157 port 33748 [preauth]
Oct 14 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31716]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31714]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31712]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31713]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31715]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31711]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31716]: pam_unix(cron:session): session closed for user root
Oct 14 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31711]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31792]: Successful su for rubyman by root
Oct 14 02:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31792]: + ??? root:rubyman
Oct 14 02:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408487 of user rubyman.
Oct 14 02:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31792]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408487.
Oct 14 02:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31713]: pam_unix(cron:session): session closed for user root
Oct 14 02:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27865]: pam_unix(cron:session): session closed for user root
Oct 14 02:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31712]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30615]: pam_unix(cron:session): session closed for user root
Oct 14 02:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32265]: Invalid user vishal from 122.166.49.42
Oct 14 02:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32265]: input_userauth_request: invalid user vishal [preauth]
Oct 14 02:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32265]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 02:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32265]: Failed password for invalid user vishal from 122.166.49.42 port 57820 ssh2
Oct 14 02:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32265]: Received disconnect from 122.166.49.42 port 57820:11: Bye Bye [preauth]
Oct 14 02:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32265]: Disconnected from 122.166.49.42 port 57820 [preauth]
Oct 14 02:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32290]: Invalid user ubuntu from 209.38.110.157
Oct 14 02:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32290]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32290]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32290]: Failed password for invalid user ubuntu from 209.38.110.157 port 58568 ssh2
Oct 14 02:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32290]: Connection closed by 209.38.110.157 port 58568 [preauth]
Oct 14 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32306]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32305]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32303]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32390]: Successful su for rubyman by root
Oct 14 02:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32390]: + ??? root:rubyman
Oct 14 02:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408494 of user rubyman.
Oct 14 02:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32390]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408494.
Oct 14 02:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28417]: pam_unix(cron:session): session closed for user root
Oct 14 02:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32304]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32685]: Invalid user myuser from 20.163.71.109
Oct 14 02:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32685]: input_userauth_request: invalid user myuser [preauth]
Oct 14 02:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32685]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 02:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32685]: Failed password for invalid user myuser from 20.163.71.109 port 58446 ssh2
Oct 14 02:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32685]: Connection closed by 20.163.71.109 port 58446 [preauth]
Oct 14 02:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31090]: pam_unix(cron:session): session closed for user root
Oct 14 02:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32749]: Invalid user ubuntu from 209.38.110.157
Oct 14 02:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32749]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32749]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32749]: Failed password for invalid user ubuntu from 209.38.110.157 port 42454 ssh2
Oct 14 02:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32749]: Connection closed by 209.38.110.157 port 42454 [preauth]
Oct 14 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[317]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[316]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[314]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[385]: Successful su for rubyman by root
Oct 14 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[385]: + ??? root:rubyman
Oct 14 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408497 of user rubyman.
Oct 14 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[385]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408497.
Oct 14 02:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29433]: pam_unix(cron:session): session closed for user root
Oct 14 02:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[315]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[634]: Invalid user deployer from 122.166.49.42
Oct 14 02:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[634]: input_userauth_request: invalid user deployer [preauth]
Oct 14 02:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[634]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.49.42
Oct 14 02:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[634]: Failed password for invalid user deployer from 122.166.49.42 port 33806 ssh2
Oct 14 02:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[634]: Received disconnect from 122.166.49.42 port 33806:11: Bye Bye [preauth]
Oct 14 02:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[634]: Disconnected from 122.166.49.42 port 33806 [preauth]
Oct 14 02:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31715]: pam_unix(cron:session): session closed for user root
Oct 14 02:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: Invalid user ubuntu from 209.38.110.157
Oct 14 02:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: Failed password for invalid user ubuntu from 209.38.110.157 port 45606 ssh2
Oct 14 02:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: Connection closed by 209.38.110.157 port 45606 [preauth]
Oct 14 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[805]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[804]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[798]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[909]: Successful su for rubyman by root
Oct 14 02:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[909]: + ??? root:rubyman
Oct 14 02:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408501 of user rubyman.
Oct 14 02:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[909]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408501.
Oct 14 02:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29995]: pam_unix(cron:session): session closed for user root
Oct 14 02:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[799]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32306]: pam_unix(cron:session): session closed for user root
Oct 14 02:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1307]: Invalid user ubuntu from 209.38.110.157
Oct 14 02:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1307]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1307]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1307]: Failed password for invalid user ubuntu from 209.38.110.157 port 47680 ssh2
Oct 14 02:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1307]: Connection closed by 209.38.110.157 port 47680 [preauth]
Oct 14 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1380]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1381]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1376]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1378]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1577]: Successful su for rubyman by root
Oct 14 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1577]: + ??? root:rubyman
Oct 14 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408505 of user rubyman.
Oct 14 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1577]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408505.
Oct 14 02:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1376]: pam_unix(cron:session): session closed for user root
Oct 14 02:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30614]: pam_unix(cron:session): session closed for user root
Oct 14 02:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1379]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[317]: pam_unix(cron:session): session closed for user root
Oct 14 02:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2033]: Invalid user ubuntu from 209.38.110.157
Oct 14 02:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2033]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2033]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2033]: Failed password for invalid user ubuntu from 209.38.110.157 port 42470 ssh2
Oct 14 02:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2033]: Connection closed by 209.38.110.157 port 42470 [preauth]
Oct 14 02:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74  user=root
Oct 14 02:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2054]: Failed password for root from 78.128.112.74 port 58364 ssh2
Oct 14 02:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2054]: Connection closed by 78.128.112.74 port 58364 [preauth]
Oct 14 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2096]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2095]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2093]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2098]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2098]: pam_unix(cron:session): session closed for user root
Oct 14 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2089]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2179]: Successful su for rubyman by root
Oct 14 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2179]: + ??? root:rubyman
Oct 14 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408512 of user rubyman.
Oct 14 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2179]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408512.
Oct 14 02:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2093]: pam_unix(cron:session): session closed for user root
Oct 14 02:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31089]: pam_unix(cron:session): session closed for user root
Oct 14 02:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2091]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[805]: pam_unix(cron:session): session closed for user root
Oct 14 02:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Invalid user ubuntu from 209.38.110.157
Oct 14 02:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Failed password for invalid user ubuntu from 209.38.110.157 port 59636 ssh2
Oct 14 02:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Connection closed by 209.38.110.157 port 59636 [preauth]
Oct 14 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2589]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2588]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2586]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2657]: Successful su for rubyman by root
Oct 14 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2657]: + ??? root:rubyman
Oct 14 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408516 of user rubyman.
Oct 14 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2657]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408516.
Oct 14 02:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31714]: pam_unix(cron:session): session closed for user root
Oct 14 02:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2587]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: Invalid user ubuntu from 209.38.110.157
Oct 14 02:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: Failed password for invalid user ubuntu from 209.38.110.157 port 45382 ssh2
Oct 14 02:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: Connection closed by 209.38.110.157 port 45382 [preauth]
Oct 14 02:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1381]: pam_unix(cron:session): session closed for user root
Oct 14 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3050]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3048]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3049]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3047]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3047]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3114]: Successful su for rubyman by root
Oct 14 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3114]: + ??? root:rubyman
Oct 14 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408520 of user rubyman.
Oct 14 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3114]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408520.
Oct 14 02:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32305]: pam_unix(cron:session): session closed for user root
Oct 14 02:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3048]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: Invalid user ubuntu from 209.38.110.157
Oct 14 02:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: Failed password for invalid user ubuntu from 209.38.110.157 port 54664 ssh2
Oct 14 02:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: Connection closed by 209.38.110.157 port 54664 [preauth]
Oct 14 02:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2096]: pam_unix(cron:session): session closed for user root
Oct 14 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3508]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3507]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3504]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3579]: Successful su for rubyman by root
Oct 14 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3579]: + ??? root:rubyman
Oct 14 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3579]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408524 of user rubyman.
Oct 14 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3579]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408524.
Oct 14 02:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[316]: pam_unix(cron:session): session closed for user root
Oct 14 02:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3506]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: Invalid user ubuntu from 209.38.110.157
Oct 14 02:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: Failed password for invalid user ubuntu from 209.38.110.157 port 43234 ssh2
Oct 14 02:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: Connection closed by 209.38.110.157 port 43234 [preauth]
Oct 14 02:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2589]: pam_unix(cron:session): session closed for user root
Oct 14 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3953]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3954]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3951]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3951]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4030]: Successful su for rubyman by root
Oct 14 02:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4030]: + ??? root:rubyman
Oct 14 02:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408528 of user rubyman.
Oct 14 02:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4030]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408528.
Oct 14 02:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[804]: pam_unix(cron:session): session closed for user root
Oct 14 02:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3952]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4342]: Invalid user ubuntu from 209.38.110.157
Oct 14 02:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4342]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4342]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4342]: Failed password for invalid user ubuntu from 209.38.110.157 port 48360 ssh2
Oct 14 02:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4342]: Connection closed by 209.38.110.157 port 48360 [preauth]
Oct 14 02:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3050]: pam_unix(cron:session): session closed for user root
Oct 14 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4467]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4463]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4466]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4465]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4467]: pam_unix(cron:session): session closed for user root
Oct 14 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4461]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4541]: Successful su for rubyman by root
Oct 14 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4541]: + ??? root:rubyman
Oct 14 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408532 of user rubyman.
Oct 14 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4541]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408532.
Oct 14 02:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4463]: pam_unix(cron:session): session closed for user root
Oct 14 02:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1380]: pam_unix(cron:session): session closed for user root
Oct 14 02:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4462]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4866]: Invalid user ubuntu from 209.38.110.157
Oct 14 02:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4866]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4866]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4866]: Failed password for invalid user ubuntu from 209.38.110.157 port 36570 ssh2
Oct 14 02:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4866]: Connection closed by 209.38.110.157 port 36570 [preauth]
Oct 14 02:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3508]: pam_unix(cron:session): session closed for user root
Oct 14 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5487]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5485]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5569]: Successful su for rubyman by root
Oct 14 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5569]: + ??? root:rubyman
Oct 14 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408539 of user rubyman.
Oct 14 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5569]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408539.
Oct 14 02:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2095]: pam_unix(cron:session): session closed for user root
Oct 14 02:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5480]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 02:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5787]: Failed password for root from 80.211.129.128 port 54804 ssh2
Oct 14 02:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5787]: Connection closed by 80.211.129.128 port 54804 [preauth]
Oct 14 02:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5835]: Invalid user ubuntu from 209.38.110.157
Oct 14 02:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5835]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5835]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5835]: Failed password for invalid user ubuntu from 209.38.110.157 port 43568 ssh2
Oct 14 02:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5835]: Connection closed by 209.38.110.157 port 43568 [preauth]
Oct 14 02:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3954]: pam_unix(cron:session): session closed for user root
Oct 14 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5981]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5980]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5975]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5975]: pam_unix(cron:session): session closed for user root
Oct 14 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5978]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6051]: Successful su for rubyman by root
Oct 14 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6051]: + ??? root:rubyman
Oct 14 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408542 of user rubyman.
Oct 14 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6051]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408542.
Oct 14 02:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2588]: pam_unix(cron:session): session closed for user root
Oct 14 02:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5979]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: Invalid user ubuntu from 209.38.110.157
Oct 14 02:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: Failed password for invalid user ubuntu from 209.38.110.157 port 41394 ssh2
Oct 14 02:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: Connection closed by 209.38.110.157 port 41394 [preauth]
Oct 14 02:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4466]: pam_unix(cron:session): session closed for user root
Oct 14 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6426]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6427]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6424]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6499]: Successful su for rubyman by root
Oct 14 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6499]: + ??? root:rubyman
Oct 14 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408547 of user rubyman.
Oct 14 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6499]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408547.
Oct 14 02:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3049]: pam_unix(cron:session): session closed for user root
Oct 14 02:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: Invalid user ubuntu from 209.38.110.157
Oct 14 02:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: Failed password for invalid user ubuntu from 209.38.110.157 port 42316 ssh2
Oct 14 02:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: Connection closed by 209.38.110.157 port 42316 [preauth]
Oct 14 02:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6425]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5487]: pam_unix(cron:session): session closed for user root
Oct 14 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6973]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6972]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6974]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6971]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6971]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7056]: Successful su for rubyman by root
Oct 14 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7056]: + ??? root:rubyman
Oct 14 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408551 of user rubyman.
Oct 14 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7056]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408551.
Oct 14 02:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3507]: pam_unix(cron:session): session closed for user root
Oct 14 02:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Invalid user ubuntu from 209.38.110.157
Oct 14 02:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Failed password for invalid user ubuntu from 209.38.110.157 port 38886 ssh2
Oct 14 02:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Connection closed by 209.38.110.157 port 38886 [preauth]
Oct 14 02:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6972]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5981]: pam_unix(cron:session): session closed for user root
Oct 14 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7538]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7537]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7539]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7536]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7535]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7539]: pam_unix(cron:session): session closed for user root
Oct 14 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7534]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7616]: Successful su for rubyman by root
Oct 14 02:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7616]: + ??? root:rubyman
Oct 14 02:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408555 of user rubyman.
Oct 14 02:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7616]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408555.
Oct 14 02:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7536]: pam_unix(cron:session): session closed for user root
Oct 14 02:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: Invalid user ubuntu from 209.38.110.157
Oct 14 02:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3953]: pam_unix(cron:session): session closed for user root
Oct 14 02:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: Failed password for invalid user ubuntu from 209.38.110.157 port 35588 ssh2
Oct 14 02:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: Connection closed by 209.38.110.157 port 35588 [preauth]
Oct 14 02:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7535]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6427]: pam_unix(cron:session): session closed for user root
Oct 14 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8476]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8477]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8473]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8559]: Successful su for rubyman by root
Oct 14 02:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8559]: + ??? root:rubyman
Oct 14 02:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408561 of user rubyman.
Oct 14 02:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8559]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408561.
Oct 14 02:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: Invalid user ubuntu from 209.38.110.157
Oct 14 02:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4465]: pam_unix(cron:session): session closed for user root
Oct 14 02:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: Failed password for invalid user ubuntu from 209.38.110.157 port 46874 ssh2
Oct 14 02:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8697]: Connection closed by 209.38.110.157 port 46874 [preauth]
Oct 14 02:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8474]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6974]: pam_unix(cron:session): session closed for user root
Oct 14 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9069]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9070]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9067]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9237]: Successful su for rubyman by root
Oct 14 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9237]: + ??? root:rubyman
Oct 14 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408567 of user rubyman.
Oct 14 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9237]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408567.
Oct 14 02:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: Invalid user pi from 209.38.110.157
Oct 14 02:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5485]: pam_unix(cron:session): session closed for user root
Oct 14 02:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: Failed password for invalid user pi from 209.38.110.157 port 44858 ssh2
Oct 14 02:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9398]: Connection closed by 209.38.110.157 port 44858 [preauth]
Oct 14 02:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9068]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7538]: pam_unix(cron:session): session closed for user root
Oct 14 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9746]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9741]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9729]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9880]: Successful su for rubyman by root
Oct 14 02:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9880]: + ??? root:rubyman
Oct 14 02:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408571 of user rubyman.
Oct 14 02:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9880]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408571.
Oct 14 02:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9957]: Invalid user pi from 209.38.110.157
Oct 14 02:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9957]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9957]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9957]: Failed password for invalid user pi from 209.38.110.157 port 47380 ssh2
Oct 14 02:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9957]: Connection closed by 209.38.110.157 port 47380 [preauth]
Oct 14 02:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5980]: pam_unix(cron:session): session closed for user root
Oct 14 02:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9733]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8477]: pam_unix(cron:session): session closed for user root
Oct 14 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10285]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10284]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: Invalid user pi from 209.38.110.157
Oct 14 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10281]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10371]: Successful su for rubyman by root
Oct 14 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10371]: + ??? root:rubyman
Oct 14 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408573 of user rubyman.
Oct 14 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10371]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408573.
Oct 14 02:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: Failed password for invalid user pi from 209.38.110.157 port 60916 ssh2
Oct 14 02:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10277]: Connection closed by 209.38.110.157 port 60916 [preauth]
Oct 14 02:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6426]: pam_unix(cron:session): session closed for user root
Oct 14 02:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10283]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9070]: pam_unix(cron:session): session closed for user root
Oct 14 02:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: Invalid user pi from 209.38.110.157
Oct 14 02:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10772]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10774]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10777]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10775]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10777]: pam_unix(cron:session): session closed for user root
Oct 14 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10770]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: Failed password for invalid user pi from 209.38.110.157 port 46760 ssh2
Oct 14 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: Connection closed by 209.38.110.157 port 46760 [preauth]
Oct 14 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10847]: Successful su for rubyman by root
Oct 14 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10847]: + ??? root:rubyman
Oct 14 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408577 of user rubyman.
Oct 14 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10847]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408577.
Oct 14 02:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10772]: pam_unix(cron:session): session closed for user root
Oct 14 02:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6973]: pam_unix(cron:session): session closed for user root
Oct 14 02:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10771]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9746]: pam_unix(cron:session): session closed for user root
Oct 14 02:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Invalid user pi from 209.38.110.157
Oct 14 02:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Failed password for invalid user pi from 209.38.110.157 port 40856 ssh2
Oct 14 02:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Connection closed by 209.38.110.157 port 40856 [preauth]
Oct 14 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11254]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11253]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11250]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11249]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11336]: Successful su for rubyman by root
Oct 14 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11336]: + ??? root:rubyman
Oct 14 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11336]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408583 of user rubyman.
Oct 14 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11336]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408583.
Oct 14 02:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7537]: pam_unix(cron:session): session closed for user root
Oct 14 02:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11250]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: Invalid user user from 62.60.131.157
Oct 14 02:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: input_userauth_request: invalid user user [preauth]
Oct 14 02:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 02:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: Failed password for invalid user user from 62.60.131.157 port 61020 ssh2
Oct 14 02:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: Failed password for invalid user user from 62.60.131.157 port 61020 ssh2
Oct 14 02:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: Failed password for invalid user user from 62.60.131.157 port 61020 ssh2
Oct 14 02:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10285]: pam_unix(cron:session): session closed for user root
Oct 14 02:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: Failed password for invalid user user from 62.60.131.157 port 61020 ssh2
Oct 14 02:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: Failed password for invalid user user from 62.60.131.157 port 61020 ssh2
Oct 14 02:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: Received disconnect from 62.60.131.157 port 61020:11: Bye [preauth]
Oct 14 02:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: Disconnected from 62.60.131.157 port 61020 [preauth]
Oct 14 02:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 02:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 02:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11806]: Invalid user pi from 209.38.110.157
Oct 14 02:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11806]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11806]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11806]: Failed password for invalid user pi from 209.38.110.157 port 40326 ssh2
Oct 14 02:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11806]: Connection closed by 209.38.110.157 port 40326 [preauth]
Oct 14 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11841]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11842]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11838]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11909]: Successful su for rubyman by root
Oct 14 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11909]: + ??? root:rubyman
Oct 14 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408587 of user rubyman.
Oct 14 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11909]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408587.
Oct 14 02:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8476]: pam_unix(cron:session): session closed for user root
Oct 14 02:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11839]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12244]: Did not receive identification string from 196.251.84.140
Oct 14 02:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10775]: pam_unix(cron:session): session closed for user root
Oct 14 02:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: Invalid user pi from 209.38.110.157
Oct 14 02:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: Failed password for invalid user pi from 209.38.110.157 port 42770 ssh2
Oct 14 02:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: Connection closed by 209.38.110.157 port 42770 [preauth]
Oct 14 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12312]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12311]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12309]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12389]: Successful su for rubyman by root
Oct 14 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12389]: + ??? root:rubyman
Oct 14 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408592 of user rubyman.
Oct 14 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12389]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408592.
Oct 14 02:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9069]: pam_unix(cron:session): session closed for user root
Oct 14 02:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12310]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11254]: pam_unix(cron:session): session closed for user root
Oct 14 02:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: Invalid user admin from 2.57.121.25
Oct 14 02:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: input_userauth_request: invalid user admin [preauth]
Oct 14 02:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 02:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: Failed password for invalid user admin from 2.57.121.25 port 22282 ssh2
Oct 14 02:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: Failed password for invalid user admin from 2.57.121.25 port 22282 ssh2
Oct 14 02:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: Failed password for invalid user admin from 2.57.121.25 port 22282 ssh2
Oct 14 02:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: Failed password for invalid user admin from 2.57.121.25 port 22282 ssh2
Oct 14 02:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: Failed password for invalid user admin from 2.57.121.25 port 22282 ssh2
Oct 14 02:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: Received disconnect from 2.57.121.25 port 22282:11: Bye [preauth]
Oct 14 02:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: Disconnected from 2.57.121.25 port 22282 [preauth]
Oct 14 02:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 02:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 02:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: Invalid user pi from 209.38.110.157
Oct 14 02:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: Failed password for invalid user pi from 209.38.110.157 port 54260 ssh2
Oct 14 02:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: Connection closed by 209.38.110.157 port 54260 [preauth]
Oct 14 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12797]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12877]: Successful su for rubyman by root
Oct 14 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12877]: + ??? root:rubyman
Oct 14 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408595 of user rubyman.
Oct 14 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12877]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408595.
Oct 14 02:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9741]: pam_unix(cron:session): session closed for user root
Oct 14 02:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11842]: pam_unix(cron:session): session closed for user root
Oct 14 02:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: Invalid user pi from 209.38.110.157
Oct 14 02:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: Did not receive identification string from 196.251.84.92
Oct 14 02:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: Failed password for invalid user pi from 209.38.110.157 port 60306 ssh2
Oct 14 02:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: Connection closed by 209.38.110.157 port 60306 [preauth]
Oct 14 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13411]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13412]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13413]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13409]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13413]: pam_unix(cron:session): session closed for user root
Oct 14 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13407]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13496]: Successful su for rubyman by root
Oct 14 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13496]: + ??? root:rubyman
Oct 14 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408604 of user rubyman.
Oct 14 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13496]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408604.
Oct 14 02:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13409]: pam_unix(cron:session): session closed for user root
Oct 14 02:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10284]: pam_unix(cron:session): session closed for user root
Oct 14 02:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13408]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12312]: pam_unix(cron:session): session closed for user root
Oct 14 02:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: Invalid user pi from 209.38.110.157
Oct 14 02:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: Failed password for invalid user pi from 209.38.110.157 port 44040 ssh2
Oct 14 02:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: Connection closed by 209.38.110.157 port 44040 [preauth]
Oct 14 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13932]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13933]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13930]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14002]: Successful su for rubyman by root
Oct 14 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14002]: + ??? root:rubyman
Oct 14 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408605 of user rubyman.
Oct 14 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14002]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408605.
Oct 14 02:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10774]: pam_unix(cron:session): session closed for user root
Oct 14 02:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13931]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12797]: pam_unix(cron:session): session closed for user root
Oct 14 02:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: Invalid user pi from 209.38.110.157
Oct 14 02:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: Failed password for invalid user pi from 209.38.110.157 port 46580 ssh2
Oct 14 02:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: Connection closed by 209.38.110.157 port 46580 [preauth]
Oct 14 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14460]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14458]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14454]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14537]: Successful su for rubyman by root
Oct 14 02:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14537]: + ??? root:rubyman
Oct 14 02:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14537]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408610 of user rubyman.
Oct 14 02:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14537]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408610.
Oct 14 02:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11253]: pam_unix(cron:session): session closed for user root
Oct 14 02:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14455]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14795]: Invalid user ansible from 186.96.145.241
Oct 14 02:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14795]: input_userauth_request: invalid user ansible [preauth]
Oct 14 02:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14795]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 14 02:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14795]: Failed password for invalid user ansible from 186.96.145.241 port 41578 ssh2
Oct 14 02:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14795]: Connection closed by 186.96.145.241 port 41578 [preauth]
Oct 14 02:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14865]: Invalid user pi from 209.38.110.157
Oct 14 02:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14865]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14865]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13412]: pam_unix(cron:session): session closed for user root
Oct 14 02:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14865]: Failed password for invalid user pi from 209.38.110.157 port 46362 ssh2
Oct 14 02:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14865]: Connection closed by 209.38.110.157 port 46362 [preauth]
Oct 14 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14936]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14937]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14933]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15010]: Successful su for rubyman by root
Oct 14 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15010]: + ??? root:rubyman
Oct 14 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408615 of user rubyman.
Oct 14 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15010]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408615.
Oct 14 02:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11841]: pam_unix(cron:session): session closed for user root
Oct 14 02:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14934]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: Invalid user pi from 209.38.110.157
Oct 14 02:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13933]: pam_unix(cron:session): session closed for user root
Oct 14 02:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: Failed password for invalid user pi from 209.38.110.157 port 45558 ssh2
Oct 14 02:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: Connection closed by 209.38.110.157 port 45558 [preauth]
Oct 14 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15484]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15483]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15481]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15481]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15552]: Successful su for rubyman by root
Oct 14 02:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15552]: + ??? root:rubyman
Oct 14 02:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408617 of user rubyman.
Oct 14 02:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15552]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408617.
Oct 14 02:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12311]: pam_unix(cron:session): session closed for user root
Oct 14 02:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15482]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15816]: Connection closed by 3.83.105.114 port 56118 [preauth]
Oct 14 02:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Invalid user pi from 209.38.110.157
Oct 14 02:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Failed password for invalid user pi from 209.38.110.157 port 48132 ssh2
Oct 14 02:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Connection closed by 209.38.110.157 port 48132 [preauth]
Oct 14 02:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14460]: pam_unix(cron:session): session closed for user root
Oct 14 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15938]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15936]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15939]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15940]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15934]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15935]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15940]: pam_unix(cron:session): session closed for user root
Oct 14 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15934]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16027]: Successful su for rubyman by root
Oct 14 02:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16027]: + ??? root:rubyman
Oct 14 02:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408624 of user rubyman.
Oct 14 02:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16027]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408624.
Oct 14 02:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15936]: pam_unix(cron:session): session closed for user root
Oct 14 02:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session closed for user root
Oct 14 02:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15935]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: Invalid user pi from 209.38.110.157
Oct 14 02:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: Failed password for invalid user pi from 209.38.110.157 port 40050 ssh2
Oct 14 02:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: Connection closed by 209.38.110.157 port 40050 [preauth]
Oct 14 02:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14937]: pam_unix(cron:session): session closed for user root
Oct 14 02:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 02:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: Failed password for root from 196.251.84.140 port 60000 ssh2
Oct 14 02:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16387]: Connection closed by 196.251.84.140 port 60000 [preauth]
Oct 14 02:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 14 02:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: Failed password for root from 164.68.105.9 port 57362 ssh2
Oct 14 02:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16433]: Connection closed by 164.68.105.9 port 57362 [preauth]
Oct 14 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16444]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16440]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16438]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16529]: Successful su for rubyman by root
Oct 14 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16529]: + ??? root:rubyman
Oct 14 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408627 of user rubyman.
Oct 14 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16529]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408627.
Oct 14 02:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13411]: pam_unix(cron:session): session closed for user root
Oct 14 02:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16439]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Invalid user pi from 209.38.110.157
Oct 14 02:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Failed password for invalid user pi from 209.38.110.157 port 54232 ssh2
Oct 14 02:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Connection closed by 209.38.110.157 port 54232 [preauth]
Oct 14 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15484]: pam_unix(cron:session): session closed for user root
Oct 14 02:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 02:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: Failed password for root from 196.251.84.92 port 35482 ssh2
Oct 14 02:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16902]: Connection closed by 196.251.84.92 port 35482 [preauth]
Oct 14 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16918]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16917]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16915]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16989]: Successful su for rubyman by root
Oct 14 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16989]: + ??? root:rubyman
Oct 14 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408631 of user rubyman.
Oct 14 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16989]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408631.
Oct 14 02:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13932]: pam_unix(cron:session): session closed for user root
Oct 14 02:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: Invalid user ubuntu from 190.128.241.2
Oct 14 02:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 02:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 02:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: Failed password for invalid user ubuntu from 190.128.241.2 port 42004 ssh2
Oct 14 02:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: Received disconnect from 190.128.241.2 port 42004:11: Bye Bye [preauth]
Oct 14 02:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: Disconnected from 190.128.241.2 port 42004 [preauth]
Oct 14 02:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16916]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: Invalid user pi from 209.38.110.157
Oct 14 02:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: Failed password for invalid user pi from 209.38.110.157 port 47642 ssh2
Oct 14 02:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17254]: Connection closed by 209.38.110.157 port 47642 [preauth]
Oct 14 02:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15939]: pam_unix(cron:session): session closed for user root
Oct 14 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17394]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17391]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17389]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17456]: Successful su for rubyman by root
Oct 14 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17456]: + ??? root:rubyman
Oct 14 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408635 of user rubyman.
Oct 14 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17456]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408635.
Oct 14 02:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14458]: pam_unix(cron:session): session closed for user root
Oct 14 02:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17390]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: Invalid user pi from 209.38.110.157
Oct 14 02:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: input_userauth_request: invalid user pi [preauth]
Oct 14 02:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: Failed password for invalid user pi from 209.38.110.157 port 42360 ssh2
Oct 14 02:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: Connection closed by 209.38.110.157 port 42360 [preauth]
Oct 14 02:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16444]: pam_unix(cron:session): session closed for user root
Oct 14 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17929]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17930]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17920]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17927]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18236]: Successful su for rubyman by root
Oct 14 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18236]: + ??? root:rubyman
Oct 14 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18236]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408641 of user rubyman.
Oct 14 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18236]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408641.
Oct 14 02:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17920]: pam_unix(cron:session): session closed for user root
Oct 14 02:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 02:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18125]: Failed password for root from 196.251.84.92 port 47964 ssh2
Oct 14 02:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18125]: Connection closed by 196.251.84.92 port 47964 [preauth]
Oct 14 02:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14936]: pam_unix(cron:session): session closed for user root
Oct 14 02:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 14 02:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: Failed password for root from 164.68.105.9 port 50972 ssh2
Oct 14 02:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: Connection closed by 164.68.105.9 port 50972 [preauth]
Oct 14 02:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: Invalid user nginx from 209.38.110.157
Oct 14 02:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: input_userauth_request: invalid user nginx [preauth]
Oct 14 02:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17928]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: Failed password for invalid user nginx from 209.38.110.157 port 53028 ssh2
Oct 14 02:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18582]: Connection closed by 209.38.110.157 port 53028 [preauth]
Oct 14 02:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16918]: pam_unix(cron:session): session closed for user root
Oct 14 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18755]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18751]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18748]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18754]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18750]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18749]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18755]: pam_unix(cron:session): session closed for user root
Oct 14 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18748]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18839]: Successful su for rubyman by root
Oct 14 02:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18839]: + ??? root:rubyman
Oct 14 02:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408649 of user rubyman.
Oct 14 02:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18839]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408649.
Oct 14 02:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18750]: pam_unix(cron:session): session closed for user root
Oct 14 02:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15483]: pam_unix(cron:session): session closed for user root
Oct 14 02:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19213]: Invalid user nginx from 209.38.110.157
Oct 14 02:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19213]: input_userauth_request: invalid user nginx [preauth]
Oct 14 02:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19213]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18749]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19213]: Failed password for invalid user nginx from 209.38.110.157 port 39966 ssh2
Oct 14 02:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19213]: Connection closed by 209.38.110.157 port 39966 [preauth]
Oct 14 02:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 02:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19197]: Failed password for root from 196.251.84.140 port 45516 ssh2
Oct 14 02:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19197]: Connection closed by 196.251.84.140 port 45516 [preauth]
Oct 14 02:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19350]: Connection closed by 148.113.208.45 port 54368 [preauth]
Oct 14 02:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17394]: pam_unix(cron:session): session closed for user root
Oct 14 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19609]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19607]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19604]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19800]: Successful su for rubyman by root
Oct 14 02:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19800]: + ??? root:rubyman
Oct 14 02:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408651 of user rubyman.
Oct 14 02:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19800]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408651.
Oct 14 02:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 02:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2  user=root
Oct 14 02:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: Failed password for root from 196.251.84.92 port 55642 ssh2
Oct 14 02:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: Connection closed by 196.251.84.92 port 55642 [preauth]
Oct 14 02:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Failed password for root from 190.128.241.2 port 51618 ssh2
Oct 14 02:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Received disconnect from 190.128.241.2 port 51618:11: Bye Bye [preauth]
Oct 14 02:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Disconnected from 190.128.241.2 port 51618 [preauth]
Oct 14 02:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15938]: pam_unix(cron:session): session closed for user root
Oct 14 02:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: Invalid user nginx from 209.38.110.157
Oct 14 02:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: input_userauth_request: invalid user nginx [preauth]
Oct 14 02:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: Failed password for invalid user nginx from 209.38.110.157 port 40878 ssh2
Oct 14 02:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20053]: Connection closed by 209.38.110.157 port 40878 [preauth]
Oct 14 02:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19605]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17930]: pam_unix(cron:session): session closed for user root
Oct 14 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20281]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20282]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20277]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20348]: Successful su for rubyman by root
Oct 14 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20348]: + ??? root:rubyman
Oct 14 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408654 of user rubyman.
Oct 14 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20348]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408654.
Oct 14 02:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20509]: Invalid user nginx from 209.38.110.157
Oct 14 02:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20509]: input_userauth_request: invalid user nginx [preauth]
Oct 14 02:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20509]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16440]: pam_unix(cron:session): session closed for user root
Oct 14 02:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20509]: Failed password for invalid user nginx from 209.38.110.157 port 44826 ssh2
Oct 14 02:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20509]: Connection closed by 209.38.110.157 port 44826 [preauth]
Oct 14 02:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20278]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18754]: pam_unix(cron:session): session closed for user root
Oct 14 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20746]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20745]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20743]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20827]: Successful su for rubyman by root
Oct 14 02:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20827]: + ??? root:rubyman
Oct 14 02:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408659 of user rubyman.
Oct 14 02:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20827]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408659.
Oct 14 02:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: Invalid user nginx from 209.38.110.157
Oct 14 02:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: input_userauth_request: invalid user nginx [preauth]
Oct 14 02:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: Invalid user dspace from 190.128.241.2
Oct 14 02:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: input_userauth_request: invalid user dspace [preauth]
Oct 14 02:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 02:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: Failed password for invalid user nginx from 209.38.110.157 port 41100 ssh2
Oct 14 02:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: Connection closed by 209.38.110.157 port 41100 [preauth]
Oct 14 02:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: Failed password for invalid user dspace from 190.128.241.2 port 35972 ssh2
Oct 14 02:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: Received disconnect from 190.128.241.2 port 35972:11: Bye Bye [preauth]
Oct 14 02:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: Disconnected from 190.128.241.2 port 35972 [preauth]
Oct 14 02:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16917]: pam_unix(cron:session): session closed for user root
Oct 14 02:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 02:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20744]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: Failed password for root from 196.251.84.92 port 59576 ssh2
Oct 14 02:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: Connection closed by 196.251.84.92 port 59576 [preauth]
Oct 14 02:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19609]: pam_unix(cron:session): session closed for user root
Oct 14 02:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21198]: Invalid user nginx from 209.38.110.157
Oct 14 02:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21198]: input_userauth_request: invalid user nginx [preauth]
Oct 14 02:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21198]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21198]: Failed password for invalid user nginx from 209.38.110.157 port 43284 ssh2
Oct 14 02:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21198]: Connection closed by 209.38.110.157 port 43284 [preauth]
Oct 14 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21207]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21208]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21204]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21286]: Successful su for rubyman by root
Oct 14 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21286]: + ??? root:rubyman
Oct 14 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408663 of user rubyman.
Oct 14 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21286]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408663.
Oct 14 02:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17391]: pam_unix(cron:session): session closed for user root
Oct 14 02:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21206]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 02:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: Failed password for root from 196.251.84.140 port 44122 ssh2
Oct 14 02:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20282]: pam_unix(cron:session): session closed for user root
Oct 14 02:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: Connection closed by 196.251.84.140 port 44122 [preauth]
Oct 14 02:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21695]: Invalid user radio from 190.128.241.2
Oct 14 02:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21695]: input_userauth_request: invalid user radio [preauth]
Oct 14 02:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21695]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 02:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21695]: Failed password for invalid user radio from 190.128.241.2 port 34008 ssh2
Oct 14 02:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21695]: Received disconnect from 190.128.241.2 port 34008:11: Bye Bye [preauth]
Oct 14 02:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21695]: Disconnected from 190.128.241.2 port 34008 [preauth]
Oct 14 02:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: Invalid user nginx from 209.38.110.157
Oct 14 02:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: input_userauth_request: invalid user nginx [preauth]
Oct 14 02:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: Failed password for invalid user nginx from 209.38.110.157 port 57390 ssh2
Oct 14 02:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: Connection closed by 209.38.110.157 port 57390 [preauth]
Oct 14 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21748]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21749]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21747]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21746]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21749]: pam_unix(cron:session): session closed for user root
Oct 14 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21743]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21825]: Successful su for rubyman by root
Oct 14 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21825]: + ??? root:rubyman
Oct 14 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408666 of user rubyman.
Oct 14 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21825]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408666.
Oct 14 02:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21746]: pam_unix(cron:session): session closed for user root
Oct 14 02:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17929]: pam_unix(cron:session): session closed for user root
Oct 14 02:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 02:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21744]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: Failed password for root from 196.251.84.92 port 33324 ssh2
Oct 14 02:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: Connection closed by 196.251.84.92 port 33324 [preauth]
Oct 14 02:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20746]: pam_unix(cron:session): session closed for user root
Oct 14 02:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Invalid user nginx from 209.38.110.157
Oct 14 02:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: input_userauth_request: invalid user nginx [preauth]
Oct 14 02:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Failed password for invalid user nginx from 209.38.110.157 port 41406 ssh2
Oct 14 02:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22271]: Connection closed by 209.38.110.157 port 41406 [preauth]
Oct 14 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22289]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22290]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22284]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22367]: Successful su for rubyman by root
Oct 14 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22367]: + ??? root:rubyman
Oct 14 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408673 of user rubyman.
Oct 14 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22367]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408673.
Oct 14 02:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18751]: pam_unix(cron:session): session closed for user root
Oct 14 02:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22285]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22626]: User john from 190.128.241.2 not allowed because not listed in AllowUsers
Oct 14 02:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22626]: input_userauth_request: invalid user john [preauth]
Oct 14 02:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2  user=john
Oct 14 02:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22626]: Failed password for invalid user john from 190.128.241.2 port 35836 ssh2
Oct 14 02:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22626]: Received disconnect from 190.128.241.2 port 35836:11: Bye Bye [preauth]
Oct 14 02:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22626]: Disconnected from 190.128.241.2 port 35836 [preauth]
Oct 14 02:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21208]: pam_unix(cron:session): session closed for user root
Oct 14 02:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: Invalid user nginx from 209.38.110.157
Oct 14 02:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: input_userauth_request: invalid user nginx [preauth]
Oct 14 02:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: Failed password for invalid user nginx from 209.38.110.157 port 51960 ssh2
Oct 14 02:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: Connection closed by 209.38.110.157 port 51960 [preauth]
Oct 14 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22960]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22961]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22958]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23184]: Successful su for rubyman by root
Oct 14 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23184]: + ??? root:rubyman
Oct 14 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408679 of user rubyman.
Oct 14 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23184]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408679.
Oct 14 02:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19607]: pam_unix(cron:session): session closed for user root
Oct 14 02:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22959]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 02:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: Failed password for root from 196.251.84.92 port 33926 ssh2
Oct 14 02:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: Connection closed by 196.251.84.92 port 33926 [preauth]
Oct 14 02:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21748]: pam_unix(cron:session): session closed for user root
Oct 14 02:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: Invalid user nginx from 209.38.110.157
Oct 14 02:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: input_userauth_request: invalid user nginx [preauth]
Oct 14 02:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: Failed password for invalid user nginx from 209.38.110.157 port 42532 ssh2
Oct 14 02:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: Connection closed by 209.38.110.157 port 42532 [preauth]
Oct 14 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23943]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23945]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23941]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24019]: Successful su for rubyman by root
Oct 14 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24019]: + ??? root:rubyman
Oct 14 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408681 of user rubyman.
Oct 14 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24019]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408681.
Oct 14 02:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: Invalid user botuser from 190.128.241.2
Oct 14 02:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: input_userauth_request: invalid user botuser [preauth]
Oct 14 02:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 02:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20281]: pam_unix(cron:session): session closed for user root
Oct 14 02:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: Failed password for invalid user botuser from 190.128.241.2 port 47584 ssh2
Oct 14 02:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: Received disconnect from 190.128.241.2 port 47584:11: Bye Bye [preauth]
Oct 14 02:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: Disconnected from 190.128.241.2 port 47584 [preauth]
Oct 14 02:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23942]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22290]: pam_unix(cron:session): session closed for user root
Oct 14 02:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 02:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: Failed password for root from 196.251.84.140 port 33676 ssh2
Oct 14 02:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: Connection closed by 196.251.84.140 port 33676 [preauth]
Oct 14 02:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24452]: Invalid user nginx from 209.38.110.157
Oct 14 02:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24452]: input_userauth_request: invalid user nginx [preauth]
Oct 14 02:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24452]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24452]: Failed password for invalid user nginx from 209.38.110.157 port 52464 ssh2
Oct 14 02:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24452]: Connection closed by 209.38.110.157 port 52464 [preauth]
Oct 14 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24480]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24479]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24477]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24564]: Successful su for rubyman by root
Oct 14 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24564]: + ??? root:rubyman
Oct 14 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408684 of user rubyman.
Oct 14 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24564]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408684.
Oct 14 02:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20745]: pam_unix(cron:session): session closed for user root
Oct 14 02:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24478]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 02:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24805]: Failed password for root from 196.251.84.92 port 34154 ssh2
Oct 14 02:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24805]: Connection closed by 196.251.84.92 port 34154 [preauth]
Oct 14 02:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22961]: pam_unix(cron:session): session closed for user root
Oct 14 02:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24905]: Invalid user sol from 190.128.241.2
Oct 14 02:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24905]: input_userauth_request: invalid user sol [preauth]
Oct 14 02:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24905]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 02:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24905]: Failed password for invalid user sol from 190.128.241.2 port 46324 ssh2
Oct 14 02:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24905]: Received disconnect from 190.128.241.2 port 46324:11: Bye Bye [preauth]
Oct 14 02:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24905]: Disconnected from 190.128.241.2 port 46324 [preauth]
Oct 14 02:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: Invalid user nginx from 209.38.110.157
Oct 14 02:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: input_userauth_request: invalid user nginx [preauth]
Oct 14 02:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: Failed password for invalid user nginx from 209.38.110.157 port 57142 ssh2
Oct 14 02:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: Connection closed by 209.38.110.157 port 57142 [preauth]
Oct 14 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24985]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24983]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24984]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24982]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24985]: pam_unix(cron:session): session closed for user root
Oct 14 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24975]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[25063]: Successful su for rubyman by root
Oct 14 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[25063]: + ??? root:rubyman
Oct 14 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[25063]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408688 of user rubyman.
Oct 14 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[25063]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408688.
Oct 14 02:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24982]: pam_unix(cron:session): session closed for user root
Oct 14 02:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21207]: pam_unix(cron:session): session closed for user root
Oct 14 02:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24981]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23945]: pam_unix(cron:session): session closed for user root
Oct 14 02:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: Invalid user nginx from 209.38.110.157
Oct 14 02:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: input_userauth_request: invalid user nginx [preauth]
Oct 14 02:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: Failed password for invalid user nginx from 209.38.110.157 port 51770 ssh2
Oct 14 02:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: Connection closed by 209.38.110.157 port 51770 [preauth]
Oct 14 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25722]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25721]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25718]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25718]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25897]: Successful su for rubyman by root
Oct 14 02:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25897]: + ??? root:rubyman
Oct 14 02:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408695 of user rubyman.
Oct 14 02:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25897]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408695.
Oct 14 02:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21747]: pam_unix(cron:session): session closed for user root
Oct 14 02:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 02:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26090]: Failed password for root from 196.251.84.92 port 33562 ssh2
Oct 14 02:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26090]: Connection closed by 196.251.84.92 port 33562 [preauth]
Oct 14 02:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: Invalid user git from 190.128.241.2
Oct 14 02:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: input_userauth_request: invalid user git [preauth]
Oct 14 02:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 02:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25719]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: Failed password for invalid user git from 190.128.241.2 port 47118 ssh2
Oct 14 02:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: Received disconnect from 190.128.241.2 port 47118:11: Bye Bye [preauth]
Oct 14 02:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: Disconnected from 190.128.241.2 port 47118 [preauth]
Oct 14 02:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24480]: pam_unix(cron:session): session closed for user root
Oct 14 02:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: Invalid user nginx from 209.38.110.157
Oct 14 02:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: input_userauth_request: invalid user nginx [preauth]
Oct 14 02:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: Failed password for invalid user nginx from 209.38.110.157 port 53954 ssh2
Oct 14 02:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26255]: Connection closed by 209.38.110.157 port 53954 [preauth]
Oct 14 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26316]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26315]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26312]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26396]: Successful su for rubyman by root
Oct 14 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26396]: + ??? root:rubyman
Oct 14 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408699 of user rubyman.
Oct 14 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26396]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408699.
Oct 14 02:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22289]: pam_unix(cron:session): session closed for user root
Oct 14 02:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26313]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 02:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Failed password for root from 196.251.84.140 port 46592 ssh2
Oct 14 02:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24984]: pam_unix(cron:session): session closed for user root
Oct 14 02:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Connection closed by 196.251.84.140 port 46592 [preauth]
Oct 14 02:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Invalid user nginx from 209.38.110.157
Oct 14 02:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: input_userauth_request: invalid user nginx [preauth]
Oct 14 02:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Failed password for invalid user nginx from 209.38.110.157 port 37508 ssh2
Oct 14 02:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Connection closed by 209.38.110.157 port 37508 [preauth]
Oct 14 02:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: Invalid user odoo17 from 190.128.241.2
Oct 14 02:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: input_userauth_request: invalid user odoo17 [preauth]
Oct 14 02:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 02:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: Failed password for invalid user odoo17 from 190.128.241.2 port 37796 ssh2
Oct 14 02:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: Received disconnect from 190.128.241.2 port 37796:11: Bye Bye [preauth]
Oct 14 02:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: Disconnected from 190.128.241.2 port 37796 [preauth]
Oct 14 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26977]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26984]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26968]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27189]: Successful su for rubyman by root
Oct 14 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27189]: + ??? root:rubyman
Oct 14 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408704 of user rubyman.
Oct 14 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27189]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408704.
Oct 14 02:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 02:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22960]: pam_unix(cron:session): session closed for user root
Oct 14 02:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27286]: Failed password for root from 196.251.84.92 port 60732 ssh2
Oct 14 02:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27286]: Connection closed by 196.251.84.92 port 60732 [preauth]
Oct 14 02:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26974]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25722]: pam_unix(cron:session): session closed for user root
Oct 14 02:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: Invalid user nginx from 209.38.110.157
Oct 14 02:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: input_userauth_request: invalid user nginx [preauth]
Oct 14 02:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: Failed password for invalid user nginx from 209.38.110.157 port 58648 ssh2
Oct 14 02:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: Connection closed by 209.38.110.157 port 58648 [preauth]
Oct 14 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27875]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27874]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27871]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27956]: Successful su for rubyman by root
Oct 14 02:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27956]: + ??? root:rubyman
Oct 14 02:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27956]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408707 of user rubyman.
Oct 14 02:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27956]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408707.
Oct 14 02:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23943]: pam_unix(cron:session): session closed for user root
Oct 14 02:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27872]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: Invalid user nginx from 209.38.110.157
Oct 14 02:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: input_userauth_request: invalid user nginx [preauth]
Oct 14 02:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: Failed password for invalid user nginx from 209.38.110.157 port 48472 ssh2
Oct 14 02:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: Connection closed by 209.38.110.157 port 48472 [preauth]
Oct 14 02:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26316]: pam_unix(cron:session): session closed for user root
Oct 14 02:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: Invalid user postgres from 190.128.241.2
Oct 14 02:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: input_userauth_request: invalid user postgres [preauth]
Oct 14 02:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 02:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: Failed password for invalid user postgres from 190.128.241.2 port 27039 ssh2
Oct 14 02:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: Received disconnect from 190.128.241.2 port 27039:11: Bye Bye [preauth]
Oct 14 02:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: Disconnected from 190.128.241.2 port 27039 [preauth]
Oct 14 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28368]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28364]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28362]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28366]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28368]: pam_unix(cron:session): session closed for user root
Oct 14 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28360]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 02:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28606]: Successful su for rubyman by root
Oct 14 02:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28606]: + ??? root:rubyman
Oct 14 02:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408710 of user rubyman.
Oct 14 02:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28606]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408710.
Oct 14 02:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28357]: Failed password for root from 196.251.84.92 port 59804 ssh2
Oct 14 02:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28357]: Connection closed by 196.251.84.92 port 59804 [preauth]
Oct 14 02:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28362]: pam_unix(cron:session): session closed for user root
Oct 14 02:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24479]: pam_unix(cron:session): session closed for user root
Oct 14 02:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28361]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29102]: Invalid user nginx from 209.38.110.157
Oct 14 02:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29102]: input_userauth_request: invalid user nginx [preauth]
Oct 14 02:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29102]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29102]: Failed password for invalid user nginx from 209.38.110.157 port 55470 ssh2
Oct 14 02:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29102]: Connection closed by 209.38.110.157 port 55470 [preauth]
Oct 14 02:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26984]: pam_unix(cron:session): session closed for user root
Oct 14 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29240]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29241]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29238]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29335]: Successful su for rubyman by root
Oct 14 02:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29335]: + ??? root:rubyman
Oct 14 02:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29335]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408718 of user rubyman.
Oct 14 02:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29335]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408718.
Oct 14 02:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24983]: pam_unix(cron:session): session closed for user root
Oct 14 02:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29239]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: Invalid user django from 190.128.241.2
Oct 14 02:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: input_userauth_request: invalid user django [preauth]
Oct 14 02:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 02:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: Failed password for invalid user django from 190.128.241.2 port 36940 ssh2
Oct 14 02:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: Received disconnect from 190.128.241.2 port 36940:11: Bye Bye [preauth]
Oct 14 02:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: Disconnected from 190.128.241.2 port 36940 [preauth]
Oct 14 02:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29600]: Invalid user apache from 209.38.110.157
Oct 14 02:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29600]: input_userauth_request: invalid user apache [preauth]
Oct 14 02:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29600]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29600]: Failed password for invalid user apache from 209.38.110.157 port 55546 ssh2
Oct 14 02:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29600]: Connection closed by 209.38.110.157 port 55546 [preauth]
Oct 14 02:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27875]: pam_unix(cron:session): session closed for user root
Oct 14 02:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 02:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: Failed password for root from 196.251.84.140 port 58642 ssh2
Oct 14 02:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: Connection closed by 196.251.84.140 port 58642 [preauth]
Oct 14 02:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 02:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: Failed password for root from 196.251.84.92 port 58194 ssh2
Oct 14 02:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: Connection closed by 196.251.84.92 port 58194 [preauth]
Oct 14 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29747]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29746]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29743]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29828]: Successful su for rubyman by root
Oct 14 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29828]: + ??? root:rubyman
Oct 14 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408722 of user rubyman.
Oct 14 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29828]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408722.
Oct 14 02:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25721]: pam_unix(cron:session): session closed for user root
Oct 14 02:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29744]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: Invalid user apache from 209.38.110.157
Oct 14 02:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: input_userauth_request: invalid user apache [preauth]
Oct 14 02:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: Failed password for invalid user apache from 209.38.110.157 port 43154 ssh2
Oct 14 02:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: Connection closed by 209.38.110.157 port 43154 [preauth]
Oct 14 02:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28366]: pam_unix(cron:session): session closed for user root
Oct 14 02:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2  user=root
Oct 14 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30280]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30279]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30281]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30278]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30278]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: Failed password for root from 190.128.241.2 port 41316 ssh2
Oct 14 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: Received disconnect from 190.128.241.2 port 41316:11: Bye Bye [preauth]
Oct 14 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: Disconnected from 190.128.241.2 port 41316 [preauth]
Oct 14 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30372]: Successful su for rubyman by root
Oct 14 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30372]: + ??? root:rubyman
Oct 14 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30372]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408726 of user rubyman.
Oct 14 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30372]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408726.
Oct 14 02:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26315]: pam_unix(cron:session): session closed for user root
Oct 14 02:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: Invalid user apache from 209.38.110.157
Oct 14 02:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: input_userauth_request: invalid user apache [preauth]
Oct 14 02:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: Failed password for invalid user apache from 209.38.110.157 port 44004 ssh2
Oct 14 02:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30674]: Connection closed by 209.38.110.157 port 44004 [preauth]
Oct 14 02:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30279]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29241]: pam_unix(cron:session): session closed for user root
Oct 14 02:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 02:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: Failed password for root from 196.251.84.92 port 55924 ssh2
Oct 14 02:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30831]: Connection closed by 196.251.84.92 port 55924 [preauth]
Oct 14 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30848]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30850]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30846]: pam_unix(cron:session): session closed for user p13x
Oct 14 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30918]: Successful su for rubyman by root
Oct 14 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30918]: + ??? root:rubyman
Oct 14 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408731 of user rubyman.
Oct 14 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30918]: pam_unix(su:session): session closed for user rubyman
Oct 14 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408731.
Oct 14 02:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31048]: Invalid user apache from 209.38.110.157
Oct 14 02:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31048]: input_userauth_request: invalid user apache [preauth]
Oct 14 02:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31048]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 02:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26977]: pam_unix(cron:session): session closed for user root
Oct 14 02:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31048]: Failed password for invalid user apache from 209.38.110.157 port 40382 ssh2
Oct 14 02:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31048]: Connection closed by 209.38.110.157 port 40382 [preauth]
Oct 14 02:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30847]: pam_unix(cron:session): session closed for user samftp
Oct 14 02:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 02:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: Invalid user danilo from 20.163.71.109
Oct 14 02:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: input_userauth_request: invalid user danilo [preauth]
Oct 14 02:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 02:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 02:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: Failed password for invalid user danilo from 20.163.71.109 port 43044 ssh2
Oct 14 02:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: Connection closed by 20.163.71.109 port 43044 [preauth]
Oct 14 02:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29747]: pam_unix(cron:session): session closed for user root
Oct 14 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31340]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31338]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31336]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31341]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31339]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31337]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31335]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31341]: pam_unix(cron:session): session closed for user root
Oct 14 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31337]: pam_unix(cron:session): session closed for user root
Oct 14 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31335]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31505]: Successful su for rubyman by root
Oct 14 03:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31505]: + ??? root:rubyman
Oct 14 03:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408733 of user rubyman.
Oct 14 03:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31505]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408733.
Oct 14 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: Invalid user apache from 209.38.110.157
Oct 14 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: input_userauth_request: invalid user apache [preauth]
Oct 14 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.38.110.157
Oct 14 03:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: Failed password for invalid user apache from 209.38.110.157 port 35024 ssh2
Oct 14 03:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31663]: Connection closed by 209.38.110.157 port 35024 [preauth]
Oct 14 03:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31338]: pam_unix(cron:session): session closed for user root
Oct 14 03:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27874]: pam_unix(cron:session): session closed for user root
Oct 14 03:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31336]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: Invalid user myuser from 190.128.241.2
Oct 14 03:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: input_userauth_request: invalid user myuser [preauth]
Oct 14 03:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: Failed password for invalid user myuser from 190.128.241.2 port 45308 ssh2
Oct 14 03:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: Received disconnect from 190.128.241.2 port 45308:11: Bye Bye [preauth]
Oct 14 03:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31902]: Disconnected from 190.128.241.2 port 45308 [preauth]
Oct 14 03:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30281]: pam_unix(cron:session): session closed for user root
Oct 14 03:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 03:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31938]: Failed password for root from 196.251.84.140 port 38076 ssh2
Oct 14 03:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31938]: Connection closed by 196.251.84.140 port 38076 [preauth]
Oct 14 03:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 03:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: Failed password for root from 196.251.84.92 port 53290 ssh2
Oct 14 03:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: Connection closed by 196.251.84.92 port 53290 [preauth]
Oct 14 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32090]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32091]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32083]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32243]: Successful su for rubyman by root
Oct 14 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32243]: + ??? root:rubyman
Oct 14 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32243]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408739 of user rubyman.
Oct 14 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32243]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408739.
Oct 14 03:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28364]: pam_unix(cron:session): session closed for user root
Oct 14 03:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32086]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30850]: pam_unix(cron:session): session closed for user root
Oct 14 03:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32629]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32628]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32625]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: Invalid user dockeruser from 190.128.241.2
Oct 14 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: input_userauth_request: invalid user dockeruser [preauth]
Oct 14 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32699]: Successful su for rubyman by root
Oct 14 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32699]: + ??? root:rubyman
Oct 14 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408745 of user rubyman.
Oct 14 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32699]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408745.
Oct 14 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: Failed password for invalid user dockeruser from 190.128.241.2 port 50962 ssh2
Oct 14 03:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: Received disconnect from 190.128.241.2 port 50962:11: Bye Bye [preauth]
Oct 14 03:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32621]: Disconnected from 190.128.241.2 port 50962 [preauth]
Oct 14 03:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29240]: pam_unix(cron:session): session closed for user root
Oct 14 03:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32626]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31340]: pam_unix(cron:session): session closed for user root
Oct 14 03:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 03:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: Failed password for root from 196.251.84.92 port 46336 ssh2
Oct 14 03:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[609]: Connection closed by 196.251.84.92 port 46336 [preauth]
Oct 14 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[633]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[632]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[630]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[707]: Successful su for rubyman by root
Oct 14 03:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[707]: + ??? root:rubyman
Oct 14 03:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408748 of user rubyman.
Oct 14 03:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[707]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408748.
Oct 14 03:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29746]: pam_unix(cron:session): session closed for user root
Oct 14 03:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[631]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: Invalid user oracle from 190.128.241.2
Oct 14 03:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: input_userauth_request: invalid user oracle [preauth]
Oct 14 03:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32091]: pam_unix(cron:session): session closed for user root
Oct 14 03:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: Failed password for invalid user oracle from 190.128.241.2 port 37370 ssh2
Oct 14 03:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: Received disconnect from 190.128.241.2 port 37370:11: Bye Bye [preauth]
Oct 14 03:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: Disconnected from 190.128.241.2 port 37370 [preauth]
Oct 14 03:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1194]: Received disconnect from 193.46.255.103 port 63934:11:  [preauth]
Oct 14 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1194]: Disconnected from 193.46.255.103 port 63934 [preauth]
Oct 14 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1201]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1202]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1198]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1198]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1276]: Successful su for rubyman by root
Oct 14 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1276]: + ??? root:rubyman
Oct 14 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1276]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408753 of user rubyman.
Oct 14 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1276]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408753.
Oct 14 03:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30280]: pam_unix(cron:session): session closed for user root
Oct 14 03:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1200]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 03:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1573]: Failed password for root from 196.251.84.140 port 49978 ssh2
Oct 14 03:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32629]: pam_unix(cron:session): session closed for user root
Oct 14 03:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1573]: Connection closed by 196.251.84.140 port 49978 [preauth]
Oct 14 03:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 03:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1662]: Failed password for root from 196.251.84.92 port 37980 ssh2
Oct 14 03:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1662]: Connection closed by 196.251.84.92 port 37980 [preauth]
Oct 14 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1724]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1710]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1711]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1725]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1725]: pam_unix(cron:session): session closed for user root
Oct 14 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1706]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1799]: Successful su for rubyman by root
Oct 14 03:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1799]: + ??? root:rubyman
Oct 14 03:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408755 of user rubyman.
Oct 14 03:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1799]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408755.
Oct 14 03:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1710]: pam_unix(cron:session): session closed for user root
Oct 14 03:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30848]: pam_unix(cron:session): session closed for user root
Oct 14 03:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: Invalid user oracle from 190.128.241.2
Oct 14 03:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: input_userauth_request: invalid user oracle [preauth]
Oct 14 03:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: Failed password for invalid user oracle from 190.128.241.2 port 52402 ssh2
Oct 14 03:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: Received disconnect from 190.128.241.2 port 52402:11: Bye Bye [preauth]
Oct 14 03:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: Disconnected from 190.128.241.2 port 52402 [preauth]
Oct 14 03:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[633]: pam_unix(cron:session): session closed for user root
Oct 14 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2312]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2311]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2309]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2384]: Successful su for rubyman by root
Oct 14 03:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2384]: + ??? root:rubyman
Oct 14 03:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408762 of user rubyman.
Oct 14 03:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2384]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408762.
Oct 14 03:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31339]: pam_unix(cron:session): session closed for user root
Oct 14 03:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2310]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1202]: pam_unix(cron:session): session closed for user root
Oct 14 03:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 03:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: Failed password for root from 196.251.84.92 port 56822 ssh2
Oct 14 03:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: Connection closed by 196.251.84.92 port 56822 [preauth]
Oct 14 03:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: Invalid user sol from 190.128.241.2
Oct 14 03:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: input_userauth_request: invalid user sol [preauth]
Oct 14 03:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: Failed password for invalid user sol from 190.128.241.2 port 55762 ssh2
Oct 14 03:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: Received disconnect from 190.128.241.2 port 55762:11: Bye Bye [preauth]
Oct 14 03:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: Disconnected from 190.128.241.2 port 55762 [preauth]
Oct 14 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2764]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2765]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2763]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2762]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2762]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2839]: Successful su for rubyman by root
Oct 14 03:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2839]: + ??? root:rubyman
Oct 14 03:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408765 of user rubyman.
Oct 14 03:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2839]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408765.
Oct 14 03:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32090]: pam_unix(cron:session): session closed for user root
Oct 14 03:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2763]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1724]: pam_unix(cron:session): session closed for user root
Oct 14 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3212]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3211]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3209]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3288]: Successful su for rubyman by root
Oct 14 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3288]: + ??? root:rubyman
Oct 14 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408769 of user rubyman.
Oct 14 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3288]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408769.
Oct 14 03:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32628]: pam_unix(cron:session): session closed for user root
Oct 14 03:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3210]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 03:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 03:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: Failed password for root from 196.251.84.140 port 55562 ssh2
Oct 14 03:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: Connection closed by 196.251.84.140 port 55562 [preauth]
Oct 14 03:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: Failed password for root from 196.251.84.92 port 46998 ssh2
Oct 14 03:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3596]: Connection closed by 196.251.84.92 port 46998 [preauth]
Oct 14 03:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: Invalid user django from 190.128.241.2
Oct 14 03:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: input_userauth_request: invalid user django [preauth]
Oct 14 03:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: Failed password for invalid user django from 190.128.241.2 port 53992 ssh2
Oct 14 03:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: Received disconnect from 190.128.241.2 port 53992:11: Bye Bye [preauth]
Oct 14 03:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3598]: Disconnected from 190.128.241.2 port 53992 [preauth]
Oct 14 03:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2312]: pam_unix(cron:session): session closed for user root
Oct 14 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3685]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3687]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3679]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3683]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3870]: Successful su for rubyman by root
Oct 14 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3870]: + ??? root:rubyman
Oct 14 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408774 of user rubyman.
Oct 14 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3870]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408774.
Oct 14 03:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3679]: pam_unix(cron:session): session closed for user root
Oct 14 03:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[632]: pam_unix(cron:session): session closed for user root
Oct 14 03:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3684]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2765]: pam_unix(cron:session): session closed for user root
Oct 14 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4315]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4313]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4314]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4312]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4315]: pam_unix(cron:session): session closed for user root
Oct 14 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4309]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4387]: Successful su for rubyman by root
Oct 14 03:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4387]: + ??? root:rubyman
Oct 14 03:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408781 of user rubyman.
Oct 14 03:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4387]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408781.
Oct 14 03:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4312]: pam_unix(cron:session): session closed for user root
Oct 14 03:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 14 03:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1201]: pam_unix(cron:session): session closed for user root
Oct 14 03:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: Failed password for root from 62.60.131.157 port 61714 ssh2
Oct 14 03:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: Failed password for root from 62.60.131.157 port 61714 ssh2
Oct 14 03:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: Invalid user radio from 190.128.241.2
Oct 14 03:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: input_userauth_request: invalid user radio [preauth]
Oct 14 03:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: Failed password for root from 62.60.131.157 port 61714 ssh2
Oct 14 03:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: Failed password for invalid user radio from 190.128.241.2 port 40630 ssh2
Oct 14 03:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: Received disconnect from 190.128.241.2 port 40630:11: Bye Bye [preauth]
Oct 14 03:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: Disconnected from 190.128.241.2 port 40630 [preauth]
Oct 14 03:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4311]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: Failed password for root from 62.60.131.157 port 61714 ssh2
Oct 14 03:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: Failed password for root from 62.60.131.157 port 61714 ssh2
Oct 14 03:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: Received disconnect from 62.60.131.157 port 61714:11: Bye [preauth]
Oct 14 03:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: Disconnected from 62.60.131.157 port 61714 [preauth]
Oct 14 03:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 14 03:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4522]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 03:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 03:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: Failed password for root from 196.251.84.92 port 36268 ssh2
Oct 14 03:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: Connection closed by 196.251.84.92 port 36268 [preauth]
Oct 14 03:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3212]: pam_unix(cron:session): session closed for user root
Oct 14 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4845]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4843]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4841]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5105]: Successful su for rubyman by root
Oct 14 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5105]: + ??? root:rubyman
Oct 14 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408785 of user rubyman.
Oct 14 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5105]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408785.
Oct 14 03:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1711]: pam_unix(cron:session): session closed for user root
Oct 14 03:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4842]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3687]: pam_unix(cron:session): session closed for user root
Oct 14 03:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5808]: Invalid user django from 190.128.241.2
Oct 14 03:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5808]: input_userauth_request: invalid user django [preauth]
Oct 14 03:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5808]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5808]: Failed password for invalid user django from 190.128.241.2 port 60566 ssh2
Oct 14 03:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5808]: Received disconnect from 190.128.241.2 port 60566:11: Bye Bye [preauth]
Oct 14 03:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5808]: Disconnected from 190.128.241.2 port 60566 [preauth]
Oct 14 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5816]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5815]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5813]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5893]: Successful su for rubyman by root
Oct 14 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5893]: + ??? root:rubyman
Oct 14 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408789 of user rubyman.
Oct 14 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5893]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408789.
Oct 14 03:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2311]: pam_unix(cron:session): session closed for user root
Oct 14 03:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 03:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6091]: Failed password for root from 196.251.84.92 port 53622 ssh2
Oct 14 03:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5814]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6091]: Connection closed by 196.251.84.92 port 53622 [preauth]
Oct 14 03:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 03:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6116]: Failed password for root from 196.251.84.140 port 34390 ssh2
Oct 14 03:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6116]: Connection closed by 196.251.84.140 port 34390 [preauth]
Oct 14 03:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4314]: pam_unix(cron:session): session closed for user root
Oct 14 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6279]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6281]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6280]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6347]: Successful su for rubyman by root
Oct 14 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6347]: + ??? root:rubyman
Oct 14 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6347]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408793 of user rubyman.
Oct 14 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6347]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408793.
Oct 14 03:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2764]: pam_unix(cron:session): session closed for user root
Oct 14 03:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6279]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4845]: pam_unix(cron:session): session closed for user root
Oct 14 03:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Invalid user admin1 from 190.128.241.2
Oct 14 03:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: input_userauth_request: invalid user admin1 [preauth]
Oct 14 03:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Failed password for invalid user admin1 from 190.128.241.2 port 34546 ssh2
Oct 14 03:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Received disconnect from 190.128.241.2 port 34546:11: Bye Bye [preauth]
Oct 14 03:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Disconnected from 190.128.241.2 port 34546 [preauth]
Oct 14 03:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6831]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6832]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6829]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6908]: Successful su for rubyman by root
Oct 14 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6908]: + ??? root:rubyman
Oct 14 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408798 of user rubyman.
Oct 14 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6908]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408798.
Oct 14 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: Failed password for root from 196.251.84.92 port 42020 ssh2
Oct 14 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: Connection closed by 196.251.84.92 port 42020 [preauth]
Oct 14 03:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3211]: pam_unix(cron:session): session closed for user root
Oct 14 03:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6830]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: Invalid user admin from 2.57.121.112
Oct 14 03:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 03:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: Failed password for invalid user admin from 2.57.121.112 port 61849 ssh2
Oct 14 03:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5816]: pam_unix(cron:session): session closed for user root
Oct 14 03:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: Failed password for invalid user admin from 2.57.121.112 port 61849 ssh2
Oct 14 03:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: Failed password for invalid user admin from 2.57.121.112 port 61849 ssh2
Oct 14 03:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: Failed password for invalid user admin from 2.57.121.112 port 61849 ssh2
Oct 14 03:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: Failed password for invalid user admin from 2.57.121.112 port 61849 ssh2
Oct 14 03:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: Received disconnect from 2.57.121.112 port 61849:11: Bye [preauth]
Oct 14 03:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: Disconnected from 2.57.121.112 port 61849 [preauth]
Oct 14 03:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 03:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7402]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7404]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7403]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7401]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7404]: pam_unix(cron:session): session closed for user root
Oct 14 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7399]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7481]: Successful su for rubyman by root
Oct 14 03:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7481]: + ??? root:rubyman
Oct 14 03:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408802 of user rubyman.
Oct 14 03:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7481]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408802.
Oct 14 03:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7584]: Bad protocol version identification '\026\003\001' from 195.178.110.15 port 41920
Oct 14 03:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7585]: Bad protocol version identification 'GET / HTTP/1.1' from 195.178.110.15 port 41932
Oct 14 03:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7401]: pam_unix(cron:session): session closed for user root
Oct 14 03:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3685]: pam_unix(cron:session): session closed for user root
Oct 14 03:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7400]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7758]: Invalid user odoo from 190.128.241.2
Oct 14 03:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7758]: input_userauth_request: invalid user odoo [preauth]
Oct 14 03:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7758]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7758]: Failed password for invalid user odoo from 190.128.241.2 port 55850 ssh2
Oct 14 03:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7758]: Received disconnect from 190.128.241.2 port 55850:11: Bye Bye [preauth]
Oct 14 03:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7758]: Disconnected from 190.128.241.2 port 55850 [preauth]
Oct 14 03:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6281]: pam_unix(cron:session): session closed for user root
Oct 14 03:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 03:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Failed password for root from 196.251.84.92 port 58360 ssh2
Oct 14 03:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Connection closed by 196.251.84.92 port 58360 [preauth]
Oct 14 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8326]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8323]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8321]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8424]: Successful su for rubyman by root
Oct 14 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8424]: + ??? root:rubyman
Oct 14 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408806 of user rubyman.
Oct 14 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8424]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408806.
Oct 14 03:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 03:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4313]: pam_unix(cron:session): session closed for user root
Oct 14 03:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8462]: Failed password for root from 196.251.84.140 port 40538 ssh2
Oct 14 03:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8462]: Connection closed by 196.251.84.140 port 40538 [preauth]
Oct 14 03:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8322]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6832]: pam_unix(cron:session): session closed for user root
Oct 14 03:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8919]: Invalid user ts3 from 190.128.241.2
Oct 14 03:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8919]: input_userauth_request: invalid user ts3 [preauth]
Oct 14 03:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8919]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8926]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8925]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8921]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8921]: pam_unix(cron:session): session closed for user root
Oct 14 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8923]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8919]: Failed password for invalid user ts3 from 190.128.241.2 port 39424 ssh2
Oct 14 03:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9008]: Successful su for rubyman by root
Oct 14 03:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9008]: + ??? root:rubyman
Oct 14 03:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408812 of user rubyman.
Oct 14 03:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9008]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408812.
Oct 14 03:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8919]: Received disconnect from 190.128.241.2 port 39424:11: Bye Bye [preauth]
Oct 14 03:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8919]: Disconnected from 190.128.241.2 port 39424 [preauth]
Oct 14 03:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4843]: pam_unix(cron:session): session closed for user root
Oct 14 03:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8924]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7403]: pam_unix(cron:session): session closed for user root
Oct 14 03:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 03:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9460]: Failed password for root from 196.251.84.92 port 47618 ssh2
Oct 14 03:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9460]: Connection closed by 196.251.84.92 port 47618 [preauth]
Oct 14 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9537]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9538]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9535]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9624]: Successful su for rubyman by root
Oct 14 03:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9624]: + ??? root:rubyman
Oct 14 03:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408815 of user rubyman.
Oct 14 03:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9624]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408815.
Oct 14 03:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5815]: pam_unix(cron:session): session closed for user root
Oct 14 03:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9536]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8326]: pam_unix(cron:session): session closed for user root
Oct 14 03:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: Invalid user admin from 190.128.241.2
Oct 14 03:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: Failed password for invalid user admin from 190.128.241.2 port 50247 ssh2
Oct 14 03:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: Received disconnect from 190.128.241.2 port 50247:11: Bye Bye [preauth]
Oct 14 03:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: Disconnected from 190.128.241.2 port 50247 [preauth]
Oct 14 03:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.160.96  user=root
Oct 14 03:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: Failed password for root from 94.177.160.96 port 33734 ssh2
Oct 14 03:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10119]: Connection closed by 94.177.160.96 port 33734 [preauth]
Oct 14 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10151]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10150]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10147]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10232]: Successful su for rubyman by root
Oct 14 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10232]: + ??? root:rubyman
Oct 14 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408820 of user rubyman.
Oct 14 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10232]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408820.
Oct 14 03:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6280]: pam_unix(cron:session): session closed for user root
Oct 14 03:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10148]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=root
Oct 14 03:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: Failed password for root from 196.251.84.92 port 35554 ssh2
Oct 14 03:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: Connection closed by 196.251.84.92 port 35554 [preauth]
Oct 14 03:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8926]: pam_unix(cron:session): session closed for user root
Oct 14 03:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10651]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10649]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10655]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10654]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10652]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10648]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10655]: pam_unix(cron:session): session closed for user root
Oct 14 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10648]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 03:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10734]: Successful su for rubyman by root
Oct 14 03:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10734]: + ??? root:rubyman
Oct 14 03:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10734]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408823 of user rubyman.
Oct 14 03:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10734]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408823.
Oct 14 03:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: Failed password for root from 196.251.84.140 port 47108 ssh2
Oct 14 03:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: Connection closed by 196.251.84.140 port 47108 [preauth]
Oct 14 03:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10651]: pam_unix(cron:session): session closed for user root
Oct 14 03:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6831]: pam_unix(cron:session): session closed for user root
Oct 14 03:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10649]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: Invalid user ansible from 190.128.241.2
Oct 14 03:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: input_userauth_request: invalid user ansible [preauth]
Oct 14 03:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: Failed password for invalid user ansible from 190.128.241.2 port 40318 ssh2
Oct 14 03:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: Received disconnect from 190.128.241.2 port 40318:11: Bye Bye [preauth]
Oct 14 03:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: Disconnected from 190.128.241.2 port 40318 [preauth]
Oct 14 03:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9538]: pam_unix(cron:session): session closed for user root
Oct 14 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11134]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11132]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11133]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11130]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11213]: Successful su for rubyman by root
Oct 14 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11213]: + ??? root:rubyman
Oct 14 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408830 of user rubyman.
Oct 14 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11213]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408830.
Oct 14 03:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7402]: pam_unix(cron:session): session closed for user root
Oct 14 03:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11132]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Invalid user admin from 196.251.84.92
Oct 14 03:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Failed password for invalid user admin from 196.251.84.92 port 51220 ssh2
Oct 14 03:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Connection closed by 196.251.84.92 port 51220 [preauth]
Oct 14 03:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10151]: pam_unix(cron:session): session closed for user root
Oct 14 03:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: Invalid user testuser from 190.128.241.2
Oct 14 03:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: input_userauth_request: invalid user testuser [preauth]
Oct 14 03:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: Failed password for invalid user testuser from 190.128.241.2 port 44786 ssh2
Oct 14 03:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: Received disconnect from 190.128.241.2 port 44786:11: Bye Bye [preauth]
Oct 14 03:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11601]: Disconnected from 190.128.241.2 port 44786 [preauth]
Oct 14 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11624]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11622]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11614]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11787]: Successful su for rubyman by root
Oct 14 03:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11787]: + ??? root:rubyman
Oct 14 03:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408833 of user rubyman.
Oct 14 03:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11787]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408833.
Oct 14 03:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8323]: pam_unix(cron:session): session closed for user root
Oct 14 03:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11615]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10654]: pam_unix(cron:session): session closed for user root
Oct 14 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12189]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12188]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12185]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12267]: Successful su for rubyman by root
Oct 14 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12267]: + ??? root:rubyman
Oct 14 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408837 of user rubyman.
Oct 14 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12267]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408837.
Oct 14 03:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8925]: pam_unix(cron:session): session closed for user root
Oct 14 03:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: Invalid user admin from 196.251.84.92
Oct 14 03:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: Failed password for invalid user admin from 196.251.84.92 port 37928 ssh2
Oct 14 03:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12449]: Connection closed by 196.251.84.92 port 37928 [preauth]
Oct 14 03:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12187]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: Invalid user devuser from 190.128.241.2
Oct 14 03:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: input_userauth_request: invalid user devuser [preauth]
Oct 14 03:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: Failed password for invalid user devuser from 190.128.241.2 port 39772 ssh2
Oct 14 03:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: Received disconnect from 190.128.241.2 port 39772:11: Bye Bye [preauth]
Oct 14 03:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: Disconnected from 190.128.241.2 port 39772 [preauth]
Oct 14 03:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11134]: pam_unix(cron:session): session closed for user root
Oct 14 03:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 03:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Failed password for root from 196.251.84.140 port 54350 ssh2
Oct 14 03:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Connection closed by 196.251.84.140 port 54350 [preauth]
Oct 14 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12692]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12694]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12689]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12762]: Successful su for rubyman by root
Oct 14 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12762]: + ??? root:rubyman
Oct 14 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12762]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408841 of user rubyman.
Oct 14 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12762]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408841.
Oct 14 03:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9537]: pam_unix(cron:session): session closed for user root
Oct 14 03:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12691]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11624]: pam_unix(cron:session): session closed for user root
Oct 14 03:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13177]: Invalid user admin from 196.251.84.92
Oct 14 03:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13177]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13177]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13177]: Failed password for invalid user admin from 196.251.84.92 port 52302 ssh2
Oct 14 03:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13177]: Connection closed by 196.251.84.92 port 52302 [preauth]
Oct 14 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13196]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13194]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13199]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13195]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13199]: pam_unix(cron:session): session closed for user root
Oct 14 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13192]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13393]: Successful su for rubyman by root
Oct 14 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13393]: + ??? root:rubyman
Oct 14 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408846 of user rubyman.
Oct 14 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13393]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408846.
Oct 14 03:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10150]: pam_unix(cron:session): session closed for user root
Oct 14 03:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13194]: pam_unix(cron:session): session closed for user root
Oct 14 03:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13193]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: Invalid user ubuntu from 190.128.241.2
Oct 14 03:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 03:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: Failed password for invalid user ubuntu from 190.128.241.2 port 41168 ssh2
Oct 14 03:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: Received disconnect from 190.128.241.2 port 41168:11: Bye Bye [preauth]
Oct 14 03:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13661]: Disconnected from 190.128.241.2 port 41168 [preauth]
Oct 14 03:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12189]: pam_unix(cron:session): session closed for user root
Oct 14 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13834]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13833]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13829]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13913]: Successful su for rubyman by root
Oct 14 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13913]: + ??? root:rubyman
Oct 14 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408851 of user rubyman.
Oct 14 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13913]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408851.
Oct 14 03:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10652]: pam_unix(cron:session): session closed for user root
Oct 14 03:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13831]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 03:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: Failed password for root from 80.211.129.128 port 34804 ssh2
Oct 14 03:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: Connection closed by 80.211.129.128 port 34804 [preauth]
Oct 14 03:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12694]: pam_unix(cron:session): session closed for user root
Oct 14 03:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: Invalid user admin from 196.251.84.92
Oct 14 03:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: Failed password for invalid user admin from 196.251.84.92 port 37108 ssh2
Oct 14 03:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: Connection closed by 196.251.84.92 port 37108 [preauth]
Oct 14 03:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: Bad protocol version identification '\026\003\001' from 93.123.109.214 port 46838
Oct 14 03:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14365]: Bad protocol version identification 'GET / HTTP/1.1' from 93.123.109.214 port 46840
Oct 14 03:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14381]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14382]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: Invalid user weblogic from 190.128.241.2
Oct 14 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: input_userauth_request: invalid user weblogic [preauth]
Oct 14 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14378]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14443]: Successful su for rubyman by root
Oct 14 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14443]: + ??? root:rubyman
Oct 14 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408855 of user rubyman.
Oct 14 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14443]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408855.
Oct 14 03:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: Failed password for invalid user weblogic from 190.128.241.2 port 32870 ssh2
Oct 14 03:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: Received disconnect from 190.128.241.2 port 32870:11: Bye Bye [preauth]
Oct 14 03:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14367]: Disconnected from 190.128.241.2 port 32870 [preauth]
Oct 14 03:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11133]: pam_unix(cron:session): session closed for user root
Oct 14 03:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14380]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13196]: pam_unix(cron:session): session closed for user root
Oct 14 03:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 03:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: Failed password for root from 196.251.84.140 port 33940 ssh2
Oct 14 03:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: Connection closed by 196.251.84.140 port 33940 [preauth]
Oct 14 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14843]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14842]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14833]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14915]: Successful su for rubyman by root
Oct 14 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14915]: + ??? root:rubyman
Oct 14 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14915]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408859 of user rubyman.
Oct 14 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14915]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408859.
Oct 14 03:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11622]: pam_unix(cron:session): session closed for user root
Oct 14 03:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14834]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15259]: Invalid user admin from 196.251.84.92
Oct 14 03:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15259]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15259]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15259]: Failed password for invalid user admin from 196.251.84.92 port 49786 ssh2
Oct 14 03:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15259]: Connection closed by 196.251.84.92 port 49786 [preauth]
Oct 14 03:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13834]: pam_unix(cron:session): session closed for user root
Oct 14 03:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: User backup from 190.128.241.2 not allowed because not listed in AllowUsers
Oct 14 03:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: input_userauth_request: invalid user backup [preauth]
Oct 14 03:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2  user=backup
Oct 14 03:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Failed password for invalid user backup from 190.128.241.2 port 60228 ssh2
Oct 14 03:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Received disconnect from 190.128.241.2 port 60228:11: Bye Bye [preauth]
Oct 14 03:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Disconnected from 190.128.241.2 port 60228 [preauth]
Oct 14 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15411]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15410]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15408]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15471]: Successful su for rubyman by root
Oct 14 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15471]: + ??? root:rubyman
Oct 14 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408863 of user rubyman.
Oct 14 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15471]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408863.
Oct 14 03:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12188]: pam_unix(cron:session): session closed for user root
Oct 14 03:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15409]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14382]: pam_unix(cron:session): session closed for user root
Oct 14 03:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Invalid user admin from 196.251.84.92
Oct 14 03:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15857]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15856]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15859]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15860]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15860]: pam_unix(cron:session): session closed for user root
Oct 14 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15854]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Failed password for invalid user admin from 196.251.84.92 port 33746 ssh2
Oct 14 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Connection closed by 196.251.84.92 port 33746 [preauth]
Oct 14 03:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15930]: Successful su for rubyman by root
Oct 14 03:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15930]: + ??? root:rubyman
Oct 14 03:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15930]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408870 of user rubyman.
Oct 14 03:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15930]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408870.
Oct 14 03:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12692]: pam_unix(cron:session): session closed for user root
Oct 14 03:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15856]: pam_unix(cron:session): session closed for user root
Oct 14 03:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15855]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: Invalid user sysadmin from 190.128.241.2
Oct 14 03:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: input_userauth_request: invalid user sysadmin [preauth]
Oct 14 03:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: Failed password for invalid user sysadmin from 190.128.241.2 port 41970 ssh2
Oct 14 03:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: Received disconnect from 190.128.241.2 port 41970:11: Bye Bye [preauth]
Oct 14 03:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: Disconnected from 190.128.241.2 port 41970 [preauth]
Oct 14 03:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14843]: pam_unix(cron:session): session closed for user root
Oct 14 03:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.171.177  user=root
Oct 14 03:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: Failed password for root from 94.177.171.177 port 46592 ssh2
Oct 14 03:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: Connection closed by 94.177.171.177 port 46592 [preauth]
Oct 14 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16363]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16362]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16359]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16438]: Successful su for rubyman by root
Oct 14 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16438]: + ??? root:rubyman
Oct 14 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16438]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408874 of user rubyman.
Oct 14 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16438]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408874.
Oct 14 03:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13195]: pam_unix(cron:session): session closed for user root
Oct 14 03:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16361]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 03:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: Failed password for root from 196.251.84.140 port 40264 ssh2
Oct 14 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: Connection closed by 196.251.84.140 port 40264 [preauth]
Oct 14 03:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15411]: pam_unix(cron:session): session closed for user root
Oct 14 03:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: Invalid user admin from 196.251.84.92
Oct 14 03:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: Failed password for invalid user admin from 196.251.84.92 port 45168 ssh2
Oct 14 03:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16779]: Connection closed by 196.251.84.92 port 45168 [preauth]
Oct 14 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16840]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16839]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16837]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16908]: Successful su for rubyman by root
Oct 14 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16908]: + ??? root:rubyman
Oct 14 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408878 of user rubyman.
Oct 14 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16908]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408878.
Oct 14 03:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2  user=root
Oct 14 03:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: Failed password for root from 190.128.241.2 port 52324 ssh2
Oct 14 03:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: Received disconnect from 190.128.241.2 port 52324:11: Bye Bye [preauth]
Oct 14 03:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: Disconnected from 190.128.241.2 port 52324 [preauth]
Oct 14 03:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13833]: pam_unix(cron:session): session closed for user root
Oct 14 03:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16838]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 14 03:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17173]: Failed password for root from 190.103.202.7 port 51102 ssh2
Oct 14 03:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17173]: Connection closed by 190.103.202.7 port 51102 [preauth]
Oct 14 03:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15859]: pam_unix(cron:session): session closed for user root
Oct 14 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17302]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17303]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17375]: Successful su for rubyman by root
Oct 14 03:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17375]: + ??? root:rubyman
Oct 14 03:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408882 of user rubyman.
Oct 14 03:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17375]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408882.
Oct 14 03:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14381]: pam_unix(cron:session): session closed for user root
Oct 14 03:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17299]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: Invalid user admin from 196.251.84.92
Oct 14 03:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: Failed password for invalid user admin from 196.251.84.92 port 56302 ssh2
Oct 14 03:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: Connection closed by 196.251.84.92 port 56302 [preauth]
Oct 14 03:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16363]: pam_unix(cron:session): session closed for user root
Oct 14 03:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17724]: Invalid user debian from 190.128.241.2
Oct 14 03:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17724]: input_userauth_request: invalid user debian [preauth]
Oct 14 03:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17724]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.128.241.2
Oct 14 03:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17724]: Failed password for invalid user debian from 190.128.241.2 port 55990 ssh2
Oct 14 03:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17724]: Received disconnect from 190.128.241.2 port 55990:11: Bye Bye [preauth]
Oct 14 03:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17724]: Disconnected from 190.128.241.2 port 55990 [preauth]
Oct 14 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17819]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17813]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17801]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17913]: Successful su for rubyman by root
Oct 14 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17913]: + ??? root:rubyman
Oct 14 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408885 of user rubyman.
Oct 14 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17913]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408885.
Oct 14 03:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14842]: pam_unix(cron:session): session closed for user root
Oct 14 03:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 14 03:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18244]: Failed password for root from 164.68.105.9 port 54636 ssh2
Oct 14 03:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18244]: Connection closed by 164.68.105.9 port 54636 [preauth]
Oct 14 03:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17806]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16840]: pam_unix(cron:session): session closed for user root
Oct 14 03:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18542]: Invalid user admin from 196.251.84.92
Oct 14 03:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18542]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18542]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18553]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18554]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18551]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18550]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18554]: pam_unix(cron:session): session closed for user root
Oct 14 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18546]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18542]: Failed password for invalid user admin from 196.251.84.92 port 38760 ssh2
Oct 14 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18542]: Connection closed by 196.251.84.92 port 38760 [preauth]
Oct 14 03:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18640]: Successful su for rubyman by root
Oct 14 03:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18640]: + ??? root:rubyman
Oct 14 03:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408889 of user rubyman.
Oct 14 03:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18640]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408889.
Oct 14 03:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18550]: pam_unix(cron:session): session closed for user root
Oct 14 03:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15410]: pam_unix(cron:session): session closed for user root
Oct 14 03:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18547]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 03:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: Failed password for root from 196.251.84.140 port 45212 ssh2
Oct 14 03:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18866]: Connection closed by 196.251.84.140 port 45212 [preauth]
Oct 14 03:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17303]: pam_unix(cron:session): session closed for user root
Oct 14 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19197]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19200]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19194]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19313]: Successful su for rubyman by root
Oct 14 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19313]: + ??? root:rubyman
Oct 14 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408898 of user rubyman.
Oct 14 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19313]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408898.
Oct 14 03:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15857]: pam_unix(cron:session): session closed for user root
Oct 14 03:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19196]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17819]: pam_unix(cron:session): session closed for user root
Oct 14 03:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19961]: Invalid user admin from 196.251.84.92
Oct 14 03:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19961]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19961]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19961]: Failed password for invalid user admin from 196.251.84.92 port 47684 ssh2
Oct 14 03:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19961]: Connection closed by 196.251.84.92 port 47684 [preauth]
Oct 14 03:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: Did not receive identification string from 196.251.114.29
Oct 14 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20038]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20037]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20035]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20119]: Successful su for rubyman by root
Oct 14 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20119]: + ??? root:rubyman
Oct 14 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408900 of user rubyman.
Oct 14 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20119]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408900.
Oct 14 03:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16362]: pam_unix(cron:session): session closed for user root
Oct 14 03:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20036]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18553]: pam_unix(cron:session): session closed for user root
Oct 14 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20550]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20551]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20547]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20620]: Successful su for rubyman by root
Oct 14 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20620]: + ??? root:rubyman
Oct 14 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408905 of user rubyman.
Oct 14 03:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20620]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408905.
Oct 14 03:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16839]: pam_unix(cron:session): session closed for user root
Oct 14 03:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: Invalid user admin from 196.251.84.92
Oct 14 03:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20549]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: Failed password for invalid user admin from 196.251.84.92 port 56760 ssh2
Oct 14 03:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: Connection closed by 196.251.84.92 port 56760 [preauth]
Oct 14 03:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19200]: pam_unix(cron:session): session closed for user root
Oct 14 03:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21017]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21018]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21013]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21015]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21191]: Successful su for rubyman by root
Oct 14 03:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21191]: + ??? root:rubyman
Oct 14 03:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408907 of user rubyman.
Oct 14 03:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21191]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408907.
Oct 14 03:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21013]: pam_unix(cron:session): session closed for user root
Oct 14 03:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21190]: Did not receive identification string from 80.211.129.128
Oct 14 03:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 03:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: Failed password for root from 196.251.84.140 port 50302 ssh2
Oct 14 03:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: Connection closed by 196.251.84.140 port 50302 [preauth]
Oct 14 03:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17302]: pam_unix(cron:session): session closed for user root
Oct 14 03:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21016]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: Invalid user socksuser from 115.231.10.56
Oct 14 03:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: input_userauth_request: invalid user socksuser [preauth]
Oct 14 03:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.10.56
Oct 14 03:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20038]: pam_unix(cron:session): session closed for user root
Oct 14 03:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: Failed password for invalid user socksuser from 115.231.10.56 port 34348 ssh2
Oct 14 03:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: Received disconnect from 115.231.10.56 port 34348:11: Bye Bye [preauth]
Oct 14 03:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21551]: Disconnected from 115.231.10.56 port 34348 [preauth]
Oct 14 03:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21623]: Invalid user admin from 196.251.84.92
Oct 14 03:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21623]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21623]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21623]: Failed password for invalid user admin from 196.251.84.92 port 37892 ssh2
Oct 14 03:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21623]: Connection closed by 196.251.84.92 port 37892 [preauth]
Oct 14 03:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: Invalid user hari from 178.128.152.40
Oct 14 03:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: input_userauth_request: invalid user hari [preauth]
Oct 14 03:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 03:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: Failed password for invalid user hari from 178.128.152.40 port 42764 ssh2
Oct 14 03:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: Received disconnect from 178.128.152.40 port 42764:11: Bye Bye [preauth]
Oct 14 03:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: Disconnected from 178.128.152.40 port 42764 [preauth]
Oct 14 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21648]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21644]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21645]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21647]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21648]: pam_unix(cron:session): session closed for user root
Oct 14 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21641]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21735]: Successful su for rubyman by root
Oct 14 03:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21735]: + ??? root:rubyman
Oct 14 03:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408917 of user rubyman.
Oct 14 03:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21735]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408917.
Oct 14 03:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21644]: pam_unix(cron:session): session closed for user root
Oct 14 03:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17813]: pam_unix(cron:session): session closed for user root
Oct 14 03:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: Invalid user connor from 155.4.245.222
Oct 14 03:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: input_userauth_request: invalid user connor [preauth]
Oct 14 03:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 03:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: Failed password for invalid user connor from 155.4.245.222 port 57876 ssh2
Oct 14 03:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: Received disconnect from 155.4.245.222 port 57876:11: Bye Bye [preauth]
Oct 14 03:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: Disconnected from 155.4.245.222 port 57876 [preauth]
Oct 14 03:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21642]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20551]: pam_unix(cron:session): session closed for user root
Oct 14 03:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22092]: Invalid user taylor from 103.55.216.2
Oct 14 03:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22092]: input_userauth_request: invalid user taylor [preauth]
Oct 14 03:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22092]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 03:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22092]: Failed password for invalid user taylor from 103.55.216.2 port 36408 ssh2
Oct 14 03:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22092]: Received disconnect from 103.55.216.2 port 36408:11: Bye Bye [preauth]
Oct 14 03:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22092]: Disconnected from 103.55.216.2 port 36408 [preauth]
Oct 14 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22178]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22176]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22174]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22281]: Successful su for rubyman by root
Oct 14 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22281]: + ??? root:rubyman
Oct 14 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408919 of user rubyman.
Oct 14 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22281]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408919.
Oct 14 03:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18551]: pam_unix(cron:session): session closed for user root
Oct 14 03:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22175]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22526]: Did not receive identification string from 193.32.162.151
Oct 14 03:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: Invalid user admin from 196.251.84.92
Oct 14 03:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: Failed password for invalid user admin from 196.251.84.92 port 46074 ssh2
Oct 14 03:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: Connection closed by 196.251.84.92 port 46074 [preauth]
Oct 14 03:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22563]: Connection reset by 205.210.31.103 port 59608 [preauth]
Oct 14 03:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21018]: pam_unix(cron:session): session closed for user root
Oct 14 03:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40  user=root
Oct 14 03:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Invalid user user from 62.60.131.157
Oct 14 03:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: input_userauth_request: invalid user user [preauth]
Oct 14 03:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 03:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22670]: Failed password for root from 178.128.152.40 port 56252 ssh2
Oct 14 03:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22670]: Received disconnect from 178.128.152.40 port 56252:11: Bye Bye [preauth]
Oct 14 03:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22670]: Disconnected from 178.128.152.40 port 56252 [preauth]
Oct 14 03:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Failed password for invalid user user from 62.60.131.157 port 16102 ssh2
Oct 14 03:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22705]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22701]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22697]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22953]: Successful su for rubyman by root
Oct 14 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22953]: + ??? root:rubyman
Oct 14 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408922 of user rubyman.
Oct 14 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22953]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408922.
Oct 14 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Failed password for invalid user user from 62.60.131.157 port 16102 ssh2
Oct 14 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Failed password for invalid user user from 62.60.131.157 port 16102 ssh2
Oct 14 03:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Failed password for invalid user user from 62.60.131.157 port 16102 ssh2
Oct 14 03:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19197]: pam_unix(cron:session): session closed for user root
Oct 14 03:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Failed password for invalid user user from 62.60.131.157 port 16102 ssh2
Oct 14 03:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Received disconnect from 62.60.131.157 port 16102:11: Bye [preauth]
Oct 14 03:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Disconnected from 62.60.131.157 port 16102 [preauth]
Oct 14 03:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 03:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 03:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22700]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222  user=root
Oct 14 03:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Failed password for root from 155.4.245.222 port 30027 ssh2
Oct 14 03:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Received disconnect from 155.4.245.222 port 30027:11: Bye Bye [preauth]
Oct 14 03:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Disconnected from 155.4.245.222 port 30027 [preauth]
Oct 14 03:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23757]: Invalid user test2 from 103.55.216.2
Oct 14 03:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23757]: input_userauth_request: invalid user test2 [preauth]
Oct 14 03:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23757]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 03:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23757]: Failed password for invalid user test2 from 103.55.216.2 port 49744 ssh2
Oct 14 03:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23757]: Received disconnect from 103.55.216.2 port 49744:11: Bye Bye [preauth]
Oct 14 03:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23757]: Disconnected from 103.55.216.2 port 49744 [preauth]
Oct 14 03:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21647]: pam_unix(cron:session): session closed for user root
Oct 14 03:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 03:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23836]: Failed password for root from 196.251.84.140 port 57728 ssh2
Oct 14 03:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23836]: Connection closed by 196.251.84.140 port 57728 [preauth]
Oct 14 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23864]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23862]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23859]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23935]: Successful su for rubyman by root
Oct 14 03:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23935]: + ??? root:rubyman
Oct 14 03:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408926 of user rubyman.
Oct 14 03:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23935]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408926.
Oct 14 03:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23976]: Invalid user test from 196.251.84.92
Oct 14 03:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23976]: input_userauth_request: invalid user test [preauth]
Oct 14 03:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23976]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23976]: Failed password for invalid user test from 196.251.84.92 port 53202 ssh2
Oct 14 03:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23976]: Connection closed by 196.251.84.92 port 53202 [preauth]
Oct 14 03:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20037]: pam_unix(cron:session): session closed for user root
Oct 14 03:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23860]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40  user=root
Oct 14 03:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24228]: Failed password for root from 178.128.152.40 port 49492 ssh2
Oct 14 03:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24228]: Received disconnect from 178.128.152.40 port 49492:11: Bye Bye [preauth]
Oct 14 03:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24228]: Disconnected from 178.128.152.40 port 49492 [preauth]
Oct 14 03:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22178]: pam_unix(cron:session): session closed for user root
Oct 14 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24383]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24384]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24381]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: Invalid user admin from 2.57.121.25
Oct 14 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 03:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24473]: Successful su for rubyman by root
Oct 14 03:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24473]: + ??? root:rubyman
Oct 14 03:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408931 of user rubyman.
Oct 14 03:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24473]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408931.
Oct 14 03:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: Failed password for invalid user admin from 2.57.121.25 port 15937 ssh2
Oct 14 03:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: Failed password for invalid user admin from 2.57.121.25 port 15937 ssh2
Oct 14 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: Failed password for invalid user admin from 2.57.121.25 port 15937 ssh2
Oct 14 03:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20550]: pam_unix(cron:session): session closed for user root
Oct 14 03:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: Failed password for invalid user admin from 2.57.121.25 port 15937 ssh2
Oct 14 03:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: Failed password for invalid user admin from 2.57.121.25 port 15937 ssh2
Oct 14 03:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: Received disconnect from 2.57.121.25 port 15937:11: Bye [preauth]
Oct 14 03:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: Disconnected from 2.57.121.25 port 15937 [preauth]
Oct 14 03:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 03:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 03:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24701]: Invalid user santhosh from 155.4.245.222
Oct 14 03:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24701]: input_userauth_request: invalid user santhosh [preauth]
Oct 14 03:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24701]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 03:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24382]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24701]: Failed password for invalid user santhosh from 155.4.245.222 port 49640 ssh2
Oct 14 03:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24701]: Received disconnect from 155.4.245.222 port 49640:11: Bye Bye [preauth]
Oct 14 03:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24701]: Disconnected from 155.4.245.222 port 49640 [preauth]
Oct 14 03:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Invalid user elastic from 103.55.216.2
Oct 14 03:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: input_userauth_request: invalid user elastic [preauth]
Oct 14 03:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 03:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Failed password for invalid user elastic from 103.55.216.2 port 33056 ssh2
Oct 14 03:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Received disconnect from 103.55.216.2 port 33056:11: Bye Bye [preauth]
Oct 14 03:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Disconnected from 103.55.216.2 port 33056 [preauth]
Oct 14 03:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24796]: Did not receive identification string from 194.0.234.20
Oct 14 03:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22705]: pam_unix(cron:session): session closed for user root
Oct 14 03:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: Invalid user test from 196.251.84.92
Oct 14 03:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: input_userauth_request: invalid user test [preauth]
Oct 14 03:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24841]: Invalid user bms from 178.128.152.40
Oct 14 03:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24841]: input_userauth_request: invalid user bms [preauth]
Oct 14 03:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24841]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 03:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: Failed password for invalid user test from 196.251.84.92 port 60080 ssh2
Oct 14 03:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: Connection closed by 196.251.84.92 port 60080 [preauth]
Oct 14 03:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24841]: Failed password for invalid user bms from 178.128.152.40 port 45634 ssh2
Oct 14 03:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24841]: Received disconnect from 178.128.152.40 port 45634:11: Bye Bye [preauth]
Oct 14 03:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24841]: Disconnected from 178.128.152.40 port 45634 [preauth]
Oct 14 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24892]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24888]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24891]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24889]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24892]: pam_unix(cron:session): session closed for user root
Oct 14 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24886]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24982]: Successful su for rubyman by root
Oct 14 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24982]: + ??? root:rubyman
Oct 14 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408934 of user rubyman.
Oct 14 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24982]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408934.
Oct 14 03:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24888]: pam_unix(cron:session): session closed for user root
Oct 14 03:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21017]: pam_unix(cron:session): session closed for user root
Oct 14 03:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24887]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23864]: pam_unix(cron:session): session closed for user root
Oct 14 03:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: Invalid user hamza from 178.128.152.40
Oct 14 03:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: input_userauth_request: invalid user hamza [preauth]
Oct 14 03:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 03:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: Invalid user test2 from 155.4.245.222
Oct 14 03:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: input_userauth_request: invalid user test2 [preauth]
Oct 14 03:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 03:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: Failed password for invalid user hamza from 178.128.152.40 port 46978 ssh2
Oct 14 03:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: Received disconnect from 178.128.152.40 port 46978:11: Bye Bye [preauth]
Oct 14 03:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25643]: Disconnected from 178.128.152.40 port 46978 [preauth]
Oct 14 03:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: Failed password for invalid user test2 from 155.4.245.222 port 15946 ssh2
Oct 14 03:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: Received disconnect from 155.4.245.222 port 15946:11: Bye Bye [preauth]
Oct 14 03:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: Disconnected from 155.4.245.222 port 15946 [preauth]
Oct 14 03:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: Invalid user santhosh from 103.55.216.2
Oct 14 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: input_userauth_request: invalid user santhosh [preauth]
Oct 14 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25659]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25658]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25656]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25731]: Successful su for rubyman by root
Oct 14 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25731]: + ??? root:rubyman
Oct 14 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25731]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408940 of user rubyman.
Oct 14 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25731]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408940.
Oct 14 03:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: Failed password for invalid user santhosh from 103.55.216.2 port 56612 ssh2
Oct 14 03:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: Received disconnect from 103.55.216.2 port 56612:11: Bye Bye [preauth]
Oct 14 03:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: Disconnected from 103.55.216.2 port 56612 [preauth]
Oct 14 03:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21645]: pam_unix(cron:session): session closed for user root
Oct 14 03:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: Invalid user test from 196.251.84.92
Oct 14 03:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: input_userauth_request: invalid user test [preauth]
Oct 14 03:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25657]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: Failed password for invalid user test from 196.251.84.92 port 38622 ssh2
Oct 14 03:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: Connection closed by 196.251.84.92 port 38622 [preauth]
Oct 14 03:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24384]: pam_unix(cron:session): session closed for user root
Oct 14 03:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 03:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: Failed password for root from 196.251.84.140 port 35256 ssh2
Oct 14 03:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: Connection closed by 196.251.84.140 port 35256 [preauth]
Oct 14 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26239]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26237]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26235]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26313]: Successful su for rubyman by root
Oct 14 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26313]: + ??? root:rubyman
Oct 14 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408945 of user rubyman.
Oct 14 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26313]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408945.
Oct 14 03:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: Invalid user ubuntu from 178.128.152.40
Oct 14 03:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 03:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 03:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: Failed password for invalid user ubuntu from 178.128.152.40 port 41588 ssh2
Oct 14 03:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: Received disconnect from 178.128.152.40 port 41588:11: Bye Bye [preauth]
Oct 14 03:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: Disconnected from 178.128.152.40 port 41588 [preauth]
Oct 14 03:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22176]: pam_unix(cron:session): session closed for user root
Oct 14 03:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26236]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: Invalid user user03 from 155.4.245.222
Oct 14 03:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: input_userauth_request: invalid user user03 [preauth]
Oct 14 03:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 03:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: Failed password for invalid user user03 from 155.4.245.222 port 16763 ssh2
Oct 14 03:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: Received disconnect from 155.4.245.222 port 16763:11: Bye Bye [preauth]
Oct 14 03:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: Disconnected from 155.4.245.222 port 16763 [preauth]
Oct 14 03:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2  user=root
Oct 14 03:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24891]: pam_unix(cron:session): session closed for user root
Oct 14 03:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: Failed password for root from 103.55.216.2 port 46672 ssh2
Oct 14 03:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: Received disconnect from 103.55.216.2 port 46672:11: Bye Bye [preauth]
Oct 14 03:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: Disconnected from 103.55.216.2 port 46672 [preauth]
Oct 14 03:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: Did not receive identification string from 80.211.129.128
Oct 14 03:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Invalid user test from 196.251.84.92
Oct 14 03:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: input_userauth_request: invalid user test [preauth]
Oct 14 03:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Failed password for invalid user test from 196.251.84.92 port 45202 ssh2
Oct 14 03:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Connection closed by 196.251.84.92 port 45202 [preauth]
Oct 14 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26871]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26872]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26868]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27005]: Successful su for rubyman by root
Oct 14 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27005]: + ??? root:rubyman
Oct 14 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408949 of user rubyman.
Oct 14 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27005]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408949.
Oct 14 03:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22701]: pam_unix(cron:session): session closed for user root
Oct 14 03:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26870]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40  user=root
Oct 14 03:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27377]: Failed password for root from 178.128.152.40 port 48186 ssh2
Oct 14 03:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27377]: Received disconnect from 178.128.152.40 port 48186:11: Bye Bye [preauth]
Oct 14 03:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27377]: Disconnected from 178.128.152.40 port 48186 [preauth]
Oct 14 03:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25659]: pam_unix(cron:session): session closed for user root
Oct 14 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27682]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27683]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27629]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27890]: Successful su for rubyman by root
Oct 14 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27890]: + ??? root:rubyman
Oct 14 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27890]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408953 of user rubyman.
Oct 14 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27890]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408953.
Oct 14 03:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23862]: pam_unix(cron:session): session closed for user root
Oct 14 03:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222  user=root
Oct 14 03:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Failed password for root from 155.4.245.222 port 27733 ssh2
Oct 14 03:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Received disconnect from 155.4.245.222 port 27733:11: Bye Bye [preauth]
Oct 14 03:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Disconnected from 155.4.245.222 port 27733 [preauth]
Oct 14 03:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27681]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: Invalid user brandon from 103.55.216.2
Oct 14 03:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: input_userauth_request: invalid user brandon [preauth]
Oct 14 03:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 03:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: Failed password for invalid user brandon from 103.55.216.2 port 42448 ssh2
Oct 14 03:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: Received disconnect from 103.55.216.2 port 42448:11: Bye Bye [preauth]
Oct 14 03:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28150]: Disconnected from 103.55.216.2 port 42448 [preauth]
Oct 14 03:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: Invalid user test from 196.251.84.92
Oct 14 03:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: input_userauth_request: invalid user test [preauth]
Oct 14 03:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: Failed password for invalid user test from 196.251.84.92 port 51670 ssh2
Oct 14 03:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: Connection closed by 196.251.84.92 port 51670 [preauth]
Oct 14 03:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Invalid user ugo from 178.128.152.40
Oct 14 03:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: input_userauth_request: invalid user ugo [preauth]
Oct 14 03:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 03:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Failed password for invalid user ugo from 178.128.152.40 port 50532 ssh2
Oct 14 03:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Received disconnect from 178.128.152.40 port 50532:11: Bye Bye [preauth]
Oct 14 03:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Disconnected from 178.128.152.40 port 50532 [preauth]
Oct 14 03:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26239]: pam_unix(cron:session): session closed for user root
Oct 14 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28292]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28288]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28291]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28289]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28292]: pam_unix(cron:session): session closed for user root
Oct 14 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28285]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28378]: Successful su for rubyman by root
Oct 14 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28378]: + ??? root:rubyman
Oct 14 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408956 of user rubyman.
Oct 14 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28378]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408956.
Oct 14 03:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28288]: pam_unix(cron:session): session closed for user root
Oct 14 03:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24383]: pam_unix(cron:session): session closed for user root
Oct 14 03:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28287]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.38.148.202  user=root
Oct 14 03:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29003]: Failed password for root from 89.38.148.202 port 59768 ssh2
Oct 14 03:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29003]: Connection closed by 89.38.148.202 port 59768 [preauth]
Oct 14 03:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140  user=root
Oct 14 03:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29016]: Failed password for root from 196.251.84.140 port 39458 ssh2
Oct 14 03:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26872]: pam_unix(cron:session): session closed for user root
Oct 14 03:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29016]: Connection closed by 196.251.84.140 port 39458 [preauth]
Oct 14 03:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: Invalid user arjun from 178.128.152.40
Oct 14 03:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: input_userauth_request: invalid user arjun [preauth]
Oct 14 03:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 03:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: Invalid user armand from 155.4.245.222
Oct 14 03:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: input_userauth_request: invalid user armand [preauth]
Oct 14 03:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 03:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: Failed password for invalid user arjun from 178.128.152.40 port 58886 ssh2
Oct 14 03:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: Received disconnect from 178.128.152.40 port 58886:11: Bye Bye [preauth]
Oct 14 03:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: Disconnected from 178.128.152.40 port 58886 [preauth]
Oct 14 03:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: Failed password for invalid user armand from 155.4.245.222 port 20705 ssh2
Oct 14 03:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: Received disconnect from 155.4.245.222 port 20705:11: Bye Bye [preauth]
Oct 14 03:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29147]: Disconnected from 155.4.245.222 port 20705 [preauth]
Oct 14 03:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29185]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29188]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29181]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2  user=root
Oct 14 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29268]: Successful su for rubyman by root
Oct 14 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29268]: + ??? root:rubyman
Oct 14 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408963 of user rubyman.
Oct 14 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29268]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408963.
Oct 14 03:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: Failed password for root from 103.55.216.2 port 52184 ssh2
Oct 14 03:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: Received disconnect from 103.55.216.2 port 52184:11: Bye Bye [preauth]
Oct 14 03:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29174]: Disconnected from 103.55.216.2 port 52184 [preauth]
Oct 14 03:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: Invalid user test from 196.251.84.92
Oct 14 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: input_userauth_request: invalid user test [preauth]
Oct 14 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: Failed password for invalid user test from 196.251.84.92 port 57816 ssh2
Oct 14 03:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: Connection closed by 196.251.84.92 port 57816 [preauth]
Oct 14 03:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24889]: pam_unix(cron:session): session closed for user root
Oct 14 03:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29184]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27683]: pam_unix(cron:session): session closed for user root
Oct 14 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29687]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29690]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29684]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29769]: Successful su for rubyman by root
Oct 14 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29769]: + ??? root:rubyman
Oct 14 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408967 of user rubyman.
Oct 14 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29769]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408967.
Oct 14 03:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40  user=root
Oct 14 03:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29862]: Failed password for root from 178.128.152.40 port 41920 ssh2
Oct 14 03:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29862]: Received disconnect from 178.128.152.40 port 41920:11: Bye Bye [preauth]
Oct 14 03:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29862]: Disconnected from 178.128.152.40 port 41920 [preauth]
Oct 14 03:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25658]: pam_unix(cron:session): session closed for user root
Oct 14 03:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: Invalid user seafile from 20.163.71.109
Oct 14 03:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: input_userauth_request: invalid user seafile [preauth]
Oct 14 03:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 03:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: Failed password for invalid user seafile from 20.163.71.109 port 57230 ssh2
Oct 14 03:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: Connection closed by 20.163.71.109 port 57230 [preauth]
Oct 14 03:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29686]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222  user=root
Oct 14 03:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30096]: Failed password for root from 155.4.245.222 port 9734 ssh2
Oct 14 03:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30096]: Received disconnect from 155.4.245.222 port 9734:11: Bye Bye [preauth]
Oct 14 03:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30096]: Disconnected from 155.4.245.222 port 9734 [preauth]
Oct 14 03:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2  user=root
Oct 14 03:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28291]: pam_unix(cron:session): session closed for user root
Oct 14 03:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30150]: Invalid user test from 196.251.84.92
Oct 14 03:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30150]: input_userauth_request: invalid user test [preauth]
Oct 14 03:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30150]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: Failed password for root from 103.55.216.2 port 39740 ssh2
Oct 14 03:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: Received disconnect from 103.55.216.2 port 39740:11: Bye Bye [preauth]
Oct 14 03:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: Disconnected from 103.55.216.2 port 39740 [preauth]
Oct 14 03:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30150]: Failed password for invalid user test from 196.251.84.92 port 35772 ssh2
Oct 14 03:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30150]: Connection closed by 196.251.84.92 port 35772 [preauth]
Oct 14 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30228]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30226]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30223]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30309]: Successful su for rubyman by root
Oct 14 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30309]: + ??? root:rubyman
Oct 14 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408971 of user rubyman.
Oct 14 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30309]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408971.
Oct 14 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Invalid user admin from 2.57.121.112
Oct 14 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 03:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Failed password for invalid user admin from 2.57.121.112 port 64956 ssh2
Oct 14 03:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Failed password for invalid user admin from 2.57.121.112 port 64956 ssh2
Oct 14 03:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Failed password for invalid user admin from 2.57.121.112 port 64956 ssh2
Oct 14 03:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26237]: pam_unix(cron:session): session closed for user root
Oct 14 03:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Failed password for invalid user admin from 2.57.121.112 port 64956 ssh2
Oct 14 03:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30339]: Connection closed by 157.245.115.28 port 37028 [preauth]
Oct 14 03:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Failed password for invalid user admin from 2.57.121.112 port 64956 ssh2
Oct 14 03:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Received disconnect from 2.57.121.112 port 64956:11: Bye [preauth]
Oct 14 03:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Disconnected from 2.57.121.112 port 64956 [preauth]
Oct 14 03:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 03:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 03:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30225]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: Invalid user billy from 178.128.152.40
Oct 14 03:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: input_userauth_request: invalid user billy [preauth]
Oct 14 03:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 03:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: Failed password for invalid user billy from 178.128.152.40 port 57846 ssh2
Oct 14 03:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: Received disconnect from 178.128.152.40 port 57846:11: Bye Bye [preauth]
Oct 14 03:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: Disconnected from 178.128.152.40 port 57846 [preauth]
Oct 14 03:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29188]: pam_unix(cron:session): session closed for user root
Oct 14 03:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: Did not receive identification string from 80.211.129.128
Oct 14 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30815]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30816]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30813]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30889]: Successful su for rubyman by root
Oct 14 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30889]: + ??? root:rubyman
Oct 14 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408975 of user rubyman.
Oct 14 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30889]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408975.
Oct 14 03:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: Invalid user jafar from 155.4.245.222
Oct 14 03:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: input_userauth_request: invalid user jafar [preauth]
Oct 14 03:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 03:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26871]: pam_unix(cron:session): session closed for user root
Oct 14 03:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: Failed password for invalid user jafar from 155.4.245.222 port 56339 ssh2
Oct 14 03:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: Received disconnect from 155.4.245.222 port 56339:11: Bye Bye [preauth]
Oct 14 03:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30965]: Disconnected from 155.4.245.222 port 56339 [preauth]
Oct 14 03:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31115]: Invalid user test from 196.251.84.92
Oct 14 03:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31115]: input_userauth_request: invalid user test [preauth]
Oct 14 03:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31115]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31115]: Failed password for invalid user test from 196.251.84.92 port 41122 ssh2
Oct 14 03:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31115]: Connection closed by 196.251.84.92 port 41122 [preauth]
Oct 14 03:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30814]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: Invalid user wahyu from 103.55.216.2
Oct 14 03:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: input_userauth_request: invalid user wahyu [preauth]
Oct 14 03:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 03:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: Invalid user admin from 196.251.84.140
Oct 14 03:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 03:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: Failed password for invalid user wahyu from 103.55.216.2 port 47548 ssh2
Oct 14 03:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: Received disconnect from 103.55.216.2 port 47548:11: Bye Bye [preauth]
Oct 14 03:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: Disconnected from 103.55.216.2 port 47548 [preauth]
Oct 14 03:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: Failed password for invalid user admin from 196.251.84.140 port 46048 ssh2
Oct 14 03:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: Connection closed by 196.251.84.140 port 46048 [preauth]
Oct 14 03:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40  user=root
Oct 14 03:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: Failed password for root from 178.128.152.40 port 54690 ssh2
Oct 14 03:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: Received disconnect from 178.128.152.40 port 54690:11: Bye Bye [preauth]
Oct 14 03:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: Disconnected from 178.128.152.40 port 54690 [preauth]
Oct 14 03:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29690]: pam_unix(cron:session): session closed for user root
Oct 14 03:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31235]: Did not receive identification string from 80.211.129.128
Oct 14 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31310]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31311]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31309]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31312]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31308]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31307]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31312]: pam_unix(cron:session): session closed for user root
Oct 14 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31307]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31388]: Successful su for rubyman by root
Oct 14 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31388]: + ??? root:rubyman
Oct 14 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408979 of user rubyman.
Oct 14 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31388]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408979.
Oct 14 03:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31309]: pam_unix(cron:session): session closed for user root
Oct 14 03:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27682]: pam_unix(cron:session): session closed for user root
Oct 14 03:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31308]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30228]: pam_unix(cron:session): session closed for user root
Oct 14 03:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31906]: Invalid user test from 196.251.84.92
Oct 14 03:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31906]: input_userauth_request: invalid user test [preauth]
Oct 14 03:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31906]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31906]: Failed password for invalid user test from 196.251.84.92 port 46208 ssh2
Oct 14 03:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31906]: Connection closed by 196.251.84.92 port 46208 [preauth]
Oct 14 03:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Invalid user minerhub from 155.4.245.222
Oct 14 03:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: input_userauth_request: invalid user minerhub [preauth]
Oct 14 03:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 03:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Failed password for invalid user minerhub from 155.4.245.222 port 2913 ssh2
Oct 14 03:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Received disconnect from 155.4.245.222 port 2913:11: Bye Bye [preauth]
Oct 14 03:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Disconnected from 155.4.245.222 port 2913 [preauth]
Oct 14 03:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: Invalid user abhi from 178.128.152.40
Oct 14 03:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: input_userauth_request: invalid user abhi [preauth]
Oct 14 03:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 03:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: Failed password for invalid user abhi from 178.128.152.40 port 33612 ssh2
Oct 14 03:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: Received disconnect from 178.128.152.40 port 33612:11: Bye Bye [preauth]
Oct 14 03:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31956]: Disconnected from 178.128.152.40 port 33612 [preauth]
Oct 14 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31973]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31972]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31970]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32064]: Successful su for rubyman by root
Oct 14 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32064]: + ??? root:rubyman
Oct 14 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32064]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408984 of user rubyman.
Oct 14 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32064]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408984.
Oct 14 03:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: Invalid user paco from 103.55.216.2
Oct 14 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: input_userauth_request: invalid user paco [preauth]
Oct 14 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 03:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: Failed password for invalid user paco from 103.55.216.2 port 45372 ssh2
Oct 14 03:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: Received disconnect from 103.55.216.2 port 45372:11: Bye Bye [preauth]
Oct 14 03:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32112]: Disconnected from 103.55.216.2 port 45372 [preauth]
Oct 14 03:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28289]: pam_unix(cron:session): session closed for user root
Oct 14 03:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31971]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30816]: pam_unix(cron:session): session closed for user root
Oct 14 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32520]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32521]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32518]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32586]: Successful su for rubyman by root
Oct 14 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32586]: + ??? root:rubyman
Oct 14 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408990 of user rubyman.
Oct 14 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32586]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408990.
Oct 14 03:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29185]: pam_unix(cron:session): session closed for user root
Oct 14 03:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[339]: Invalid user eli from 178.128.152.40
Oct 14 03:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[339]: input_userauth_request: invalid user eli [preauth]
Oct 14 03:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[339]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 03:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[339]: Failed password for invalid user eli from 178.128.152.40 port 48312 ssh2
Oct 14 03:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[339]: Received disconnect from 178.128.152.40 port 48312:11: Bye Bye [preauth]
Oct 14 03:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[339]: Disconnected from 178.128.152.40 port 48312 [preauth]
Oct 14 03:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32519]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[366]: Invalid user test from 196.251.84.92
Oct 14 03:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[366]: input_userauth_request: invalid user test [preauth]
Oct 14 03:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[366]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[366]: Failed password for invalid user test from 196.251.84.92 port 51316 ssh2
Oct 14 03:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[366]: Connection closed by 196.251.84.92 port 51316 [preauth]
Oct 14 03:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: Invalid user dylan from 155.4.245.222
Oct 14 03:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: input_userauth_request: invalid user dylan [preauth]
Oct 14 03:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: Failed password for invalid user dylan from 155.4.245.222 port 47564 ssh2
Oct 14 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: Received disconnect from 155.4.245.222 port 47564:11: Bye Bye [preauth]
Oct 14 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: Disconnected from 155.4.245.222 port 47564 [preauth]
Oct 14 03:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31311]: pam_unix(cron:session): session closed for user root
Oct 14 03:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[505]: Invalid user user from 103.55.216.2
Oct 14 03:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[505]: input_userauth_request: invalid user user [preauth]
Oct 14 03:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[505]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 03:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[505]: Failed password for invalid user user from 103.55.216.2 port 48296 ssh2
Oct 14 03:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[505]: Received disconnect from 103.55.216.2 port 48296:11: Bye Bye [preauth]
Oct 14 03:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[505]: Disconnected from 103.55.216.2 port 48296 [preauth]
Oct 14 03:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: Did not receive identification string from 89.40.117.17
Oct 14 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[549]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[548]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[546]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[612]: Successful su for rubyman by root
Oct 14 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[612]: + ??? root:rubyman
Oct 14 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[612]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408993 of user rubyman.
Oct 14 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[612]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408993.
Oct 14 03:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29687]: pam_unix(cron:session): session closed for user root
Oct 14 03:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: Invalid user admin from 196.251.84.140
Oct 14 03:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: input_userauth_request: invalid user admin [preauth]
Oct 14 03:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 03:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: Failed password for invalid user admin from 196.251.84.140 port 49568 ssh2
Oct 14 03:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: Connection closed by 196.251.84.140 port 49568 [preauth]
Oct 14 03:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[547]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: Invalid user ankur from 178.128.152.40
Oct 14 03:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: input_userauth_request: invalid user ankur [preauth]
Oct 14 03:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 03:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: Failed password for invalid user ankur from 178.128.152.40 port 33438 ssh2
Oct 14 03:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: Received disconnect from 178.128.152.40 port 33438:11: Bye Bye [preauth]
Oct 14 03:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[982]: Disconnected from 178.128.152.40 port 33438 [preauth]
Oct 14 03:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31973]: pam_unix(cron:session): session closed for user root
Oct 14 03:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1096]: Invalid user test from 196.251.84.92
Oct 14 03:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1096]: input_userauth_request: invalid user test [preauth]
Oct 14 03:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1096]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 03:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1096]: Failed password for invalid user test from 196.251.84.92 port 56214 ssh2
Oct 14 03:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1096]: Connection closed by 196.251.84.92 port 56214 [preauth]
Oct 14 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1123]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1122]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1120]: pam_unix(cron:session): session closed for user p13x
Oct 14 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1189]: Successful su for rubyman by root
Oct 14 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1189]: + ??? root:rubyman
Oct 14 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 408997 of user rubyman.
Oct 14 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1189]: pam_unix(su:session): session closed for user rubyman
Oct 14 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 408997.
Oct 14 03:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30226]: pam_unix(cron:session): session closed for user root
Oct 14 03:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222  user=root
Oct 14 03:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: Failed password for root from 155.4.245.222 port 38437 ssh2
Oct 14 03:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: Received disconnect from 155.4.245.222 port 38437:11: Bye Bye [preauth]
Oct 14 03:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: Disconnected from 155.4.245.222 port 38437 [preauth]
Oct 14 03:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1121]: pam_unix(cron:session): session closed for user samftp
Oct 14 03:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: Invalid user armand from 103.55.216.2
Oct 14 03:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: input_userauth_request: invalid user armand [preauth]
Oct 14 03:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 03:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 03:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: Failed password for invalid user armand from 103.55.216.2 port 39702 ssh2
Oct 14 03:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: Received disconnect from 103.55.216.2 port 39702:11: Bye Bye [preauth]
Oct 14 03:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: Disconnected from 103.55.216.2 port 39702 [preauth]
Oct 14 03:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32521]: pam_unix(cron:session): session closed for user root
Oct 14 03:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 03:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40  user=root
Oct 14 03:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Failed password for root from 178.128.152.40 port 57156 ssh2
Oct 14 03:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Received disconnect from 178.128.152.40 port 57156:11: Bye Bye [preauth]
Oct 14 03:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Disconnected from 178.128.152.40 port 57156 [preauth]
Oct 14 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1622]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1615]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1621]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1620]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1624]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1615]: pam_unix(cron:session): session closed for user root
Oct 14 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1624]: pam_unix(cron:session): session closed for user root
Oct 14 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1613]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1760]: Successful su for rubyman by root
Oct 14 04:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1760]: + ??? root:rubyman
Oct 14 04:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409000 of user rubyman.
Oct 14 04:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1760]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409000.
Oct 14 04:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1620]: pam_unix(cron:session): session closed for user root
Oct 14 04:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30815]: pam_unix(cron:session): session closed for user root
Oct 14 04:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1614]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: Invalid user test from 196.251.84.92
Oct 14 04:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: input_userauth_request: invalid user test [preauth]
Oct 14 04:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: Failed password for invalid user test from 196.251.84.92 port 32828 ssh2
Oct 14 04:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2127]: Connection closed by 196.251.84.92 port 32828 [preauth]
Oct 14 04:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[549]: pam_unix(cron:session): session closed for user root
Oct 14 04:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: Invalid user user from 155.4.245.222
Oct 14 04:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: input_userauth_request: invalid user user [preauth]
Oct 14 04:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 04:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: Failed password for invalid user user from 155.4.245.222 port 11678 ssh2
Oct 14 04:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: Received disconnect from 155.4.245.222 port 11678:11: Bye Bye [preauth]
Oct 14 04:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2245]: Disconnected from 155.4.245.222 port 11678 [preauth]
Oct 14 04:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Invalid user sunil from 178.128.152.40
Oct 14 04:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: input_userauth_request: invalid user sunil [preauth]
Oct 14 04:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Failed password for invalid user sunil from 178.128.152.40 port 46956 ssh2
Oct 14 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Received disconnect from 178.128.152.40 port 46956:11: Bye Bye [preauth]
Oct 14 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Disconnected from 178.128.152.40 port 46956 [preauth]
Oct 14 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2309]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2310]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2307]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2308]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2307]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2334]: Did not receive identification string from 80.211.129.128
Oct 14 04:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2380]: Successful su for rubyman by root
Oct 14 04:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2380]: + ??? root:rubyman
Oct 14 04:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409008 of user rubyman.
Oct 14 04:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2380]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409008.
Oct 14 04:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2  user=root
Oct 14 04:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2404]: Failed password for root from 103.55.216.2 port 35828 ssh2
Oct 14 04:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2404]: Received disconnect from 103.55.216.2 port 35828:11: Bye Bye [preauth]
Oct 14 04:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2404]: Disconnected from 103.55.216.2 port 35828 [preauth]
Oct 14 04:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31310]: pam_unix(cron:session): session closed for user root
Oct 14 04:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2308]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1123]: pam_unix(cron:session): session closed for user root
Oct 14 04:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: Invalid user hmsftp from 193.32.162.151
Oct 14 04:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: input_userauth_request: invalid user hmsftp [preauth]
Oct 14 04:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 14 04:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: Failed password for invalid user hmsftp from 193.32.162.151 port 58316 ssh2
Oct 14 04:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: Connection closed by 193.32.162.151 port 58316 [preauth]
Oct 14 04:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: Invalid user test from 196.251.84.92
Oct 14 04:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: input_userauth_request: invalid user test [preauth]
Oct 14 04:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: Failed password for invalid user test from 196.251.84.92 port 36878 ssh2
Oct 14 04:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: Connection closed by 196.251.84.92 port 36878 [preauth]
Oct 14 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2771]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2772]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2770]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2769]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2769]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2840]: Successful su for rubyman by root
Oct 14 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2840]: + ??? root:rubyman
Oct 14 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409013 of user rubyman.
Oct 14 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2840]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409013.
Oct 14 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31972]: pam_unix(cron:session): session closed for user root
Oct 14 04:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2958]: Invalid user admin from 196.251.84.140
Oct 14 04:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2958]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2958]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 04:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2770]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2958]: Failed password for invalid user admin from 196.251.84.140 port 57054 ssh2
Oct 14 04:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2958]: Connection closed by 196.251.84.140 port 57054 [preauth]
Oct 14 04:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3106]: Invalid user brandon from 155.4.245.222
Oct 14 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3106]: input_userauth_request: invalid user brandon [preauth]
Oct 14 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3106]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 04:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: Invalid user cgonzalez from 178.128.152.40
Oct 14 04:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: input_userauth_request: invalid user cgonzalez [preauth]
Oct 14 04:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 04:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3106]: Failed password for invalid user brandon from 155.4.245.222 port 25263 ssh2
Oct 14 04:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3106]: Received disconnect from 155.4.245.222 port 25263:11: Bye Bye [preauth]
Oct 14 04:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3106]: Disconnected from 155.4.245.222 port 25263 [preauth]
Oct 14 04:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: Failed password for invalid user cgonzalez from 178.128.152.40 port 60158 ssh2
Oct 14 04:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: Received disconnect from 178.128.152.40 port 60158:11: Bye Bye [preauth]
Oct 14 04:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: Disconnected from 178.128.152.40 port 60158 [preauth]
Oct 14 04:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1622]: pam_unix(cron:session): session closed for user root
Oct 14 04:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Invalid user raju from 103.55.216.2
Oct 14 04:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: input_userauth_request: invalid user raju [preauth]
Oct 14 04:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 04:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Failed password for invalid user raju from 103.55.216.2 port 55620 ssh2
Oct 14 04:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Received disconnect from 103.55.216.2 port 55620:11: Bye Bye [preauth]
Oct 14 04:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Disconnected from 103.55.216.2 port 55620 [preauth]
Oct 14 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3225]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3224]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3219]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3313]: Successful su for rubyman by root
Oct 14 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3313]: + ??? root:rubyman
Oct 14 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409017 of user rubyman.
Oct 14 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3313]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409017.
Oct 14 04:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32520]: pam_unix(cron:session): session closed for user root
Oct 14 04:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3220]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: Invalid user oracle from 196.251.84.92
Oct 14 04:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: input_userauth_request: invalid user oracle [preauth]
Oct 14 04:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: Failed password for invalid user oracle from 196.251.84.92 port 40708 ssh2
Oct 14 04:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: Connection closed by 196.251.84.92 port 40708 [preauth]
Oct 14 04:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: Invalid user pliki from 178.128.152.40
Oct 14 04:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: input_userauth_request: invalid user pliki [preauth]
Oct 14 04:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 04:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2310]: pam_unix(cron:session): session closed for user root
Oct 14 04:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: Failed password for invalid user pliki from 178.128.152.40 port 56416 ssh2
Oct 14 04:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: Received disconnect from 178.128.152.40 port 56416:11: Bye Bye [preauth]
Oct 14 04:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3623]: Disconnected from 178.128.152.40 port 56416 [preauth]
Oct 14 04:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3694]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3693]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3691]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3691]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222  user=root
Oct 14 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3775]: Successful su for rubyman by root
Oct 14 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3775]: + ??? root:rubyman
Oct 14 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409019 of user rubyman.
Oct 14 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3775]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409019.
Oct 14 04:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3687]: Failed password for root from 155.4.245.222 port 55092 ssh2
Oct 14 04:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3687]: Received disconnect from 155.4.245.222 port 55092:11: Bye Bye [preauth]
Oct 14 04:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3687]: Disconnected from 155.4.245.222 port 55092 [preauth]
Oct 14 04:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[548]: pam_unix(cron:session): session closed for user root
Oct 14 04:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3692]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2  user=root
Oct 14 04:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: Failed password for root from 103.55.216.2 port 46140 ssh2
Oct 14 04:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: Received disconnect from 103.55.216.2 port 46140:11: Bye Bye [preauth]
Oct 14 04:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4053]: Disconnected from 103.55.216.2 port 46140 [preauth]
Oct 14 04:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2772]: pam_unix(cron:session): session closed for user root
Oct 14 04:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40  user=root
Oct 14 04:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: Failed password for root from 178.128.152.40 port 53630 ssh2
Oct 14 04:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: Received disconnect from 178.128.152.40 port 53630:11: Bye Bye [preauth]
Oct 14 04:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: Disconnected from 178.128.152.40 port 53630 [preauth]
Oct 14 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4188]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4187]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4186]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4184]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4188]: pam_unix(cron:session): session closed for user root
Oct 14 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4182]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4298]: Successful su for rubyman by root
Oct 14 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4298]: + ??? root:rubyman
Oct 14 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409023 of user rubyman.
Oct 14 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4298]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409023.
Oct 14 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4325]: Invalid user oracle from 196.251.84.92
Oct 14 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4325]: input_userauth_request: invalid user oracle [preauth]
Oct 14 04:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4325]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4325]: Failed password for invalid user oracle from 196.251.84.92 port 44378 ssh2
Oct 14 04:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4325]: Connection closed by 196.251.84.92 port 44378 [preauth]
Oct 14 04:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1122]: pam_unix(cron:session): session closed for user root
Oct 14 04:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4184]: pam_unix(cron:session): session closed for user root
Oct 14 04:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4183]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3225]: pam_unix(cron:session): session closed for user root
Oct 14 04:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: Invalid user bitwarden from 155.4.245.222
Oct 14 04:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: input_userauth_request: invalid user bitwarden [preauth]
Oct 14 04:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 04:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: Failed password for invalid user bitwarden from 155.4.245.222 port 31377 ssh2
Oct 14 04:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: Received disconnect from 155.4.245.222 port 31377:11: Bye Bye [preauth]
Oct 14 04:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: Disconnected from 155.4.245.222 port 31377 [preauth]
Oct 14 04:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4730]: Received disconnect from 193.142.200.86 port 27556:11: Bye Bye [preauth]
Oct 14 04:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4730]: Disconnected from 193.142.200.86 port 27556 [preauth]
Oct 14 04:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: Invalid user r00t from 193.142.200.86
Oct 14 04:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: input_userauth_request: invalid user r00t [preauth]
Oct 14 04:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86
Oct 14 04:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: Failed password for root from 193.142.200.86 port 22120 ssh2
Oct 14 04:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4733]: Failed password for root from 193.142.200.86 port 28779 ssh2
Oct 14 04:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: Failed password for invalid user r00t from 193.142.200.86 port 1930 ssh2
Oct 14 04:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: Failed password for root from 193.142.200.86 port 2771 ssh2
Oct 14 04:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: Failed password for root from 193.142.200.86 port 60428 ssh2
Oct 14 04:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: Failed password for root from 193.142.200.86 port 24042 ssh2
Oct 14 04:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: Received disconnect from 193.142.200.86 port 1930:11: Bye Bye [preauth]
Oct 14 04:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4737]: Disconnected from 193.142.200.86 port 1930 [preauth]
Oct 14 04:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4733]: Failed password for root from 193.142.200.86 port 28779 ssh2
Oct 14 04:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: Failed password for root from 193.142.200.86 port 22120 ssh2
Oct 14 04:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: Failed password for root from 193.142.200.86 port 2771 ssh2
Oct 14 04:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: Failed password for root from 193.142.200.86 port 60428 ssh2
Oct 14 04:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: Failed password for root from 193.142.200.86 port 24042 ssh2
Oct 14 04:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: Failed password for root from 193.142.200.86 port 25847 ssh2
Oct 14 04:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4733]: Failed password for root from 193.142.200.86 port 28779 ssh2
Oct 14 04:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: Failed password for root from 193.142.200.86 port 22120 ssh2
Oct 14 04:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: Failed password for root from 193.142.200.86 port 2771 ssh2
Oct 14 04:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: Failed password for root from 193.142.200.86 port 24042 ssh2
Oct 14 04:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: Failed password for root from 193.142.200.86 port 60428 ssh2
Oct 14 04:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: Failed password for root from 193.142.200.86 port 25847 ssh2
Oct 14 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4733]: Failed password for root from 193.142.200.86 port 28779 ssh2
Oct 14 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: Failed password for root from 193.142.200.86 port 2771 ssh2
Oct 14 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: Failed password for root from 193.142.200.86 port 60428 ssh2
Oct 14 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: Failed password for root from 193.142.200.86 port 22120 ssh2
Oct 14 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: Failed password for root from 193.142.200.86 port 24042 ssh2
Oct 14 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4775]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4774]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4776]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4771]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4771]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4828]: Invalid user sachi from 178.128.152.40
Oct 14 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4828]: input_userauth_request: invalid user sachi [preauth]
Oct 14 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4828]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4852]: Successful su for rubyman by root
Oct 14 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4852]: + ??? root:rubyman
Oct 14 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409030 of user rubyman.
Oct 14 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4852]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409030.
Oct 14 04:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: Failed password for root from 193.142.200.86 port 25847 ssh2
Oct 14 04:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4733]: Failed password for root from 193.142.200.86 port 28779 ssh2
Oct 14 04:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: Failed password for root from 193.142.200.86 port 60428 ssh2
Oct 14 04:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: Failed password for root from 193.142.200.86 port 22120 ssh2
Oct 14 04:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: Failed password for root from 193.142.200.86 port 24042 ssh2
Oct 14 04:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: Failed password for root from 193.142.200.86 port 2771 ssh2
Oct 14 04:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4828]: Failed password for invalid user sachi from 178.128.152.40 port 52082 ssh2
Oct 14 04:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4828]: Received disconnect from 178.128.152.40 port 52082:11: Bye Bye [preauth]
Oct 14 04:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4828]: Disconnected from 178.128.152.40 port 52082 [preauth]
Oct 14 04:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: Failed password for root from 193.142.200.86 port 25847 ssh2
Oct 14 04:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4733]: Failed password for root from 193.142.200.86 port 28779 ssh2
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4733]: error: maximum authentication attempts exceeded for root from 193.142.200.86 port 28779 ssh2 [preauth]
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4733]: Disconnecting: Too many authentication failures [preauth]
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4733]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4733]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: Failed password for root from 193.142.200.86 port 22120 ssh2
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: error: maximum authentication attempts exceeded for root from 193.142.200.86 port 22120 ssh2 [preauth]
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: Disconnecting: Too many authentication failures [preauth]
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4735]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: Failed password for root from 193.142.200.86 port 24042 ssh2
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: error: maximum authentication attempts exceeded for root from 193.142.200.86 port 24042 ssh2 [preauth]
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: Disconnecting: Too many authentication failures [preauth]
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: Failed password for root from 193.142.200.86 port 60428 ssh2
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: Failed password for root from 193.142.200.86 port 2771 ssh2
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: error: maximum authentication attempts exceeded for root from 193.142.200.86 port 60428 ssh2 [preauth]
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: error: maximum authentication attempts exceeded for root from 193.142.200.86 port 2771 ssh2 [preauth]
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: Disconnecting: Too many authentication failures [preauth]
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: Disconnecting: Too many authentication failures [preauth]
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4736]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4738]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 14 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: Failed password for root from 193.142.200.86 port 25847 ssh2
Oct 14 04:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: Invalid user dylan from 103.55.216.2
Oct 14 04:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: input_userauth_request: invalid user dylan [preauth]
Oct 14 04:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 04:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: Failed password for root from 193.142.200.86 port 25847 ssh2
Oct 14 04:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: error: maximum authentication attempts exceeded for root from 193.142.200.86 port 25847 ssh2 [preauth]
Oct 14 04:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: Disconnecting: Too many authentication failures [preauth]
Oct 14 04:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 14 04:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: Failed password for invalid user dylan from 103.55.216.2 port 58014 ssh2
Oct 14 04:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: Received disconnect from 103.55.216.2 port 58014:11: Bye Bye [preauth]
Oct 14 04:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: Disconnected from 103.55.216.2 port 58014 [preauth]
Oct 14 04:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5108]: Invalid user admin from 196.251.84.140
Oct 14 04:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5108]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1621]: pam_unix(cron:session): session closed for user root
Oct 14 04:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5108]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 04:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5108]: Failed password for invalid user admin from 196.251.84.140 port 33420 ssh2
Oct 14 04:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4774]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5108]: Connection closed by 196.251.84.140 port 33420 [preauth]
Oct 14 04:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: Failed password for root from 193.142.200.86 port 37787 ssh2
Oct 14 04:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: Failed password for root from 193.142.200.86 port 40366 ssh2
Oct 14 04:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: Failed password for root from 193.142.200.86 port 57254 ssh2
Oct 14 04:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: Failed password for root from 193.142.200.86 port 59108 ssh2
Oct 14 04:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: Failed password for root from 193.142.200.86 port 22156 ssh2
Oct 14 04:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: Failed password for root from 193.142.200.86 port 37787 ssh2
Oct 14 04:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: Failed password for root from 193.142.200.86 port 40366 ssh2
Oct 14 04:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: Failed password for root from 193.142.200.86 port 57254 ssh2
Oct 14 04:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: Failed password for root from 193.142.200.86 port 59108 ssh2
Oct 14 04:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: Failed password for root from 193.142.200.86 port 22156 ssh2
Oct 14 04:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Failed password for root from 193.142.200.86 port 13503 ssh2
Oct 14 04:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: Failed password for root from 193.142.200.86 port 37787 ssh2
Oct 14 04:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: Failed password for root from 193.142.200.86 port 40366 ssh2
Oct 14 04:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Failed password for root from 193.142.200.86 port 13503 ssh2
Oct 14 04:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: Failed password for root from 193.142.200.86 port 57254 ssh2
Oct 14 04:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: Failed password for root from 193.142.200.86 port 22156 ssh2
Oct 14 04:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: Failed password for root from 193.142.200.86 port 59108 ssh2
Oct 14 04:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Connection closed by 193.142.200.86 port 13503 [preauth]
Oct 14 04:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: Connection closed by 193.142.200.86 port 57254 [preauth]
Oct 14 04:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5575]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: Connection closed by 193.142.200.86 port 59108 [preauth]
Oct 14 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5576]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: Connection closed by 193.142.200.86 port 22156 [preauth]
Oct 14 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: Failed password for root from 193.142.200.86 port 37787 ssh2
Oct 14 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: Failed password for root from 193.142.200.86 port 40366 ssh2
Oct 14 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: Connection closed by 193.142.200.86 port 37787 [preauth]
Oct 14 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: PAM service(sshd) ignoring max retries; 4 > 3
Oct 14 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: Connection closed by 193.142.200.86 port 40366 [preauth]
Oct 14 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.142.200.86  user=root
Oct 14 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: PAM service(sshd) ignoring max retries; 4 > 3
Oct 14 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5664]: Invalid user oracle from 196.251.84.92
Oct 14 04:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5664]: input_userauth_request: invalid user oracle [preauth]
Oct 14 04:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5664]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5664]: Failed password for invalid user oracle from 196.251.84.92 port 48394 ssh2
Oct 14 04:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5664]: Connection closed by 196.251.84.92 port 48394 [preauth]
Oct 14 04:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3694]: pam_unix(cron:session): session closed for user root
Oct 14 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5759]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5756]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5753]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5848]: Successful su for rubyman by root
Oct 14 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5848]: + ??? root:rubyman
Oct 14 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409034 of user rubyman.
Oct 14 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5848]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409034.
Oct 14 04:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2309]: pam_unix(cron:session): session closed for user root
Oct 14 04:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: Invalid user brooke from 178.128.152.40
Oct 14 04:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: input_userauth_request: invalid user brooke [preauth]
Oct 14 04:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 04:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6055]: Invalid user admin from 155.4.245.222
Oct 14 04:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6055]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6055]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 04:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5755]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: Failed password for invalid user brooke from 178.128.152.40 port 58588 ssh2
Oct 14 04:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: Received disconnect from 178.128.152.40 port 58588:11: Bye Bye [preauth]
Oct 14 04:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: Disconnected from 178.128.152.40 port 58588 [preauth]
Oct 14 04:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6055]: Failed password for invalid user admin from 155.4.245.222 port 7363 ssh2
Oct 14 04:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6055]: Received disconnect from 155.4.245.222 port 7363:11: Bye Bye [preauth]
Oct 14 04:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6055]: Disconnected from 155.4.245.222 port 7363 [preauth]
Oct 14 04:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4187]: pam_unix(cron:session): session closed for user root
Oct 14 04:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Invalid user ftpuser from 103.55.216.2
Oct 14 04:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 04:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 04:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Failed password for invalid user ftpuser from 103.55.216.2 port 53806 ssh2
Oct 14 04:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Received disconnect from 103.55.216.2 port 53806:11: Bye Bye [preauth]
Oct 14 04:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Disconnected from 103.55.216.2 port 53806 [preauth]
Oct 14 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6230]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6229]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6227]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6296]: Successful su for rubyman by root
Oct 14 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6296]: + ??? root:rubyman
Oct 14 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409038 of user rubyman.
Oct 14 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6296]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409038.
Oct 14 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: Invalid user oracle from 196.251.84.92
Oct 14 04:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: input_userauth_request: invalid user oracle [preauth]
Oct 14 04:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: Failed password for invalid user oracle from 196.251.84.92 port 51930 ssh2
Oct 14 04:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: Connection closed by 196.251.84.92 port 51930 [preauth]
Oct 14 04:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: Invalid user support from 78.128.112.74
Oct 14 04:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: input_userauth_request: invalid user support [preauth]
Oct 14 04:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Oct 14 04:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: Failed password for invalid user support from 78.128.112.74 port 40524 ssh2
Oct 14 04:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: Connection closed by 78.128.112.74 port 40524 [preauth]
Oct 14 04:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2771]: pam_unix(cron:session): session closed for user root
Oct 14 04:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6228]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: Invalid user test2 from 178.128.152.40
Oct 14 04:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: input_userauth_request: invalid user test2 [preauth]
Oct 14 04:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 04:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: Failed password for invalid user test2 from 178.128.152.40 port 43062 ssh2
Oct 14 04:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: Received disconnect from 178.128.152.40 port 43062:11: Bye Bye [preauth]
Oct 14 04:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: Disconnected from 178.128.152.40 port 43062 [preauth]
Oct 14 04:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4776]: pam_unix(cron:session): session closed for user root
Oct 14 04:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: Invalid user loginuser from 193.32.162.151
Oct 14 04:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: input_userauth_request: invalid user loginuser [preauth]
Oct 14 04:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 14 04:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: Failed password for invalid user loginuser from 193.32.162.151 port 48842 ssh2
Oct 14 04:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: Connection closed by 193.32.162.151 port 48842 [preauth]
Oct 14 04:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: Invalid user fred from 155.4.245.222
Oct 14 04:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: input_userauth_request: invalid user fred [preauth]
Oct 14 04:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 04:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: Failed password for invalid user fred from 155.4.245.222 port 7808 ssh2
Oct 14 04:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: Received disconnect from 155.4.245.222 port 7808:11: Bye Bye [preauth]
Oct 14 04:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: Disconnected from 155.4.245.222 port 7808 [preauth]
Oct 14 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6795]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6794]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6790]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6792]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6967]: Successful su for rubyman by root
Oct 14 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6967]: + ??? root:rubyman
Oct 14 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409041 of user rubyman.
Oct 14 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6967]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409041.
Oct 14 04:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6790]: pam_unix(cron:session): session closed for user root
Oct 14 04:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3224]: pam_unix(cron:session): session closed for user root
Oct 14 04:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6793]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Invalid user oracle from 196.251.84.92
Oct 14 04:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: input_userauth_request: invalid user oracle [preauth]
Oct 14 04:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Failed password for invalid user oracle from 196.251.84.92 port 55098 ssh2
Oct 14 04:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5759]: pam_unix(cron:session): session closed for user root
Oct 14 04:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Connection closed by 196.251.84.92 port 55098 [preauth]
Oct 14 04:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7405]: User ftp from 103.55.216.2 not allowed because not listed in AllowUsers
Oct 14 04:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7405]: input_userauth_request: invalid user ftp [preauth]
Oct 14 04:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2  user=ftp
Oct 14 04:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7405]: Failed password for invalid user ftp from 103.55.216.2 port 42204 ssh2
Oct 14 04:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7405]: Received disconnect from 103.55.216.2 port 42204:11: Bye Bye [preauth]
Oct 14 04:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7405]: Disconnected from 103.55.216.2 port 42204 [preauth]
Oct 14 04:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: User backup from 178.128.152.40 not allowed because not listed in AllowUsers
Oct 14 04:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: input_userauth_request: invalid user backup [preauth]
Oct 14 04:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40  user=backup
Oct 14 04:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Failed password for invalid user backup from 178.128.152.40 port 48526 ssh2
Oct 14 04:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Received disconnect from 178.128.152.40 port 48526:11: Bye Bye [preauth]
Oct 14 04:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Disconnected from 178.128.152.40 port 48526 [preauth]
Oct 14 04:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7476]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7473]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7479]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7477]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7479]: pam_unix(cron:session): session closed for user root
Oct 14 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7471]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7550]: Successful su for rubyman by root
Oct 14 04:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7550]: + ??? root:rubyman
Oct 14 04:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409047 of user rubyman.
Oct 14 04:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7550]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409047.
Oct 14 04:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Invalid user admin from 196.251.84.140
Oct 14 04:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 04:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Failed password for invalid user admin from 196.251.84.140 port 35794 ssh2
Oct 14 04:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Connection closed by 196.251.84.140 port 35794 [preauth]
Oct 14 04:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7473]: pam_unix(cron:session): session closed for user root
Oct 14 04:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3693]: pam_unix(cron:session): session closed for user root
Oct 14 04:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: Invalid user  from 196.251.73.199
Oct 14 04:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: input_userauth_request: invalid user  [preauth]
Oct 14 04:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7472]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7795]: Connection closed by 196.251.73.199 port 49862 [preauth]
Oct 14 04:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6230]: pam_unix(cron:session): session closed for user root
Oct 14 04:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Invalid user nick from 155.4.245.222
Oct 14 04:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: input_userauth_request: invalid user nick [preauth]
Oct 14 04:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 04:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Failed password for invalid user nick from 155.4.245.222 port 51527 ssh2
Oct 14 04:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Received disconnect from 155.4.245.222 port 51527:11: Bye Bye [preauth]
Oct 14 04:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Disconnected from 155.4.245.222 port 51527 [preauth]
Oct 14 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8419]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8420]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8417]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8494]: Successful su for rubyman by root
Oct 14 04:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8494]: + ??? root:rubyman
Oct 14 04:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8494]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409052 of user rubyman.
Oct 14 04:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8494]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409052.
Oct 14 04:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8572]: Invalid user oracle from 196.251.84.92
Oct 14 04:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8572]: input_userauth_request: invalid user oracle [preauth]
Oct 14 04:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8572]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8572]: Failed password for invalid user oracle from 196.251.84.92 port 58204 ssh2
Oct 14 04:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8572]: Connection closed by 196.251.84.92 port 58204 [preauth]
Oct 14 04:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4186]: pam_unix(cron:session): session closed for user root
Oct 14 04:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40  user=root
Oct 14 04:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8689]: Failed password for root from 178.128.152.40 port 55386 ssh2
Oct 14 04:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8689]: Received disconnect from 178.128.152.40 port 55386:11: Bye Bye [preauth]
Oct 14 04:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8689]: Disconnected from 178.128.152.40 port 55386 [preauth]
Oct 14 04:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8418]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8873]: Invalid user nick from 103.55.216.2
Oct 14 04:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8873]: input_userauth_request: invalid user nick [preauth]
Oct 14 04:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8873]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 04:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8873]: Failed password for invalid user nick from 103.55.216.2 port 58366 ssh2
Oct 14 04:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8873]: Received disconnect from 103.55.216.2 port 58366:11: Bye Bye [preauth]
Oct 14 04:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8873]: Disconnected from 103.55.216.2 port 58366 [preauth]
Oct 14 04:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6795]: pam_unix(cron:session): session closed for user root
Oct 14 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9018]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9016]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9012]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9090]: Successful su for rubyman by root
Oct 14 04:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9090]: + ??? root:rubyman
Oct 14 04:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409056 of user rubyman.
Oct 14 04:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9090]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409056.
Oct 14 04:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4775]: pam_unix(cron:session): session closed for user root
Oct 14 04:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9015]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9441]: Invalid user raju from 155.4.245.222
Oct 14 04:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9441]: input_userauth_request: invalid user raju [preauth]
Oct 14 04:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9441]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 04:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9441]: Failed password for invalid user raju from 155.4.245.222 port 44099 ssh2
Oct 14 04:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9441]: Received disconnect from 155.4.245.222 port 44099:11: Bye Bye [preauth]
Oct 14 04:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9441]: Disconnected from 155.4.245.222 port 44099 [preauth]
Oct 14 04:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Invalid user greg from 178.128.152.40
Oct 14 04:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: input_userauth_request: invalid user greg [preauth]
Oct 14 04:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 04:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: Invalid user o360adm from 190.103.202.7
Oct 14 04:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: input_userauth_request: invalid user o360adm [preauth]
Oct 14 04:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 14 04:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Failed password for invalid user greg from 178.128.152.40 port 46138 ssh2
Oct 14 04:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Received disconnect from 178.128.152.40 port 46138:11: Bye Bye [preauth]
Oct 14 04:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Disconnected from 178.128.152.40 port 46138 [preauth]
Oct 14 04:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: Failed password for invalid user o360adm from 190.103.202.7 port 47668 ssh2
Oct 14 04:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: Connection closed by 190.103.202.7 port 47668 [preauth]
Oct 14 04:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Invalid user oracle from 196.251.84.92
Oct 14 04:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: input_userauth_request: invalid user oracle [preauth]
Oct 14 04:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7477]: pam_unix(cron:session): session closed for user root
Oct 14 04:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Failed password for invalid user oracle from 196.251.84.92 port 33058 ssh2
Oct 14 04:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Connection closed by 196.251.84.92 port 33058 [preauth]
Oct 14 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9632]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9633]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9630]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9829]: Successful su for rubyman by root
Oct 14 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9829]: + ??? root:rubyman
Oct 14 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409061 of user rubyman.
Oct 14 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9829]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409061.
Oct 14 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: Invalid user admin from 103.55.216.2
Oct 14 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 04:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: Failed password for invalid user admin from 103.55.216.2 port 39622 ssh2
Oct 14 04:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: Received disconnect from 103.55.216.2 port 39622:11: Bye Bye [preauth]
Oct 14 04:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9794]: Disconnected from 103.55.216.2 port 39622 [preauth]
Oct 14 04:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5756]: pam_unix(cron:session): session closed for user root
Oct 14 04:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9631]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8420]: pam_unix(cron:session): session closed for user root
Oct 14 04:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10163]: Invalid user admin from 178.128.152.40
Oct 14 04:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10163]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10163]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 04:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10163]: Failed password for invalid user admin from 178.128.152.40 port 49126 ssh2
Oct 14 04:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10163]: Received disconnect from 178.128.152.40 port 49126:11: Bye Bye [preauth]
Oct 14 04:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10163]: Disconnected from 178.128.152.40 port 49126 [preauth]
Oct 14 04:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10184]: Did not receive identification string from 80.211.129.128
Oct 14 04:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10185]: Invalid user admin from 196.251.84.140
Oct 14 04:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10185]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10185]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 04:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10185]: Failed password for invalid user admin from 196.251.84.140 port 39562 ssh2
Oct 14 04:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10185]: Connection closed by 196.251.84.140 port 39562 [preauth]
Oct 14 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10240]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10241]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10238]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10317]: Successful su for rubyman by root
Oct 14 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10317]: + ??? root:rubyman
Oct 14 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409066 of user rubyman.
Oct 14 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10317]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409066.
Oct 14 04:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Invalid user elastic from 155.4.245.222
Oct 14 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: input_userauth_request: invalid user elastic [preauth]
Oct 14 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 04:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Failed password for invalid user elastic from 155.4.245.222 port 12516 ssh2
Oct 14 04:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Received disconnect from 155.4.245.222 port 12516:11: Bye Bye [preauth]
Oct 14 04:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Disconnected from 155.4.245.222 port 12516 [preauth]
Oct 14 04:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6229]: pam_unix(cron:session): session closed for user root
Oct 14 04:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: Invalid user oracle from 196.251.84.92
Oct 14 04:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: input_userauth_request: invalid user oracle [preauth]
Oct 14 04:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: Failed password for invalid user oracle from 196.251.84.92 port 35856 ssh2
Oct 14 04:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: Connection closed by 196.251.84.92 port 35856 [preauth]
Oct 14 04:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10239]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9018]: pam_unix(cron:session): session closed for user root
Oct 14 04:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Invalid user acs from 103.55.216.2
Oct 14 04:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: input_userauth_request: invalid user acs [preauth]
Oct 14 04:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 04:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Failed password for invalid user acs from 103.55.216.2 port 35880 ssh2
Oct 14 04:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Received disconnect from 103.55.216.2 port 35880:11: Bye Bye [preauth]
Oct 14 04:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Disconnected from 103.55.216.2 port 35880 [preauth]
Oct 14 04:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: Invalid user socksuser from 178.128.152.40
Oct 14 04:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: input_userauth_request: invalid user socksuser [preauth]
Oct 14 04:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 04:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: Failed password for invalid user socksuser from 178.128.152.40 port 41332 ssh2
Oct 14 04:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: Received disconnect from 178.128.152.40 port 41332:11: Bye Bye [preauth]
Oct 14 04:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: Disconnected from 178.128.152.40 port 41332 [preauth]
Oct 14 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10746]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10748]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10745]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10743]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10748]: pam_unix(cron:session): session closed for user root
Oct 14 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10739]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10821]: Successful su for rubyman by root
Oct 14 04:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10821]: + ??? root:rubyman
Oct 14 04:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409068 of user rubyman.
Oct 14 04:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10821]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409068.
Oct 14 04:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10743]: pam_unix(cron:session): session closed for user root
Oct 14 04:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6794]: pam_unix(cron:session): session closed for user root
Oct 14 04:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10741]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9633]: pam_unix(cron:session): session closed for user root
Oct 14 04:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: Invalid user oracle from 196.251.84.92
Oct 14 04:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: input_userauth_request: invalid user oracle [preauth]
Oct 14 04:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: Failed password for invalid user oracle from 196.251.84.92 port 38644 ssh2
Oct 14 04:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: Connection closed by 196.251.84.92 port 38644 [preauth]
Oct 14 04:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: Invalid user ftpuser from 155.4.245.222
Oct 14 04:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 04:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 04:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: Failed password for invalid user ftpuser from 155.4.245.222 port 46267 ssh2
Oct 14 04:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: Received disconnect from 155.4.245.222 port 46267:11: Bye Bye [preauth]
Oct 14 04:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: Disconnected from 155.4.245.222 port 46267 [preauth]
Oct 14 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11234]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11233]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11230]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11319]: Successful su for rubyman by root
Oct 14 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11319]: + ??? root:rubyman
Oct 14 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409076 of user rubyman.
Oct 14 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11319]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409076.
Oct 14 04:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: Invalid user jiel from 178.128.152.40
Oct 14 04:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: input_userauth_request: invalid user jiel [preauth]
Oct 14 04:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 04:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7476]: pam_unix(cron:session): session closed for user root
Oct 14 04:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: Failed password for invalid user jiel from 178.128.152.40 port 56350 ssh2
Oct 14 04:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: Received disconnect from 178.128.152.40 port 56350:11: Bye Bye [preauth]
Oct 14 04:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: Disconnected from 178.128.152.40 port 56350 [preauth]
Oct 14 04:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11232]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: Invalid user development from 103.55.216.2
Oct 14 04:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: input_userauth_request: invalid user development [preauth]
Oct 14 04:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 04:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: Failed password for invalid user development from 103.55.216.2 port 37150 ssh2
Oct 14 04:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: Received disconnect from 103.55.216.2 port 37150:11: Bye Bye [preauth]
Oct 14 04:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: Disconnected from 103.55.216.2 port 37150 [preauth]
Oct 14 04:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10241]: pam_unix(cron:session): session closed for user root
Oct 14 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11822]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11820]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11819]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11815]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11815]: pam_unix(cron:session): session closed for user root
Oct 14 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11818]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11896]: Successful su for rubyman by root
Oct 14 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11896]: + ??? root:rubyman
Oct 14 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409080 of user rubyman.
Oct 14 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11896]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409080.
Oct 14 04:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8419]: pam_unix(cron:session): session closed for user root
Oct 14 04:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11819]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12111]: Invalid user oracle from 196.251.84.92
Oct 14 04:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12111]: input_userauth_request: invalid user oracle [preauth]
Oct 14 04:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12111]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12111]: Failed password for invalid user oracle from 196.251.84.92 port 41066 ssh2
Oct 14 04:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12111]: Connection closed by 196.251.84.92 port 41066 [preauth]
Oct 14 04:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: Invalid user paco from 155.4.245.222
Oct 14 04:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: input_userauth_request: invalid user paco [preauth]
Oct 14 04:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 04:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Invalid user zy from 178.128.152.40
Oct 14 04:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: input_userauth_request: invalid user zy [preauth]
Oct 14 04:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 04:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: Failed password for invalid user paco from 155.4.245.222 port 7040 ssh2
Oct 14 04:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: Received disconnect from 155.4.245.222 port 7040:11: Bye Bye [preauth]
Oct 14 04:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: Disconnected from 155.4.245.222 port 7040 [preauth]
Oct 14 04:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Failed password for invalid user zy from 178.128.152.40 port 43586 ssh2
Oct 14 04:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Received disconnect from 178.128.152.40 port 43586:11: Bye Bye [preauth]
Oct 14 04:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Disconnected from 178.128.152.40 port 43586 [preauth]
Oct 14 04:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: Invalid user admin from 196.251.84.140
Oct 14 04:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 04:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: Failed password for invalid user admin from 196.251.84.140 port 43996 ssh2
Oct 14 04:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10746]: pam_unix(cron:session): session closed for user root
Oct 14 04:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: Connection closed by 196.251.84.140 port 43996 [preauth]
Oct 14 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12305]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12307]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12303]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12380]: Successful su for rubyman by root
Oct 14 04:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12380]: + ??? root:rubyman
Oct 14 04:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409084 of user rubyman.
Oct 14 04:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12380]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409084.
Oct 14 04:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2  user=root
Oct 14 04:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Failed password for root from 103.55.216.2 port 47508 ssh2
Oct 14 04:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Received disconnect from 103.55.216.2 port 47508:11: Bye Bye [preauth]
Oct 14 04:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Disconnected from 103.55.216.2 port 47508 [preauth]
Oct 14 04:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9016]: pam_unix(cron:session): session closed for user root
Oct 14 04:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12304]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11234]: pam_unix(cron:session): session closed for user root
Oct 14 04:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40  user=root
Oct 14 04:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: Failed password for root from 178.128.152.40 port 43682 ssh2
Oct 14 04:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: Received disconnect from 178.128.152.40 port 43682:11: Bye Bye [preauth]
Oct 14 04:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12721]: Disconnected from 178.128.152.40 port 43682 [preauth]
Oct 14 04:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12766]: Invalid user oracle from 196.251.84.92
Oct 14 04:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12766]: input_userauth_request: invalid user oracle [preauth]
Oct 14 04:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12766]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12766]: Failed password for invalid user oracle from 196.251.84.92 port 43364 ssh2
Oct 14 04:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12766]: Connection closed by 196.251.84.92 port 43364 [preauth]
Oct 14 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12791]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12788]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12875]: Successful su for rubyman by root
Oct 14 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12875]: + ??? root:rubyman
Oct 14 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409089 of user rubyman.
Oct 14 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12875]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409089.
Oct 14 04:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222  user=root
Oct 14 04:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: Failed password for root from 155.4.245.222 port 27584 ssh2
Oct 14 04:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: Received disconnect from 155.4.245.222 port 27584:11: Bye Bye [preauth]
Oct 14 04:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: Disconnected from 155.4.245.222 port 27584 [preauth]
Oct 14 04:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9632]: pam_unix(cron:session): session closed for user root
Oct 14 04:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12789]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11822]: pam_unix(cron:session): session closed for user root
Oct 14 04:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2  user=root
Oct 14 04:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13351]: Failed password for root from 103.55.216.2 port 58508 ssh2
Oct 14 04:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13351]: Received disconnect from 103.55.216.2 port 58508:11: Bye Bye [preauth]
Oct 14 04:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13351]: Disconnected from 103.55.216.2 port 58508 [preauth]
Oct 14 04:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: Invalid user bd from 178.128.152.40
Oct 14 04:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: input_userauth_request: invalid user bd [preauth]
Oct 14 04:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 04:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: Failed password for invalid user bd from 178.128.152.40 port 36162 ssh2
Oct 14 04:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: Received disconnect from 178.128.152.40 port 36162:11: Bye Bye [preauth]
Oct 14 04:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13378]: Disconnected from 178.128.152.40 port 36162 [preauth]
Oct 14 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13411]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13408]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13409]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13407]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13411]: pam_unix(cron:session): session closed for user root
Oct 14 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13405]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13498]: Successful su for rubyman by root
Oct 14 04:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13498]: + ??? root:rubyman
Oct 14 04:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409091 of user rubyman.
Oct 14 04:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13498]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409091.
Oct 14 04:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10240]: pam_unix(cron:session): session closed for user root
Oct 14 04:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13407]: pam_unix(cron:session): session closed for user root
Oct 14 04:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: Invalid user oracle from 196.251.84.92
Oct 14 04:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: input_userauth_request: invalid user oracle [preauth]
Oct 14 04:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13406]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: Failed password for invalid user oracle from 196.251.84.92 port 45496 ssh2
Oct 14 04:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: Connection closed by 196.251.84.92 port 45496 [preauth]
Oct 14 04:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12307]: pam_unix(cron:session): session closed for user root
Oct 14 04:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222  user=root
Oct 14 04:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13877]: Failed password for root from 155.4.245.222 port 32584 ssh2
Oct 14 04:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13877]: Received disconnect from 155.4.245.222 port 32584:11: Bye Bye [preauth]
Oct 14 04:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13877]: Disconnected from 155.4.245.222 port 32584 [preauth]
Oct 14 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13941]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13942]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13939]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14011]: Successful su for rubyman by root
Oct 14 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14011]: + ??? root:rubyman
Oct 14 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409097 of user rubyman.
Oct 14 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14011]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409097.
Oct 14 04:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Invalid user ftpuser from 178.128.152.40
Oct 14 04:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 04:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40
Oct 14 04:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Failed password for invalid user ftpuser from 178.128.152.40 port 38672 ssh2
Oct 14 04:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Received disconnect from 178.128.152.40 port 38672:11: Bye Bye [preauth]
Oct 14 04:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Disconnected from 178.128.152.40 port 38672 [preauth]
Oct 14 04:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10745]: pam_unix(cron:session): session closed for user root
Oct 14 04:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13940]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: Invalid user admin from 196.251.84.140
Oct 14 04:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 04:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: Failed password for invalid user admin from 196.251.84.140 port 47648 ssh2
Oct 14 04:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: Connection closed by 196.251.84.140 port 47648 [preauth]
Oct 14 04:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: Invalid user jafar from 103.55.216.2
Oct 14 04:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: input_userauth_request: invalid user jafar [preauth]
Oct 14 04:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 04:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: Failed password for invalid user jafar from 103.55.216.2 port 57958 ssh2
Oct 14 04:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: Received disconnect from 103.55.216.2 port 57958:11: Bye Bye [preauth]
Oct 14 04:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14364]: Disconnected from 103.55.216.2 port 57958 [preauth]
Oct 14 04:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session closed for user root
Oct 14 04:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.201.227  user=root
Oct 14 04:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14425]: Failed password for root from 80.211.201.227 port 59010 ssh2
Oct 14 04:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14425]: Connection closed by 80.211.201.227 port 59010 [preauth]
Oct 14 04:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: Invalid user oracle from 196.251.84.92
Oct 14 04:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: input_userauth_request: invalid user oracle [preauth]
Oct 14 04:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: Failed password for invalid user oracle from 196.251.84.92 port 47584 ssh2
Oct 14 04:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: Connection closed by 196.251.84.92 port 47584 [preauth]
Oct 14 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14487]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14486]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14483]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14558]: Successful su for rubyman by root
Oct 14 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14558]: + ??? root:rubyman
Oct 14 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409104 of user rubyman.
Oct 14 04:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14558]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409104.
Oct 14 04:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11233]: pam_unix(cron:session): session closed for user root
Oct 14 04:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14484]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: Invalid user acs from 155.4.245.222
Oct 14 04:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: input_userauth_request: invalid user acs [preauth]
Oct 14 04:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 04:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: User john from 178.128.152.40 not allowed because not listed in AllowUsers
Oct 14 04:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: input_userauth_request: invalid user john [preauth]
Oct 14 04:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.152.40  user=john
Oct 14 04:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: Failed password for invalid user acs from 155.4.245.222 port 64161 ssh2
Oct 14 04:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: Received disconnect from 155.4.245.222 port 64161:11: Bye Bye [preauth]
Oct 14 04:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14806]: Disconnected from 155.4.245.222 port 64161 [preauth]
Oct 14 04:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: Failed password for invalid user john from 178.128.152.40 port 58248 ssh2
Oct 14 04:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: Received disconnect from 178.128.152.40 port 58248:11: Bye Bye [preauth]
Oct 14 04:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14818]: Disconnected from 178.128.152.40 port 58248 [preauth]
Oct 14 04:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13409]: pam_unix(cron:session): session closed for user root
Oct 14 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14954]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14952]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14949]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15024]: Successful su for rubyman by root
Oct 14 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15024]: + ??? root:rubyman
Oct 14 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409105 of user rubyman.
Oct 14 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15024]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409105.
Oct 14 04:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11820]: pam_unix(cron:session): session closed for user root
Oct 14 04:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14950]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Invalid user erick from 103.55.216.2
Oct 14 04:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: input_userauth_request: invalid user erick [preauth]
Oct 14 04:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 04:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Failed password for invalid user erick from 103.55.216.2 port 44898 ssh2
Oct 14 04:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Received disconnect from 103.55.216.2 port 44898:11: Bye Bye [preauth]
Oct 14 04:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Disconnected from 103.55.216.2 port 44898 [preauth]
Oct 14 04:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: Invalid user postgres from 196.251.84.92
Oct 14 04:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: input_userauth_request: invalid user postgres [preauth]
Oct 14 04:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: Failed password for invalid user postgres from 196.251.84.92 port 49518 ssh2
Oct 14 04:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: Connection closed by 196.251.84.92 port 49518 [preauth]
Oct 14 04:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Invalid user admin from 2.57.121.25
Oct 14 04:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 04:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Failed password for invalid user admin from 2.57.121.25 port 37765 ssh2
Oct 14 04:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.201.227  user=root
Oct 14 04:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13942]: pam_unix(cron:session): session closed for user root
Oct 14 04:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Failed password for invalid user admin from 2.57.121.25 port 37765 ssh2
Oct 14 04:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Failed password for invalid user admin from 2.57.121.25 port 37765 ssh2
Oct 14 04:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15439]: Failed password for root from 80.211.201.227 port 48314 ssh2
Oct 14 04:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15439]: Connection closed by 80.211.201.227 port 48314 [preauth]
Oct 14 04:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Failed password for invalid user admin from 2.57.121.25 port 37765 ssh2
Oct 14 04:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Failed password for invalid user admin from 2.57.121.25 port 37765 ssh2
Oct 14 04:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Received disconnect from 2.57.121.25 port 37765:11: Bye [preauth]
Oct 14 04:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: Disconnected from 2.57.121.25 port 37765 [preauth]
Oct 14 04:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 04:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15421]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15512]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15513]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15510]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15582]: Successful su for rubyman by root
Oct 14 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15582]: + ??? root:rubyman
Oct 14 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409110 of user rubyman.
Oct 14 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15582]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409110.
Oct 14 04:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15506]: Invalid user wahyu from 155.4.245.222
Oct 14 04:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15506]: input_userauth_request: invalid user wahyu [preauth]
Oct 14 04:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15506]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 04:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15506]: Failed password for invalid user wahyu from 155.4.245.222 port 61130 ssh2
Oct 14 04:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15506]: Received disconnect from 155.4.245.222 port 61130:11: Bye Bye [preauth]
Oct 14 04:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15506]: Disconnected from 155.4.245.222 port 61130 [preauth]
Oct 14 04:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12305]: pam_unix(cron:session): session closed for user root
Oct 14 04:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15511]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14487]: pam_unix(cron:session): session closed for user root
Oct 14 04:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: Invalid user admin from 196.251.84.140
Oct 14 04:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 04:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: Failed password for invalid user admin from 196.251.84.140 port 48840 ssh2
Oct 14 04:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: Invalid user postgres from 196.251.84.92
Oct 14 04:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: input_userauth_request: invalid user postgres [preauth]
Oct 14 04:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: Connection closed by 196.251.84.140 port 48840 [preauth]
Oct 14 04:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: Failed password for invalid user postgres from 196.251.84.92 port 51250 ssh2
Oct 14 04:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: Connection closed by 196.251.84.92 port 51250 [preauth]
Oct 14 04:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: Invalid user connor from 103.55.216.2
Oct 14 04:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: input_userauth_request: invalid user connor [preauth]
Oct 14 04:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 04:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: Failed password for invalid user connor from 103.55.216.2 port 43476 ssh2
Oct 14 04:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: Received disconnect from 103.55.216.2 port 43476:11: Bye Bye [preauth]
Oct 14 04:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: Disconnected from 103.55.216.2 port 43476 [preauth]
Oct 14 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15971]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15970]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15972]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15976]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15976]: pam_unix(cron:session): session closed for user root
Oct 14 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15968]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16058]: Successful su for rubyman by root
Oct 14 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16058]: + ??? root:rubyman
Oct 14 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409116 of user rubyman.
Oct 14 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16058]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409116.
Oct 14 04:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15970]: pam_unix(cron:session): session closed for user root
Oct 14 04:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12791]: pam_unix(cron:session): session closed for user root
Oct 14 04:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15969]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14954]: pam_unix(cron:session): session closed for user root
Oct 14 04:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: Invalid user taylor from 155.4.245.222
Oct 14 04:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: input_userauth_request: invalid user taylor [preauth]
Oct 14 04:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 04:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: Failed password for invalid user taylor from 155.4.245.222 port 1906 ssh2
Oct 14 04:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: Received disconnect from 155.4.245.222 port 1906:11: Bye Bye [preauth]
Oct 14 04:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: Disconnected from 155.4.245.222 port 1906 [preauth]
Oct 14 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16468]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16469]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16466]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16551]: Successful su for rubyman by root
Oct 14 04:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16551]: + ??? root:rubyman
Oct 14 04:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409119 of user rubyman.
Oct 14 04:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16551]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409119.
Oct 14 04:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13408]: pam_unix(cron:session): session closed for user root
Oct 14 04:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16467]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: Invalid user postgres from 196.251.84.92
Oct 14 04:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: input_userauth_request: invalid user postgres [preauth]
Oct 14 04:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: Failed password for invalid user postgres from 196.251.84.92 port 52758 ssh2
Oct 14 04:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: Connection closed by 196.251.84.92 port 52758 [preauth]
Oct 14 04:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15513]: pam_unix(cron:session): session closed for user root
Oct 14 04:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16875]: Invalid user bitwarden from 103.55.216.2
Oct 14 04:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16875]: input_userauth_request: invalid user bitwarden [preauth]
Oct 14 04:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16875]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 04:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16875]: Failed password for invalid user bitwarden from 103.55.216.2 port 44458 ssh2
Oct 14 04:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16875]: Received disconnect from 103.55.216.2 port 44458:11: Bye Bye [preauth]
Oct 14 04:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16875]: Disconnected from 103.55.216.2 port 44458 [preauth]
Oct 14 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16941]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16943]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16939]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17016]: Successful su for rubyman by root
Oct 14 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17016]: + ??? root:rubyman
Oct 14 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409126 of user rubyman.
Oct 14 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17016]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409126.
Oct 14 04:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13941]: pam_unix(cron:session): session closed for user root
Oct 14 04:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16940]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17273]: Invalid user erick from 155.4.245.222
Oct 14 04:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17273]: input_userauth_request: invalid user erick [preauth]
Oct 14 04:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17273]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 04:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17273]: Failed password for invalid user erick from 155.4.245.222 port 10753 ssh2
Oct 14 04:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17273]: Received disconnect from 155.4.245.222 port 10753:11: Bye Bye [preauth]
Oct 14 04:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17273]: Disconnected from 155.4.245.222 port 10753 [preauth]
Oct 14 04:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15972]: pam_unix(cron:session): session closed for user root
Oct 14 04:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: Invalid user postgres from 196.251.84.92
Oct 14 04:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: input_userauth_request: invalid user postgres [preauth]
Oct 14 04:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: Failed password for invalid user postgres from 196.251.84.92 port 54416 ssh2
Oct 14 04:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: Connection closed by 196.251.84.92 port 54416 [preauth]
Oct 14 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17422]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17421]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17419]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17485]: Successful su for rubyman by root
Oct 14 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17485]: + ??? root:rubyman
Oct 14 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409128 of user rubyman.
Oct 14 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17485]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409128.
Oct 14 04:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14486]: pam_unix(cron:session): session closed for user root
Oct 14 04:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17665]: Invalid user admin from 196.251.84.140
Oct 14 04:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17665]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17665]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 04:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17420]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17665]: Failed password for invalid user admin from 196.251.84.140 port 52198 ssh2
Oct 14 04:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17665]: Connection closed by 196.251.84.140 port 52198 [preauth]
Oct 14 04:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 04:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17783]: Invalid user user1 from 103.55.216.2
Oct 14 04:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17783]: input_userauth_request: invalid user user1 [preauth]
Oct 14 04:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17783]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 04:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17768]: Failed password for root from 80.211.129.128 port 44196 ssh2
Oct 14 04:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17783]: Failed password for invalid user user1 from 103.55.216.2 port 35624 ssh2
Oct 14 04:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17783]: Received disconnect from 103.55.216.2 port 35624:11: Bye Bye [preauth]
Oct 14 04:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17783]: Disconnected from 103.55.216.2 port 35624 [preauth]
Oct 14 04:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17768]: Connection closed by 80.211.129.128 port 44196 [preauth]
Oct 14 04:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16469]: pam_unix(cron:session): session closed for user root
Oct 14 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17967]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17968]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17965]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18041]: Successful su for rubyman by root
Oct 14 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18041]: + ??? root:rubyman
Oct 14 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409132 of user rubyman.
Oct 14 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18041]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409132.
Oct 14 04:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222  user=root
Oct 14 04:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: Failed password for root from 155.4.245.222 port 26357 ssh2
Oct 14 04:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: Received disconnect from 155.4.245.222 port 26357:11: Bye Bye [preauth]
Oct 14 04:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: Disconnected from 155.4.245.222 port 26357 [preauth]
Oct 14 04:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14952]: pam_unix(cron:session): session closed for user root
Oct 14 04:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17966]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: Invalid user postgres from 196.251.84.92
Oct 14 04:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: input_userauth_request: invalid user postgres [preauth]
Oct 14 04:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: Failed password for invalid user postgres from 196.251.84.92 port 55704 ssh2
Oct 14 04:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: Connection closed by 196.251.84.92 port 55704 [preauth]
Oct 14 04:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16943]: pam_unix(cron:session): session closed for user root
Oct 14 04:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: Invalid user loginuser from 193.32.162.151
Oct 14 04:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: input_userauth_request: invalid user loginuser [preauth]
Oct 14 04:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 14 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18684]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18683]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18686]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18688]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18688]: pam_unix(cron:session): session closed for user root
Oct 14 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18681]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: Failed password for invalid user loginuser from 193.32.162.151 port 44208 ssh2
Oct 14 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18668]: Connection closed by 193.32.162.151 port 44208 [preauth]
Oct 14 04:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18767]: Successful su for rubyman by root
Oct 14 04:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18767]: + ??? root:rubyman
Oct 14 04:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409139 of user rubyman.
Oct 14 04:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18767]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409139.
Oct 14 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18796]: Invalid user minerhub from 103.55.216.2
Oct 14 04:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18796]: input_userauth_request: invalid user minerhub [preauth]
Oct 14 04:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18796]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 04:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18796]: Failed password for invalid user minerhub from 103.55.216.2 port 49310 ssh2
Oct 14 04:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18796]: Received disconnect from 103.55.216.2 port 49310:11: Bye Bye [preauth]
Oct 14 04:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18796]: Disconnected from 103.55.216.2 port 49310 [preauth]
Oct 14 04:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18683]: pam_unix(cron:session): session closed for user root
Oct 14 04:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15512]: pam_unix(cron:session): session closed for user root
Oct 14 04:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18682]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17422]: pam_unix(cron:session): session closed for user root
Oct 14 04:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: User ftp from 155.4.245.222 not allowed because not listed in AllowUsers
Oct 14 04:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: input_userauth_request: invalid user ftp [preauth]
Oct 14 04:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222  user=ftp
Oct 14 04:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Failed password for invalid user ftp from 155.4.245.222 port 29424 ssh2
Oct 14 04:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Received disconnect from 155.4.245.222 port 29424:11: Bye Bye [preauth]
Oct 14 04:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Disconnected from 155.4.245.222 port 29424 [preauth]
Oct 14 04:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19379]: Invalid user postgres from 196.251.84.92
Oct 14 04:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19379]: input_userauth_request: invalid user postgres [preauth]
Oct 14 04:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19379]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19431]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19432]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19429]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19429]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19379]: Failed password for invalid user postgres from 196.251.84.92 port 56788 ssh2
Oct 14 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19379]: Connection closed by 196.251.84.92 port 56788 [preauth]
Oct 14 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19610]: Successful su for rubyman by root
Oct 14 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19610]: + ??? root:rubyman
Oct 14 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409141 of user rubyman.
Oct 14 04:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19610]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409141.
Oct 14 04:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15971]: pam_unix(cron:session): session closed for user root
Oct 14 04:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19430]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17968]: pam_unix(cron:session): session closed for user root
Oct 14 04:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2  user=root
Oct 14 04:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 04:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: Failed password for root from 103.55.216.2 port 42060 ssh2
Oct 14 04:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: Received disconnect from 103.55.216.2 port 42060:11: Bye Bye [preauth]
Oct 14 04:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: Disconnected from 103.55.216.2 port 42060 [preauth]
Oct 14 04:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20105]: Invalid user admin from 196.251.84.140
Oct 14 04:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20105]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20104]: Failed password for root from 80.211.129.128 port 43708 ssh2
Oct 14 04:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20105]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 04:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20104]: Connection closed by 80.211.129.128 port 43708 [preauth]
Oct 14 04:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20105]: Failed password for invalid user admin from 196.251.84.140 port 54072 ssh2
Oct 14 04:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20105]: Connection closed by 196.251.84.140 port 54072 [preauth]
Oct 14 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20178]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20177]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20174]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20278]: Successful su for rubyman by root
Oct 14 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20278]: + ??? root:rubyman
Oct 14 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409146 of user rubyman.
Oct 14 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20278]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409146.
Oct 14 04:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16468]: pam_unix(cron:session): session closed for user root
Oct 14 04:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20176]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: Invalid user development from 155.4.245.222
Oct 14 04:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: input_userauth_request: invalid user development [preauth]
Oct 14 04:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 04:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: Failed password for invalid user development from 155.4.245.222 port 7220 ssh2
Oct 14 04:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: Received disconnect from 155.4.245.222 port 7220:11: Bye Bye [preauth]
Oct 14 04:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20534]: Disconnected from 155.4.245.222 port 7220 [preauth]
Oct 14 04:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Invalid user postgres from 196.251.84.92
Oct 14 04:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: input_userauth_request: invalid user postgres [preauth]
Oct 14 04:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Failed password for invalid user postgres from 196.251.84.92 port 57760 ssh2
Oct 14 04:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Connection closed by 196.251.84.92 port 57760 [preauth]
Oct 14 04:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18686]: pam_unix(cron:session): session closed for user root
Oct 14 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20681]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20680]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20675]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20755]: Successful su for rubyman by root
Oct 14 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20755]: + ??? root:rubyman
Oct 14 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20755]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409150 of user rubyman.
Oct 14 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20755]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409150.
Oct 14 04:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16941]: pam_unix(cron:session): session closed for user root
Oct 14 04:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20677]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Invalid user fred from 103.55.216.2
Oct 14 04:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: input_userauth_request: invalid user fred [preauth]
Oct 14 04:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 04:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Failed password for invalid user fred from 103.55.216.2 port 36816 ssh2
Oct 14 04:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Received disconnect from 103.55.216.2 port 36816:11: Bye Bye [preauth]
Oct 14 04:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Disconnected from 103.55.216.2 port 36816 [preauth]
Oct 14 04:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19432]: pam_unix(cron:session): session closed for user root
Oct 14 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21137]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21136]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21132]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21200]: Successful su for rubyman by root
Oct 14 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21200]: + ??? root:rubyman
Oct 14 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409155 of user rubyman.
Oct 14 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21200]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409155.
Oct 14 04:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21242]: Invalid user postgres from 196.251.84.92
Oct 14 04:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21242]: input_userauth_request: invalid user postgres [preauth]
Oct 14 04:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21242]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: Invalid user user1 from 155.4.245.222
Oct 14 04:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: input_userauth_request: invalid user user1 [preauth]
Oct 14 04:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222
Oct 14 04:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21242]: Failed password for invalid user postgres from 196.251.84.92 port 58844 ssh2
Oct 14 04:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21242]: Connection closed by 196.251.84.92 port 58844 [preauth]
Oct 14 04:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: Failed password for invalid user user1 from 155.4.245.222 port 8840 ssh2
Oct 14 04:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: Received disconnect from 155.4.245.222 port 8840:11: Bye Bye [preauth]
Oct 14 04:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: Disconnected from 155.4.245.222 port 8840 [preauth]
Oct 14 04:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17421]: pam_unix(cron:session): session closed for user root
Oct 14 04:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21133]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20178]: pam_unix(cron:session): session closed for user root
Oct 14 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21664]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21663]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21665]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21662]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21665]: pam_unix(cron:session): session closed for user root
Oct 14 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21657]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21746]: Successful su for rubyman by root
Oct 14 04:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21746]: + ??? root:rubyman
Oct 14 04:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409157 of user rubyman.
Oct 14 04:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21746]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409157.
Oct 14 04:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21662]: pam_unix(cron:session): session closed for user root
Oct 14 04:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17967]: pam_unix(cron:session): session closed for user root
Oct 14 04:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2  user=root
Oct 14 04:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21908]: Invalid user admin from 196.251.84.140
Oct 14 04:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21908]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21967]: Failed password for root from 103.55.216.2 port 43670 ssh2
Oct 14 04:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21967]: Received disconnect from 103.55.216.2 port 43670:11: Bye Bye [preauth]
Oct 14 04:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21967]: Disconnected from 103.55.216.2 port 43670 [preauth]
Oct 14 04:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21908]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 04:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21908]: Failed password for invalid user admin from 196.251.84.140 port 54398 ssh2
Oct 14 04:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21908]: Connection closed by 196.251.84.140 port 54398 [preauth]
Oct 14 04:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21661]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22091]: Invalid user postgres from 196.251.84.92
Oct 14 04:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22091]: input_userauth_request: invalid user postgres [preauth]
Oct 14 04:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22091]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20681]: pam_unix(cron:session): session closed for user root
Oct 14 04:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22091]: Failed password for invalid user postgres from 196.251.84.92 port 59646 ssh2
Oct 14 04:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22091]: Connection closed by 196.251.84.92 port 59646 [preauth]
Oct 14 04:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=155.4.245.222  user=root
Oct 14 04:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: Failed password for root from 155.4.245.222 port 9827 ssh2
Oct 14 04:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: Received disconnect from 155.4.245.222 port 9827:11: Bye Bye [preauth]
Oct 14 04:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: Disconnected from 155.4.245.222 port 9827 [preauth]
Oct 14 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22196]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22194]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22191]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22291]: Successful su for rubyman by root
Oct 14 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22291]: + ??? root:rubyman
Oct 14 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22291]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409163 of user rubyman.
Oct 14 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22291]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409163.
Oct 14 04:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18684]: pam_unix(cron:session): session closed for user root
Oct 14 04:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22192]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21137]: pam_unix(cron:session): session closed for user root
Oct 14 04:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Invalid user user03 from 103.55.216.2
Oct 14 04:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: input_userauth_request: invalid user user03 [preauth]
Oct 14 04:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.216.2
Oct 14 04:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22680]: Did not receive identification string from 80.211.129.128
Oct 14 04:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Failed password for invalid user user03 from 103.55.216.2 port 51826 ssh2
Oct 14 04:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Received disconnect from 103.55.216.2 port 51826:11: Bye Bye [preauth]
Oct 14 04:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Disconnected from 103.55.216.2 port 51826 [preauth]
Oct 14 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22707]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22706]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22701]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22954]: Successful su for rubyman by root
Oct 14 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22954]: + ??? root:rubyman
Oct 14 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22954]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409167 of user rubyman.
Oct 14 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22954]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409167.
Oct 14 04:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23264]: Invalid user postgres from 196.251.84.92
Oct 14 04:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23264]: input_userauth_request: invalid user postgres [preauth]
Oct 14 04:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23264]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19431]: pam_unix(cron:session): session closed for user root
Oct 14 04:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23264]: Failed password for invalid user postgres from 196.251.84.92 port 60264 ssh2
Oct 14 04:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23264]: Connection closed by 196.251.84.92 port 60264 [preauth]
Oct 14 04:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22705]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21664]: pam_unix(cron:session): session closed for user root
Oct 14 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23860]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23862]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23858]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23932]: Successful su for rubyman by root
Oct 14 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23932]: + ??? root:rubyman
Oct 14 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409172 of user rubyman.
Oct 14 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23932]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409172.
Oct 14 04:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20177]: pam_unix(cron:session): session closed for user root
Oct 14 04:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23859]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22196]: pam_unix(cron:session): session closed for user root
Oct 14 04:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: Invalid user postgres from 196.251.84.92
Oct 14 04:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: input_userauth_request: invalid user postgres [preauth]
Oct 14 04:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: Invalid user admin from 196.251.84.140
Oct 14 04:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: Failed password for invalid user postgres from 196.251.84.92 port 60752 ssh2
Oct 14 04:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 04:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24292]: Connection closed by 196.251.84.92 port 60752 [preauth]
Oct 14 04:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: Failed password for invalid user admin from 196.251.84.140 port 56454 ssh2
Oct 14 04:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: Connection closed by 196.251.84.140 port 56454 [preauth]
Oct 14 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24391]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24389]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24384]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24386]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24590]: Successful su for rubyman by root
Oct 14 04:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24590]: + ??? root:rubyman
Oct 14 04:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409177 of user rubyman.
Oct 14 04:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24590]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409177.
Oct 14 04:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24384]: pam_unix(cron:session): session closed for user root
Oct 14 04:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20680]: pam_unix(cron:session): session closed for user root
Oct 14 04:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24388]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22707]: pam_unix(cron:session): session closed for user root
Oct 14 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25002]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25001]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25000]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25004]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25004]: pam_unix(cron:session): session closed for user root
Oct 14 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24998]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25090]: Successful su for rubyman by root
Oct 14 04:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25090]: + ??? root:rubyman
Oct 14 04:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409181 of user rubyman.
Oct 14 04:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25090]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409181.
Oct 14 04:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25180]: Invalid user postgres from 196.251.84.92
Oct 14 04:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25180]: input_userauth_request: invalid user postgres [preauth]
Oct 14 04:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25180]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25180]: Failed password for invalid user postgres from 196.251.84.92 port 60910 ssh2
Oct 14 04:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25180]: Connection closed by 196.251.84.92 port 60910 [preauth]
Oct 14 04:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25000]: pam_unix(cron:session): session closed for user root
Oct 14 04:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21136]: pam_unix(cron:session): session closed for user root
Oct 14 04:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24999]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23862]: pam_unix(cron:session): session closed for user root
Oct 14 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25739]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25738]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25734]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25915]: Successful su for rubyman by root
Oct 14 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25915]: + ??? root:rubyman
Oct 14 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25915]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409186 of user rubyman.
Oct 14 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25915]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409186.
Oct 14 04:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21663]: pam_unix(cron:session): session closed for user root
Oct 14 04:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25736]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24391]: pam_unix(cron:session): session closed for user root
Oct 14 04:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26252]: Invalid user postgres from 196.251.84.92
Oct 14 04:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26252]: input_userauth_request: invalid user postgres [preauth]
Oct 14 04:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26252]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26252]: Failed password for invalid user postgres from 196.251.84.92 port 32904 ssh2
Oct 14 04:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26252]: Connection closed by 196.251.84.92 port 32904 [preauth]
Oct 14 04:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: Invalid user admin from 196.251.84.140
Oct 14 04:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26342]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26341]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26337]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: Failed password for invalid user admin from 196.251.84.140 port 54644 ssh2
Oct 14 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26504]: Successful su for rubyman by root
Oct 14 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26504]: + ??? root:rubyman
Oct 14 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409190 of user rubyman.
Oct 14 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26504]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409190.
Oct 14 04:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: Connection closed by 196.251.84.140 port 54644 [preauth]
Oct 14 04:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22194]: pam_unix(cron:session): session closed for user root
Oct 14 04:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26340]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25002]: pam_unix(cron:session): session closed for user root
Oct 14 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27023]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27024]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27021]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27206]: Successful su for rubyman by root
Oct 14 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27206]: + ??? root:rubyman
Oct 14 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409195 of user rubyman.
Oct 14 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27206]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409195.
Oct 14 04:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22706]: pam_unix(cron:session): session closed for user root
Oct 14 04:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: Invalid user zabbix from 196.251.84.92
Oct 14 04:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: input_userauth_request: invalid user zabbix [preauth]
Oct 14 04:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: Failed password for invalid user zabbix from 196.251.84.92 port 32878 ssh2
Oct 14 04:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: Connection closed by 196.251.84.92 port 32878 [preauth]
Oct 14 04:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27022]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25739]: pam_unix(cron:session): session closed for user root
Oct 14 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27899]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27901]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27897]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27975]: Successful su for rubyman by root
Oct 14 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27975]: + ??? root:rubyman
Oct 14 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409198 of user rubyman.
Oct 14 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27975]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409198.
Oct 14 04:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23860]: pam_unix(cron:session): session closed for user root
Oct 14 04:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27898]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26342]: pam_unix(cron:session): session closed for user root
Oct 14 04:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: Invalid user zabbix from 196.251.84.92
Oct 14 04:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: input_userauth_request: invalid user zabbix [preauth]
Oct 14 04:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: Failed password for invalid user zabbix from 196.251.84.92 port 60702 ssh2
Oct 14 04:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: Connection closed by 196.251.84.92 port 60702 [preauth]
Oct 14 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28385]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28386]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28382]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28384]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28386]: pam_unix(cron:session): session closed for user root
Oct 14 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28379]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28694]: Successful su for rubyman by root
Oct 14 04:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28694]: + ??? root:rubyman
Oct 14 04:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409203 of user rubyman.
Oct 14 04:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28694]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409203.
Oct 14 04:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28382]: pam_unix(cron:session): session closed for user root
Oct 14 04:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24389]: pam_unix(cron:session): session closed for user root
Oct 14 04:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28381]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29027]: Invalid user admin from 196.251.84.140
Oct 14 04:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29027]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29027]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 04:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29027]: Failed password for invalid user admin from 196.251.84.140 port 56096 ssh2
Oct 14 04:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29027]: Connection closed by 196.251.84.140 port 56096 [preauth]
Oct 14 04:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27024]: pam_unix(cron:session): session closed for user root
Oct 14 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29251]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29252]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29250]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29249]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29351]: Successful su for rubyman by root
Oct 14 04:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29351]: + ??? root:rubyman
Oct 14 04:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409209 of user rubyman.
Oct 14 04:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29351]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409209.
Oct 14 04:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25001]: pam_unix(cron:session): session closed for user root
Oct 14 04:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29574]: Invalid user zabbix from 196.251.84.92
Oct 14 04:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29574]: input_userauth_request: invalid user zabbix [preauth]
Oct 14 04:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29574]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29250]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29574]: Failed password for invalid user zabbix from 196.251.84.92 port 59782 ssh2
Oct 14 04:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29574]: Connection closed by 196.251.84.92 port 59782 [preauth]
Oct 14 04:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27901]: pam_unix(cron:session): session closed for user root
Oct 14 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29760]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29759]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29756]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29839]: Successful su for rubyman by root
Oct 14 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29839]: + ??? root:rubyman
Oct 14 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409213 of user rubyman.
Oct 14 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29839]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409213.
Oct 14 04:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29879]: Invalid user admin from 62.60.131.157
Oct 14 04:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29879]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29879]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 04:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29879]: Failed password for invalid user admin from 62.60.131.157 port 62577 ssh2
Oct 14 04:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29879]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29879]: Failed password for invalid user admin from 62.60.131.157 port 62577 ssh2
Oct 14 04:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29879]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25738]: pam_unix(cron:session): session closed for user root
Oct 14 04:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29879]: Failed password for invalid user admin from 62.60.131.157 port 62577 ssh2
Oct 14 04:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29879]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29879]: Failed password for invalid user admin from 62.60.131.157 port 62577 ssh2
Oct 14 04:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29879]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29879]: Failed password for invalid user admin from 62.60.131.157 port 62577 ssh2
Oct 14 04:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29879]: Received disconnect from 62.60.131.157 port 62577:11: Bye [preauth]
Oct 14 04:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29879]: Disconnected from 62.60.131.157 port 62577 [preauth]
Oct 14 04:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29879]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 04:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29879]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 04:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29757]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28385]: pam_unix(cron:session): session closed for user root
Oct 14 04:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Invalid user zabbix from 196.251.84.92
Oct 14 04:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: input_userauth_request: invalid user zabbix [preauth]
Oct 14 04:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Failed password for invalid user zabbix from 196.251.84.92 port 59292 ssh2
Oct 14 04:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Connection closed by 196.251.84.92 port 59292 [preauth]
Oct 14 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30290]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30291]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30289]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30288]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30288]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30382]: Successful su for rubyman by root
Oct 14 04:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30382]: + ??? root:rubyman
Oct 14 04:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409217 of user rubyman.
Oct 14 04:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30382]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409217.
Oct 14 04:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26341]: pam_unix(cron:session): session closed for user root
Oct 14 04:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30289]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: Invalid user admin from 196.251.84.140
Oct 14 04:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 04:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: Failed password for invalid user admin from 196.251.84.140 port 54656 ssh2
Oct 14 04:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: Connection closed by 196.251.84.140 port 54656 [preauth]
Oct 14 04:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29252]: pam_unix(cron:session): session closed for user root
Oct 14 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30866]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30867]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30865]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30864]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30864]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30935]: Successful su for rubyman by root
Oct 14 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30935]: + ??? root:rubyman
Oct 14 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409221 of user rubyman.
Oct 14 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30935]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409221.
Oct 14 04:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27023]: pam_unix(cron:session): session closed for user root
Oct 14 04:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: Invalid user zabbix from 196.251.84.92
Oct 14 04:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: input_userauth_request: invalid user zabbix [preauth]
Oct 14 04:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30865]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: Failed password for invalid user zabbix from 196.251.84.92 port 58336 ssh2
Oct 14 04:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: Connection closed by 196.251.84.92 port 58336 [preauth]
Oct 14 04:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29760]: pam_unix(cron:session): session closed for user root
Oct 14 04:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31338]: Invalid user ankur from 115.231.10.56
Oct 14 04:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31338]: input_userauth_request: invalid user ankur [preauth]
Oct 14 04:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31338]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.10.56
Oct 14 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31338]: Failed password for invalid user ankur from 115.231.10.56 port 58234 ssh2
Oct 14 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31338]: Received disconnect from 115.231.10.56 port 58234:11: Bye Bye [preauth]
Oct 14 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31338]: Disconnected from 115.231.10.56 port 58234 [preauth]
Oct 14 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31346]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31344]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31345]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31343]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31341]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31346]: pam_unix(cron:session): session closed for user root
Oct 14 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31341]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31458]: Successful su for rubyman by root
Oct 14 04:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31458]: + ??? root:rubyman
Oct 14 04:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409227 of user rubyman.
Oct 14 04:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31458]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409227.
Oct 14 04:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31343]: pam_unix(cron:session): session closed for user root
Oct 14 04:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27899]: pam_unix(cron:session): session closed for user root
Oct 14 04:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31342]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.38.148.202  user=root
Oct 14 04:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30291]: pam_unix(cron:session): session closed for user root
Oct 14 04:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31903]: Failed password for root from 89.38.148.202 port 47448 ssh2
Oct 14 04:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31903]: Connection closed by 89.38.148.202 port 47448 [preauth]
Oct 14 04:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: Invalid user zabbix from 196.251.84.92
Oct 14 04:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: input_userauth_request: invalid user zabbix [preauth]
Oct 14 04:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: Failed password for invalid user zabbix from 196.251.84.92 port 57416 ssh2
Oct 14 04:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: Connection closed by 196.251.84.92 port 57416 [preauth]
Oct 14 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32012]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32011]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32007]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32103]: Successful su for rubyman by root
Oct 14 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32103]: + ??? root:rubyman
Oct 14 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409230 of user rubyman.
Oct 14 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32103]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409230.
Oct 14 04:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28384]: pam_unix(cron:session): session closed for user root
Oct 14 04:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32010]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30867]: pam_unix(cron:session): session closed for user root
Oct 14 04:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: Did not receive identification string from 80.211.129.128
Oct 14 04:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32515]: Invalid user admin from 196.251.84.140
Oct 14 04:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32515]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32515]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 04:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32515]: Failed password for invalid user admin from 196.251.84.140 port 53222 ssh2
Oct 14 04:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32515]: Connection closed by 196.251.84.140 port 53222 [preauth]
Oct 14 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32557]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32558]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32555]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32632]: Successful su for rubyman by root
Oct 14 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32632]: + ??? root:rubyman
Oct 14 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409236 of user rubyman.
Oct 14 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32632]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409236.
Oct 14 04:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29251]: pam_unix(cron:session): session closed for user root
Oct 14 04:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[372]: Invalid user zabbix from 196.251.84.92
Oct 14 04:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[372]: input_userauth_request: invalid user zabbix [preauth]
Oct 14 04:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[372]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[372]: Failed password for invalid user zabbix from 196.251.84.92 port 56120 ssh2
Oct 14 04:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[372]: Connection closed by 196.251.84.92 port 56120 [preauth]
Oct 14 04:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32556]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31345]: pam_unix(cron:session): session closed for user root
Oct 14 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[578]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[579]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[576]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[636]: Successful su for rubyman by root
Oct 14 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[636]: + ??? root:rubyman
Oct 14 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[636]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409238 of user rubyman.
Oct 14 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[636]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409238.
Oct 14 04:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29759]: pam_unix(cron:session): session closed for user root
Oct 14 04:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[577]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32012]: pam_unix(cron:session): session closed for user root
Oct 14 04:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: Invalid user zabbix from 196.251.84.92
Oct 14 04:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: input_userauth_request: invalid user zabbix [preauth]
Oct 14 04:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: Failed password for invalid user zabbix from 196.251.84.92 port 54874 ssh2
Oct 14 04:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: Connection closed by 196.251.84.92 port 54874 [preauth]
Oct 14 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1143]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1144]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1141]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1216]: Successful su for rubyman by root
Oct 14 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1216]: + ??? root:rubyman
Oct 14 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409244 of user rubyman.
Oct 14 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1216]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409244.
Oct 14 04:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30290]: pam_unix(cron:session): session closed for user root
Oct 14 04:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1142]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32558]: pam_unix(cron:session): session closed for user root
Oct 14 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1639]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1641]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1635]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1638]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1641]: pam_unix(cron:session): session closed for user root
Oct 14 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1632]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1734]: Successful su for rubyman by root
Oct 14 04:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1734]: + ??? root:rubyman
Oct 14 04:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1734]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409248 of user rubyman.
Oct 14 04:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1734]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409248.
Oct 14 04:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1635]: pam_unix(cron:session): session closed for user root
Oct 14 04:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30866]: pam_unix(cron:session): session closed for user root
Oct 14 04:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: Invalid user admin from 196.251.84.140
Oct 14 04:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: input_userauth_request: invalid user admin [preauth]
Oct 14 04:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 04:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: Invalid user zabbix from 196.251.84.92
Oct 14 04:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: input_userauth_request: invalid user zabbix [preauth]
Oct 14 04:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: Failed password for invalid user admin from 196.251.84.140 port 50834 ssh2
Oct 14 04:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1634]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: Failed password for invalid user zabbix from 196.251.84.92 port 53488 ssh2
Oct 14 04:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: Connection closed by 196.251.84.140 port 50834 [preauth]
Oct 14 04:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: Connection closed by 196.251.84.92 port 53488 [preauth]
Oct 14 04:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 04:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: Failed password for root from 80.211.129.128 port 57378 ssh2
Oct 14 04:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: Connection closed by 80.211.129.128 port 57378 [preauth]
Oct 14 04:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[579]: pam_unix(cron:session): session closed for user root
Oct 14 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2256]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2257]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2253]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2253]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2323]: Successful su for rubyman by root
Oct 14 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2323]: + ??? root:rubyman
Oct 14 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409253 of user rubyman.
Oct 14 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2323]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409253.
Oct 14 04:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31344]: pam_unix(cron:session): session closed for user root
Oct 14 04:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2255]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: Invalid user user from 62.60.131.157
Oct 14 04:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: input_userauth_request: invalid user user [preauth]
Oct 14 04:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 04:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: Failed password for invalid user user from 62.60.131.157 port 33488 ssh2
Oct 14 04:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: Failed password for invalid user user from 62.60.131.157 port 33488 ssh2
Oct 14 04:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: Failed password for invalid user user from 62.60.131.157 port 33488 ssh2
Oct 14 04:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: Failed password for invalid user user from 62.60.131.157 port 33488 ssh2
Oct 14 04:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: Failed password for invalid user user from 62.60.131.157 port 33488 ssh2
Oct 14 04:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: Received disconnect from 62.60.131.157 port 33488:11: Bye [preauth]
Oct 14 04:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: Disconnected from 62.60.131.157 port 33488 [preauth]
Oct 14 04:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 04:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 04:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1144]: pam_unix(cron:session): session closed for user root
Oct 14 04:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Invalid user zabbix from 196.251.84.92
Oct 14 04:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: input_userauth_request: invalid user zabbix [preauth]
Oct 14 04:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Failed password for invalid user zabbix from 196.251.84.92 port 51984 ssh2
Oct 14 04:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Connection closed by 196.251.84.92 port 51984 [preauth]
Oct 14 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2712]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2711]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2709]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2709]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2776]: Successful su for rubyman by root
Oct 14 04:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2776]: + ??? root:rubyman
Oct 14 04:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2776]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409257 of user rubyman.
Oct 14 04:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2776]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409257.
Oct 14 04:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32011]: pam_unix(cron:session): session closed for user root
Oct 14 04:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2710]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1639]: pam_unix(cron:session): session closed for user root
Oct 14 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3160]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3159]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3157]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3224]: Successful su for rubyman by root
Oct 14 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3224]: + ??? root:rubyman
Oct 14 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409260 of user rubyman.
Oct 14 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3224]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409260.
Oct 14 04:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32557]: pam_unix(cron:session): session closed for user root
Oct 14 04:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3158]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3465]: Invalid user zabbix from 196.251.84.92
Oct 14 04:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3465]: input_userauth_request: invalid user zabbix [preauth]
Oct 14 04:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3465]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3465]: Failed password for invalid user zabbix from 196.251.84.92 port 50378 ssh2
Oct 14 04:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3465]: Connection closed by 196.251.84.92 port 50378 [preauth]
Oct 14 04:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2257]: pam_unix(cron:session): session closed for user root
Oct 14 04:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: Invalid user ubuntu from 196.251.84.140
Oct 14 04:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 04:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 04:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: Failed password for invalid user ubuntu from 196.251.84.140 port 50852 ssh2
Oct 14 04:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: Connection closed by 196.251.84.140 port 50852 [preauth]
Oct 14 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3629]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3628]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3626]: pam_unix(cron:session): session closed for user p13x
Oct 14 04:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3693]: Successful su for rubyman by root
Oct 14 04:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3693]: + ??? root:rubyman
Oct 14 04:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 04:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409264 of user rubyman.
Oct 14 04:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3693]: pam_unix(su:session): session closed for user rubyman
Oct 14 04:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409264.
Oct 14 04:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[578]: pam_unix(cron:session): session closed for user root
Oct 14 04:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3627]: pam_unix(cron:session): session closed for user samftp
Oct 14 04:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2712]: pam_unix(cron:session): session closed for user root
Oct 14 04:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Invalid user zabbix from 196.251.84.92
Oct 14 04:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: input_userauth_request: invalid user zabbix [preauth]
Oct 14 04:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 04:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 04:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: Did not receive identification string from 80.99.167.22
Oct 14 04:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Failed password for invalid user zabbix from 196.251.84.92 port 48402 ssh2
Oct 14 04:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Connection closed by 196.251.84.92 port 48402 [preauth]
Oct 14 04:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 04:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4062]: Failed password for root from 80.99.167.22 port 34574 ssh2
Oct 14 04:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4062]: Connection closed by 80.99.167.22 port 34574 [preauth]
Oct 14 04:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 04:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 04:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Failed password for root from 80.99.167.22 port 55506 ssh2
Oct 14 04:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Connection closed by 80.99.167.22 port 55506 [preauth]
Oct 14 04:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4098]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4099]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4100]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4097]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4095]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4101]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4101]: pam_unix(cron:session): session closed for user root
Oct 14 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4097]: pam_unix(cron:session): session closed for user root
Oct 14 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4093]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4275]: Successful su for rubyman by root
Oct 14 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4275]: + ??? root:rubyman
Oct 14 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409271 of user rubyman.
Oct 14 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[4275]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409271.
Oct 14 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: Did not receive identification string from 80.211.129.128
Oct 14 05:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4083]: Failed password for root from 80.99.167.22 port 55518 ssh2
Oct 14 05:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4083]: Connection closed by 80.99.167.22 port 55518 [preauth]
Oct 14 05:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1143]: pam_unix(cron:session): session closed for user root
Oct 14 05:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4098]: pam_unix(cron:session): session closed for user root
Oct 14 05:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: Failed password for root from 80.99.167.22 port 35520 ssh2
Oct 14 05:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4398]: Connection closed by 80.99.167.22 port 35520 [preauth]
Oct 14 05:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: Failed password for root from 80.99.167.22 port 38876 ssh2
Oct 14 05:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: Connection closed by 80.99.167.22 port 38876 [preauth]
Oct 14 05:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: Invalid user api from 190.153.249.99
Oct 14 05:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: input_userauth_request: invalid user api [preauth]
Oct 14 05:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: Failed password for invalid user api from 190.153.249.99 port 36572 ssh2
Oct 14 05:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: Received disconnect from 190.153.249.99 port 36572:11: Bye Bye [preauth]
Oct 14 05:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: Disconnected from 190.153.249.99 port 36572 [preauth]
Oct 14 05:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4095]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Failed password for root from 80.99.167.22 port 38888 ssh2
Oct 14 05:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Connection closed by 80.99.167.22 port 38888 [preauth]
Oct 14 05:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Failed password for root from 80.99.167.22 port 43280 ssh2
Oct 14 05:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Connection closed by 80.99.167.22 port 43280 [preauth]
Oct 14 05:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: Invalid user dma from 157.10.160.102
Oct 14 05:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: input_userauth_request: invalid user dma [preauth]
Oct 14 05:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Failed password for root from 80.99.167.22 port 47378 ssh2
Oct 14 05:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Connection closed by 80.99.167.22 port 47378 [preauth]
Oct 14 05:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3160]: pam_unix(cron:session): session closed for user root
Oct 14 05:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: Failed password for invalid user dma from 157.10.160.102 port 38744 ssh2
Oct 14 05:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: Received disconnect from 157.10.160.102 port 38744:11: Bye Bye [preauth]
Oct 14 05:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: Disconnected from 157.10.160.102 port 38744 [preauth]
Oct 14 05:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: Failed password for root from 80.99.167.22 port 47394 ssh2
Oct 14 05:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: Connection closed by 80.99.167.22 port 47394 [preauth]
Oct 14 05:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4719]: Failed password for root from 80.99.167.22 port 50380 ssh2
Oct 14 05:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4719]: Connection closed by 80.99.167.22 port 50380 [preauth]
Oct 14 05:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4745]: Failed password for root from 80.99.167.22 port 50392 ssh2
Oct 14 05:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4745]: Connection closed by 80.99.167.22 port 50392 [preauth]
Oct 14 05:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4759]: Failed password for root from 80.99.167.22 port 36534 ssh2
Oct 14 05:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4759]: Connection closed by 80.99.167.22 port 36534 [preauth]
Oct 14 05:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4789]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4788]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4785]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4867]: Successful su for rubyman by root
Oct 14 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4867]: + ??? root:rubyman
Oct 14 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409276 of user rubyman.
Oct 14 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4867]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409276.
Oct 14 05:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: Failed password for root from 80.99.167.22 port 36548 ssh2
Oct 14 05:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: Connection closed by 80.99.167.22 port 36548 [preauth]
Oct 14 05:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: Failed password for root from 80.99.167.22 port 38120 ssh2
Oct 14 05:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: Connection closed by 80.99.167.22 port 38120 [preauth]
Oct 14 05:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1638]: pam_unix(cron:session): session closed for user root
Oct 14 05:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: Invalid user zabbix from 196.251.84.92
Oct 14 05:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: input_userauth_request: invalid user zabbix [preauth]
Oct 14 05:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4786]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: Failed password for invalid user zabbix from 196.251.84.92 port 46846 ssh2
Oct 14 05:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5583]: Connection closed by 196.251.84.92 port 46846 [preauth]
Oct 14 05:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5533]: Failed password for root from 80.99.167.22 port 48622 ssh2
Oct 14 05:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5533]: Connection closed by 80.99.167.22 port 48622 [preauth]
Oct 14 05:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5619]: Failed password for root from 80.99.167.22 port 48630 ssh2
Oct 14 05:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5619]: Connection closed by 80.99.167.22 port 48630 [preauth]
Oct 14 05:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: Failed password for root from 80.99.167.22 port 53932 ssh2
Oct 14 05:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: Connection closed by 80.99.167.22 port 53932 [preauth]
Oct 14 05:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 05:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5661]: Failed password for root from 80.211.129.128 port 50800 ssh2
Oct 14 05:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3629]: pam_unix(cron:session): session closed for user root
Oct 14 05:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5661]: Connection closed by 80.211.129.128 port 50800 [preauth]
Oct 14 05:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: Failed password for root from 80.99.167.22 port 56770 ssh2
Oct 14 05:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: Connection closed by 80.99.167.22 port 56770 [preauth]
Oct 14 05:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: Invalid user ubuntu from 196.251.84.140
Oct 14 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5783]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5784]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5781]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5864]: Successful su for rubyman by root
Oct 14 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5864]: + ??? root:rubyman
Oct 14 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409280 of user rubyman.
Oct 14 05:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5864]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409280.
Oct 14 05:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: Failed password for invalid user ubuntu from 196.251.84.140 port 50934 ssh2
Oct 14 05:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: Connection closed by 196.251.84.140 port 50934 [preauth]
Oct 14 05:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2256]: pam_unix(cron:session): session closed for user root
Oct 14 05:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5782]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5711]: Failed password for root from 80.99.167.22 port 54148 ssh2
Oct 14 05:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5711]: Connection closed by 80.99.167.22 port 54148 [preauth]
Oct 14 05:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: Invalid user kucjac from 164.68.105.9
Oct 14 05:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: input_userauth_request: invalid user kucjac [preauth]
Oct 14 05:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 14 05:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4100]: pam_unix(cron:session): session closed for user root
Oct 14 05:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: Failed password for invalid user kucjac from 164.68.105.9 port 50750 ssh2
Oct 14 05:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: Failed password for root from 80.99.167.22 port 58050 ssh2
Oct 14 05:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: Connection closed by 164.68.105.9 port 50750 [preauth]
Oct 14 05:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: Connection closed by 80.99.167.22 port 58050 [preauth]
Oct 14 05:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: Invalid user hadoop from 196.251.84.92
Oct 14 05:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 05:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: Failed password for invalid user hadoop from 196.251.84.92 port 44552 ssh2
Oct 14 05:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: Connection closed by 196.251.84.92 port 44552 [preauth]
Oct 14 05:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Failed password for root from 80.99.167.22 port 44680 ssh2
Oct 14 05:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Connection closed by 80.99.167.22 port 44680 [preauth]
Oct 14 05:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6231]: Failed password for root from 80.99.167.22 port 36146 ssh2
Oct 14 05:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6231]: Connection closed by 80.99.167.22 port 36146 [preauth]
Oct 14 05:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6250]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6249]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6247]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6320]: Successful su for rubyman by root
Oct 14 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6320]: + ??? root:rubyman
Oct 14 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409283 of user rubyman.
Oct 14 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6320]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409283.
Oct 14 05:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2711]: pam_unix(cron:session): session closed for user root
Oct 14 05:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: Failed password for root from 80.99.167.22 port 36158 ssh2
Oct 14 05:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: Connection closed by 80.99.167.22 port 36158 [preauth]
Oct 14 05:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6248]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: Failed password for root from 80.99.167.22 port 58018 ssh2
Oct 14 05:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: Connection closed by 80.99.167.22 port 58018 [preauth]
Oct 14 05:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: Invalid user debian from 190.153.249.99
Oct 14 05:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: input_userauth_request: invalid user debian [preauth]
Oct 14 05:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: Failed password for invalid user debian from 190.153.249.99 port 35339 ssh2
Oct 14 05:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102  user=root
Oct 14 05:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: Received disconnect from 190.153.249.99 port 35339:11: Bye Bye [preauth]
Oct 14 05:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6724]: Disconnected from 190.153.249.99 port 35339 [preauth]
Oct 14 05:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4789]: pam_unix(cron:session): session closed for user root
Oct 14 05:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: Failed password for root from 157.10.160.102 port 36948 ssh2
Oct 14 05:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: Received disconnect from 157.10.160.102 port 36948:11: Bye Bye [preauth]
Oct 14 05:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: Disconnected from 157.10.160.102 port 36948 [preauth]
Oct 14 05:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: Failed password for root from 80.99.167.22 port 49634 ssh2
Oct 14 05:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: Connection closed by 80.99.167.22 port 49634 [preauth]
Oct 14 05:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6758]: Failed password for root from 80.99.167.22 port 37878 ssh2
Oct 14 05:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6758]: Connection closed by 80.99.167.22 port 37878 [preauth]
Oct 14 05:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6814]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6812]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6813]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6810]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6886]: Successful su for rubyman by root
Oct 14 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6886]: + ??? root:rubyman
Oct 14 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409288 of user rubyman.
Oct 14 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6886]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409288.
Oct 14 05:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3159]: pam_unix(cron:session): session closed for user root
Oct 14 05:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: Invalid user hadoop from 196.251.84.92
Oct 14 05:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 05:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: Failed password for invalid user hadoop from 196.251.84.92 port 42236 ssh2
Oct 14 05:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: Connection closed by 196.251.84.92 port 42236 [preauth]
Oct 14 05:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6812]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5784]: pam_unix(cron:session): session closed for user root
Oct 14 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7369]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7367]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7368]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7370]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7370]: pam_unix(cron:session): session closed for user root
Oct 14 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7365]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7458]: Successful su for rubyman by root
Oct 14 05:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7458]: + ??? root:rubyman
Oct 14 05:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409291 of user rubyman.
Oct 14 05:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7458]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409291.
Oct 14 05:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7367]: pam_unix(cron:session): session closed for user root
Oct 14 05:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3628]: pam_unix(cron:session): session closed for user root
Oct 14 05:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Invalid user gh from 157.10.160.102
Oct 14 05:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: input_userauth_request: invalid user gh [preauth]
Oct 14 05:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Failed password for invalid user gh from 157.10.160.102 port 41444 ssh2
Oct 14 05:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Received disconnect from 157.10.160.102 port 41444:11: Bye Bye [preauth]
Oct 14 05:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Disconnected from 157.10.160.102 port 41444 [preauth]
Oct 14 05:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7366]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7717]: Invalid user ubuntu from 196.251.84.140
Oct 14 05:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7717]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 05:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7717]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 05:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7747]: Invalid user zy from 190.153.249.99
Oct 14 05:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7747]: input_userauth_request: invalid user zy [preauth]
Oct 14 05:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7747]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7717]: Failed password for invalid user ubuntu from 196.251.84.140 port 49940 ssh2
Oct 14 05:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7717]: Connection closed by 196.251.84.140 port 49940 [preauth]
Oct 14 05:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7747]: Failed password for invalid user zy from 190.153.249.99 port 53755 ssh2
Oct 14 05:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7747]: Received disconnect from 190.153.249.99 port 53755:11: Bye Bye [preauth]
Oct 14 05:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7747]: Disconnected from 190.153.249.99 port 53755 [preauth]
Oct 14 05:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6769]: Failed password for root from 80.99.167.22 port 37880 ssh2
Oct 14 05:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6769]: Connection closed by 80.99.167.22 port 37880 [preauth]
Oct 14 05:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6250]: pam_unix(cron:session): session closed for user root
Oct 14 05:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: Invalid user hadoop from 196.251.84.92
Oct 14 05:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 05:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: Failed password for invalid user hadoop from 196.251.84.92 port 40088 ssh2
Oct 14 05:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7823]: Connection closed by 196.251.84.92 port 40088 [preauth]
Oct 14 05:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: Failed password for root from 80.99.167.22 port 52194 ssh2
Oct 14 05:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: Connection closed by 80.99.167.22 port 52194 [preauth]
Oct 14 05:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Failed password for root from 80.99.167.22 port 51658 ssh2
Oct 14 05:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Connection closed by 80.99.167.22 port 51658 [preauth]
Oct 14 05:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8328]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8329]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8323]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8309]: Failed password for root from 80.99.167.22 port 51674 ssh2
Oct 14 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8309]: Connection closed by 80.99.167.22 port 51674 [preauth]
Oct 14 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8421]: Successful su for rubyman by root
Oct 14 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8421]: + ??? root:rubyman
Oct 14 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409298 of user rubyman.
Oct 14 05:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8421]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409298.
Oct 14 05:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8410]: Failed password for root from 80.99.167.22 port 43762 ssh2
Oct 14 05:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8410]: Connection closed by 80.99.167.22 port 43762 [preauth]
Oct 14 05:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: Failed password for root from 80.99.167.22 port 43776 ssh2
Oct 14 05:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: Connection closed by 80.99.167.22 port 43776 [preauth]
Oct 14 05:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4099]: pam_unix(cron:session): session closed for user root
Oct 14 05:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8326]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8616]: Failed password for root from 80.99.167.22 port 48506 ssh2
Oct 14 05:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8616]: Connection closed by 80.99.167.22 port 48506 [preauth]
Oct 14 05:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: Failed password for root from 80.99.167.22 port 48522 ssh2
Oct 14 05:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: Connection closed by 80.99.167.22 port 48522 [preauth]
Oct 14 05:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6814]: pam_unix(cron:session): session closed for user root
Oct 14 05:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8912]: Invalid user privacy from 157.10.160.102
Oct 14 05:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8912]: input_userauth_request: invalid user privacy [preauth]
Oct 14 05:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8912]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8912]: Failed password for invalid user privacy from 157.10.160.102 port 59412 ssh2
Oct 14 05:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8694]: Failed password for root from 80.99.167.22 port 45946 ssh2
Oct 14 05:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8912]: Received disconnect from 157.10.160.102 port 59412:11: Bye Bye [preauth]
Oct 14 05:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8912]: Disconnected from 157.10.160.102 port 59412 [preauth]
Oct 14 05:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8694]: Connection closed by 80.99.167.22 port 45946 [preauth]
Oct 14 05:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8923]: Failed password for root from 80.99.167.22 port 51274 ssh2
Oct 14 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8930]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8935]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8933]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8929]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8929]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9021]: Successful su for rubyman by root
Oct 14 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9021]: + ??? root:rubyman
Oct 14 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409301 of user rubyman.
Oct 14 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9021]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409301.
Oct 14 05:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4788]: pam_unix(cron:session): session closed for user root
Oct 14 05:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: Invalid user hadoop from 196.251.84.92
Oct 14 05:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 05:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: Failed password for invalid user hadoop from 196.251.84.92 port 37164 ssh2
Oct 14 05:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: Connection closed by 196.251.84.92 port 37164 [preauth]
Oct 14 05:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99  user=root
Oct 14 05:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8930]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9341]: Failed password for root from 190.153.249.99 port 43922 ssh2
Oct 14 05:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9341]: Received disconnect from 190.153.249.99 port 43922:11: Bye Bye [preauth]
Oct 14 05:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9341]: Disconnected from 190.153.249.99 port 43922 [preauth]
Oct 14 05:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7369]: pam_unix(cron:session): session closed for user root
Oct 14 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9542]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9541]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9544]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9539]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9632]: Successful su for rubyman by root
Oct 14 05:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9632]: + ??? root:rubyman
Oct 14 05:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409306 of user rubyman.
Oct 14 05:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9632]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409306.
Oct 14 05:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5783]: pam_unix(cron:session): session closed for user root
Oct 14 05:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9541]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8923]: Connection closed by 80.99.167.22 port 51274 [preauth]
Oct 14 05:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10018]: Invalid user palworld from 157.10.160.102
Oct 14 05:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10018]: input_userauth_request: invalid user palworld [preauth]
Oct 14 05:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10018]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10018]: Failed password for invalid user palworld from 157.10.160.102 port 58176 ssh2
Oct 14 05:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10018]: Received disconnect from 157.10.160.102 port 58176:11: Bye Bye [preauth]
Oct 14 05:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10018]: Disconnected from 157.10.160.102 port 58176 [preauth]
Oct 14 05:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.99.167.22  user=root
Oct 14 05:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10025]: Failed password for root from 80.99.167.22 port 54970 ssh2
Oct 14 05:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10025]: Connection closed by 80.99.167.22 port 54970 [preauth]
Oct 14 05:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8329]: pam_unix(cron:session): session closed for user root
Oct 14 05:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Invalid user hadoop from 196.251.84.92
Oct 14 05:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 05:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Failed password for invalid user hadoop from 196.251.84.92 port 34072 ssh2
Oct 14 05:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Connection closed by 196.251.84.92 port 34072 [preauth]
Oct 14 05:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: Invalid user ubuntu from 196.251.84.140
Oct 14 05:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 05:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 05:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: Failed password for invalid user ubuntu from 196.251.84.140 port 51856 ssh2
Oct 14 05:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: Connection closed by 196.251.84.140 port 51856 [preauth]
Oct 14 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99  user=root
Oct 14 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10166]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10169]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10165]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10167]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10162]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10165]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10369]: Successful su for rubyman by root
Oct 14 05:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10369]: + ??? root:rubyman
Oct 14 05:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409309 of user rubyman.
Oct 14 05:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10369]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409309.
Oct 14 05:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: Failed password for root from 190.153.249.99 port 34088 ssh2
Oct 14 05:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10162]: pam_unix(cron:session): session closed for user root
Oct 14 05:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: Received disconnect from 190.153.249.99 port 34088:11: Bye Bye [preauth]
Oct 14 05:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: Disconnected from 190.153.249.99 port 34088 [preauth]
Oct 14 05:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.38.148.202  user=root
Oct 14 05:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: Failed password for root from 89.38.148.202 port 41496 ssh2
Oct 14 05:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: Connection closed by 89.38.148.202 port 41496 [preauth]
Oct 14 05:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: Did not receive identification string from 91.56.246.147
Oct 14 05:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6249]: pam_unix(cron:session): session closed for user root
Oct 14 05:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10166]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8935]: pam_unix(cron:session): session closed for user root
Oct 14 05:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: Invalid user gameserver from 157.10.160.102
Oct 14 05:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: input_userauth_request: invalid user gameserver [preauth]
Oct 14 05:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: Failed password for invalid user gameserver from 157.10.160.102 port 35722 ssh2
Oct 14 05:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: Received disconnect from 157.10.160.102 port 35722:11: Bye Bye [preauth]
Oct 14 05:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10754]: Disconnected from 157.10.160.102 port 35722 [preauth]
Oct 14 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10781]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10784]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10782]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10783]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10784]: pam_unix(cron:session): session closed for user root
Oct 14 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10778]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10860]: Successful su for rubyman by root
Oct 14 05:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10860]: + ??? root:rubyman
Oct 14 05:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409314 of user rubyman.
Oct 14 05:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10860]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409314.
Oct 14 05:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10781]: pam_unix(cron:session): session closed for user root
Oct 14 05:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: Invalid user hadoop from 196.251.84.92
Oct 14 05:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 05:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6813]: pam_unix(cron:session): session closed for user root
Oct 14 05:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: Failed password for invalid user hadoop from 196.251.84.92 port 59242 ssh2
Oct 14 05:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: Connection closed by 196.251.84.92 port 59242 [preauth]
Oct 14 05:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10780]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9544]: pam_unix(cron:session): session closed for user root
Oct 14 05:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11243]: Invalid user dma from 190.153.249.99
Oct 14 05:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11243]: input_userauth_request: invalid user dma [preauth]
Oct 14 05:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11243]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11243]: Failed password for invalid user dma from 190.153.249.99 port 52476 ssh2
Oct 14 05:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11243]: Received disconnect from 190.153.249.99 port 52476:11: Bye Bye [preauth]
Oct 14 05:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11243]: Disconnected from 190.153.249.99 port 52476 [preauth]
Oct 14 05:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11262]: Invalid user ansible from 186.96.145.241
Oct 14 05:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11262]: input_userauth_request: invalid user ansible [preauth]
Oct 14 05:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11262]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 14 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11270]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11271]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11266]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11262]: Failed password for invalid user ansible from 186.96.145.241 port 53534 ssh2
Oct 14 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11262]: Connection closed by 186.96.145.241 port 53534 [preauth]
Oct 14 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11349]: Successful su for rubyman by root
Oct 14 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11349]: + ??? root:rubyman
Oct 14 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409321 of user rubyman.
Oct 14 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11349]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409321.
Oct 14 05:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7368]: pam_unix(cron:session): session closed for user root
Oct 14 05:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: Invalid user uploaduser from 20.163.71.109
Oct 14 05:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: input_userauth_request: invalid user uploaduser [preauth]
Oct 14 05:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 05:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11268]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: Failed password for invalid user uploaduser from 20.163.71.109 port 54562 ssh2
Oct 14 05:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: Connection closed by 20.163.71.109 port 54562 [preauth]
Oct 14 05:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: Invalid user last from 157.10.160.102
Oct 14 05:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: input_userauth_request: invalid user last [preauth]
Oct 14 05:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: Failed password for invalid user last from 157.10.160.102 port 38152 ssh2
Oct 14 05:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: Received disconnect from 157.10.160.102 port 38152:11: Bye Bye [preauth]
Oct 14 05:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11611]: Disconnected from 157.10.160.102 port 38152 [preauth]
Oct 14 05:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10169]: pam_unix(cron:session): session closed for user root
Oct 14 05:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: Invalid user hadoop from 196.251.84.92
Oct 14 05:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 05:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: Failed password for invalid user hadoop from 196.251.84.92 port 55772 ssh2
Oct 14 05:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: Connection closed by 196.251.84.92 port 55772 [preauth]
Oct 14 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11857]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11856]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11854]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11925]: Successful su for rubyman by root
Oct 14 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11925]: + ??? root:rubyman
Oct 14 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11925]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409324 of user rubyman.
Oct 14 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11925]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409324.
Oct 14 05:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8328]: pam_unix(cron:session): session closed for user root
Oct 14 05:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11855]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: Invalid user ubuntu from 196.251.84.140
Oct 14 05:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 05:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 05:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: Failed password for invalid user ubuntu from 196.251.84.140 port 47582 ssh2
Oct 14 05:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: Connection closed by 196.251.84.140 port 47582 [preauth]
Oct 14 05:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10783]: pam_unix(cron:session): session closed for user root
Oct 14 05:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12304]: Invalid user marty from 190.153.249.99
Oct 14 05:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12304]: input_userauth_request: invalid user marty [preauth]
Oct 14 05:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12304]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12304]: Failed password for invalid user marty from 190.153.249.99 port 42654 ssh2
Oct 14 05:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12304]: Received disconnect from 190.153.249.99 port 42654:11: Bye Bye [preauth]
Oct 14 05:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12304]: Disconnected from 190.153.249.99 port 42654 [preauth]
Oct 14 05:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: Invalid user ftpuser from 157.10.160.102
Oct 14 05:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 05:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12335]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12334]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: Failed password for invalid user ftpuser from 157.10.160.102 port 35502 ssh2
Oct 14 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12332]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: Received disconnect from 157.10.160.102 port 35502:11: Bye Bye [preauth]
Oct 14 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: Disconnected from 157.10.160.102 port 35502 [preauth]
Oct 14 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12409]: Successful su for rubyman by root
Oct 14 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12409]: + ??? root:rubyman
Oct 14 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409328 of user rubyman.
Oct 14 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12409]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409328.
Oct 14 05:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8933]: pam_unix(cron:session): session closed for user root
Oct 14 05:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12620]: Invalid user hadoop from 196.251.84.92
Oct 14 05:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12620]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 05:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12620]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12620]: Failed password for invalid user hadoop from 196.251.84.92 port 52238 ssh2
Oct 14 05:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12620]: Connection closed by 196.251.84.92 port 52238 [preauth]
Oct 14 05:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12333]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11271]: pam_unix(cron:session): session closed for user root
Oct 14 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12828]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12826]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12824]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12908]: Successful su for rubyman by root
Oct 14 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12908]: + ??? root:rubyman
Oct 14 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409332 of user rubyman.
Oct 14 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12908]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409332.
Oct 14 05:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9542]: pam_unix(cron:session): session closed for user root
Oct 14 05:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12825]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102  user=root
Oct 14 05:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Failed password for root from 157.10.160.102 port 40212 ssh2
Oct 14 05:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Received disconnect from 157.10.160.102 port 40212:11: Bye Bye [preauth]
Oct 14 05:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Disconnected from 157.10.160.102 port 40212 [preauth]
Oct 14 05:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11857]: pam_unix(cron:session): session closed for user root
Oct 14 05:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Invalid user hadoop from 196.251.84.92
Oct 14 05:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 05:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Failed password for invalid user hadoop from 196.251.84.92 port 48872 ssh2
Oct 14 05:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Connection closed by 196.251.84.92 port 48872 [preauth]
Oct 14 05:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: Invalid user lina from 190.153.249.99
Oct 14 05:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: input_userauth_request: invalid user lina [preauth]
Oct 14 05:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: Failed password for invalid user lina from 190.153.249.99 port 32865 ssh2
Oct 14 05:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: Received disconnect from 190.153.249.99 port 32865:11: Bye Bye [preauth]
Oct 14 05:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: Disconnected from 190.153.249.99 port 32865 [preauth]
Oct 14 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13451]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13450]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13449]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13445]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13446]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13444]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13451]: pam_unix(cron:session): session closed for user root
Oct 14 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13444]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13533]: Successful su for rubyman by root
Oct 14 05:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13533]: + ??? root:rubyman
Oct 14 05:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409336 of user rubyman.
Oct 14 05:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13533]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409336.
Oct 14 05:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13446]: pam_unix(cron:session): session closed for user root
Oct 14 05:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10167]: pam_unix(cron:session): session closed for user root
Oct 14 05:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13445]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12335]: pam_unix(cron:session): session closed for user root
Oct 14 05:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: Invalid user ubuntu from 196.251.84.140
Oct 14 05:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 05:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 05:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: Failed password for invalid user ubuntu from 196.251.84.140 port 46572 ssh2
Oct 14 05:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13879]: Connection closed by 196.251.84.140 port 46572 [preauth]
Oct 14 05:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13963]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13964]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13962]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13961]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: Invalid user marty from 157.10.160.102
Oct 14 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: input_userauth_request: invalid user marty [preauth]
Oct 14 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14129]: Successful su for rubyman by root
Oct 14 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14129]: + ??? root:rubyman
Oct 14 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14129]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409344 of user rubyman.
Oct 14 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14129]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409344.
Oct 14 05:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: Failed password for invalid user marty from 157.10.160.102 port 39552 ssh2
Oct 14 05:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: Received disconnect from 157.10.160.102 port 39552:11: Bye Bye [preauth]
Oct 14 05:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13958]: Disconnected from 157.10.160.102 port 39552 [preauth]
Oct 14 05:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: Invalid user hadoop from 196.251.84.92
Oct 14 05:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 05:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10782]: pam_unix(cron:session): session closed for user root
Oct 14 05:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: Failed password for invalid user hadoop from 196.251.84.92 port 45180 ssh2
Oct 14 05:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14306]: Connection closed by 196.251.84.92 port 45180 [preauth]
Oct 14 05:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13962]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12828]: pam_unix(cron:session): session closed for user root
Oct 14 05:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Invalid user gameserver from 190.153.249.99
Oct 14 05:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: input_userauth_request: invalid user gameserver [preauth]
Oct 14 05:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Failed password for invalid user gameserver from 190.153.249.99 port 51253 ssh2
Oct 14 05:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Received disconnect from 190.153.249.99 port 51253:11: Bye Bye [preauth]
Oct 14 05:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Disconnected from 190.153.249.99 port 51253 [preauth]
Oct 14 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14507]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14506]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14504]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14503]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14500]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14500]: pam_unix(cron:session): session closed for user root
Oct 14 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14503]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14581]: Successful su for rubyman by root
Oct 14 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14581]: + ??? root:rubyman
Oct 14 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409347 of user rubyman.
Oct 14 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14581]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409347.
Oct 14 05:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11270]: pam_unix(cron:session): session closed for user root
Oct 14 05:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14504]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Invalid user hadoop from 196.251.84.92
Oct 14 05:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 05:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13450]: pam_unix(cron:session): session closed for user root
Oct 14 05:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: Invalid user user7 from 157.10.160.102
Oct 14 05:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: input_userauth_request: invalid user user7 [preauth]
Oct 14 05:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Failed password for invalid user hadoop from 196.251.84.92 port 41426 ssh2
Oct 14 05:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Connection closed by 196.251.84.92 port 41426 [preauth]
Oct 14 05:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: Failed password for invalid user user7 from 157.10.160.102 port 46572 ssh2
Oct 14 05:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: Received disconnect from 157.10.160.102 port 46572:11: Bye Bye [preauth]
Oct 14 05:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14905]: Disconnected from 157.10.160.102 port 46572 [preauth]
Oct 14 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14981]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14980]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14978]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15145]: Successful su for rubyman by root
Oct 14 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15145]: + ??? root:rubyman
Oct 14 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409352 of user rubyman.
Oct 14 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15145]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409352.
Oct 14 05:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11856]: pam_unix(cron:session): session closed for user root
Oct 14 05:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14979]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13964]: pam_unix(cron:session): session closed for user root
Oct 14 05:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: Invalid user tata from 190.153.249.99
Oct 14 05:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: input_userauth_request: invalid user tata [preauth]
Oct 14 05:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15520]: Invalid user Admin from 193.32.162.151
Oct 14 05:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15520]: input_userauth_request: invalid user Admin [preauth]
Oct 14 05:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: Failed password for invalid user tata from 190.153.249.99 port 41412 ssh2
Oct 14 05:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: Received disconnect from 190.153.249.99 port 41412:11: Bye Bye [preauth]
Oct 14 05:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: Disconnected from 190.153.249.99 port 41412 [preauth]
Oct 14 05:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15520]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 14 05:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15514]: Invalid user ubuntu from 196.251.84.140
Oct 14 05:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15514]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15520]: Failed password for invalid user Admin from 193.32.162.151 port 38300 ssh2
Oct 14 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15520]: Connection closed by 193.32.162.151 port 38300 [preauth]
Oct 14 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15535]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15536]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15532]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15532]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15514]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15610]: Successful su for rubyman by root
Oct 14 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15610]: + ??? root:rubyman
Oct 14 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409355 of user rubyman.
Oct 14 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15610]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409355.
Oct 14 05:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15514]: Failed password for invalid user ubuntu from 196.251.84.140 port 45644 ssh2
Oct 14 05:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15514]: Connection closed by 196.251.84.140 port 45644 [preauth]
Oct 14 05:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: Invalid user hadoop from 196.251.84.92
Oct 14 05:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 05:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15785]: Invalid user uploaduser from 20.163.71.109
Oct 14 05:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15785]: input_userauth_request: invalid user uploaduser [preauth]
Oct 14 05:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15785]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 05:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12334]: pam_unix(cron:session): session closed for user root
Oct 14 05:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: Failed password for invalid user hadoop from 196.251.84.92 port 37434 ssh2
Oct 14 05:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: Connection closed by 196.251.84.92 port 37434 [preauth]
Oct 14 05:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15785]: Failed password for invalid user uploaduser from 20.163.71.109 port 37036 ssh2
Oct 14 05:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15785]: Connection closed by 20.163.71.109 port 37036 [preauth]
Oct 14 05:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 05:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: Failed password for root from 80.211.129.128 port 48556 ssh2
Oct 14 05:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: Connection closed by 80.211.129.128 port 48556 [preauth]
Oct 14 05:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15533]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15849]: Invalid user guest from 157.10.160.102
Oct 14 05:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15849]: input_userauth_request: invalid user guest [preauth]
Oct 14 05:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15849]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15849]: Failed password for invalid user guest from 157.10.160.102 port 56156 ssh2
Oct 14 05:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15849]: Received disconnect from 157.10.160.102 port 56156:11: Bye Bye [preauth]
Oct 14 05:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15849]: Disconnected from 157.10.160.102 port 56156 [preauth]
Oct 14 05:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14507]: pam_unix(cron:session): session closed for user root
Oct 14 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16006]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16004]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16008]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16005]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16008]: pam_unix(cron:session): session closed for user root
Oct 14 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16001]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16082]: Successful su for rubyman by root
Oct 14 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16082]: + ??? root:rubyman
Oct 14 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409361 of user rubyman.
Oct 14 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16082]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409361.
Oct 14 05:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16004]: pam_unix(cron:session): session closed for user root
Oct 14 05:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12826]: pam_unix(cron:session): session closed for user root
Oct 14 05:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16002]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 05:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:44.220.185.29
Oct 14 05:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: Invalid user hadoop from 196.251.84.92
Oct 14 05:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 05:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14981]: pam_unix(cron:session): session closed for user root
Oct 14 05:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: Failed password for invalid user hadoop from 196.251.84.92 port 33346 ssh2
Oct 14 05:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16416]: Connection closed by 196.251.84.92 port 33346 [preauth]
Oct 14 05:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102  user=root
Oct 14 05:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16492]: Failed password for root from 157.10.160.102 port 57000 ssh2
Oct 14 05:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16492]: Received disconnect from 157.10.160.102 port 57000:11: Bye Bye [preauth]
Oct 14 05:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16492]: Disconnected from 157.10.160.102 port 57000 [preauth]
Oct 14 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16507]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16503]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16505]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16504]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16503]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16595]: Successful su for rubyman by root
Oct 14 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16595]: + ??? root:rubyman
Oct 14 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409365 of user rubyman.
Oct 14 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16595]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409365.
Oct 14 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: Invalid user maurice from 190.153.249.99
Oct 14 05:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: input_userauth_request: invalid user maurice [preauth]
Oct 14 05:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: Failed password for invalid user maurice from 190.153.249.99 port 59825 ssh2
Oct 14 05:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: Received disconnect from 190.153.249.99 port 59825:11: Bye Bye [preauth]
Oct 14 05:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: Disconnected from 190.153.249.99 port 59825 [preauth]
Oct 14 05:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13449]: pam_unix(cron:session): session closed for user root
Oct 14 05:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16504]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15536]: pam_unix(cron:session): session closed for user root
Oct 14 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16980]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16982]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16981]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16979]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17048]: Successful su for rubyman by root
Oct 14 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17048]: + ??? root:rubyman
Oct 14 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409372 of user rubyman.
Oct 14 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17048]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409372.
Oct 14 05:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: User mysql from 196.251.84.92 not allowed because not listed in AllowUsers
Oct 14 05:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: input_userauth_request: invalid user mysql [preauth]
Oct 14 05:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=mysql
Oct 14 05:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: Failed password for invalid user mysql from 196.251.84.92 port 57282 ssh2
Oct 14 05:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: Connection closed by 196.251.84.92 port 57282 [preauth]
Oct 14 05:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13963]: pam_unix(cron:session): session closed for user root
Oct 14 05:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: Invalid user ubuntu from 196.251.84.140
Oct 14 05:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 05:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 05:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16980]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: Failed password for invalid user ubuntu from 196.251.84.140 port 43188 ssh2
Oct 14 05:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: Connection closed by 196.251.84.140 port 43188 [preauth]
Oct 14 05:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: Invalid user debian from 157.10.160.102
Oct 14 05:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: input_userauth_request: invalid user debian [preauth]
Oct 14 05:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: Failed password for invalid user debian from 157.10.160.102 port 54070 ssh2
Oct 14 05:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: Received disconnect from 157.10.160.102 port 54070:11: Bye Bye [preauth]
Oct 14 05:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17331]: Disconnected from 157.10.160.102 port 54070 [preauth]
Oct 14 05:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16006]: pam_unix(cron:session): session closed for user root
Oct 14 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17451]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17452]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17449]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17517]: Successful su for rubyman by root
Oct 14 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17517]: + ??? root:rubyman
Oct 14 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409374 of user rubyman.
Oct 14 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17517]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409374.
Oct 14 05:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17590]: Invalid user elemental from 190.153.249.99
Oct 14 05:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17590]: input_userauth_request: invalid user elemental [preauth]
Oct 14 05:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17590]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17590]: Failed password for invalid user elemental from 190.153.249.99 port 50019 ssh2
Oct 14 05:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17590]: Received disconnect from 190.153.249.99 port 50019:11: Bye Bye [preauth]
Oct 14 05:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17590]: Disconnected from 190.153.249.99 port 50019 [preauth]
Oct 14 05:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14506]: pam_unix(cron:session): session closed for user root
Oct 14 05:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17450]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: User mysql from 196.251.84.92 not allowed because not listed in AllowUsers
Oct 14 05:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: input_userauth_request: invalid user mysql [preauth]
Oct 14 05:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=mysql
Oct 14 05:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16507]: pam_unix(cron:session): session closed for user root
Oct 14 05:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: Failed password for invalid user mysql from 196.251.84.92 port 52950 ssh2
Oct 14 05:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: Connection closed by 196.251.84.92 port 52950 [preauth]
Oct 14 05:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: Invalid user pawan from 157.10.160.102
Oct 14 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: input_userauth_request: invalid user pawan [preauth]
Oct 14 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18007]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18006]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18003]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18081]: Successful su for rubyman by root
Oct 14 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18081]: + ??? root:rubyman
Oct 14 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409377 of user rubyman.
Oct 14 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18081]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409377.
Oct 14 05:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: Failed password for invalid user pawan from 157.10.160.102 port 40434 ssh2
Oct 14 05:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: Received disconnect from 157.10.160.102 port 40434:11: Bye Bye [preauth]
Oct 14 05:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: Disconnected from 157.10.160.102 port 40434 [preauth]
Oct 14 05:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14980]: pam_unix(cron:session): session closed for user root
Oct 14 05:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18004]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16982]: pam_unix(cron:session): session closed for user root
Oct 14 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18708]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18709]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18710]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18711]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18711]: pam_unix(cron:session): session closed for user root
Oct 14 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18705]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18797]: Successful su for rubyman by root
Oct 14 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18797]: + ??? root:rubyman
Oct 14 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409381 of user rubyman.
Oct 14 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18797]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409381.
Oct 14 05:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18826]: Invalid user issabel from 190.153.249.99
Oct 14 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18826]: input_userauth_request: invalid user issabel [preauth]
Oct 14 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18826]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18869]: User mysql from 196.251.84.92 not allowed because not listed in AllowUsers
Oct 14 05:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18869]: input_userauth_request: invalid user mysql [preauth]
Oct 14 05:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=mysql
Oct 14 05:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18826]: Failed password for invalid user issabel from 190.153.249.99 port 40184 ssh2
Oct 14 05:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18826]: Received disconnect from 190.153.249.99 port 40184:11: Bye Bye [preauth]
Oct 14 05:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18826]: Disconnected from 190.153.249.99 port 40184 [preauth]
Oct 14 05:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18869]: Failed password for invalid user mysql from 196.251.84.92 port 48626 ssh2
Oct 14 05:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18869]: Connection closed by 196.251.84.92 port 48626 [preauth]
Oct 14 05:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18708]: pam_unix(cron:session): session closed for user root
Oct 14 05:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15535]: pam_unix(cron:session): session closed for user root
Oct 14 05:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19172]: Did not receive identification string from 81.29.134.51
Oct 14 05:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: Invalid user ubuntu from 196.251.84.140
Oct 14 05:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 05:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18706]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 05:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: Failed password for invalid user ubuntu from 196.251.84.140 port 41142 ssh2
Oct 14 05:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: Connection closed by 196.251.84.140 port 41142 [preauth]
Oct 14 05:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2  user=root
Oct 14 05:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: Failed password for root from 46.20.111.2 port 34602 ssh2
Oct 14 05:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: Received disconnect from 46.20.111.2 port 34602:11: Bye Bye [preauth]
Oct 14 05:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19277]: Disconnected from 46.20.111.2 port 34602 [preauth]
Oct 14 05:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17452]: pam_unix(cron:session): session closed for user root
Oct 14 05:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: Invalid user newuser from 157.10.160.102
Oct 14 05:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: input_userauth_request: invalid user newuser [preauth]
Oct 14 05:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: Failed password for invalid user newuser from 157.10.160.102 port 50846 ssh2
Oct 14 05:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: Received disconnect from 157.10.160.102 port 50846:11: Bye Bye [preauth]
Oct 14 05:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: Disconnected from 157.10.160.102 port 50846 [preauth]
Oct 14 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19565]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19567]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19562]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19562]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19745]: Successful su for rubyman by root
Oct 14 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19745]: + ??? root:rubyman
Oct 14 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409387 of user rubyman.
Oct 14 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19745]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409387.
Oct 14 05:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16005]: pam_unix(cron:session): session closed for user root
Oct 14 05:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19563]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: User mysql from 196.251.84.92 not allowed because not listed in AllowUsers
Oct 14 05:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: input_userauth_request: invalid user mysql [preauth]
Oct 14 05:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=mysql
Oct 14 05:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18007]: pam_unix(cron:session): session closed for user root
Oct 14 05:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: Failed password for invalid user mysql from 196.251.84.92 port 43874 ssh2
Oct 14 05:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: Connection closed by 196.251.84.92 port 43874 [preauth]
Oct 14 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20235]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20234]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20231]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20312]: Successful su for rubyman by root
Oct 14 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20312]: + ??? root:rubyman
Oct 14 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20312]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409391 of user rubyman.
Oct 14 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20312]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409391.
Oct 14 05:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20430]: Invalid user pawan from 190.153.249.99
Oct 14 05:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20430]: input_userauth_request: invalid user pawan [preauth]
Oct 14 05:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20430]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16505]: pam_unix(cron:session): session closed for user root
Oct 14 05:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20430]: Failed password for invalid user pawan from 190.153.249.99 port 58552 ssh2
Oct 14 05:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20430]: Received disconnect from 190.153.249.99 port 58552:11: Bye Bye [preauth]
Oct 14 05:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20430]: Disconnected from 190.153.249.99 port 58552 [preauth]
Oct 14 05:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: Invalid user dockeruser from 157.10.160.102
Oct 14 05:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: input_userauth_request: invalid user dockeruser [preauth]
Oct 14 05:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: Failed password for invalid user dockeruser from 157.10.160.102 port 52540 ssh2
Oct 14 05:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: Received disconnect from 157.10.160.102 port 52540:11: Bye Bye [preauth]
Oct 14 05:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: Disconnected from 157.10.160.102 port 52540 [preauth]
Oct 14 05:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20232]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18710]: pam_unix(cron:session): session closed for user root
Oct 14 05:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20653]: Invalid user kitchen from 46.20.111.2
Oct 14 05:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20653]: input_userauth_request: invalid user kitchen [preauth]
Oct 14 05:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20653]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 05:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20653]: Failed password for invalid user kitchen from 46.20.111.2 port 40556 ssh2
Oct 14 05:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20653]: Received disconnect from 46.20.111.2 port 40556:11: Bye Bye [preauth]
Oct 14 05:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20653]: Disconnected from 46.20.111.2 port 40556 [preauth]
Oct 14 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20712]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20710]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20707]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20797]: Successful su for rubyman by root
Oct 14 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20797]: + ??? root:rubyman
Oct 14 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409396 of user rubyman.
Oct 14 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20797]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409396.
Oct 14 05:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20794]: User mysql from 196.251.84.92 not allowed because not listed in AllowUsers
Oct 14 05:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20794]: input_userauth_request: invalid user mysql [preauth]
Oct 14 05:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=mysql
Oct 14 05:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20794]: Failed password for invalid user mysql from 196.251.84.92 port 39328 ssh2
Oct 14 05:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20794]: Connection closed by 196.251.84.92 port 39328 [preauth]
Oct 14 05:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16981]: pam_unix(cron:session): session closed for user root
Oct 14 05:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20708]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21053]: Invalid user ubuntu from 196.251.84.140
Oct 14 05:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21053]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 05:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21053]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 05:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21053]: Failed password for invalid user ubuntu from 196.251.84.140 port 38782 ssh2
Oct 14 05:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21053]: Connection closed by 196.251.84.140 port 38782 [preauth]
Oct 14 05:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19567]: pam_unix(cron:session): session closed for user root
Oct 14 05:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Invalid user api from 157.10.160.102
Oct 14 05:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: input_userauth_request: invalid user api [preauth]
Oct 14 05:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Failed password for invalid user api from 157.10.160.102 port 33174 ssh2
Oct 14 05:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Received disconnect from 157.10.160.102 port 33174:11: Bye Bye [preauth]
Oct 14 05:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Disconnected from 157.10.160.102 port 33174 [preauth]
Oct 14 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21174]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21173]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21171]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21240]: Successful su for rubyman by root
Oct 14 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21240]: + ??? root:rubyman
Oct 14 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21240]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409400 of user rubyman.
Oct 14 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21240]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409400.
Oct 14 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: Invalid user ftpuser from 46.20.111.2
Oct 14 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 05:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: Failed password for invalid user ftpuser from 46.20.111.2 port 54760 ssh2
Oct 14 05:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: Received disconnect from 46.20.111.2 port 54760:11: Bye Bye [preauth]
Oct 14 05:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21226]: Disconnected from 46.20.111.2 port 54760 [preauth]
Oct 14 05:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17451]: pam_unix(cron:session): session closed for user root
Oct 14 05:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99  user=root
Oct 14 05:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: Failed password for root from 190.153.249.99 port 48706 ssh2
Oct 14 05:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: Received disconnect from 190.153.249.99 port 48706:11: Bye Bye [preauth]
Oct 14 05:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: Disconnected from 190.153.249.99 port 48706 [preauth]
Oct 14 05:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21172]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: User mysql from 196.251.84.92 not allowed because not listed in AllowUsers
Oct 14 05:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: input_userauth_request: invalid user mysql [preauth]
Oct 14 05:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=mysql
Oct 14 05:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Failed password for invalid user mysql from 196.251.84.92 port 34628 ssh2
Oct 14 05:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Connection closed by 196.251.84.92 port 34628 [preauth]
Oct 14 05:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20235]: pam_unix(cron:session): session closed for user root
Oct 14 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21705]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21708]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21704]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21707]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21706]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21703]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21708]: pam_unix(cron:session): session closed for user root
Oct 14 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21703]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21788]: Successful su for rubyman by root
Oct 14 05:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21788]: + ??? root:rubyman
Oct 14 05:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409407 of user rubyman.
Oct 14 05:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21788]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409407.
Oct 14 05:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21705]: pam_unix(cron:session): session closed for user root
Oct 14 05:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18006]: pam_unix(cron:session): session closed for user root
Oct 14 05:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21704]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22066]: Invalid user zy from 157.10.160.102
Oct 14 05:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22066]: input_userauth_request: invalid user zy [preauth]
Oct 14 05:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22066]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22066]: Failed password for invalid user zy from 157.10.160.102 port 60760 ssh2
Oct 14 05:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22066]: Received disconnect from 157.10.160.102 port 60760:11: Bye Bye [preauth]
Oct 14 05:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22066]: Disconnected from 157.10.160.102 port 60760 [preauth]
Oct 14 05:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: Invalid user admin123 from 46.20.111.2
Oct 14 05:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: input_userauth_request: invalid user admin123 [preauth]
Oct 14 05:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 05:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: Failed password for invalid user admin123 from 46.20.111.2 port 60386 ssh2
Oct 14 05:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: Received disconnect from 46.20.111.2 port 60386:11: Bye Bye [preauth]
Oct 14 05:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22113]: Disconnected from 46.20.111.2 port 60386 [preauth]
Oct 14 05:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20712]: pam_unix(cron:session): session closed for user root
Oct 14 05:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: User mysql from 196.251.84.92 not allowed because not listed in AllowUsers
Oct 14 05:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: input_userauth_request: invalid user mysql [preauth]
Oct 14 05:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=mysql
Oct 14 05:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: Failed password for invalid user mysql from 196.251.84.92 port 58030 ssh2
Oct 14 05:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22232]: Connection closed by 196.251.84.92 port 58030 [preauth]
Oct 14 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22252]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22251]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22250]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22249]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22340]: Successful su for rubyman by root
Oct 14 05:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22340]: + ??? root:rubyman
Oct 14 05:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409410 of user rubyman.
Oct 14 05:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22340]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409410.
Oct 14 05:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22480]: Invalid user newuser from 190.153.249.99
Oct 14 05:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22480]: input_userauth_request: invalid user newuser [preauth]
Oct 14 05:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22480]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22480]: Failed password for invalid user newuser from 190.153.249.99 port 38896 ssh2
Oct 14 05:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18709]: pam_unix(cron:session): session closed for user root
Oct 14 05:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22480]: Received disconnect from 190.153.249.99 port 38896:11: Bye Bye [preauth]
Oct 14 05:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22480]: Disconnected from 190.153.249.99 port 38896 [preauth]
Oct 14 05:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22250]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21174]: pam_unix(cron:session): session closed for user root
Oct 14 05:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: Invalid user ubuntu from 196.251.84.140
Oct 14 05:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 05:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 05:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: Invalid user gabby from 46.20.111.2
Oct 14 05:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: input_userauth_request: invalid user gabby [preauth]
Oct 14 05:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 05:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: Failed password for invalid user ubuntu from 196.251.84.140 port 38332 ssh2
Oct 14 05:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: Failed password for invalid user gabby from 46.20.111.2 port 57886 ssh2
Oct 14 05:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: Received disconnect from 46.20.111.2 port 57886:11: Bye Bye [preauth]
Oct 14 05:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22886]: Disconnected from 46.20.111.2 port 57886 [preauth]
Oct 14 05:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22689]: Connection closed by 196.251.84.140 port 38332 [preauth]
Oct 14 05:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22930]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22927]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22929]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22926]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22920]: Invalid user issabel from 157.10.160.102
Oct 14 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22920]: input_userauth_request: invalid user issabel [preauth]
Oct 14 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22920]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22926]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23139]: Successful su for rubyman by root
Oct 14 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23139]: + ??? root:rubyman
Oct 14 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409415 of user rubyman.
Oct 14 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23139]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409415.
Oct 14 05:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22920]: Failed password for invalid user issabel from 157.10.160.102 port 33834 ssh2
Oct 14 05:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22920]: Received disconnect from 157.10.160.102 port 33834:11: Bye Bye [preauth]
Oct 14 05:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22920]: Disconnected from 157.10.160.102 port 33834 [preauth]
Oct 14 05:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19565]: pam_unix(cron:session): session closed for user root
Oct 14 05:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22927]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23769]: User mysql from 196.251.84.92 not allowed because not listed in AllowUsers
Oct 14 05:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23769]: input_userauth_request: invalid user mysql [preauth]
Oct 14 05:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=mysql
Oct 14 05:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23769]: Failed password for invalid user mysql from 196.251.84.92 port 53036 ssh2
Oct 14 05:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23769]: Connection closed by 196.251.84.92 port 53036 [preauth]
Oct 14 05:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21707]: pam_unix(cron:session): session closed for user root
Oct 14 05:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23890]: Invalid user postgres from 193.32.162.151
Oct 14 05:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23890]: input_userauth_request: invalid user postgres [preauth]
Oct 14 05:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23890]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 14 05:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23890]: Failed password for invalid user postgres from 193.32.162.151 port 49370 ssh2
Oct 14 05:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23890]: Connection closed by 193.32.162.151 port 49370 [preauth]
Oct 14 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23911]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23913]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23908]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23989]: Successful su for rubyman by root
Oct 14 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23989]: + ??? root:rubyman
Oct 14 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409420 of user rubyman.
Oct 14 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23989]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409420.
Oct 14 05:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20234]: pam_unix(cron:session): session closed for user root
Oct 14 05:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24228]: Invalid user cosmo from 46.20.111.2
Oct 14 05:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24228]: input_userauth_request: invalid user cosmo [preauth]
Oct 14 05:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24228]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 05:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: Invalid user test from 190.153.249.99
Oct 14 05:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: input_userauth_request: invalid user test [preauth]
Oct 14 05:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24228]: Failed password for invalid user cosmo from 46.20.111.2 port 38220 ssh2
Oct 14 05:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24228]: Received disconnect from 46.20.111.2 port 38220:11: Bye Bye [preauth]
Oct 14 05:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24228]: Disconnected from 46.20.111.2 port 38220 [preauth]
Oct 14 05:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23909]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: Failed password for invalid user test from 190.153.249.99 port 57294 ssh2
Oct 14 05:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: Received disconnect from 190.153.249.99 port 57294:11: Bye Bye [preauth]
Oct 14 05:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: Disconnected from 190.153.249.99 port 57294 [preauth]
Oct 14 05:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22252]: pam_unix(cron:session): session closed for user root
Oct 14 05:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102  user=root
Oct 14 05:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24379]: Failed password for root from 157.10.160.102 port 52072 ssh2
Oct 14 05:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24379]: Received disconnect from 157.10.160.102 port 52072:11: Bye Bye [preauth]
Oct 14 05:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24379]: Disconnected from 157.10.160.102 port 52072 [preauth]
Oct 14 05:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24423]: User mysql from 196.251.84.92 not allowed because not listed in AllowUsers
Oct 14 05:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24423]: input_userauth_request: invalid user mysql [preauth]
Oct 14 05:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=mysql
Oct 14 05:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24423]: Failed password for invalid user mysql from 196.251.84.92 port 47964 ssh2
Oct 14 05:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24423]: Connection closed by 196.251.84.92 port 47964 [preauth]
Oct 14 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24443]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24441]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24439]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24531]: Successful su for rubyman by root
Oct 14 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24531]: + ??? root:rubyman
Oct 14 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409423 of user rubyman.
Oct 14 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24531]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409423.
Oct 14 05:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20710]: pam_unix(cron:session): session closed for user root
Oct 14 05:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24440]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22930]: pam_unix(cron:session): session closed for user root
Oct 14 05:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24867]: Invalid user sdtdserver from 46.20.111.2
Oct 14 05:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24867]: input_userauth_request: invalid user sdtdserver [preauth]
Oct 14 05:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24867]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 05:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24867]: Failed password for invalid user sdtdserver from 46.20.111.2 port 53840 ssh2
Oct 14 05:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24867]: Received disconnect from 46.20.111.2 port 53840:11: Bye Bye [preauth]
Oct 14 05:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24867]: Disconnected from 46.20.111.2 port 53840 [preauth]
Oct 14 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24932]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24928]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24930]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24931]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24932]: pam_unix(cron:session): session closed for user root
Oct 14 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24925]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25025]: Successful su for rubyman by root
Oct 14 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25025]: + ??? root:rubyman
Oct 14 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409429 of user rubyman.
Oct 14 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25025]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409429.
Oct 14 05:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: Invalid user ubuntu from 196.251.84.140
Oct 14 05:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 05:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 05:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24928]: pam_unix(cron:session): session closed for user root
Oct 14 05:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21173]: pam_unix(cron:session): session closed for user root
Oct 14 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: Failed password for invalid user ubuntu from 196.251.84.140 port 60834 ssh2
Oct 14 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: Connection closed by 196.251.84.140 port 60834 [preauth]
Oct 14 05:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102  user=root
Oct 14 05:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: Failed password for root from 157.10.160.102 port 36502 ssh2
Oct 14 05:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: Received disconnect from 157.10.160.102 port 36502:11: Bye Bye [preauth]
Oct 14 05:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: Disconnected from 157.10.160.102 port 36502 [preauth]
Oct 14 05:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24926]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Invalid user azureuser from 190.153.249.99
Oct 14 05:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: input_userauth_request: invalid user azureuser [preauth]
Oct 14 05:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: User mysql from 196.251.84.92 not allowed because not listed in AllowUsers
Oct 14 05:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: input_userauth_request: invalid user mysql [preauth]
Oct 14 05:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=mysql
Oct 14 05:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Failed password for invalid user azureuser from 190.153.249.99 port 47522 ssh2
Oct 14 05:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Received disconnect from 190.153.249.99 port 47522:11: Bye Bye [preauth]
Oct 14 05:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Disconnected from 190.153.249.99 port 47522 [preauth]
Oct 14 05:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: Failed password for invalid user mysql from 196.251.84.92 port 42896 ssh2
Oct 14 05:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: Connection closed by 196.251.84.92 port 42896 [preauth]
Oct 14 05:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23913]: pam_unix(cron:session): session closed for user root
Oct 14 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25696]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25697]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25695]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25693]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25771]: Successful su for rubyman by root
Oct 14 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25771]: + ??? root:rubyman
Oct 14 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409432 of user rubyman.
Oct 14 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25771]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409432.
Oct 14 05:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2  user=root
Oct 14 05:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Failed password for root from 46.20.111.2 port 45392 ssh2
Oct 14 05:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Received disconnect from 46.20.111.2 port 45392:11: Bye Bye [preauth]
Oct 14 05:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Disconnected from 46.20.111.2 port 45392 [preauth]
Oct 14 05:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21706]: pam_unix(cron:session): session closed for user root
Oct 14 05:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25695]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24443]: pam_unix(cron:session): session closed for user root
Oct 14 05:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26230]: User mysql from 196.251.84.92 not allowed because not listed in AllowUsers
Oct 14 05:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26230]: input_userauth_request: invalid user mysql [preauth]
Oct 14 05:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=mysql
Oct 14 05:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26230]: Failed password for invalid user mysql from 196.251.84.92 port 37726 ssh2
Oct 14 05:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26230]: Connection closed by 196.251.84.92 port 37726 [preauth]
Oct 14 05:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: Invalid user test from 157.10.160.102
Oct 14 05:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: input_userauth_request: invalid user test [preauth]
Oct 14 05:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: Failed password for invalid user test from 157.10.160.102 port 55980 ssh2
Oct 14 05:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: Received disconnect from 157.10.160.102 port 55980:11: Bye Bye [preauth]
Oct 14 05:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26248]: Disconnected from 157.10.160.102 port 55980 [preauth]
Oct 14 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26287]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26288]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26284]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26367]: Successful su for rubyman by root
Oct 14 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26367]: + ??? root:rubyman
Oct 14 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409436 of user rubyman.
Oct 14 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26367]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409436.
Oct 14 05:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22251]: pam_unix(cron:session): session closed for user root
Oct 14 05:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26285]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: Invalid user dockeruser from 190.153.249.99
Oct 14 05:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: input_userauth_request: invalid user dockeruser [preauth]
Oct 14 05:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: Failed password for invalid user dockeruser from 190.153.249.99 port 37742 ssh2
Oct 14 05:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: Received disconnect from 190.153.249.99 port 37742:11: Bye Bye [preauth]
Oct 14 05:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: Disconnected from 190.153.249.99 port 37742 [preauth]
Oct 14 05:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2  user=root
Oct 14 05:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24931]: pam_unix(cron:session): session closed for user root
Oct 14 05:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26794]: Failed password for root from 46.20.111.2 port 60042 ssh2
Oct 14 05:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26794]: Received disconnect from 46.20.111.2 port 60042:11: Bye Bye [preauth]
Oct 14 05:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26794]: Disconnected from 46.20.111.2 port 60042 [preauth]
Oct 14 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26928]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26944]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26924]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27149]: Successful su for rubyman by root
Oct 14 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27149]: + ??? root:rubyman
Oct 14 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409441 of user rubyman.
Oct 14 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27149]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409441.
Oct 14 05:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22929]: pam_unix(cron:session): session closed for user root
Oct 14 05:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: User mysql from 196.251.84.92 not allowed because not listed in AllowUsers
Oct 14 05:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: input_userauth_request: invalid user mysql [preauth]
Oct 14 05:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=mysql
Oct 14 05:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: Failed password for invalid user mysql from 196.251.84.92 port 60734 ssh2
Oct 14 05:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: Connection closed by 196.251.84.92 port 60734 [preauth]
Oct 14 05:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27414]: Invalid user ubuntu from 196.251.84.140
Oct 14 05:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27414]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 05:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27414]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 05:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27414]: Failed password for invalid user ubuntu from 196.251.84.140 port 33170 ssh2
Oct 14 05:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27414]: Connection closed by 196.251.84.140 port 33170 [preauth]
Oct 14 05:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27456]: Invalid user elemental from 157.10.160.102
Oct 14 05:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27456]: input_userauth_request: invalid user elemental [preauth]
Oct 14 05:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27456]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27456]: Failed password for invalid user elemental from 157.10.160.102 port 49132 ssh2
Oct 14 05:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27456]: Received disconnect from 157.10.160.102 port 49132:11: Bye Bye [preauth]
Oct 14 05:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27456]: Disconnected from 157.10.160.102 port 49132 [preauth]
Oct 14 05:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25697]: pam_unix(cron:session): session closed for user root
Oct 14 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27742]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27741]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27739]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28047]: Successful su for rubyman by root
Oct 14 05:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28047]: + ??? root:rubyman
Oct 14 05:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28047]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409445 of user rubyman.
Oct 14 05:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28047]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409445.
Oct 14 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session closed for user root
Oct 14 05:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23911]: pam_unix(cron:session): session closed for user root
Oct 14 05:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: Invalid user suporte from 46.20.111.2
Oct 14 05:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: input_userauth_request: invalid user suporte [preauth]
Oct 14 05:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 05:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: Failed password for invalid user suporte from 46.20.111.2 port 55512 ssh2
Oct 14 05:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: Received disconnect from 46.20.111.2 port 55512:11: Bye Bye [preauth]
Oct 14 05:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: Disconnected from 46.20.111.2 port 55512 [preauth]
Oct 14 05:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27740]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: Invalid user kyle from 190.153.249.99
Oct 14 05:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: input_userauth_request: invalid user kyle [preauth]
Oct 14 05:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: Failed password for invalid user kyle from 190.153.249.99 port 56181 ssh2
Oct 14 05:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: Received disconnect from 190.153.249.99 port 56181:11: Bye Bye [preauth]
Oct 14 05:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: Disconnected from 190.153.249.99 port 56181 [preauth]
Oct 14 05:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26288]: pam_unix(cron:session): session closed for user root
Oct 14 05:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28428]: User mysql from 196.251.84.92 not allowed because not listed in AllowUsers
Oct 14 05:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28428]: input_userauth_request: invalid user mysql [preauth]
Oct 14 05:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92  user=mysql
Oct 14 05:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28428]: Failed password for invalid user mysql from 196.251.84.92 port 55120 ssh2
Oct 14 05:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28428]: Connection closed by 196.251.84.92 port 55120 [preauth]
Oct 14 05:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.78.192.81  user=root
Oct 14 05:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28315]: Failed password for root from 45.78.192.81 port 54748 ssh2
Oct 14 05:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28315]: Connection closed by 45.78.192.81 port 54748 [preauth]
Oct 14 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28633]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28687]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28689]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28614]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28689]: pam_unix(cron:session): session closed for user root
Oct 14 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28612]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102  user=root
Oct 14 05:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28775]: Successful su for rubyman by root
Oct 14 05:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28775]: + ??? root:rubyman
Oct 14 05:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409453 of user rubyman.
Oct 14 05:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28775]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409453.
Oct 14 05:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28607]: Failed password for root from 157.10.160.102 port 46036 ssh2
Oct 14 05:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28607]: Received disconnect from 157.10.160.102 port 46036:11: Bye Bye [preauth]
Oct 14 05:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28607]: Disconnected from 157.10.160.102 port 46036 [preauth]
Oct 14 05:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28614]: pam_unix(cron:session): session closed for user root
Oct 14 05:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24441]: pam_unix(cron:session): session closed for user root
Oct 14 05:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28613]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26944]: pam_unix(cron:session): session closed for user root
Oct 14 05:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2  user=root
Oct 14 05:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29272]: Failed password for root from 46.20.111.2 port 38536 ssh2
Oct 14 05:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29272]: Received disconnect from 46.20.111.2 port 38536:11: Bye Bye [preauth]
Oct 14 05:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29272]: Disconnected from 46.20.111.2 port 38536 [preauth]
Oct 14 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29351]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29348]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29346]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29427]: Successful su for rubyman by root
Oct 14 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29427]: + ??? root:rubyman
Oct 14 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409454 of user rubyman.
Oct 14 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29427]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409454.
Oct 14 05:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24930]: pam_unix(cron:session): session closed for user root
Oct 14 05:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29347]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: Invalid user git from 196.251.84.92
Oct 14 05:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: input_userauth_request: invalid user git [preauth]
Oct 14 05:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29684]: Invalid user ftpuser from 190.153.249.99
Oct 14 05:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29684]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 05:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29684]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: Failed password for invalid user git from 196.251.84.92 port 49416 ssh2
Oct 14 05:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: Connection closed by 196.251.84.92 port 49416 [preauth]
Oct 14 05:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29684]: Failed password for invalid user ftpuser from 190.153.249.99 port 46353 ssh2
Oct 14 05:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29684]: Received disconnect from 190.153.249.99 port 46353:11: Bye Bye [preauth]
Oct 14 05:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29684]: Disconnected from 190.153.249.99 port 46353 [preauth]
Oct 14 05:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: Invalid user elasticsearch from 157.10.160.102
Oct 14 05:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: input_userauth_request: invalid user elasticsearch [preauth]
Oct 14 05:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29744]: Invalid user ubuntu from 196.251.84.140
Oct 14 05:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29744]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 05:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27742]: pam_unix(cron:session): session closed for user root
Oct 14 05:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29744]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 05:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: Failed password for invalid user elasticsearch from 157.10.160.102 port 42476 ssh2
Oct 14 05:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: Received disconnect from 157.10.160.102 port 42476:11: Bye Bye [preauth]
Oct 14 05:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29770]: Disconnected from 157.10.160.102 port 42476 [preauth]
Oct 14 05:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29744]: Failed password for invalid user ubuntu from 196.251.84.140 port 60426 ssh2
Oct 14 05:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29744]: Connection closed by 196.251.84.140 port 60426 [preauth]
Oct 14 05:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29879]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29881]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29877]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29963]: Successful su for rubyman by root
Oct 14 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29963]: + ??? root:rubyman
Oct 14 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29963]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409460 of user rubyman.
Oct 14 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29963]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409460.
Oct 14 05:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25696]: pam_unix(cron:session): session closed for user root
Oct 14 05:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Invalid user soporte from 46.20.111.2
Oct 14 05:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: input_userauth_request: invalid user soporte [preauth]
Oct 14 05:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 05:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Failed password for invalid user soporte from 46.20.111.2 port 46998 ssh2
Oct 14 05:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Received disconnect from 46.20.111.2 port 46998:11: Bye Bye [preauth]
Oct 14 05:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Disconnected from 46.20.111.2 port 46998 [preauth]
Oct 14 05:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30044]: Connection closed by 45.78.192.81 port 49316 [preauth]
Oct 14 05:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29878]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30071]: Connection closed by 45.78.192.81 port 43564 [preauth]
Oct 14 05:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29801]: Connection closed by 45.78.192.81 port 60220 [preauth]
Oct 14 05:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29941]: Connection closed by 45.78.192.81 port 49298 [preauth]
Oct 14 05:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: Connection closed by 45.78.192.81 port 49286 [preauth]
Oct 14 05:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: Connection closed by 45.78.192.81 port 60242 [preauth]
Oct 14 05:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: Connection closed by 45.78.192.81 port 43526 [preauth]
Oct 14 05:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28687]: pam_unix(cron:session): session closed for user root
Oct 14 05:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: Invalid user git from 196.251.84.92
Oct 14 05:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: input_userauth_request: invalid user git [preauth]
Oct 14 05:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: Failed password for invalid user git from 196.251.84.92 port 43600 ssh2
Oct 14 05:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: Connection closed by 196.251.84.92 port 43600 [preauth]
Oct 14 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30419]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30418]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30416]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30417]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30416]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30581]: Successful su for rubyman by root
Oct 14 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30581]: + ??? root:rubyman
Oct 14 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409462 of user rubyman.
Oct 14 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30581]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409462.
Oct 14 05:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26287]: pam_unix(cron:session): session closed for user root
Oct 14 05:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99  user=root
Oct 14 05:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: Failed password for root from 190.153.249.99 port 36534 ssh2
Oct 14 05:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: Received disconnect from 190.153.249.99 port 36534:11: Bye Bye [preauth]
Oct 14 05:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: Disconnected from 190.153.249.99 port 36534 [preauth]
Oct 14 05:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30417]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102  user=root
Oct 14 05:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: Failed password for root from 157.10.160.102 port 56184 ssh2
Oct 14 05:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: Received disconnect from 157.10.160.102 port 56184:11: Bye Bye [preauth]
Oct 14 05:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30797]: Disconnected from 157.10.160.102 port 56184 [preauth]
Oct 14 05:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29351]: pam_unix(cron:session): session closed for user root
Oct 14 05:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2  user=root
Oct 14 05:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30912]: Failed password for root from 46.20.111.2 port 43380 ssh2
Oct 14 05:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30912]: Received disconnect from 46.20.111.2 port 43380:11: Bye Bye [preauth]
Oct 14 05:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30912]: Disconnected from 46.20.111.2 port 43380 [preauth]
Oct 14 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30973]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30972]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30970]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31066]: Successful su for rubyman by root
Oct 14 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31066]: + ??? root:rubyman
Oct 14 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409468 of user rubyman.
Oct 14 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31066]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409468.
Oct 14 05:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: Invalid user git from 196.251.84.92
Oct 14 05:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: input_userauth_request: invalid user git [preauth]
Oct 14 05:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26928]: pam_unix(cron:session): session closed for user root
Oct 14 05:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: Failed password for invalid user git from 196.251.84.92 port 37678 ssh2
Oct 14 05:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31177]: Connection closed by 196.251.84.92 port 37678 [preauth]
Oct 14 05:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30971]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29881]: pam_unix(cron:session): session closed for user root
Oct 14 05:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31398]: Invalid user ubuntu from 196.251.84.140
Oct 14 05:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31398]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 05:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31398]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 05:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31398]: Failed password for invalid user ubuntu from 196.251.84.140 port 58916 ssh2
Oct 14 05:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31398]: Connection closed by 196.251.84.140 port 58916 [preauth]
Oct 14 05:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: Invalid user lina from 157.10.160.102
Oct 14 05:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: input_userauth_request: invalid user lina [preauth]
Oct 14 05:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: Failed password for invalid user lina from 157.10.160.102 port 41044 ssh2
Oct 14 05:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: Received disconnect from 157.10.160.102 port 41044:11: Bye Bye [preauth]
Oct 14 05:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: Disconnected from 157.10.160.102 port 41044 [preauth]
Oct 14 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31512]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31509]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31507]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31506]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31512]: pam_unix(cron:session): session closed for user root
Oct 14 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31504]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31702]: Successful su for rubyman by root
Oct 14 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31702]: + ??? root:rubyman
Oct 14 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409472 of user rubyman.
Oct 14 05:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31702]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409472.
Oct 14 05:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31506]: pam_unix(cron:session): session closed for user root
Oct 14 05:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27741]: pam_unix(cron:session): session closed for user root
Oct 14 05:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: Invalid user gh from 190.153.249.99
Oct 14 05:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: input_userauth_request: invalid user gh [preauth]
Oct 14 05:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: Failed password for invalid user gh from 190.153.249.99 port 54908 ssh2
Oct 14 05:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: Received disconnect from 190.153.249.99 port 54908:11: Bye Bye [preauth]
Oct 14 05:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31936]: Disconnected from 190.153.249.99 port 54908 [preauth]
Oct 14 05:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31505]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2  user=root
Oct 14 05:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: Failed password for root from 46.20.111.2 port 36358 ssh2
Oct 14 05:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32031]: Invalid user git from 196.251.84.92
Oct 14 05:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32031]: input_userauth_request: invalid user git [preauth]
Oct 14 05:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: Received disconnect from 46.20.111.2 port 36358:11: Bye Bye [preauth]
Oct 14 05:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: Disconnected from 46.20.111.2 port 36358 [preauth]
Oct 14 05:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32031]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32031]: Failed password for invalid user git from 196.251.84.92 port 59992 ssh2
Oct 14 05:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32031]: Connection closed by 196.251.84.92 port 59992 [preauth]
Oct 14 05:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30419]: pam_unix(cron:session): session closed for user root
Oct 14 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32216]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32215]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32213]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32291]: Successful su for rubyman by root
Oct 14 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32291]: + ??? root:rubyman
Oct 14 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32291]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409478 of user rubyman.
Oct 14 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32291]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409478.
Oct 14 05:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28633]: pam_unix(cron:session): session closed for user root
Oct 14 05:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32214]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32572]: Invalid user tata from 157.10.160.102
Oct 14 05:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32572]: input_userauth_request: invalid user tata [preauth]
Oct 14 05:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32572]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32572]: Failed password for invalid user tata from 157.10.160.102 port 53870 ssh2
Oct 14 05:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32572]: Received disconnect from 157.10.160.102 port 53870:11: Bye Bye [preauth]
Oct 14 05:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32572]: Disconnected from 157.10.160.102 port 53870 [preauth]
Oct 14 05:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30973]: pam_unix(cron:session): session closed for user root
Oct 14 05:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: Invalid user hduser from 193.32.162.151
Oct 14 05:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: input_userauth_request: invalid user hduser [preauth]
Oct 14 05:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 14 05:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: Failed password for invalid user hduser from 193.32.162.151 port 38314 ssh2
Oct 14 05:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: Connection closed by 193.32.162.151 port 38314 [preauth]
Oct 14 05:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32666]: Invalid user git from 196.251.84.92
Oct 14 05:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32666]: input_userauth_request: invalid user git [preauth]
Oct 14 05:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32666]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32666]: Failed password for invalid user git from 196.251.84.92 port 53746 ssh2
Oct 14 05:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32666]: Connection closed by 196.251.84.92 port 53746 [preauth]
Oct 14 05:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: Invalid user geoeast from 46.20.111.2
Oct 14 05:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: input_userauth_request: invalid user geoeast [preauth]
Oct 14 05:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32686]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32687]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32683]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: Failed password for invalid user geoeast from 46.20.111.2 port 33824 ssh2
Oct 14 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32765]: Successful su for rubyman by root
Oct 14 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32765]: + ??? root:rubyman
Oct 14 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409482 of user rubyman.
Oct 14 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32765]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409482.
Oct 14 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: Received disconnect from 46.20.111.2 port 33824:11: Bye Bye [preauth]
Oct 14 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32670]: Disconnected from 46.20.111.2 port 33824 [preauth]
Oct 14 05:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29348]: pam_unix(cron:session): session closed for user root
Oct 14 05:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: Invalid user elasticsearch from 190.153.249.99
Oct 14 05:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: input_userauth_request: invalid user elasticsearch [preauth]
Oct 14 05:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: Failed password for invalid user elasticsearch from 190.153.249.99 port 45071 ssh2
Oct 14 05:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: Received disconnect from 190.153.249.99 port 45071:11: Bye Bye [preauth]
Oct 14 05:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: Disconnected from 190.153.249.99 port 45071 [preauth]
Oct 14 05:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32685]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31509]: pam_unix(cron:session): session closed for user root
Oct 14 05:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[696]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[697]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[692]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[692]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Invalid user ubuntu from 196.251.84.140
Oct 14 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 05:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[770]: Successful su for rubyman by root
Oct 14 05:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[770]: + ??? root:rubyman
Oct 14 05:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409486 of user rubyman.
Oct 14 05:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[770]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409486.
Oct 14 05:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Failed password for invalid user ubuntu from 196.251.84.140 port 56300 ssh2
Oct 14 05:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Connection closed by 196.251.84.140 port 56300 [preauth]
Oct 14 05:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[896]: Invalid user maurice from 157.10.160.102
Oct 14 05:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[896]: input_userauth_request: invalid user maurice [preauth]
Oct 14 05:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[896]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[896]: Failed password for invalid user maurice from 157.10.160.102 port 35814 ssh2
Oct 14 05:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[896]: Received disconnect from 157.10.160.102 port 35814:11: Bye Bye [preauth]
Oct 14 05:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[896]: Disconnected from 157.10.160.102 port 35814 [preauth]
Oct 14 05:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29879]: pam_unix(cron:session): session closed for user root
Oct 14 05:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[694]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1130]: Invalid user git from 196.251.84.92
Oct 14 05:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1130]: input_userauth_request: invalid user git [preauth]
Oct 14 05:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1130]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1130]: Failed password for invalid user git from 196.251.84.92 port 47632 ssh2
Oct 14 05:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1130]: Connection closed by 196.251.84.92 port 47632 [preauth]
Oct 14 05:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Invalid user infoserve from 46.20.111.2
Oct 14 05:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: input_userauth_request: invalid user infoserve [preauth]
Oct 14 05:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 05:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Failed password for invalid user infoserve from 46.20.111.2 port 53214 ssh2
Oct 14 05:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Received disconnect from 46.20.111.2 port 53214:11: Bye Bye [preauth]
Oct 14 05:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Disconnected from 46.20.111.2 port 53214 [preauth]
Oct 14 05:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32216]: pam_unix(cron:session): session closed for user root
Oct 14 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1269]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1270]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1267]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1342]: Successful su for rubyman by root
Oct 14 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1342]: + ??? root:rubyman
Oct 14 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409489 of user rubyman.
Oct 14 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1342]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409489.
Oct 14 05:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30418]: pam_unix(cron:session): session closed for user root
Oct 14 05:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1585]: Invalid user user7 from 190.153.249.99
Oct 14 05:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1585]: input_userauth_request: invalid user user7 [preauth]
Oct 14 05:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1585]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1268]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1585]: Failed password for invalid user user7 from 190.153.249.99 port 35270 ssh2
Oct 14 05:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1585]: Received disconnect from 190.153.249.99 port 35270:11: Bye Bye [preauth]
Oct 14 05:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1585]: Disconnected from 190.153.249.99 port 35270 [preauth]
Oct 14 05:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32687]: pam_unix(cron:session): session closed for user root
Oct 14 05:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.160.96  user=root
Oct 14 05:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1724]: Invalid user azureuser from 157.10.160.102
Oct 14 05:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1724]: input_userauth_request: invalid user azureuser [preauth]
Oct 14 05:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1724]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: Failed password for root from 94.177.160.96 port 58352 ssh2
Oct 14 05:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: Connection closed by 94.177.160.96 port 58352 [preauth]
Oct 14 05:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1724]: Failed password for invalid user azureuser from 157.10.160.102 port 44942 ssh2
Oct 14 05:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1724]: Received disconnect from 157.10.160.102 port 44942:11: Bye Bye [preauth]
Oct 14 05:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1724]: Disconnected from 157.10.160.102 port 44942 [preauth]
Oct 14 05:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: Invalid user git from 196.251.84.92
Oct 14 05:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: input_userauth_request: invalid user git [preauth]
Oct 14 05:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: Failed password for invalid user git from 196.251.84.92 port 41226 ssh2
Oct 14 05:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: Connection closed by 196.251.84.92 port 41226 [preauth]
Oct 14 05:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: Invalid user ftptest1 from 46.20.111.2
Oct 14 05:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: input_userauth_request: invalid user ftptest1 [preauth]
Oct 14 05:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1793]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1792]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1791]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1790]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1793]: pam_unix(cron:session): session closed for user root
Oct 14 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1788]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: Failed password for invalid user ftptest1 from 46.20.111.2 port 46884 ssh2
Oct 14 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: Received disconnect from 46.20.111.2 port 46884:11: Bye Bye [preauth]
Oct 14 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: Disconnected from 46.20.111.2 port 46884 [preauth]
Oct 14 05:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1976]: Successful su for rubyman by root
Oct 14 05:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1976]: + ??? root:rubyman
Oct 14 05:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409493 of user rubyman.
Oct 14 05:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1976]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409493.
Oct 14 05:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1790]: pam_unix(cron:session): session closed for user root
Oct 14 05:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30972]: pam_unix(cron:session): session closed for user root
Oct 14 05:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1789]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: Invalid user leon from 20.163.71.109
Oct 14 05:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: input_userauth_request: invalid user leon [preauth]
Oct 14 05:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 05:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: Failed password for invalid user leon from 20.163.71.109 port 59004 ssh2
Oct 14 05:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2269]: Connection closed by 20.163.71.109 port 59004 [preauth]
Oct 14 05:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[697]: pam_unix(cron:session): session closed for user root
Oct 14 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2373]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2372]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2370]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2467]: Successful su for rubyman by root
Oct 14 05:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2467]: + ??? root:rubyman
Oct 14 05:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409498 of user rubyman.
Oct 14 05:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2467]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409498.
Oct 14 05:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31507]: pam_unix(cron:session): session closed for user root
Oct 14 05:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: Invalid user ubuntu from 196.251.84.140
Oct 14 05:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 05:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 05:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2371]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: Failed password for invalid user ubuntu from 196.251.84.140 port 52338 ssh2
Oct 14 05:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: Connection closed by 196.251.84.140 port 52338 [preauth]
Oct 14 05:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: Invalid user kyle from 157.10.160.102
Oct 14 05:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: input_userauth_request: invalid user kyle [preauth]
Oct 14 05:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102
Oct 14 05:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: Invalid user git from 196.251.84.92
Oct 14 05:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: input_userauth_request: invalid user git [preauth]
Oct 14 05:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: Failed password for invalid user kyle from 157.10.160.102 port 60748 ssh2
Oct 14 05:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: Received disconnect from 157.10.160.102 port 60748:11: Bye Bye [preauth]
Oct 14 05:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: Disconnected from 157.10.160.102 port 60748 [preauth]
Oct 14 05:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: Failed password for invalid user git from 196.251.84.92 port 34408 ssh2
Oct 14 05:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2693]: Connection closed by 196.251.84.92 port 34408 [preauth]
Oct 14 05:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2711]: Invalid user last from 190.153.249.99
Oct 14 05:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2711]: input_userauth_request: invalid user last [preauth]
Oct 14 05:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2711]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2711]: Failed password for invalid user last from 190.153.249.99 port 53671 ssh2
Oct 14 05:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2711]: Received disconnect from 190.153.249.99 port 53671:11: Bye Bye [preauth]
Oct 14 05:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2711]: Disconnected from 190.153.249.99 port 53671 [preauth]
Oct 14 05:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2748]: Invalid user surya from 46.20.111.2
Oct 14 05:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2748]: input_userauth_request: invalid user surya [preauth]
Oct 14 05:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2748]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 05:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2748]: Failed password for invalid user surya from 46.20.111.2 port 33400 ssh2
Oct 14 05:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2748]: Received disconnect from 46.20.111.2 port 33400:11: Bye Bye [preauth]
Oct 14 05:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2748]: Disconnected from 46.20.111.2 port 33400 [preauth]
Oct 14 05:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1270]: pam_unix(cron:session): session closed for user root
Oct 14 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2841]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2840]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2838]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2922]: Successful su for rubyman by root
Oct 14 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2922]: + ??? root:rubyman
Oct 14 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409503 of user rubyman.
Oct 14 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2922]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409503.
Oct 14 05:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32215]: pam_unix(cron:session): session closed for user root
Oct 14 05:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2839]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1792]: pam_unix(cron:session): session closed for user root
Oct 14 05:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3240]: Invalid user git from 196.251.84.92
Oct 14 05:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3240]: input_userauth_request: invalid user git [preauth]
Oct 14 05:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3240]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3240]: Failed password for invalid user git from 196.251.84.92 port 55732 ssh2
Oct 14 05:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3240]: Connection closed by 196.251.84.92 port 55732 [preauth]
Oct 14 05:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102  user=root
Oct 14 05:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3255]: Failed password for root from 157.10.160.102 port 37612 ssh2
Oct 14 05:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3255]: Received disconnect from 157.10.160.102 port 37612:11: Bye Bye [preauth]
Oct 14 05:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3255]: Disconnected from 157.10.160.102 port 37612 [preauth]
Oct 14 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3310]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3311]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3308]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2  user=root
Oct 14 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3388]: Successful su for rubyman by root
Oct 14 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3388]: + ??? root:rubyman
Oct 14 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409506 of user rubyman.
Oct 14 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3388]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409506.
Oct 14 05:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3298]: Failed password for root from 46.20.111.2 port 42264 ssh2
Oct 14 05:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3298]: Received disconnect from 46.20.111.2 port 42264:11: Bye Bye [preauth]
Oct 14 05:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3298]: Disconnected from 46.20.111.2 port 42264 [preauth]
Oct 14 05:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32686]: pam_unix(cron:session): session closed for user root
Oct 14 05:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: Did not receive identification string from 80.211.129.128
Oct 14 05:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3309]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99  user=root
Oct 14 05:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Failed password for root from 190.153.249.99 port 43898 ssh2
Oct 14 05:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Received disconnect from 190.153.249.99 port 43898:11: Bye Bye [preauth]
Oct 14 05:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Disconnected from 190.153.249.99 port 43898 [preauth]
Oct 14 05:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2373]: pam_unix(cron:session): session closed for user root
Oct 14 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3775]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3774]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3772]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3847]: Successful su for rubyman by root
Oct 14 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3847]: + ??? root:rubyman
Oct 14 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409510 of user rubyman.
Oct 14 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3847]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409510.
Oct 14 05:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4004]: Invalid user git from 196.251.84.92
Oct 14 05:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4004]: input_userauth_request: invalid user git [preauth]
Oct 14 05:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4004]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[696]: pam_unix(cron:session): session closed for user root
Oct 14 05:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4004]: Failed password for invalid user git from 196.251.84.92 port 48740 ssh2
Oct 14 05:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4004]: Connection closed by 196.251.84.92 port 48740 [preauth]
Oct 14 05:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3773]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.160.102  user=root
Oct 14 05:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4086]: Failed password for root from 157.10.160.102 port 41318 ssh2
Oct 14 05:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Invalid user admin from 2.57.121.112
Oct 14 05:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: input_userauth_request: invalid user admin [preauth]
Oct 14 05:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 05:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4086]: Received disconnect from 157.10.160.102 port 41318:11: Bye Bye [preauth]
Oct 14 05:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4086]: Disconnected from 157.10.160.102 port 41318 [preauth]
Oct 14 05:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Failed password for invalid user admin from 2.57.121.112 port 25750 ssh2
Oct 14 05:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Failed password for invalid user admin from 2.57.121.112 port 25750 ssh2
Oct 14 05:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Failed password for invalid user admin from 2.57.121.112 port 25750 ssh2
Oct 14 05:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Failed password for invalid user admin from 2.57.121.112 port 25750 ssh2
Oct 14 05:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Invalid user ubuntu from 196.251.84.140
Oct 14 05:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 05:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 05:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Failed password for invalid user admin from 2.57.121.112 port 25750 ssh2
Oct 14 05:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Received disconnect from 2.57.121.112 port 25750:11: Bye [preauth]
Oct 14 05:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Disconnected from 2.57.121.112 port 25750 [preauth]
Oct 14 05:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 05:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 05:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Invalid user minecraft from 46.20.111.2
Oct 14 05:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 05:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 05:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Failed password for invalid user ubuntu from 196.251.84.140 port 52440 ssh2
Oct 14 05:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Connection closed by 196.251.84.140 port 52440 [preauth]
Oct 14 05:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Failed password for invalid user minecraft from 46.20.111.2 port 36258 ssh2
Oct 14 05:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Received disconnect from 46.20.111.2 port 36258:11: Bye Bye [preauth]
Oct 14 05:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Disconnected from 46.20.111.2 port 36258 [preauth]
Oct 14 05:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2841]: pam_unix(cron:session): session closed for user root
Oct 14 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4303]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4301]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4300]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4302]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4303]: pam_unix(cron:session): session closed for user root
Oct 14 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4298]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4373]: Successful su for rubyman by root
Oct 14 05:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4373]: + ??? root:rubyman
Oct 14 05:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409514 of user rubyman.
Oct 14 05:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4373]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409514.
Oct 14 05:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4300]: pam_unix(cron:session): session closed for user root
Oct 14 05:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1269]: pam_unix(cron:session): session closed for user root
Oct 14 05:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: Invalid user leon from 20.163.71.109
Oct 14 05:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: input_userauth_request: invalid user leon [preauth]
Oct 14 05:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 05:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4299]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: Failed password for invalid user leon from 20.163.71.109 port 48440 ssh2
Oct 14 05:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: Connection closed by 20.163.71.109 port 48440 [preauth]
Oct 14 05:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4688]: Invalid user privacy from 190.153.249.99
Oct 14 05:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4688]: input_userauth_request: invalid user privacy [preauth]
Oct 14 05:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4688]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 05:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4688]: Failed password for invalid user privacy from 190.153.249.99 port 34046 ssh2
Oct 14 05:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4688]: Received disconnect from 190.153.249.99 port 34046:11: Bye Bye [preauth]
Oct 14 05:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4688]: Disconnected from 190.153.249.99 port 34046 [preauth]
Oct 14 05:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: Invalid user git from 196.251.84.92
Oct 14 05:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: input_userauth_request: invalid user git [preauth]
Oct 14 05:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: Failed password for invalid user git from 196.251.84.92 port 41658 ssh2
Oct 14 05:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4731]: Connection closed by 196.251.84.92 port 41658 [preauth]
Oct 14 05:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3311]: pam_unix(cron:session): session closed for user root
Oct 14 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4829]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4830]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4828]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4827]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2  user=root
Oct 14 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5081]: Successful su for rubyman by root
Oct 14 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5081]: + ??? root:rubyman
Oct 14 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409521 of user rubyman.
Oct 14 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5081]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409521.
Oct 14 05:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: Failed password for root from 46.20.111.2 port 44298 ssh2
Oct 14 05:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: Received disconnect from 46.20.111.2 port 44298:11: Bye Bye [preauth]
Oct 14 05:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: Disconnected from 46.20.111.2 port 44298 [preauth]
Oct 14 05:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1791]: pam_unix(cron:session): session closed for user root
Oct 14 05:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4828]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3775]: pam_unix(cron:session): session closed for user root
Oct 14 05:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5796]: Invalid user git from 196.251.84.92
Oct 14 05:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5796]: input_userauth_request: invalid user git [preauth]
Oct 14 05:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5796]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5796]: Failed password for invalid user git from 196.251.84.92 port 34572 ssh2
Oct 14 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5803]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5807]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5796]: Connection closed by 196.251.84.92 port 34572 [preauth]
Oct 14 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5801]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5882]: Successful su for rubyman by root
Oct 14 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5882]: + ??? root:rubyman
Oct 14 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409525 of user rubyman.
Oct 14 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5882]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409525.
Oct 14 05:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2372]: pam_unix(cron:session): session closed for user root
Oct 14 05:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5802]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99  user=root
Oct 14 05:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6136]: Failed password for root from 190.153.249.99 port 52486 ssh2
Oct 14 05:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6136]: Received disconnect from 190.153.249.99 port 52486:11: Bye Bye [preauth]
Oct 14 05:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6136]: Disconnected from 190.153.249.99 port 52486 [preauth]
Oct 14 05:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6191]: Invalid user zihan from 46.20.111.2
Oct 14 05:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6191]: input_userauth_request: invalid user zihan [preauth]
Oct 14 05:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6191]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 05:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6191]: Failed password for invalid user zihan from 46.20.111.2 port 48588 ssh2
Oct 14 05:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6191]: Received disconnect from 46.20.111.2 port 48588:11: Bye Bye [preauth]
Oct 14 05:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6191]: Disconnected from 46.20.111.2 port 48588 [preauth]
Oct 14 05:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: Invalid user centos from 196.251.84.140
Oct 14 05:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: input_userauth_request: invalid user centos [preauth]
Oct 14 05:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4302]: pam_unix(cron:session): session closed for user root
Oct 14 05:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 05:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: Failed password for invalid user centos from 196.251.84.140 port 47852 ssh2
Oct 14 05:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: Connection closed by 196.251.84.140 port 47852 [preauth]
Oct 14 05:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: Bad protocol version identification '\026\003\001' from 195.178.110.15 port 55098
Oct 14 05:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: Bad protocol version identification 'GET / HTTP/1.1' from 195.178.110.15 port 55102
Oct 14 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6273]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6272]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6271]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6270]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6270]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6342]: Successful su for rubyman by root
Oct 14 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6342]: + ??? root:rubyman
Oct 14 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409528 of user rubyman.
Oct 14 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6342]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409528.
Oct 14 05:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2840]: pam_unix(cron:session): session closed for user root
Oct 14 05:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6271]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6708]: Invalid user git from 196.251.84.92
Oct 14 05:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6708]: input_userauth_request: invalid user git [preauth]
Oct 14 05:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6708]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6708]: Failed password for invalid user git from 196.251.84.92 port 55506 ssh2
Oct 14 05:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6708]: Connection closed by 196.251.84.92 port 55506 [preauth]
Oct 14 05:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4830]: pam_unix(cron:session): session closed for user root
Oct 14 05:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 05:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: Failed password for root from 80.211.129.128 port 54918 ssh2
Oct 14 05:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: Connection closed by 80.211.129.128 port 54918 [preauth]
Oct 14 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6827]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6826]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6824]: pam_unix(cron:session): session closed for user p13x
Oct 14 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6904]: Successful su for rubyman by root
Oct 14 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6904]: + ??? root:rubyman
Oct 14 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409532 of user rubyman.
Oct 14 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6904]: pam_unix(su:session): session closed for user rubyman
Oct 14 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409532.
Oct 14 05:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3310]: pam_unix(cron:session): session closed for user root
Oct 14 05:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2  user=root
Oct 14 05:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: Failed password for root from 46.20.111.2 port 45988 ssh2
Oct 14 05:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: Received disconnect from 46.20.111.2 port 45988:11: Bye Bye [preauth]
Oct 14 05:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: Disconnected from 46.20.111.2 port 45988 [preauth]
Oct 14 05:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6825]: pam_unix(cron:session): session closed for user samftp
Oct 14 05:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99  user=root
Oct 14 05:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Failed password for root from 190.153.249.99 port 42664 ssh2
Oct 14 05:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Received disconnect from 190.153.249.99 port 42664:11: Bye Bye [preauth]
Oct 14 05:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Disconnected from 190.153.249.99 port 42664 [preauth]
Oct 14 05:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5807]: pam_unix(cron:session): session closed for user root
Oct 14 05:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 05:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: Invalid user gerrit from 196.251.84.92
Oct 14 05:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: input_userauth_request: invalid user gerrit [preauth]
Oct 14 05:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 05:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 05:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: Failed password for invalid user gerrit from 196.251.84.92 port 48236 ssh2
Oct 14 05:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7363]: Connection closed by 196.251.84.92 port 48236 [preauth]
Oct 14 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7402]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7404]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7406]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7403]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7405]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7402]: pam_unix(cron:session): session closed for user root
Oct 14 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7406]: pam_unix(cron:session): session closed for user root
Oct 14 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7400]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7520]: Successful su for rubyman by root
Oct 14 06:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7520]: + ??? root:rubyman
Oct 14 06:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409539 of user rubyman.
Oct 14 06:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7520]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409539.
Oct 14 06:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7403]: pam_unix(cron:session): session closed for user root
Oct 14 06:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3774]: pam_unix(cron:session): session closed for user root
Oct 14 06:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7401]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6273]: pam_unix(cron:session): session closed for user root
Oct 14 06:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Invalid user ca from 46.20.111.2
Oct 14 06:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: input_userauth_request: invalid user ca [preauth]
Oct 14 06:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 06:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Failed password for invalid user ca from 46.20.111.2 port 33090 ssh2
Oct 14 06:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Received disconnect from 46.20.111.2 port 33090:11: Bye Bye [preauth]
Oct 14 06:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Disconnected from 46.20.111.2 port 33090 [preauth]
Oct 14 06:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Invalid user centos from 196.251.84.140
Oct 14 06:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: input_userauth_request: invalid user centos [preauth]
Oct 14 06:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Failed password for invalid user centos from 196.251.84.140 port 45744 ssh2
Oct 14 06:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Connection closed by 196.251.84.140 port 45744 [preauth]
Oct 14 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8418]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8417]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8415]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8502]: Successful su for rubyman by root
Oct 14 06:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8502]: + ??? root:rubyman
Oct 14 06:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409543 of user rubyman.
Oct 14 06:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8502]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409543.
Oct 14 06:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4301]: pam_unix(cron:session): session closed for user root
Oct 14 06:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8712]: Invalid user dns1 from 164.68.105.9
Oct 14 06:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8712]: input_userauth_request: invalid user dns1 [preauth]
Oct 14 06:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8712]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 14 06:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8712]: Failed password for invalid user dns1 from 164.68.105.9 port 39356 ssh2
Oct 14 06:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8712]: Connection closed by 164.68.105.9 port 39356 [preauth]
Oct 14 06:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8416]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: Invalid user gerrit from 196.251.84.92
Oct 14 06:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: input_userauth_request: invalid user gerrit [preauth]
Oct 14 06:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: Failed password for invalid user gerrit from 196.251.84.92 port 40856 ssh2
Oct 14 06:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8869]: Connection closed by 196.251.84.92 port 40856 [preauth]
Oct 14 06:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99  user=root
Oct 14 06:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 06:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8909]: Failed password for root from 190.153.249.99 port 32820 ssh2
Oct 14 06:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8909]: Received disconnect from 190.153.249.99 port 32820:11: Bye Bye [preauth]
Oct 14 06:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8909]: Disconnected from 190.153.249.99 port 32820 [preauth]
Oct 14 06:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: Failed password for root from 80.211.129.128 port 48826 ssh2
Oct 14 06:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: Connection closed by 80.211.129.128 port 48826 [preauth]
Oct 14 06:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6827]: pam_unix(cron:session): session closed for user root
Oct 14 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9019]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9018]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9015]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9090]: Successful su for rubyman by root
Oct 14 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9090]: + ??? root:rubyman
Oct 14 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409549 of user rubyman.
Oct 14 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9090]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409549.
Oct 14 06:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4829]: pam_unix(cron:session): session closed for user root
Oct 14 06:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Invalid user rajib from 46.20.111.2
Oct 14 06:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: input_userauth_request: invalid user rajib [preauth]
Oct 14 06:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 06:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Failed password for invalid user rajib from 46.20.111.2 port 35940 ssh2
Oct 14 06:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Received disconnect from 46.20.111.2 port 35940:11: Bye Bye [preauth]
Oct 14 06:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Disconnected from 46.20.111.2 port 35940 [preauth]
Oct 14 06:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9016]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7405]: pam_unix(cron:session): session closed for user root
Oct 14 06:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: Invalid user gerrit from 196.251.84.92
Oct 14 06:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: input_userauth_request: invalid user gerrit [preauth]
Oct 14 06:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: Failed password for invalid user gerrit from 196.251.84.92 port 33470 ssh2
Oct 14 06:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: Connection closed by 196.251.84.92 port 33470 [preauth]
Oct 14 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9637]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9638]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9635]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9826]: Successful su for rubyman by root
Oct 14 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9826]: + ??? root:rubyman
Oct 14 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409551 of user rubyman.
Oct 14 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9826]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409551.
Oct 14 06:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5803]: pam_unix(cron:session): session closed for user root
Oct 14 06:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9636]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8418]: pam_unix(cron:session): session closed for user root
Oct 14 06:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99  user=root
Oct 14 06:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: Failed password for root from 190.153.249.99 port 51248 ssh2
Oct 14 06:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: Received disconnect from 190.153.249.99 port 51248:11: Bye Bye [preauth]
Oct 14 06:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: Disconnected from 190.153.249.99 port 51248 [preauth]
Oct 14 06:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10185]: Invalid user ems from 46.20.111.2
Oct 14 06:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10185]: input_userauth_request: invalid user ems [preauth]
Oct 14 06:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10185]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 06:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10185]: Failed password for invalid user ems from 46.20.111.2 port 43572 ssh2
Oct 14 06:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10185]: Received disconnect from 46.20.111.2 port 43572:11: Bye Bye [preauth]
Oct 14 06:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10185]: Disconnected from 46.20.111.2 port 43572 [preauth]
Oct 14 06:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10243]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10242]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10240]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10321]: Successful su for rubyman by root
Oct 14 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10321]: + ??? root:rubyman
Oct 14 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409555 of user rubyman.
Oct 14 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10321]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409555.
Oct 14 06:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: Invalid user centos from 196.251.84.140
Oct 14 06:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: input_userauth_request: invalid user centos [preauth]
Oct 14 06:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: Failed password for invalid user centos from 196.251.84.140 port 42560 ssh2
Oct 14 06:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: Connection closed by 196.251.84.140 port 42560 [preauth]
Oct 14 06:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6272]: pam_unix(cron:session): session closed for user root
Oct 14 06:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10241]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10564]: Invalid user gerrit from 196.251.84.92
Oct 14 06:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10564]: input_userauth_request: invalid user gerrit [preauth]
Oct 14 06:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10564]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10564]: Failed password for invalid user gerrit from 196.251.84.92 port 53988 ssh2
Oct 14 06:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10564]: Connection closed by 196.251.84.92 port 53988 [preauth]
Oct 14 06:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10632]: Invalid user support from 78.128.112.74
Oct 14 06:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10632]: input_userauth_request: invalid user support [preauth]
Oct 14 06:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10632]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Oct 14 06:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10632]: Failed password for invalid user support from 78.128.112.74 port 59394 ssh2
Oct 14 06:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10632]: Connection closed by 78.128.112.74 port 59394 [preauth]
Oct 14 06:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9019]: pam_unix(cron:session): session closed for user root
Oct 14 06:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: Invalid user dns1 from 164.68.105.9
Oct 14 06:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: input_userauth_request: invalid user dns1 [preauth]
Oct 14 06:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 14 06:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: Failed password for invalid user dns1 from 164.68.105.9 port 56770 ssh2
Oct 14 06:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10725]: Connection closed by 164.68.105.9 port 56770 [preauth]
Oct 14 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10745]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10746]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10741]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10737]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10743]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10746]: pam_unix(cron:session): session closed for user root
Oct 14 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10737]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10818]: Successful su for rubyman by root
Oct 14 06:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10818]: + ??? root:rubyman
Oct 14 06:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10818]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409560 of user rubyman.
Oct 14 06:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10818]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409560.
Oct 14 06:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6826]: pam_unix(cron:session): session closed for user root
Oct 14 06:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10741]: pam_unix(cron:session): session closed for user root
Oct 14 06:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2  user=root
Oct 14 06:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: Failed password for root from 46.20.111.2 port 50014 ssh2
Oct 14 06:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: Received disconnect from 46.20.111.2 port 50014:11: Bye Bye [preauth]
Oct 14 06:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: Disconnected from 46.20.111.2 port 50014 [preauth]
Oct 14 06:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10739]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9638]: pam_unix(cron:session): session closed for user root
Oct 14 06:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11170]: Invalid user gerrit from 196.251.84.92
Oct 14 06:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11170]: input_userauth_request: invalid user gerrit [preauth]
Oct 14 06:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11170]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11170]: Failed password for invalid user gerrit from 196.251.84.92 port 46240 ssh2
Oct 14 06:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11170]: Connection closed by 196.251.84.92 port 46240 [preauth]
Oct 14 06:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: Invalid user guest from 190.153.249.99
Oct 14 06:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: input_userauth_request: invalid user guest [preauth]
Oct 14 06:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 06:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: Failed password for invalid user guest from 190.153.249.99 port 41443 ssh2
Oct 14 06:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: Received disconnect from 190.153.249.99 port 41443:11: Bye Bye [preauth]
Oct 14 06:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: Disconnected from 190.153.249.99 port 41443 [preauth]
Oct 14 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11225]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11228]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11221]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11312]: Successful su for rubyman by root
Oct 14 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11312]: + ??? root:rubyman
Oct 14 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11312]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409567 of user rubyman.
Oct 14 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11312]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409567.
Oct 14 06:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7404]: pam_unix(cron:session): session closed for user root
Oct 14 06:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11224]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10243]: pam_unix(cron:session): session closed for user root
Oct 14 06:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: Invalid user netbox from 46.20.111.2
Oct 14 06:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: input_userauth_request: invalid user netbox [preauth]
Oct 14 06:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 06:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: Failed password for invalid user netbox from 46.20.111.2 port 50044 ssh2
Oct 14 06:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: Received disconnect from 46.20.111.2 port 50044:11: Bye Bye [preauth]
Oct 14 06:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: Disconnected from 46.20.111.2 port 50044 [preauth]
Oct 14 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11811]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11806]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11803]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11885]: Successful su for rubyman by root
Oct 14 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11885]: + ??? root:rubyman
Oct 14 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409570 of user rubyman.
Oct 14 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11885]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409570.
Oct 14 06:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8417]: pam_unix(cron:session): session closed for user root
Oct 14 06:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: Invalid user gerrit from 196.251.84.92
Oct 14 06:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: input_userauth_request: invalid user gerrit [preauth]
Oct 14 06:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: Failed password for invalid user gerrit from 196.251.84.92 port 38542 ssh2
Oct 14 06:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: Connection closed by 196.251.84.92 port 38542 [preauth]
Oct 14 06:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11804]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Invalid user centos from 196.251.84.140
Oct 14 06:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: input_userauth_request: invalid user centos [preauth]
Oct 14 06:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Failed password for invalid user centos from 196.251.84.140 port 39926 ssh2
Oct 14 06:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Connection closed by 196.251.84.140 port 39926 [preauth]
Oct 14 06:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10745]: pam_unix(cron:session): session closed for user root
Oct 14 06:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12247]: Invalid user palworld from 190.153.249.99
Oct 14 06:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12247]: input_userauth_request: invalid user palworld [preauth]
Oct 14 06:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12247]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.249.99
Oct 14 06:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12247]: Failed password for invalid user palworld from 190.153.249.99 port 59855 ssh2
Oct 14 06:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12247]: Received disconnect from 190.153.249.99 port 59855:11: Bye Bye [preauth]
Oct 14 06:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12247]: Disconnected from 190.153.249.99 port 59855 [preauth]
Oct 14 06:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.80  user=root
Oct 14 06:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: Failed password for root from 207.46.224.80 port 40897 ssh2
Oct 14 06:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: Connection closed by 207.46.224.80 port 40897 [preauth]
Oct 14 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12294]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12293]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12291]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12367]: Successful su for rubyman by root
Oct 14 06:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12367]: + ??? root:rubyman
Oct 14 06:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409575 of user rubyman.
Oct 14 06:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12367]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409575.
Oct 14 06:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9018]: pam_unix(cron:session): session closed for user root
Oct 14 06:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2  user=root
Oct 14 06:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: Failed password for root from 46.20.111.2 port 53840 ssh2
Oct 14 06:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: Received disconnect from 46.20.111.2 port 53840:11: Bye Bye [preauth]
Oct 14 06:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: Disconnected from 46.20.111.2 port 53840 [preauth]
Oct 14 06:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12292]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12689]: Invalid user gerrit from 196.251.84.92
Oct 14 06:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12689]: input_userauth_request: invalid user gerrit [preauth]
Oct 14 06:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12689]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12689]: Failed password for invalid user gerrit from 196.251.84.92 port 58830 ssh2
Oct 14 06:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12689]: Connection closed by 196.251.84.92 port 58830 [preauth]
Oct 14 06:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11228]: pam_unix(cron:session): session closed for user root
Oct 14 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12780]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12779]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12773]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12777]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12979]: Successful su for rubyman by root
Oct 14 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12979]: + ??? root:rubyman
Oct 14 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409579 of user rubyman.
Oct 14 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12979]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409579.
Oct 14 06:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12773]: pam_unix(cron:session): session closed for user root
Oct 14 06:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9637]: pam_unix(cron:session): session closed for user root
Oct 14 06:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12778]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11811]: pam_unix(cron:session): session closed for user root
Oct 14 06:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13449]: User john from 46.20.111.2 not allowed because not listed in AllowUsers
Oct 14 06:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13449]: input_userauth_request: invalid user john [preauth]
Oct 14 06:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2  user=john
Oct 14 06:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13449]: Failed password for invalid user john from 46.20.111.2 port 34458 ssh2
Oct 14 06:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13449]: Received disconnect from 46.20.111.2 port 34458:11: Bye Bye [preauth]
Oct 14 06:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13449]: Disconnected from 46.20.111.2 port 34458 [preauth]
Oct 14 06:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Invalid user user from 62.60.131.157
Oct 14 06:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: input_userauth_request: invalid user user [preauth]
Oct 14 06:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 06:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Failed password for invalid user user from 62.60.131.157 port 46045 ssh2
Oct 14 06:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Failed password for invalid user user from 62.60.131.157 port 46045 ssh2
Oct 14 06:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Failed password for invalid user user from 62.60.131.157 port 46045 ssh2
Oct 14 06:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Failed password for invalid user user from 62.60.131.157 port 46045 ssh2
Oct 14 06:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Invalid user gerrit from 196.251.84.92
Oct 14 06:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: input_userauth_request: invalid user gerrit [preauth]
Oct 14 06:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Failed password for invalid user user from 62.60.131.157 port 46045 ssh2
Oct 14 06:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Received disconnect from 62.60.131.157 port 46045:11: Bye [preauth]
Oct 14 06:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Disconnected from 62.60.131.157 port 46045 [preauth]
Oct 14 06:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 06:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Failed password for invalid user gerrit from 196.251.84.92 port 50712 ssh2
Oct 14 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Connection closed by 196.251.84.92 port 50712 [preauth]
Oct 14 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13532]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13533]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13534]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13534]: pam_unix(cron:session): session closed for user root
Oct 14 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13527]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13609]: Successful su for rubyman by root
Oct 14 06:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13609]: + ??? root:rubyman
Oct 14 06:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409583 of user rubyman.
Oct 14 06:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13609]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409583.
Oct 14 06:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10242]: pam_unix(cron:session): session closed for user root
Oct 14 06:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session closed for user root
Oct 14 06:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13529]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12294]: pam_unix(cron:session): session closed for user root
Oct 14 06:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13955]: Invalid user centos from 196.251.84.140
Oct 14 06:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13955]: input_userauth_request: invalid user centos [preauth]
Oct 14 06:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13955]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13955]: Failed password for invalid user centos from 196.251.84.140 port 38760 ssh2
Oct 14 06:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13955]: Connection closed by 196.251.84.140 port 38760 [preauth]
Oct 14 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14129]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14130]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14127]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14209]: Successful su for rubyman by root
Oct 14 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14209]: + ??? root:rubyman
Oct 14 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409589 of user rubyman.
Oct 14 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14209]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409589.
Oct 14 06:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10743]: pam_unix(cron:session): session closed for user root
Oct 14 06:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14128]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: Invalid user josue from 46.20.111.2
Oct 14 06:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: input_userauth_request: invalid user josue [preauth]
Oct 14 06:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 06:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: Failed password for invalid user josue from 46.20.111.2 port 42296 ssh2
Oct 14 06:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: Received disconnect from 46.20.111.2 port 42296:11: Bye Bye [preauth]
Oct 14 06:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: Disconnected from 46.20.111.2 port 42296 [preauth]
Oct 14 06:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: Invalid user gerrit from 196.251.84.92
Oct 14 06:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: input_userauth_request: invalid user gerrit [preauth]
Oct 14 06:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: Failed password for invalid user gerrit from 196.251.84.92 port 44856 ssh2
Oct 14 06:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: Connection closed by 196.251.84.92 port 44856 [preauth]
Oct 14 06:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12780]: pam_unix(cron:session): session closed for user root
Oct 14 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14594]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14595]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14592]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14661]: Successful su for rubyman by root
Oct 14 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14661]: + ??? root:rubyman
Oct 14 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409593 of user rubyman.
Oct 14 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14661]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409593.
Oct 14 06:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11225]: pam_unix(cron:session): session closed for user root
Oct 14 06:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14593]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.80  user=root
Oct 14 06:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: Failed password for root from 207.46.224.80 port 40896 ssh2
Oct 14 06:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14885]: Connection closed by 207.46.224.80 port 40896 [preauth]
Oct 14 06:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13533]: pam_unix(cron:session): session closed for user root
Oct 14 06:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: Invalid user fawaz from 46.20.111.2
Oct 14 06:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: input_userauth_request: invalid user fawaz [preauth]
Oct 14 06:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 06:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: Failed password for invalid user fawaz from 46.20.111.2 port 51524 ssh2
Oct 14 06:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: Received disconnect from 46.20.111.2 port 51524:11: Bye Bye [preauth]
Oct 14 06:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: Disconnected from 46.20.111.2 port 51524 [preauth]
Oct 14 06:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15039]: Invalid user gerrit from 196.251.84.92
Oct 14 06:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15039]: input_userauth_request: invalid user gerrit [preauth]
Oct 14 06:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15039]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15039]: Failed password for invalid user gerrit from 196.251.84.92 port 38886 ssh2
Oct 14 06:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15039]: Connection closed by 196.251.84.92 port 38886 [preauth]
Oct 14 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15152]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15151]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15149]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15227]: Successful su for rubyman by root
Oct 14 06:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15227]: + ??? root:rubyman
Oct 14 06:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409598 of user rubyman.
Oct 14 06:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15227]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409598.
Oct 14 06:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11806]: pam_unix(cron:session): session closed for user root
Oct 14 06:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15150]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14130]: pam_unix(cron:session): session closed for user root
Oct 14 06:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15573]: Invalid user centos from 196.251.84.140
Oct 14 06:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15573]: input_userauth_request: invalid user centos [preauth]
Oct 14 06:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15573]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15573]: Failed password for invalid user centos from 196.251.84.140 port 34148 ssh2
Oct 14 06:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15573]: Connection closed by 196.251.84.140 port 34148 [preauth]
Oct 14 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15610]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15611]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15606]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15606]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15682]: Successful su for rubyman by root
Oct 14 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15682]: + ??? root:rubyman
Oct 14 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409603 of user rubyman.
Oct 14 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15682]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409603.
Oct 14 06:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12293]: pam_unix(cron:session): session closed for user root
Oct 14 06:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: Invalid user gerrit from 196.251.84.92
Oct 14 06:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: input_userauth_request: invalid user gerrit [preauth]
Oct 14 06:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15609]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: Failed password for invalid user gerrit from 196.251.84.92 port 59158 ssh2
Oct 14 06:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: Connection closed by 196.251.84.92 port 59158 [preauth]
Oct 14 06:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: Invalid user vpn from 46.20.111.2
Oct 14 06:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: input_userauth_request: invalid user vpn [preauth]
Oct 14 06:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 06:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: Failed password for invalid user vpn from 46.20.111.2 port 38726 ssh2
Oct 14 06:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: Received disconnect from 46.20.111.2 port 38726:11: Bye Bye [preauth]
Oct 14 06:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15930]: Disconnected from 46.20.111.2 port 38726 [preauth]
Oct 14 06:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14595]: pam_unix(cron:session): session closed for user root
Oct 14 06:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143  user=root
Oct 14 06:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16021]: Failed password for root from 157.97.107.143 port 50950 ssh2
Oct 14 06:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16021]: Received disconnect from 157.97.107.143 port 50950:11: Bye Bye [preauth]
Oct 14 06:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16021]: Disconnected from 157.97.107.143 port 50950 [preauth]
Oct 14 06:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Did not receive identification string from 80.211.129.128
Oct 14 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16074]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16073]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16077]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16076]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16077]: pam_unix(cron:session): session closed for user root
Oct 14 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16071]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16152]: Successful su for rubyman by root
Oct 14 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16152]: + ??? root:rubyman
Oct 14 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409609 of user rubyman.
Oct 14 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16152]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409609.
Oct 14 06:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.193.81.23  user=root
Oct 14 06:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16073]: pam_unix(cron:session): session closed for user root
Oct 14 06:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16263]: Failed password for root from 124.193.81.23 port 39556 ssh2
Oct 14 06:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12779]: pam_unix(cron:session): session closed for user root
Oct 14 06:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16263]: Received disconnect from 124.193.81.23 port 39556:11: Bye Bye [preauth]
Oct 14 06:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16263]: Disconnected from 124.193.81.23 port 39556 [preauth]
Oct 14 06:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16072]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15152]: pam_unix(cron:session): session closed for user root
Oct 14 06:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16500]: Invalid user gerrit from 196.251.84.92
Oct 14 06:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16500]: input_userauth_request: invalid user gerrit [preauth]
Oct 14 06:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16500]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16500]: Failed password for invalid user gerrit from 196.251.84.92 port 51244 ssh2
Oct 14 06:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16500]: Connection closed by 196.251.84.92 port 51244 [preauth]
Oct 14 06:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: Invalid user cha from 182.13.96.129
Oct 14 06:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: input_userauth_request: invalid user cha [preauth]
Oct 14 06:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.13.96.129
Oct 14 06:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Invalid user sysadmin from 46.20.111.2
Oct 14 06:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: input_userauth_request: invalid user sysadmin [preauth]
Oct 14 06:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.111.2
Oct 14 06:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: Failed password for invalid user cha from 182.13.96.129 port 54482 ssh2
Oct 14 06:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: Received disconnect from 182.13.96.129 port 54482:11: Bye Bye [preauth]
Oct 14 06:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: Disconnected from 182.13.96.129 port 54482 [preauth]
Oct 14 06:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Failed password for invalid user sysadmin from 46.20.111.2 port 35210 ssh2
Oct 14 06:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Received disconnect from 46.20.111.2 port 35210:11: Bye Bye [preauth]
Oct 14 06:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Disconnected from 46.20.111.2 port 35210 [preauth]
Oct 14 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16595]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16593]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16591]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16666]: Successful su for rubyman by root
Oct 14 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16666]: + ??? root:rubyman
Oct 14 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409612 of user rubyman.
Oct 14 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16666]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409612.
Oct 14 06:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13532]: pam_unix(cron:session): session closed for user root
Oct 14 06:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16592]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16922]: Invalid user user from 192.40.58.3
Oct 14 06:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16922]: input_userauth_request: invalid user user [preauth]
Oct 14 06:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16922]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 06:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16922]: Failed password for invalid user user from 192.40.58.3 port 47166 ssh2
Oct 14 06:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16922]: Received disconnect from 192.40.58.3 port 47166:11: Bye Bye [preauth]
Oct 14 06:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16922]: Disconnected from 192.40.58.3 port 47166 [preauth]
Oct 14 06:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15611]: pam_unix(cron:session): session closed for user root
Oct 14 06:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.80  user=root
Oct 14 06:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16961]: Failed password for root from 207.46.224.80 port 40896 ssh2
Oct 14 06:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16961]: Connection closed by 207.46.224.80 port 40896 [preauth]
Oct 14 06:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5  user=root
Oct 14 06:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: Failed password for root from 14.241.254.5 port 18318 ssh2
Oct 14 06:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: Received disconnect from 14.241.254.5 port 18318:11: Bye Bye [preauth]
Oct 14 06:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: Disconnected from 14.241.254.5 port 18318 [preauth]
Oct 14 06:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17061]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17059]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17055]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17055]: pam_unix(cron:session): session closed for user root
Oct 14 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17057]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17148]: Successful su for rubyman by root
Oct 14 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17148]: + ??? root:rubyman
Oct 14 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409615 of user rubyman.
Oct 14 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17148]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409615.
Oct 14 06:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17046]: Invalid user centos from 196.251.84.140
Oct 14 06:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17046]: input_userauth_request: invalid user centos [preauth]
Oct 14 06:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17046]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: Invalid user gerrit from 196.251.84.92
Oct 14 06:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: input_userauth_request: invalid user gerrit [preauth]
Oct 14 06:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17046]: Failed password for invalid user centos from 196.251.84.140 port 59306 ssh2
Oct 14 06:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: Failed password for invalid user gerrit from 196.251.84.92 port 43246 ssh2
Oct 14 06:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: Connection closed by 196.251.84.92 port 43246 [preauth]
Oct 14 06:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17046]: Connection closed by 196.251.84.140 port 59306 [preauth]
Oct 14 06:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14129]: pam_unix(cron:session): session closed for user root
Oct 14 06:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17058]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: Invalid user ts1 from 157.97.107.143
Oct 14 06:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: input_userauth_request: invalid user ts1 [preauth]
Oct 14 06:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16076]: pam_unix(cron:session): session closed for user root
Oct 14 06:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: Failed password for invalid user ts1 from 157.97.107.143 port 37920 ssh2
Oct 14 06:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: Received disconnect from 157.97.107.143 port 37920:11: Bye Bye [preauth]
Oct 14 06:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: Disconnected from 157.97.107.143 port 37920 [preauth]
Oct 14 06:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17525]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17524]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17522]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17607]: Successful su for rubyman by root
Oct 14 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17607]: + ??? root:rubyman
Oct 14 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409621 of user rubyman.
Oct 14 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17607]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409621.
Oct 14 06:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17519]: Connection closed by 67.10.184.83 port 37426 [preauth]
Oct 14 06:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14594]: pam_unix(cron:session): session closed for user root
Oct 14 06:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17523]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: Invalid user sham from 192.40.58.3
Oct 14 06:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: input_userauth_request: invalid user sham [preauth]
Oct 14 06:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 06:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Invalid user www from 196.251.84.92
Oct 14 06:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: input_userauth_request: invalid user www [preauth]
Oct 14 06:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: Failed password for invalid user sham from 192.40.58.3 port 55360 ssh2
Oct 14 06:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: Received disconnect from 192.40.58.3 port 55360:11: Bye Bye [preauth]
Oct 14 06:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17955]: Disconnected from 192.40.58.3 port 55360 [preauth]
Oct 14 06:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Failed password for invalid user www from 196.251.84.92 port 34858 ssh2
Oct 14 06:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Connection closed by 196.251.84.92 port 34858 [preauth]
Oct 14 06:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16595]: pam_unix(cron:session): session closed for user root
Oct 14 06:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Invalid user rose from 157.66.34.56
Oct 14 06:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: input_userauth_request: invalid user rose [preauth]
Oct 14 06:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 06:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Failed password for invalid user rose from 157.66.34.56 port 46684 ssh2
Oct 14 06:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Received disconnect from 157.66.34.56 port 46684:11: Bye Bye [preauth]
Oct 14 06:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Disconnected from 157.66.34.56 port 46684 [preauth]
Oct 14 06:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: Invalid user hong from 157.97.107.143
Oct 14 06:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: input_userauth_request: invalid user hong [preauth]
Oct 14 06:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: Failed password for invalid user hong from 157.97.107.143 port 50714 ssh2
Oct 14 06:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: Received disconnect from 157.97.107.143 port 50714:11: Bye Bye [preauth]
Oct 14 06:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: Disconnected from 157.97.107.143 port 50714 [preauth]
Oct 14 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18092]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18090]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18089]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18088]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18279]: Successful su for rubyman by root
Oct 14 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18279]: + ??? root:rubyman
Oct 14 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409625 of user rubyman.
Oct 14 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18279]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409625.
Oct 14 06:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15151]: pam_unix(cron:session): session closed for user root
Oct 14 06:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18089]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5  user=root
Oct 14 06:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18675]: Failed password for root from 14.241.254.5 port 17378 ssh2
Oct 14 06:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18675]: Received disconnect from 14.241.254.5 port 17378:11: Bye Bye [preauth]
Oct 14 06:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18675]: Disconnected from 14.241.254.5 port 17378 [preauth]
Oct 14 06:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17061]: pam_unix(cron:session): session closed for user root
Oct 14 06:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3  user=root
Oct 14 06:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: Failed password for root from 192.40.58.3 port 58144 ssh2
Oct 14 06:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: Received disconnect from 192.40.58.3 port 58144:11: Bye Bye [preauth]
Oct 14 06:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18775]: Disconnected from 192.40.58.3 port 58144 [preauth]
Oct 14 06:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18788]: Invalid user www from 196.251.84.92
Oct 14 06:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18788]: input_userauth_request: invalid user www [preauth]
Oct 14 06:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18788]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18788]: Failed password for invalid user www from 196.251.84.92 port 54714 ssh2
Oct 14 06:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18788]: Connection closed by 196.251.84.92 port 54714 [preauth]
Oct 14 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18812]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18813]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18808]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18809]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18813]: pam_unix(cron:session): session closed for user root
Oct 14 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18805]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18896]: Successful su for rubyman by root
Oct 14 06:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18896]: + ??? root:rubyman
Oct 14 06:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409627 of user rubyman.
Oct 14 06:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18896]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409627.
Oct 14 06:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18808]: pam_unix(cron:session): session closed for user root
Oct 14 06:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15610]: pam_unix(cron:session): session closed for user root
Oct 14 06:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19229]: Invalid user toor from 157.97.107.143
Oct 14 06:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19229]: input_userauth_request: invalid user toor [preauth]
Oct 14 06:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19229]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19229]: Failed password for invalid user toor from 157.97.107.143 port 33826 ssh2
Oct 14 06:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19229]: Received disconnect from 157.97.107.143 port 33826:11: Bye Bye [preauth]
Oct 14 06:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19229]: Disconnected from 157.97.107.143 port 33826 [preauth]
Oct 14 06:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19251]: Invalid user centos from 196.251.84.140
Oct 14 06:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19251]: input_userauth_request: invalid user centos [preauth]
Oct 14 06:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19251]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18806]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19251]: Failed password for invalid user centos from 196.251.84.140 port 55274 ssh2
Oct 14 06:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19251]: Connection closed by 196.251.84.140 port 55274 [preauth]
Oct 14 06:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17525]: pam_unix(cron:session): session closed for user root
Oct 14 06:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19625]: Invalid user kafka from 157.66.34.56
Oct 14 06:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19625]: input_userauth_request: invalid user kafka [preauth]
Oct 14 06:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19625]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 06:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19625]: Failed password for invalid user kafka from 157.66.34.56 port 57912 ssh2
Oct 14 06:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19625]: Received disconnect from 157.66.34.56 port 57912:11: Bye Bye [preauth]
Oct 14 06:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19625]: Disconnected from 157.66.34.56 port 57912 [preauth]
Oct 14 06:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.80  user=root
Oct 14 06:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19694]: Failed password for root from 207.46.224.80 port 40896 ssh2
Oct 14 06:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19694]: Connection closed by 207.46.224.80 port 40896 [preauth]
Oct 14 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19748]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19747]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19745]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19864]: Successful su for rubyman by root
Oct 14 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19864]: + ??? root:rubyman
Oct 14 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409633 of user rubyman.
Oct 14 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19864]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409633.
Oct 14 06:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: User mysql from 14.241.254.5 not allowed because not listed in AllowUsers
Oct 14 06:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: input_userauth_request: invalid user mysql [preauth]
Oct 14 06:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5  user=mysql
Oct 14 06:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16074]: pam_unix(cron:session): session closed for user root
Oct 14 06:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: Failed password for invalid user mysql from 14.241.254.5 port 58800 ssh2
Oct 14 06:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: Received disconnect from 14.241.254.5 port 58800:11: Bye Bye [preauth]
Oct 14 06:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20062]: Disconnected from 14.241.254.5 port 58800 [preauth]
Oct 14 06:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3  user=root
Oct 14 06:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Failed password for root from 192.40.58.3 port 43920 ssh2
Oct 14 06:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Received disconnect from 192.40.58.3 port 43920:11: Bye Bye [preauth]
Oct 14 06:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Disconnected from 192.40.58.3 port 43920 [preauth]
Oct 14 06:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19746]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20159]: Invalid user www from 196.251.84.92
Oct 14 06:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20159]: input_userauth_request: invalid user www [preauth]
Oct 14 06:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20159]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20159]: Failed password for invalid user www from 196.251.84.92 port 46188 ssh2
Oct 14 06:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20159]: Connection closed by 196.251.84.92 port 46188 [preauth]
Oct 14 06:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151  user=root
Oct 14 06:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: Invalid user sahil from 157.97.107.143
Oct 14 06:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: input_userauth_request: invalid user sahil [preauth]
Oct 14 06:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20165]: Failed password for root from 193.32.162.151 port 41920 ssh2
Oct 14 06:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20165]: Connection closed by 193.32.162.151 port 41920 [preauth]
Oct 14 06:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: Failed password for invalid user sahil from 157.97.107.143 port 37174 ssh2
Oct 14 06:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: Received disconnect from 157.97.107.143 port 37174:11: Bye Bye [preauth]
Oct 14 06:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20178]: Disconnected from 157.97.107.143 port 37174 [preauth]
Oct 14 06:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18092]: pam_unix(cron:session): session closed for user root
Oct 14 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20331]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20333]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20329]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20410]: Successful su for rubyman by root
Oct 14 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20410]: + ??? root:rubyman
Oct 14 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20410]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409637 of user rubyman.
Oct 14 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20410]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409637.
Oct 14 06:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16593]: pam_unix(cron:session): session closed for user root
Oct 14 06:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20330]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 14 06:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: Failed password for root from 62.60.131.157 port 61415 ssh2
Oct 14 06:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: message repeated 2 times: [ Failed password for root from 62.60.131.157 port 61415 ssh2]
Oct 14 06:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20713]: Invalid user user01 from 192.40.58.3
Oct 14 06:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20713]: input_userauth_request: invalid user user01 [preauth]
Oct 14 06:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20713]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 06:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: Invalid user ubuntu from 157.66.34.56
Oct 14 06:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 06:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 06:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: Failed password for root from 62.60.131.157 port 61415 ssh2
Oct 14 06:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20713]: Failed password for invalid user user01 from 192.40.58.3 port 36664 ssh2
Oct 14 06:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20713]: Received disconnect from 192.40.58.3 port 36664:11: Bye Bye [preauth]
Oct 14 06:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20713]: Disconnected from 192.40.58.3 port 36664 [preauth]
Oct 14 06:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20737]: Invalid user odoo13 from 157.97.107.143
Oct 14 06:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20737]: input_userauth_request: invalid user odoo13 [preauth]
Oct 14 06:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20737]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: Failed password for invalid user ubuntu from 157.66.34.56 port 35066 ssh2
Oct 14 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: Received disconnect from 157.66.34.56 port 35066:11: Bye Bye [preauth]
Oct 14 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20717]: Disconnected from 157.66.34.56 port 35066 [preauth]
Oct 14 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: Failed password for root from 62.60.131.157 port 61415 ssh2
Oct 14 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: Received disconnect from 62.60.131.157 port 61415:11: Bye [preauth]
Oct 14 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: Disconnected from 62.60.131.157 port 61415 [preauth]
Oct 14 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 14 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 06:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18812]: pam_unix(cron:session): session closed for user root
Oct 14 06:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20737]: Failed password for invalid user odoo13 from 157.97.107.143 port 39816 ssh2
Oct 14 06:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20737]: Received disconnect from 157.97.107.143 port 39816:11: Bye Bye [preauth]
Oct 14 06:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20737]: Disconnected from 157.97.107.143 port 39816 [preauth]
Oct 14 06:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: Invalid user www from 196.251.84.92
Oct 14 06:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: input_userauth_request: invalid user www [preauth]
Oct 14 06:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: Failed password for invalid user www from 196.251.84.92 port 37370 ssh2
Oct 14 06:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: Connection closed by 196.251.84.92 port 37370 [preauth]
Oct 14 06:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: Invalid user ftpuser from 14.241.254.5
Oct 14 06:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 06:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 06:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: Failed password for invalid user ftpuser from 14.241.254.5 port 52608 ssh2
Oct 14 06:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: Received disconnect from 14.241.254.5 port 52608:11: Bye Bye [preauth]
Oct 14 06:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: Disconnected from 14.241.254.5 port 52608 [preauth]
Oct 14 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20825]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20821]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20890]: Successful su for rubyman by root
Oct 14 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20890]: + ??? root:rubyman
Oct 14 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20890]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409641 of user rubyman.
Oct 14 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20890]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409641.
Oct 14 06:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17059]: pam_unix(cron:session): session closed for user root
Oct 14 06:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20822]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: Invalid user centos from 196.251.84.140
Oct 14 06:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: input_userauth_request: invalid user centos [preauth]
Oct 14 06:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: Failed password for invalid user centos from 196.251.84.140 port 55816 ssh2
Oct 14 06:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21147]: Connection closed by 196.251.84.140 port 55816 [preauth]
Oct 14 06:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19748]: pam_unix(cron:session): session closed for user root
Oct 14 06:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: Invalid user ftpuser from 157.97.107.143
Oct 14 06:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 06:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: Invalid user valerie from 192.40.58.3
Oct 14 06:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: input_userauth_request: invalid user valerie [preauth]
Oct 14 06:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 06:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: Failed password for invalid user ftpuser from 157.97.107.143 port 54082 ssh2
Oct 14 06:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: Received disconnect from 157.97.107.143 port 54082:11: Bye Bye [preauth]
Oct 14 06:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21254]: Disconnected from 157.97.107.143 port 54082 [preauth]
Oct 14 06:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: Failed password for invalid user valerie from 192.40.58.3 port 56650 ssh2
Oct 14 06:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: Received disconnect from 192.40.58.3 port 56650:11: Bye Bye [preauth]
Oct 14 06:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: Disconnected from 192.40.58.3 port 56650 [preauth]
Oct 14 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21291]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21290]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21286]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21409]: Successful su for rubyman by root
Oct 14 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21409]: + ??? root:rubyman
Oct 14 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409647 of user rubyman.
Oct 14 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21409]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409647.
Oct 14 06:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: Invalid user www from 196.251.84.92
Oct 14 06:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: input_userauth_request: invalid user www [preauth]
Oct 14 06:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17524]: pam_unix(cron:session): session closed for user root
Oct 14 06:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: Failed password for invalid user www from 196.251.84.92 port 56538 ssh2
Oct 14 06:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21559]: Connection closed by 196.251.84.92 port 56538 [preauth]
Oct 14 06:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21288]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56  user=root
Oct 14 06:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21678]: Failed password for root from 157.66.34.56 port 51076 ssh2
Oct 14 06:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21678]: Received disconnect from 157.66.34.56 port 51076:11: Bye Bye [preauth]
Oct 14 06:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21678]: Disconnected from 157.66.34.56 port 51076 [preauth]
Oct 14 06:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20333]: pam_unix(cron:session): session closed for user root
Oct 14 06:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.80  user=root
Oct 14 06:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: Failed password for root from 207.46.224.80 port 40896 ssh2
Oct 14 06:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: Invalid user odoo13 from 14.241.254.5
Oct 14 06:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: input_userauth_request: invalid user odoo13 [preauth]
Oct 14 06:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 06:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21782]: Connection closed by 207.46.224.80 port 40896 [preauth]
Oct 14 06:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: Failed password for invalid user odoo13 from 14.241.254.5 port 49854 ssh2
Oct 14 06:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21795]: Invalid user admin from 2.57.121.25
Oct 14 06:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21795]: input_userauth_request: invalid user admin [preauth]
Oct 14 06:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21795]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 06:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: Received disconnect from 14.241.254.5 port 49854:11: Bye Bye [preauth]
Oct 14 06:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21793]: Disconnected from 14.241.254.5 port 49854 [preauth]
Oct 14 06:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21795]: Failed password for invalid user admin from 2.57.121.25 port 48194 ssh2
Oct 14 06:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21795]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21795]: Failed password for invalid user admin from 2.57.121.25 port 48194 ssh2
Oct 14 06:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21795]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21795]: Failed password for invalid user admin from 2.57.121.25 port 48194 ssh2
Oct 14 06:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21795]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21825]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21827]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21826]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21828]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21821]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21828]: pam_unix(cron:session): session closed for user root
Oct 14 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21823]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21795]: Failed password for invalid user admin from 2.57.121.25 port 48194 ssh2
Oct 14 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21795]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21929]: Successful su for rubyman by root
Oct 14 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21929]: + ??? root:rubyman
Oct 14 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409651 of user rubyman.
Oct 14 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21929]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409651.
Oct 14 06:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21795]: Failed password for invalid user admin from 2.57.121.25 port 48194 ssh2
Oct 14 06:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21795]: Received disconnect from 2.57.121.25 port 48194:11: Bye [preauth]
Oct 14 06:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21795]: Disconnected from 2.57.121.25 port 48194 [preauth]
Oct 14 06:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21795]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 06:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21795]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 06:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21825]: pam_unix(cron:session): session closed for user root
Oct 14 06:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18090]: pam_unix(cron:session): session closed for user root
Oct 14 06:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22112]: Invalid user str from 157.97.107.143
Oct 14 06:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22112]: input_userauth_request: invalid user str [preauth]
Oct 14 06:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22112]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22112]: Failed password for invalid user str from 157.97.107.143 port 45560 ssh2
Oct 14 06:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22112]: Received disconnect from 157.97.107.143 port 45560:11: Bye Bye [preauth]
Oct 14 06:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22112]: Disconnected from 157.97.107.143 port 45560 [preauth]
Oct 14 06:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21821]: pam_unix(cron:session): session closed for user root
Oct 14 06:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: Invalid user andrew from 192.40.58.3
Oct 14 06:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: input_userauth_request: invalid user andrew [preauth]
Oct 14 06:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 06:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: Failed password for invalid user andrew from 192.40.58.3 port 45490 ssh2
Oct 14 06:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: Received disconnect from 192.40.58.3 port 45490:11: Bye Bye [preauth]
Oct 14 06:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: Disconnected from 192.40.58.3 port 45490 [preauth]
Oct 14 06:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21824]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: Invalid user www from 196.251.84.92
Oct 14 06:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: input_userauth_request: invalid user www [preauth]
Oct 14 06:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: Failed password for invalid user www from 196.251.84.92 port 47718 ssh2
Oct 14 06:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: Connection closed by 196.251.84.92 port 47718 [preauth]
Oct 14 06:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20825]: pam_unix(cron:session): session closed for user root
Oct 14 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22607]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22608]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22605]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22886]: Successful su for rubyman by root
Oct 14 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22886]: + ??? root:rubyman
Oct 14 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409656 of user rubyman.
Oct 14 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22886]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409656.
Oct 14 06:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18809]: pam_unix(cron:session): session closed for user root
Oct 14 06:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: Invalid user sonarqube from 157.66.34.56
Oct 14 06:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: input_userauth_request: invalid user sonarqube [preauth]
Oct 14 06:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 06:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: Failed password for invalid user sonarqube from 157.66.34.56 port 58386 ssh2
Oct 14 06:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: Received disconnect from 157.66.34.56 port 58386:11: Bye Bye [preauth]
Oct 14 06:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: Disconnected from 157.66.34.56 port 58386 [preauth]
Oct 14 06:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22606]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23335]: Invalid user syp from 157.97.107.143
Oct 14 06:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23335]: input_userauth_request: invalid user syp [preauth]
Oct 14 06:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23335]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23335]: Failed password for invalid user syp from 157.97.107.143 port 40390 ssh2
Oct 14 06:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23335]: Received disconnect from 157.97.107.143 port 40390:11: Bye Bye [preauth]
Oct 14 06:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23335]: Disconnected from 157.97.107.143 port 40390 [preauth]
Oct 14 06:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: Invalid user centos from 196.251.84.140
Oct 14 06:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: input_userauth_request: invalid user centos [preauth]
Oct 14 06:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21291]: pam_unix(cron:session): session closed for user root
Oct 14 06:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: Failed password for invalid user centos from 196.251.84.140 port 47598 ssh2
Oct 14 06:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: Connection closed by 196.251.84.140 port 47598 [preauth]
Oct 14 06:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5  user=root
Oct 14 06:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3  user=root
Oct 14 06:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23563]: Failed password for root from 14.241.254.5 port 27022 ssh2
Oct 14 06:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23565]: Failed password for root from 192.40.58.3 port 47188 ssh2
Oct 14 06:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23563]: Received disconnect from 14.241.254.5 port 27022:11: Bye Bye [preauth]
Oct 14 06:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23563]: Disconnected from 14.241.254.5 port 27022 [preauth]
Oct 14 06:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23565]: Received disconnect from 192.40.58.3 port 47188:11: Bye Bye [preauth]
Oct 14 06:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23565]: Disconnected from 192.40.58.3 port 47188 [preauth]
Oct 14 06:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23782]: Invalid user www from 196.251.84.92
Oct 14 06:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23782]: input_userauth_request: invalid user www [preauth]
Oct 14 06:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23782]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23782]: Failed password for invalid user www from 196.251.84.92 port 38546 ssh2
Oct 14 06:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23782]: Connection closed by 196.251.84.92 port 38546 [preauth]
Oct 14 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23799]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23800]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23796]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23881]: Successful su for rubyman by root
Oct 14 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23881]: + ??? root:rubyman
Oct 14 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409660 of user rubyman.
Oct 14 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23881]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409660.
Oct 14 06:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19747]: pam_unix(cron:session): session closed for user root
Oct 14 06:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23797]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Invalid user raju from 157.97.107.143
Oct 14 06:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: input_userauth_request: invalid user raju [preauth]
Oct 14 06:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Failed password for invalid user raju from 157.97.107.143 port 53264 ssh2
Oct 14 06:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Received disconnect from 157.97.107.143 port 53264:11: Bye Bye [preauth]
Oct 14 06:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Disconnected from 157.97.107.143 port 53264 [preauth]
Oct 14 06:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21827]: pam_unix(cron:session): session closed for user root
Oct 14 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24319]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24318]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24313]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24401]: Successful su for rubyman by root
Oct 14 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24401]: + ??? root:rubyman
Oct 14 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409664 of user rubyman.
Oct 14 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24401]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409664.
Oct 14 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56  user=root
Oct 14 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24421]: Failed password for root from 157.66.34.56 port 41622 ssh2
Oct 14 06:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24421]: Received disconnect from 157.66.34.56 port 41622:11: Bye Bye [preauth]
Oct 14 06:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24421]: Disconnected from 157.66.34.56 port 41622 [preauth]
Oct 14 06:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20331]: pam_unix(cron:session): session closed for user root
Oct 14 06:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24316]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3  user=root
Oct 14 06:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: Invalid user www from 196.251.84.92
Oct 14 06:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: input_userauth_request: invalid user www [preauth]
Oct 14 06:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Failed password for root from 192.40.58.3 port 58680 ssh2
Oct 14 06:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Received disconnect from 192.40.58.3 port 58680:11: Bye Bye [preauth]
Oct 14 06:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Disconnected from 192.40.58.3 port 58680 [preauth]
Oct 14 06:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: Failed password for invalid user www from 196.251.84.92 port 57234 ssh2
Oct 14 06:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24695]: Connection closed by 196.251.84.92 port 57234 [preauth]
Oct 14 06:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: Invalid user sgf from 193.32.162.151
Oct 14 06:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: input_userauth_request: invalid user sgf [preauth]
Oct 14 06:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 14 06:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: Failed password for invalid user sgf from 193.32.162.151 port 39464 ssh2
Oct 14 06:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: Connection closed by 193.32.162.151 port 39464 [preauth]
Oct 14 06:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Invalid user deploy from 14.241.254.5
Oct 14 06:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: input_userauth_request: invalid user deploy [preauth]
Oct 14 06:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 06:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Failed password for invalid user deploy from 14.241.254.5 port 22988 ssh2
Oct 14 06:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Received disconnect from 14.241.254.5 port 22988:11: Bye Bye [preauth]
Oct 14 06:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Disconnected from 14.241.254.5 port 22988 [preauth]
Oct 14 06:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22608]: pam_unix(cron:session): session closed for user root
Oct 14 06:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.80  user=root
Oct 14 06:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: Failed password for root from 207.46.224.80 port 40896 ssh2
Oct 14 06:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: Connection closed by 207.46.224.80 port 40896 [preauth]
Oct 14 06:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: Invalid user user01 from 157.97.107.143
Oct 14 06:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: input_userauth_request: invalid user user01 [preauth]
Oct 14 06:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: Failed password for invalid user user01 from 157.97.107.143 port 52618 ssh2
Oct 14 06:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: Received disconnect from 157.97.107.143 port 52618:11: Bye Bye [preauth]
Oct 14 06:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24821]: Disconnected from 157.97.107.143 port 52618 [preauth]
Oct 14 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24844]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24845]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24842]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24909]: Successful su for rubyman by root
Oct 14 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24909]: + ??? root:rubyman
Oct 14 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409669 of user rubyman.
Oct 14 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24909]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409669.
Oct 14 06:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.128.93.220  user=root
Oct 14 06:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24783]: Failed password for root from 84.128.93.220 port 33236 ssh2
Oct 14 06:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session closed for user root
Oct 14 06:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24783]: Connection closed by 84.128.93.220 port 33236 [preauth]
Oct 14 06:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24843]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: Invalid user admin from 84.128.93.220
Oct 14 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: input_userauth_request: invalid user admin [preauth]
Oct 14 06:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.128.93.220
Oct 14 06:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: Failed password for invalid user admin from 84.128.93.220 port 36481 ssh2
Oct 14 06:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: Connection closed by 84.128.93.220 port 36481 [preauth]
Oct 14 06:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23800]: pam_unix(cron:session): session closed for user root
Oct 14 06:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25527]: Invalid user www from 196.251.84.92
Oct 14 06:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25527]: input_userauth_request: invalid user www [preauth]
Oct 14 06:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25527]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25527]: Failed password for invalid user www from 196.251.84.92 port 47796 ssh2
Oct 14 06:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: Connection closed by 84.128.93.220 port 39155 [preauth]
Oct 14 06:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25527]: Connection closed by 196.251.84.92 port 47796 [preauth]
Oct 14 06:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: Invalid user centos from 196.251.84.140
Oct 14 06:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: input_userauth_request: invalid user centos [preauth]
Oct 14 06:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: Failed password for invalid user centos from 196.251.84.140 port 48826 ssh2
Oct 14 06:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: Connection closed by 196.251.84.140 port 48826 [preauth]
Oct 14 06:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56  user=root
Oct 14 06:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: Failed password for root from 157.66.34.56 port 55136 ssh2
Oct 14 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: Received disconnect from 157.66.34.56 port 55136:11: Bye Bye [preauth]
Oct 14 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: Disconnected from 157.66.34.56 port 55136 [preauth]
Oct 14 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25573]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25578]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25575]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25577]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25578]: pam_unix(cron:session): session closed for user root
Oct 14 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25568]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25656]: Successful su for rubyman by root
Oct 14 06:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25656]: + ??? root:rubyman
Oct 14 06:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409672 of user rubyman.
Oct 14 06:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25656]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409672.
Oct 14 06:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3  user=root
Oct 14 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: Failed password for root from 192.40.58.3 port 46396 ssh2
Oct 14 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: Received disconnect from 192.40.58.3 port 46396:11: Bye Bye [preauth]
Oct 14 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: Disconnected from 192.40.58.3 port 46396 [preauth]
Oct 14 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: Connection closed by 84.128.93.220 port 40666 [preauth]
Oct 14 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25573]: pam_unix(cron:session): session closed for user root
Oct 14 06:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21290]: pam_unix(cron:session): session closed for user root
Oct 14 06:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143  user=root
Oct 14 06:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: Failed password for root from 157.97.107.143 port 56072 ssh2
Oct 14 06:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: Received disconnect from 157.97.107.143 port 56072:11: Bye Bye [preauth]
Oct 14 06:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: Disconnected from 157.97.107.143 port 56072 [preauth]
Oct 14 06:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25755]: Connection closed by 84.128.93.220 port 42514 [preauth]
Oct 14 06:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25572]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5  user=root
Oct 14 06:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26052]: Failed password for root from 14.241.254.5 port 49564 ssh2
Oct 14 06:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26052]: Received disconnect from 14.241.254.5 port 49564:11: Bye Bye [preauth]
Oct 14 06:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26052]: Disconnected from 14.241.254.5 port 49564 [preauth]
Oct 14 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: Connection closed by 84.128.93.220 port 33987 [preauth]
Oct 14 06:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24319]: pam_unix(cron:session): session closed for user root
Oct 14 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26091]: Connection closed by 84.128.93.220 port 35848 [preauth]
Oct 14 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26173]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26174]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26171]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26264]: Successful su for rubyman by root
Oct 14 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26264]: + ??? root:rubyman
Oct 14 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409678 of user rubyman.
Oct 14 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26264]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409678.
Oct 14 06:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26158]: Connection closed by 84.128.93.220 port 37700 [preauth]
Oct 14 06:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21826]: pam_unix(cron:session): session closed for user root
Oct 14 06:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: Invalid user www from 196.251.84.92
Oct 14 06:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: input_userauth_request: invalid user www [preauth]
Oct 14 06:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: Failed password for invalid user www from 196.251.84.92 port 38360 ssh2
Oct 14 06:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26172]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: Connection closed by 196.251.84.92 port 38360 [preauth]
Oct 14 06:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26524]: Connection closed by 84.128.93.220 port 39412 [preauth]
Oct 14 06:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: Invalid user andrew from 157.97.107.143
Oct 14 06:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: input_userauth_request: invalid user andrew [preauth]
Oct 14 06:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: Failed password for invalid user andrew from 157.97.107.143 port 56880 ssh2
Oct 14 06:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: Received disconnect from 157.97.107.143 port 56880:11: Bye Bye [preauth]
Oct 14 06:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26652]: Disconnected from 157.97.107.143 port 56880 [preauth]
Oct 14 06:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24845]: pam_unix(cron:session): session closed for user root
Oct 14 06:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: Invalid user roo from 192.40.58.3
Oct 14 06:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: input_userauth_request: invalid user roo [preauth]
Oct 14 06:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 06:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: Failed password for invalid user roo from 192.40.58.3 port 53330 ssh2
Oct 14 06:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: Received disconnect from 192.40.58.3 port 53330:11: Bye Bye [preauth]
Oct 14 06:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: Disconnected from 192.40.58.3 port 53330 [preauth]
Oct 14 06:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: Connection closed by 84.128.93.220 port 41339 [preauth]
Oct 14 06:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56  user=root
Oct 14 06:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: Failed password for root from 157.66.34.56 port 52766 ssh2
Oct 14 06:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: Received disconnect from 157.66.34.56 port 52766:11: Bye Bye [preauth]
Oct 14 06:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: Disconnected from 157.66.34.56 port 52766 [preauth]
Oct 14 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26805]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26806]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26800]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26920]: Successful su for rubyman by root
Oct 14 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26920]: + ??? root:rubyman
Oct 14 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409682 of user rubyman.
Oct 14 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26920]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409682.
Oct 14 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5  user=root
Oct 14 06:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: Connection closed by 84.128.93.220 port 33421 [preauth]
Oct 14 06:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27146]: Failed password for root from 14.241.254.5 port 60634 ssh2
Oct 14 06:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27146]: Received disconnect from 14.241.254.5 port 60634:11: Bye Bye [preauth]
Oct 14 06:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27146]: Disconnected from 14.241.254.5 port 60634 [preauth]
Oct 14 06:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22607]: pam_unix(cron:session): session closed for user root
Oct 14 06:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26803]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27339]: Connection closed by 84.128.93.220 port 37782 [preauth]
Oct 14 06:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.80  user=root
Oct 14 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: Invalid user www from 196.251.84.92
Oct 14 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: input_userauth_request: invalid user www [preauth]
Oct 14 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: Failed password for root from 207.46.224.80 port 40896 ssh2
Oct 14 06:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25577]: pam_unix(cron:session): session closed for user root
Oct 14 06:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: Connection closed by 207.46.224.80 port 40896 [preauth]
Oct 14 06:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: Failed password for invalid user www from 196.251.84.92 port 56788 ssh2
Oct 14 06:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: Connection closed by 196.251.84.92 port 56788 [preauth]
Oct 14 06:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27149]: Connection closed by 84.128.93.220 port 35588 [preauth]
Oct 14 06:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: Invalid user bitcoin from 157.97.107.143
Oct 14 06:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: input_userauth_request: invalid user bitcoin [preauth]
Oct 14 06:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: Failed password for invalid user bitcoin from 157.97.107.143 port 54962 ssh2
Oct 14 06:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: Received disconnect from 157.97.107.143 port 54962:11: Bye Bye [preauth]
Oct 14 06:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: Disconnected from 157.97.107.143 port 54962 [preauth]
Oct 14 06:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27420]: Connection closed by 84.128.93.220 port 39514 [preauth]
Oct 14 06:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27502]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27501]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27496]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27862]: Successful su for rubyman by root
Oct 14 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27862]: + ??? root:rubyman
Oct 14 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409686 of user rubyman.
Oct 14 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27862]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409686.
Oct 14 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23799]: pam_unix(cron:session): session closed for user root
Oct 14 06:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: Invalid user centos from 196.251.84.140
Oct 14 06:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: input_userauth_request: invalid user centos [preauth]
Oct 14 06:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: Failed password for invalid user centos from 196.251.84.140 port 42804 ssh2
Oct 14 06:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28020]: Connection closed by 196.251.84.140 port 42804 [preauth]
Oct 14 06:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27497]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3  user=root
Oct 14 06:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28130]: Failed password for root from 192.40.58.3 port 39276 ssh2
Oct 14 06:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28130]: Received disconnect from 192.40.58.3 port 39276:11: Bye Bye [preauth]
Oct 14 06:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28130]: Disconnected from 192.40.58.3 port 39276 [preauth]
Oct 14 06:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28079]: Connection reset by 84.128.93.220 port 33396 [preauth]
Oct 14 06:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: Connection closed by 84.128.93.220 port 41207 [preauth]
Oct 14 06:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26174]: pam_unix(cron:session): session closed for user root
Oct 14 06:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28145]: Connection closed by 84.128.93.220 port 34624 [preauth]
Oct 14 06:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28220]: Invalid user asterisk from 157.66.34.56
Oct 14 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28220]: input_userauth_request: invalid user asterisk [preauth]
Oct 14 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28220]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 06:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28220]: Failed password for invalid user asterisk from 157.66.34.56 port 43324 ssh2
Oct 14 06:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28220]: Received disconnect from 157.66.34.56 port 43324:11: Bye Bye [preauth]
Oct 14 06:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28220]: Disconnected from 157.66.34.56 port 43324 [preauth]
Oct 14 06:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: Invalid user georg from 14.241.254.5
Oct 14 06:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: input_userauth_request: invalid user georg [preauth]
Oct 14 06:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 06:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: Failed password for invalid user georg from 14.241.254.5 port 20650 ssh2
Oct 14 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: Received disconnect from 14.241.254.5 port 20650:11: Bye Bye [preauth]
Oct 14 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28224]: Disconnected from 14.241.254.5 port 20650 [preauth]
Oct 14 06:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: Connection closed by 84.128.93.220 port 36315 [preauth]
Oct 14 06:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28278]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28277]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28273]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28276]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28273]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28357]: Successful su for rubyman by root
Oct 14 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28357]: + ??? root:rubyman
Oct 14 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409691 of user rubyman.
Oct 14 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28357]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409691.
Oct 14 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143  user=root
Oct 14 06:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: Invalid user www from 196.251.84.92
Oct 14 06:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: input_userauth_request: invalid user www [preauth]
Oct 14 06:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: Failed password for root from 157.97.107.143 port 33056 ssh2
Oct 14 06:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: Received disconnect from 157.97.107.143 port 33056:11: Bye Bye [preauth]
Oct 14 06:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28373]: Disconnected from 157.97.107.143 port 33056 [preauth]
Oct 14 06:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: Failed password for invalid user www from 196.251.84.92 port 47010 ssh2
Oct 14 06:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28262]: Invalid user user from 84.128.93.220
Oct 14 06:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28262]: input_userauth_request: invalid user user [preauth]
Oct 14 06:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: Connection closed by 196.251.84.92 port 47010 [preauth]
Oct 14 06:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28262]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.128.93.220
Oct 14 06:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24318]: pam_unix(cron:session): session closed for user root
Oct 14 06:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28262]: Failed password for invalid user user from 84.128.93.220 port 37692 ssh2
Oct 14 06:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28262]: Connection closed by 84.128.93.220 port 37692 [preauth]
Oct 14 06:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28276]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28816]: Connection closed by 84.128.93.220 port 39815 [preauth]
Oct 14 06:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26806]: pam_unix(cron:session): session closed for user root
Oct 14 06:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: Connection closed by 84.128.93.220 port 41840 [preauth]
Oct 14 06:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29070]: Connection closed by 84.128.93.220 port 33171 [preauth]
Oct 14 06:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29121]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29122]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29120]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29123]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29123]: pam_unix(cron:session): session closed for user root
Oct 14 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29114]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Invalid user sahil from 192.40.58.3
Oct 14 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: input_userauth_request: invalid user sahil [preauth]
Oct 14 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Failed password for invalid user sahil from 192.40.58.3 port 59168 ssh2
Oct 14 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Received disconnect from 192.40.58.3 port 59168:11: Bye Bye [preauth]
Oct 14 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Disconnected from 192.40.58.3 port 59168 [preauth]
Oct 14 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29221]: Successful su for rubyman by root
Oct 14 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29221]: + ??? root:rubyman
Oct 14 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409698 of user rubyman.
Oct 14 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29221]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409698.
Oct 14 06:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29120]: pam_unix(cron:session): session closed for user root
Oct 14 06:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24844]: pam_unix(cron:session): session closed for user root
Oct 14 06:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: Connection closed by 84.128.93.220 port 34278 [preauth]
Oct 14 06:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29119]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: Invalid user valerie from 157.97.107.143
Oct 14 06:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: input_userauth_request: invalid user valerie [preauth]
Oct 14 06:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: Failed password for invalid user valerie from 157.97.107.143 port 38270 ssh2
Oct 14 06:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: Received disconnect from 157.97.107.143 port 38270:11: Bye Bye [preauth]
Oct 14 06:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: Disconnected from 157.97.107.143 port 38270 [preauth]
Oct 14 06:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29542]: Invalid user hduser from 193.32.162.151
Oct 14 06:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29542]: input_userauth_request: invalid user hduser [preauth]
Oct 14 06:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29542]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 14 06:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29542]: Failed password for invalid user hduser from 193.32.162.151 port 34050 ssh2
Oct 14 06:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29487]: Connection closed by 84.128.93.220 port 36443 [preauth]
Oct 14 06:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29542]: Connection closed by 193.32.162.151 port 34050 [preauth]
Oct 14 06:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29547]: Invalid user www from 196.251.84.92
Oct 14 06:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29547]: input_userauth_request: invalid user www [preauth]
Oct 14 06:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29547]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29547]: Failed password for invalid user www from 196.251.84.92 port 36926 ssh2
Oct 14 06:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29547]: Connection closed by 196.251.84.92 port 36926 [preauth]
Oct 14 06:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5  user=root
Oct 14 06:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27502]: pam_unix(cron:session): session closed for user root
Oct 14 06:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29576]: Failed password for root from 14.241.254.5 port 32744 ssh2
Oct 14 06:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29576]: Received disconnect from 14.241.254.5 port 32744:11: Bye Bye [preauth]
Oct 14 06:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29576]: Disconnected from 14.241.254.5 port 32744 [preauth]
Oct 14 06:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: Invalid user xiangyu from 157.66.34.56
Oct 14 06:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: input_userauth_request: invalid user xiangyu [preauth]
Oct 14 06:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 06:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29549]: Connection closed by 84.128.93.220 port 38048 [preauth]
Oct 14 06:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: Failed password for invalid user xiangyu from 157.66.34.56 port 55188 ssh2
Oct 14 06:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: Received disconnect from 157.66.34.56 port 55188:11: Bye Bye [preauth]
Oct 14 06:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: Disconnected from 157.66.34.56 port 55188 [preauth]
Oct 14 06:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29631]: Did not receive identification string from 84.128.93.220
Oct 14 06:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29683]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29684]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29681]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29772]: Successful su for rubyman by root
Oct 14 06:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29772]: + ??? root:rubyman
Oct 14 06:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409703 of user rubyman.
Oct 14 06:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29772]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409703.
Oct 14 06:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29669]: Connection closed by 84.128.93.220 port 41076 [preauth]
Oct 14 06:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25575]: pam_unix(cron:session): session closed for user root
Oct 14 06:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29682]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29974]: Connection closed by 84.128.93.220 port 42453 [preauth]
Oct 14 06:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30069]: Invalid user centos from 196.251.84.140
Oct 14 06:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30069]: input_userauth_request: invalid user centos [preauth]
Oct 14 06:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30069]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30069]: Failed password for invalid user centos from 196.251.84.140 port 40790 ssh2
Oct 14 06:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30069]: Connection closed by 196.251.84.140 port 40790 [preauth]
Oct 14 06:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143  user=root
Oct 14 06:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: Did not receive identification string from 84.128.93.220
Oct 14 06:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28278]: pam_unix(cron:session): session closed for user root
Oct 14 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: Failed password for root from 157.97.107.143 port 40988 ssh2
Oct 14 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: Received disconnect from 157.97.107.143 port 40988:11: Bye Bye [preauth]
Oct 14 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: Disconnected from 157.97.107.143 port 40988 [preauth]
Oct 14 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30132]: Invalid user raju from 192.40.58.3
Oct 14 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30132]: input_userauth_request: invalid user raju [preauth]
Oct 14 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30132]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 06:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30132]: Failed password for invalid user raju from 192.40.58.3 port 37528 ssh2
Oct 14 06:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30132]: Received disconnect from 192.40.58.3 port 37528:11: Bye Bye [preauth]
Oct 14 06:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30132]: Disconnected from 192.40.58.3 port 37528 [preauth]
Oct 14 06:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: Connection closed by 84.128.93.220 port 35300 [preauth]
Oct 14 06:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: Invalid user test1 from 196.251.84.92
Oct 14 06:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: input_userauth_request: invalid user test1 [preauth]
Oct 14 06:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: Failed password for invalid user test1 from 196.251.84.92 port 55098 ssh2
Oct 14 06:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: Connection closed by 196.251.84.92 port 55098 [preauth]
Oct 14 06:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Did not receive identification string from 84.128.93.220
Oct 14 06:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30228]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30226]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30223]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30307]: Successful su for rubyman by root
Oct 14 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30307]: + ??? root:rubyman
Oct 14 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409705 of user rubyman.
Oct 14 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30307]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409705.
Oct 14 06:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30220]: Connection closed by 84.128.93.220 port 37717 [preauth]
Oct 14 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26173]: pam_unix(cron:session): session closed for user root
Oct 14 06:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: Invalid user ronny from 14.241.254.5
Oct 14 06:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: input_userauth_request: invalid user ronny [preauth]
Oct 14 06:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 06:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30225]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: Failed password for invalid user ronny from 14.241.254.5 port 57782 ssh2
Oct 14 06:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: Received disconnect from 14.241.254.5 port 57782:11: Bye Bye [preauth]
Oct 14 06:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: Disconnected from 14.241.254.5 port 57782 [preauth]
Oct 14 06:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: Connection closed by 84.128.93.220 port 39513 [preauth]
Oct 14 06:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30744]: Invalid user ark from 157.66.34.56
Oct 14 06:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30744]: input_userauth_request: invalid user ark [preauth]
Oct 14 06:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30744]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 06:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29122]: pam_unix(cron:session): session closed for user root
Oct 14 06:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30744]: Failed password for invalid user ark from 157.66.34.56 port 47158 ssh2
Oct 14 06:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30744]: Received disconnect from 157.66.34.56 port 47158:11: Bye Bye [preauth]
Oct 14 06:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30744]: Disconnected from 157.66.34.56 port 47158 [preauth]
Oct 14 06:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30723]: Connection closed by 84.128.93.220 port 41797 [preauth]
Oct 14 06:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30795]: Invalid user sham from 157.97.107.143
Oct 14 06:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30795]: input_userauth_request: invalid user sham [preauth]
Oct 14 06:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30795]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30795]: Failed password for invalid user sham from 157.97.107.143 port 46796 ssh2
Oct 14 06:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30795]: Received disconnect from 157.97.107.143 port 46796:11: Bye Bye [preauth]
Oct 14 06:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30795]: Disconnected from 157.97.107.143 port 46796 [preauth]
Oct 14 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30824]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30823]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30818]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30895]: Successful su for rubyman by root
Oct 14 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30895]: + ??? root:rubyman
Oct 14 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409709 of user rubyman.
Oct 14 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30895]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409709.
Oct 14 06:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: Connection closed by 84.128.93.220 port 33584 [preauth]
Oct 14 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26805]: pam_unix(cron:session): session closed for user root
Oct 14 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: Invalid user gogs from 192.40.58.3
Oct 14 06:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: input_userauth_request: invalid user gogs [preauth]
Oct 14 06:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 06:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: Failed password for invalid user gogs from 192.40.58.3 port 44298 ssh2
Oct 14 06:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: Received disconnect from 192.40.58.3 port 44298:11: Bye Bye [preauth]
Oct 14 06:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: Disconnected from 192.40.58.3 port 44298 [preauth]
Oct 14 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30821]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31181]: Invalid user test1 from 196.251.84.92
Oct 14 06:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31181]: input_userauth_request: invalid user test1 [preauth]
Oct 14 06:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: Connection closed by 84.128.93.220 port 35653 [preauth]
Oct 14 06:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31181]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31181]: Failed password for invalid user test1 from 196.251.84.92 port 44776 ssh2
Oct 14 06:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31181]: Connection closed by 196.251.84.92 port 44776 [preauth]
Oct 14 06:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29684]: pam_unix(cron:session): session closed for user root
Oct 14 06:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31184]: Connection closed by 84.128.93.220 port 36940 [preauth]
Oct 14 06:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: Invalid user hong from 14.241.254.5
Oct 14 06:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: input_userauth_request: invalid user hong [preauth]
Oct 14 06:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 06:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: Failed password for invalid user hong from 14.241.254.5 port 50310 ssh2
Oct 14 06:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: Received disconnect from 14.241.254.5 port 50310:11: Bye Bye [preauth]
Oct 14 06:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: Disconnected from 14.241.254.5 port 50310 [preauth]
Oct 14 06:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31256]: Connection closed by 84.128.93.220 port 39083 [preauth]
Oct 14 06:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31325]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31324]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31314]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31321]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31665]: Successful su for rubyman by root
Oct 14 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31665]: + ??? root:rubyman
Oct 14 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31665]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409715 of user rubyman.
Oct 14 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31665]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409715.
Oct 14 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: User mysql from 157.97.107.143 not allowed because not listed in AllowUsers
Oct 14 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: input_userauth_request: invalid user mysql [preauth]
Oct 14 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143  user=mysql
Oct 14 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31314]: pam_unix(cron:session): session closed for user root
Oct 14 06:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: Failed password for invalid user mysql from 157.97.107.143 port 50060 ssh2
Oct 14 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: Received disconnect from 157.97.107.143 port 50060:11: Bye Bye [preauth]
Oct 14 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31661]: Disconnected from 157.97.107.143 port 50060 [preauth]
Oct 14 06:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27501]: pam_unix(cron:session): session closed for user root
Oct 14 06:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31312]: Connection closed by 84.128.93.220 port 41193 [preauth]
Oct 14 06:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31323]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Connection closed by 84.128.93.220 port 42521 [preauth]
Oct 14 06:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56  user=root
Oct 14 06:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31934]: Failed password for root from 157.66.34.56 port 38854 ssh2
Oct 14 06:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31934]: Received disconnect from 157.66.34.56 port 38854:11: Bye Bye [preauth]
Oct 14 06:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31934]: Disconnected from 157.66.34.56 port 38854 [preauth]
Oct 14 06:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30228]: pam_unix(cron:session): session closed for user root
Oct 14 06:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31926]: Did not receive identification string from 84.128.93.220
Oct 14 06:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31993]: Invalid user centos from 196.251.84.140
Oct 14 06:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31993]: input_userauth_request: invalid user centos [preauth]
Oct 14 06:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31993]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31993]: Failed password for invalid user centos from 196.251.84.140 port 33756 ssh2
Oct 14 06:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31993]: Connection closed by 196.251.84.140 port 33756 [preauth]
Oct 14 06:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3  user=root
Oct 14 06:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Invalid user test1 from 196.251.84.92
Oct 14 06:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: input_userauth_request: invalid user test1 [preauth]
Oct 14 06:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32028]: Failed password for root from 192.40.58.3 port 54640 ssh2
Oct 14 06:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32028]: Received disconnect from 192.40.58.3 port 54640:11: Bye Bye [preauth]
Oct 14 06:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32028]: Disconnected from 192.40.58.3 port 54640 [preauth]
Oct 14 06:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Failed password for invalid user test1 from 196.251.84.92 port 34322 ssh2
Oct 14 06:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Connection closed by 196.251.84.92 port 34322 [preauth]
Oct 14 06:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32006]: Connection closed by 84.128.93.220 port 35761 [preauth]
Oct 14 06:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32076]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32075]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32074]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32077]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32077]: pam_unix(cron:session): session closed for user root
Oct 14 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32072]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32241]: Successful su for rubyman by root
Oct 14 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32241]: + ??? root:rubyman
Oct 14 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409717 of user rubyman.
Oct 14 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32241]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409717.
Oct 14 06:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32074]: pam_unix(cron:session): session closed for user root
Oct 14 06:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Connection closed by 84.128.93.220 port 37070 [preauth]
Oct 14 06:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28277]: pam_unix(cron:session): session closed for user root
Oct 14 06:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143  user=root
Oct 14 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32073]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32486]: Failed password for root from 157.97.107.143 port 41644 ssh2
Oct 14 06:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32486]: Received disconnect from 157.97.107.143 port 41644:11: Bye Bye [preauth]
Oct 14 06:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32486]: Disconnected from 157.97.107.143 port 41644 [preauth]
Oct 14 06:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32382]: Connection closed by 84.128.93.220 port 38727 [preauth]
Oct 14 06:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.80  user=root
Oct 14 06:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32522]: Failed password for root from 207.46.224.80 port 40896 ssh2
Oct 14 06:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32522]: Connection closed by 207.46.224.80 port 40896 [preauth]
Oct 14 06:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30824]: pam_unix(cron:session): session closed for user root
Oct 14 06:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: Invalid user bitcoin from 14.241.254.5
Oct 14 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: input_userauth_request: invalid user bitcoin [preauth]
Oct 14 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 06:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: Failed password for invalid user bitcoin from 14.241.254.5 port 29636 ssh2
Oct 14 06:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: Received disconnect from 14.241.254.5 port 29636:11: Bye Bye [preauth]
Oct 14 06:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32582]: Disconnected from 14.241.254.5 port 29636 [preauth]
Oct 14 06:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32527]: Connection closed by 84.128.93.220 port 40964 [preauth]
Oct 14 06:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: Did not receive identification string from 84.128.93.220
Oct 14 06:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32652]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32651]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32647]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32747]: Successful su for rubyman by root
Oct 14 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32747]: + ??? root:rubyman
Oct 14 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409723 of user rubyman.
Oct 14 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32747]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409723.
Oct 14 06:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32645]: Connection closed by 84.128.93.220 port 34252 [preauth]
Oct 14 06:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29121]: pam_unix(cron:session): session closed for user root
Oct 14 06:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: Invalid user test1 from 196.251.84.92
Oct 14 06:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: input_userauth_request: invalid user test1 [preauth]
Oct 14 06:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32648]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: Failed password for invalid user test1 from 196.251.84.92 port 51974 ssh2
Oct 14 06:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: Connection closed by 196.251.84.92 port 51974 [preauth]
Oct 14 06:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[546]: Invalid user zabbix from 157.66.34.56
Oct 14 06:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[546]: input_userauth_request: invalid user zabbix [preauth]
Oct 14 06:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[546]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 06:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[460]: Connection closed by 84.128.93.220 port 35503 [preauth]
Oct 14 06:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[546]: Failed password for invalid user zabbix from 157.66.34.56 port 50082 ssh2
Oct 14 06:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[546]: Received disconnect from 157.66.34.56 port 50082:11: Bye Bye [preauth]
Oct 14 06:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[546]: Disconnected from 157.66.34.56 port 50082 [preauth]
Oct 14 06:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: Invalid user bill from 192.40.58.3
Oct 14 06:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: input_userauth_request: invalid user bill [preauth]
Oct 14 06:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 06:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: Failed password for invalid user bill from 192.40.58.3 port 50450 ssh2
Oct 14 06:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: Received disconnect from 192.40.58.3 port 50450:11: Bye Bye [preauth]
Oct 14 06:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: Disconnected from 192.40.58.3 port 50450 [preauth]
Oct 14 06:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[587]: Invalid user ansible from 20.163.71.109
Oct 14 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[587]: input_userauth_request: invalid user ansible [preauth]
Oct 14 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[587]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 06:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[587]: Failed password for invalid user ansible from 20.163.71.109 port 51838 ssh2
Oct 14 06:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[587]: Connection closed by 20.163.71.109 port 51838 [preauth]
Oct 14 06:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Invalid user georg from 157.97.107.143
Oct 14 06:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: input_userauth_request: invalid user georg [preauth]
Oct 14 06:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Failed password for invalid user georg from 157.97.107.143 port 35992 ssh2
Oct 14 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Received disconnect from 157.97.107.143 port 35992:11: Bye Bye [preauth]
Oct 14 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Disconnected from 157.97.107.143 port 35992 [preauth]
Oct 14 06:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[563]: Connection closed by 84.128.93.220 port 37459 [preauth]
Oct 14 06:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31325]: pam_unix(cron:session): session closed for user root
Oct 14 06:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: Connection closed by 84.128.93.220 port 38989 [preauth]
Oct 14 06:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[688]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[689]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[684]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[759]: Successful su for rubyman by root
Oct 14 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[759]: + ??? root:rubyman
Oct 14 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409728 of user rubyman.
Oct 14 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[759]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409728.
Oct 14 06:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29683]: pam_unix(cron:session): session closed for user root
Oct 14 06:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: Connection closed by 84.128.93.220 port 40790 [preauth]
Oct 14 06:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[686]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1073]: Invalid user kafka from 84.128.93.220
Oct 14 06:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1073]: input_userauth_request: invalid user kafka [preauth]
Oct 14 06:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: Invalid user user from 14.241.254.5
Oct 14 06:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: input_userauth_request: invalid user user [preauth]
Oct 14 06:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 06:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1141]: Invalid user ts1 from 124.193.81.23
Oct 14 06:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1141]: input_userauth_request: invalid user ts1 [preauth]
Oct 14 06:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1141]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.193.81.23
Oct 14 06:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: Failed password for invalid user user from 14.241.254.5 port 22676 ssh2
Oct 14 06:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: Received disconnect from 14.241.254.5 port 22676:11: Bye Bye [preauth]
Oct 14 06:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: Disconnected from 14.241.254.5 port 22676 [preauth]
Oct 14 06:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1141]: Failed password for invalid user ts1 from 124.193.81.23 port 44204 ssh2
Oct 14 06:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1141]: Received disconnect from 124.193.81.23 port 44204:11: Bye Bye [preauth]
Oct 14 06:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1141]: Disconnected from 124.193.81.23 port 44204 [preauth]
Oct 14 06:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1162]: Invalid user dbuser from 193.32.162.151
Oct 14 06:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1162]: input_userauth_request: invalid user dbuser [preauth]
Oct 14 06:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1162]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 14 06:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1162]: Failed password for invalid user dbuser from 193.32.162.151 port 54288 ssh2
Oct 14 06:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1162]: Connection closed by 193.32.162.151 port 54288 [preauth]
Oct 14 06:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1073]: Connection closed by 84.128.93.220 port 32956 [preauth]
Oct 14 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32076]: pam_unix(cron:session): session closed for user root
Oct 14 06:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1218]: Invalid user test1 from 196.251.84.92
Oct 14 06:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1218]: input_userauth_request: invalid user test1 [preauth]
Oct 14 06:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1218]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1218]: Failed password for invalid user test1 from 196.251.84.92 port 41282 ssh2
Oct 14 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1218]: Connection closed by 196.251.84.92 port 41282 [preauth]
Oct 14 06:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143  user=root
Oct 14 06:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Invalid user centos from 196.251.84.140
Oct 14 06:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: input_userauth_request: invalid user centos [preauth]
Oct 14 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1261]: Failed password for root from 157.97.107.143 port 37760 ssh2
Oct 14 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1261]: Received disconnect from 157.97.107.143 port 37760:11: Bye Bye [preauth]
Oct 14 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1261]: Disconnected from 157.97.107.143 port 37760 [preauth]
Oct 14 06:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Failed password for invalid user centos from 196.251.84.140 port 33972 ssh2
Oct 14 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Connection closed by 196.251.84.140 port 33972 [preauth]
Oct 14 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1271]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1273]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1270]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1269]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1269]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1358]: Successful su for rubyman by root
Oct 14 06:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1358]: + ??? root:rubyman
Oct 14 06:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409733 of user rubyman.
Oct 14 06:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1358]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409733.
Oct 14 06:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3  user=root
Oct 14 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: Failed password for root from 192.40.58.3 port 37156 ssh2
Oct 14 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: Received disconnect from 192.40.58.3 port 37156:11: Bye Bye [preauth]
Oct 14 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: Disconnected from 192.40.58.3 port 37156 [preauth]
Oct 14 06:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30226]: pam_unix(cron:session): session closed for user root
Oct 14 06:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: Invalid user pagano from 157.66.34.56
Oct 14 06:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: input_userauth_request: invalid user pagano [preauth]
Oct 14 06:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 06:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: Failed password for invalid user pagano from 157.66.34.56 port 57378 ssh2
Oct 14 06:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: Received disconnect from 157.66.34.56 port 57378:11: Bye Bye [preauth]
Oct 14 06:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: Disconnected from 157.66.34.56 port 57378 [preauth]
Oct 14 06:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1270]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32652]: pam_unix(cron:session): session closed for user root
Oct 14 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1781]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1780]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1777]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1848]: Successful su for rubyman by root
Oct 14 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1848]: + ??? root:rubyman
Oct 14 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409735 of user rubyman.
Oct 14 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1848]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409735.
Oct 14 06:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30823]: pam_unix(cron:session): session closed for user root
Oct 14 06:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2121]: Invalid user test1 from 196.251.84.92
Oct 14 06:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2121]: input_userauth_request: invalid user test1 [preauth]
Oct 14 06:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2121]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2121]: Failed password for invalid user test1 from 196.251.84.92 port 58638 ssh2
Oct 14 06:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2121]: Connection closed by 196.251.84.92 port 58638 [preauth]
Oct 14 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143  user=root
Oct 14 06:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5  user=root
Oct 14 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: Failed password for root from 157.97.107.143 port 57922 ssh2
Oct 14 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: Received disconnect from 157.97.107.143 port 57922:11: Bye Bye [preauth]
Oct 14 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: Disconnected from 157.97.107.143 port 57922 [preauth]
Oct 14 06:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1778]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Failed password for root from 14.241.254.5 port 19154 ssh2
Oct 14 06:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Received disconnect from 14.241.254.5 port 19154:11: Bye Bye [preauth]
Oct 14 06:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Disconnected from 14.241.254.5 port 19154 [preauth]
Oct 14 06:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.80  user=root
Oct 14 06:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2204]: Failed password for root from 207.46.224.80 port 40896 ssh2
Oct 14 06:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2204]: Connection closed by 207.46.224.80 port 40896 [preauth]
Oct 14 06:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: Did not receive identification string from 80.211.129.128
Oct 14 06:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[689]: pam_unix(cron:session): session closed for user root
Oct 14 06:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Invalid user hong from 192.40.58.3
Oct 14 06:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: input_userauth_request: invalid user hong [preauth]
Oct 14 06:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 06:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Failed password for invalid user hong from 192.40.58.3 port 41952 ssh2
Oct 14 06:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Received disconnect from 192.40.58.3 port 41952:11: Bye Bye [preauth]
Oct 14 06:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Disconnected from 192.40.58.3 port 41952 [preauth]
Oct 14 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2348]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2345]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2347]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2346]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2348]: pam_unix(cron:session): session closed for user root
Oct 14 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2343]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2419]: Successful su for rubyman by root
Oct 14 06:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2419]: + ??? root:rubyman
Oct 14 06:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2419]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409743 of user rubyman.
Oct 14 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[2419]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409743.
Oct 14 06:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56  user=root
Oct 14 06:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2475]: Failed password for root from 157.66.34.56 port 42274 ssh2
Oct 14 06:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2475]: Received disconnect from 157.66.34.56 port 42274:11: Bye Bye [preauth]
Oct 14 06:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2475]: Disconnected from 157.66.34.56 port 42274 [preauth]
Oct 14 06:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2345]: pam_unix(cron:session): session closed for user root
Oct 14 06:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31324]: pam_unix(cron:session): session closed for user root
Oct 14 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2344]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: Invalid user user from 157.97.107.143
Oct 14 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: input_userauth_request: invalid user user [preauth]
Oct 14 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: Invalid user test1 from 196.251.84.92
Oct 14 06:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: input_userauth_request: invalid user test1 [preauth]
Oct 14 06:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: Failed password for invalid user user from 157.97.107.143 port 45764 ssh2
Oct 14 06:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: Received disconnect from 157.97.107.143 port 45764:11: Bye Bye [preauth]
Oct 14 06:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: Disconnected from 157.97.107.143 port 45764 [preauth]
Oct 14 06:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: Failed password for invalid user test1 from 196.251.84.92 port 48038 ssh2
Oct 14 06:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2737]: Connection closed by 196.251.84.92 port 48038 [preauth]
Oct 14 06:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1273]: pam_unix(cron:session): session closed for user root
Oct 14 06:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: Invalid user gogs from 14.241.254.5
Oct 14 06:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: input_userauth_request: invalid user gogs [preauth]
Oct 14 06:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2835]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2834]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2832]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: Failed password for invalid user gogs from 14.241.254.5 port 60578 ssh2
Oct 14 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: Received disconnect from 14.241.254.5 port 60578:11: Bye Bye [preauth]
Oct 14 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2826]: Disconnected from 14.241.254.5 port 60578 [preauth]
Oct 14 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2923]: Successful su for rubyman by root
Oct 14 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2923]: + ??? root:rubyman
Oct 14 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409745 of user rubyman.
Oct 14 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2923]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409745.
Oct 14 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Invalid user centos from 196.251.84.140
Oct 14 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: input_userauth_request: invalid user centos [preauth]
Oct 14 06:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Failed password for invalid user centos from 196.251.84.140 port 56104 ssh2
Oct 14 06:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Connection closed by 196.251.84.140 port 56104 [preauth]
Oct 14 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32075]: pam_unix(cron:session): session closed for user root
Oct 14 06:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: Invalid user str from 192.40.58.3
Oct 14 06:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: input_userauth_request: invalid user str [preauth]
Oct 14 06:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 06:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: Failed password for invalid user str from 192.40.58.3 port 48900 ssh2
Oct 14 06:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: Received disconnect from 192.40.58.3 port 48900:11: Bye Bye [preauth]
Oct 14 06:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3121]: Disconnected from 192.40.58.3 port 48900 [preauth]
Oct 14 06:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2833]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1781]: pam_unix(cron:session): session closed for user root
Oct 14 06:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: Invalid user ronny from 157.97.107.143
Oct 14 06:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: input_userauth_request: invalid user ronny [preauth]
Oct 14 06:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: Failed password for invalid user ronny from 157.97.107.143 port 34488 ssh2
Oct 14 06:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: Received disconnect from 157.97.107.143 port 34488:11: Bye Bye [preauth]
Oct 14 06:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3274]: Disconnected from 157.97.107.143 port 34488 [preauth]
Oct 14 06:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Invalid user erp from 157.66.34.56
Oct 14 06:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: input_userauth_request: invalid user erp [preauth]
Oct 14 06:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 06:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Invalid user test1 from 196.251.84.92
Oct 14 06:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: input_userauth_request: invalid user test1 [preauth]
Oct 14 06:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Failed password for invalid user erp from 157.66.34.56 port 33074 ssh2
Oct 14 06:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Received disconnect from 157.66.34.56 port 33074:11: Bye Bye [preauth]
Oct 14 06:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Disconnected from 157.66.34.56 port 33074 [preauth]
Oct 14 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3316]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3314]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Failed password for invalid user test1 from 196.251.84.92 port 37078 ssh2
Oct 14 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3311]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Connection closed by 196.251.84.92 port 37078 [preauth]
Oct 14 06:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3392]: Successful su for rubyman by root
Oct 14 06:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3392]: + ??? root:rubyman
Oct 14 06:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409749 of user rubyman.
Oct 14 06:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3392]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409749.
Oct 14 06:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32651]: pam_unix(cron:session): session closed for user root
Oct 14 06:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3313]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2347]: pam_unix(cron:session): session closed for user root
Oct 14 06:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3706]: Invalid user str from 14.241.254.5
Oct 14 06:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3706]: input_userauth_request: invalid user str [preauth]
Oct 14 06:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3706]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 06:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3706]: Failed password for invalid user str from 14.241.254.5 port 56288 ssh2
Oct 14 06:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3706]: Received disconnect from 14.241.254.5 port 56288:11: Bye Bye [preauth]
Oct 14 06:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3706]: Disconnected from 14.241.254.5 port 56288 [preauth]
Oct 14 06:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3  user=root
Oct 14 06:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3747]: Failed password for root from 192.40.58.3 port 46854 ssh2
Oct 14 06:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3747]: Received disconnect from 192.40.58.3 port 46854:11: Bye Bye [preauth]
Oct 14 06:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3747]: Disconnected from 192.40.58.3 port 46854 [preauth]
Oct 14 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3771]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3772]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3770]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3769]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3769]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3841]: Successful su for rubyman by root
Oct 14 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3841]: + ??? root:rubyman
Oct 14 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409755 of user rubyman.
Oct 14 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3841]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409755.
Oct 14 06:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[688]: pam_unix(cron:session): session closed for user root
Oct 14 06:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Invalid user deploy from 157.97.107.143
Oct 14 06:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: input_userauth_request: invalid user deploy [preauth]
Oct 14 06:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Failed password for invalid user deploy from 157.97.107.143 port 43694 ssh2
Oct 14 06:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Received disconnect from 157.97.107.143 port 43694:11: Bye Bye [preauth]
Oct 14 06:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Disconnected from 157.97.107.143 port 43694 [preauth]
Oct 14 06:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3770]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.80  user=root
Oct 14 06:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: Failed password for root from 207.46.224.80 port 40896 ssh2
Oct 14 06:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: Connection closed by 207.46.224.80 port 40896 [preauth]
Oct 14 06:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: Invalid user test1 from 196.251.84.92
Oct 14 06:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: input_userauth_request: invalid user test1 [preauth]
Oct 14 06:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: Failed password for invalid user test1 from 196.251.84.92 port 54270 ssh2
Oct 14 06:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: Connection closed by 196.251.84.92 port 54270 [preauth]
Oct 14 06:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2835]: pam_unix(cron:session): session closed for user root
Oct 14 06:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: Invalid user vagrant from 157.66.34.56
Oct 14 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: input_userauth_request: invalid user vagrant [preauth]
Oct 14 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 06:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: Failed password for invalid user vagrant from 157.66.34.56 port 52180 ssh2
Oct 14 06:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: Received disconnect from 157.66.34.56 port 52180:11: Bye Bye [preauth]
Oct 14 06:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: Disconnected from 157.66.34.56 port 52180 [preauth]
Oct 14 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4295]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4294]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4292]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4357]: Successful su for rubyman by root
Oct 14 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4357]: + ??? root:rubyman
Oct 14 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409757 of user rubyman.
Oct 14 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4357]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409757.
Oct 14 06:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1271]: pam_unix(cron:session): session closed for user root
Oct 14 06:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4293]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4581]: Invalid user centos from 196.251.84.140
Oct 14 06:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4581]: input_userauth_request: invalid user centos [preauth]
Oct 14 06:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4581]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4581]: Failed password for invalid user centos from 196.251.84.140 port 55784 ssh2
Oct 14 06:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4581]: Connection closed by 196.251.84.140 port 55784 [preauth]
Oct 14 06:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: Invalid user roo from 157.97.107.143
Oct 14 06:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: input_userauth_request: invalid user roo [preauth]
Oct 14 06:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: Failed password for invalid user roo from 157.97.107.143 port 48588 ssh2
Oct 14 06:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: Received disconnect from 157.97.107.143 port 48588:11: Bye Bye [preauth]
Oct 14 06:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4685]: Disconnected from 157.97.107.143 port 48588 [preauth]
Oct 14 06:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Invalid user sahil from 14.241.254.5
Oct 14 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: input_userauth_request: invalid user sahil [preauth]
Oct 14 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 06:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Failed password for invalid user sahil from 14.241.254.5 port 16816 ssh2
Oct 14 06:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Received disconnect from 14.241.254.5 port 16816:11: Bye Bye [preauth]
Oct 14 06:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Disconnected from 14.241.254.5 port 16816 [preauth]
Oct 14 06:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: User mysql from 192.40.58.3 not allowed because not listed in AllowUsers
Oct 14 06:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: input_userauth_request: invalid user mysql [preauth]
Oct 14 06:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3  user=mysql
Oct 14 06:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: Failed password for invalid user mysql from 192.40.58.3 port 50554 ssh2
Oct 14 06:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: Received disconnect from 192.40.58.3 port 50554:11: Bye Bye [preauth]
Oct 14 06:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: Disconnected from 192.40.58.3 port 50554 [preauth]
Oct 14 06:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3316]: pam_unix(cron:session): session closed for user root
Oct 14 06:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: Invalid user test1 from 196.251.84.92
Oct 14 06:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: input_userauth_request: invalid user test1 [preauth]
Oct 14 06:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: Failed password for invalid user test1 from 196.251.84.92 port 43134 ssh2
Oct 14 06:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4781]: Connection closed by 196.251.84.92 port 43134 [preauth]
Oct 14 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4801]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4802]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4800]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4798]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4802]: pam_unix(cron:session): session closed for user root
Oct 14 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4793]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4877]: Successful su for rubyman by root
Oct 14 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4877]: + ??? root:rubyman
Oct 14 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409761 of user rubyman.
Oct 14 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4877]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409761.
Oct 14 06:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4798]: pam_unix(cron:session): session closed for user root
Oct 14 06:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1780]: pam_unix(cron:session): session closed for user root
Oct 14 06:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4794]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3772]: pam_unix(cron:session): session closed for user root
Oct 14 06:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Invalid user gogs from 157.97.107.143
Oct 14 06:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: input_userauth_request: invalid user gogs [preauth]
Oct 14 06:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Failed password for invalid user gogs from 157.97.107.143 port 54546 ssh2
Oct 14 06:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Received disconnect from 157.97.107.143 port 54546:11: Bye Bye [preauth]
Oct 14 06:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Disconnected from 157.97.107.143 port 54546 [preauth]
Oct 14 06:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: Invalid user jrodriguez from 157.66.34.56
Oct 14 06:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: input_userauth_request: invalid user jrodriguez [preauth]
Oct 14 06:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 06:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: Failed password for invalid user jrodriguez from 157.66.34.56 port 42350 ssh2
Oct 14 06:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: Received disconnect from 157.66.34.56 port 42350:11: Bye Bye [preauth]
Oct 14 06:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: Disconnected from 157.66.34.56 port 42350 [preauth]
Oct 14 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5803]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5802]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5800]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5891]: Successful su for rubyman by root
Oct 14 06:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5891]: + ??? root:rubyman
Oct 14 06:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409767 of user rubyman.
Oct 14 06:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5891]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409767.
Oct 14 06:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2346]: pam_unix(cron:session): session closed for user root
Oct 14 06:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: Invalid user ts1 from 192.40.58.3
Oct 14 06:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: input_userauth_request: invalid user ts1 [preauth]
Oct 14 06:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 06:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: Failed password for invalid user ts1 from 192.40.58.3 port 42540 ssh2
Oct 14 06:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: Received disconnect from 192.40.58.3 port 42540:11: Bye Bye [preauth]
Oct 14 06:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: Disconnected from 192.40.58.3 port 42540 [preauth]
Oct 14 06:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5801]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5  user=root
Oct 14 06:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: Failed password for root from 14.241.254.5 port 28398 ssh2
Oct 14 06:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: Received disconnect from 14.241.254.5 port 28398:11: Bye Bye [preauth]
Oct 14 06:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: Disconnected from 14.241.254.5 port 28398 [preauth]
Oct 14 06:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6140]: Invalid user test1 from 196.251.84.92
Oct 14 06:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6140]: input_userauth_request: invalid user test1 [preauth]
Oct 14 06:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6140]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6140]: Failed password for invalid user test1 from 196.251.84.92 port 60198 ssh2
Oct 14 06:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6140]: Connection closed by 196.251.84.92 port 60198 [preauth]
Oct 14 06:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4295]: pam_unix(cron:session): session closed for user root
Oct 14 06:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181  user=root
Oct 14 06:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: Failed password for root from 217.154.38.181 port 57474 ssh2
Oct 14 06:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: Received disconnect from 217.154.38.181 port 57474:11: Bye Bye [preauth]
Oct 14 06:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: Disconnected from 217.154.38.181 port 57474 [preauth]
Oct 14 06:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143  user=root
Oct 14 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6273]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6271]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: Failed password for root from 157.97.107.143 port 47388 ssh2
Oct 14 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: Received disconnect from 157.97.107.143 port 47388:11: Bye Bye [preauth]
Oct 14 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: Disconnected from 157.97.107.143 port 47388 [preauth]
Oct 14 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: Successful su for rubyman by root
Oct 14 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: + ??? root:rubyman
Oct 14 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409773 of user rubyman.
Oct 14 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409773.
Oct 14 06:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2834]: pam_unix(cron:session): session closed for user root
Oct 14 06:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6272]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.80  user=root
Oct 14 06:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Failed password for root from 207.46.224.80 port 40896 ssh2
Oct 14 06:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Connection closed by 207.46.224.80 port 40896 [preauth]
Oct 14 06:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: Invalid user centos from 196.251.84.140
Oct 14 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: input_userauth_request: invalid user centos [preauth]
Oct 14 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: Failed password for invalid user centos from 196.251.84.140 port 53678 ssh2
Oct 14 06:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: Connection closed by 196.251.84.140 port 53678 [preauth]
Oct 14 06:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4801]: pam_unix(cron:session): session closed for user root
Oct 14 06:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: Invalid user cha from 157.66.34.56
Oct 14 06:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: input_userauth_request: invalid user cha [preauth]
Oct 14 06:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 06:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6791]: Invalid user test1 from 196.251.84.92
Oct 14 06:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6791]: input_userauth_request: invalid user test1 [preauth]
Oct 14 06:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: Failed password for invalid user cha from 157.66.34.56 port 38946 ssh2
Oct 14 06:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6791]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: Received disconnect from 157.66.34.56 port 38946:11: Bye Bye [preauth]
Oct 14 06:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: Disconnected from 157.66.34.56 port 38946 [preauth]
Oct 14 06:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6791]: Failed password for invalid user test1 from 196.251.84.92 port 48920 ssh2
Oct 14 06:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6791]: Connection closed by 196.251.84.92 port 48920 [preauth]
Oct 14 06:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: Invalid user toor from 192.40.58.3
Oct 14 06:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: input_userauth_request: invalid user toor [preauth]
Oct 14 06:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 06:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: Failed password for invalid user toor from 192.40.58.3 port 59416 ssh2
Oct 14 06:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: Received disconnect from 192.40.58.3 port 59416:11: Bye Bye [preauth]
Oct 14 06:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: Disconnected from 192.40.58.3 port 59416 [preauth]
Oct 14 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6834]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6835]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6832]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6911]: Successful su for rubyman by root
Oct 14 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6911]: + ??? root:rubyman
Oct 14 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409776 of user rubyman.
Oct 14 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6911]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409776.
Oct 14 06:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: Invalid user devel from 79.116.71.204
Oct 14 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: input_userauth_request: invalid user devel [preauth]
Oct 14 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: Failed password for invalid user devel from 79.116.71.204 port 43984 ssh2
Oct 14 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: Received disconnect from 79.116.71.204 port 43984:11: Bye Bye [preauth]
Oct 14 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6936]: Disconnected from 79.116.71.204 port 43984 [preauth]
Oct 14 06:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7114]: Invalid user valerie from 14.241.254.5
Oct 14 06:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7114]: input_userauth_request: invalid user valerie [preauth]
Oct 14 06:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7114]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 06:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7114]: Failed password for invalid user valerie from 14.241.254.5 port 54460 ssh2
Oct 14 06:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7114]: Received disconnect from 14.241.254.5 port 54460:11: Bye Bye [preauth]
Oct 14 06:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7114]: Disconnected from 14.241.254.5 port 54460 [preauth]
Oct 14 06:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3314]: pam_unix(cron:session): session closed for user root
Oct 14 06:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143  user=root
Oct 14 06:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6833]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: Failed password for root from 157.97.107.143 port 33156 ssh2
Oct 14 06:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: Received disconnect from 157.97.107.143 port 33156:11: Bye Bye [preauth]
Oct 14 06:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: Disconnected from 157.97.107.143 port 33156 [preauth]
Oct 14 06:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5803]: pam_unix(cron:session): session closed for user root
Oct 14 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7414]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7413]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7411]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7485]: Successful su for rubyman by root
Oct 14 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7485]: + ??? root:rubyman
Oct 14 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409782 of user rubyman.
Oct 14 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7485]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409782.
Oct 14 06:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3771]: pam_unix(cron:session): session closed for user root
Oct 14 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7674]: Invalid user test1 from 196.251.84.92
Oct 14 06:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7674]: input_userauth_request: invalid user test1 [preauth]
Oct 14 06:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7674]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7674]: Failed password for invalid user test1 from 196.251.84.92 port 37672 ssh2
Oct 14 06:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7412]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7674]: Connection closed by 196.251.84.92 port 37672 [preauth]
Oct 14 06:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: Invalid user ronny from 192.40.58.3
Oct 14 06:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: input_userauth_request: invalid user ronny [preauth]
Oct 14 06:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 06:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143  user=root
Oct 14 06:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: Failed password for invalid user ronny from 192.40.58.3 port 41850 ssh2
Oct 14 06:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: Received disconnect from 192.40.58.3 port 41850:11: Bye Bye [preauth]
Oct 14 06:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: Disconnected from 192.40.58.3 port 41850 [preauth]
Oct 14 06:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session closed for user root
Oct 14 06:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7781]: Failed password for root from 157.97.107.143 port 50600 ssh2
Oct 14 06:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7781]: Received disconnect from 157.97.107.143 port 50600:11: Bye Bye [preauth]
Oct 14 06:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7781]: Disconnected from 157.97.107.143 port 50600 [preauth]
Oct 14 06:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Invalid user raul from 157.66.34.56
Oct 14 06:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: input_userauth_request: invalid user raul [preauth]
Oct 14 06:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 06:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Failed password for invalid user raul from 157.66.34.56 port 47190 ssh2
Oct 14 06:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Received disconnect from 157.66.34.56 port 47190:11: Bye Bye [preauth]
Oct 14 06:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Disconnected from 157.66.34.56 port 47190 [preauth]
Oct 14 06:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181  user=root
Oct 14 06:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: Failed password for root from 217.154.38.181 port 53922 ssh2
Oct 14 06:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: Received disconnect from 217.154.38.181 port 53922:11: Bye Bye [preauth]
Oct 14 06:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: Disconnected from 217.154.38.181 port 53922 [preauth]
Oct 14 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8316]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8311]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8312]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8315]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8316]: pam_unix(cron:session): session closed for user root
Oct 14 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8309]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8410]: Successful su for rubyman by root
Oct 14 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8410]: + ??? root:rubyman
Oct 14 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8410]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409783 of user rubyman.
Oct 14 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8410]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409783.
Oct 14 06:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: Invalid user syp from 14.241.254.5
Oct 14 06:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: input_userauth_request: invalid user syp [preauth]
Oct 14 06:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 06:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8311]: pam_unix(cron:session): session closed for user root
Oct 14 06:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: Failed password for invalid user syp from 14.241.254.5 port 32396 ssh2
Oct 14 06:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: Received disconnect from 14.241.254.5 port 32396:11: Bye Bye [preauth]
Oct 14 06:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8513]: Disconnected from 14.241.254.5 port 32396 [preauth]
Oct 14 06:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4294]: pam_unix(cron:session): session closed for user root
Oct 14 06:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8310]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6835]: pam_unix(cron:session): session closed for user root
Oct 14 06:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: Invalid user test2 from 196.251.84.92
Oct 14 06:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: input_userauth_request: invalid user test2 [preauth]
Oct 14 06:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: Failed password for invalid user test2 from 196.251.84.92 port 54640 ssh2
Oct 14 06:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: Invalid user adu from 79.116.71.204
Oct 14 06:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: input_userauth_request: invalid user adu [preauth]
Oct 14 06:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 06:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: Connection closed by 196.251.84.92 port 54640 [preauth]
Oct 14 06:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: Failed password for invalid user adu from 79.116.71.204 port 42206 ssh2
Oct 14 06:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: Received disconnect from 79.116.71.204 port 42206:11: Bye Bye [preauth]
Oct 14 06:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8883]: Disconnected from 79.116.71.204 port 42206 [preauth]
Oct 14 06:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: Invalid user test from 196.251.84.140
Oct 14 06:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: input_userauth_request: invalid user test [preauth]
Oct 14 06:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: Failed password for invalid user test from 196.251.84.140 port 48832 ssh2
Oct 14 06:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: Connection closed by 196.251.84.140 port 48832 [preauth]
Oct 14 06:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: Connection closed by 71.6.199.87 port 48690 [preauth]
Oct 14 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: Invalid user bill from 157.97.107.143
Oct 14 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: input_userauth_request: invalid user bill [preauth]
Oct 14 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143
Oct 14 06:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: Failed password for invalid user bill from 157.97.107.143 port 34436 ssh2
Oct 14 06:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: Received disconnect from 157.97.107.143 port 34436:11: Bye Bye [preauth]
Oct 14 06:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: Disconnected from 157.97.107.143 port 34436 [preauth]
Oct 14 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8944]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8945]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8943]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8942]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8942]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9044]: Successful su for rubyman by root
Oct 14 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9044]: + ??? root:rubyman
Oct 14 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9044]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409790 of user rubyman.
Oct 14 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9044]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409790.
Oct 14 06:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3  user=root
Oct 14 06:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.80  user=root
Oct 14 06:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4800]: pam_unix(cron:session): session closed for user root
Oct 14 06:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: Failed password for root from 192.40.58.3 port 55986 ssh2
Oct 14 06:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: Received disconnect from 192.40.58.3 port 55986:11: Bye Bye [preauth]
Oct 14 06:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9313]: Disconnected from 192.40.58.3 port 55986 [preauth]
Oct 14 06:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: Failed password for root from 207.46.224.80 port 40896 ssh2
Oct 14 06:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: Connection closed by 207.46.224.80 port 40896 [preauth]
Oct 14 06:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181  user=root
Oct 14 06:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8943]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: Failed password for root from 217.154.38.181 port 58670 ssh2
Oct 14 06:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: Received disconnect from 217.154.38.181 port 58670:11: Bye Bye [preauth]
Oct 14 06:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: Disconnected from 217.154.38.181 port 58670 [preauth]
Oct 14 06:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Invalid user rasel from 157.66.34.56
Oct 14 06:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: input_userauth_request: invalid user rasel [preauth]
Oct 14 06:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 06:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Failed password for invalid user rasel from 157.66.34.56 port 36296 ssh2
Oct 14 06:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7414]: pam_unix(cron:session): session closed for user root
Oct 14 06:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Received disconnect from 157.66.34.56 port 36296:11: Bye Bye [preauth]
Oct 14 06:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Disconnected from 157.66.34.56 port 36296 [preauth]
Oct 14 06:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5  user=root
Oct 14 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9573]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9572]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9570]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: Failed password for root from 14.241.254.5 port 29386 ssh2
Oct 14 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: Received disconnect from 14.241.254.5 port 29386:11: Bye Bye [preauth]
Oct 14 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: Disconnected from 14.241.254.5 port 29386 [preauth]
Oct 14 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9674]: Successful su for rubyman by root
Oct 14 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9674]: + ??? root:rubyman
Oct 14 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409794 of user rubyman.
Oct 14 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9674]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409794.
Oct 14 06:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Invalid user test3 from 196.251.84.92
Oct 14 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: input_userauth_request: invalid user test3 [preauth]
Oct 14 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Failed password for invalid user test3 from 196.251.84.92 port 43204 ssh2
Oct 14 06:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9830]: Connection closed by 196.251.84.92 port 43204 [preauth]
Oct 14 06:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5802]: pam_unix(cron:session): session closed for user root
Oct 14 06:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143  user=root
Oct 14 06:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: Failed password for root from 157.97.107.143 port 43388 ssh2
Oct 14 06:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: Received disconnect from 157.97.107.143 port 43388:11: Bye Bye [preauth]
Oct 14 06:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: Disconnected from 157.97.107.143 port 43388 [preauth]
Oct 14 06:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9571]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204  user=root
Oct 14 06:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: Failed password for root from 79.116.71.204 port 44010 ssh2
Oct 14 06:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: Received disconnect from 79.116.71.204 port 44010:11: Bye Bye [preauth]
Oct 14 06:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: Disconnected from 79.116.71.204 port 44010 [preauth]
Oct 14 06:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8315]: pam_unix(cron:session): session closed for user root
Oct 14 06:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: Invalid user adu from 217.154.38.181
Oct 14 06:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: input_userauth_request: invalid user adu [preauth]
Oct 14 06:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 06:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: Invalid user ftpuser from 192.40.58.3
Oct 14 06:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 06:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 06:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: Failed password for invalid user adu from 217.154.38.181 port 38126 ssh2
Oct 14 06:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: Received disconnect from 217.154.38.181 port 38126:11: Bye Bye [preauth]
Oct 14 06:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: Disconnected from 217.154.38.181 port 38126 [preauth]
Oct 14 06:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: Failed password for invalid user ftpuser from 192.40.58.3 port 59744 ssh2
Oct 14 06:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: Received disconnect from 192.40.58.3 port 59744:11: Bye Bye [preauth]
Oct 14 06:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: Disconnected from 192.40.58.3 port 59744 [preauth]
Oct 14 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10200]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10201]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10197]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10277]: Successful su for rubyman by root
Oct 14 06:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10277]: + ??? root:rubyman
Oct 14 06:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409798 of user rubyman.
Oct 14 06:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10277]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409798.
Oct 14 06:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6273]: pam_unix(cron:session): session closed for user root
Oct 14 06:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10198]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: Invalid user xr from 157.66.34.56
Oct 14 06:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: input_userauth_request: invalid user xr [preauth]
Oct 14 06:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 06:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: Failed password for invalid user xr from 157.66.34.56 port 42982 ssh2
Oct 14 06:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: Received disconnect from 157.66.34.56 port 42982:11: Bye Bye [preauth]
Oct 14 06:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: Disconnected from 157.66.34.56 port 42982 [preauth]
Oct 14 06:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.97.107.143  user=root
Oct 14 06:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: Invalid user test4 from 196.251.84.92
Oct 14 06:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: input_userauth_request: invalid user test4 [preauth]
Oct 14 06:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: Failed password for root from 157.97.107.143 port 39330 ssh2
Oct 14 06:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: Received disconnect from 157.97.107.143 port 39330:11: Bye Bye [preauth]
Oct 14 06:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10572]: Disconnected from 157.97.107.143 port 39330 [preauth]
Oct 14 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: Failed password for invalid user test4 from 196.251.84.92 port 60008 ssh2
Oct 14 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: Connection closed by 196.251.84.92 port 60008 [preauth]
Oct 14 06:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8945]: pam_unix(cron:session): session closed for user root
Oct 14 06:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204  user=root
Oct 14 06:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: Failed password for root from 79.116.71.204 port 53548 ssh2
Oct 14 06:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: Received disconnect from 79.116.71.204 port 53548:11: Bye Bye [preauth]
Oct 14 06:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: Disconnected from 79.116.71.204 port 53548 [preauth]
Oct 14 06:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5  user=root
Oct 14 06:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10672]: Failed password for root from 14.241.254.5 port 23194 ssh2
Oct 14 06:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10672]: Received disconnect from 14.241.254.5 port 23194:11: Bye Bye [preauth]
Oct 14 06:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10672]: Disconnected from 14.241.254.5 port 23194 [preauth]
Oct 14 06:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10685]: Invalid user test from 196.251.84.140
Oct 14 06:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10685]: input_userauth_request: invalid user test [preauth]
Oct 14 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10685]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10706]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10700]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10698]: pam_unix(cron:session): session closed for user p13x
Oct 14 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10778]: Successful su for rubyman by root
Oct 14 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10778]: + ??? root:rubyman
Oct 14 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409803 of user rubyman.
Oct 14 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10778]: pam_unix(su:session): session closed for user rubyman
Oct 14 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409803.
Oct 14 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10685]: Failed password for invalid user test from 196.251.84.140 port 44518 ssh2
Oct 14 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10685]: Connection closed by 196.251.84.140 port 44518 [preauth]
Oct 14 06:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6834]: pam_unix(cron:session): session closed for user root
Oct 14 06:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181  user=root
Oct 14 06:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Failed password for root from 217.154.38.181 port 59672 ssh2
Oct 14 06:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Received disconnect from 217.154.38.181 port 59672:11: Bye Bye [preauth]
Oct 14 06:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Disconnected from 217.154.38.181 port 59672 [preauth]
Oct 14 06:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10699]: pam_unix(cron:session): session closed for user samftp
Oct 14 06:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3  user=root
Oct 14 06:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11004]: Failed password for root from 192.40.58.3 port 39410 ssh2
Oct 14 06:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11004]: Received disconnect from 192.40.58.3 port 39410:11: Bye Bye [preauth]
Oct 14 06:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11004]: Disconnected from 192.40.58.3 port 39410 [preauth]
Oct 14 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9573]: pam_unix(cron:session): session closed for user root
Oct 14 06:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 06:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11145]: Invalid user testuser from 196.251.84.92
Oct 14 06:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11145]: input_userauth_request: invalid user testuser [preauth]
Oct 14 06:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11145]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 06:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11145]: Failed password for invalid user testuser from 196.251.84.92 port 48308 ssh2
Oct 14 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11145]: Connection closed by 196.251.84.92 port 48308 [preauth]
Oct 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11167]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11166]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11164]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11162]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11165]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11167]: pam_unix(cron:session): session closed for user root
Oct 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11162]: pam_unix(cron:session): session closed for user root
Oct 14 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11160]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11290]: Successful su for rubyman by root
Oct 14 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11290]: + ??? root:rubyman
Oct 14 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409809 of user rubyman.
Oct 14 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11290]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409809.
Oct 14 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Invalid user frappe from 79.116.71.204
Oct 14 07:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: input_userauth_request: invalid user frappe [preauth]
Oct 14 07:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.80  user=root
Oct 14 07:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Failed password for invalid user frappe from 79.116.71.204 port 54208 ssh2
Oct 14 07:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Received disconnect from 79.116.71.204 port 54208:11: Bye Bye [preauth]
Oct 14 07:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Disconnected from 79.116.71.204 port 54208 [preauth]
Oct 14 07:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: Failed password for root from 207.46.224.80 port 40896 ssh2
Oct 14 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: Connection closed by 207.46.224.80 port 40896 [preauth]
Oct 14 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11164]: pam_unix(cron:session): session closed for user root
Oct 14 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7413]: pam_unix(cron:session): session closed for user root
Oct 14 07:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Invalid user paulina from 157.66.34.56
Oct 14 07:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: input_userauth_request: invalid user paulina [preauth]
Oct 14 07:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 07:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Failed password for invalid user paulina from 157.66.34.56 port 51712 ssh2
Oct 14 07:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Received disconnect from 157.66.34.56 port 51712:11: Bye Bye [preauth]
Oct 14 07:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Disconnected from 157.66.34.56 port 51712 [preauth]
Oct 14 07:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11161]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Invalid user andrew from 14.241.254.5
Oct 14 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: input_userauth_request: invalid user andrew [preauth]
Oct 14 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 07:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Failed password for invalid user andrew from 14.241.254.5 port 18392 ssh2
Oct 14 07:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Received disconnect from 14.241.254.5 port 18392:11: Bye Bye [preauth]
Oct 14 07:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Disconnected from 14.241.254.5 port 18392 [preauth]
Oct 14 07:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10201]: pam_unix(cron:session): session closed for user root
Oct 14 07:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: Invalid user georg from 192.40.58.3
Oct 14 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: input_userauth_request: invalid user georg [preauth]
Oct 14 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: Invalid user qiyuesuo from 217.154.38.181
Oct 14 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: input_userauth_request: invalid user qiyuesuo [preauth]
Oct 14 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: Failed password for invalid user georg from 192.40.58.3 port 43034 ssh2
Oct 14 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: Failed password for invalid user qiyuesuo from 217.154.38.181 port 39032 ssh2
Oct 14 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: Received disconnect from 192.40.58.3 port 43034:11: Bye Bye [preauth]
Oct 14 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: Disconnected from 192.40.58.3 port 43034 [preauth]
Oct 14 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: Received disconnect from 217.154.38.181 port 39032:11: Bye Bye [preauth]
Oct 14 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: Disconnected from 217.154.38.181 port 39032 [preauth]
Oct 14 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11870]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11866]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11869]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11865]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11865]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11942]: Successful su for rubyman by root
Oct 14 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11942]: + ??? root:rubyman
Oct 14 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409813 of user rubyman.
Oct 14 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11942]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409813.
Oct 14 07:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8312]: pam_unix(cron:session): session closed for user root
Oct 14 07:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11866]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: Invalid user usertest from 196.251.84.92
Oct 14 07:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: input_userauth_request: invalid user usertest [preauth]
Oct 14 07:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: Failed password for invalid user usertest from 196.251.84.92 port 36304 ssh2
Oct 14 07:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: Connection closed by 196.251.84.92 port 36304 [preauth]
Oct 14 07:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10706]: pam_unix(cron:session): session closed for user root
Oct 14 07:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204  user=root
Oct 14 07:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: Failed password for root from 79.116.71.204 port 34624 ssh2
Oct 14 07:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: Received disconnect from 79.116.71.204 port 34624:11: Bye Bye [preauth]
Oct 14 07:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: Disconnected from 79.116.71.204 port 34624 [preauth]
Oct 14 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12349]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12346]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12344]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12422]: Successful su for rubyman by root
Oct 14 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12422]: + ??? root:rubyman
Oct 14 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409816 of user rubyman.
Oct 14 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12422]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409816.
Oct 14 07:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12571]: Invalid user eacsaci from 157.66.34.56
Oct 14 07:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12571]: input_userauth_request: invalid user eacsaci [preauth]
Oct 14 07:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12571]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 07:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8944]: pam_unix(cron:session): session closed for user root
Oct 14 07:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12518]: Invalid user test from 196.251.84.140
Oct 14 07:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12518]: input_userauth_request: invalid user test [preauth]
Oct 14 07:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12571]: Failed password for invalid user eacsaci from 157.66.34.56 port 41470 ssh2
Oct 14 07:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12571]: Received disconnect from 157.66.34.56 port 41470:11: Bye Bye [preauth]
Oct 14 07:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12571]: Disconnected from 157.66.34.56 port 41470 [preauth]
Oct 14 07:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12518]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 07:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12518]: Failed password for invalid user test from 196.251.84.140 port 40254 ssh2
Oct 14 07:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12518]: Connection closed by 196.251.84.140 port 40254 [preauth]
Oct 14 07:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12345]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5  user=root
Oct 14 07:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12712]: Failed password for root from 14.241.254.5 port 60840 ssh2
Oct 14 07:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12712]: Received disconnect from 14.241.254.5 port 60840:11: Bye Bye [preauth]
Oct 14 07:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12712]: Disconnected from 14.241.254.5 port 60840 [preauth]
Oct 14 07:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: Invalid user bitcoin from 192.40.58.3
Oct 14 07:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: input_userauth_request: invalid user bitcoin [preauth]
Oct 14 07:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 07:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: Failed password for invalid user bitcoin from 192.40.58.3 port 49914 ssh2
Oct 14 07:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: Received disconnect from 192.40.58.3 port 49914:11: Bye Bye [preauth]
Oct 14 07:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: Disconnected from 192.40.58.3 port 49914 [preauth]
Oct 14 07:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11166]: pam_unix(cron:session): session closed for user root
Oct 14 07:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: Invalid user kafka from 217.154.38.181
Oct 14 07:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: input_userauth_request: invalid user kafka [preauth]
Oct 14 07:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: Failed password for invalid user kafka from 217.154.38.181 port 55916 ssh2
Oct 14 07:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: Received disconnect from 217.154.38.181 port 55916:11: Bye Bye [preauth]
Oct 14 07:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12794]: Disconnected from 217.154.38.181 port 55916 [preauth]
Oct 14 07:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: Invalid user ftptest from 196.251.84.92
Oct 14 07:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 07:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: Failed password for invalid user ftptest from 196.251.84.92 port 52870 ssh2
Oct 14 07:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: Connection closed by 196.251.84.92 port 52870 [preauth]
Oct 14 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12853]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12854]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12850]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12942]: Successful su for rubyman by root
Oct 14 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12942]: + ??? root:rubyman
Oct 14 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409823 of user rubyman.
Oct 14 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12942]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409823.
Oct 14 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204  user=root
Oct 14 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13024]: Failed password for root from 79.116.71.204 port 42692 ssh2
Oct 14 07:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13024]: Received disconnect from 79.116.71.204 port 42692:11: Bye Bye [preauth]
Oct 14 07:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13024]: Disconnected from 79.116.71.204 port 42692 [preauth]
Oct 14 07:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9572]: pam_unix(cron:session): session closed for user root
Oct 14 07:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12852]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11870]: pam_unix(cron:session): session closed for user root
Oct 14 07:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56  user=root
Oct 14 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.80  user=root
Oct 14 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: Invalid user sham from 14.241.254.5
Oct 14 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: input_userauth_request: invalid user sham [preauth]
Oct 14 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13476]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13480]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13474]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: Failed password for root from 157.66.34.56 port 40414 ssh2
Oct 14 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: Received disconnect from 157.66.34.56 port 40414:11: Bye Bye [preauth]
Oct 14 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13457]: Disconnected from 157.66.34.56 port 40414 [preauth]
Oct 14 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13553]: Successful su for rubyman by root
Oct 14 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13553]: + ??? root:rubyman
Oct 14 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409827 of user rubyman.
Oct 14 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13553]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409827.
Oct 14 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: Failed password for root from 207.46.224.80 port 40896 ssh2
Oct 14 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: Failed password for invalid user sham from 14.241.254.5 port 55526 ssh2
Oct 14 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: Connection closed by 207.46.224.80 port 40896 [preauth]
Oct 14 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: Received disconnect from 14.241.254.5 port 55526:11: Bye Bye [preauth]
Oct 14 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: Disconnected from 14.241.254.5 port 55526 [preauth]
Oct 14 07:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Invalid user syp from 192.40.58.3
Oct 14 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: input_userauth_request: invalid user syp [preauth]
Oct 14 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 07:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Failed password for invalid user syp from 192.40.58.3 port 56542 ssh2
Oct 14 07:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Received disconnect from 192.40.58.3 port 56542:11: Bye Bye [preauth]
Oct 14 07:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Disconnected from 192.40.58.3 port 56542 [preauth]
Oct 14 07:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10200]: pam_unix(cron:session): session closed for user root
Oct 14 07:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13475]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Invalid user ftptest from 196.251.84.92
Oct 14 07:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 07:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Failed password for invalid user ftptest from 196.251.84.92 port 40832 ssh2
Oct 14 07:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Connection closed by 196.251.84.92 port 40832 [preauth]
Oct 14 07:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: Invalid user admin1 from 217.154.38.181
Oct 14 07:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: input_userauth_request: invalid user admin1 [preauth]
Oct 14 07:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: Failed password for invalid user admin1 from 217.154.38.181 port 43634 ssh2
Oct 14 07:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: Received disconnect from 217.154.38.181 port 43634:11: Bye Bye [preauth]
Oct 14 07:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: Disconnected from 217.154.38.181 port 43634 [preauth]
Oct 14 07:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12349]: pam_unix(cron:session): session closed for user root
Oct 14 07:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Invalid user ben from 79.116.71.204
Oct 14 07:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: input_userauth_request: invalid user ben [preauth]
Oct 14 07:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Failed password for invalid user ben from 79.116.71.204 port 47156 ssh2
Oct 14 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Received disconnect from 79.116.71.204 port 47156:11: Bye Bye [preauth]
Oct 14 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Disconnected from 79.116.71.204 port 47156 [preauth]
Oct 14 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13964]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13963]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13962]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13965]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13965]: pam_unix(cron:session): session closed for user root
Oct 14 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13960]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: Successful su for rubyman by root
Oct 14 07:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: + ??? root:rubyman
Oct 14 07:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409829 of user rubyman.
Oct 14 07:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409829.
Oct 14 07:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13962]: pam_unix(cron:session): session closed for user root
Oct 14 07:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10700]: pam_unix(cron:session): session closed for user root
Oct 14 07:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13961]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: Invalid user test from 196.251.84.140
Oct 14 07:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: input_userauth_request: invalid user test [preauth]
Oct 14 07:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: Failed password for invalid user test from 196.251.84.140 port 35502 ssh2
Oct 14 07:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: Connection closed by 196.251.84.140 port 35502 [preauth]
Oct 14 07:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12854]: pam_unix(cron:session): session closed for user root
Oct 14 07:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14479]: Invalid user deploy from 192.40.58.3
Oct 14 07:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14479]: input_userauth_request: invalid user deploy [preauth]
Oct 14 07:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14479]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 07:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: Invalid user roo from 14.241.254.5
Oct 14 07:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: input_userauth_request: invalid user roo [preauth]
Oct 14 07:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 07:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14479]: Failed password for invalid user deploy from 192.40.58.3 port 32916 ssh2
Oct 14 07:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14479]: Received disconnect from 192.40.58.3 port 32916:11: Bye Bye [preauth]
Oct 14 07:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14479]: Disconnected from 192.40.58.3 port 32916 [preauth]
Oct 14 07:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: Failed password for invalid user roo from 14.241.254.5 port 31926 ssh2
Oct 14 07:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: Received disconnect from 14.241.254.5 port 31926:11: Bye Bye [preauth]
Oct 14 07:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: Disconnected from 14.241.254.5 port 31926 [preauth]
Oct 14 07:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14482]: Invalid user ftptest from 196.251.84.92
Oct 14 07:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14482]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 07:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14482]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14482]: Failed password for invalid user ftptest from 196.251.84.92 port 57054 ssh2
Oct 14 07:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14482]: Connection closed by 196.251.84.92 port 57054 [preauth]
Oct 14 07:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56  user=root
Oct 14 07:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: Failed password for root from 157.66.34.56 port 53846 ssh2
Oct 14 07:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: Received disconnect from 157.66.34.56 port 53846:11: Bye Bye [preauth]
Oct 14 07:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: Disconnected from 157.66.34.56 port 53846 [preauth]
Oct 14 07:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: Invalid user avatar from 79.116.71.204
Oct 14 07:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: input_userauth_request: invalid user avatar [preauth]
Oct 14 07:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: Failed password for invalid user avatar from 79.116.71.204 port 54664 ssh2
Oct 14 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: Received disconnect from 79.116.71.204 port 54664:11: Bye Bye [preauth]
Oct 14 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14524]: Disconnected from 79.116.71.204 port 54664 [preauth]
Oct 14 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14540]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14541]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14539]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14538]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14621]: Successful su for rubyman by root
Oct 14 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14621]: + ??? root:rubyman
Oct 14 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409835 of user rubyman.
Oct 14 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14621]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409835.
Oct 14 07:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11165]: pam_unix(cron:session): session closed for user root
Oct 14 07:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14539]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: Invalid user wms from 217.154.38.181
Oct 14 07:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: input_userauth_request: invalid user wms [preauth]
Oct 14 07:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: Failed password for invalid user wms from 217.154.38.181 port 46706 ssh2
Oct 14 07:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: Received disconnect from 217.154.38.181 port 46706:11: Bye Bye [preauth]
Oct 14 07:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14869]: Disconnected from 217.154.38.181 port 46706 [preauth]
Oct 14 07:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13480]: pam_unix(cron:session): session closed for user root
Oct 14 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15022]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15023]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15019]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15188]: Successful su for rubyman by root
Oct 14 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15188]: + ??? root:rubyman
Oct 14 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409839 of user rubyman.
Oct 14 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15188]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409839.
Oct 14 07:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11869]: pam_unix(cron:session): session closed for user root
Oct 14 07:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15020]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: Invalid user ftptest from 196.251.84.92
Oct 14 07:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 07:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: Failed password for invalid user ftptest from 196.251.84.92 port 44782 ssh2
Oct 14 07:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: Connection closed by 196.251.84.92 port 44782 [preauth]
Oct 14 07:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: Invalid user odoo13 from 192.40.58.3
Oct 14 07:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: input_userauth_request: invalid user odoo13 [preauth]
Oct 14 07:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3
Oct 14 07:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: Failed password for invalid user odoo13 from 192.40.58.3 port 49912 ssh2
Oct 14 07:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: Received disconnect from 192.40.58.3 port 49912:11: Bye Bye [preauth]
Oct 14 07:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: Disconnected from 192.40.58.3 port 49912 [preauth]
Oct 14 07:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15488]: Invalid user bill from 14.241.254.5
Oct 14 07:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15488]: input_userauth_request: invalid user bill [preauth]
Oct 14 07:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15488]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 07:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: Invalid user mailtest from 79.116.71.204
Oct 14 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: input_userauth_request: invalid user mailtest [preauth]
Oct 14 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15488]: Failed password for invalid user bill from 14.241.254.5 port 58500 ssh2
Oct 14 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15488]: Received disconnect from 14.241.254.5 port 58500:11: Bye Bye [preauth]
Oct 14 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15488]: Disconnected from 14.241.254.5 port 58500 [preauth]
Oct 14 07:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: Failed password for invalid user mailtest from 79.116.71.204 port 50316 ssh2
Oct 14 07:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: Received disconnect from 79.116.71.204 port 50316:11: Bye Bye [preauth]
Oct 14 07:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15491]: Disconnected from 79.116.71.204 port 50316 [preauth]
Oct 14 07:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13964]: pam_unix(cron:session): session closed for user root
Oct 14 07:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: Invalid user info from 157.66.34.56
Oct 14 07:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: input_userauth_request: invalid user info [preauth]
Oct 14 07:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 07:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: Failed password for invalid user info from 157.66.34.56 port 57606 ssh2
Oct 14 07:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: Received disconnect from 157.66.34.56 port 57606:11: Bye Bye [preauth]
Oct 14 07:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: Disconnected from 157.66.34.56 port 57606 [preauth]
Oct 14 07:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.80  user=root
Oct 14 07:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15561]: Failed password for root from 207.46.224.80 port 40896 ssh2
Oct 14 07:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15561]: Connection closed by 207.46.224.80 port 40896 [preauth]
Oct 14 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15590]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15591]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15588]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15666]: Successful su for rubyman by root
Oct 14 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15666]: + ??? root:rubyman
Oct 14 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409843 of user rubyman.
Oct 14 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15666]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409843.
Oct 14 07:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12346]: pam_unix(cron:session): session closed for user root
Oct 14 07:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15833]: Invalid user avatar from 217.154.38.181
Oct 14 07:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15833]: input_userauth_request: invalid user avatar [preauth]
Oct 14 07:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15833]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15833]: Failed password for invalid user avatar from 217.154.38.181 port 32804 ssh2
Oct 14 07:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15833]: Received disconnect from 217.154.38.181 port 32804:11: Bye Bye [preauth]
Oct 14 07:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15833]: Disconnected from 217.154.38.181 port 32804 [preauth]
Oct 14 07:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15589]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14541]: pam_unix(cron:session): session closed for user root
Oct 14 07:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15986]: Invalid user ftptest from 196.251.84.92
Oct 14 07:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15986]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 07:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15986]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15986]: Failed password for invalid user ftptest from 196.251.84.92 port 60598 ssh2
Oct 14 07:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15986]: Connection closed by 196.251.84.92 port 60598 [preauth]
Oct 14 07:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: Invalid user test from 196.251.84.140
Oct 14 07:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: input_userauth_request: invalid user test [preauth]
Oct 14 07:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 07:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: Failed password for invalid user test from 196.251.84.140 port 60196 ssh2
Oct 14 07:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: Connection closed by 196.251.84.140 port 60196 [preauth]
Oct 14 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16055]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16056]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16050]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16052]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.40.58.3  user=root
Oct 14 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16229]: Successful su for rubyman by root
Oct 14 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16229]: + ??? root:rubyman
Oct 14 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409846 of user rubyman.
Oct 14 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16229]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409846.
Oct 14 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16050]: pam_unix(cron:session): session closed for user root
Oct 14 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: Failed password for root from 192.40.58.3 port 56642 ssh2
Oct 14 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: Received disconnect from 192.40.58.3 port 56642:11: Bye Bye [preauth]
Oct 14 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: Disconnected from 192.40.58.3 port 56642 [preauth]
Oct 14 07:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: Invalid user git from 79.116.71.204
Oct 14 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: input_userauth_request: invalid user git [preauth]
Oct 14 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: Failed password for invalid user git from 79.116.71.204 port 56086 ssh2
Oct 14 07:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: Received disconnect from 79.116.71.204 port 56086:11: Bye Bye [preauth]
Oct 14 07:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: Disconnected from 79.116.71.204 port 56086 [preauth]
Oct 14 07:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12853]: pam_unix(cron:session): session closed for user root
Oct 14 07:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16053]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: Invalid user toor from 14.241.254.5
Oct 14 07:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: input_userauth_request: invalid user toor [preauth]
Oct 14 07:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 07:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: Failed password for invalid user toor from 14.241.254.5 port 54466 ssh2
Oct 14 07:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: Received disconnect from 14.241.254.5 port 54466:11: Bye Bye [preauth]
Oct 14 07:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: Disconnected from 14.241.254.5 port 54466 [preauth]
Oct 14 07:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15023]: pam_unix(cron:session): session closed for user root
Oct 14 07:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: Invalid user user9 from 157.66.34.56
Oct 14 07:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: input_userauth_request: invalid user user9 [preauth]
Oct 14 07:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 07:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: Failed password for invalid user user9 from 157.66.34.56 port 40674 ssh2
Oct 14 07:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: Received disconnect from 157.66.34.56 port 40674:11: Bye Bye [preauth]
Oct 14 07:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: Disconnected from 157.66.34.56 port 40674 [preauth]
Oct 14 07:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181  user=root
Oct 14 07:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: Failed password for root from 217.154.38.181 port 48690 ssh2
Oct 14 07:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: Received disconnect from 217.154.38.181 port 48690:11: Bye Bye [preauth]
Oct 14 07:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16632]: Disconnected from 217.154.38.181 port 48690 [preauth]
Oct 14 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16648]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16646]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16647]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16649]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16649]: pam_unix(cron:session): session closed for user root
Oct 14 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16644]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16717]: Successful su for rubyman by root
Oct 14 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16717]: + ??? root:rubyman
Oct 14 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409851 of user rubyman.
Oct 14 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16717]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409851.
Oct 14 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Invalid user ftptest from 196.251.84.92
Oct 14 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Failed password for invalid user ftptest from 196.251.84.92 port 48144 ssh2
Oct 14 07:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Connection closed by 196.251.84.92 port 48144 [preauth]
Oct 14 07:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16646]: pam_unix(cron:session): session closed for user root
Oct 14 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13476]: pam_unix(cron:session): session closed for user root
Oct 14 07:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16645]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204  user=root
Oct 14 07:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17018]: Failed password for root from 79.116.71.204 port 59662 ssh2
Oct 14 07:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17018]: Received disconnect from 79.116.71.204 port 59662:11: Bye Bye [preauth]
Oct 14 07:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17018]: Disconnected from 79.116.71.204 port 59662 [preauth]
Oct 14 07:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15591]: pam_unix(cron:session): session closed for user root
Oct 14 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17144]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17143]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17140]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17222]: Successful su for rubyman by root
Oct 14 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17222]: + ??? root:rubyman
Oct 14 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409858 of user rubyman.
Oct 14 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17222]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409858.
Oct 14 07:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13963]: pam_unix(cron:session): session closed for user root
Oct 14 07:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5  user=root
Oct 14 07:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17431]: Failed password for root from 14.241.254.5 port 32146 ssh2
Oct 14 07:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17431]: Received disconnect from 14.241.254.5 port 32146:11: Bye Bye [preauth]
Oct 14 07:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17431]: Disconnected from 14.241.254.5 port 32146 [preauth]
Oct 14 07:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17141]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17486]: Invalid user ftptest from 196.251.84.92
Oct 14 07:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17486]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 07:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17486]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17486]: Failed password for invalid user ftptest from 196.251.84.92 port 35466 ssh2
Oct 14 07:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17486]: Connection closed by 196.251.84.92 port 35466 [preauth]
Oct 14 07:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16056]: pam_unix(cron:session): session closed for user root
Oct 14 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: Invalid user rashid from 157.66.34.56
Oct 14 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: input_userauth_request: invalid user rashid [preauth]
Oct 14 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 07:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: Failed password for invalid user rashid from 157.66.34.56 port 54694 ssh2
Oct 14 07:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: Received disconnect from 157.66.34.56 port 54694:11: Bye Bye [preauth]
Oct 14 07:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: Disconnected from 157.66.34.56 port 54694 [preauth]
Oct 14 07:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181  user=root
Oct 14 07:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: Failed password for root from 217.154.38.181 port 44140 ssh2
Oct 14 07:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: Received disconnect from 217.154.38.181 port 44140:11: Bye Bye [preauth]
Oct 14 07:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17558]: Disconnected from 217.154.38.181 port 44140 [preauth]
Oct 14 07:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.46.224.80  user=root
Oct 14 07:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17576]: Failed password for root from 207.46.224.80 port 40896 ssh2
Oct 14 07:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17576]: Connection closed by 207.46.224.80 port 40896 [preauth]
Oct 14 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17619]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17618]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17613]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17704]: Successful su for rubyman by root
Oct 14 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17704]: + ??? root:rubyman
Oct 14 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409862 of user rubyman.
Oct 14 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17704]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409862.
Oct 14 07:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17835]: Invalid user ftpuser from 79.116.71.204
Oct 14 07:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17835]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 07:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17835]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17835]: Failed password for invalid user ftpuser from 79.116.71.204 port 43920 ssh2
Oct 14 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17835]: Received disconnect from 79.116.71.204 port 43920:11: Bye Bye [preauth]
Oct 14 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17835]: Disconnected from 79.116.71.204 port 43920 [preauth]
Oct 14 07:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14540]: pam_unix(cron:session): session closed for user root
Oct 14 07:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17614]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: Invalid user test from 196.251.84.140
Oct 14 07:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: input_userauth_request: invalid user test [preauth]
Oct 14 07:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 07:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: Failed password for invalid user test from 196.251.84.140 port 60714 ssh2
Oct 14 07:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: Connection closed by 196.251.84.140 port 60714 [preauth]
Oct 14 07:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16648]: pam_unix(cron:session): session closed for user root
Oct 14 07:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18268]: Invalid user ftptest from 196.251.84.92
Oct 14 07:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18268]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 07:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18268]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18268]: Failed password for invalid user ftptest from 196.251.84.92 port 51262 ssh2
Oct 14 07:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18268]: Connection closed by 196.251.84.92 port 51262 [preauth]
Oct 14 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18295]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18296]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18292]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18475]: Successful su for rubyman by root
Oct 14 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18475]: + ??? root:rubyman
Oct 14 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18475]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409867 of user rubyman.
Oct 14 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18475]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409867.
Oct 14 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: Invalid user ts1 from 14.241.254.5
Oct 14 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: input_userauth_request: invalid user ts1 [preauth]
Oct 14 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: Failed password for invalid user ts1 from 14.241.254.5 port 27600 ssh2
Oct 14 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: Received disconnect from 14.241.254.5 port 27600:11: Bye Bye [preauth]
Oct 14 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: Disconnected from 14.241.254.5 port 27600 [preauth]
Oct 14 07:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15022]: pam_unix(cron:session): session closed for user root
Oct 14 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18294]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56  user=root
Oct 14 07:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Failed password for root from 157.66.34.56 port 56806 ssh2
Oct 14 07:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Received disconnect from 157.66.34.56 port 56806:11: Bye Bye [preauth]
Oct 14 07:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Disconnected from 157.66.34.56 port 56806 [preauth]
Oct 14 07:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: Invalid user ftpuser2 from 217.154.38.181
Oct 14 07:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: input_userauth_request: invalid user ftpuser2 [preauth]
Oct 14 07:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204  user=root
Oct 14 07:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: Failed password for invalid user ftpuser2 from 217.154.38.181 port 44342 ssh2
Oct 14 07:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: Received disconnect from 217.154.38.181 port 44342:11: Bye Bye [preauth]
Oct 14 07:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18795]: Disconnected from 217.154.38.181 port 44342 [preauth]
Oct 14 07:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17144]: pam_unix(cron:session): session closed for user root
Oct 14 07:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18799]: Failed password for root from 79.116.71.204 port 51864 ssh2
Oct 14 07:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18799]: Received disconnect from 79.116.71.204 port 51864:11: Bye Bye [preauth]
Oct 14 07:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18799]: Disconnected from 79.116.71.204 port 51864 [preauth]
Oct 14 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18903]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18904]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18901]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19091]: Successful su for rubyman by root
Oct 14 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19091]: + ??? root:rubyman
Oct 14 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409871 of user rubyman.
Oct 14 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19091]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409871.
Oct 14 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15590]: pam_unix(cron:session): session closed for user root
Oct 14 07:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18902]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: Invalid user ftptest from 196.251.84.92
Oct 14 07:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 07:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: Failed password for invalid user ftptest from 196.251.84.92 port 38546 ssh2
Oct 14 07:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: Connection closed by 196.251.84.92 port 38546 [preauth]
Oct 14 07:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17619]: pam_unix(cron:session): session closed for user root
Oct 14 07:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19799]: Invalid user raju from 14.241.254.5
Oct 14 07:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19799]: input_userauth_request: invalid user raju [preauth]
Oct 14 07:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19799]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 07:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19799]: Failed password for invalid user raju from 14.241.254.5 port 21664 ssh2
Oct 14 07:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19799]: Received disconnect from 14.241.254.5 port 21664:11: Bye Bye [preauth]
Oct 14 07:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19799]: Disconnected from 14.241.254.5 port 21664 [preauth]
Oct 14 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19833]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19829]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19828]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19827]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19814]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19833]: pam_unix(cron:session): session closed for user root
Oct 14 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19814]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19934]: Successful su for rubyman by root
Oct 14 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19934]: + ??? root:rubyman
Oct 14 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409877 of user rubyman.
Oct 14 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19934]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409877.
Oct 14 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19827]: pam_unix(cron:session): session closed for user root
Oct 14 07:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16055]: pam_unix(cron:session): session closed for user root
Oct 14 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204  user=root
Oct 14 07:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20177]: Failed password for root from 79.116.71.204 port 42446 ssh2
Oct 14 07:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20177]: Received disconnect from 79.116.71.204 port 42446:11: Bye Bye [preauth]
Oct 14 07:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20177]: Disconnected from 79.116.71.204 port 42446 [preauth]
Oct 14 07:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19816]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20268]: Invalid user crystal from 157.66.34.56
Oct 14 07:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20268]: input_userauth_request: invalid user crystal [preauth]
Oct 14 07:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20268]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 07:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20268]: Failed password for invalid user crystal from 157.66.34.56 port 45408 ssh2
Oct 14 07:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20268]: Received disconnect from 157.66.34.56 port 45408:11: Bye Bye [preauth]
Oct 14 07:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20268]: Disconnected from 157.66.34.56 port 45408 [preauth]
Oct 14 07:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: Invalid user dante from 217.154.38.181
Oct 14 07:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: input_userauth_request: invalid user dante [preauth]
Oct 14 07:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: Failed password for invalid user dante from 217.154.38.181 port 44234 ssh2
Oct 14 07:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: Received disconnect from 217.154.38.181 port 44234:11: Bye Bye [preauth]
Oct 14 07:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20282]: Disconnected from 217.154.38.181 port 44234 [preauth]
Oct 14 07:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: Invalid user test from 196.251.84.140
Oct 14 07:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: input_userauth_request: invalid user test [preauth]
Oct 14 07:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 07:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18296]: pam_unix(cron:session): session closed for user root
Oct 14 07:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: Failed password for invalid user test from 196.251.84.140 port 52270 ssh2
Oct 14 07:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: Connection closed by 196.251.84.140 port 52270 [preauth]
Oct 14 07:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: Invalid user ftptest from 196.251.84.92
Oct 14 07:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 07:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: Failed password for invalid user ftptest from 196.251.84.92 port 54076 ssh2
Oct 14 07:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: Connection closed by 196.251.84.92 port 54076 [preauth]
Oct 14 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20418]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20417]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20413]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20495]: Successful su for rubyman by root
Oct 14 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20495]: + ??? root:rubyman
Oct 14 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409879 of user rubyman.
Oct 14 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20495]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409879.
Oct 14 07:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16647]: pam_unix(cron:session): session closed for user root
Oct 14 07:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20416]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: Invalid user wms from 79.116.71.204
Oct 14 07:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: input_userauth_request: invalid user wms [preauth]
Oct 14 07:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: Failed password for invalid user wms from 79.116.71.204 port 41504 ssh2
Oct 14 07:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: Received disconnect from 79.116.71.204 port 41504:11: Bye Bye [preauth]
Oct 14 07:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: Disconnected from 79.116.71.204 port 41504 [preauth]
Oct 14 07:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18904]: pam_unix(cron:session): session closed for user root
Oct 14 07:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20818]: Invalid user user01 from 14.241.254.5
Oct 14 07:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20818]: input_userauth_request: invalid user user01 [preauth]
Oct 14 07:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20818]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.241.254.5
Oct 14 07:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20818]: Failed password for invalid user user01 from 14.241.254.5 port 16862 ssh2
Oct 14 07:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20818]: Received disconnect from 14.241.254.5 port 16862:11: Bye Bye [preauth]
Oct 14 07:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20818]: Disconnected from 14.241.254.5 port 16862 [preauth]
Oct 14 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20895]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20894]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20892]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20888]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20888]: pam_unix(cron:session): session closed for user root
Oct 14 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20890]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20967]: Successful su for rubyman by root
Oct 14 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20967]: + ??? root:rubyman
Oct 14 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409884 of user rubyman.
Oct 14 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20967]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409884.
Oct 14 07:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: Invalid user ftptest from 196.251.84.92
Oct 14 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21059]: Invalid user marcus from 157.66.34.56
Oct 14 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21059]: input_userauth_request: invalid user marcus [preauth]
Oct 14 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21059]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 07:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: Failed password for invalid user ftptest from 196.251.84.92 port 41270 ssh2
Oct 14 07:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20994]: Connection closed by 196.251.84.92 port 41270 [preauth]
Oct 14 07:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21059]: Failed password for invalid user marcus from 157.66.34.56 port 40310 ssh2
Oct 14 07:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21059]: Received disconnect from 157.66.34.56 port 40310:11: Bye Bye [preauth]
Oct 14 07:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21059]: Disconnected from 157.66.34.56 port 40310 [preauth]
Oct 14 07:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17143]: pam_unix(cron:session): session closed for user root
Oct 14 07:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20892]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21206]: Invalid user canal from 217.154.38.181
Oct 14 07:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21206]: input_userauth_request: invalid user canal [preauth]
Oct 14 07:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21206]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21206]: Failed password for invalid user canal from 217.154.38.181 port 45558 ssh2
Oct 14 07:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21206]: Received disconnect from 217.154.38.181 port 45558:11: Bye Bye [preauth]
Oct 14 07:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21206]: Disconnected from 217.154.38.181 port 45558 [preauth]
Oct 14 07:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19829]: pam_unix(cron:session): session closed for user root
Oct 14 07:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21418]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21417]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21414]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204  user=root
Oct 14 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21497]: Successful su for rubyman by root
Oct 14 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21497]: + ??? root:rubyman
Oct 14 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409888 of user rubyman.
Oct 14 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21497]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409888.
Oct 14 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Failed password for root from 79.116.71.204 port 55684 ssh2
Oct 14 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Received disconnect from 79.116.71.204 port 55684:11: Bye Bye [preauth]
Oct 14 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Disconnected from 79.116.71.204 port 55684 [preauth]
Oct 14 07:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17618]: pam_unix(cron:session): session closed for user root
Oct 14 07:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21415]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21769]: Invalid user ftptest from 196.251.84.92
Oct 14 07:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21769]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 07:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21769]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21769]: Failed password for invalid user ftptest from 196.251.84.92 port 56550 ssh2
Oct 14 07:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21769]: Connection closed by 196.251.84.92 port 56550 [preauth]
Oct 14 07:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20418]: pam_unix(cron:session): session closed for user root
Oct 14 07:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21881]: Invalid user test from 196.251.84.140
Oct 14 07:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21881]: input_userauth_request: invalid user test [preauth]
Oct 14 07:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21894]: Invalid user intel from 157.66.34.56
Oct 14 07:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21894]: input_userauth_request: invalid user intel [preauth]
Oct 14 07:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21894]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.66.34.56
Oct 14 07:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21881]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 07:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21894]: Failed password for invalid user intel from 157.66.34.56 port 58198 ssh2
Oct 14 07:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21894]: Received disconnect from 157.66.34.56 port 58198:11: Bye Bye [preauth]
Oct 14 07:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21894]: Disconnected from 157.66.34.56 port 58198 [preauth]
Oct 14 07:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21881]: Failed password for invalid user test from 196.251.84.140 port 49764 ssh2
Oct 14 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21881]: Connection closed by 196.251.84.140 port 49764 [preauth]
Oct 14 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21910]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21911]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21908]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21973]: Successful su for rubyman by root
Oct 14 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21973]: + ??? root:rubyman
Oct 14 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409892 of user rubyman.
Oct 14 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21973]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409892.
Oct 14 07:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18295]: pam_unix(cron:session): session closed for user root
Oct 14 07:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181  user=root
Oct 14 07:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22155]: Failed password for root from 217.154.38.181 port 55800 ssh2
Oct 14 07:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22155]: Received disconnect from 217.154.38.181 port 55800:11: Bye Bye [preauth]
Oct 14 07:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22155]: Disconnected from 217.154.38.181 port 55800 [preauth]
Oct 14 07:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21909]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22289]: Invalid user free from 79.116.71.204
Oct 14 07:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22289]: input_userauth_request: invalid user free [preauth]
Oct 14 07:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22289]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22289]: Failed password for invalid user free from 79.116.71.204 port 45546 ssh2
Oct 14 07:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22289]: Received disconnect from 79.116.71.204 port 45546:11: Bye Bye [preauth]
Oct 14 07:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22289]: Disconnected from 79.116.71.204 port 45546 [preauth]
Oct 14 07:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20895]: pam_unix(cron:session): session closed for user root
Oct 14 07:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: Invalid user ftptest from 196.251.84.92
Oct 14 07:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 07:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: Invalid user root2 from 190.103.202.7
Oct 14 07:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: input_userauth_request: invalid user root2 [preauth]
Oct 14 07:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 14 07:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: Failed password for invalid user ftptest from 196.251.84.92 port 43468 ssh2
Oct 14 07:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: Connection closed by 196.251.84.92 port 43468 [preauth]
Oct 14 07:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: Failed password for invalid user root2 from 190.103.202.7 port 57338 ssh2
Oct 14 07:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: Connection closed by 190.103.202.7 port 57338 [preauth]
Oct 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22416]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22417]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22418]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22415]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22418]: pam_unix(cron:session): session closed for user root
Oct 14 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22413]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22497]: Successful su for rubyman by root
Oct 14 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22497]: + ??? root:rubyman
Oct 14 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409897 of user rubyman.
Oct 14 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22497]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409897.
Oct 14 07:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22415]: pam_unix(cron:session): session closed for user root
Oct 14 07:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18903]: pam_unix(cron:session): session closed for user root
Oct 14 07:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22414]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21418]: pam_unix(cron:session): session closed for user root
Oct 14 07:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: Invalid user saman from 217.154.38.181
Oct 14 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: input_userauth_request: invalid user saman [preauth]
Oct 14 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23295]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23294]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23290]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: Invalid user admin from 2.57.121.112
Oct 14 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: input_userauth_request: invalid user admin [preauth]
Oct 14 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: Failed password for invalid user saman from 217.154.38.181 port 42784 ssh2
Oct 14 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23515]: Successful su for rubyman by root
Oct 14 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23515]: + ??? root:rubyman
Oct 14 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409902 of user rubyman.
Oct 14 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23515]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409902.
Oct 14 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: Received disconnect from 217.154.38.181 port 42784:11: Bye Bye [preauth]
Oct 14 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: Disconnected from 217.154.38.181 port 42784 [preauth]
Oct 14 07:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: Failed password for invalid user admin from 2.57.121.112 port 38099 ssh2
Oct 14 07:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: Failed password for invalid user admin from 2.57.121.112 port 38099 ssh2
Oct 14 07:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204  user=root
Oct 14 07:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: Failed password for invalid user admin from 2.57.121.112 port 38099 ssh2
Oct 14 07:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23801]: Failed password for root from 79.116.71.204 port 45666 ssh2
Oct 14 07:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23801]: Received disconnect from 79.116.71.204 port 45666:11: Bye Bye [preauth]
Oct 14 07:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23801]: Disconnected from 79.116.71.204 port 45666 [preauth]
Oct 14 07:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19828]: pam_unix(cron:session): session closed for user root
Oct 14 07:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: Failed password for invalid user admin from 2.57.121.112 port 38099 ssh2
Oct 14 07:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: Failed password for invalid user admin from 2.57.121.112 port 38099 ssh2
Oct 14 07:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: Received disconnect from 2.57.121.112 port 38099:11: Bye [preauth]
Oct 14 07:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: Disconnected from 2.57.121.112 port 38099 [preauth]
Oct 14 07:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 07:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 07:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: Invalid user elastic from 196.251.84.92
Oct 14 07:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: input_userauth_request: invalid user elastic [preauth]
Oct 14 07:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23293]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: Failed password for invalid user elastic from 196.251.84.92 port 58674 ssh2
Oct 14 07:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23927]: Connection closed by 196.251.84.92 port 58674 [preauth]
Oct 14 07:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21911]: pam_unix(cron:session): session closed for user root
Oct 14 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24140]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24141]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24135]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24222]: Successful su for rubyman by root
Oct 14 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24222]: + ??? root:rubyman
Oct 14 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409907 of user rubyman.
Oct 14 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24222]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409907.
Oct 14 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20417]: pam_unix(cron:session): session closed for user root
Oct 14 07:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24310]: Invalid user test from 196.251.84.140
Oct 14 07:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24310]: input_userauth_request: invalid user test [preauth]
Oct 14 07:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24310]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 07:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24310]: Failed password for invalid user test from 196.251.84.140 port 45794 ssh2
Oct 14 07:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24310]: Connection closed by 196.251.84.140 port 45794 [preauth]
Oct 14 07:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24137]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24555]: Invalid user admin1 from 79.116.71.204
Oct 14 07:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24555]: input_userauth_request: invalid user admin1 [preauth]
Oct 14 07:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24555]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24555]: Failed password for invalid user admin1 from 79.116.71.204 port 48822 ssh2
Oct 14 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24555]: Received disconnect from 79.116.71.204 port 48822:11: Bye Bye [preauth]
Oct 14 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24555]: Disconnected from 79.116.71.204 port 48822 [preauth]
Oct 14 07:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: Invalid user elastic from 196.251.84.92
Oct 14 07:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: input_userauth_request: invalid user elastic [preauth]
Oct 14 07:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: Failed password for invalid user elastic from 196.251.84.92 port 45358 ssh2
Oct 14 07:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: Connection closed by 196.251.84.92 port 45358 [preauth]
Oct 14 07:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22417]: pam_unix(cron:session): session closed for user root
Oct 14 07:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: Invalid user ben from 217.154.38.181
Oct 14 07:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: input_userauth_request: invalid user ben [preauth]
Oct 14 07:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: Failed password for invalid user ben from 217.154.38.181 port 53594 ssh2
Oct 14 07:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: Received disconnect from 217.154.38.181 port 53594:11: Bye Bye [preauth]
Oct 14 07:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: Disconnected from 217.154.38.181 port 53594 [preauth]
Oct 14 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24668]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24667]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24665]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24745]: Successful su for rubyman by root
Oct 14 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24745]: + ??? root:rubyman
Oct 14 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409910 of user rubyman.
Oct 14 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24745]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409910.
Oct 14 07:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: Invalid user user from 62.60.131.157
Oct 14 07:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: input_userauth_request: invalid user user [preauth]
Oct 14 07:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 07:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: Failed password for invalid user user from 62.60.131.157 port 24879 ssh2
Oct 14 07:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20894]: pam_unix(cron:session): session closed for user root
Oct 14 07:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: Failed password for invalid user user from 62.60.131.157 port 24879 ssh2
Oct 14 07:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: Failed password for invalid user user from 62.60.131.157 port 24879 ssh2
Oct 14 07:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: Failed password for invalid user user from 62.60.131.157 port 24879 ssh2
Oct 14 07:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24666]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: Failed password for invalid user user from 62.60.131.157 port 24879 ssh2
Oct 14 07:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: Received disconnect from 62.60.131.157 port 24879:11: Bye [preauth]
Oct 14 07:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: Disconnected from 62.60.131.157 port 24879 [preauth]
Oct 14 07:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 07:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 07:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23295]: pam_unix(cron:session): session closed for user root
Oct 14 07:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: Invalid user elastic from 196.251.84.92
Oct 14 07:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: input_userauth_request: invalid user elastic [preauth]
Oct 14 07:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: Failed password for invalid user elastic from 196.251.84.92 port 60260 ssh2
Oct 14 07:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: Connection closed by 196.251.84.92 port 60260 [preauth]
Oct 14 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25173]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25172]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25170]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25261]: Successful su for rubyman by root
Oct 14 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25261]: + ??? root:rubyman
Oct 14 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409914 of user rubyman.
Oct 14 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25261]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409914.
Oct 14 07:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21417]: pam_unix(cron:session): session closed for user root
Oct 14 07:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25171]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204  user=root
Oct 14 07:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: Failed password for root from 79.116.71.204 port 51540 ssh2
Oct 14 07:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: Received disconnect from 79.116.71.204 port 51540:11: Bye Bye [preauth]
Oct 14 07:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: Disconnected from 79.116.71.204 port 51540 [preauth]
Oct 14 07:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29  user=root
Oct 14 07:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25761]: Invalid user frappe from 217.154.38.181
Oct 14 07:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25761]: input_userauth_request: invalid user frappe [preauth]
Oct 14 07:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25761]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25757]: Failed password for root from 101.36.116.29 port 46162 ssh2
Oct 14 07:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25757]: Received disconnect from 101.36.116.29 port 46162:11: Bye Bye [preauth]
Oct 14 07:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25757]: Disconnected from 101.36.116.29 port 46162 [preauth]
Oct 14 07:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24141]: pam_unix(cron:session): session closed for user root
Oct 14 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25761]: Failed password for invalid user frappe from 217.154.38.181 port 48670 ssh2
Oct 14 07:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25761]: Received disconnect from 217.154.38.181 port 48670:11: Bye Bye [preauth]
Oct 14 07:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25761]: Disconnected from 217.154.38.181 port 48670 [preauth]
Oct 14 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25968]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25966]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25962]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25969]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25969]: pam_unix(cron:session): session closed for user root
Oct 14 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25960]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26051]: Successful su for rubyman by root
Oct 14 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26051]: + ??? root:rubyman
Oct 14 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409919 of user rubyman.
Oct 14 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26051]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409919.
Oct 14 07:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25962]: pam_unix(cron:session): session closed for user root
Oct 14 07:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21910]: pam_unix(cron:session): session closed for user root
Oct 14 07:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25961]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26321]: Invalid user mukund from 138.204.127.54
Oct 14 07:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26321]: input_userauth_request: invalid user mukund [preauth]
Oct 14 07:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26321]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 07:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: Invalid user test from 196.251.84.140
Oct 14 07:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: input_userauth_request: invalid user test [preauth]
Oct 14 07:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 07:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: Invalid user elastic from 196.251.84.92
Oct 14 07:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: input_userauth_request: invalid user elastic [preauth]
Oct 14 07:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26321]: Failed password for invalid user mukund from 138.204.127.54 port 52686 ssh2
Oct 14 07:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26321]: Received disconnect from 138.204.127.54 port 52686:11: Bye Bye [preauth]
Oct 14 07:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26321]: Disconnected from 138.204.127.54 port 52686 [preauth]
Oct 14 07:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: Failed password for invalid user test from 196.251.84.140 port 39474 ssh2
Oct 14 07:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: Failed password for invalid user elastic from 196.251.84.92 port 46790 ssh2
Oct 14 07:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: Connection closed by 196.251.84.92 port 46790 [preauth]
Oct 14 07:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: Connection closed by 196.251.84.140 port 39474 [preauth]
Oct 14 07:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24668]: pam_unix(cron:session): session closed for user root
Oct 14 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26569]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26568]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26565]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26651]: Successful su for rubyman by root
Oct 14 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26651]: + ??? root:rubyman
Oct 14 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409924 of user rubyman.
Oct 14 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26651]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409924.
Oct 14 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204  user=root
Oct 14 07:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26638]: Failed password for root from 79.116.71.204 port 59334 ssh2
Oct 14 07:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26638]: Received disconnect from 79.116.71.204 port 59334:11: Bye Bye [preauth]
Oct 14 07:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26638]: Disconnected from 79.116.71.204 port 59334 [preauth]
Oct 14 07:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22416]: pam_unix(cron:session): session closed for user root
Oct 14 07:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26566]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Invalid user mohammad from 217.154.38.181
Oct 14 07:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: input_userauth_request: invalid user mohammad [preauth]
Oct 14 07:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Failed password for invalid user mohammad from 217.154.38.181 port 33522 ssh2
Oct 14 07:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Received disconnect from 217.154.38.181 port 33522:11: Bye Bye [preauth]
Oct 14 07:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Disconnected from 217.154.38.181 port 33522 [preauth]
Oct 14 07:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25173]: pam_unix(cron:session): session closed for user root
Oct 14 07:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: Invalid user elastic from 196.251.84.92
Oct 14 07:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: input_userauth_request: invalid user elastic [preauth]
Oct 14 07:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: Invalid user debian from 101.36.116.29
Oct 14 07:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: input_userauth_request: invalid user debian [preauth]
Oct 14 07:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 07:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: Failed password for invalid user debian from 101.36.116.29 port 44970 ssh2
Oct 14 07:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: Failed password for invalid user elastic from 196.251.84.92 port 33306 ssh2
Oct 14 07:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: Received disconnect from 101.36.116.29 port 44970:11: Bye Bye [preauth]
Oct 14 07:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: Disconnected from 101.36.116.29 port 44970 [preauth]
Oct 14 07:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: Connection closed by 196.251.84.92 port 33306 [preauth]
Oct 14 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27285]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27284]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27282]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27359]: Successful su for rubyman by root
Oct 14 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27359]: + ??? root:rubyman
Oct 14 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409928 of user rubyman.
Oct 14 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27359]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409928.
Oct 14 07:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23294]: pam_unix(cron:session): session closed for user root
Oct 14 07:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27283]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: Invalid user gino from 79.116.71.204
Oct 14 07:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: input_userauth_request: invalid user gino [preauth]
Oct 14 07:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: Invalid user test from 138.204.127.54
Oct 14 07:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: input_userauth_request: invalid user test [preauth]
Oct 14 07:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 07:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: Failed password for invalid user gino from 79.116.71.204 port 57974 ssh2
Oct 14 07:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: Received disconnect from 79.116.71.204 port 57974:11: Bye Bye [preauth]
Oct 14 07:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27935]: Disconnected from 79.116.71.204 port 57974 [preauth]
Oct 14 07:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: Failed password for invalid user test from 138.204.127.54 port 43533 ssh2
Oct 14 07:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: Received disconnect from 138.204.127.54 port 43533:11: Bye Bye [preauth]
Oct 14 07:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27949]: Disconnected from 138.204.127.54 port 43533 [preauth]
Oct 14 07:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25968]: pam_unix(cron:session): session closed for user root
Oct 14 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28059]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28058]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28055]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28131]: Successful su for rubyman by root
Oct 14 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28131]: + ??? root:rubyman
Oct 14 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409934 of user rubyman.
Oct 14 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28131]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409934.
Oct 14 07:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: Invalid user elastic from 196.251.84.92
Oct 14 07:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: input_userauth_request: invalid user elastic [preauth]
Oct 14 07:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24140]: pam_unix(cron:session): session closed for user root
Oct 14 07:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: Failed password for invalid user elastic from 196.251.84.92 port 48052 ssh2
Oct 14 07:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28288]: Connection closed by 196.251.84.92 port 48052 [preauth]
Oct 14 07:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28056]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28384]: Invalid user git from 217.154.38.181
Oct 14 07:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28384]: input_userauth_request: invalid user git [preauth]
Oct 14 07:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28384]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28384]: Failed password for invalid user git from 217.154.38.181 port 55730 ssh2
Oct 14 07:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28384]: Received disconnect from 217.154.38.181 port 55730:11: Bye Bye [preauth]
Oct 14 07:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28384]: Disconnected from 217.154.38.181 port 55730 [preauth]
Oct 14 07:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29  user=root
Oct 14 07:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: Failed password for root from 101.36.116.29 port 51158 ssh2
Oct 14 07:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: Received disconnect from 101.36.116.29 port 51158:11: Bye Bye [preauth]
Oct 14 07:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: Disconnected from 101.36.116.29 port 51158 [preauth]
Oct 14 07:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 07:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: Failed password for root from 80.211.129.128 port 49386 ssh2
Oct 14 07:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28405]: Connection closed by 80.211.129.128 port 49386 [preauth]
Oct 14 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26569]: pam_unix(cron:session): session closed for user root
Oct 14 07:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: Invalid user test from 196.251.84.140
Oct 14 07:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: input_userauth_request: invalid user test [preauth]
Oct 14 07:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 07:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: Failed password for invalid user test from 196.251.84.140 port 40094 ssh2
Oct 14 07:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28604]: Connection closed by 196.251.84.140 port 40094 [preauth]
Oct 14 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28784]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28785]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28782]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28865]: Successful su for rubyman by root
Oct 14 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28865]: + ??? root:rubyman
Oct 14 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409939 of user rubyman.
Oct 14 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28865]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409939.
Oct 14 07:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24667]: pam_unix(cron:session): session closed for user root
Oct 14 07:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54  user=root
Oct 14 07:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29181]: Failed password for root from 138.204.127.54 port 59868 ssh2
Oct 14 07:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29181]: Received disconnect from 138.204.127.54 port 59868:11: Bye Bye [preauth]
Oct 14 07:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29181]: Disconnected from 138.204.127.54 port 59868 [preauth]
Oct 14 07:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Invalid user copyuser from 79.116.71.204
Oct 14 07:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: input_userauth_request: invalid user copyuser [preauth]
Oct 14 07:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Failed password for invalid user copyuser from 79.116.71.204 port 58608 ssh2
Oct 14 07:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Received disconnect from 79.116.71.204 port 58608:11: Bye Bye [preauth]
Oct 14 07:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Disconnected from 79.116.71.204 port 58608 [preauth]
Oct 14 07:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28783]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Invalid user elastic from 196.251.84.92
Oct 14 07:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: input_userauth_request: invalid user elastic [preauth]
Oct 14 07:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Failed password for invalid user elastic from 196.251.84.92 port 34654 ssh2
Oct 14 07:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Connection closed by 196.251.84.92 port 34654 [preauth]
Oct 14 07:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27285]: pam_unix(cron:session): session closed for user root
Oct 14 07:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: Invalid user mukund from 101.36.116.29
Oct 14 07:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: input_userauth_request: invalid user mukund [preauth]
Oct 14 07:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: Failed password for invalid user mukund from 101.36.116.29 port 53622 ssh2
Oct 14 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: Received disconnect from 101.36.116.29 port 53622:11: Bye Bye [preauth]
Oct 14 07:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: Disconnected from 101.36.116.29 port 53622 [preauth]
Oct 14 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29398]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29395]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29396]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29393]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29397]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29398]: pam_unix(cron:session): session closed for user root
Oct 14 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29393]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29497]: Successful su for rubyman by root
Oct 14 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29497]: + ??? root:rubyman
Oct 14 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409940 of user rubyman.
Oct 14 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29497]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409940.
Oct 14 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181  user=root
Oct 14 07:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29526]: Failed password for root from 217.154.38.181 port 53204 ssh2
Oct 14 07:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29526]: Received disconnect from 217.154.38.181 port 53204:11: Bye Bye [preauth]
Oct 14 07:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29526]: Disconnected from 217.154.38.181 port 53204 [preauth]
Oct 14 07:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25172]: pam_unix(cron:session): session closed for user root
Oct 14 07:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29395]: pam_unix(cron:session): session closed for user root
Oct 14 07:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29394]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: Invalid user eric from 79.116.71.204
Oct 14 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: input_userauth_request: invalid user eric [preauth]
Oct 14 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: Failed password for invalid user eric from 79.116.71.204 port 48982 ssh2
Oct 14 07:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: Received disconnect from 79.116.71.204 port 48982:11: Bye Bye [preauth]
Oct 14 07:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29817]: Disconnected from 79.116.71.204 port 48982 [preauth]
Oct 14 07:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28059]: pam_unix(cron:session): session closed for user root
Oct 14 07:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: Invalid user nick from 138.204.127.54
Oct 14 07:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: input_userauth_request: invalid user nick [preauth]
Oct 14 07:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 07:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: Failed password for invalid user nick from 138.204.127.54 port 47981 ssh2
Oct 14 07:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: Received disconnect from 138.204.127.54 port 47981:11: Bye Bye [preauth]
Oct 14 07:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29894]: Disconnected from 138.204.127.54 port 47981 [preauth]
Oct 14 07:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: Invalid user elastic from 196.251.84.92
Oct 14 07:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: input_userauth_request: invalid user elastic [preauth]
Oct 14 07:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: Failed password for invalid user elastic from 196.251.84.92 port 49086 ssh2
Oct 14 07:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: Connection closed by 196.251.84.92 port 49086 [preauth]
Oct 14 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29941]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29946]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29939]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30041]: Successful su for rubyman by root
Oct 14 07:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30041]: + ??? root:rubyman
Oct 14 07:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409946 of user rubyman.
Oct 14 07:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30041]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409946.
Oct 14 07:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25966]: pam_unix(cron:session): session closed for user root
Oct 14 07:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29940]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29  user=root
Oct 14 07:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30374]: Failed password for root from 101.36.116.29 port 39606 ssh2
Oct 14 07:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30374]: Received disconnect from 101.36.116.29 port 39606:11: Bye Bye [preauth]
Oct 14 07:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30374]: Disconnected from 101.36.116.29 port 39606 [preauth]
Oct 14 07:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28785]: pam_unix(cron:session): session closed for user root
Oct 14 07:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: Invalid user test from 196.251.84.140
Oct 14 07:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: input_userauth_request: invalid user test [preauth]
Oct 14 07:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 07:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: Failed password for invalid user test from 196.251.84.140 port 33410 ssh2
Oct 14 07:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: Connection closed by 196.251.84.140 port 33410 [preauth]
Oct 14 07:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: Invalid user aaaa from 164.68.105.9
Oct 14 07:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: input_userauth_request: invalid user aaaa [preauth]
Oct 14 07:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 14 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30574]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30573]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30567]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181  user=root
Oct 14 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30654]: Successful su for rubyman by root
Oct 14 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30654]: + ??? root:rubyman
Oct 14 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409950 of user rubyman.
Oct 14 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30654]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409950.
Oct 14 07:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30536]: Failed password for root from 217.154.38.181 port 47956 ssh2
Oct 14 07:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30536]: Received disconnect from 217.154.38.181 port 47956:11: Bye Bye [preauth]
Oct 14 07:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30536]: Disconnected from 217.154.38.181 port 47956 [preauth]
Oct 14 07:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: Failed password for invalid user aaaa from 164.68.105.9 port 46106 ssh2
Oct 14 07:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: Connection closed by 164.68.105.9 port 46106 [preauth]
Oct 14 07:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26568]: pam_unix(cron:session): session closed for user root
Oct 14 07:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: Invalid user elastic from 196.251.84.92
Oct 14 07:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: input_userauth_request: invalid user elastic [preauth]
Oct 14 07:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: Failed password for invalid user elastic from 196.251.84.92 port 35574 ssh2
Oct 14 07:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: Connection closed by 196.251.84.92 port 35574 [preauth]
Oct 14 07:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30569]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: Invalid user kadmin from 138.204.127.54
Oct 14 07:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: input_userauth_request: invalid user kadmin [preauth]
Oct 14 07:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 07:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: Invalid user dante from 79.116.71.204
Oct 14 07:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: input_userauth_request: invalid user dante [preauth]
Oct 14 07:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: Failed password for invalid user kadmin from 138.204.127.54 port 36101 ssh2
Oct 14 07:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: Received disconnect from 138.204.127.54 port 36101:11: Bye Bye [preauth]
Oct 14 07:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: Disconnected from 138.204.127.54 port 36101 [preauth]
Oct 14 07:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: Failed password for invalid user dante from 79.116.71.204 port 34544 ssh2
Oct 14 07:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: Received disconnect from 79.116.71.204 port 34544:11: Bye Bye [preauth]
Oct 14 07:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: Disconnected from 79.116.71.204 port 34544 [preauth]
Oct 14 07:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29397]: pam_unix(cron:session): session closed for user root
Oct 14 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31048]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31046]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31044]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31135]: Successful su for rubyman by root
Oct 14 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31135]: + ??? root:rubyman
Oct 14 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31135]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409954 of user rubyman.
Oct 14 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31135]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409954.
Oct 14 07:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Invalid user kadmin from 101.36.116.29
Oct 14 07:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: input_userauth_request: invalid user kadmin [preauth]
Oct 14 07:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 07:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27284]: pam_unix(cron:session): session closed for user root
Oct 14 07:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Failed password for invalid user kadmin from 101.36.116.29 port 53370 ssh2
Oct 14 07:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Received disconnect from 101.36.116.29 port 53370:11: Bye Bye [preauth]
Oct 14 07:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Disconnected from 101.36.116.29 port 53370 [preauth]
Oct 14 07:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31045]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29946]: pam_unix(cron:session): session closed for user root
Oct 14 07:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31461]: Invalid user elastic from 196.251.84.92
Oct 14 07:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31461]: input_userauth_request: invalid user elastic [preauth]
Oct 14 07:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31461]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31461]: Failed password for invalid user elastic from 196.251.84.92 port 50034 ssh2
Oct 14 07:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31461]: Connection closed by 196.251.84.92 port 50034 [preauth]
Oct 14 07:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181  user=root
Oct 14 07:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: Invalid user khoa from 138.204.127.54
Oct 14 07:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: input_userauth_request: invalid user khoa [preauth]
Oct 14 07:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 07:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31670]: Failed password for root from 217.154.38.181 port 42340 ssh2
Oct 14 07:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31670]: Received disconnect from 217.154.38.181 port 42340:11: Bye Bye [preauth]
Oct 14 07:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31670]: Disconnected from 217.154.38.181 port 42340 [preauth]
Oct 14 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31690]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31691]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31688]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: Failed password for invalid user khoa from 138.204.127.54 port 52420 ssh2
Oct 14 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: Received disconnect from 138.204.127.54 port 52420:11: Bye Bye [preauth]
Oct 14 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31672]: Disconnected from 138.204.127.54 port 52420 [preauth]
Oct 14 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Invalid user mohammad from 79.116.71.204
Oct 14 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: input_userauth_request: invalid user mohammad [preauth]
Oct 14 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31760]: Successful su for rubyman by root
Oct 14 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31760]: + ??? root:rubyman
Oct 14 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409960 of user rubyman.
Oct 14 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31760]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409960.
Oct 14 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Failed password for invalid user mohammad from 79.116.71.204 port 40880 ssh2
Oct 14 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Received disconnect from 79.116.71.204 port 40880:11: Bye Bye [preauth]
Oct 14 07:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31684]: Disconnected from 79.116.71.204 port 40880 [preauth]
Oct 14 07:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28058]: pam_unix(cron:session): session closed for user root
Oct 14 07:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31689]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30574]: pam_unix(cron:session): session closed for user root
Oct 14 07:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29  user=root
Oct 14 07:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: Failed password for root from 101.36.116.29 port 36324 ssh2
Oct 14 07:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: Received disconnect from 101.36.116.29 port 36324:11: Bye Bye [preauth]
Oct 14 07:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: Disconnected from 101.36.116.29 port 36324 [preauth]
Oct 14 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32232]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32229]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32230]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32231]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32232]: pam_unix(cron:session): session closed for user root
Oct 14 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32227]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Invalid user elastic from 196.251.84.92
Oct 14 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: input_userauth_request: invalid user elastic [preauth]
Oct 14 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32319]: Successful su for rubyman by root
Oct 14 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32319]: + ??? root:rubyman
Oct 14 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409967 of user rubyman.
Oct 14 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32319]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409967.
Oct 14 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Failed password for invalid user elastic from 196.251.84.92 port 36140 ssh2
Oct 14 07:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32294]: Connection closed by 196.251.84.92 port 36140 [preauth]
Oct 14 07:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32224]: Invalid user test from 196.251.84.140
Oct 14 07:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32224]: input_userauth_request: invalid user test [preauth]
Oct 14 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32224]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 07:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32224]: Failed password for invalid user test from 196.251.84.140 port 57324 ssh2
Oct 14 07:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32224]: Connection closed by 196.251.84.140 port 57324 [preauth]
Oct 14 07:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32229]: pam_unix(cron:session): session closed for user root
Oct 14 07:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28784]: pam_unix(cron:session): session closed for user root
Oct 14 07:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32228]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32585]: Invalid user kafka from 79.116.71.204
Oct 14 07:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32585]: input_userauth_request: invalid user kafka [preauth]
Oct 14 07:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32585]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32585]: Failed password for invalid user kafka from 79.116.71.204 port 36810 ssh2
Oct 14 07:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32585]: Received disconnect from 79.116.71.204 port 36810:11: Bye Bye [preauth]
Oct 14 07:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32585]: Disconnected from 79.116.71.204 port 36810 [preauth]
Oct 14 07:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: Invalid user crystal from 138.204.127.54
Oct 14 07:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: input_userauth_request: invalid user crystal [preauth]
Oct 14 07:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 07:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: Failed password for invalid user crystal from 138.204.127.54 port 40491 ssh2
Oct 14 07:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: Received disconnect from 138.204.127.54 port 40491:11: Bye Bye [preauth]
Oct 14 07:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32601]: Disconnected from 138.204.127.54 port 40491 [preauth]
Oct 14 07:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31048]: pam_unix(cron:session): session closed for user root
Oct 14 07:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Invalid user eric from 217.154.38.181
Oct 14 07:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: input_userauth_request: invalid user eric [preauth]
Oct 14 07:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Failed password for invalid user eric from 217.154.38.181 port 51028 ssh2
Oct 14 07:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Received disconnect from 217.154.38.181 port 51028:11: Bye Bye [preauth]
Oct 14 07:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Disconnected from 217.154.38.181 port 51028 [preauth]
Oct 14 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32727]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32732]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32725]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[348]: Successful su for rubyman by root
Oct 14 07:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[348]: + ??? root:rubyman
Oct 14 07:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409968 of user rubyman.
Oct 14 07:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[348]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409968.
Oct 14 07:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29396]: pam_unix(cron:session): session closed for user root
Oct 14 07:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32726]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Invalid user elastic from 196.251.84.92
Oct 14 07:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: input_userauth_request: invalid user elastic [preauth]
Oct 14 07:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Failed password for invalid user elastic from 196.251.84.92 port 50468 ssh2
Oct 14 07:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Connection closed by 196.251.84.92 port 50468 [preauth]
Oct 14 07:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29  user=root
Oct 14 07:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: Failed password for root from 101.36.116.29 port 54328 ssh2
Oct 14 07:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: Received disconnect from 101.36.116.29 port 54328:11: Bye Bye [preauth]
Oct 14 07:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: Disconnected from 101.36.116.29 port 54328 [preauth]
Oct 14 07:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31691]: pam_unix(cron:session): session closed for user root
Oct 14 07:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: Invalid user saman from 79.116.71.204
Oct 14 07:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: input_userauth_request: invalid user saman [preauth]
Oct 14 07:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: Failed password for invalid user saman from 79.116.71.204 port 53766 ssh2
Oct 14 07:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: Received disconnect from 79.116.71.204 port 53766:11: Bye Bye [preauth]
Oct 14 07:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: Disconnected from 79.116.71.204 port 53766 [preauth]
Oct 14 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[744]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[743]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[746]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[742]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[742]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[735]: Invalid user eoffice from 138.204.127.54
Oct 14 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[735]: input_userauth_request: invalid user eoffice [preauth]
Oct 14 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[735]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[849]: Successful su for rubyman by root
Oct 14 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[849]: + ??? root:rubyman
Oct 14 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409972 of user rubyman.
Oct 14 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[849]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409972.
Oct 14 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[735]: Failed password for invalid user eoffice from 138.204.127.54 port 56802 ssh2
Oct 14 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[735]: Received disconnect from 138.204.127.54 port 56802:11: Bye Bye [preauth]
Oct 14 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[735]: Disconnected from 138.204.127.54 port 56802 [preauth]
Oct 14 07:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29941]: pam_unix(cron:session): session closed for user root
Oct 14 07:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[743]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181  user=root
Oct 14 07:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1228]: Failed password for root from 217.154.38.181 port 56684 ssh2
Oct 14 07:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32231]: pam_unix(cron:session): session closed for user root
Oct 14 07:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1228]: Received disconnect from 217.154.38.181 port 56684:11: Bye Bye [preauth]
Oct 14 07:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1228]: Disconnected from 217.154.38.181 port 56684 [preauth]
Oct 14 07:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: Invalid user elastic from 196.251.84.92
Oct 14 07:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: input_userauth_request: invalid user elastic [preauth]
Oct 14 07:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: Failed password for invalid user elastic from 196.251.84.92 port 36500 ssh2
Oct 14 07:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: Connection closed by 196.251.84.92 port 36500 [preauth]
Oct 14 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1310]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1313]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1308]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1392]: Successful su for rubyman by root
Oct 14 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1392]: + ??? root:rubyman
Oct 14 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409977 of user rubyman.
Oct 14 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1392]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409977.
Oct 14 07:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30573]: pam_unix(cron:session): session closed for user root
Oct 14 07:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1309]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Invalid user test from 196.251.84.140
Oct 14 07:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: input_userauth_request: invalid user test [preauth]
Oct 14 07:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: Invalid user aaaa from 101.36.116.29
Oct 14 07:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: input_userauth_request: invalid user aaaa [preauth]
Oct 14 07:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 07:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 07:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: Failed password for invalid user aaaa from 101.36.116.29 port 47820 ssh2
Oct 14 07:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: Received disconnect from 101.36.116.29 port 47820:11: Bye Bye [preauth]
Oct 14 07:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: Disconnected from 101.36.116.29 port 47820 [preauth]
Oct 14 07:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Failed password for invalid user test from 196.251.84.140 port 51942 ssh2
Oct 14 07:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Connection closed by 196.251.84.140 port 51942 [preauth]
Oct 14 07:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204  user=root
Oct 14 07:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1681]: Failed password for root from 79.116.71.204 port 36036 ssh2
Oct 14 07:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1681]: Received disconnect from 79.116.71.204 port 36036:11: Bye Bye [preauth]
Oct 14 07:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1681]: Disconnected from 79.116.71.204 port 36036 [preauth]
Oct 14 07:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54  user=root
Oct 14 07:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32732]: pam_unix(cron:session): session closed for user root
Oct 14 07:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1742]: Failed password for root from 138.204.127.54 port 44893 ssh2
Oct 14 07:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1742]: Received disconnect from 138.204.127.54 port 44893:11: Bye Bye [preauth]
Oct 14 07:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1742]: Disconnected from 138.204.127.54 port 44893 [preauth]
Oct 14 07:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: Invalid user hadoop from 193.32.162.151
Oct 14 07:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 07:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 14 07:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: Failed password for invalid user hadoop from 193.32.162.151 port 59464 ssh2
Oct 14 07:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: Connection closed by 193.32.162.151 port 59464 [preauth]
Oct 14 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1831]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1832]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1827]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1829]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2112]: Successful su for rubyman by root
Oct 14 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2112]: + ??? root:rubyman
Oct 14 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409984 of user rubyman.
Oct 14 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2112]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409984.
Oct 14 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1827]: pam_unix(cron:session): session closed for user root
Oct 14 07:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: Invalid user elasticsearch from 196.251.84.92
Oct 14 07:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: input_userauth_request: invalid user elasticsearch [preauth]
Oct 14 07:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31046]: pam_unix(cron:session): session closed for user root
Oct 14 07:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: Failed password for invalid user elasticsearch from 196.251.84.92 port 50690 ssh2
Oct 14 07:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: Connection closed by 196.251.84.92 port 50690 [preauth]
Oct 14 07:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1830]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: Invalid user wlantest from 46.101.170.54
Oct 14 07:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: input_userauth_request: invalid user wlantest [preauth]
Oct 14 07:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Oct 14 07:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: Failed password for invalid user wlantest from 46.101.170.54 port 41138 ssh2
Oct 14 07:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: Connection closed by 46.101.170.54 port 41138 [preauth]
Oct 14 07:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Invalid user mailtest from 217.154.38.181
Oct 14 07:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: input_userauth_request: invalid user mailtest [preauth]
Oct 14 07:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Failed password for invalid user mailtest from 217.154.38.181 port 60808 ssh2
Oct 14 07:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Received disconnect from 217.154.38.181 port 60808:11: Bye Bye [preauth]
Oct 14 07:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Disconnected from 217.154.38.181 port 60808 [preauth]
Oct 14 07:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[746]: pam_unix(cron:session): session closed for user root
Oct 14 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2509]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2512]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2510]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2511]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2512]: pam_unix(cron:session): session closed for user root
Oct 14 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2507]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[2591]: Successful su for rubyman by root
Oct 14 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[2591]: + ??? root:rubyman
Oct 14 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[2591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409985 of user rubyman.
Oct 14 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[2591]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409985.
Oct 14 07:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2509]: pam_unix(cron:session): session closed for user root
Oct 14 07:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29  user=root
Oct 14 07:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31690]: pam_unix(cron:session): session closed for user root
Oct 14 07:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2724]: Failed password for root from 101.36.116.29 port 60656 ssh2
Oct 14 07:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2724]: Received disconnect from 101.36.116.29 port 60656:11: Bye Bye [preauth]
Oct 14 07:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2724]: Disconnected from 101.36.116.29 port 60656 [preauth]
Oct 14 07:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: Invalid user qiyuesuo from 79.116.71.204
Oct 14 07:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: input_userauth_request: invalid user qiyuesuo [preauth]
Oct 14 07:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: Failed password for invalid user qiyuesuo from 79.116.71.204 port 37634 ssh2
Oct 14 07:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: Received disconnect from 79.116.71.204 port 37634:11: Bye Bye [preauth]
Oct 14 07:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: Disconnected from 79.116.71.204 port 37634 [preauth]
Oct 14 07:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2817]: Invalid user marian from 138.204.127.54
Oct 14 07:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2817]: input_userauth_request: invalid user marian [preauth]
Oct 14 07:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2817]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 07:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2817]: Failed password for invalid user marian from 138.204.127.54 port 32975 ssh2
Oct 14 07:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2817]: Received disconnect from 138.204.127.54 port 32975:11: Bye Bye [preauth]
Oct 14 07:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2817]: Disconnected from 138.204.127.54 port 32975 [preauth]
Oct 14 07:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2508]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: Invalid user elasticsearch from 196.251.84.92
Oct 14 07:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: input_userauth_request: invalid user elasticsearch [preauth]
Oct 14 07:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: Failed password for invalid user elasticsearch from 196.251.84.92 port 36544 ssh2
Oct 14 07:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: Connection closed by 196.251.84.92 port 36544 [preauth]
Oct 14 07:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1313]: pam_unix(cron:session): session closed for user root
Oct 14 07:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: Invalid user user from 49.229.72.68
Oct 14 07:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: input_userauth_request: invalid user user [preauth]
Oct 14 07:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.229.72.68
Oct 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: Failed password for invalid user user from 49.229.72.68 port 37872 ssh2
Oct 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2992]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2993]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: Received disconnect from 49.229.72.68 port 37872:11: Bye Bye [preauth]
Oct 14 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: Disconnected from 49.229.72.68 port 37872 [preauth]
Oct 14 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3075]: Successful su for rubyman by root
Oct 14 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3075]: + ??? root:rubyman
Oct 14 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409991 of user rubyman.
Oct 14 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3075]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409991.
Oct 14 07:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32230]: pam_unix(cron:session): session closed for user root
Oct 14 07:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2991]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181  user=root
Oct 14 07:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Failed password for root from 217.154.38.181 port 50720 ssh2
Oct 14 07:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Received disconnect from 217.154.38.181 port 50720:11: Bye Bye [preauth]
Oct 14 07:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3290]: Disconnected from 217.154.38.181 port 50720 [preauth]
Oct 14 07:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: Invalid user test from 196.251.84.140
Oct 14 07:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: input_userauth_request: invalid user test [preauth]
Oct 14 07:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 07:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: Failed password for invalid user test from 196.251.84.140 port 52544 ssh2
Oct 14 07:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: Connection closed by 196.251.84.140 port 52544 [preauth]
Oct 14 07:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1832]: pam_unix(cron:session): session closed for user root
Oct 14 07:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3404]: Invalid user ftpuser2 from 79.116.71.204
Oct 14 07:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3404]: input_userauth_request: invalid user ftpuser2 [preauth]
Oct 14 07:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3404]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3404]: Failed password for invalid user ftpuser2 from 79.116.71.204 port 33794 ssh2
Oct 14 07:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3404]: Received disconnect from 79.116.71.204 port 33794:11: Bye Bye [preauth]
Oct 14 07:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3404]: Disconnected from 79.116.71.204 port 33794 [preauth]
Oct 14 07:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3433]: Invalid user es from 196.251.84.92
Oct 14 07:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3433]: input_userauth_request: invalid user es [preauth]
Oct 14 07:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3433]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3433]: Failed password for invalid user es from 196.251.84.92 port 50596 ssh2
Oct 14 07:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3433]: Connection closed by 196.251.84.92 port 50596 [preauth]
Oct 14 07:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3454]: Invalid user prod from 138.204.127.54
Oct 14 07:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3454]: input_userauth_request: invalid user prod [preauth]
Oct 14 07:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3454]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 07:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3454]: Failed password for invalid user prod from 138.204.127.54 port 49322 ssh2
Oct 14 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29  user=root
Oct 14 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3454]: Received disconnect from 138.204.127.54 port 49322:11: Bye Bye [preauth]
Oct 14 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3454]: Disconnected from 138.204.127.54 port 49322 [preauth]
Oct 14 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3473]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3471]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3475]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3470]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3470]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3546]: Successful su for rubyman by root
Oct 14 07:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3546]: + ??? root:rubyman
Oct 14 07:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 409995 of user rubyman.
Oct 14 07:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3546]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 409995.
Oct 14 07:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3464]: Failed password for root from 101.36.116.29 port 42788 ssh2
Oct 14 07:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3464]: Received disconnect from 101.36.116.29 port 42788:11: Bye Bye [preauth]
Oct 14 07:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3464]: Disconnected from 101.36.116.29 port 42788 [preauth]
Oct 14 07:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32727]: pam_unix(cron:session): session closed for user root
Oct 14 07:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Invalid user debian from 137.184.72.181
Oct 14 07:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: input_userauth_request: invalid user debian [preauth]
Oct 14 07:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 07:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3471]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Failed password for invalid user debian from 137.184.72.181 port 48046 ssh2
Oct 14 07:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Received disconnect from 137.184.72.181 port 48046:11: Bye Bye [preauth]
Oct 14 07:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Disconnected from 137.184.72.181 port 48046 [preauth]
Oct 14 07:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2511]: pam_unix(cron:session): session closed for user root
Oct 14 07:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: Invalid user ubuntu from 104.223.122.114
Oct 14 07:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 07:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 07:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: Failed password for invalid user ubuntu from 104.223.122.114 port 45764 ssh2
Oct 14 07:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: Received disconnect from 104.223.122.114 port 45764:11: Bye Bye [preauth]
Oct 14 07:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: Disconnected from 104.223.122.114 port 45764 [preauth]
Oct 14 07:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: Invalid user ftpuser from 217.154.38.181
Oct 14 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3927]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3928]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3923]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3996]: Successful su for rubyman by root
Oct 14 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3996]: + ??? root:rubyman
Oct 14 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410001 of user rubyman.
Oct 14 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3996]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410001.
Oct 14 07:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: Failed password for invalid user ftpuser from 217.154.38.181 port 43768 ssh2
Oct 14 07:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: Received disconnect from 217.154.38.181 port 43768:11: Bye Bye [preauth]
Oct 14 07:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: Disconnected from 217.154.38.181 port 43768 [preauth]
Oct 14 07:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4072]: Invalid user canal from 79.116.71.204
Oct 14 07:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4072]: input_userauth_request: invalid user canal [preauth]
Oct 14 07:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4072]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204
Oct 14 07:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4072]: Failed password for invalid user canal from 79.116.71.204 port 47698 ssh2
Oct 14 07:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4072]: Received disconnect from 79.116.71.204 port 47698:11: Bye Bye [preauth]
Oct 14 07:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4072]: Disconnected from 79.116.71.204 port 47698 [preauth]
Oct 14 07:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: Invalid user es from 196.251.84.92
Oct 14 07:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: input_userauth_request: invalid user es [preauth]
Oct 14 07:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[744]: pam_unix(cron:session): session closed for user root
Oct 14 07:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: Failed password for invalid user es from 196.251.84.92 port 36456 ssh2
Oct 14 07:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: Connection closed by 196.251.84.92 port 36456 [preauth]
Oct 14 07:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: Invalid user odoo17 from 102.68.84.2
Oct 14 07:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: input_userauth_request: invalid user odoo17 [preauth]
Oct 14 07:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 07:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: Failed password for invalid user odoo17 from 102.68.84.2 port 36534 ssh2
Oct 14 07:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: Received disconnect from 102.68.84.2 port 36534:11: Bye Bye [preauth]
Oct 14 07:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: Disconnected from 102.68.84.2 port 36534 [preauth]
Oct 14 07:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3926]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4345]: Invalid user vinay from 138.204.127.54
Oct 14 07:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4345]: input_userauth_request: invalid user vinay [preauth]
Oct 14 07:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4345]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 07:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4345]: Failed password for invalid user vinay from 138.204.127.54 port 37480 ssh2
Oct 14 07:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4345]: Received disconnect from 138.204.127.54 port 37480:11: Bye Bye [preauth]
Oct 14 07:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4345]: Disconnected from 138.204.127.54 port 37480 [preauth]
Oct 14 07:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2993]: pam_unix(cron:session): session closed for user root
Oct 14 07:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: Invalid user eoffice from 101.36.116.29
Oct 14 07:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: input_userauth_request: invalid user eoffice [preauth]
Oct 14 07:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 07:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: Failed password for invalid user eoffice from 101.36.116.29 port 52178 ssh2
Oct 14 07:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: Received disconnect from 101.36.116.29 port 52178:11: Bye Bye [preauth]
Oct 14 07:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4407]: Disconnected from 101.36.116.29 port 52178 [preauth]
Oct 14 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4436]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4438]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4431]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4431]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4506]: Successful su for rubyman by root
Oct 14 07:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4506]: + ??? root:rubyman
Oct 14 07:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410003 of user rubyman.
Oct 14 07:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4506]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410003.
Oct 14 07:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1310]: pam_unix(cron:session): session closed for user root
Oct 14 07:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4433]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4826]: Invalid user es from 196.251.84.92
Oct 14 07:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4826]: input_userauth_request: invalid user es [preauth]
Oct 14 07:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4826]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4826]: Failed password for invalid user es from 196.251.84.92 port 50184 ssh2
Oct 14 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4826]: Connection closed by 196.251.84.92 port 50184 [preauth]
Oct 14 07:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: Invalid user test from 196.251.84.140
Oct 14 07:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: input_userauth_request: invalid user test [preauth]
Oct 14 07:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.116.71.204  user=root
Oct 14 07:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3475]: pam_unix(cron:session): session closed for user root
Oct 14 07:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 07:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4862]: Failed password for root from 79.116.71.204 port 40000 ssh2
Oct 14 07:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4862]: Received disconnect from 79.116.71.204 port 40000:11: Bye Bye [preauth]
Oct 14 07:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4862]: Disconnected from 79.116.71.204 port 40000 [preauth]
Oct 14 07:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: Failed password for invalid user test from 196.251.84.140 port 43116 ssh2
Oct 14 07:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: Connection closed by 196.251.84.140 port 43116 [preauth]
Oct 14 07:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5035]: Invalid user devel from 217.154.38.181
Oct 14 07:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5035]: input_userauth_request: invalid user devel [preauth]
Oct 14 07:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5035]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5035]: Failed password for invalid user devel from 217.154.38.181 port 59476 ssh2
Oct 14 07:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5035]: Received disconnect from 217.154.38.181 port 59476:11: Bye Bye [preauth]
Oct 14 07:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5035]: Disconnected from 217.154.38.181 port 59476 [preauth]
Oct 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5150]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5146]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5151]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5133]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5151]: pam_unix(cron:session): session closed for user root
Oct 14 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5120]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5511]: Successful su for rubyman by root
Oct 14 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5511]: + ??? root:rubyman
Oct 14 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410010 of user rubyman.
Oct 14 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5511]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410010.
Oct 14 07:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5133]: pam_unix(cron:session): session closed for user root
Oct 14 07:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1831]: pam_unix(cron:session): session closed for user root
Oct 14 07:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54  user=root
Oct 14 07:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5127]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5803]: Invalid user radio from 137.184.72.181
Oct 14 07:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5803]: input_userauth_request: invalid user radio [preauth]
Oct 14 07:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5803]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 07:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Failed password for root from 138.204.127.54 port 53839 ssh2
Oct 14 07:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Received disconnect from 138.204.127.54 port 53839:11: Bye Bye [preauth]
Oct 14 07:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Disconnected from 138.204.127.54 port 53839 [preauth]
Oct 14 07:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5803]: Failed password for invalid user radio from 137.184.72.181 port 57406 ssh2
Oct 14 07:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5803]: Received disconnect from 137.184.72.181 port 57406:11: Bye Bye [preauth]
Oct 14 07:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5803]: Disconnected from 137.184.72.181 port 57406 [preauth]
Oct 14 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5850]: Invalid user dummy from 104.223.122.114
Oct 14 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5850]: input_userauth_request: invalid user dummy [preauth]
Oct 14 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5850]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 07:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5850]: Failed password for invalid user dummy from 104.223.122.114 port 37772 ssh2
Oct 14 07:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5850]: Received disconnect from 104.223.122.114 port 37772:11: Bye Bye [preauth]
Oct 14 07:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5850]: Disconnected from 104.223.122.114 port 37772 [preauth]
Oct 14 07:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3928]: pam_unix(cron:session): session closed for user root
Oct 14 07:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5900]: Invalid user test from 101.36.116.29
Oct 14 07:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5900]: input_userauth_request: invalid user test [preauth]
Oct 14 07:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5900]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 07:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: Invalid user oracle from 193.32.162.151
Oct 14 07:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: input_userauth_request: invalid user oracle [preauth]
Oct 14 07:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 14 07:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5900]: Failed password for invalid user test from 101.36.116.29 port 57600 ssh2
Oct 14 07:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5900]: Received disconnect from 101.36.116.29 port 57600:11: Bye Bye [preauth]
Oct 14 07:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5900]: Disconnected from 101.36.116.29 port 57600 [preauth]
Oct 14 07:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: Failed password for invalid user oracle from 193.32.162.151 port 50690 ssh2
Oct 14 07:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: Connection closed by 193.32.162.151 port 50690 [preauth]
Oct 14 07:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Invalid user es from 196.251.84.92
Oct 14 07:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: input_userauth_request: invalid user es [preauth]
Oct 14 07:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Failed password for invalid user es from 196.251.84.92 port 35646 ssh2
Oct 14 07:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5949]: Connection closed by 196.251.84.92 port 35646 [preauth]
Oct 14 07:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: Invalid user test01 from 102.68.84.2
Oct 14 07:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: input_userauth_request: invalid user test01 [preauth]
Oct 14 07:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 07:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: Failed password for invalid user test01 from 102.68.84.2 port 37312 ssh2
Oct 14 07:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: Received disconnect from 102.68.84.2 port 37312:11: Bye Bye [preauth]
Oct 14 07:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: Disconnected from 102.68.84.2 port 37312 [preauth]
Oct 14 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5964]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5966]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5962]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6038]: Successful su for rubyman by root
Oct 14 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6038]: + ??? root:rubyman
Oct 14 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410016 of user rubyman.
Oct 14 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6038]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410016.
Oct 14 07:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2510]: pam_unix(cron:session): session closed for user root
Oct 14 07:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5963]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4438]: pam_unix(cron:session): session closed for user root
Oct 14 07:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6357]: Invalid user ftptest from 137.184.72.181
Oct 14 07:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6357]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 07:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6357]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 07:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Invalid user gino from 217.154.38.181
Oct 14 07:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: input_userauth_request: invalid user gino [preauth]
Oct 14 07:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6357]: Failed password for invalid user ftptest from 137.184.72.181 port 57662 ssh2
Oct 14 07:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6357]: Received disconnect from 137.184.72.181 port 57662:11: Bye Bye [preauth]
Oct 14 07:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6357]: Disconnected from 137.184.72.181 port 57662 [preauth]
Oct 14 07:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Failed password for invalid user gino from 217.154.38.181 port 60966 ssh2
Oct 14 07:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Received disconnect from 217.154.38.181 port 60966:11: Bye Bye [preauth]
Oct 14 07:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Disconnected from 217.154.38.181 port 60966 [preauth]
Oct 14 07:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54  user=root
Oct 14 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: Failed password for root from 138.204.127.54 port 41962 ssh2
Oct 14 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: Received disconnect from 138.204.127.54 port 41962:11: Bye Bye [preauth]
Oct 14 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6402]: Disconnected from 138.204.127.54 port 41962 [preauth]
Oct 14 07:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Invalid user proxyuser from 104.223.122.114
Oct 14 07:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: input_userauth_request: invalid user proxyuser [preauth]
Oct 14 07:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Failed password for invalid user proxyuser from 104.223.122.114 port 42338 ssh2
Oct 14 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Received disconnect from 104.223.122.114 port 42338:11: Bye Bye [preauth]
Oct 14 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Disconnected from 104.223.122.114 port 42338 [preauth]
Oct 14 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6420]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6417]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6422]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6416]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6416]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6495]: Successful su for rubyman by root
Oct 14 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6495]: + ??? root:rubyman
Oct 14 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410019 of user rubyman.
Oct 14 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6495]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410019.
Oct 14 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2992]: pam_unix(cron:session): session closed for user root
Oct 14 07:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Invalid user es from 196.251.84.92
Oct 14 07:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: input_userauth_request: invalid user es [preauth]
Oct 14 07:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Failed password for invalid user es from 196.251.84.92 port 49366 ssh2
Oct 14 07:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Connection closed by 196.251.84.92 port 49366 [preauth]
Oct 14 07:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6417]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Invalid user ftpuser from 101.36.116.29
Oct 14 07:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 07:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 07:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Failed password for invalid user ftpuser from 101.36.116.29 port 36844 ssh2
Oct 14 07:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Received disconnect from 101.36.116.29 port 36844:11: Bye Bye [preauth]
Oct 14 07:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Disconnected from 101.36.116.29 port 36844 [preauth]
Oct 14 07:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5150]: pam_unix(cron:session): session closed for user root
Oct 14 07:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: Invalid user dummy from 102.68.84.2
Oct 14 07:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: input_userauth_request: invalid user dummy [preauth]
Oct 14 07:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 07:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: Failed password for invalid user dummy from 102.68.84.2 port 37240 ssh2
Oct 14 07:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: Received disconnect from 102.68.84.2 port 37240:11: Bye Bye [preauth]
Oct 14 07:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6910]: Disconnected from 102.68.84.2 port 37240 [preauth]
Oct 14 07:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: Invalid user test from 196.251.84.140
Oct 14 07:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: input_userauth_request: invalid user test [preauth]
Oct 14 07:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 07:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: Failed password for invalid user test from 196.251.84.140 port 41340 ssh2
Oct 14 07:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: Connection closed by 196.251.84.140 port 41340 [preauth]
Oct 14 07:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Invalid user steam from 137.184.72.181
Oct 14 07:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: input_userauth_request: invalid user steam [preauth]
Oct 14 07:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Failed password for invalid user steam from 137.184.72.181 port 37596 ssh2
Oct 14 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Received disconnect from 137.184.72.181 port 37596:11: Bye Bye [preauth]
Oct 14 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6971]: Disconnected from 137.184.72.181 port 37596 [preauth]
Oct 14 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6984]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6979]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6977]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7056]: Successful su for rubyman by root
Oct 14 07:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7056]: + ??? root:rubyman
Oct 14 07:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410022 of user rubyman.
Oct 14 07:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7056]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410022.
Oct 14 07:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3473]: pam_unix(cron:session): session closed for user root
Oct 14 07:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 07:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7309]: Failed password for root from 80.211.129.128 port 35510 ssh2
Oct 14 07:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7309]: Connection closed by 80.211.129.128 port 35510 [preauth]
Oct 14 07:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6978]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: Invalid user test1 from 104.223.122.114
Oct 14 07:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: input_userauth_request: invalid user test1 [preauth]
Oct 14 07:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 07:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: Failed password for invalid user test1 from 104.223.122.114 port 46908 ssh2
Oct 14 07:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: Received disconnect from 104.223.122.114 port 46908:11: Bye Bye [preauth]
Oct 14 07:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: Disconnected from 104.223.122.114 port 46908 [preauth]
Oct 14 07:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181  user=root
Oct 14 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54  user=root
Oct 14 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: Failed password for root from 217.154.38.181 port 59738 ssh2
Oct 14 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: Received disconnect from 217.154.38.181 port 59738:11: Bye Bye [preauth]
Oct 14 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: Disconnected from 217.154.38.181 port 59738 [preauth]
Oct 14 07:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7454]: Failed password for root from 138.204.127.54 port 58305 ssh2
Oct 14 07:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7454]: Received disconnect from 138.204.127.54 port 58305:11: Bye Bye [preauth]
Oct 14 07:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7454]: Disconnected from 138.204.127.54 port 58305 [preauth]
Oct 14 07:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: Invalid user es from 196.251.84.92
Oct 14 07:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: input_userauth_request: invalid user es [preauth]
Oct 14 07:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: Failed password for invalid user es from 196.251.84.92 port 34860 ssh2
Oct 14 07:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7457]: Connection closed by 196.251.84.92 port 34860 [preauth]
Oct 14 07:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5966]: pam_unix(cron:session): session closed for user root
Oct 14 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7551]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7552]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7547]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7620]: Successful su for rubyman by root
Oct 14 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7620]: + ??? root:rubyman
Oct 14 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410027 of user rubyman.
Oct 14 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7620]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410027.
Oct 14 07:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3927]: pam_unix(cron:session): session closed for user root
Oct 14 07:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Invalid user alex from 137.184.72.181
Oct 14 07:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: input_userauth_request: invalid user alex [preauth]
Oct 14 07:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 07:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Failed password for invalid user alex from 137.184.72.181 port 41048 ssh2
Oct 14 07:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Received disconnect from 137.184.72.181 port 41048:11: Bye Bye [preauth]
Oct 14 07:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Disconnected from 137.184.72.181 port 41048 [preauth]
Oct 14 07:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29  user=root
Oct 14 07:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: Failed password for root from 101.36.116.29 port 49628 ssh2
Oct 14 07:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: Received disconnect from 101.36.116.29 port 49628:11: Bye Bye [preauth]
Oct 14 07:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: Disconnected from 101.36.116.29 port 49628 [preauth]
Oct 14 07:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7550]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7862]: Invalid user git from 102.68.84.2
Oct 14 07:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7862]: input_userauth_request: invalid user git [preauth]
Oct 14 07:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7862]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 07:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7862]: Failed password for invalid user git from 102.68.84.2 port 38222 ssh2
Oct 14 07:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7862]: Received disconnect from 102.68.84.2 port 38222:11: Bye Bye [preauth]
Oct 14 07:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7862]: Disconnected from 102.68.84.2 port 38222 [preauth]
Oct 14 07:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Invalid user debian from 104.223.122.114
Oct 14 07:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: input_userauth_request: invalid user debian [preauth]
Oct 14 07:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 07:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: Invalid user ansible from 186.96.145.241
Oct 14 07:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: input_userauth_request: invalid user ansible [preauth]
Oct 14 07:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 14 07:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: Failed password for invalid user ansible from 186.96.145.241 port 37250 ssh2
Oct 14 07:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: Connection closed by 186.96.145.241 port 37250 [preauth]
Oct 14 07:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Failed password for invalid user debian from 104.223.122.114 port 51472 ssh2
Oct 14 07:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Received disconnect from 104.223.122.114 port 51472:11: Bye Bye [preauth]
Oct 14 07:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Disconnected from 104.223.122.114 port 51472 [preauth]
Oct 14 07:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6422]: pam_unix(cron:session): session closed for user root
Oct 14 07:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: Invalid user es from 196.251.84.92
Oct 14 07:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: input_userauth_request: invalid user es [preauth]
Oct 14 07:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: Failed password for invalid user es from 196.251.84.92 port 48526 ssh2
Oct 14 07:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: Connection closed by 196.251.84.92 port 48526 [preauth]
Oct 14 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8464]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8462]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8461]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8463]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8464]: pam_unix(cron:session): session closed for user root
Oct 14 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8458]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8541]: Successful su for rubyman by root
Oct 14 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8541]: + ??? root:rubyman
Oct 14 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410033 of user rubyman.
Oct 14 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8541]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410033.
Oct 14 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: Invalid user master from 138.204.127.54
Oct 14 07:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: input_userauth_request: invalid user master [preauth]
Oct 14 07:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 07:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: Failed password for invalid user master from 138.204.127.54 port 46387 ssh2
Oct 14 07:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: Received disconnect from 138.204.127.54 port 46387:11: Bye Bye [preauth]
Oct 14 07:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: Disconnected from 138.204.127.54 port 46387 [preauth]
Oct 14 07:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8461]: pam_unix(cron:session): session closed for user root
Oct 14 07:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4436]: pam_unix(cron:session): session closed for user root
Oct 14 07:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: Invalid user free from 217.154.38.181
Oct 14 07:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: input_userauth_request: invalid user free [preauth]
Oct 14 07:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8460]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: Failed password for invalid user free from 217.154.38.181 port 34662 ssh2
Oct 14 07:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: Received disconnect from 217.154.38.181 port 34662:11: Bye Bye [preauth]
Oct 14 07:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: Disconnected from 217.154.38.181 port 34662 [preauth]
Oct 14 07:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8948]: Invalid user ubuntu from 137.184.72.181
Oct 14 07:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8948]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 07:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8948]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 07:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8948]: Failed password for invalid user ubuntu from 137.184.72.181 port 34638 ssh2
Oct 14 07:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8948]: Received disconnect from 137.184.72.181 port 34638:11: Bye Bye [preauth]
Oct 14 07:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8948]: Disconnected from 137.184.72.181 port 34638 [preauth]
Oct 14 07:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6984]: pam_unix(cron:session): session closed for user root
Oct 14 07:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: Invalid user alex from 104.223.122.114
Oct 14 07:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: input_userauth_request: invalid user alex [preauth]
Oct 14 07:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 07:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: Failed password for invalid user alex from 104.223.122.114 port 56036 ssh2
Oct 14 07:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: Received disconnect from 104.223.122.114 port 56036:11: Bye Bye [preauth]
Oct 14 07:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: Disconnected from 104.223.122.114 port 56036 [preauth]
Oct 14 07:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: Invalid user dev from 102.68.84.2
Oct 14 07:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: input_userauth_request: invalid user dev [preauth]
Oct 14 07:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 07:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: Failed password for invalid user dev from 102.68.84.2 port 35384 ssh2
Oct 14 07:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: Received disconnect from 102.68.84.2 port 35384:11: Bye Bye [preauth]
Oct 14 07:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9071]: Disconnected from 102.68.84.2 port 35384 [preauth]
Oct 14 07:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9090]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9091]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9087]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: Invalid user usuario from 101.36.116.29
Oct 14 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: input_userauth_request: invalid user usuario [preauth]
Oct 14 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9282]: Successful su for rubyman by root
Oct 14 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9282]: + ??? root:rubyman
Oct 14 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410038 of user rubyman.
Oct 14 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9282]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410038.
Oct 14 07:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: Failed password for invalid user usuario from 101.36.116.29 port 34530 ssh2
Oct 14 07:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: Received disconnect from 101.36.116.29 port 34530:11: Bye Bye [preauth]
Oct 14 07:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: Disconnected from 101.36.116.29 port 34530 [preauth]
Oct 14 07:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: Invalid user test from 196.251.84.140
Oct 14 07:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: input_userauth_request: invalid user test [preauth]
Oct 14 07:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 07:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: Failed password for invalid user test from 196.251.84.140 port 37146 ssh2
Oct 14 07:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9083]: Connection closed by 196.251.84.140 port 37146 [preauth]
Oct 14 07:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5146]: pam_unix(cron:session): session closed for user root
Oct 14 07:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9088]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: Invalid user es from 196.251.84.92
Oct 14 07:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: input_userauth_request: invalid user es [preauth]
Oct 14 07:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: Failed password for invalid user es from 196.251.84.92 port 34004 ssh2
Oct 14 07:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9567]: Connection closed by 196.251.84.92 port 34004 [preauth]
Oct 14 07:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7552]: pam_unix(cron:session): session closed for user root
Oct 14 07:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Invalid user bob from 138.204.127.54
Oct 14 07:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: input_userauth_request: invalid user bob [preauth]
Oct 14 07:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 07:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9716]: Invalid user dummy from 137.184.72.181
Oct 14 07:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9716]: input_userauth_request: invalid user dummy [preauth]
Oct 14 07:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9716]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 07:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Failed password for invalid user bob from 138.204.127.54 port 34474 ssh2
Oct 14 07:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Received disconnect from 138.204.127.54 port 34474:11: Bye Bye [preauth]
Oct 14 07:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Disconnected from 138.204.127.54 port 34474 [preauth]
Oct 14 07:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9716]: Failed password for invalid user dummy from 137.184.72.181 port 57282 ssh2
Oct 14 07:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9716]: Received disconnect from 137.184.72.181 port 57282:11: Bye Bye [preauth]
Oct 14 07:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9716]: Disconnected from 137.184.72.181 port 57282 [preauth]
Oct 14 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9841]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9843]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9840]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9842]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9840]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9919]: Successful su for rubyman by root
Oct 14 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9919]: + ??? root:rubyman
Oct 14 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410040 of user rubyman.
Oct 14 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9919]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410040.
Oct 14 07:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5964]: pam_unix(cron:session): session closed for user root
Oct 14 07:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: Invalid user copyuser from 217.154.38.181
Oct 14 07:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: input_userauth_request: invalid user copyuser [preauth]
Oct 14 07:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.38.181
Oct 14 07:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: Invalid user www-user from 164.68.105.9
Oct 14 07:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: input_userauth_request: invalid user www-user [preauth]
Oct 14 07:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 14 07:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: Failed password for invalid user copyuser from 217.154.38.181 port 51986 ssh2
Oct 14 07:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: Failed password for invalid user www-user from 164.68.105.9 port 58484 ssh2
Oct 14 07:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: Received disconnect from 217.154.38.181 port 51986:11: Bye Bye [preauth]
Oct 14 07:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: Disconnected from 217.154.38.181 port 51986 [preauth]
Oct 14 07:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: Connection closed by 164.68.105.9 port 58484 [preauth]
Oct 14 07:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114  user=root
Oct 14 07:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10144]: Failed password for root from 104.223.122.114 port 60606 ssh2
Oct 14 07:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10144]: Received disconnect from 104.223.122.114 port 60606:11: Bye Bye [preauth]
Oct 14 07:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10144]: Disconnected from 104.223.122.114 port 60606 [preauth]
Oct 14 07:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9841]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10239]: Invalid user ts3 from 102.68.84.2
Oct 14 07:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10239]: input_userauth_request: invalid user ts3 [preauth]
Oct 14 07:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10239]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 07:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10239]: Failed password for invalid user ts3 from 102.68.84.2 port 50672 ssh2
Oct 14 07:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10239]: Received disconnect from 102.68.84.2 port 50672:11: Bye Bye [preauth]
Oct 14 07:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10239]: Disconnected from 102.68.84.2 port 50672 [preauth]
Oct 14 07:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8463]: pam_unix(cron:session): session closed for user root
Oct 14 07:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10286]: Invalid user es from 196.251.84.92
Oct 14 07:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10286]: input_userauth_request: invalid user es [preauth]
Oct 14 07:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10286]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10286]: Failed password for invalid user es from 196.251.84.92 port 47614 ssh2
Oct 14 07:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10286]: Connection closed by 196.251.84.92 port 47614 [preauth]
Oct 14 07:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29  user=root
Oct 14 07:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: Invalid user admin from 2.57.121.25
Oct 14 07:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: input_userauth_request: invalid user admin [preauth]
Oct 14 07:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 07:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: Failed password for root from 101.36.116.29 port 43376 ssh2
Oct 14 07:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: Received disconnect from 101.36.116.29 port 43376:11: Bye Bye [preauth]
Oct 14 07:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10321]: Disconnected from 101.36.116.29 port 43376 [preauth]
Oct 14 07:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: Failed password for invalid user admin from 2.57.121.25 port 39761 ssh2
Oct 14 07:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: Failed password for invalid user admin from 2.57.121.25 port 39761 ssh2
Oct 14 07:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: Failed password for invalid user admin from 2.57.121.25 port 39761 ssh2
Oct 14 07:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: Failed password for invalid user admin from 2.57.121.25 port 39761 ssh2
Oct 14 07:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10360]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10359]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10357]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: Failed password for invalid user admin from 2.57.121.25 port 39761 ssh2
Oct 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: Invalid user odoo17 from 137.184.72.181
Oct 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: input_userauth_request: invalid user odoo17 [preauth]
Oct 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: Received disconnect from 2.57.121.25 port 39761:11: Bye [preauth]
Oct 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: Disconnected from 2.57.121.25 port 39761 [preauth]
Oct 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10431]: Successful su for rubyman by root
Oct 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10431]: + ??? root:rubyman
Oct 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410043 of user rubyman.
Oct 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10431]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410043.
Oct 14 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: Failed password for invalid user odoo17 from 137.184.72.181 port 50902 ssh2
Oct 14 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: Received disconnect from 137.184.72.181 port 50902:11: Bye Bye [preauth]
Oct 14 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10417]: Disconnected from 137.184.72.181 port 50902 [preauth]
Oct 14 07:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6420]: pam_unix(cron:session): session closed for user root
Oct 14 07:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10664]: Invalid user grafana from 138.204.127.54
Oct 14 07:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10664]: input_userauth_request: invalid user grafana [preauth]
Oct 14 07:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10664]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 07:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10358]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10664]: Failed password for invalid user grafana from 138.204.127.54 port 50813 ssh2
Oct 14 07:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10664]: Received disconnect from 138.204.127.54 port 50813:11: Bye Bye [preauth]
Oct 14 07:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10664]: Disconnected from 138.204.127.54 port 50813 [preauth]
Oct 14 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: Invalid user ts3 from 104.223.122.114
Oct 14 07:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: input_userauth_request: invalid user ts3 [preauth]
Oct 14 07:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 07:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: Failed password for invalid user ts3 from 104.223.122.114 port 36942 ssh2
Oct 14 07:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: Received disconnect from 104.223.122.114 port 36942:11: Bye Bye [preauth]
Oct 14 07:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10732]: Disconnected from 104.223.122.114 port 36942 [preauth]
Oct 14 07:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9091]: pam_unix(cron:session): session closed for user root
Oct 14 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10837]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10836]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10833]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10907]: Successful su for rubyman by root
Oct 14 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10907]: + ??? root:rubyman
Oct 14 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410047 of user rubyman.
Oct 14 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10907]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410047.
Oct 14 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10932]: Invalid user es from 196.251.84.92
Oct 14 07:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10932]: input_userauth_request: invalid user es [preauth]
Oct 14 07:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10932]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10932]: Failed password for invalid user es from 196.251.84.92 port 60920 ssh2
Oct 14 07:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10932]: Connection closed by 196.251.84.92 port 60920 [preauth]
Oct 14 07:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6979]: pam_unix(cron:session): session closed for user root
Oct 14 07:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: Invalid user qclinux from 102.68.84.2
Oct 14 07:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: input_userauth_request: invalid user qclinux [preauth]
Oct 14 07:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 07:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: Failed password for invalid user qclinux from 102.68.84.2 port 37776 ssh2
Oct 14 07:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: Received disconnect from 102.68.84.2 port 37776:11: Bye Bye [preauth]
Oct 14 07:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: Disconnected from 102.68.84.2 port 37776 [preauth]
Oct 14 07:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11110]: Invalid user ali from 137.184.72.181
Oct 14 07:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11110]: input_userauth_request: invalid user ali [preauth]
Oct 14 07:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11110]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 07:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11110]: Failed password for invalid user ali from 137.184.72.181 port 47910 ssh2
Oct 14 07:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11110]: Received disconnect from 137.184.72.181 port 47910:11: Bye Bye [preauth]
Oct 14 07:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11110]: Disconnected from 137.184.72.181 port 47910 [preauth]
Oct 14 07:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10834]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: Invalid user guest from 196.251.84.140
Oct 14 07:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: input_userauth_request: invalid user guest [preauth]
Oct 14 07:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 07:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: Failed password for invalid user guest from 196.251.84.140 port 36456 ssh2
Oct 14 07:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: Connection closed by 196.251.84.140 port 36456 [preauth]
Oct 14 07:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9843]: pam_unix(cron:session): session closed for user root
Oct 14 07:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29  user=root
Oct 14 07:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11229]: Failed password for root from 101.36.116.29 port 34356 ssh2
Oct 14 07:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11229]: Received disconnect from 101.36.116.29 port 34356:11: Bye Bye [preauth]
Oct 14 07:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11229]: Disconnected from 101.36.116.29 port 34356 [preauth]
Oct 14 07:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: Invalid user user1 from 104.223.122.114
Oct 14 07:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: input_userauth_request: invalid user user1 [preauth]
Oct 14 07:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 07:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: Failed password for invalid user user1 from 104.223.122.114 port 41506 ssh2
Oct 14 07:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: Received disconnect from 104.223.122.114 port 41506:11: Bye Bye [preauth]
Oct 14 07:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: Disconnected from 104.223.122.114 port 41506 [preauth]
Oct 14 07:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: Invalid user ubuntu from 138.204.127.54
Oct 14 07:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 07:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 07:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: Failed password for invalid user ubuntu from 138.204.127.54 port 38886 ssh2
Oct 14 07:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: Received disconnect from 138.204.127.54 port 38886:11: Bye Bye [preauth]
Oct 14 07:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: Disconnected from 138.204.127.54 port 38886 [preauth]
Oct 14 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11312]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11311]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11310]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11313]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11313]: pam_unix(cron:session): session closed for user root
Oct 14 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11308]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11392]: Successful su for rubyman by root
Oct 14 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11392]: + ??? root:rubyman
Oct 14 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410053 of user rubyman.
Oct 14 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11392]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410053.
Oct 14 07:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11310]: pam_unix(cron:session): session closed for user root
Oct 14 07:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7551]: pam_unix(cron:session): session closed for user root
Oct 14 07:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11309]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: Invalid user es from 196.251.84.92
Oct 14 07:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: input_userauth_request: invalid user es [preauth]
Oct 14 07:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11783]: Invalid user administrator from 137.184.72.181
Oct 14 07:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11783]: input_userauth_request: invalid user administrator [preauth]
Oct 14 07:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11783]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 07:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: Failed password for invalid user es from 196.251.84.92 port 46058 ssh2
Oct 14 07:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: Connection closed by 196.251.84.92 port 46058 [preauth]
Oct 14 07:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11783]: Failed password for invalid user administrator from 137.184.72.181 port 49970 ssh2
Oct 14 07:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11783]: Received disconnect from 137.184.72.181 port 49970:11: Bye Bye [preauth]
Oct 14 07:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11783]: Disconnected from 137.184.72.181 port 49970 [preauth]
Oct 14 07:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10360]: pam_unix(cron:session): session closed for user root
Oct 14 07:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11866]: Invalid user myuser from 102.68.84.2
Oct 14 07:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11866]: input_userauth_request: invalid user myuser [preauth]
Oct 14 07:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11866]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 07:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11866]: Failed password for invalid user myuser from 102.68.84.2 port 59346 ssh2
Oct 14 07:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11866]: Received disconnect from 102.68.84.2 port 59346:11: Bye Bye [preauth]
Oct 14 07:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11866]: Disconnected from 102.68.84.2 port 59346 [preauth]
Oct 14 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11914]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11915]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11912]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11988]: Successful su for rubyman by root
Oct 14 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11988]: + ??? root:rubyman
Oct 14 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410057 of user rubyman.
Oct 14 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11988]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410057.
Oct 14 07:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Invalid user ali from 104.223.122.114
Oct 14 07:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: input_userauth_request: invalid user ali [preauth]
Oct 14 07:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 07:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Failed password for invalid user ali from 104.223.122.114 port 46072 ssh2
Oct 14 07:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Received disconnect from 104.223.122.114 port 46072:11: Bye Bye [preauth]
Oct 14 07:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Disconnected from 104.223.122.114 port 46072 [preauth]
Oct 14 07:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8462]: pam_unix(cron:session): session closed for user root
Oct 14 07:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11913]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: Invalid user khoa from 101.36.116.29
Oct 14 07:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: input_userauth_request: invalid user khoa [preauth]
Oct 14 07:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 07:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: Invalid user ftpuser from 138.204.127.54
Oct 14 07:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 07:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 07:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: Failed password for invalid user khoa from 101.36.116.29 port 44042 ssh2
Oct 14 07:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: Received disconnect from 101.36.116.29 port 44042:11: Bye Bye [preauth]
Oct 14 07:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: Disconnected from 101.36.116.29 port 44042 [preauth]
Oct 14 07:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: Failed password for invalid user ftpuser from 138.204.127.54 port 55195 ssh2
Oct 14 07:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: Received disconnect from 138.204.127.54 port 55195:11: Bye Bye [preauth]
Oct 14 07:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: Disconnected from 138.204.127.54 port 55195 [preauth]
Oct 14 07:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10837]: pam_unix(cron:session): session closed for user root
Oct 14 07:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12340]: Invalid user user from 137.184.72.181
Oct 14 07:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12340]: input_userauth_request: invalid user user [preauth]
Oct 14 07:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12340]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 07:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12340]: Failed password for invalid user user from 137.184.72.181 port 44768 ssh2
Oct 14 07:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12340]: Received disconnect from 137.184.72.181 port 44768:11: Bye Bye [preauth]
Oct 14 07:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12340]: Disconnected from 137.184.72.181 port 44768 [preauth]
Oct 14 07:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12353]: Invalid user es from 196.251.84.92
Oct 14 07:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12353]: input_userauth_request: invalid user es [preauth]
Oct 14 07:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12353]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12353]: Failed password for invalid user es from 196.251.84.92 port 59436 ssh2
Oct 14 07:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12353]: Connection closed by 196.251.84.92 port 59436 [preauth]
Oct 14 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12414]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12410]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12407]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12489]: Successful su for rubyman by root
Oct 14 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12489]: + ??? root:rubyman
Oct 14 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410062 of user rubyman.
Oct 14 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12489]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410062.
Oct 14 07:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9090]: pam_unix(cron:session): session closed for user root
Oct 14 07:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: Invalid user admin from 62.60.131.157
Oct 14 07:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: input_userauth_request: invalid user admin [preauth]
Oct 14 07:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 07:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: Failed password for invalid user admin from 62.60.131.157 port 62900 ssh2
Oct 14 07:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: Failed password for invalid user admin from 62.60.131.157 port 62900 ssh2
Oct 14 07:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12409]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: Failed password for invalid user admin from 62.60.131.157 port 62900 ssh2
Oct 14 07:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: Failed password for invalid user admin from 62.60.131.157 port 62900 ssh2
Oct 14 07:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: Failed password for invalid user admin from 62.60.131.157 port 62900 ssh2
Oct 14 07:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: Received disconnect from 62.60.131.157 port 62900:11: Bye [preauth]
Oct 14 07:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: Disconnected from 62.60.131.157 port 62900 [preauth]
Oct 14 07:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 07:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 07:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12768]: Invalid user user1 from 102.68.84.2
Oct 14 07:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12768]: input_userauth_request: invalid user user1 [preauth]
Oct 14 07:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12768]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 07:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12768]: Failed password for invalid user user1 from 102.68.84.2 port 48398 ssh2
Oct 14 07:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12768]: Received disconnect from 102.68.84.2 port 48398:11: Bye Bye [preauth]
Oct 14 07:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12768]: Disconnected from 102.68.84.2 port 48398 [preauth]
Oct 14 07:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12770]: Invalid user guest from 196.251.84.140
Oct 14 07:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12770]: input_userauth_request: invalid user guest [preauth]
Oct 14 07:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: Invalid user ftptest from 104.223.122.114
Oct 14 07:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 07:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 07:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12770]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 07:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: Failed password for invalid user ftptest from 104.223.122.114 port 50636 ssh2
Oct 14 07:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: Received disconnect from 104.223.122.114 port 50636:11: Bye Bye [preauth]
Oct 14 07:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: Disconnected from 104.223.122.114 port 50636 [preauth]
Oct 14 07:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12770]: Failed password for invalid user guest from 196.251.84.140 port 57458 ssh2
Oct 14 07:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12770]: Connection closed by 196.251.84.140 port 57458 [preauth]
Oct 14 07:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11312]: pam_unix(cron:session): session closed for user root
Oct 14 07:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Invalid user admin from 137.184.72.181
Oct 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: input_userauth_request: invalid user admin [preauth]
Oct 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12911]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12912]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12908]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: Did not receive identification string from 101.36.97.131
Oct 14 07:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Failed password for invalid user admin from 137.184.72.181 port 43752 ssh2
Oct 14 07:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Received disconnect from 137.184.72.181 port 43752:11: Bye Bye [preauth]
Oct 14 07:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Disconnected from 137.184.72.181 port 43752 [preauth]
Oct 14 07:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: Connection closed by 101.36.97.131 port 36052 [preauth]
Oct 14 07:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13012]: Successful su for rubyman by root
Oct 14 07:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13012]: + ??? root:rubyman
Oct 14 07:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410068 of user rubyman.
Oct 14 07:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13012]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410068.
Oct 14 07:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13041]: Connection closed by 101.36.97.131 port 36618 [preauth]
Oct 14 07:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13091]: Invalid user es from 196.251.84.92
Oct 14 07:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13091]: input_userauth_request: invalid user es [preauth]
Oct 14 07:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13091]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13091]: Failed password for invalid user es from 196.251.84.92 port 44396 ssh2
Oct 14 07:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13091]: Connection closed by 196.251.84.92 port 44396 [preauth]
Oct 14 07:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9842]: pam_unix(cron:session): session closed for user root
Oct 14 07:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54  user=root
Oct 14 07:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Failed password for root from 138.204.127.54 port 43270 ssh2
Oct 14 07:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Received disconnect from 138.204.127.54 port 43270:11: Bye Bye [preauth]
Oct 14 07:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Disconnected from 138.204.127.54 port 43270 [preauth]
Oct 14 07:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12909]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29  user=root
Oct 14 07:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13384]: Failed password for root from 101.36.116.29 port 51836 ssh2
Oct 14 07:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13384]: Received disconnect from 101.36.116.29 port 51836:11: Bye Bye [preauth]
Oct 14 07:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13384]: Disconnected from 101.36.116.29 port 51836 [preauth]
Oct 14 07:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11915]: pam_unix(cron:session): session closed for user root
Oct 14 07:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: Invalid user dev from 104.223.122.114
Oct 14 07:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: input_userauth_request: invalid user dev [preauth]
Oct 14 07:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13535]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13533]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13534]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13536]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13533]: pam_unix(cron:session): session closed for user p13x
Oct 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: Failed password for invalid user dev from 104.223.122.114 port 55202 ssh2
Oct 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: Received disconnect from 104.223.122.114 port 55202:11: Bye Bye [preauth]
Oct 14 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: Disconnected from 104.223.122.114 port 55202 [preauth]
Oct 14 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13602]: Successful su for rubyman by root
Oct 14 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13602]: + ??? root:rubyman
Oct 14 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13602]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410072 of user rubyman.
Oct 14 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13602]: pam_unix(su:session): session closed for user rubyman
Oct 14 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410072.
Oct 14 07:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10359]: pam_unix(cron:session): session closed for user root
Oct 14 07:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13807]: Invalid user ts3 from 102.68.84.2
Oct 14 07:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13807]: input_userauth_request: invalid user ts3 [preauth]
Oct 14 07:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13807]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 07:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13807]: Failed password for invalid user ts3 from 102.68.84.2 port 42022 ssh2
Oct 14 07:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13807]: Received disconnect from 102.68.84.2 port 42022:11: Bye Bye [preauth]
Oct 14 07:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13807]: Disconnected from 102.68.84.2 port 42022 [preauth]
Oct 14 07:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13534]: pam_unix(cron:session): session closed for user samftp
Oct 14 07:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: Invalid user dev from 137.184.72.181
Oct 14 07:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: input_userauth_request: invalid user dev [preauth]
Oct 14 07:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 07:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: Failed password for invalid user dev from 137.184.72.181 port 55650 ssh2
Oct 14 07:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: Received disconnect from 137.184.72.181 port 55650:11: Bye Bye [preauth]
Oct 14 07:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: Disconnected from 137.184.72.181 port 55650 [preauth]
Oct 14 07:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13900]: Invalid user master from 196.251.84.92
Oct 14 07:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13900]: input_userauth_request: invalid user master [preauth]
Oct 14 07:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13900]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 07:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 07:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13900]: Failed password for invalid user master from 196.251.84.92 port 57568 ssh2
Oct 14 07:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13900]: Connection closed by 196.251.84.92 port 57568 [preauth]
Oct 14 07:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12414]: pam_unix(cron:session): session closed for user root
Oct 14 07:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 07:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54  user=root
Oct 14 07:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Failed password for root from 138.204.127.54 port 59574 ssh2
Oct 14 07:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Received disconnect from 138.204.127.54 port 59574:11: Bye Bye [preauth]
Oct 14 07:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Disconnected from 138.204.127.54 port 59574 [preauth]
Oct 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14019]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14016]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14018]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14015]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14017]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14015]: pam_unix(cron:session): session closed for user root
Oct 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14019]: pam_unix(cron:session): session closed for user root
Oct 14 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14013]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[14227]: Successful su for rubyman by root
Oct 14 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[14227]: + ??? root:rubyman
Oct 14 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[14227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410075 of user rubyman.
Oct 14 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[14227]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410075.
Oct 14 08:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10836]: pam_unix(cron:session): session closed for user root
Oct 14 08:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14016]: pam_unix(cron:session): session closed for user root
Oct 14 08:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: Invalid user kdh from 101.36.116.29
Oct 14 08:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: input_userauth_request: invalid user kdh [preauth]
Oct 14 08:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 08:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: Failed password for invalid user kdh from 101.36.116.29 port 40560 ssh2
Oct 14 08:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: Received disconnect from 101.36.116.29 port 40560:11: Bye Bye [preauth]
Oct 14 08:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: Disconnected from 101.36.116.29 port 40560 [preauth]
Oct 14 08:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14014]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: Invalid user myuser from 104.223.122.114
Oct 14 08:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: input_userauth_request: invalid user myuser [preauth]
Oct 14 08:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: Failed password for invalid user myuser from 104.223.122.114 port 59768 ssh2
Oct 14 08:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: Received disconnect from 104.223.122.114 port 59768:11: Bye Bye [preauth]
Oct 14 08:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: Disconnected from 104.223.122.114 port 59768 [preauth]
Oct 14 08:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: Invalid user guest from 196.251.84.140
Oct 14 08:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: input_userauth_request: invalid user guest [preauth]
Oct 14 08:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12912]: pam_unix(cron:session): session closed for user root
Oct 14 08:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: Invalid user support from 78.128.112.74
Oct 14 08:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: input_userauth_request: invalid user support [preauth]
Oct 14 08:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Oct 14 08:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14605]: Invalid user git from 137.184.72.181
Oct 14 08:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14605]: input_userauth_request: invalid user git [preauth]
Oct 14 08:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14605]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 08:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: Failed password for invalid user guest from 196.251.84.140 port 52484 ssh2
Oct 14 08:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: Failed password for invalid user support from 78.128.112.74 port 42884 ssh2
Oct 14 08:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: Connection closed by 78.128.112.74 port 42884 [preauth]
Oct 14 08:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14572]: Connection closed by 196.251.84.140 port 52484 [preauth]
Oct 14 08:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14605]: Failed password for invalid user git from 137.184.72.181 port 56630 ssh2
Oct 14 08:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14605]: Received disconnect from 137.184.72.181 port 56630:11: Bye Bye [preauth]
Oct 14 08:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14605]: Disconnected from 137.184.72.181 port 56630 [preauth]
Oct 14 08:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: Invalid user master from 196.251.84.92
Oct 14 08:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: input_userauth_request: invalid user master [preauth]
Oct 14 08:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: Failed password for invalid user master from 196.251.84.92 port 42506 ssh2
Oct 14 08:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14645]: Connection closed by 196.251.84.92 port 42506 [preauth]
Oct 14 08:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2  user=root
Oct 14 08:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: Failed password for root from 102.68.84.2 port 59696 ssh2
Oct 14 08:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: Received disconnect from 102.68.84.2 port 59696:11: Bye Bye [preauth]
Oct 14 08:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: Disconnected from 102.68.84.2 port 59696 [preauth]
Oct 14 08:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: Failed password for root from 80.211.129.128 port 50758 ssh2
Oct 14 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14667]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14669]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14665]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: Connection closed by 80.211.129.128 port 50758 [preauth]
Oct 14 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14749]: Successful su for rubyman by root
Oct 14 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14749]: + ??? root:rubyman
Oct 14 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410082 of user rubyman.
Oct 14 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14749]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410082.
Oct 14 08:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11311]: pam_unix(cron:session): session closed for user root
Oct 14 08:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14666]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15017]: Invalid user usuario from 138.204.127.54
Oct 14 08:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15017]: input_userauth_request: invalid user usuario [preauth]
Oct 14 08:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15017]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 08:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15017]: Failed password for invalid user usuario from 138.204.127.54 port 47656 ssh2
Oct 14 08:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15017]: Received disconnect from 138.204.127.54 port 47656:11: Bye Bye [preauth]
Oct 14 08:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15017]: Disconnected from 138.204.127.54 port 47656 [preauth]
Oct 14 08:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13536]: pam_unix(cron:session): session closed for user root
Oct 14 08:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: Invalid user odoo17 from 104.223.122.114
Oct 14 08:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: input_userauth_request: invalid user odoo17 [preauth]
Oct 14 08:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: Failed password for invalid user odoo17 from 104.223.122.114 port 36100 ssh2
Oct 14 08:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: Received disconnect from 104.223.122.114 port 36100:11: Bye Bye [preauth]
Oct 14 08:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: Disconnected from 104.223.122.114 port 36100 [preauth]
Oct 14 08:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15229]: Invalid user user1 from 137.184.72.181
Oct 14 08:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15229]: input_userauth_request: invalid user user1 [preauth]
Oct 14 08:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15229]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 08:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15229]: Failed password for invalid user user1 from 137.184.72.181 port 45836 ssh2
Oct 14 08:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15229]: Received disconnect from 137.184.72.181 port 45836:11: Bye Bye [preauth]
Oct 14 08:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15229]: Disconnected from 137.184.72.181 port 45836 [preauth]
Oct 14 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15244]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15243]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15242]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15241]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: Invalid user nick from 101.36.116.29
Oct 14 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: input_userauth_request: invalid user nick [preauth]
Oct 14 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15330]: Successful su for rubyman by root
Oct 14 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15330]: + ??? root:rubyman
Oct 14 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410084 of user rubyman.
Oct 14 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15330]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410084.
Oct 14 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: Failed password for invalid user nick from 101.36.116.29 port 35676 ssh2
Oct 14 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: Received disconnect from 101.36.116.29 port 35676:11: Bye Bye [preauth]
Oct 14 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: Disconnected from 101.36.116.29 port 35676 [preauth]
Oct 14 08:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11914]: pam_unix(cron:session): session closed for user root
Oct 14 08:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: Invalid user master from 196.251.84.92
Oct 14 08:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: input_userauth_request: invalid user master [preauth]
Oct 14 08:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: Failed password for invalid user master from 196.251.84.92 port 55428 ssh2
Oct 14 08:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15512]: Connection closed by 196.251.84.92 port 55428 [preauth]
Oct 14 08:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15242]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: Invalid user ftptest from 102.68.84.2
Oct 14 08:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 08:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: Failed password for invalid user ftptest from 102.68.84.2 port 57994 ssh2
Oct 14 08:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: Received disconnect from 102.68.84.2 port 57994:11: Bye Bye [preauth]
Oct 14 08:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: Disconnected from 102.68.84.2 port 57994 [preauth]
Oct 14 08:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14018]: pam_unix(cron:session): session closed for user root
Oct 14 08:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: Invalid user asta from 138.204.127.54
Oct 14 08:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: input_userauth_request: invalid user asta [preauth]
Oct 14 08:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 08:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: Invalid user sol from 104.223.122.114
Oct 14 08:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: input_userauth_request: invalid user sol [preauth]
Oct 14 08:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: Failed password for invalid user asta from 138.204.127.54 port 35773 ssh2
Oct 14 08:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: Received disconnect from 138.204.127.54 port 35773:11: Bye Bye [preauth]
Oct 14 08:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: Disconnected from 138.204.127.54 port 35773 [preauth]
Oct 14 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15711]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15709]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15706]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: Failed password for invalid user sol from 104.223.122.114 port 40666 ssh2
Oct 14 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: Received disconnect from 104.223.122.114 port 40666:11: Bye Bye [preauth]
Oct 14 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: Disconnected from 104.223.122.114 port 40666 [preauth]
Oct 14 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15779]: Successful su for rubyman by root
Oct 14 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15779]: + ??? root:rubyman
Oct 14 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410091 of user rubyman.
Oct 14 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15779]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410091.
Oct 14 08:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12410]: pam_unix(cron:session): session closed for user root
Oct 14 08:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15976]: Invalid user sol from 137.184.72.181
Oct 14 08:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15976]: input_userauth_request: invalid user sol [preauth]
Oct 14 08:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15976]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 08:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15976]: Failed password for invalid user sol from 137.184.72.181 port 60284 ssh2
Oct 14 08:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15976]: Received disconnect from 137.184.72.181 port 60284:11: Bye Bye [preauth]
Oct 14 08:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15976]: Disconnected from 137.184.72.181 port 60284 [preauth]
Oct 14 08:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15707]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16070]: Invalid user master from 196.251.84.92
Oct 14 08:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16070]: input_userauth_request: invalid user master [preauth]
Oct 14 08:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16070]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16070]: Failed password for invalid user master from 196.251.84.92 port 40246 ssh2
Oct 14 08:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16070]: Connection closed by 196.251.84.92 port 40246 [preauth]
Oct 14 08:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14669]: pam_unix(cron:session): session closed for user root
Oct 14 08:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Invalid user vinay from 101.36.116.29
Oct 14 08:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: input_userauth_request: invalid user vinay [preauth]
Oct 14 08:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 08:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Failed password for invalid user vinay from 101.36.116.29 port 59638 ssh2
Oct 14 08:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Received disconnect from 101.36.116.29 port 59638:11: Bye Bye [preauth]
Oct 14 08:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Disconnected from 101.36.116.29 port 59638 [preauth]
Oct 14 08:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16145]: Invalid user guest from 196.251.84.140
Oct 14 08:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16145]: input_userauth_request: invalid user guest [preauth]
Oct 14 08:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16145]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16145]: Failed password for invalid user guest from 196.251.84.140 port 47830 ssh2
Oct 14 08:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16145]: Connection closed by 196.251.84.140 port 47830 [preauth]
Oct 14 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16171]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16170]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16167]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16240]: Successful su for rubyman by root
Oct 14 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16240]: + ??? root:rubyman
Oct 14 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16240]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410093 of user rubyman.
Oct 14 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16240]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410093.
Oct 14 08:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12911]: pam_unix(cron:session): session closed for user root
Oct 14 08:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16168]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: Invalid user administrator from 104.223.122.114
Oct 14 08:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: input_userauth_request: invalid user administrator [preauth]
Oct 14 08:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Invalid user ftptest from 102.68.84.2
Oct 14 08:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 08:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: Failed password for invalid user administrator from 104.223.122.114 port 45230 ssh2
Oct 14 08:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: Received disconnect from 104.223.122.114 port 45230:11: Bye Bye [preauth]
Oct 14 08:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16480]: Disconnected from 104.223.122.114 port 45230 [preauth]
Oct 14 08:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Failed password for invalid user ftptest from 102.68.84.2 port 59694 ssh2
Oct 14 08:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Received disconnect from 102.68.84.2 port 59694:11: Bye Bye [preauth]
Oct 14 08:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Disconnected from 102.68.84.2 port 59694 [preauth]
Oct 14 08:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: Invalid user proxyuser from 137.184.72.181
Oct 14 08:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: input_userauth_request: invalid user proxyuser [preauth]
Oct 14 08:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 08:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: Failed password for invalid user proxyuser from 137.184.72.181 port 51526 ssh2
Oct 14 08:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: Received disconnect from 137.184.72.181 port 51526:11: Bye Bye [preauth]
Oct 14 08:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16536]: Disconnected from 137.184.72.181 port 51526 [preauth]
Oct 14 08:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54  user=root
Oct 14 08:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15244]: pam_unix(cron:session): session closed for user root
Oct 14 08:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: Failed password for root from 138.204.127.54 port 52130 ssh2
Oct 14 08:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: Received disconnect from 138.204.127.54 port 52130:11: Bye Bye [preauth]
Oct 14 08:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: Disconnected from 138.204.127.54 port 52130 [preauth]
Oct 14 08:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: Invalid user master from 196.251.84.92
Oct 14 08:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: input_userauth_request: invalid user master [preauth]
Oct 14 08:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16648]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16649]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16647]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16646]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16649]: pam_unix(cron:session): session closed for user root
Oct 14 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16644]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: Failed password for invalid user master from 196.251.84.92 port 53240 ssh2
Oct 14 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: Connection closed by 196.251.84.92 port 53240 [preauth]
Oct 14 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16725]: Successful su for rubyman by root
Oct 14 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16725]: + ??? root:rubyman
Oct 14 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410096 of user rubyman.
Oct 14 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16725]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410096.
Oct 14 08:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16646]: pam_unix(cron:session): session closed for user root
Oct 14 08:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13535]: pam_unix(cron:session): session closed for user root
Oct 14 08:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16645]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: Invalid user marian from 101.36.116.29
Oct 14 08:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: input_userauth_request: invalid user marian [preauth]
Oct 14 08:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 08:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15711]: pam_unix(cron:session): session closed for user root
Oct 14 08:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: Failed password for invalid user marian from 101.36.116.29 port 45716 ssh2
Oct 14 08:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: Received disconnect from 101.36.116.29 port 45716:11: Bye Bye [preauth]
Oct 14 08:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: Disconnected from 101.36.116.29 port 45716 [preauth]
Oct 14 08:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17082]: Invalid user user from 104.223.122.114
Oct 14 08:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17082]: input_userauth_request: invalid user user [preauth]
Oct 14 08:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17082]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17082]: Failed password for invalid user user from 104.223.122.114 port 49796 ssh2
Oct 14 08:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17082]: Received disconnect from 104.223.122.114 port 49796:11: Bye Bye [preauth]
Oct 14 08:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17082]: Disconnected from 104.223.122.114 port 49796 [preauth]
Oct 14 08:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17128]: Invalid user test1 from 137.184.72.181
Oct 14 08:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17128]: input_userauth_request: invalid user test1 [preauth]
Oct 14 08:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17128]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 08:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17128]: Failed password for invalid user test1 from 137.184.72.181 port 35782 ssh2
Oct 14 08:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17128]: Received disconnect from 137.184.72.181 port 35782:11: Bye Bye [preauth]
Oct 14 08:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17128]: Disconnected from 137.184.72.181 port 35782 [preauth]
Oct 14 08:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17140]: Invalid user vishal from 102.68.84.2
Oct 14 08:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17140]: input_userauth_request: invalid user vishal [preauth]
Oct 14 08:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17140]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17149]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17148]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17146]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17144]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17140]: Failed password for invalid user vishal from 102.68.84.2 port 54342 ssh2
Oct 14 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17140]: Received disconnect from 102.68.84.2 port 54342:11: Bye Bye [preauth]
Oct 14 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17140]: Disconnected from 102.68.84.2 port 54342 [preauth]
Oct 14 08:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17235]: Successful su for rubyman by root
Oct 14 08:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17235]: + ??? root:rubyman
Oct 14 08:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410102 of user rubyman.
Oct 14 08:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17235]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410102.
Oct 14 08:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.201.227  user=root
Oct 14 08:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: Invalid user debian from 138.204.127.54
Oct 14 08:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: input_userauth_request: invalid user debian [preauth]
Oct 14 08:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 08:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: Failed password for root from 80.211.201.227 port 57752 ssh2
Oct 14 08:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: Connection closed by 80.211.201.227 port 57752 [preauth]
Oct 14 08:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: Failed password for invalid user debian from 138.204.127.54 port 40200 ssh2
Oct 14 08:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14017]: pam_unix(cron:session): session closed for user root
Oct 14 08:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: Received disconnect from 138.204.127.54 port 40200:11: Bye Bye [preauth]
Oct 14 08:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: Disconnected from 138.204.127.54 port 40200 [preauth]
Oct 14 08:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17146]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Invalid user master from 196.251.84.92
Oct 14 08:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: input_userauth_request: invalid user master [preauth]
Oct 14 08:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Failed password for invalid user master from 196.251.84.92 port 38120 ssh2
Oct 14 08:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Connection closed by 196.251.84.92 port 38120 [preauth]
Oct 14 08:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16171]: pam_unix(cron:session): session closed for user root
Oct 14 08:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17597]: Invalid user ftptest from 104.223.122.114
Oct 14 08:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17597]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 08:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17597]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17597]: Failed password for invalid user ftptest from 104.223.122.114 port 54360 ssh2
Oct 14 08:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17597]: Received disconnect from 104.223.122.114 port 54360:11: Bye Bye [preauth]
Oct 14 08:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17597]: Disconnected from 104.223.122.114 port 54360 [preauth]
Oct 14 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17620]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17619]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17614]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17706]: Successful su for rubyman by root
Oct 14 08:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17706]: + ??? root:rubyman
Oct 14 08:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410106 of user rubyman.
Oct 14 08:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17706]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410106.
Oct 14 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: Invalid user qclinux from 137.184.72.181
Oct 14 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: input_userauth_request: invalid user qclinux [preauth]
Oct 14 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 08:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: Failed password for invalid user qclinux from 137.184.72.181 port 38284 ssh2
Oct 14 08:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: Received disconnect from 137.184.72.181 port 38284:11: Bye Bye [preauth]
Oct 14 08:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17836]: Disconnected from 137.184.72.181 port 38284 [preauth]
Oct 14 08:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17861]: Invalid user guest from 196.251.84.140
Oct 14 08:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17861]: input_userauth_request: invalid user guest [preauth]
Oct 14 08:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14667]: pam_unix(cron:session): session closed for user root
Oct 14 08:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17861]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17861]: Failed password for invalid user guest from 196.251.84.140 port 43686 ssh2
Oct 14 08:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17861]: Connection closed by 196.251.84.140 port 43686 [preauth]
Oct 14 08:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17618]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: Invalid user crystal from 101.36.116.29
Oct 14 08:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: input_userauth_request: invalid user crystal [preauth]
Oct 14 08:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 08:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: Failed password for invalid user crystal from 101.36.116.29 port 60348 ssh2
Oct 14 08:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: Received disconnect from 101.36.116.29 port 60348:11: Bye Bye [preauth]
Oct 14 08:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: Disconnected from 101.36.116.29 port 60348 [preauth]
Oct 14 08:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18083]: Invalid user azureuser from 102.68.84.2
Oct 14 08:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18083]: input_userauth_request: invalid user azureuser [preauth]
Oct 14 08:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18083]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18083]: Failed password for invalid user azureuser from 102.68.84.2 port 48052 ssh2
Oct 14 08:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18083]: Received disconnect from 102.68.84.2 port 48052:11: Bye Bye [preauth]
Oct 14 08:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18083]: Disconnected from 102.68.84.2 port 48052 [preauth]
Oct 14 08:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Invalid user master from 196.251.84.92
Oct 14 08:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: input_userauth_request: invalid user master [preauth]
Oct 14 08:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16648]: pam_unix(cron:session): session closed for user root
Oct 14 08:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54  user=root
Oct 14 08:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Failed password for invalid user master from 196.251.84.92 port 51036 ssh2
Oct 14 08:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Connection closed by 196.251.84.92 port 51036 [preauth]
Oct 14 08:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: Failed password for root from 138.204.127.54 port 56532 ssh2
Oct 14 08:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: Received disconnect from 138.204.127.54 port 56532:11: Bye Bye [preauth]
Oct 14 08:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: Disconnected from 138.204.127.54 port 56532 [preauth]
Oct 14 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18295]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18294]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18287]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18479]: Successful su for rubyman by root
Oct 14 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18479]: + ??? root:rubyman
Oct 14 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410111 of user rubyman.
Oct 14 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18479]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410111.
Oct 14 08:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15243]: pam_unix(cron:session): session closed for user root
Oct 14 08:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: Invalid user ts3 from 104.223.122.114
Oct 14 08:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: input_userauth_request: invalid user ts3 [preauth]
Oct 14 08:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: Failed password for invalid user ts3 from 104.223.122.114 port 58928 ssh2
Oct 14 08:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: Received disconnect from 104.223.122.114 port 58928:11: Bye Bye [preauth]
Oct 14 08:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: Disconnected from 104.223.122.114 port 58928 [preauth]
Oct 14 08:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18292]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: Invalid user myuser from 137.184.72.181
Oct 14 08:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: input_userauth_request: invalid user myuser [preauth]
Oct 14 08:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 08:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: Failed password for invalid user myuser from 137.184.72.181 port 60608 ssh2
Oct 14 08:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: Received disconnect from 137.184.72.181 port 60608:11: Bye Bye [preauth]
Oct 14 08:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: Disconnected from 137.184.72.181 port 60608 [preauth]
Oct 14 08:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17149]: pam_unix(cron:session): session closed for user root
Oct 14 08:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18891]: Invalid user master from 196.251.84.92
Oct 14 08:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18891]: input_userauth_request: invalid user master [preauth]
Oct 14 08:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18891]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18903]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18902]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18896]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18900]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18891]: Failed password for invalid user master from 196.251.84.92 port 35682 ssh2
Oct 14 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19204]: Successful su for rubyman by root
Oct 14 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19204]: + ??? root:rubyman
Oct 14 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410116 of user rubyman.
Oct 14 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19204]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410116.
Oct 14 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18891]: Connection closed by 196.251.84.92 port 35682 [preauth]
Oct 14 08:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18896]: pam_unix(cron:session): session closed for user root
Oct 14 08:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: Invalid user master from 101.36.116.29
Oct 14 08:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: input_userauth_request: invalid user master [preauth]
Oct 14 08:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 08:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15709]: pam_unix(cron:session): session closed for user root
Oct 14 08:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: Failed password for invalid user master from 101.36.116.29 port 51768 ssh2
Oct 14 08:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: Received disconnect from 101.36.116.29 port 51768:11: Bye Bye [preauth]
Oct 14 08:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19436]: Disconnected from 101.36.116.29 port 51768 [preauth]
Oct 14 08:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: Invalid user proxyuser from 102.68.84.2
Oct 14 08:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: input_userauth_request: invalid user proxyuser [preauth]
Oct 14 08:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: Failed password for invalid user proxyuser from 102.68.84.2 port 32920 ssh2
Oct 14 08:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: Received disconnect from 102.68.84.2 port 32920:11: Bye Bye [preauth]
Oct 14 08:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: Disconnected from 102.68.84.2 port 32920 [preauth]
Oct 14 08:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18901]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54  user=root
Oct 14 08:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19743]: Failed password for root from 138.204.127.54 port 44603 ssh2
Oct 14 08:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19743]: Received disconnect from 138.204.127.54 port 44603:11: Bye Bye [preauth]
Oct 14 08:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19743]: Disconnected from 138.204.127.54 port 44603 [preauth]
Oct 14 08:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19833]: Did not receive identification string from 146.190.225.91
Oct 14 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: Invalid user radio from 104.223.122.114
Oct 14 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: input_userauth_request: invalid user radio [preauth]
Oct 14 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19845]: Invalid user ts3 from 137.184.72.181
Oct 14 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19845]: input_userauth_request: invalid user ts3 [preauth]
Oct 14 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19845]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 08:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: Failed password for invalid user radio from 104.223.122.114 port 35264 ssh2
Oct 14 08:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: Received disconnect from 104.223.122.114 port 35264:11: Bye Bye [preauth]
Oct 14 08:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: Disconnected from 104.223.122.114 port 35264 [preauth]
Oct 14 08:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19845]: Failed password for invalid user ts3 from 137.184.72.181 port 47350 ssh2
Oct 14 08:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19845]: Received disconnect from 137.184.72.181 port 47350:11: Bye Bye [preauth]
Oct 14 08:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19845]: Disconnected from 137.184.72.181 port 47350 [preauth]
Oct 14 08:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17620]: pam_unix(cron:session): session closed for user root
Oct 14 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19956]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19958]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19955]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19957]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19958]: pam_unix(cron:session): session closed for user root
Oct 14 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19953]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20062]: Successful su for rubyman by root
Oct 14 08:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20062]: + ??? root:rubyman
Oct 14 08:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410123 of user rubyman.
Oct 14 08:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20062]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410123.
Oct 14 08:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19955]: pam_unix(cron:session): session closed for user root
Oct 14 08:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16170]: pam_unix(cron:session): session closed for user root
Oct 14 08:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19954]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: Invalid user master from 196.251.84.92
Oct 14 08:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: input_userauth_request: invalid user master [preauth]
Oct 14 08:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: Failed password for invalid user master from 196.251.84.92 port 48600 ssh2
Oct 14 08:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: Connection closed by 196.251.84.92 port 48600 [preauth]
Oct 14 08:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20386]: Invalid user guest from 196.251.84.140
Oct 14 08:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20386]: input_userauth_request: invalid user guest [preauth]
Oct 14 08:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20386]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20386]: Failed password for invalid user guest from 196.251.84.140 port 40812 ssh2
Oct 14 08:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20386]: Connection closed by 196.251.84.140 port 40812 [preauth]
Oct 14 08:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18295]: pam_unix(cron:session): session closed for user root
Oct 14 08:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: Invalid user radio from 102.68.84.2
Oct 14 08:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: input_userauth_request: invalid user radio [preauth]
Oct 14 08:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: Failed password for invalid user radio from 102.68.84.2 port 33602 ssh2
Oct 14 08:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: Received disconnect from 102.68.84.2 port 33602:11: Bye Bye [preauth]
Oct 14 08:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: Disconnected from 102.68.84.2 port 33602 [preauth]
Oct 14 08:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: Invalid user dmdba from 137.184.72.181
Oct 14 08:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: input_userauth_request: invalid user dmdba [preauth]
Oct 14 08:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 08:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: Failed password for invalid user dmdba from 137.184.72.181 port 38256 ssh2
Oct 14 08:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: Received disconnect from 137.184.72.181 port 38256:11: Bye Bye [preauth]
Oct 14 08:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: Disconnected from 137.184.72.181 port 38256 [preauth]
Oct 14 08:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: Invalid user qclinux from 104.223.122.114
Oct 14 08:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: input_userauth_request: invalid user qclinux [preauth]
Oct 14 08:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91  user=root
Oct 14 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20538]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20537]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20534]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: Failed password for invalid user qclinux from 104.223.122.114 port 39830 ssh2
Oct 14 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: Received disconnect from 104.223.122.114 port 39830:11: Bye Bye [preauth]
Oct 14 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: Disconnected from 104.223.122.114 port 39830 [preauth]
Oct 14 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: Invalid user aaaa from 138.204.127.54
Oct 14 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: input_userauth_request: invalid user aaaa [preauth]
Oct 14 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 08:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20613]: Successful su for rubyman by root
Oct 14 08:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20613]: + ??? root:rubyman
Oct 14 08:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410125 of user rubyman.
Oct 14 08:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20613]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410125.
Oct 14 08:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20520]: Failed password for root from 146.190.225.91 port 38846 ssh2
Oct 14 08:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20520]: Connection closed by 146.190.225.91 port 38846 [preauth]
Oct 14 08:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: Failed password for invalid user aaaa from 138.204.127.54 port 60919 ssh2
Oct 14 08:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: Received disconnect from 138.204.127.54 port 60919:11: Bye Bye [preauth]
Oct 14 08:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: Disconnected from 138.204.127.54 port 60919 [preauth]
Oct 14 08:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: Invalid user prod from 101.36.116.29
Oct 14 08:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: input_userauth_request: invalid user prod [preauth]
Oct 14 08:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 08:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: Failed password for invalid user prod from 101.36.116.29 port 54126 ssh2
Oct 14 08:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: Received disconnect from 101.36.116.29 port 54126:11: Bye Bye [preauth]
Oct 14 08:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: Disconnected from 101.36.116.29 port 54126 [preauth]
Oct 14 08:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16647]: pam_unix(cron:session): session closed for user root
Oct 14 08:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20536]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18903]: pam_unix(cron:session): session closed for user root
Oct 14 08:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Invalid user master from 196.251.84.92
Oct 14 08:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: input_userauth_request: invalid user master [preauth]
Oct 14 08:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Failed password for invalid user master from 196.251.84.92 port 32980 ssh2
Oct 14 08:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Connection closed by 196.251.84.92 port 32980 [preauth]
Oct 14 08:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91  user=root
Oct 14 08:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: Failed password for root from 146.190.225.91 port 48352 ssh2
Oct 14 08:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: Connection closed by 146.190.225.91 port 48352 [preauth]
Oct 14 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21003]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21002]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21001]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21000]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21000]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21077]: Successful su for rubyman by root
Oct 14 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21077]: + ??? root:rubyman
Oct 14 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410132 of user rubyman.
Oct 14 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21077]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410132.
Oct 14 08:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17148]: pam_unix(cron:session): session closed for user root
Oct 14 08:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21001]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: Invalid user ts3 from 137.184.72.181
Oct 14 08:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: input_userauth_request: invalid user ts3 [preauth]
Oct 14 08:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 08:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: Failed password for invalid user ts3 from 137.184.72.181 port 36298 ssh2
Oct 14 08:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: Received disconnect from 137.184.72.181 port 36298:11: Bye Bye [preauth]
Oct 14 08:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21386]: Disconnected from 137.184.72.181 port 36298 [preauth]
Oct 14 08:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: Invalid user test01 from 104.223.122.114
Oct 14 08:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: input_userauth_request: invalid user test01 [preauth]
Oct 14 08:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: Failed password for invalid user test01 from 104.223.122.114 port 44396 ssh2
Oct 14 08:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: Received disconnect from 104.223.122.114 port 44396:11: Bye Bye [preauth]
Oct 14 08:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: Disconnected from 104.223.122.114 port 44396 [preauth]
Oct 14 08:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91  user=root
Oct 14 08:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19957]: pam_unix(cron:session): session closed for user root
Oct 14 08:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21427]: Failed password for root from 146.190.225.91 port 34776 ssh2
Oct 14 08:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: Invalid user user from 102.68.84.2
Oct 14 08:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: input_userauth_request: invalid user user [preauth]
Oct 14 08:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21427]: Connection closed by 146.190.225.91 port 34776 [preauth]
Oct 14 08:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: Failed password for invalid user user from 102.68.84.2 port 49718 ssh2
Oct 14 08:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: Received disconnect from 102.68.84.2 port 49718:11: Bye Bye [preauth]
Oct 14 08:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: Disconnected from 102.68.84.2 port 49718 [preauth]
Oct 14 08:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54  user=root
Oct 14 08:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21473]: Failed password for root from 138.204.127.54 port 49005 ssh2
Oct 14 08:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21473]: Received disconnect from 138.204.127.54 port 49005:11: Bye Bye [preauth]
Oct 14 08:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21473]: Disconnected from 138.204.127.54 port 49005 [preauth]
Oct 14 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21522]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21521]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21519]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21606]: Successful su for rubyman by root
Oct 14 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21606]: + ??? root:rubyman
Oct 14 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410133 of user rubyman.
Oct 14 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21606]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: Invalid user ubuntu from 101.36.116.29
Oct 14 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410133.
Oct 14 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: Failed password for invalid user ubuntu from 101.36.116.29 port 55558 ssh2
Oct 14 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: Received disconnect from 101.36.116.29 port 55558:11: Bye Bye [preauth]
Oct 14 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: Disconnected from 101.36.116.29 port 55558 [preauth]
Oct 14 08:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: Invalid user master from 196.251.84.92
Oct 14 08:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: input_userauth_request: invalid user master [preauth]
Oct 14 08:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: Failed password for invalid user master from 196.251.84.92 port 45608 ssh2
Oct 14 08:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21672]: Connection closed by 196.251.84.92 port 45608 [preauth]
Oct 14 08:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17619]: pam_unix(cron:session): session closed for user root
Oct 14 08:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21520]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91  user=root
Oct 14 08:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21883]: Failed password for root from 146.190.225.91 port 46454 ssh2
Oct 14 08:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21883]: Connection closed by 146.190.225.91 port 46454 [preauth]
Oct 14 08:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20538]: pam_unix(cron:session): session closed for user root
Oct 14 08:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21940]: Invalid user test01 from 137.184.72.181
Oct 14 08:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21940]: input_userauth_request: invalid user test01 [preauth]
Oct 14 08:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21940]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 08:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: Invalid user guest from 196.251.84.140
Oct 14 08:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: input_userauth_request: invalid user guest [preauth]
Oct 14 08:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21940]: Failed password for invalid user test01 from 137.184.72.181 port 59538 ssh2
Oct 14 08:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21940]: Received disconnect from 137.184.72.181 port 59538:11: Bye Bye [preauth]
Oct 14 08:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21940]: Disconnected from 137.184.72.181 port 59538 [preauth]
Oct 14 08:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: Failed password for invalid user guest from 196.251.84.140 port 35792 ssh2
Oct 14 08:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: Connection closed by 196.251.84.140 port 35792 [preauth]
Oct 14 08:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: Invalid user steam from 104.223.122.114
Oct 14 08:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: input_userauth_request: invalid user steam [preauth]
Oct 14 08:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: Failed password for invalid user steam from 104.223.122.114 port 48962 ssh2
Oct 14 08:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: Received disconnect from 104.223.122.114 port 48962:11: Bye Bye [preauth]
Oct 14 08:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: Disconnected from 104.223.122.114 port 48962 [preauth]
Oct 14 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22008]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22006]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22004]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22081]: Successful su for rubyman by root
Oct 14 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22081]: + ??? root:rubyman
Oct 14 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410137 of user rubyman.
Oct 14 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22081]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410137.
Oct 14 08:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18294]: pam_unix(cron:session): session closed for user root
Oct 14 08:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91  user=root
Oct 14 08:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22005]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: Failed password for root from 146.190.225.91 port 50944 ssh2
Oct 14 08:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: Connection closed by 146.190.225.91 port 50944 [preauth]
Oct 14 08:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54  user=root
Oct 14 08:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2  user=root
Oct 14 08:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22379]: Failed password for root from 138.204.127.54 port 37087 ssh2
Oct 14 08:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22384]: Failed password for root from 102.68.84.2 port 60556 ssh2
Oct 14 08:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22379]: Received disconnect from 138.204.127.54 port 37087:11: Bye Bye [preauth]
Oct 14 08:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22379]: Disconnected from 138.204.127.54 port 37087 [preauth]
Oct 14 08:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22384]: Received disconnect from 102.68.84.2 port 60556:11: Bye Bye [preauth]
Oct 14 08:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22384]: Disconnected from 102.68.84.2 port 60556 [preauth]
Oct 14 08:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: Invalid user master from 196.251.84.92
Oct 14 08:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: input_userauth_request: invalid user master [preauth]
Oct 14 08:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: Failed password for invalid user master from 196.251.84.92 port 58268 ssh2
Oct 14 08:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: Connection closed by 196.251.84.92 port 58268 [preauth]
Oct 14 08:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21003]: pam_unix(cron:session): session closed for user root
Oct 14 08:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22496]: Invalid user share from 101.36.116.29
Oct 14 08:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22496]: input_userauth_request: invalid user share [preauth]
Oct 14 08:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22496]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 08:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22496]: Failed password for invalid user share from 101.36.116.29 port 44856 ssh2
Oct 14 08:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22496]: Received disconnect from 101.36.116.29 port 44856:11: Bye Bye [preauth]
Oct 14 08:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22496]: Disconnected from 101.36.116.29 port 44856 [preauth]
Oct 14 08:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Invalid user ftptest from 137.184.72.181
Oct 14 08:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 08:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 08:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Failed password for invalid user ftptest from 137.184.72.181 port 56062 ssh2
Oct 14 08:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Received disconnect from 137.184.72.181 port 56062:11: Bye Bye [preauth]
Oct 14 08:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22508]: Disconnected from 137.184.72.181 port 56062 [preauth]
Oct 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22518]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22515]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22516]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22514]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22517]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22518]: pam_unix(cron:session): session closed for user root
Oct 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22512]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22607]: Successful su for rubyman by root
Oct 14 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22607]: + ??? root:rubyman
Oct 14 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410141 of user rubyman.
Oct 14 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22607]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410141.
Oct 14 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91  user=root
Oct 14 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: Invalid user azureuser from 104.223.122.114
Oct 14 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: input_userauth_request: invalid user azureuser [preauth]
Oct 14 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22587]: Failed password for root from 146.190.225.91 port 57358 ssh2
Oct 14 08:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22587]: Connection closed by 146.190.225.91 port 57358 [preauth]
Oct 14 08:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: Failed password for invalid user azureuser from 104.223.122.114 port 53526 ssh2
Oct 14 08:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: Received disconnect from 104.223.122.114 port 53526:11: Bye Bye [preauth]
Oct 14 08:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: Disconnected from 104.223.122.114 port 53526 [preauth]
Oct 14 08:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22515]: pam_unix(cron:session): session closed for user root
Oct 14 08:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18902]: pam_unix(cron:session): session closed for user root
Oct 14 08:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22514]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21522]: pam_unix(cron:session): session closed for user root
Oct 14 08:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23457]: Invalid user master from 196.251.84.92
Oct 14 08:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23457]: input_userauth_request: invalid user master [preauth]
Oct 14 08:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23457]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23457]: Failed password for invalid user master from 196.251.84.92 port 42650 ssh2
Oct 14 08:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23457]: Connection closed by 196.251.84.92 port 42650 [preauth]
Oct 14 08:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91  user=root
Oct 14 08:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Failed password for root from 146.190.225.91 port 53172 ssh2
Oct 14 08:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23516]: Connection closed by 146.190.225.91 port 53172 [preauth]
Oct 14 08:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54  user=root
Oct 14 08:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: Failed password for root from 138.204.127.54 port 53428 ssh2
Oct 14 08:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: Received disconnect from 138.204.127.54 port 53428:11: Bye Bye [preauth]
Oct 14 08:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: Disconnected from 138.204.127.54 port 53428 [preauth]
Oct 14 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23740]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23741]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23577]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23830]: Successful su for rubyman by root
Oct 14 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23830]: + ??? root:rubyman
Oct 14 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410147 of user rubyman.
Oct 14 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23830]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410147.
Oct 14 08:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: Invalid user steam from 102.68.84.2
Oct 14 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: input_userauth_request: invalid user steam [preauth]
Oct 14 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: Failed password for invalid user steam from 102.68.84.2 port 59080 ssh2
Oct 14 08:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: Received disconnect from 102.68.84.2 port 59080:11: Bye Bye [preauth]
Oct 14 08:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: Disconnected from 102.68.84.2 port 59080 [preauth]
Oct 14 08:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19956]: pam_unix(cron:session): session closed for user root
Oct 14 08:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: Invalid user azureuser from 137.184.72.181
Oct 14 08:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: input_userauth_request: invalid user azureuser [preauth]
Oct 14 08:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 08:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23582]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: Failed password for invalid user azureuser from 137.184.72.181 port 42128 ssh2
Oct 14 08:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: Received disconnect from 137.184.72.181 port 42128:11: Bye Bye [preauth]
Oct 14 08:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: Disconnected from 137.184.72.181 port 42128 [preauth]
Oct 14 08:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: Invalid user builduser from 104.223.122.114
Oct 14 08:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: input_userauth_request: invalid user builduser [preauth]
Oct 14 08:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: Failed password for invalid user builduser from 104.223.122.114 port 58090 ssh2
Oct 14 08:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: Received disconnect from 104.223.122.114 port 58090:11: Bye Bye [preauth]
Oct 14 08:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: Disconnected from 104.223.122.114 port 58090 [preauth]
Oct 14 08:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22008]: pam_unix(cron:session): session closed for user root
Oct 14 08:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29  user=root
Oct 14 08:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91  user=root
Oct 14 08:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Failed password for root from 101.36.116.29 port 32848 ssh2
Oct 14 08:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Received disconnect from 101.36.116.29 port 32848:11: Bye Bye [preauth]
Oct 14 08:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Disconnected from 101.36.116.29 port 32848 [preauth]
Oct 14 08:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: Failed password for root from 146.190.225.91 port 57404 ssh2
Oct 14 08:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24212]: Connection closed by 146.190.225.91 port 57404 [preauth]
Oct 14 08:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Invalid user guest from 196.251.84.140
Oct 14 08:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: input_userauth_request: invalid user guest [preauth]
Oct 14 08:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Failed password for invalid user guest from 196.251.84.140 port 55614 ssh2
Oct 14 08:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Connection closed by 196.251.84.140 port 55614 [preauth]
Oct 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24288]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24287]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24281]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24281]: pam_unix(cron:session): session closed for user root
Oct 14 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24284]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24371]: Successful su for rubyman by root
Oct 14 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24371]: + ??? root:rubyman
Oct 14 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410153 of user rubyman.
Oct 14 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24371]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410153.
Oct 14 08:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24469]: Invalid user search from 196.251.84.92
Oct 14 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24469]: input_userauth_request: invalid user search [preauth]
Oct 14 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24469]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24469]: Failed password for invalid user search from 196.251.84.92 port 55166 ssh2
Oct 14 08:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24469]: Connection closed by 196.251.84.92 port 55166 [preauth]
Oct 14 08:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20537]: pam_unix(cron:session): session closed for user root
Oct 14 08:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24285]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91  user=root
Oct 14 08:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Failed password for root from 146.190.225.91 port 38034 ssh2
Oct 14 08:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Connection closed by 146.190.225.91 port 38034 [preauth]
Oct 14 08:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181  user=root
Oct 14 08:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: Invalid user share from 138.204.127.54
Oct 14 08:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: input_userauth_request: invalid user share [preauth]
Oct 14 08:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 08:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: Failed password for root from 137.184.72.181 port 42648 ssh2
Oct 14 08:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: Received disconnect from 137.184.72.181 port 42648:11: Bye Bye [preauth]
Oct 14 08:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: Disconnected from 137.184.72.181 port 42648 [preauth]
Oct 14 08:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: Failed password for invalid user share from 138.204.127.54 port 41519 ssh2
Oct 14 08:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: Received disconnect from 138.204.127.54 port 41519:11: Bye Bye [preauth]
Oct 14 08:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24697]: Disconnected from 138.204.127.54 port 41519 [preauth]
Oct 14 08:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22517]: pam_unix(cron:session): session closed for user root
Oct 14 08:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Invalid user user01 from 104.223.122.114
Oct 14 08:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: input_userauth_request: invalid user user01 [preauth]
Oct 14 08:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Failed password for invalid user user01 from 104.223.122.114 port 34424 ssh2
Oct 14 08:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Received disconnect from 104.223.122.114 port 34424:11: Bye Bye [preauth]
Oct 14 08:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Disconnected from 104.223.122.114 port 34424 [preauth]
Oct 14 08:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24783]: Invalid user  from 66.240.192.82
Oct 14 08:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24783]: input_userauth_request: invalid user  [preauth]
Oct 14 08:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24783]: Connection closed by 66.240.192.82 port 42099 [preauth]
Oct 14 08:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24781]: Invalid user admin from 102.68.84.2
Oct 14 08:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24781]: input_userauth_request: invalid user admin [preauth]
Oct 14 08:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24781]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24781]: Failed password for invalid user admin from 102.68.84.2 port 60952 ssh2
Oct 14 08:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24781]: Received disconnect from 102.68.84.2 port 60952:11: Bye Bye [preauth]
Oct 14 08:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24781]: Disconnected from 102.68.84.2 port 60952 [preauth]
Oct 14 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24808]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24809]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24810]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24807]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24807]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24873]: Successful su for rubyman by root
Oct 14 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24873]: + ??? root:rubyman
Oct 14 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410158 of user rubyman.
Oct 14 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24873]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410158.
Oct 14 08:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21002]: pam_unix(cron:session): session closed for user root
Oct 14 08:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91  user=root
Oct 14 08:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24808]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: Failed password for root from 146.190.225.91 port 52164 ssh2
Oct 14 08:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25112]: Connection closed by 146.190.225.91 port 52164 [preauth]
Oct 14 08:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: Invalid user search from 196.251.84.92
Oct 14 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: input_userauth_request: invalid user search [preauth]
Oct 14 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: Failed password for invalid user search from 196.251.84.92 port 39302 ssh2
Oct 14 08:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: Connection closed by 196.251.84.92 port 39302 [preauth]
Oct 14 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: Invalid user asta from 101.36.116.29
Oct 14 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: input_userauth_request: invalid user asta [preauth]
Oct 14 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: Failed password for invalid user asta from 101.36.116.29 port 53968 ssh2
Oct 14 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: Received disconnect from 101.36.116.29 port 53968:11: Bye Bye [preauth]
Oct 14 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: Disconnected from 101.36.116.29 port 53968 [preauth]
Oct 14 08:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23741]: pam_unix(cron:session): session closed for user root
Oct 14 08:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: Invalid user builduser from 137.184.72.181
Oct 14 08:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: input_userauth_request: invalid user builduser [preauth]
Oct 14 08:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 08:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: Failed password for invalid user builduser from 137.184.72.181 port 60664 ssh2
Oct 14 08:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: Received disconnect from 137.184.72.181 port 60664:11: Bye Bye [preauth]
Oct 14 08:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: Disconnected from 137.184.72.181 port 60664 [preauth]
Oct 14 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25530]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25531]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25527]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114  user=root
Oct 14 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25605]: Successful su for rubyman by root
Oct 14 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25605]: + ??? root:rubyman
Oct 14 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25605]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410162 of user rubyman.
Oct 14 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25605]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410162.
Oct 14 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: Failed password for root from 104.223.122.114 port 38992 ssh2
Oct 14 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: Received disconnect from 104.223.122.114 port 38992:11: Bye Bye [preauth]
Oct 14 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: Disconnected from 104.223.122.114 port 38992 [preauth]
Oct 14 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91  user=root
Oct 14 08:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25635]: Failed password for root from 146.190.225.91 port 41854 ssh2
Oct 14 08:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25635]: Connection closed by 146.190.225.91 port 41854 [preauth]
Oct 14 08:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21521]: pam_unix(cron:session): session closed for user root
Oct 14 08:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25791]: Invalid user kdh from 138.204.127.54
Oct 14 08:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25791]: input_userauth_request: invalid user kdh [preauth]
Oct 14 08:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25791]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.127.54
Oct 14 08:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25791]: Failed password for invalid user kdh from 138.204.127.54 port 57836 ssh2
Oct 14 08:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25791]: Received disconnect from 138.204.127.54 port 57836:11: Bye Bye [preauth]
Oct 14 08:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25791]: Disconnected from 138.204.127.54 port 57836 [preauth]
Oct 14 08:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25529]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Invalid user teamspeak from 102.68.84.2
Oct 14 08:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: input_userauth_request: invalid user teamspeak [preauth]
Oct 14 08:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Failed password for invalid user teamspeak from 102.68.84.2 port 33424 ssh2
Oct 14 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Received disconnect from 102.68.84.2 port 33424:11: Bye Bye [preauth]
Oct 14 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Disconnected from 102.68.84.2 port 33424 [preauth]
Oct 14 08:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24288]: pam_unix(cron:session): session closed for user root
Oct 14 08:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: Invalid user search from 196.251.84.92
Oct 14 08:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: input_userauth_request: invalid user search [preauth]
Oct 14 08:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: Failed password for invalid user search from 196.251.84.92 port 51674 ssh2
Oct 14 08:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: Connection closed by 196.251.84.92 port 51674 [preauth]
Oct 14 08:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91  user=root
Oct 14 08:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26074]: Failed password for root from 146.190.225.91 port 51102 ssh2
Oct 14 08:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26074]: Connection closed by 146.190.225.91 port 51102 [preauth]
Oct 14 08:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Invalid user guest from 196.251.84.140
Oct 14 08:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: input_userauth_request: invalid user guest [preauth]
Oct 14 08:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26107]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26106]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26104]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26103]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26107]: pam_unix(cron:session): session closed for user root
Oct 14 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26100]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Failed password for invalid user guest from 196.251.84.140 port 48858 ssh2
Oct 14 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Connection closed by 196.251.84.140 port 48858 [preauth]
Oct 14 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26182]: Successful su for rubyman by root
Oct 14 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26182]: + ??? root:rubyman
Oct 14 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410165 of user rubyman.
Oct 14 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26182]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410165.
Oct 14 08:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: Invalid user user01 from 137.184.72.181
Oct 14 08:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: input_userauth_request: invalid user user01 [preauth]
Oct 14 08:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 08:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: Failed password for invalid user user01 from 137.184.72.181 port 37418 ssh2
Oct 14 08:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: Received disconnect from 137.184.72.181 port 37418:11: Bye Bye [preauth]
Oct 14 08:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: Disconnected from 137.184.72.181 port 37418 [preauth]
Oct 14 08:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26103]: pam_unix(cron:session): session closed for user root
Oct 14 08:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22006]: pam_unix(cron:session): session closed for user root
Oct 14 08:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: Invalid user vishal from 104.223.122.114
Oct 14 08:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: input_userauth_request: invalid user vishal [preauth]
Oct 14 08:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: Failed password for invalid user vishal from 104.223.122.114 port 43560 ssh2
Oct 14 08:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: Received disconnect from 104.223.122.114 port 43560:11: Bye Bye [preauth]
Oct 14 08:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26518]: Disconnected from 104.223.122.114 port 43560 [preauth]
Oct 14 08:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26102]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: Invalid user bob from 101.36.116.29
Oct 14 08:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: input_userauth_request: invalid user bob [preauth]
Oct 14 08:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 08:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: Failed password for invalid user bob from 101.36.116.29 port 40998 ssh2
Oct 14 08:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: Received disconnect from 101.36.116.29 port 40998:11: Bye Bye [preauth]
Oct 14 08:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26557]: Disconnected from 101.36.116.29 port 40998 [preauth]
Oct 14 08:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26606]: Did not receive identification string from 80.211.129.128
Oct 14 08:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91  user=root
Oct 14 08:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24810]: pam_unix(cron:session): session closed for user root
Oct 14 08:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26630]: Failed password for root from 146.190.225.91 port 36366 ssh2
Oct 14 08:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26630]: Connection closed by 146.190.225.91 port 36366 [preauth]
Oct 14 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26725]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26728]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26723]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26835]: Successful su for rubyman by root
Oct 14 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26835]: + ??? root:rubyman
Oct 14 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26835]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410173 of user rubyman.
Oct 14 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26835]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410173.
Oct 14 08:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: Invalid user search from 196.251.84.92
Oct 14 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: input_userauth_request: invalid user search [preauth]
Oct 14 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Invalid user alex from 102.68.84.2
Oct 14 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: input_userauth_request: invalid user alex [preauth]
Oct 14 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Failed password for invalid user alex from 102.68.84.2 port 49098 ssh2
Oct 14 08:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: Failed password for invalid user search from 196.251.84.92 port 35738 ssh2
Oct 14 08:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: Connection closed by 196.251.84.92 port 35738 [preauth]
Oct 14 08:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Received disconnect from 102.68.84.2 port 49098:11: Bye Bye [preauth]
Oct 14 08:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Disconnected from 102.68.84.2 port 49098 [preauth]
Oct 14 08:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22516]: pam_unix(cron:session): session closed for user root
Oct 14 08:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181  user=root
Oct 14 08:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26724]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27275]: Failed password for root from 137.184.72.181 port 42040 ssh2
Oct 14 08:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27275]: Received disconnect from 137.184.72.181 port 42040:11: Bye Bye [preauth]
Oct 14 08:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27275]: Disconnected from 137.184.72.181 port 42040 [preauth]
Oct 14 08:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91  user=root
Oct 14 08:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: Failed password for root from 146.190.225.91 port 51724 ssh2
Oct 14 08:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: Connection closed by 146.190.225.91 port 51724 [preauth]
Oct 14 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: Invalid user teamspeak from 104.223.122.114
Oct 14 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: input_userauth_request: invalid user teamspeak [preauth]
Oct 14 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: Failed password for invalid user teamspeak from 104.223.122.114 port 48124 ssh2
Oct 14 08:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: Received disconnect from 104.223.122.114 port 48124:11: Bye Bye [preauth]
Oct 14 08:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: Disconnected from 104.223.122.114 port 48124 [preauth]
Oct 14 08:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25531]: pam_unix(cron:session): session closed for user root
Oct 14 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27425]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27426]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27422]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27517]: Successful su for rubyman by root
Oct 14 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27517]: + ??? root:rubyman
Oct 14 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410176 of user rubyman.
Oct 14 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27517]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410176.
Oct 14 08:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23740]: pam_unix(cron:session): session closed for user root
Oct 14 08:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: Invalid user grafana from 101.36.116.29
Oct 14 08:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: input_userauth_request: invalid user grafana [preauth]
Oct 14 08:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29
Oct 14 08:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91  user=root
Oct 14 08:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: Failed password for invalid user grafana from 101.36.116.29 port 51534 ssh2
Oct 14 08:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: Received disconnect from 101.36.116.29 port 51534:11: Bye Bye [preauth]
Oct 14 08:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28003]: Disconnected from 101.36.116.29 port 51534 [preauth]
Oct 14 08:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: Failed password for root from 146.190.225.91 port 34204 ssh2
Oct 14 08:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: Connection closed by 146.190.225.91 port 34204 [preauth]
Oct 14 08:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27424]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28067]: Invalid user search from 196.251.84.92
Oct 14 08:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28067]: input_userauth_request: invalid user search [preauth]
Oct 14 08:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28067]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28067]: Failed password for invalid user search from 196.251.84.92 port 47838 ssh2
Oct 14 08:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28067]: Connection closed by 196.251.84.92 port 47838 [preauth]
Oct 14 08:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: Invalid user vishal from 137.184.72.181
Oct 14 08:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: input_userauth_request: invalid user vishal [preauth]
Oct 14 08:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 08:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: Failed password for invalid user vishal from 137.184.72.181 port 42776 ssh2
Oct 14 08:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: Received disconnect from 137.184.72.181 port 42776:11: Bye Bye [preauth]
Oct 14 08:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: Disconnected from 137.184.72.181 port 42776 [preauth]
Oct 14 08:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26106]: pam_unix(cron:session): session closed for user root
Oct 14 08:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: Invalid user administrator from 102.68.84.2
Oct 14 08:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: input_userauth_request: invalid user administrator [preauth]
Oct 14 08:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: Failed password for invalid user administrator from 102.68.84.2 port 56068 ssh2
Oct 14 08:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: Received disconnect from 102.68.84.2 port 56068:11: Bye Bye [preauth]
Oct 14 08:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: Disconnected from 102.68.84.2 port 56068 [preauth]
Oct 14 08:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114  user=root
Oct 14 08:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Failed password for root from 104.223.122.114 port 52694 ssh2
Oct 14 08:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Received disconnect from 104.223.122.114 port 52694:11: Bye Bye [preauth]
Oct 14 08:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Disconnected from 104.223.122.114 port 52694 [preauth]
Oct 14 08:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91  user=root
Oct 14 08:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: Failed password for root from 146.190.225.91 port 57632 ssh2
Oct 14 08:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: Connection closed by 146.190.225.91 port 57632 [preauth]
Oct 14 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28219]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28218]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28217]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28216]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28216]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28288]: Successful su for rubyman by root
Oct 14 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28288]: + ??? root:rubyman
Oct 14 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410179 of user rubyman.
Oct 14 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28288]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410179.
Oct 14 08:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: Invalid user guest from 196.251.84.140
Oct 14 08:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: input_userauth_request: invalid user guest [preauth]
Oct 14 08:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24287]: pam_unix(cron:session): session closed for user root
Oct 14 08:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: Failed password for invalid user guest from 196.251.84.140 port 45308 ssh2
Oct 14 08:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: Connection closed by 196.251.84.140 port 45308 [preauth]
Oct 14 08:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28217]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26728]: pam_unix(cron:session): session closed for user root
Oct 14 08:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91  user=root
Oct 14 08:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Failed password for root from 146.190.225.91 port 40132 ssh2
Oct 14 08:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Connection closed by 146.190.225.91 port 40132 [preauth]
Oct 14 08:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28921]: Invalid user search from 196.251.84.92
Oct 14 08:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28921]: input_userauth_request: invalid user search [preauth]
Oct 14 08:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28921]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28921]: Failed password for invalid user search from 196.251.84.92 port 60010 ssh2
Oct 14 08:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28921]: Connection closed by 196.251.84.92 port 60010 [preauth]
Oct 14 08:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181  user=root
Oct 14 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29026]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29024]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29019]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: Failed password for root from 137.184.72.181 port 47528 ssh2
Oct 14 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: Received disconnect from 137.184.72.181 port 47528:11: Bye Bye [preauth]
Oct 14 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29015]: Disconnected from 137.184.72.181 port 47528 [preauth]
Oct 14 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29123]: Successful su for rubyman by root
Oct 14 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29123]: + ??? root:rubyman
Oct 14 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410183 of user rubyman.
Oct 14 08:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29123]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410183.
Oct 14 08:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.116.29  user=root
Oct 14 08:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: Failed password for root from 101.36.116.29 port 54706 ssh2
Oct 14 08:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: Received disconnect from 101.36.116.29 port 54706:11: Bye Bye [preauth]
Oct 14 08:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: Disconnected from 101.36.116.29 port 54706 [preauth]
Oct 14 08:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24809]: pam_unix(cron:session): session closed for user root
Oct 14 08:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Invalid user admin from 104.223.122.114
Oct 14 08:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: input_userauth_request: invalid user admin [preauth]
Oct 14 08:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29020]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Failed password for invalid user admin from 104.223.122.114 port 57264 ssh2
Oct 14 08:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Received disconnect from 104.223.122.114 port 57264:11: Bye Bye [preauth]
Oct 14 08:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Disconnected from 104.223.122.114 port 57264 [preauth]
Oct 14 08:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91  user=root
Oct 14 08:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: Invalid user user01 from 102.68.84.2
Oct 14 08:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: input_userauth_request: invalid user user01 [preauth]
Oct 14 08:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: Failed password for invalid user user01 from 102.68.84.2 port 33914 ssh2
Oct 14 08:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: Failed password for root from 146.190.225.91 port 45728 ssh2
Oct 14 08:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: Connection closed by 146.190.225.91 port 45728 [preauth]
Oct 14 08:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: Received disconnect from 102.68.84.2 port 33914:11: Bye Bye [preauth]
Oct 14 08:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29413]: Disconnected from 102.68.84.2 port 33914 [preauth]
Oct 14 08:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27426]: pam_unix(cron:session): session closed for user root
Oct 14 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29554]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29552]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29555]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29551]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29553]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29550]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29555]: pam_unix(cron:session): session closed for user root
Oct 14 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29550]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29644]: Successful su for rubyman by root
Oct 14 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29644]: + ??? root:rubyman
Oct 14 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410188 of user rubyman.
Oct 14 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29644]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410188.
Oct 14 08:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29761]: Invalid user search from 196.251.84.92
Oct 14 08:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29761]: input_userauth_request: invalid user search [preauth]
Oct 14 08:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29552]: pam_unix(cron:session): session closed for user root
Oct 14 08:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29761]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25530]: pam_unix(cron:session): session closed for user root
Oct 14 08:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29761]: Failed password for invalid user search from 196.251.84.92 port 43660 ssh2
Oct 14 08:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29761]: Connection closed by 196.251.84.92 port 43660 [preauth]
Oct 14 08:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29896]: Invalid user admin from 146.190.225.91
Oct 14 08:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29896]: input_userauth_request: invalid user admin [preauth]
Oct 14 08:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29896]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91
Oct 14 08:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29896]: Failed password for invalid user admin from 146.190.225.91 port 38158 ssh2
Oct 14 08:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29896]: Connection closed by 146.190.225.91 port 38158 [preauth]
Oct 14 08:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29551]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29965]: Invalid user teamspeak from 137.184.72.181
Oct 14 08:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29965]: input_userauth_request: invalid user teamspeak [preauth]
Oct 14 08:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29965]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.72.181
Oct 14 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29965]: Failed password for invalid user teamspeak from 137.184.72.181 port 59772 ssh2
Oct 14 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29965]: Received disconnect from 137.184.72.181 port 59772:11: Bye Bye [preauth]
Oct 14 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29965]: Disconnected from 137.184.72.181 port 59772 [preauth]
Oct 14 08:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28219]: pam_unix(cron:session): session closed for user root
Oct 14 08:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30032]: Invalid user dmdba from 104.223.122.114
Oct 14 08:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30032]: input_userauth_request: invalid user dmdba [preauth]
Oct 14 08:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30032]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30032]: Failed password for invalid user dmdba from 104.223.122.114 port 33600 ssh2
Oct 14 08:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30032]: Received disconnect from 104.223.122.114 port 33600:11: Bye Bye [preauth]
Oct 14 08:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30032]: Disconnected from 104.223.122.114 port 33600 [preauth]
Oct 14 08:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30097]: Invalid user admin from 146.190.225.91
Oct 14 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30097]: input_userauth_request: invalid user admin [preauth]
Oct 14 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30106]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30105]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30101]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30097]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91
Oct 14 08:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30193]: Successful su for rubyman by root
Oct 14 08:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30193]: + ??? root:rubyman
Oct 14 08:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410192 of user rubyman.
Oct 14 08:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30193]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410192.
Oct 14 08:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30097]: Failed password for invalid user admin from 146.190.225.91 port 52532 ssh2
Oct 14 08:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30097]: Connection closed by 146.190.225.91 port 52532 [preauth]
Oct 14 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: Invalid user ali from 102.68.84.2
Oct 14 08:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: input_userauth_request: invalid user ali [preauth]
Oct 14 08:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: Failed password for invalid user ali from 102.68.84.2 port 43862 ssh2
Oct 14 08:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: Received disconnect from 102.68.84.2 port 43862:11: Bye Bye [preauth]
Oct 14 08:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: Disconnected from 102.68.84.2 port 43862 [preauth]
Oct 14 08:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26104]: pam_unix(cron:session): session closed for user root
Oct 14 08:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30102]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: Invalid user guest from 196.251.84.140
Oct 14 08:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: input_userauth_request: invalid user guest [preauth]
Oct 14 08:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: Failed password for invalid user guest from 196.251.84.140 port 35052 ssh2
Oct 14 08:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30456]: Connection closed by 196.251.84.140 port 35052 [preauth]
Oct 14 08:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: Invalid user search from 196.251.84.92
Oct 14 08:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: input_userauth_request: invalid user search [preauth]
Oct 14 08:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: Failed password for invalid user search from 196.251.84.92 port 55658 ssh2
Oct 14 08:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: Connection closed by 196.251.84.92 port 55658 [preauth]
Oct 14 08:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29026]: pam_unix(cron:session): session closed for user root
Oct 14 08:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30666]: Invalid user admin from 146.190.225.91
Oct 14 08:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30666]: input_userauth_request: invalid user admin [preauth]
Oct 14 08:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30666]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91
Oct 14 08:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30666]: Failed password for invalid user admin from 146.190.225.91 port 56320 ssh2
Oct 14 08:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30666]: Connection closed by 146.190.225.91 port 56320 [preauth]
Oct 14 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30714]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30715]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30712]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Invalid user git from 104.223.122.114
Oct 14 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: input_userauth_request: invalid user git [preauth]
Oct 14 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.223.122.114
Oct 14 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30790]: Successful su for rubyman by root
Oct 14 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30790]: + ??? root:rubyman
Oct 14 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410196 of user rubyman.
Oct 14 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30790]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410196.
Oct 14 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Failed password for invalid user git from 104.223.122.114 port 38166 ssh2
Oct 14 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Received disconnect from 104.223.122.114 port 38166:11: Bye Bye [preauth]
Oct 14 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Disconnected from 104.223.122.114 port 38166 [preauth]
Oct 14 08:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26725]: pam_unix(cron:session): session closed for user root
Oct 14 08:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30713]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: Invalid user admin from 146.190.225.91
Oct 14 08:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: input_userauth_request: invalid user admin [preauth]
Oct 14 08:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91
Oct 14 08:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: Failed password for invalid user admin from 146.190.225.91 port 44892 ssh2
Oct 14 08:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: Connection closed by 146.190.225.91 port 44892 [preauth]
Oct 14 08:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29554]: pam_unix(cron:session): session closed for user root
Oct 14 08:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Invalid user debian from 102.68.84.2
Oct 14 08:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: input_userauth_request: invalid user debian [preauth]
Oct 14 08:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Failed password for invalid user debian from 102.68.84.2 port 45626 ssh2
Oct 14 08:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Received disconnect from 102.68.84.2 port 45626:11: Bye Bye [preauth]
Oct 14 08:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Disconnected from 102.68.84.2 port 45626 [preauth]
Oct 14 08:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Invalid user search from 196.251.84.92
Oct 14 08:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: input_userauth_request: invalid user search [preauth]
Oct 14 08:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Failed password for invalid user search from 196.251.84.92 port 39188 ssh2
Oct 14 08:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Connection closed by 196.251.84.92 port 39188 [preauth]
Oct 14 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31205]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31206]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31202]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31274]: Successful su for rubyman by root
Oct 14 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31274]: + ??? root:rubyman
Oct 14 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410202 of user rubyman.
Oct 14 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31274]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410202.
Oct 14 08:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31309]: Invalid user admin from 146.190.225.91
Oct 14 08:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31309]: input_userauth_request: invalid user admin [preauth]
Oct 14 08:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31309]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91
Oct 14 08:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31309]: Failed password for invalid user admin from 146.190.225.91 port 41212 ssh2
Oct 14 08:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31309]: Connection closed by 146.190.225.91 port 41212 [preauth]
Oct 14 08:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27425]: pam_unix(cron:session): session closed for user root
Oct 14 08:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31203]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30106]: pam_unix(cron:session): session closed for user root
Oct 14 08:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: Invalid user admin from 146.190.225.91
Oct 14 08:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: input_userauth_request: invalid user admin [preauth]
Oct 14 08:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91
Oct 14 08:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: Failed password for invalid user admin from 146.190.225.91 port 43018 ssh2
Oct 14 08:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: Connection closed by 146.190.225.91 port 43018 [preauth]
Oct 14 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31821]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31823]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31819]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31895]: Successful su for rubyman by root
Oct 14 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31895]: + ??? root:rubyman
Oct 14 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410206 of user rubyman.
Oct 14 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31895]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410206.
Oct 14 08:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31993]: Invalid user search from 196.251.84.92
Oct 14 08:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31993]: input_userauth_request: invalid user search [preauth]
Oct 14 08:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31993]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31993]: Failed password for invalid user search from 196.251.84.92 port 51076 ssh2
Oct 14 08:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31993]: Connection closed by 196.251.84.92 port 51076 [preauth]
Oct 14 08:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28218]: pam_unix(cron:session): session closed for user root
Oct 14 08:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31820]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: Invalid user ubuntu from 102.68.84.2
Oct 14 08:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 08:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: Failed password for invalid user ubuntu from 102.68.84.2 port 37898 ssh2
Oct 14 08:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: Received disconnect from 102.68.84.2 port 37898:11: Bye Bye [preauth]
Oct 14 08:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32245]: Disconnected from 102.68.84.2 port 37898 [preauth]
Oct 14 08:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32252]: Invalid user admin from 146.190.225.91
Oct 14 08:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32252]: input_userauth_request: invalid user admin [preauth]
Oct 14 08:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32252]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91
Oct 14 08:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32252]: Failed password for invalid user admin from 146.190.225.91 port 51138 ssh2
Oct 14 08:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32252]: Connection closed by 146.190.225.91 port 51138 [preauth]
Oct 14 08:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: Invalid user guest from 196.251.84.140
Oct 14 08:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: input_userauth_request: invalid user guest [preauth]
Oct 14 08:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: Failed password for invalid user guest from 196.251.84.140 port 60360 ssh2
Oct 14 08:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: Connection closed by 196.251.84.140 port 60360 [preauth]
Oct 14 08:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30715]: pam_unix(cron:session): session closed for user root
Oct 14 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32378]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32377]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32376]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32379]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32379]: pam_unix(cron:session): session closed for user root
Oct 14 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32374]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32452]: Successful su for rubyman by root
Oct 14 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32452]: + ??? root:rubyman
Oct 14 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410210 of user rubyman.
Oct 14 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32452]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410210.
Oct 14 08:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: Invalid user admin from 146.190.225.91
Oct 14 08:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: input_userauth_request: invalid user admin [preauth]
Oct 14 08:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.225.91
Oct 14 08:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32376]: pam_unix(cron:session): session closed for user root
Oct 14 08:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29024]: pam_unix(cron:session): session closed for user root
Oct 14 08:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: Failed password for invalid user admin from 146.190.225.91 port 36262 ssh2
Oct 14 08:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: Connection closed by 146.190.225.91 port 36262 [preauth]
Oct 14 08:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32375]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32746]: Invalid user search from 196.251.84.92
Oct 14 08:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32746]: input_userauth_request: invalid user search [preauth]
Oct 14 08:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32746]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32746]: Failed password for invalid user search from 196.251.84.92 port 34612 ssh2
Oct 14 08:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32746]: Connection closed by 196.251.84.92 port 34612 [preauth]
Oct 14 08:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31206]: pam_unix(cron:session): session closed for user root
Oct 14 08:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41  user=root
Oct 14 08:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[351]: Failed password for root from 34.57.181.41 port 53062 ssh2
Oct 14 08:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[351]: Received disconnect from 34.57.181.41 port 53062:11: Bye Bye [preauth]
Oct 14 08:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[351]: Disconnected from 34.57.181.41 port 53062 [preauth]
Oct 14 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[407]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[409]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[403]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[500]: Successful su for rubyman by root
Oct 14 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[500]: + ??? root:rubyman
Oct 14 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410214 of user rubyman.
Oct 14 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[500]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410214.
Oct 14 08:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Invalid user test1 from 102.68.84.2
Oct 14 08:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: input_userauth_request: invalid user test1 [preauth]
Oct 14 08:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Failed password for invalid user test1 from 102.68.84.2 port 57070 ssh2
Oct 14 08:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Received disconnect from 102.68.84.2 port 57070:11: Bye Bye [preauth]
Oct 14 08:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Disconnected from 102.68.84.2 port 57070 [preauth]
Oct 14 08:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29553]: pam_unix(cron:session): session closed for user root
Oct 14 08:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[406]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31823]: pam_unix(cron:session): session closed for user root
Oct 14 08:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: Invalid user search from 196.251.84.92
Oct 14 08:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: input_userauth_request: invalid user search [preauth]
Oct 14 08:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: Failed password for invalid user search from 196.251.84.92 port 46432 ssh2
Oct 14 08:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[883]: Connection closed by 196.251.84.92 port 46432 [preauth]
Oct 14 08:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Invalid user jboss from 106.13.69.159
Oct 14 08:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: input_userauth_request: invalid user jboss [preauth]
Oct 14 08:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.69.159
Oct 14 08:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Failed password for invalid user jboss from 106.13.69.159 port 34016 ssh2
Oct 14 08:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Received disconnect from 106.13.69.159 port 34016:11: Bye Bye [preauth]
Oct 14 08:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Disconnected from 106.13.69.159 port 34016 [preauth]
Oct 14 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[961]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[965]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[947]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1071]: Successful su for rubyman by root
Oct 14 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1071]: + ??? root:rubyman
Oct 14 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410220 of user rubyman.
Oct 14 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1071]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410220.
Oct 14 08:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30105]: pam_unix(cron:session): session closed for user root
Oct 14 08:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[960]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Invalid user guest from 196.251.84.140
Oct 14 08:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: input_userauth_request: invalid user guest [preauth]
Oct 14 08:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Failed password for invalid user guest from 196.251.84.140 port 49546 ssh2
Oct 14 08:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Connection closed by 196.251.84.140 port 49546 [preauth]
Oct 14 08:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32378]: pam_unix(cron:session): session closed for user root
Oct 14 08:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1411]: Did not receive identification string from 80.211.129.128
Oct 14 08:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: Invalid user ftpuser from 47.250.81.225
Oct 14 08:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 08:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.250.81.225
Oct 14 08:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: Failed password for invalid user ftpuser from 47.250.81.225 port 49682 ssh2
Oct 14 08:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: Received disconnect from 47.250.81.225 port 49682:11: Bye Bye [preauth]
Oct 14 08:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: Disconnected from 47.250.81.225 port 49682 [preauth]
Oct 14 08:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1476]: Invalid user dmdba from 102.68.84.2
Oct 14 08:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1476]: input_userauth_request: invalid user dmdba [preauth]
Oct 14 08:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1476]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1476]: Failed password for invalid user dmdba from 102.68.84.2 port 53574 ssh2
Oct 14 08:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1476]: Received disconnect from 102.68.84.2 port 53574:11: Bye Bye [preauth]
Oct 14 08:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1476]: Disconnected from 102.68.84.2 port 53574 [preauth]
Oct 14 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1491]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1492]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1489]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1568]: Successful su for rubyman by root
Oct 14 08:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1568]: + ??? root:rubyman
Oct 14 08:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410223 of user rubyman.
Oct 14 08:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1568]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410223.
Oct 14 08:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: Invalid user search from 196.251.84.92
Oct 14 08:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: input_userauth_request: invalid user search [preauth]
Oct 14 08:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: Invalid user couchdb from 118.70.128.176
Oct 14 08:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: input_userauth_request: invalid user couchdb [preauth]
Oct 14 08:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.128.176
Oct 14 08:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: Failed password for invalid user search from 196.251.84.92 port 58080 ssh2
Oct 14 08:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: Failed password for invalid user couchdb from 118.70.128.176 port 41795 ssh2
Oct 14 08:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30714]: pam_unix(cron:session): session closed for user root
Oct 14 08:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: Received disconnect from 118.70.128.176 port 41795:11: Bye Bye [preauth]
Oct 14 08:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: Disconnected from 118.70.128.176 port 41795 [preauth]
Oct 14 08:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: Connection closed by 196.251.84.92 port 58080 [preauth]
Oct 14 08:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1490]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[409]: pam_unix(cron:session): session closed for user root
Oct 14 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2074]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2075]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2071]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2145]: Successful su for rubyman by root
Oct 14 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2145]: + ??? root:rubyman
Oct 14 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410227 of user rubyman.
Oct 14 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2145]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410227.
Oct 14 08:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41  user=root
Oct 14 08:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Failed password for root from 34.57.181.41 port 53332 ssh2
Oct 14 08:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Received disconnect from 34.57.181.41 port 53332:11: Bye Bye [preauth]
Oct 14 08:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2230]: Disconnected from 34.57.181.41 port 53332 [preauth]
Oct 14 08:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31205]: pam_unix(cron:session): session closed for user root
Oct 14 08:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2072]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2392]: Invalid user ubuntu from 196.251.84.92
Oct 14 08:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2392]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 08:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2392]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2392]: Failed password for invalid user ubuntu from 196.251.84.92 port 41330 ssh2
Oct 14 08:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2392]: Connection closed by 196.251.84.92 port 41330 [preauth]
Oct 14 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2  user=root
Oct 14 08:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44  user=root
Oct 14 08:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2421]: Failed password for root from 102.68.84.2 port 34836 ssh2
Oct 14 08:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2421]: Received disconnect from 102.68.84.2 port 34836:11: Bye Bye [preauth]
Oct 14 08:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2421]: Disconnected from 102.68.84.2 port 34836 [preauth]
Oct 14 08:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 08:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin@mediuscorp.com@198.199.94.12 rhost=::ffff:79.124.49.146
Oct 14 08:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[965]: pam_unix(cron:session): session closed for user root
Oct 14 08:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2440]: Failed password for root from 123.58.196.44 port 53446 ssh2
Oct 14 08:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2440]: Received disconnect from 123.58.196.44 port 53446:11: Bye Bye [preauth]
Oct 14 08:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2440]: Disconnected from 123.58.196.44 port 53446 [preauth]
Oct 14 08:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 08:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin@mediuscorp.com rhost=::ffff:79.124.49.146
Oct 14 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2560]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2562]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2561]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2559]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2562]: pam_unix(cron:session): session closed for user root
Oct 14 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2556]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2550]: Did not receive identification string from 80.211.129.128
Oct 14 08:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2633]: Successful su for rubyman by root
Oct 14 08:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2633]: + ??? root:rubyman
Oct 14 08:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410232 of user rubyman.
Oct 14 08:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2633]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410232.
Oct 14 08:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2559]: pam_unix(cron:session): session closed for user root
Oct 14 08:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31821]: pam_unix(cron:session): session closed for user root
Oct 14 08:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2558]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: Invalid user wireguard from 34.57.181.41
Oct 14 08:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: input_userauth_request: invalid user wireguard [preauth]
Oct 14 08:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 08:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: Failed password for invalid user wireguard from 34.57.181.41 port 58022 ssh2
Oct 14 08:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: Received disconnect from 34.57.181.41 port 58022:11: Bye Bye [preauth]
Oct 14 08:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: Disconnected from 34.57.181.41 port 58022 [preauth]
Oct 14 08:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1492]: pam_unix(cron:session): session closed for user root
Oct 14 08:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: Invalid user ubuntu from 196.251.84.92
Oct 14 08:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 08:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: Invalid user guest from 196.251.84.140
Oct 14 08:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: input_userauth_request: invalid user guest [preauth]
Oct 14 08:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: Failed password for invalid user ubuntu from 196.251.84.92 port 53064 ssh2
Oct 14 08:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: Connection closed by 196.251.84.92 port 53064 [preauth]
Oct 14 08:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: Failed password for invalid user guest from 196.251.84.140 port 48428 ssh2
Oct 14 08:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: Connection closed by 196.251.84.140 port 48428 [preauth]
Oct 14 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3042]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3038]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3035]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3111]: Successful su for rubyman by root
Oct 14 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3111]: + ??? root:rubyman
Oct 14 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3111]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410237 of user rubyman.
Oct 14 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3111]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410237.
Oct 14 08:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Invalid user user from 62.60.131.157
Oct 14 08:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: input_userauth_request: invalid user user [preauth]
Oct 14 08:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 08:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32377]: pam_unix(cron:session): session closed for user root
Oct 14 08:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Failed password for invalid user user from 62.60.131.157 port 49595 ssh2
Oct 14 08:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Failed password for invalid user user from 62.60.131.157 port 49595 ssh2
Oct 14 08:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3036]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Failed password for invalid user user from 62.60.131.157 port 49595 ssh2
Oct 14 08:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: Invalid user dolphinscheduler from 45.41.207.223
Oct 14 08:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: input_userauth_request: invalid user dolphinscheduler [preauth]
Oct 14 08:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 08:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Failed password for invalid user user from 62.60.131.157 port 49595 ssh2
Oct 14 08:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3377]: Invalid user builduser from 102.68.84.2
Oct 14 08:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3377]: input_userauth_request: invalid user builduser [preauth]
Oct 14 08:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3377]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: Failed password for invalid user dolphinscheduler from 45.41.207.223 port 33178 ssh2
Oct 14 08:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: Received disconnect from 45.41.207.223 port 33178:11: Bye Bye [preauth]
Oct 14 08:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: Disconnected from 45.41.207.223 port 33178 [preauth]
Oct 14 08:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Failed password for invalid user user from 62.60.131.157 port 49595 ssh2
Oct 14 08:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3377]: Failed password for invalid user builduser from 102.68.84.2 port 54236 ssh2
Oct 14 08:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Received disconnect from 62.60.131.157 port 49595:11: Bye [preauth]
Oct 14 08:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Disconnected from 62.60.131.157 port 49595 [preauth]
Oct 14 08:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 08:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 08:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3377]: Received disconnect from 102.68.84.2 port 54236:11: Bye Bye [preauth]
Oct 14 08:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3377]: Disconnected from 102.68.84.2 port 54236 [preauth]
Oct 14 08:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2075]: pam_unix(cron:session): session closed for user root
Oct 14 08:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3486]: Invalid user ali from 34.57.181.41
Oct 14 08:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3486]: input_userauth_request: invalid user ali [preauth]
Oct 14 08:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3486]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 08:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3486]: Failed password for invalid user ali from 34.57.181.41 port 34494 ssh2
Oct 14 08:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3486]: Received disconnect from 34.57.181.41 port 34494:11: Bye Bye [preauth]
Oct 14 08:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3486]: Disconnected from 34.57.181.41 port 34494 [preauth]
Oct 14 08:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: Invalid user user from 118.70.128.176
Oct 14 08:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: input_userauth_request: invalid user user [preauth]
Oct 14 08:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.128.176
Oct 14 08:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: Failed password for invalid user user from 118.70.128.176 port 41830 ssh2
Oct 14 08:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: Received disconnect from 118.70.128.176 port 41830:11: Bye Bye [preauth]
Oct 14 08:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: Disconnected from 118.70.128.176 port 41830 [preauth]
Oct 14 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: Invalid user ubuntu from 196.251.84.92
Oct 14 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3521]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3518]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3515]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3589]: Successful su for rubyman by root
Oct 14 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3589]: + ??? root:rubyman
Oct 14 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410240 of user rubyman.
Oct 14 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3589]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410240.
Oct 14 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: Failed password for invalid user ubuntu from 196.251.84.92 port 36384 ssh2
Oct 14 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3509]: Connection closed by 196.251.84.92 port 36384 [preauth]
Oct 14 08:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[407]: pam_unix(cron:session): session closed for user root
Oct 14 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3721]: Invalid user wpyan from 123.58.196.44
Oct 14 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3721]: input_userauth_request: invalid user wpyan [preauth]
Oct 14 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3721]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44
Oct 14 08:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3775]: Invalid user dolphinscheduler from 143.198.71.38
Oct 14 08:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3775]: input_userauth_request: invalid user dolphinscheduler [preauth]
Oct 14 08:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3775]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 08:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3721]: Failed password for invalid user wpyan from 123.58.196.44 port 43916 ssh2
Oct 14 08:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3721]: Received disconnect from 123.58.196.44 port 43916:11: Bye Bye [preauth]
Oct 14 08:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3721]: Disconnected from 123.58.196.44 port 43916 [preauth]
Oct 14 08:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3775]: Failed password for invalid user dolphinscheduler from 143.198.71.38 port 43838 ssh2
Oct 14 08:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3775]: Received disconnect from 143.198.71.38 port 43838:11: Bye Bye [preauth]
Oct 14 08:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3775]: Disconnected from 143.198.71.38 port 43838 [preauth]
Oct 14 08:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3517]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2561]: pam_unix(cron:session): session closed for user root
Oct 14 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3968]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3967]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3965]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4051]: Successful su for rubyman by root
Oct 14 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4051]: + ??? root:rubyman
Oct 14 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410247 of user rubyman.
Oct 14 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4051]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410247.
Oct 14 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Invalid user sol from 102.68.84.2
Oct 14 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: input_userauth_request: invalid user sol [preauth]
Oct 14 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.68.84.2
Oct 14 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Failed password for invalid user sol from 102.68.84.2 port 33156 ssh2
Oct 14 08:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Received disconnect from 102.68.84.2 port 33156:11: Bye Bye [preauth]
Oct 14 08:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Disconnected from 102.68.84.2 port 33156 [preauth]
Oct 14 08:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[961]: pam_unix(cron:session): session closed for user root
Oct 14 08:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4305]: Invalid user wiki from 34.57.181.41
Oct 14 08:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4305]: input_userauth_request: invalid user wiki [preauth]
Oct 14 08:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4305]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 08:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4305]: Failed password for invalid user wiki from 34.57.181.41 port 39188 ssh2
Oct 14 08:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4305]: Received disconnect from 34.57.181.41 port 39188:11: Bye Bye [preauth]
Oct 14 08:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4305]: Disconnected from 34.57.181.41 port 39188 [preauth]
Oct 14 08:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3966]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: Invalid user ubuntu from 196.251.84.92
Oct 14 08:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 08:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: Failed password for invalid user ubuntu from 196.251.84.92 port 47644 ssh2
Oct 14 08:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: Connection closed by 196.251.84.92 port 47644 [preauth]
Oct 14 08:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3042]: pam_unix(cron:session): session closed for user root
Oct 14 08:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4454]: Invalid user guest from 196.251.84.140
Oct 14 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4454]: input_userauth_request: invalid user guest [preauth]
Oct 14 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4465]: Invalid user test01 from 45.41.207.223
Oct 14 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4465]: input_userauth_request: invalid user test01 [preauth]
Oct 14 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4465]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 08:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4454]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4465]: Failed password for invalid user test01 from 45.41.207.223 port 53748 ssh2
Oct 14 08:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4465]: Received disconnect from 45.41.207.223 port 53748:11: Bye Bye [preauth]
Oct 14 08:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4465]: Disconnected from 45.41.207.223 port 53748 [preauth]
Oct 14 08:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4454]: Failed password for invalid user guest from 196.251.84.140 port 38282 ssh2
Oct 14 08:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4454]: Connection closed by 196.251.84.140 port 38282 [preauth]
Oct 14 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4486]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4485]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4481]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4483]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4707]: Successful su for rubyman by root
Oct 14 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4707]: + ??? root:rubyman
Oct 14 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410248 of user rubyman.
Oct 14 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4707]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410248.
Oct 14 08:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4481]: pam_unix(cron:session): session closed for user root
Oct 14 08:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1491]: pam_unix(cron:session): session closed for user root
Oct 14 08:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44  user=root
Oct 14 08:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: Invalid user test1 from 143.198.71.38
Oct 14 08:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: input_userauth_request: invalid user test1 [preauth]
Oct 14 08:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 08:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: Failed password for root from 123.58.196.44 port 53662 ssh2
Oct 14 08:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: Received disconnect from 123.58.196.44 port 53662:11: Bye Bye [preauth]
Oct 14 08:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4947]: Disconnected from 123.58.196.44 port 53662 [preauth]
Oct 14 08:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: Failed password for invalid user test1 from 143.198.71.38 port 41418 ssh2
Oct 14 08:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: Received disconnect from 143.198.71.38 port 41418:11: Bye Bye [preauth]
Oct 14 08:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4958]: Disconnected from 143.198.71.38 port 41418 [preauth]
Oct 14 08:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4484]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41  user=root
Oct 14 08:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5488]: Failed password for root from 34.57.181.41 port 43866 ssh2
Oct 14 08:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5488]: Received disconnect from 34.57.181.41 port 43866:11: Bye Bye [preauth]
Oct 14 08:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5488]: Disconnected from 34.57.181.41 port 43866 [preauth]
Oct 14 08:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3521]: pam_unix(cron:session): session closed for user root
Oct 14 08:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: Invalid user ubuntu from 196.251.84.92
Oct 14 08:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 08:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: Failed password for invalid user ubuntu from 196.251.84.92 port 59108 ssh2
Oct 14 08:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: Connection closed by 196.251.84.92 port 59108 [preauth]
Oct 14 08:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5520]: Connection closed by 47.250.81.225 port 46530 [preauth]
Oct 14 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5600]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5597]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5596]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5598]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5600]: pam_unix(cron:session): session closed for user root
Oct 14 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5594]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5682]: Successful su for rubyman by root
Oct 14 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5682]: + ??? root:rubyman
Oct 14 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410257 of user rubyman.
Oct 14 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5682]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410257.
Oct 14 08:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5596]: pam_unix(cron:session): session closed for user root
Oct 14 08:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2074]: pam_unix(cron:session): session closed for user root
Oct 14 08:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: Invalid user proxyuser from 45.41.207.223
Oct 14 08:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: input_userauth_request: invalid user proxyuser [preauth]
Oct 14 08:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 08:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: Failed password for invalid user proxyuser from 45.41.207.223 port 54042 ssh2
Oct 14 08:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: Received disconnect from 45.41.207.223 port 54042:11: Bye Bye [preauth]
Oct 14 08:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: Disconnected from 45.41.207.223 port 54042 [preauth]
Oct 14 08:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5595]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3968]: pam_unix(cron:session): session closed for user root
Oct 14 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38  user=root
Oct 14 08:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: Failed password for root from 143.198.71.38 port 33088 ssh2
Oct 14 08:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: Received disconnect from 143.198.71.38 port 33088:11: Bye Bye [preauth]
Oct 14 08:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: Disconnected from 143.198.71.38 port 33088 [preauth]
Oct 14 08:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6061]: Invalid user jordi from 34.57.181.41
Oct 14 08:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6061]: input_userauth_request: invalid user jordi [preauth]
Oct 14 08:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6061]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 08:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6061]: Failed password for invalid user jordi from 34.57.181.41 port 48530 ssh2
Oct 14 08:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6061]: Received disconnect from 34.57.181.41 port 48530:11: Bye Bye [preauth]
Oct 14 08:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6061]: Disconnected from 34.57.181.41 port 48530 [preauth]
Oct 14 08:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: Connection closed by 118.70.128.176 port 41868 [preauth]
Oct 14 08:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: Invalid user ubuntu from 196.251.84.92
Oct 14 08:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 08:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: Failed password for invalid user ubuntu from 196.251.84.92 port 42242 ssh2
Oct 14 08:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6097]: Connection closed by 196.251.84.92 port 42242 [preauth]
Oct 14 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6116]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6117]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6114]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6197]: Successful su for rubyman by root
Oct 14 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6197]: + ??? root:rubyman
Oct 14 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410261 of user rubyman.
Oct 14 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6197]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410261.
Oct 14 08:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2560]: pam_unix(cron:session): session closed for user root
Oct 14 08:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: Invalid user wireguard from 123.58.196.44
Oct 14 08:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: input_userauth_request: invalid user wireguard [preauth]
Oct 14 08:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44
Oct 14 08:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6115]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: Failed password for invalid user wireguard from 123.58.196.44 port 33550 ssh2
Oct 14 08:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: Received disconnect from 123.58.196.44 port 33550:11: Bye Bye [preauth]
Oct 14 08:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: Disconnected from 123.58.196.44 port 33550 [preauth]
Oct 14 08:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4486]: pam_unix(cron:session): session closed for user root
Oct 14 08:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: Invalid user jenkins from 45.41.207.223
Oct 14 08:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 08:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 08:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: Failed password for invalid user jenkins from 45.41.207.223 port 35560 ssh2
Oct 14 08:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: Received disconnect from 45.41.207.223 port 35560:11: Bye Bye [preauth]
Oct 14 08:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: Disconnected from 45.41.207.223 port 35560 [preauth]
Oct 14 08:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: Invalid user guest from 196.251.84.140
Oct 14 08:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: input_userauth_request: invalid user guest [preauth]
Oct 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6594]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6593]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6591]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6690]: Invalid user sa from 34.57.181.41
Oct 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6690]: input_userauth_request: invalid user sa [preauth]
Oct 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6690]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: Invalid user uftp from 118.70.125.77
Oct 14 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: input_userauth_request: invalid user uftp [preauth]
Oct 14 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.125.77
Oct 14 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6749]: Successful su for rubyman by root
Oct 14 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6749]: + ??? root:rubyman
Oct 14 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410263 of user rubyman.
Oct 14 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6749]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410263.
Oct 14 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: Failed password for invalid user guest from 196.251.84.140 port 59394 ssh2
Oct 14 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6690]: Failed password for invalid user sa from 34.57.181.41 port 53222 ssh2
Oct 14 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6690]: Received disconnect from 34.57.181.41 port 53222:11: Bye Bye [preauth]
Oct 14 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6690]: Disconnected from 34.57.181.41 port 53222 [preauth]
Oct 14 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: Connection closed by 196.251.84.140 port 59394 [preauth]
Oct 14 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: Failed password for invalid user uftp from 118.70.125.77 port 16413 ssh2
Oct 14 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: Received disconnect from 118.70.125.77 port 16413:11: Bye Bye [preauth]
Oct 14 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: Disconnected from 118.70.125.77 port 16413 [preauth]
Oct 14 08:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3038]: pam_unix(cron:session): session closed for user root
Oct 14 08:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: Invalid user myuser from 143.198.71.38
Oct 14 08:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: input_userauth_request: invalid user myuser [preauth]
Oct 14 08:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 08:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: Failed password for invalid user myuser from 143.198.71.38 port 50872 ssh2
Oct 14 08:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: Received disconnect from 143.198.71.38 port 50872:11: Bye Bye [preauth]
Oct 14 08:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6934]: Disconnected from 143.198.71.38 port 50872 [preauth]
Oct 14 08:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: Invalid user ubuntu from 196.251.84.92
Oct 14 08:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 08:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: Failed password for invalid user ubuntu from 196.251.84.92 port 53532 ssh2
Oct 14 08:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: Connection closed by 196.251.84.92 port 53532 [preauth]
Oct 14 08:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6592]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5598]: pam_unix(cron:session): session closed for user root
Oct 14 08:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7102]: Did not receive identification string from 106.13.69.159
Oct 14 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7223]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7222]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7220]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7293]: Successful su for rubyman by root
Oct 14 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7293]: + ??? root:rubyman
Oct 14 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410267 of user rubyman.
Oct 14 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7293]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410267.
Oct 14 08:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3518]: pam_unix(cron:session): session closed for user root
Oct 14 08:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Invalid user sol from 45.41.207.223
Oct 14 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: input_userauth_request: invalid user sol [preauth]
Oct 14 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 08:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Invalid user admin from 2.57.121.112
Oct 14 08:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: input_userauth_request: invalid user admin [preauth]
Oct 14 08:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 08:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.125.77  user=root
Oct 14 08:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Failed password for invalid user sol from 45.41.207.223 port 56674 ssh2
Oct 14 08:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Received disconnect from 45.41.207.223 port 56674:11: Bye Bye [preauth]
Oct 14 08:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7509]: Disconnected from 45.41.207.223 port 56674 [preauth]
Oct 14 08:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Failed password for invalid user admin from 2.57.121.112 port 22462 ssh2
Oct 14 08:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7494]: Failed password for root from 118.70.125.77 port 34874 ssh2
Oct 14 08:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Failed password for invalid user admin from 2.57.121.112 port 22462 ssh2
Oct 14 08:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7494]: Received disconnect from 118.70.125.77 port 34874:11: Bye Bye [preauth]
Oct 14 08:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7494]: Disconnected from 118.70.125.77 port 34874 [preauth]
Oct 14 08:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7221]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Failed password for invalid user admin from 2.57.121.112 port 22462 ssh2
Oct 14 08:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: Invalid user faisal from 34.57.181.41
Oct 14 08:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: input_userauth_request: invalid user faisal [preauth]
Oct 14 08:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 08:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Failed password for invalid user admin from 2.57.121.112 port 22462 ssh2
Oct 14 08:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: Failed password for invalid user faisal from 34.57.181.41 port 57914 ssh2
Oct 14 08:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: Received disconnect from 34.57.181.41 port 57914:11: Bye Bye [preauth]
Oct 14 08:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7566]: Disconnected from 34.57.181.41 port 57914 [preauth]
Oct 14 08:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Failed password for invalid user admin from 2.57.121.112 port 22462 ssh2
Oct 14 08:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Received disconnect from 2.57.121.112 port 22462:11: Bye [preauth]
Oct 14 08:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: Disconnected from 2.57.121.112 port 22462 [preauth]
Oct 14 08:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 08:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7507]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 08:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6117]: pam_unix(cron:session): session closed for user root
Oct 14 08:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7624]: Invalid user ubuntu from 196.251.84.92
Oct 14 08:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7624]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 08:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7624]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: Connection closed by 123.58.196.44 port 53866 [preauth]
Oct 14 08:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7624]: Failed password for invalid user ubuntu from 196.251.84.92 port 36648 ssh2
Oct 14 08:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7624]: Connection closed by 196.251.84.92 port 36648 [preauth]
Oct 14 08:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7651]: Invalid user tempuser from 143.198.71.38
Oct 14 08:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7651]: input_userauth_request: invalid user tempuser [preauth]
Oct 14 08:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7651]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 08:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7651]: Failed password for invalid user tempuser from 143.198.71.38 port 39242 ssh2
Oct 14 08:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7651]: Received disconnect from 143.198.71.38 port 39242:11: Bye Bye [preauth]
Oct 14 08:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7651]: Disconnected from 143.198.71.38 port 39242 [preauth]
Oct 14 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7711]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7712]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7708]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7781]: Successful su for rubyman by root
Oct 14 08:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7781]: + ??? root:rubyman
Oct 14 08:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410271 of user rubyman.
Oct 14 08:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7781]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410271.
Oct 14 08:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3967]: pam_unix(cron:session): session closed for user root
Oct 14 08:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7710]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: Invalid user wahid from 34.57.181.41
Oct 14 08:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: input_userauth_request: invalid user wahid [preauth]
Oct 14 08:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 08:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: Failed password for invalid user wahid from 34.57.181.41 port 34356 ssh2
Oct 14 08:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: Received disconnect from 34.57.181.41 port 34356:11: Bye Bye [preauth]
Oct 14 08:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8515]: Disconnected from 34.57.181.41 port 34356 [preauth]
Oct 14 08:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6594]: pam_unix(cron:session): session closed for user root
Oct 14 08:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223  user=root
Oct 14 08:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8563]: Failed password for root from 45.41.207.223 port 42784 ssh2
Oct 14 08:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8563]: Received disconnect from 45.41.207.223 port 42784:11: Bye Bye [preauth]
Oct 14 08:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8563]: Disconnected from 45.41.207.223 port 42784 [preauth]
Oct 14 08:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8600]: Invalid user ubuntu from 196.251.84.92
Oct 14 08:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8600]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 08:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8600]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8600]: Failed password for invalid user ubuntu from 196.251.84.92 port 47918 ssh2
Oct 14 08:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8600]: Connection closed by 196.251.84.92 port 47918 [preauth]
Oct 14 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8625]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8621]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8622]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8623]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8625]: pam_unix(cron:session): session closed for user root
Oct 14 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8616]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8705]: Successful su for rubyman by root
Oct 14 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8705]: + ??? root:rubyman
Oct 14 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410275 of user rubyman.
Oct 14 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8705]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410275.
Oct 14 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: Invalid user guest from 196.251.84.140
Oct 14 08:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: input_userauth_request: invalid user guest [preauth]
Oct 14 08:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8621]: pam_unix(cron:session): session closed for user root
Oct 14 08:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: Did not receive identification string from 106.13.69.159
Oct 14 08:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: Failed password for invalid user guest from 196.251.84.140 port 52416 ssh2
Oct 14 08:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4485]: pam_unix(cron:session): session closed for user root
Oct 14 08:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: Connection closed by 196.251.84.140 port 52416 [preauth]
Oct 14 08:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: Connection closed by 47.250.81.225 port 52558 [preauth]
Oct 14 08:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8620]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: Invalid user ubuntu from 143.198.71.38
Oct 14 08:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 08:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 08:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: Failed password for invalid user ubuntu from 143.198.71.38 port 48408 ssh2
Oct 14 08:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: Received disconnect from 143.198.71.38 port 48408:11: Bye Bye [preauth]
Oct 14 08:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: Disconnected from 143.198.71.38 port 48408 [preauth]
Oct 14 08:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7223]: pam_unix(cron:session): session closed for user root
Oct 14 08:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9111]: Connection closed by 123.58.196.44 port 32982 [preauth]
Oct 14 08:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41  user=root
Oct 14 08:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9318]: Failed password for root from 34.57.181.41 port 39026 ssh2
Oct 14 08:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9318]: Received disconnect from 34.57.181.41 port 39026:11: Bye Bye [preauth]
Oct 14 08:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9318]: Disconnected from 34.57.181.41 port 39026 [preauth]
Oct 14 08:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9346]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9350]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9348]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9345]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9440]: Successful su for rubyman by root
Oct 14 08:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9440]: + ??? root:rubyman
Oct 14 08:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410281 of user rubyman.
Oct 14 08:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9440]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410281.
Oct 14 08:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9342]: Connection closed by 106.13.69.159 port 54916 [preauth]
Oct 14 08:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5597]: pam_unix(cron:session): session closed for user root
Oct 14 08:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9741]: Invalid user ubuntu from 196.251.84.92
Oct 14 08:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9741]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 08:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9741]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9781]: Invalid user devops from 45.41.207.223
Oct 14 08:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9781]: input_userauth_request: invalid user devops [preauth]
Oct 14 08:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9781]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 08:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9741]: Failed password for invalid user ubuntu from 196.251.84.92 port 59078 ssh2
Oct 14 08:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9781]: Failed password for invalid user devops from 45.41.207.223 port 41702 ssh2
Oct 14 08:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9741]: Connection closed by 196.251.84.92 port 59078 [preauth]
Oct 14 08:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9781]: Received disconnect from 45.41.207.223 port 41702:11: Bye Bye [preauth]
Oct 14 08:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9781]: Disconnected from 45.41.207.223 port 41702 [preauth]
Oct 14 08:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9346]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7712]: pam_unix(cron:session): session closed for user root
Oct 14 08:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: Invalid user sol from 143.198.71.38
Oct 14 08:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: input_userauth_request: invalid user sol [preauth]
Oct 14 08:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 08:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: Failed password for invalid user sol from 143.198.71.38 port 38800 ssh2
Oct 14 08:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: Received disconnect from 143.198.71.38 port 38800:11: Bye Bye [preauth]
Oct 14 08:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: Disconnected from 143.198.71.38 port 38800 [preauth]
Oct 14 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9997]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9996]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9994]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10068]: Invalid user robby from 34.57.181.41
Oct 14 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10068]: input_userauth_request: invalid user robby [preauth]
Oct 14 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10068]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10070]: Successful su for rubyman by root
Oct 14 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10070]: + ??? root:rubyman
Oct 14 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410286 of user rubyman.
Oct 14 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10070]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410286.
Oct 14 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10068]: Failed password for invalid user robby from 34.57.181.41 port 43690 ssh2
Oct 14 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10068]: Received disconnect from 34.57.181.41 port 43690:11: Bye Bye [preauth]
Oct 14 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10068]: Disconnected from 34.57.181.41 port 43690 [preauth]
Oct 14 08:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9895]: Connection closed by 106.13.69.159 port 42246 [preauth]
Oct 14 08:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6116]: pam_unix(cron:session): session closed for user root
Oct 14 08:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: Invalid user sky from 106.13.69.159
Oct 14 08:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: input_userauth_request: invalid user sky [preauth]
Oct 14 08:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.69.159
Oct 14 08:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: Failed password for invalid user sky from 106.13.69.159 port 51472 ssh2
Oct 14 08:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9995]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: Invalid user vida from 123.58.196.44
Oct 14 08:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: input_userauth_request: invalid user vida [preauth]
Oct 14 08:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44
Oct 14 08:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: Failed password for invalid user vida from 123.58.196.44 port 59350 ssh2
Oct 14 08:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: Received disconnect from 123.58.196.44 port 59350:11: Bye Bye [preauth]
Oct 14 08:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10361]: Disconnected from 123.58.196.44 port 59350 [preauth]
Oct 14 08:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10400]: Invalid user ubuntu from 196.251.84.92
Oct 14 08:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10400]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 08:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10400]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10400]: Failed password for invalid user ubuntu from 196.251.84.92 port 41838 ssh2
Oct 14 08:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10400]: Connection closed by 196.251.84.92 port 41838 [preauth]
Oct 14 08:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8623]: pam_unix(cron:session): session closed for user root
Oct 14 08:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.69.159  user=root
Oct 14 08:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: Failed password for root from 106.13.69.159 port 50454 ssh2
Oct 14 08:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Invalid user botuser from 45.41.207.223
Oct 14 08:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: input_userauth_request: invalid user botuser [preauth]
Oct 14 08:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 08:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: Received disconnect from 106.13.69.159 port 50454:11: Bye Bye [preauth]
Oct 14 08:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: Disconnected from 106.13.69.159 port 50454 [preauth]
Oct 14 08:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Failed password for invalid user botuser from 45.41.207.223 port 56064 ssh2
Oct 14 08:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Received disconnect from 45.41.207.223 port 56064:11: Bye Bye [preauth]
Oct 14 08:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Disconnected from 45.41.207.223 port 56064 [preauth]
Oct 14 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10502]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10503]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10499]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10572]: Successful su for rubyman by root
Oct 14 08:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10572]: + ??? root:rubyman
Oct 14 08:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410289 of user rubyman.
Oct 14 08:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10572]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410289.
Oct 14 08:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6593]: pam_unix(cron:session): session closed for user root
Oct 14 08:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: Invalid user guest from 196.251.84.140
Oct 14 08:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: input_userauth_request: invalid user guest [preauth]
Oct 14 08:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10500]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: Failed password for invalid user guest from 196.251.84.140 port 46938 ssh2
Oct 14 08:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10777]: Connection closed by 196.251.84.140 port 46938 [preauth]
Oct 14 08:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41  user=root
Oct 14 08:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10834]: Failed password for root from 34.57.181.41 port 48384 ssh2
Oct 14 08:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10834]: Received disconnect from 34.57.181.41 port 48384:11: Bye Bye [preauth]
Oct 14 08:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10834]: Disconnected from 34.57.181.41 port 48384 [preauth]
Oct 14 08:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10874]: Invalid user jenkins from 143.198.71.38
Oct 14 08:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10874]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 08:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10874]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 08:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10874]: Failed password for invalid user jenkins from 143.198.71.38 port 39514 ssh2
Oct 14 08:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10874]: Received disconnect from 143.198.71.38 port 39514:11: Bye Bye [preauth]
Oct 14 08:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10874]: Disconnected from 143.198.71.38 port 39514 [preauth]
Oct 14 08:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9350]: pam_unix(cron:session): session closed for user root
Oct 14 08:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10941]: Invalid user ubuntu from 196.251.84.92
Oct 14 08:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10941]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 08:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10941]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10941]: Failed password for invalid user ubuntu from 196.251.84.92 port 52810 ssh2
Oct 14 08:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10941]: Connection closed by 196.251.84.92 port 52810 [preauth]
Oct 14 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10973]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10971]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10968]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11039]: Successful su for rubyman by root
Oct 14 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11039]: + ??? root:rubyman
Oct 14 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410293 of user rubyman.
Oct 14 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11039]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410293.
Oct 14 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11115]: Did not receive identification string from 106.13.69.159
Oct 14 08:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7222]: pam_unix(cron:session): session closed for user root
Oct 14 08:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10970]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: Invalid user myuser from 45.41.207.223
Oct 14 08:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: input_userauth_request: invalid user myuser [preauth]
Oct 14 08:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 08:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: Failed password for invalid user myuser from 45.41.207.223 port 42070 ssh2
Oct 14 08:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: Received disconnect from 45.41.207.223 port 42070:11: Bye Bye [preauth]
Oct 14 08:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: Disconnected from 45.41.207.223 port 42070 [preauth]
Oct 14 08:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9997]: pam_unix(cron:session): session closed for user root
Oct 14 08:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41  user=root
Oct 14 08:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Failed password for root from 34.57.181.41 port 53076 ssh2
Oct 14 08:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Received disconnect from 34.57.181.41 port 53076:11: Bye Bye [preauth]
Oct 14 08:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Disconnected from 34.57.181.41 port 53076 [preauth]
Oct 14 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11438]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11439]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11440]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11437]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11440]: pam_unix(cron:session): session closed for user root
Oct 14 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11435]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11519]: Successful su for rubyman by root
Oct 14 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11519]: + ??? root:rubyman
Oct 14 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410299 of user rubyman.
Oct 14 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11519]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410299.
Oct 14 08:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11437]: pam_unix(cron:session): session closed for user root
Oct 14 08:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7711]: pam_unix(cron:session): session closed for user root
Oct 14 08:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: Invalid user ubuntu from 196.251.84.92
Oct 14 08:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 08:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11866]: Invalid user vishal from 143.198.71.38
Oct 14 08:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11866]: input_userauth_request: invalid user vishal [preauth]
Oct 14 08:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11866]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 08:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: Failed password for invalid user ubuntu from 196.251.84.92 port 35668 ssh2
Oct 14 08:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: Connection closed by 196.251.84.92 port 35668 [preauth]
Oct 14 08:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11866]: Failed password for invalid user vishal from 143.198.71.38 port 41344 ssh2
Oct 14 08:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11866]: Received disconnect from 143.198.71.38 port 41344:11: Bye Bye [preauth]
Oct 14 08:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11866]: Disconnected from 143.198.71.38 port 41344 [preauth]
Oct 14 08:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.128.176  user=root
Oct 14 08:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11852]: Failed password for root from 118.70.128.176 port 41988 ssh2
Oct 14 08:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11436]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11852]: Received disconnect from 118.70.128.176 port 41988:11: Bye Bye [preauth]
Oct 14 08:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11852]: Disconnected from 118.70.128.176 port 41988 [preauth]
Oct 14 08:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10503]: pam_unix(cron:session): session closed for user root
Oct 14 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12042]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12041]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12035]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12127]: Successful su for rubyman by root
Oct 14 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12127]: + ??? root:rubyman
Oct 14 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12127]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410303 of user rubyman.
Oct 14 08:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12127]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410303.
Oct 14 08:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12228]: Invalid user debian from 45.41.207.223
Oct 14 08:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12228]: input_userauth_request: invalid user debian [preauth]
Oct 14 08:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12228]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 08:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41  user=root
Oct 14 08:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12228]: Failed password for invalid user debian from 45.41.207.223 port 47550 ssh2
Oct 14 08:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: Failed password for root from 34.57.181.41 port 57768 ssh2
Oct 14 08:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12228]: Received disconnect from 45.41.207.223 port 47550:11: Bye Bye [preauth]
Oct 14 08:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12228]: Disconnected from 45.41.207.223 port 47550 [preauth]
Oct 14 08:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: Received disconnect from 34.57.181.41 port 57768:11: Bye Bye [preauth]
Oct 14 08:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12230]: Disconnected from 34.57.181.41 port 57768 [preauth]
Oct 14 08:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8622]: pam_unix(cron:session): session closed for user root
Oct 14 08:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12036]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: Invalid user user from 196.251.84.140
Oct 14 08:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: input_userauth_request: invalid user user [preauth]
Oct 14 08:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: Failed password for invalid user user from 196.251.84.140 port 40068 ssh2
Oct 14 08:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: Connection closed by 196.251.84.140 port 40068 [preauth]
Oct 14 08:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: Invalid user deploy from 196.251.84.92
Oct 14 08:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: input_userauth_request: invalid user deploy [preauth]
Oct 14 08:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: Failed password for invalid user deploy from 196.251.84.92 port 45058 ssh2
Oct 14 08:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: Connection closed by 196.251.84.92 port 45058 [preauth]
Oct 14 08:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 08:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: Failed password for root from 80.211.129.128 port 56102 ssh2
Oct 14 08:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10973]: pam_unix(cron:session): session closed for user root
Oct 14 08:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: Connection closed by 80.211.129.128 port 56102 [preauth]
Oct 14 08:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Invalid user odoo17 from 143.198.71.38
Oct 14 08:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: input_userauth_request: invalid user odoo17 [preauth]
Oct 14 08:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 08:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Failed password for invalid user odoo17 from 143.198.71.38 port 41480 ssh2
Oct 14 08:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Received disconnect from 143.198.71.38 port 41480:11: Bye Bye [preauth]
Oct 14 08:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Disconnected from 143.198.71.38 port 41480 [preauth]
Oct 14 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12557]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12556]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12554]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12643]: Successful su for rubyman by root
Oct 14 08:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12643]: + ??? root:rubyman
Oct 14 08:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410308 of user rubyman.
Oct 14 08:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12643]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410308.
Oct 14 08:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: Invalid user xq from 47.250.81.225
Oct 14 08:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: input_userauth_request: invalid user xq [preauth]
Oct 14 08:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.250.81.225
Oct 14 08:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Received disconnect from 106.13.69.159 port 45510:11: Bye Bye [preauth]
Oct 14 08:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Disconnected from 106.13.69.159 port 45510 [preauth]
Oct 14 08:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9348]: pam_unix(cron:session): session closed for user root
Oct 14 08:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: Failed password for invalid user xq from 47.250.81.225 port 33374 ssh2
Oct 14 08:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: Received disconnect from 47.250.81.225 port 33374:11: Bye Bye [preauth]
Oct 14 08:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: Disconnected from 47.250.81.225 port 33374 [preauth]
Oct 14 08:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: Invalid user michael from 106.13.69.159
Oct 14 08:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: input_userauth_request: invalid user michael [preauth]
Oct 14 08:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.69.159
Oct 14 08:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: Failed password for invalid user michael from 106.13.69.159 port 45244 ssh2
Oct 14 08:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: Received disconnect from 106.13.69.159 port 45244:11: Bye Bye [preauth]
Oct 14 08:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12847]: Disconnected from 106.13.69.159 port 45244 [preauth]
Oct 14 08:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12555]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: Invalid user auction from 34.57.181.41
Oct 14 08:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: input_userauth_request: invalid user auction [preauth]
Oct 14 08:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 08:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: Failed password for invalid user auction from 34.57.181.41 port 34204 ssh2
Oct 14 08:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: Received disconnect from 34.57.181.41 port 34204:11: Bye Bye [preauth]
Oct 14 08:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: Disconnected from 34.57.181.41 port 34204 [preauth]
Oct 14 08:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.128.176  user=root
Oct 14 08:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Failed password for root from 118.70.128.176 port 42020 ssh2
Oct 14 08:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Received disconnect from 118.70.128.176 port 42020:11: Bye Bye [preauth]
Oct 14 08:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Disconnected from 118.70.128.176 port 42020 [preauth]
Oct 14 08:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11439]: pam_unix(cron:session): session closed for user root
Oct 14 08:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Invalid user cgw from 111.198.221.98
Oct 14 08:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: input_userauth_request: invalid user cgw [preauth]
Oct 14 08:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.198.221.98
Oct 14 08:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: Invalid user client from 45.41.207.223
Oct 14 08:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: input_userauth_request: invalid user client [preauth]
Oct 14 08:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 08:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Failed password for invalid user cgw from 111.198.221.98 port 43276 ssh2
Oct 14 08:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Received disconnect from 111.198.221.98 port 43276:11: Bye Bye [preauth]
Oct 14 08:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Disconnected from 111.198.221.98 port 43276 [preauth]
Oct 14 08:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: Failed password for invalid user client from 45.41.207.223 port 54786 ssh2
Oct 14 08:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: Received disconnect from 45.41.207.223 port 54786:11: Bye Bye [preauth]
Oct 14 08:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: Disconnected from 45.41.207.223 port 54786 [preauth]
Oct 14 08:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: Invalid user deploy from 196.251.84.92
Oct 14 08:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: input_userauth_request: invalid user deploy [preauth]
Oct 14 08:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.69.159  user=root
Oct 14 08:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: Failed password for invalid user deploy from 196.251.84.92 port 54380 ssh2
Oct 14 08:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: Connection closed by 196.251.84.92 port 54380 [preauth]
Oct 14 08:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: Failed password for root from 106.13.69.159 port 57420 ssh2
Oct 14 08:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: Received disconnect from 106.13.69.159 port 57420:11: Bye Bye [preauth]
Oct 14 08:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: Disconnected from 106.13.69.159 port 57420 [preauth]
Oct 14 08:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218  user=root
Oct 14 08:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: Failed password for root from 187.33.251.218 port 2269 ssh2
Oct 14 08:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: Received disconnect from 187.33.251.218 port 2269:11: Bye Bye [preauth]
Oct 14 08:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: Disconnected from 187.33.251.218 port 2269 [preauth]
Oct 14 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13080]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13081]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13079]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13078]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13149]: Successful su for rubyman by root
Oct 14 08:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13149]: + ??? root:rubyman
Oct 14 08:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410311 of user rubyman.
Oct 14 08:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13149]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410311.
Oct 14 08:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9996]: pam_unix(cron:session): session closed for user root
Oct 14 08:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13079]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: Invalid user auction from 123.58.196.44
Oct 14 08:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: input_userauth_request: invalid user auction [preauth]
Oct 14 08:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44
Oct 14 08:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: Invalid user mantenimiento from 106.13.69.159
Oct 14 08:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: input_userauth_request: invalid user mantenimiento [preauth]
Oct 14 08:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.69.159
Oct 14 08:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: Failed password for invalid user auction from 123.58.196.44 port 57976 ssh2
Oct 14 08:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: Received disconnect from 123.58.196.44 port 57976:11: Bye Bye [preauth]
Oct 14 08:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: Disconnected from 123.58.196.44 port 57976 [preauth]
Oct 14 08:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: Failed password for invalid user mantenimiento from 106.13.69.159 port 60452 ssh2
Oct 14 08:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: Received disconnect from 106.13.69.159 port 60452:11: Bye Bye [preauth]
Oct 14 08:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: Disconnected from 106.13.69.159 port 60452 [preauth]
Oct 14 08:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: Invalid user ftpuser from 34.57.181.41
Oct 14 08:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 08:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 08:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12042]: pam_unix(cron:session): session closed for user root
Oct 14 08:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: Failed password for invalid user ftpuser from 34.57.181.41 port 38888 ssh2
Oct 14 08:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: Invalid user jenkins from 143.198.71.38
Oct 14 08:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 08:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 08:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: Received disconnect from 34.57.181.41 port 38888:11: Bye Bye [preauth]
Oct 14 08:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: Disconnected from 34.57.181.41 port 38888 [preauth]
Oct 14 08:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: Failed password for invalid user jenkins from 143.198.71.38 port 56796 ssh2
Oct 14 08:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: Received disconnect from 143.198.71.38 port 56796:11: Bye Bye [preauth]
Oct 14 08:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13596]: Disconnected from 143.198.71.38 port 56796 [preauth]
Oct 14 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13656]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13655]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13652]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13746]: Successful su for rubyman by root
Oct 14 08:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13746]: + ??? root:rubyman
Oct 14 08:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410315 of user rubyman.
Oct 14 08:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13746]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410315.
Oct 14 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: Invalid user deploy from 196.251.84.92
Oct 14 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: input_userauth_request: invalid user deploy [preauth]
Oct 14 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13826]: Connection closed by 106.13.69.159 port 37522 [preauth]
Oct 14 08:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: Failed password for invalid user deploy from 196.251.84.92 port 35448 ssh2
Oct 14 08:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: Connection closed by 196.251.84.92 port 35448 [preauth]
Oct 14 08:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10502]: pam_unix(cron:session): session closed for user root
Oct 14 08:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13654]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223  user=root
Oct 14 08:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14011]: Failed password for root from 45.41.207.223 port 57284 ssh2
Oct 14 08:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14011]: Received disconnect from 45.41.207.223 port 57284:11: Bye Bye [preauth]
Oct 14 08:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14011]: Disconnected from 45.41.207.223 port 57284 [preauth]
Oct 14 08:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: Invalid user user from 196.251.84.140
Oct 14 08:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: input_userauth_request: invalid user user [preauth]
Oct 14 08:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: Failed password for invalid user user from 196.251.84.140 port 60980 ssh2
Oct 14 08:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: Connection closed by 196.251.84.140 port 60980 [preauth]
Oct 14 08:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12557]: pam_unix(cron:session): session closed for user root
Oct 14 08:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.250.81.225  user=root
Oct 14 08:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Failed password for root from 47.250.81.225 port 36386 ssh2
Oct 14 08:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Received disconnect from 47.250.81.225 port 36386:11: Bye Bye [preauth]
Oct 14 08:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Disconnected from 47.250.81.225 port 36386 [preauth]
Oct 14 08:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14213]: Invalid user punit from 34.57.181.41
Oct 14 08:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14213]: input_userauth_request: invalid user punit [preauth]
Oct 14 08:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14213]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 08:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14213]: Failed password for invalid user punit from 34.57.181.41 port 43550 ssh2
Oct 14 08:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14213]: Received disconnect from 34.57.181.41 port 43550:11: Bye Bye [preauth]
Oct 14 08:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14213]: Disconnected from 34.57.181.41 port 43550 [preauth]
Oct 14 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14245]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14247]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14244]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14246]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14247]: pam_unix(cron:session): session closed for user root
Oct 14 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14242]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14315]: Successful su for rubyman by root
Oct 14 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14315]: + ??? root:rubyman
Oct 14 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410321 of user rubyman.
Oct 14 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14315]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410321.
Oct 14 08:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14244]: pam_unix(cron:session): session closed for user root
Oct 14 08:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10971]: pam_unix(cron:session): session closed for user root
Oct 14 08:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14411]: Connection closed by 106.13.69.159 port 55280 [preauth]
Oct 14 08:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14243]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: Invalid user radio from 143.198.71.38
Oct 14 08:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: input_userauth_request: invalid user radio [preauth]
Oct 14 08:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 08:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14583]: Invalid user deploy from 196.251.84.92
Oct 14 08:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14583]: input_userauth_request: invalid user deploy [preauth]
Oct 14 08:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14583]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: Failed password for invalid user radio from 143.198.71.38 port 60840 ssh2
Oct 14 08:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: Received disconnect from 143.198.71.38 port 60840:11: Bye Bye [preauth]
Oct 14 08:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14585]: Disconnected from 143.198.71.38 port 60840 [preauth]
Oct 14 08:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14583]: Failed password for invalid user deploy from 196.251.84.92 port 44918 ssh2
Oct 14 08:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14583]: Connection closed by 196.251.84.92 port 44918 [preauth]
Oct 14 08:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: Invalid user faisal from 123.58.196.44
Oct 14 08:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: input_userauth_request: invalid user faisal [preauth]
Oct 14 08:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44
Oct 14 08:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: Failed password for invalid user faisal from 123.58.196.44 port 57378 ssh2
Oct 14 08:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: Received disconnect from 123.58.196.44 port 57378:11: Bye Bye [preauth]
Oct 14 08:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: Disconnected from 123.58.196.44 port 57378 [preauth]
Oct 14 08:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13081]: pam_unix(cron:session): session closed for user root
Oct 14 08:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: Invalid user s from 164.68.105.9
Oct 14 08:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: input_userauth_request: invalid user s [preauth]
Oct 14 08:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 14 08:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: Failed password for invalid user s from 164.68.105.9 port 42242 ssh2
Oct 14 08:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: Connection closed by 164.68.105.9 port 42242 [preauth]
Oct 14 08:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: Invalid user omid from 187.33.251.218
Oct 14 08:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: input_userauth_request: invalid user omid [preauth]
Oct 14 08:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 08:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: Failed password for invalid user omid from 187.33.251.218 port 39163 ssh2
Oct 14 08:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: Received disconnect from 187.33.251.218 port 39163:11: Bye Bye [preauth]
Oct 14 08:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: Disconnected from 187.33.251.218 port 39163 [preauth]
Oct 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14727]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14726]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14723]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: Invalid user amir from 45.41.207.223
Oct 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: input_userauth_request: invalid user amir [preauth]
Oct 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14816]: Successful su for rubyman by root
Oct 14 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14816]: + ??? root:rubyman
Oct 14 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410326 of user rubyman.
Oct 14 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14816]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410326.
Oct 14 08:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: Failed password for invalid user amir from 45.41.207.223 port 49766 ssh2
Oct 14 08:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: Received disconnect from 45.41.207.223 port 49766:11: Bye Bye [preauth]
Oct 14 08:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: Disconnected from 45.41.207.223 port 49766 [preauth]
Oct 14 08:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: Invalid user chenlei from 34.57.181.41
Oct 14 08:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: input_userauth_request: invalid user chenlei [preauth]
Oct 14 08:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 08:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11438]: pam_unix(cron:session): session closed for user root
Oct 14 08:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: Failed password for invalid user chenlei from 34.57.181.41 port 48242 ssh2
Oct 14 08:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: Received disconnect from 34.57.181.41 port 48242:11: Bye Bye [preauth]
Oct 14 08:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15000]: Disconnected from 34.57.181.41 port 48242 [preauth]
Oct 14 08:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14725]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: Connection closed by 106.13.69.159 port 44180 [preauth]
Oct 14 08:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13656]: pam_unix(cron:session): session closed for user root
Oct 14 08:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: Invalid user deploy from 196.251.84.92
Oct 14 08:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: input_userauth_request: invalid user deploy [preauth]
Oct 14 08:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: Failed password for invalid user deploy from 196.251.84.92 port 54154 ssh2
Oct 14 08:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15250]: Connection closed by 196.251.84.92 port 54154 [preauth]
Oct 14 08:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: Did not receive identification string from 106.13.69.159
Oct 14 08:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: Invalid user amir from 143.198.71.38
Oct 14 08:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: input_userauth_request: invalid user amir [preauth]
Oct 14 08:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15328]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15329]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15325]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15401]: Successful su for rubyman by root
Oct 14 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15401]: + ??? root:rubyman
Oct 14 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410329 of user rubyman.
Oct 14 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15401]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410329.
Oct 14 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: Failed password for invalid user amir from 143.198.71.38 port 55622 ssh2
Oct 14 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: Received disconnect from 143.198.71.38 port 55622:11: Bye Bye [preauth]
Oct 14 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: Disconnected from 143.198.71.38 port 55622 [preauth]
Oct 14 08:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12041]: pam_unix(cron:session): session closed for user root
Oct 14 08:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15326]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Invalid user ubuntu from 34.57.181.41
Oct 14 08:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 08:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 08:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Failed password for invalid user ubuntu from 34.57.181.41 port 52918 ssh2
Oct 14 08:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Received disconnect from 34.57.181.41 port 52918:11: Bye Bye [preauth]
Oct 14 08:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Disconnected from 34.57.181.41 port 52918 [preauth]
Oct 14 08:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Invalid user ubuntu from 45.41.207.223
Oct 14 08:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 08:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 08:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Failed password for invalid user ubuntu from 45.41.207.223 port 44848 ssh2
Oct 14 08:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Received disconnect from 45.41.207.223 port 44848:11: Bye Bye [preauth]
Oct 14 08:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Disconnected from 45.41.207.223 port 44848 [preauth]
Oct 14 08:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: Invalid user user from 196.251.84.140
Oct 14 08:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: input_userauth_request: invalid user user [preauth]
Oct 14 08:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 08:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14246]: pam_unix(cron:session): session closed for user root
Oct 14 08:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: Failed password for invalid user user from 196.251.84.140 port 53504 ssh2
Oct 14 08:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: Connection closed by 196.251.84.140 port 53504 [preauth]
Oct 14 08:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Invalid user ay from 187.33.251.218
Oct 14 08:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: input_userauth_request: invalid user ay [preauth]
Oct 14 08:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 08:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Failed password for invalid user ay from 187.33.251.218 port 62109 ssh2
Oct 14 08:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Received disconnect from 187.33.251.218 port 62109:11: Bye Bye [preauth]
Oct 14 08:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Disconnected from 187.33.251.218 port 62109 [preauth]
Oct 14 08:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: Invalid user deploy from 196.251.84.92
Oct 14 08:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: input_userauth_request: invalid user deploy [preauth]
Oct 14 08:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15782]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15783]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15780]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: Failed password for invalid user deploy from 196.251.84.92 port 35100 ssh2
Oct 14 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15776]: Connection closed by 196.251.84.92 port 35100 [preauth]
Oct 14 08:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15851]: Successful su for rubyman by root
Oct 14 08:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15851]: + ??? root:rubyman
Oct 14 08:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410335 of user rubyman.
Oct 14 08:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15851]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410335.
Oct 14 08:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12556]: pam_unix(cron:session): session closed for user root
Oct 14 08:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15781]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: Invalid user odoo from 143.198.71.38
Oct 14 08:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: input_userauth_request: invalid user odoo [preauth]
Oct 14 08:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 08:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: Failed password for invalid user odoo from 143.198.71.38 port 37116 ssh2
Oct 14 08:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: Received disconnect from 143.198.71.38 port 37116:11: Bye Bye [preauth]
Oct 14 08:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: Disconnected from 143.198.71.38 port 37116 [preauth]
Oct 14 08:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14727]: pam_unix(cron:session): session closed for user root
Oct 14 08:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16168]: Invalid user vida from 34.57.181.41
Oct 14 08:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16168]: input_userauth_request: invalid user vida [preauth]
Oct 14 08:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16168]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 08:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: Invalid user ftpuser from 118.70.125.77
Oct 14 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.125.77
Oct 14 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16168]: Failed password for invalid user vida from 34.57.181.41 port 57584 ssh2
Oct 14 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16168]: Received disconnect from 34.57.181.41 port 57584:11: Bye Bye [preauth]
Oct 14 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16168]: Disconnected from 34.57.181.41 port 57584 [preauth]
Oct 14 08:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: Failed password for invalid user ftpuser from 118.70.125.77 port 16647 ssh2
Oct 14 08:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: Received disconnect from 118.70.125.77 port 16647:11: Bye Bye [preauth]
Oct 14 08:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: Disconnected from 118.70.125.77 port 16647 [preauth]
Oct 14 08:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Invalid user pi from 62.168.141.48
Oct 14 08:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: input_userauth_request: invalid user pi [preauth]
Oct 14 08:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.168.141.48
Oct 14 08:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: Invalid user pi from 62.168.141.48
Oct 14 08:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: input_userauth_request: invalid user pi [preauth]
Oct 14 08:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.168.141.48
Oct 14 08:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Failed password for invalid user pi from 62.168.141.48 port 40466 ssh2
Oct 14 08:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Connection closed by 62.168.141.48 port 40466 [preauth]
Oct 14 08:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: Failed password for invalid user pi from 62.168.141.48 port 40468 ssh2
Oct 14 08:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: Connection closed by 62.168.141.48 port 40468 [preauth]
Oct 14 08:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 08:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: Failed password for root from 80.211.129.128 port 55306 ssh2
Oct 14 08:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16218]: Connection closed by 80.211.129.128 port 55306 [preauth]
Oct 14 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16246]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16249]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16244]: pam_unix(cron:session): session closed for user p13x
Oct 14 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16320]: Successful su for rubyman by root
Oct 14 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16320]: + ??? root:rubyman
Oct 14 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410338 of user rubyman.
Oct 14 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16320]: pam_unix(su:session): session closed for user rubyman
Oct 14 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410338.
Oct 14 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: Invalid user user01 from 45.41.207.223
Oct 14 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: input_userauth_request: invalid user user01 [preauth]
Oct 14 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 08:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: Failed password for invalid user user01 from 45.41.207.223 port 55554 ssh2
Oct 14 08:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: Received disconnect from 45.41.207.223 port 55554:11: Bye Bye [preauth]
Oct 14 08:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: Disconnected from 45.41.207.223 port 55554 [preauth]
Oct 14 08:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13080]: pam_unix(cron:session): session closed for user root
Oct 14 08:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: Invalid user deploy from 196.251.84.92
Oct 14 08:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: input_userauth_request: invalid user deploy [preauth]
Oct 14 08:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 08:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16245]: pam_unix(cron:session): session closed for user samftp
Oct 14 08:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: Failed password for invalid user deploy from 196.251.84.92 port 44168 ssh2
Oct 14 08:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: Connection closed by 196.251.84.92 port 44168 [preauth]
Oct 14 08:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16634]: Invalid user debug from 187.33.251.218
Oct 14 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16634]: input_userauth_request: invalid user debug [preauth]
Oct 14 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16634]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15329]: pam_unix(cron:session): session closed for user root
Oct 14 08:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16634]: Failed password for invalid user debug from 187.33.251.218 port 49583 ssh2
Oct 14 08:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16634]: Received disconnect from 187.33.251.218 port 49583:11: Bye Bye [preauth]
Oct 14 08:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16634]: Disconnected from 187.33.251.218 port 49583 [preauth]
Oct 14 08:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16656]: Invalid user ts3user from 47.250.81.225
Oct 14 08:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16656]: input_userauth_request: invalid user ts3user [preauth]
Oct 14 08:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16656]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.250.81.225
Oct 14 08:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16656]: Failed password for invalid user ts3user from 47.250.81.225 port 42416 ssh2
Oct 14 08:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16666]: Did not receive identification string from 107.152.45.37
Oct 14 08:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: Did not receive identification string from 107.152.45.37
Oct 14 08:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16656]: Received disconnect from 47.250.81.225 port 42416:11: Bye Bye [preauth]
Oct 14 08:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16656]: Disconnected from 47.250.81.225 port 42416 [preauth]
Oct 14 08:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 08:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 08:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: Invalid user clinton from 123.58.196.44
Oct 14 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: input_userauth_request: invalid user clinton [preauth]
Oct 14 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44
Oct 14 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Failed password for root from 107.152.45.37 port 51538 ssh2
Oct 14 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: Failed password for root from 107.152.45.37 port 51552 ssh2
Oct 14 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Connection closed by 107.152.45.37 port 51538 [preauth]
Oct 14 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: Connection closed by 107.152.45.37 port 51552 [preauth]
Oct 14 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Invalid user admin from 107.152.45.37
Oct 14 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: input_userauth_request: invalid user admin [preauth]
Oct 14 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: Invalid user admin from 107.152.45.37
Oct 14 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: input_userauth_request: invalid user admin [preauth]
Oct 14 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: Failed password for invalid user clinton from 123.58.196.44 port 39422 ssh2
Oct 14 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: Received disconnect from 123.58.196.44 port 39422:11: Bye Bye [preauth]
Oct 14 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: Disconnected from 123.58.196.44 port 39422 [preauth]
Oct 14 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Failed password for invalid user admin from 107.152.45.37 port 51564 ssh2
Oct 14 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: Failed password for invalid user admin from 107.152.45.37 port 51566 ssh2
Oct 14 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Connection closed by 107.152.45.37 port 51564 [preauth]
Oct 14 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: Connection closed by 107.152.45.37 port 51566 [preauth]
Oct 14 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: Invalid user postgres from 107.152.45.37
Oct 14 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: input_userauth_request: invalid user postgres [preauth]
Oct 14 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16681]: Invalid user kali from 107.152.45.37
Oct 14 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16681]: input_userauth_request: invalid user kali [preauth]
Oct 14 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16681]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: Failed password for invalid user postgres from 107.152.45.37 port 41156 ssh2
Oct 14 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16681]: Failed password for invalid user kali from 107.152.45.37 port 41168 ssh2
Oct 14 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: Connection closed by 107.152.45.37 port 41156 [preauth]
Oct 14 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16681]: Connection closed by 107.152.45.37 port 41168 [preauth]
Oct 14 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: Invalid user hadoop from 107.152.45.37
Oct 14 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: Invalid user testuser from 107.152.45.37
Oct 14 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: input_userauth_request: invalid user testuser [preauth]
Oct 14 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 08:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: Failed password for invalid user hadoop from 107.152.45.37 port 41176 ssh2
Oct 14 08:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: Failed password for invalid user testuser from 107.152.45.37 port 41186 ssh2
Oct 14 08:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: Connection closed by 107.152.45.37 port 41176 [preauth]
Oct 14 08:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: Connection closed by 107.152.45.37 port 41186 [preauth]
Oct 14 08:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16716]: Invalid user es from 107.152.45.37
Oct 14 08:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16716]: input_userauth_request: invalid user es [preauth]
Oct 14 08:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16715]: User mysql from 107.152.45.37 not allowed because not listed in AllowUsers
Oct 14 08:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16715]: input_userauth_request: invalid user mysql [preauth]
Oct 14 08:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=mysql
Oct 14 08:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16716]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 08:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: Invalid user debianuser from 34.57.181.41
Oct 14 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: input_userauth_request: invalid user debianuser [preauth]
Oct 14 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16715]: Failed password for invalid user mysql from 107.152.45.37 port 41200 ssh2
Oct 14 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16716]: Failed password for invalid user es from 107.152.45.37 port 41216 ssh2
Oct 14 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16715]: Connection closed by 107.152.45.37 port 41200 [preauth]
Oct 14 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16716]: Connection closed by 107.152.45.37 port 41216 [preauth]
Oct 14 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: User mysql from 107.152.45.37 not allowed because not listed in AllowUsers
Oct 14 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: input_userauth_request: invalid user mysql [preauth]
Oct 14 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=mysql
Oct 14 08:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: Failed password for invalid user debianuser from 34.57.181.41 port 34016 ssh2
Oct 14 08:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: Received disconnect from 34.57.181.41 port 34016:11: Bye Bye [preauth]
Oct 14 08:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: Disconnected from 34.57.181.41 port 34016 [preauth]
Oct 14 08:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Failed password for root from 107.152.45.37 port 41220 ssh2
Oct 14 08:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: Failed password for invalid user mysql from 107.152.45.37 port 41234 ssh2
Oct 14 08:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: Connection closed by 107.152.45.37 port 41234 [preauth]
Oct 14 08:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Connection closed by 107.152.45.37 port 41220 [preauth]
Oct 14 08:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16738]: Invalid user vpn from 107.152.45.37
Oct 14 08:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16738]: input_userauth_request: invalid user vpn [preauth]
Oct 14 08:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16738]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 08:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 08:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16738]: Failed password for invalid user vpn from 107.152.45.37 port 59536 ssh2
Oct 14 08:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: Failed password for root from 107.152.45.37 port 59530 ssh2
Oct 14 08:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16738]: Connection closed by 107.152.45.37 port 59536 [preauth]
Oct 14 08:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: Connection closed by 107.152.45.37 port 59530 [preauth]
Oct 14 08:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16748]: Invalid user fa from 107.152.45.37
Oct 14 08:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16748]: input_userauth_request: invalid user fa [preauth]
Oct 14 08:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16748]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 08:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 08:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 08:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16748]: Failed password for invalid user fa from 107.152.45.37 port 59552 ssh2
Oct 14 08:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16748]: Connection closed by 107.152.45.37 port 59552 [preauth]
Oct 14 08:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16750]: Failed password for root from 107.152.45.37 port 59558 ssh2
Oct 14 08:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16750]: Connection closed by 107.152.45.37 port 59558 [preauth]
Oct 14 08:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 08:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 08:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: Failed password for root from 107.152.45.37 port 59574 ssh2
Oct 14 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: Failed password for root from 107.152.45.37 port 59576 ssh2
Oct 14 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16770]: Connection closed by 107.152.45.37 port 59574 [preauth]
Oct 14 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: Connection closed by 107.152.45.37 port 59576 [preauth]
Oct 14 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16775]: Invalid user vyos from 107.152.45.37
Oct 14 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16775]: input_userauth_request: invalid user vyos [preauth]
Oct 14 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: Invalid user test from 107.152.45.37
Oct 14 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: input_userauth_request: invalid user test [preauth]
Oct 14 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16775]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16785]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16784]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16786]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16788]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16787]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16788]: pam_unix(cron:session): session closed for user root
Oct 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16784]: pam_unix(cron:session): session closed for user root
Oct 14 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16782]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16775]: Failed password for invalid user vyos from 107.152.45.37 port 59578 ssh2
Oct 14 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: Failed password for invalid user test from 107.152.45.37 port 59584 ssh2
Oct 14 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16775]: Connection closed by 107.152.45.37 port 59578 [preauth]
Oct 14 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16776]: Connection closed by 107.152.45.37 port 59584 [preauth]
Oct 14 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Invalid user guest from 107.152.45.37
Oct 14 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: input_userauth_request: invalid user guest [preauth]
Oct 14 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16877]: Invalid user vagrant from 107.152.45.37
Oct 14 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16877]: input_userauth_request: invalid user vagrant [preauth]
Oct 14 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16877]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 su[16915]: Successful su for rubyman by root
Oct 14 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 su[16915]: + ??? root:rubyman
Oct 14 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 su[16915]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410345 of user rubyman.
Oct 14 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 su[16915]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410345.
Oct 14 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Failed password for invalid user guest from 107.152.45.37 port 59594 ssh2
Oct 14 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Connection closed by 107.152.45.37 port 59594 [preauth]
Oct 14 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16877]: Failed password for invalid user vagrant from 107.152.45.37 port 59600 ssh2
Oct 14 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16877]: Connection closed by 107.152.45.37 port 59600 [preauth]
Oct 14 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: Invalid user orangepi from 107.152.45.37
Oct 14 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: input_userauth_request: invalid user orangepi [preauth]
Oct 14 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: Failed password for invalid user orangepi from 107.152.45.37 port 60220 ssh2
Oct 14 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: Connection closed by 107.152.45.37 port 60220 [preauth]
Oct 14 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16938]: Failed password for root from 107.152.45.37 port 60222 ssh2
Oct 14 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16938]: Connection closed by 107.152.45.37 port 60222 [preauth]
Oct 14 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16978]: Invalid user ubuntu from 107.152.45.37
Oct 14 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16978]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16978]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16978]: Failed password for invalid user ubuntu from 107.152.45.37 port 60232 ssh2
Oct 14 09:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16978]: Connection closed by 107.152.45.37 port 60232 [preauth]
Oct 14 09:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16989]: Failed password for root from 107.152.45.37 port 60234 ssh2
Oct 14 09:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: Invalid user ubuntu from 107.152.45.37
Oct 14 09:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 09:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16989]: Connection closed by 107.152.45.37 port 60234 [preauth]
Oct 14 09:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17044]: Invalid user jenkins from 107.152.45.37
Oct 14 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17044]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17044]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: Invalid user agent from 143.198.71.38
Oct 14 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: input_userauth_request: invalid user agent [preauth]
Oct 14 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 09:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: Failed password for invalid user ubuntu from 107.152.45.37 port 60240 ssh2
Oct 14 09:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17034]: Connection closed by 107.152.45.37 port 60240 [preauth]
Oct 14 09:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: Invalid user ubnt from 107.152.45.37
Oct 14 09:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: input_userauth_request: invalid user ubnt [preauth]
Oct 14 09:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17044]: Failed password for invalid user jenkins from 107.152.45.37 port 60248 ssh2
Oct 14 09:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17044]: Connection closed by 107.152.45.37 port 60248 [preauth]
Oct 14 09:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: Failed password for invalid user agent from 143.198.71.38 port 42520 ssh2
Oct 14 09:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: Received disconnect from 143.198.71.38 port 42520:11: Bye Bye [preauth]
Oct 14 09:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17050]: Disconnected from 143.198.71.38 port 42520 [preauth]
Oct 14 09:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: Invalid user ubnt from 107.152.45.37
Oct 14 09:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: input_userauth_request: invalid user ubnt [preauth]
Oct 14 09:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13655]: pam_unix(cron:session): session closed for user root
Oct 14 09:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16785]: pam_unix(cron:session): session closed for user root
Oct 14 09:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: Failed password for invalid user ubnt from 107.152.45.37 port 60264 ssh2
Oct 14 09:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: Connection closed by 107.152.45.37 port 60264 [preauth]
Oct 14 09:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: Invalid user dspace from 107.152.45.37
Oct 14 09:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: input_userauth_request: invalid user dspace [preauth]
Oct 14 09:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: Failed password for invalid user ubnt from 107.152.45.37 port 60266 ssh2
Oct 14 09:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: Connection closed by 107.152.45.37 port 60266 [preauth]
Oct 14 09:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17158]: Invalid user pi from 107.152.45.37
Oct 14 09:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17158]: input_userauth_request: invalid user pi [preauth]
Oct 14 09:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17158]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: Failed password for invalid user dspace from 107.152.45.37 port 60280 ssh2
Oct 14 09:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: Connection closed by 107.152.45.37 port 60280 [preauth]
Oct 14 09:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17158]: Failed password for invalid user pi from 107.152.45.37 port 60286 ssh2
Oct 14 09:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17158]: Connection closed by 107.152.45.37 port 60286 [preauth]
Oct 14 09:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: Invalid user debian from 107.152.45.37
Oct 14 09:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: input_userauth_request: invalid user debian [preauth]
Oct 14 09:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: Failed password for root from 107.152.45.37 port 47466 ssh2
Oct 14 09:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: Connection closed by 107.152.45.37 port 47466 [preauth]
Oct 14 09:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17191]: Invalid user devops from 107.152.45.37
Oct 14 09:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17191]: input_userauth_request: invalid user devops [preauth]
Oct 14 09:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17191]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: Failed password for invalid user debian from 107.152.45.37 port 47480 ssh2
Oct 14 09:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17172]: Connection closed by 107.152.45.37 port 47480 [preauth]
Oct 14 09:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: Invalid user odoo from 107.152.45.37
Oct 14 09:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: input_userauth_request: invalid user odoo [preauth]
Oct 14 09:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: Failed password for invalid user odoo from 107.152.45.37 port 47498 ssh2
Oct 14 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17191]: Failed password for invalid user devops from 107.152.45.37 port 47488 ssh2
Oct 14 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17195]: Connection closed by 107.152.45.37 port 47498 [preauth]
Oct 14 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17191]: Connection closed by 107.152.45.37 port 47488 [preauth]
Oct 14 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17203]: Invalid user ts3 from 107.152.45.37
Oct 14 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17203]: input_userauth_request: invalid user ts3 [preauth]
Oct 14 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17203]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17203]: Failed password for invalid user ts3 from 107.152.45.37 port 47512 ssh2
Oct 14 09:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: Failed password for root from 107.152.45.37 port 47510 ssh2
Oct 14 09:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17201]: Connection closed by 107.152.45.37 port 47510 [preauth]
Oct 14 09:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17203]: Connection closed by 107.152.45.37 port 47512 [preauth]
Oct 14 09:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17223]: Invalid user vpn from 107.152.45.37
Oct 14 09:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17223]: input_userauth_request: invalid user vpn [preauth]
Oct 14 09:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Invalid user postgres from 107.152.45.37
Oct 14 09:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: input_userauth_request: invalid user postgres [preauth]
Oct 14 09:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17223]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16783]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17223]: Failed password for invalid user vpn from 107.152.45.37 port 47516 ssh2
Oct 14 09:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Failed password for invalid user postgres from 107.152.45.37 port 47526 ssh2
Oct 14 09:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17223]: Connection closed by 107.152.45.37 port 47516 [preauth]
Oct 14 09:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Connection closed by 107.152.45.37 port 47526 [preauth]
Oct 14 09:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: Invalid user debian from 107.152.45.37
Oct 14 09:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: input_userauth_request: invalid user debian [preauth]
Oct 14 09:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: Failed password for invalid user debian from 107.152.45.37 port 39510 ssh2
Oct 14 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17246]: Failed password for root from 107.152.45.37 port 39504 ssh2
Oct 14 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: Connection closed by 107.152.45.37 port 39510 [preauth]
Oct 14 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17246]: Connection closed by 107.152.45.37 port 39504 [preauth]
Oct 14 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: Invalid user deployer from 107.152.45.37
Oct 14 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: input_userauth_request: invalid user deployer [preauth]
Oct 14 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: Invalid user ubuntu from 107.152.45.37
Oct 14 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: Failed password for invalid user deployer from 107.152.45.37 port 39518 ssh2
Oct 14 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: Failed password for invalid user ubuntu from 107.152.45.37 port 39530 ssh2
Oct 14 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: Connection closed by 107.152.45.37 port 39518 [preauth]
Oct 14 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: Connection closed by 107.152.45.37 port 39530 [preauth]
Oct 14 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17272]: Invalid user minecraft from 107.152.45.37
Oct 14 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17272]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17272]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17270]: Failed password for root from 107.152.45.37 port 39544 ssh2
Oct 14 09:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17272]: Failed password for invalid user minecraft from 107.152.45.37 port 39554 ssh2
Oct 14 09:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17270]: Connection closed by 107.152.45.37 port 39544 [preauth]
Oct 14 09:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17272]: Connection closed by 107.152.45.37 port 39554 [preauth]
Oct 14 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Invalid user kafka from 107.152.45.37
Oct 14 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: input_userauth_request: invalid user kafka [preauth]
Oct 14 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: Invalid user ftpuser from 107.152.45.37
Oct 14 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Failed password for invalid user kafka from 107.152.45.37 port 39570 ssh2
Oct 14 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: Failed password for invalid user ftpuser from 107.152.45.37 port 39578 ssh2
Oct 14 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Connection closed by 107.152.45.37 port 39570 [preauth]
Oct 14 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: Connection closed by 107.152.45.37 port 39578 [preauth]
Oct 14 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17344]: Invalid user ansible from 107.152.45.37
Oct 14 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17344]: input_userauth_request: invalid user ansible [preauth]
Oct 14 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17344]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: Invalid user deploy from 107.152.45.37
Oct 14 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: input_userauth_request: invalid user deploy [preauth]
Oct 14 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: Invalid user deploy from 196.251.84.92
Oct 14 09:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: input_userauth_request: invalid user deploy [preauth]
Oct 14 09:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17344]: Failed password for invalid user ansible from 107.152.45.37 port 39588 ssh2
Oct 14 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17344]: Connection closed by 107.152.45.37 port 39588 [preauth]
Oct 14 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: Failed password for invalid user deploy from 107.152.45.37 port 39600 ssh2
Oct 14 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: Connection closed by 107.152.45.37 port 39600 [preauth]
Oct 14 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: Invalid user admin from 107.152.45.37
Oct 14 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: input_userauth_request: invalid user admin [preauth]
Oct 14 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17354]: Invalid user vagrant from 107.152.45.37
Oct 14 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17354]: input_userauth_request: invalid user vagrant [preauth]
Oct 14 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17354]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: Invalid user vishal from 45.41.207.223
Oct 14 09:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: input_userauth_request: invalid user vishal [preauth]
Oct 14 09:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 09:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: Failed password for invalid user deploy from 196.251.84.92 port 53296 ssh2
Oct 14 09:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: Connection closed by 196.251.84.92 port 53296 [preauth]
Oct 14 09:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15783]: pam_unix(cron:session): session closed for user root
Oct 14 09:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: Failed password for invalid user vishal from 45.41.207.223 port 55732 ssh2
Oct 14 09:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: Received disconnect from 45.41.207.223 port 55732:11: Bye Bye [preauth]
Oct 14 09:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17356]: Disconnected from 45.41.207.223 port 55732 [preauth]
Oct 14 09:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: Failed password for invalid user admin from 107.152.45.37 port 37418 ssh2
Oct 14 09:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17354]: Failed password for invalid user vagrant from 107.152.45.37 port 37432 ssh2
Oct 14 09:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: Connection closed by 107.152.45.37 port 37418 [preauth]
Oct 14 09:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17354]: Connection closed by 107.152.45.37 port 37432 [preauth]
Oct 14 09:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: Failed password for root from 107.152.45.37 port 37444 ssh2
Oct 14 09:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: Failed password for root from 107.152.45.37 port 37454 ssh2
Oct 14 09:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: Connection closed by 107.152.45.37 port 37444 [preauth]
Oct 14 09:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17375]: Connection closed by 107.152.45.37 port 37454 [preauth]
Oct 14 09:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: Invalid user ubuntu from 107.152.45.37
Oct 14 09:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 09:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: Invalid user user from 107.152.45.37
Oct 14 09:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: input_userauth_request: invalid user user [preauth]
Oct 14 09:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: Failed password for invalid user ubuntu from 107.152.45.37 port 37462 ssh2
Oct 14 09:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17396]: Connection closed by 107.152.45.37 port 37462 [preauth]
Oct 14 09:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: Failed password for invalid user user from 107.152.45.37 port 37476 ssh2
Oct 14 09:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17398]: Connection closed by 107.152.45.37 port 37476 [preauth]
Oct 14 09:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: Invalid user user from 107.152.45.37
Oct 14 09:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: input_userauth_request: invalid user user [preauth]
Oct 14 09:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17411]: Failed password for root from 107.152.45.37 port 37490 ssh2
Oct 14 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17411]: Connection closed by 107.152.45.37 port 37490 [preauth]
Oct 14 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: Failed password for invalid user user from 107.152.45.37 port 37478 ssh2
Oct 14 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: Connection closed by 107.152.45.37 port 37478 [preauth]
Oct 14 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17415]: Invalid user linaro from 107.152.45.37
Oct 14 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17415]: input_userauth_request: invalid user linaro [preauth]
Oct 14 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17415]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17400]: Invalid user user from 196.251.84.140
Oct 14 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17400]: input_userauth_request: invalid user user [preauth]
Oct 14 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17400]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 09:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17415]: Failed password for invalid user linaro from 107.152.45.37 port 56042 ssh2
Oct 14 09:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17415]: Connection closed by 107.152.45.37 port 56042 [preauth]
Oct 14 09:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17417]: Failed password for root from 107.152.45.37 port 56058 ssh2
Oct 14 09:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17417]: Connection closed by 107.152.45.37 port 56058 [preauth]
Oct 14 09:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Invalid user linaro from 107.152.45.37
Oct 14 09:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: input_userauth_request: invalid user linaro [preauth]
Oct 14 09:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17400]: Failed password for invalid user user from 196.251.84.140 port 47072 ssh2
Oct 14 09:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17400]: Connection closed by 196.251.84.140 port 47072 [preauth]
Oct 14 09:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Failed password for root from 107.152.45.37 port 56068 ssh2
Oct 14 09:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Connection closed by 107.152.45.37 port 56068 [preauth]
Oct 14 09:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Failed password for invalid user linaro from 107.152.45.37 port 56076 ssh2
Oct 14 09:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Connection closed by 107.152.45.37 port 56076 [preauth]
Oct 14 09:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: Failed password for root from 107.152.45.37 port 56092 ssh2
Oct 14 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: Connection closed by 107.152.45.37 port 56092 [preauth]
Oct 14 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Failed password for root from 107.152.45.37 port 56100 ssh2
Oct 14 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17446]: Connection closed by 107.152.45.37 port 56100 [preauth]
Oct 14 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17457]: Invalid user git from 107.152.45.37
Oct 14 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17457]: input_userauth_request: invalid user git [preauth]
Oct 14 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17457]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: Invalid user deploy from 107.152.45.37
Oct 14 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: input_userauth_request: invalid user deploy [preauth]
Oct 14 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17457]: Failed password for invalid user git from 107.152.45.37 port 56110 ssh2
Oct 14 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17457]: Connection closed by 107.152.45.37 port 56110 [preauth]
Oct 14 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: Failed password for invalid user deploy from 107.152.45.37 port 56126 ssh2
Oct 14 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: Connection closed by 107.152.45.37 port 56126 [preauth]
Oct 14 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17464]: Invalid user deploy from 107.152.45.37
Oct 14 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17464]: input_userauth_request: invalid user deploy [preauth]
Oct 14 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17464]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17464]: Failed password for invalid user deploy from 107.152.45.37 port 35144 ssh2
Oct 14 09:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17464]: Connection closed by 107.152.45.37 port 35144 [preauth]
Oct 14 09:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: Failed password for root from 107.152.45.37 port 35150 ssh2
Oct 14 09:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: Connection closed by 107.152.45.37 port 35150 [preauth]
Oct 14 09:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: Invalid user es from 107.152.45.37
Oct 14 09:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: input_userauth_request: invalid user es [preauth]
Oct 14 09:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: Failed password for invalid user es from 107.152.45.37 port 35164 ssh2
Oct 14 09:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: Connection closed by 107.152.45.37 port 35164 [preauth]
Oct 14 09:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: Failed password for root from 107.152.45.37 port 35174 ssh2
Oct 14 09:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: Connection closed by 107.152.45.37 port 35174 [preauth]
Oct 14 09:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17485]: Invalid user test from 107.152.45.37
Oct 14 09:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17485]: input_userauth_request: invalid user test [preauth]
Oct 14 09:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17485]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Failed password for root from 107.152.45.37 port 35182 ssh2
Oct 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Connection closed by 107.152.45.37 port 35182 [preauth]
Oct 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17485]: Failed password for invalid user test from 107.152.45.37 port 35198 ssh2
Oct 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17490]: Invalid user jenkins from 107.152.45.37
Oct 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17490]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17490]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17485]: Connection closed by 107.152.45.37 port 35198 [preauth]
Oct 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17499]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17498]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.128.176  user=root
Oct 14 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17490]: Failed password for invalid user jenkins from 107.152.45.37 port 35214 ssh2
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17490]: Connection closed by 107.152.45.37 port 35214 [preauth]
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17574]: Successful su for rubyman by root
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: Invalid user oracle from 107.152.45.37
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: input_userauth_request: invalid user oracle [preauth]
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17574]: + ??? root:rubyman
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17488]: Failed password for root from 118.70.128.176 port 42133 ssh2
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410348 of user rubyman.
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17574]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410348.
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17492]: Failed password for root from 107.152.45.37 port 35226 ssh2
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17492]: Connection closed by 107.152.45.37 port 35226 [preauth]
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17488]: Received disconnect from 118.70.128.176 port 42133:11: Bye Bye [preauth]
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17488]: Disconnected from 118.70.128.176 port 42133 [preauth]
Oct 14 09:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: Failed password for invalid user oracle from 107.152.45.37 port 35232 ssh2
Oct 14 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: Connection closed by 107.152.45.37 port 35232 [preauth]
Oct 14 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: Invalid user test from 107.152.45.37
Oct 14 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: input_userauth_request: invalid user test [preauth]
Oct 14 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17605]: Failed password for root from 107.152.45.37 port 35240 ssh2
Oct 14 09:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17605]: Connection closed by 107.152.45.37 port 35240 [preauth]
Oct 14 09:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17677]: Invalid user devops from 107.152.45.37
Oct 14 09:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17677]: input_userauth_request: invalid user devops [preauth]
Oct 14 09:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17677]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17677]: Failed password for invalid user devops from 107.152.45.37 port 51936 ssh2
Oct 14 09:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17677]: Connection closed by 107.152.45.37 port 51936 [preauth]
Oct 14 09:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: Failed password for invalid user test from 107.152.45.37 port 51926 ssh2
Oct 14 09:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17649]: Connection closed by 107.152.45.37 port 51926 [preauth]
Oct 14 09:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17707]: Invalid user test from 107.152.45.37
Oct 14 09:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17707]: input_userauth_request: invalid user test [preauth]
Oct 14 09:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17707]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41  user=root
Oct 14 09:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17729]: Invalid user s from 164.68.105.9
Oct 14 09:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17729]: input_userauth_request: invalid user s [preauth]
Oct 14 09:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17729]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 14 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: Failed password for root from 107.152.45.37 port 51944 ssh2
Oct 14 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: Connection closed by 107.152.45.37 port 51944 [preauth]
Oct 14 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17707]: Failed password for invalid user test from 107.152.45.37 port 51954 ssh2
Oct 14 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Invalid user pi from 107.152.45.37
Oct 14 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: input_userauth_request: invalid user pi [preauth]
Oct 14 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17707]: Connection closed by 107.152.45.37 port 51954 [preauth]
Oct 14 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: Invalid user pi from 107.152.45.37
Oct 14 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: input_userauth_request: invalid user pi [preauth]
Oct 14 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: Failed password for root from 34.57.181.41 port 38704 ssh2
Oct 14 09:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: Received disconnect from 34.57.181.41 port 38704:11: Bye Bye [preauth]
Oct 14 09:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: Disconnected from 34.57.181.41 port 38704 [preauth]
Oct 14 09:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17729]: Failed password for invalid user s from 164.68.105.9 port 57306 ssh2
Oct 14 09:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17729]: Connection closed by 164.68.105.9 port 57306 [preauth]
Oct 14 09:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Failed password for invalid user pi from 107.152.45.37 port 51964 ssh2
Oct 14 09:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Connection closed by 107.152.45.37 port 51964 [preauth]
Oct 14 09:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: Failed password for invalid user pi from 107.152.45.37 port 51976 ssh2
Oct 14 09:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: Connection closed by 107.152.45.37 port 51976 [preauth]
Oct 14 09:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: Invalid user ubuntu from 107.152.45.37
Oct 14 09:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 09:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14245]: pam_unix(cron:session): session closed for user root
Oct 14 09:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: Failed password for root from 107.152.45.37 port 51982 ssh2
Oct 14 09:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: Connection closed by 107.152.45.37 port 51982 [preauth]
Oct 14 09:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: Failed password for invalid user ubuntu from 107.152.45.37 port 51992 ssh2
Oct 14 09:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: Connection closed by 107.152.45.37 port 51992 [preauth]
Oct 14 09:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: Invalid user devuser from 107.152.45.37
Oct 14 09:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: input_userauth_request: invalid user devuser [preauth]
Oct 14 09:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: Failed password for invalid user devuser from 107.152.45.37 port 44088 ssh2
Oct 14 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: Connection closed by 107.152.45.37 port 44088 [preauth]
Oct 14 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: Failed password for root from 107.152.45.37 port 44098 ssh2
Oct 14 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17901]: Connection closed by 107.152.45.37 port 44098 [preauth]
Oct 14 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Invalid user deploy from 107.152.45.37
Oct 14 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: input_userauth_request: invalid user deploy [preauth]
Oct 14 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: Invalid user deploy from 107.152.45.37
Oct 14 09:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: input_userauth_request: invalid user deploy [preauth]
Oct 14 09:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Failed password for invalid user deploy from 107.152.45.37 port 44106 ssh2
Oct 14 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Connection closed by 107.152.45.37 port 44106 [preauth]
Oct 14 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17497]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17947]: Invalid user postgres from 107.152.45.37
Oct 14 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17947]: input_userauth_request: invalid user postgres [preauth]
Oct 14 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17947]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: Failed password for invalid user deploy from 107.152.45.37 port 44120 ssh2
Oct 14 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17928]: Connection closed by 107.152.45.37 port 44120 [preauth]
Oct 14 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: Invalid user deployer from 107.152.45.37
Oct 14 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: input_userauth_request: invalid user deployer [preauth]
Oct 14 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17947]: Failed password for invalid user postgres from 107.152.45.37 port 44136 ssh2
Oct 14 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17947]: Connection closed by 107.152.45.37 port 44136 [preauth]
Oct 14 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: Invalid user ubuntu from 107.152.45.37
Oct 14 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: Failed password for invalid user deployer from 107.152.45.37 port 44152 ssh2
Oct 14 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17956]: Connection closed by 107.152.45.37 port 44152 [preauth]
Oct 14 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17970]: Invalid user admin from 107.152.45.37
Oct 14 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17970]: input_userauth_request: invalid user admin [preauth]
Oct 14 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17970]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: Failed password for invalid user ubuntu from 107.152.45.37 port 44158 ssh2
Oct 14 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: Connection closed by 107.152.45.37 port 44158 [preauth]
Oct 14 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17975]: Invalid user postgres from 107.152.45.37
Oct 14 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17975]: input_userauth_request: invalid user postgres [preauth]
Oct 14 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17970]: Failed password for invalid user admin from 107.152.45.37 port 44172 ssh2
Oct 14 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17975]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17970]: Connection closed by 107.152.45.37 port 44172 [preauth]
Oct 14 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: Invalid user testuser from 107.152.45.37
Oct 14 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: input_userauth_request: invalid user testuser [preauth]
Oct 14 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218  user=root
Oct 14 09:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17975]: Failed password for invalid user postgres from 107.152.45.37 port 34012 ssh2
Oct 14 09:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17975]: Connection closed by 107.152.45.37 port 34012 [preauth]
Oct 14 09:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: Failed password for invalid user testuser from 107.152.45.37 port 34018 ssh2
Oct 14 09:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: Connection closed by 107.152.45.37 port 34018 [preauth]
Oct 14 09:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: Invalid user hadoop from 107.152.45.37
Oct 14 09:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 09:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17972]: Failed password for root from 187.33.251.218 port 39734 ssh2
Oct 14 09:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17972]: Received disconnect from 187.33.251.218 port 39734:11: Bye Bye [preauth]
Oct 14 09:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17972]: Disconnected from 187.33.251.218 port 39734 [preauth]
Oct 14 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: Failed password for invalid user hadoop from 107.152.45.37 port 34022 ssh2
Oct 14 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: Connection closed by 107.152.45.37 port 34022 [preauth]
Oct 14 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: Failed password for root from 107.152.45.37 port 34034 ssh2
Oct 14 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: Connection closed by 107.152.45.37 port 34034 [preauth]
Oct 14 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: Invalid user oracle from 107.152.45.37
Oct 14 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: input_userauth_request: invalid user oracle [preauth]
Oct 14 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Invalid user kafka from 107.152.45.37
Oct 14 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: input_userauth_request: invalid user kafka [preauth]
Oct 14 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: Failed password for invalid user oracle from 107.152.45.37 port 34046 ssh2
Oct 14 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: Connection closed by 107.152.45.37 port 34046 [preauth]
Oct 14 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Failed password for invalid user kafka from 107.152.45.37 port 34050 ssh2
Oct 14 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: Invalid user admin from 107.152.45.37
Oct 14 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: input_userauth_request: invalid user admin [preauth]
Oct 14 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Connection closed by 107.152.45.37 port 34050 [preauth]
Oct 14 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: Invalid user devopsuser from 107.152.45.37
Oct 14 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: input_userauth_request: invalid user devopsuser [preauth]
Oct 14 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: Failed password for invalid user admin from 107.152.45.37 port 34058 ssh2
Oct 14 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: Connection closed by 107.152.45.37 port 34058 [preauth]
Oct 14 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: Failed password for invalid user devopsuser from 107.152.45.37 port 34074 ssh2
Oct 14 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: Connection closed by 107.152.45.37 port 34074 [preauth]
Oct 14 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18037]: Invalid user ubuntu from 107.152.45.37
Oct 14 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18037]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18037]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: Invalid user odroid from 107.152.45.37
Oct 14 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: input_userauth_request: invalid user odroid [preauth]
Oct 14 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 09:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18037]: Failed password for invalid user ubuntu from 107.152.45.37 port 34078 ssh2
Oct 14 09:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18037]: Connection closed by 107.152.45.37 port 34078 [preauth]
Oct 14 09:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: Failed password for invalid user odroid from 107.152.45.37 port 34080 ssh2
Oct 14 09:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: Connection closed by 107.152.45.37 port 34080 [preauth]
Oct 14 09:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 09:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16249]: pam_unix(cron:session): session closed for user root
Oct 14 09:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: Failed password for root from 107.152.45.37 port 55900 ssh2
Oct 14 09:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: Connection closed by 107.152.45.37 port 55900 [preauth]
Oct 14 09:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18050]: Failed password for root from 107.152.45.37 port 55908 ssh2
Oct 14 09:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18050]: Connection closed by 107.152.45.37 port 55908 [preauth]
Oct 14 09:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18125]: Invalid user botuser from 143.198.71.38
Oct 14 09:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18125]: input_userauth_request: invalid user botuser [preauth]
Oct 14 09:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18125]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 09:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18125]: Failed password for invalid user botuser from 143.198.71.38 port 57458 ssh2
Oct 14 09:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18125]: Received disconnect from 143.198.71.38 port 57458:11: Bye Bye [preauth]
Oct 14 09:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18125]: Disconnected from 143.198.71.38 port 57458 [preauth]
Oct 14 09:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18237]: Invalid user deploy from 196.251.84.92
Oct 14 09:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18237]: input_userauth_request: invalid user deploy [preauth]
Oct 14 09:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18237]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18237]: Failed password for invalid user deploy from 196.251.84.92 port 34168 ssh2
Oct 14 09:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18237]: Connection closed by 196.251.84.92 port 34168 [preauth]
Oct 14 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18258]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18259]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18255]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18441]: Successful su for rubyman by root
Oct 14 09:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18441]: + ??? root:rubyman
Oct 14 09:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410353 of user rubyman.
Oct 14 09:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18441]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410353.
Oct 14 09:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14726]: pam_unix(cron:session): session closed for user root
Oct 14 09:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: Invalid user o2 from 47.250.81.225
Oct 14 09:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: input_userauth_request: invalid user o2 [preauth]
Oct 14 09:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.250.81.225
Oct 14 09:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18658]: Invalid user weblogic from 45.41.207.223
Oct 14 09:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18658]: input_userauth_request: invalid user weblogic [preauth]
Oct 14 09:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18658]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 09:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: Failed password for invalid user o2 from 47.250.81.225 port 45430 ssh2
Oct 14 09:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: Received disconnect from 47.250.81.225 port 45430:11: Bye Bye [preauth]
Oct 14 09:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18620]: Disconnected from 47.250.81.225 port 45430 [preauth]
Oct 14 09:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18658]: Failed password for invalid user weblogic from 45.41.207.223 port 57986 ssh2
Oct 14 09:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18658]: Received disconnect from 45.41.207.223 port 57986:11: Bye Bye [preauth]
Oct 14 09:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18658]: Disconnected from 45.41.207.223 port 57986 [preauth]
Oct 14 09:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18256]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: Invalid user ftpuser from 34.57.181.41
Oct 14 09:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 09:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 09:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: Failed password for invalid user ftpuser from 34.57.181.41 port 43394 ssh2
Oct 14 09:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: Received disconnect from 34.57.181.41 port 43394:11: Bye Bye [preauth]
Oct 14 09:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: Disconnected from 34.57.181.41 port 43394 [preauth]
Oct 14 09:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16787]: pam_unix(cron:session): session closed for user root
Oct 14 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18851]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18850]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18848]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18935]: Successful su for rubyman by root
Oct 14 09:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18935]: + ??? root:rubyman
Oct 14 09:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410356 of user rubyman.
Oct 14 09:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18935]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410356.
Oct 14 09:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15328]: pam_unix(cron:session): session closed for user root
Oct 14 09:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19252]: Invalid user deploy from 196.251.84.92
Oct 14 09:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19252]: input_userauth_request: invalid user deploy [preauth]
Oct 14 09:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19252]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Invalid user snipe from 187.33.251.218
Oct 14 09:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: input_userauth_request: invalid user snipe [preauth]
Oct 14 09:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19252]: Failed password for invalid user deploy from 196.251.84.92 port 43186 ssh2
Oct 14 09:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19252]: Connection closed by 196.251.84.92 port 43186 [preauth]
Oct 14 09:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.128.176  user=root
Oct 14 09:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Failed password for invalid user snipe from 187.33.251.218 port 34889 ssh2
Oct 14 09:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Received disconnect from 187.33.251.218 port 34889:11: Bye Bye [preauth]
Oct 14 09:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Disconnected from 187.33.251.218 port 34889 [preauth]
Oct 14 09:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: Failed password for root from 118.70.128.176 port 42186 ssh2
Oct 14 09:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: Received disconnect from 118.70.128.176 port 42186:11: Bye Bye [preauth]
Oct 14 09:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: Disconnected from 118.70.128.176 port 42186 [preauth]
Oct 14 09:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18849]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19559]: Invalid user odoo17 from 143.198.71.38
Oct 14 09:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19559]: input_userauth_request: invalid user odoo17 [preauth]
Oct 14 09:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19559]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 09:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19559]: Failed password for invalid user odoo17 from 143.198.71.38 port 58036 ssh2
Oct 14 09:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19559]: Received disconnect from 143.198.71.38 port 58036:11: Bye Bye [preauth]
Oct 14 09:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19559]: Disconnected from 143.198.71.38 port 58036 [preauth]
Oct 14 09:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17499]: pam_unix(cron:session): session closed for user root
Oct 14 09:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44  user=root
Oct 14 09:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: Failed password for root from 123.58.196.44 port 60184 ssh2
Oct 14 09:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: Received disconnect from 123.58.196.44 port 60184:11: Bye Bye [preauth]
Oct 14 09:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19614]: Disconnected from 123.58.196.44 port 60184 [preauth]
Oct 14 09:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: Invalid user odoo from 45.41.207.223
Oct 14 09:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: input_userauth_request: invalid user odoo [preauth]
Oct 14 09:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 09:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: Failed password for invalid user odoo from 45.41.207.223 port 55792 ssh2
Oct 14 09:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: Received disconnect from 45.41.207.223 port 55792:11: Bye Bye [preauth]
Oct 14 09:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: Disconnected from 45.41.207.223 port 55792 [preauth]
Oct 14 09:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19732]: Invalid user wpyan from 34.57.181.41
Oct 14 09:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19732]: input_userauth_request: invalid user wpyan [preauth]
Oct 14 09:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19732]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 09:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19732]: Failed password for invalid user wpyan from 34.57.181.41 port 48084 ssh2
Oct 14 09:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19732]: Received disconnect from 34.57.181.41 port 48084:11: Bye Bye [preauth]
Oct 14 09:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19732]: Disconnected from 34.57.181.41 port 48084 [preauth]
Oct 14 09:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: Invalid user user from 196.251.84.140
Oct 14 09:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: input_userauth_request: invalid user user [preauth]
Oct 14 09:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 09:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: Failed password for invalid user user from 196.251.84.140 port 40834 ssh2
Oct 14 09:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: Connection closed by 196.251.84.140 port 40834 [preauth]
Oct 14 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19779]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19767]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19770]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19765]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19869]: Successful su for rubyman by root
Oct 14 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19869]: + ??? root:rubyman
Oct 14 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410362 of user rubyman.
Oct 14 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19869]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410362.
Oct 14 09:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15782]: pam_unix(cron:session): session closed for user root
Oct 14 09:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19767]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20186]: Invalid user deploy from 196.251.84.92
Oct 14 09:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20186]: input_userauth_request: invalid user deploy [preauth]
Oct 14 09:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20186]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20186]: Failed password for invalid user deploy from 196.251.84.92 port 52240 ssh2
Oct 14 09:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20186]: Connection closed by 196.251.84.92 port 52240 [preauth]
Oct 14 09:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18259]: pam_unix(cron:session): session closed for user root
Oct 14 09:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20272]: Invalid user ec2-user from 47.250.81.225
Oct 14 09:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20272]: input_userauth_request: invalid user ec2-user [preauth]
Oct 14 09:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20272]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.250.81.225
Oct 14 09:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20272]: Failed password for invalid user ec2-user from 47.250.81.225 port 48456 ssh2
Oct 14 09:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20272]: Received disconnect from 47.250.81.225 port 48456:11: Bye Bye [preauth]
Oct 14 09:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20272]: Disconnected from 47.250.81.225 port 48456 [preauth]
Oct 14 09:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20329]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20331]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20330]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20333]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20333]: pam_unix(cron:session): session closed for user root
Oct 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20327]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: Invalid user wallabag from 187.33.251.218
Oct 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: input_userauth_request: invalid user wallabag [preauth]
Oct 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20424]: Successful su for rubyman by root
Oct 14 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20424]: + ??? root:rubyman
Oct 14 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410367 of user rubyman.
Oct 14 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20424]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410367.
Oct 14 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: Failed password for invalid user wallabag from 187.33.251.218 port 8281 ssh2
Oct 14 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: Received disconnect from 187.33.251.218 port 8281:11: Bye Bye [preauth]
Oct 14 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: Disconnected from 187.33.251.218 port 8281 [preauth]
Oct 14 09:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41  user=root
Oct 14 09:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20329]: pam_unix(cron:session): session closed for user root
Oct 14 09:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16246]: pam_unix(cron:session): session closed for user root
Oct 14 09:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: Failed password for root from 34.57.181.41 port 52756 ssh2
Oct 14 09:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: Received disconnect from 34.57.181.41 port 52756:11: Bye Bye [preauth]
Oct 14 09:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: Disconnected from 34.57.181.41 port 52756 [preauth]
Oct 14 09:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: Invalid user postgres from 143.198.71.38
Oct 14 09:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: input_userauth_request: invalid user postgres [preauth]
Oct 14 09:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 09:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: Failed password for invalid user postgres from 143.198.71.38 port 57508 ssh2
Oct 14 09:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: Received disconnect from 143.198.71.38 port 57508:11: Bye Bye [preauth]
Oct 14 09:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20650]: Disconnected from 143.198.71.38 port 57508 [preauth]
Oct 14 09:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20328]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: Invalid user postgres from 45.41.207.223
Oct 14 09:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: input_userauth_request: invalid user postgres [preauth]
Oct 14 09:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 09:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: Failed password for invalid user postgres from 45.41.207.223 port 44642 ssh2
Oct 14 09:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: Received disconnect from 45.41.207.223 port 44642:11: Bye Bye [preauth]
Oct 14 09:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: Disconnected from 45.41.207.223 port 44642 [preauth]
Oct 14 09:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 09:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20729]: Failed password for root from 80.211.129.128 port 49028 ssh2
Oct 14 09:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20729]: Connection closed by 80.211.129.128 port 49028 [preauth]
Oct 14 09:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18851]: pam_unix(cron:session): session closed for user root
Oct 14 09:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: Invalid user deploy from 196.251.84.92
Oct 14 09:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: input_userauth_request: invalid user deploy [preauth]
Oct 14 09:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: Failed password for invalid user deploy from 196.251.84.92 port 33040 ssh2
Oct 14 09:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: Connection closed by 196.251.84.92 port 33040 [preauth]
Oct 14 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20843]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20842]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20841]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20840]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20840]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20919]: Successful su for rubyman by root
Oct 14 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20919]: + ??? root:rubyman
Oct 14 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410371 of user rubyman.
Oct 14 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20919]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410371.
Oct 14 09:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: Invalid user ocean from 107.170.232.33
Oct 14 09:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: input_userauth_request: invalid user ocean [preauth]
Oct 14 09:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33
Oct 14 09:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16786]: pam_unix(cron:session): session closed for user root
Oct 14 09:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: Failed password for invalid user ocean from 107.170.232.33 port 46446 ssh2
Oct 14 09:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: Received disconnect from 107.170.232.33 port 46446:11: Bye Bye [preauth]
Oct 14 09:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: Disconnected from 107.170.232.33 port 46446 [preauth]
Oct 14 09:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20841]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: Invalid user ftpuser from 34.57.181.41
Oct 14 09:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 09:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 09:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: Failed password for invalid user ftpuser from 34.57.181.41 port 57432 ssh2
Oct 14 09:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: Received disconnect from 34.57.181.41 port 57432:11: Bye Bye [preauth]
Oct 14 09:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: Disconnected from 34.57.181.41 port 57432 [preauth]
Oct 14 09:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: Invalid user omid from 111.198.221.98
Oct 14 09:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: input_userauth_request: invalid user omid [preauth]
Oct 14 09:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.198.221.98
Oct 14 09:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: Failed password for invalid user omid from 111.198.221.98 port 48532 ssh2
Oct 14 09:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: Received disconnect from 111.198.221.98 port 48532:11: Bye Bye [preauth]
Oct 14 09:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: Disconnected from 111.198.221.98 port 48532 [preauth]
Oct 14 09:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19779]: pam_unix(cron:session): session closed for user root
Oct 14 09:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: Invalid user marcelo from 187.33.251.218
Oct 14 09:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: input_userauth_request: invalid user marcelo [preauth]
Oct 14 09:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: Failed password for invalid user marcelo from 187.33.251.218 port 62311 ssh2
Oct 14 09:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: Received disconnect from 187.33.251.218 port 62311:11: Bye Bye [preauth]
Oct 14 09:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21252]: Disconnected from 187.33.251.218 port 62311 [preauth]
Oct 14 09:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21308]: Invalid user testuser from 143.198.71.38
Oct 14 09:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21308]: input_userauth_request: invalid user testuser [preauth]
Oct 14 09:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21308]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 09:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21308]: Failed password for invalid user testuser from 143.198.71.38 port 57626 ssh2
Oct 14 09:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21308]: Received disconnect from 143.198.71.38 port 57626:11: Bye Bye [preauth]
Oct 14 09:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21308]: Disconnected from 143.198.71.38 port 57626 [preauth]
Oct 14 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21374]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21353]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21350]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.125.77  user=root
Oct 14 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: Invalid user django from 45.41.207.223
Oct 14 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: input_userauth_request: invalid user django [preauth]
Oct 14 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21454]: Successful su for rubyman by root
Oct 14 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21454]: + ??? root:rubyman
Oct 14 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410375 of user rubyman.
Oct 14 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21454]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410375.
Oct 14 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: Failed password for root from 118.70.125.77 port 16749 ssh2
Oct 14 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: Received disconnect from 118.70.125.77 port 16749:11: Bye Bye [preauth]
Oct 14 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: Disconnected from 118.70.125.77 port 16749 [preauth]
Oct 14 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21483]: Invalid user deploy from 196.251.84.92
Oct 14 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21483]: input_userauth_request: invalid user deploy [preauth]
Oct 14 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21483]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: Failed password for invalid user django from 45.41.207.223 port 33376 ssh2
Oct 14 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: Received disconnect from 45.41.207.223 port 33376:11: Bye Bye [preauth]
Oct 14 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21448]: Disconnected from 45.41.207.223 port 33376 [preauth]
Oct 14 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21483]: Failed password for invalid user deploy from 196.251.84.92 port 41810 ssh2
Oct 14 09:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21483]: Connection closed by 196.251.84.92 port 41810 [preauth]
Oct 14 09:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: Invalid user marcus from 47.250.81.225
Oct 14 09:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: input_userauth_request: invalid user marcus [preauth]
Oct 14 09:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.250.81.225
Oct 14 09:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: Invalid user user from 196.251.84.140
Oct 14 09:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: input_userauth_request: invalid user user [preauth]
Oct 14 09:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: Failed password for invalid user marcus from 47.250.81.225 port 51472 ssh2
Oct 14 09:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: Received disconnect from 47.250.81.225 port 51472:11: Bye Bye [preauth]
Oct 14 09:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: Disconnected from 47.250.81.225 port 51472 [preauth]
Oct 14 09:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 09:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17498]: pam_unix(cron:session): session closed for user root
Oct 14 09:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: Failed password for invalid user user from 196.251.84.140 port 37204 ssh2
Oct 14 09:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: Connection closed by 196.251.84.140 port 37204 [preauth]
Oct 14 09:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21351]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20331]: pam_unix(cron:session): session closed for user root
Oct 14 09:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: Invalid user csgoserver from 34.57.181.41
Oct 14 09:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: input_userauth_request: invalid user csgoserver [preauth]
Oct 14 09:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 09:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: Failed password for invalid user csgoserver from 34.57.181.41 port 33876 ssh2
Oct 14 09:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: Received disconnect from 34.57.181.41 port 33876:11: Bye Bye [preauth]
Oct 14 09:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21794]: Disconnected from 34.57.181.41 port 33876 [preauth]
Oct 14 09:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: Invalid user ftpuser from 123.58.196.44
Oct 14 09:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 09:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44
Oct 14 09:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: Failed password for invalid user ftpuser from 123.58.196.44 port 59598 ssh2
Oct 14 09:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: Received disconnect from 123.58.196.44 port 59598:11: Bye Bye [preauth]
Oct 14 09:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21818]: Disconnected from 123.58.196.44 port 59598 [preauth]
Oct 14 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21868]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21867]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21853]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21852]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21932]: Successful su for rubyman by root
Oct 14 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21932]: + ??? root:rubyman
Oct 14 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410378 of user rubyman.
Oct 14 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21932]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410378.
Oct 14 09:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.248.35.196  user=root
Oct 14 09:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: Failed password for root from 220.248.35.196 port 48222 ssh2
Oct 14 09:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: Received disconnect from 220.248.35.196 port 48222:11: Bye Bye [preauth]
Oct 14 09:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: Disconnected from 220.248.35.196 port 48222 [preauth]
Oct 14 09:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18258]: pam_unix(cron:session): session closed for user root
Oct 14 09:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21853]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22237]: Invalid user dev from 196.251.84.92
Oct 14 09:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22237]: input_userauth_request: invalid user dev [preauth]
Oct 14 09:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22237]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22237]: Failed password for invalid user dev from 196.251.84.92 port 50590 ssh2
Oct 14 09:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22237]: Connection closed by 196.251.84.92 port 50590 [preauth]
Oct 14 09:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218  user=root
Oct 14 09:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: Invalid user proxyuser from 143.198.71.38
Oct 14 09:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: input_userauth_request: invalid user proxyuser [preauth]
Oct 14 09:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 09:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20843]: pam_unix(cron:session): session closed for user root
Oct 14 09:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22270]: Failed password for root from 187.33.251.218 port 30675 ssh2
Oct 14 09:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22270]: Received disconnect from 187.33.251.218 port 30675:11: Bye Bye [preauth]
Oct 14 09:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22270]: Disconnected from 187.33.251.218 port 30675 [preauth]
Oct 14 09:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: Failed password for invalid user proxyuser from 143.198.71.38 port 53788 ssh2
Oct 14 09:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: Received disconnect from 143.198.71.38 port 53788:11: Bye Bye [preauth]
Oct 14 09:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: Disconnected from 143.198.71.38 port 53788 [preauth]
Oct 14 09:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22320]: Invalid user qclinux from 45.41.207.223
Oct 14 09:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22320]: input_userauth_request: invalid user qclinux [preauth]
Oct 14 09:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22320]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 09:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22320]: Failed password for invalid user qclinux from 45.41.207.223 port 59514 ssh2
Oct 14 09:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22320]: Received disconnect from 45.41.207.223 port 59514:11: Bye Bye [preauth]
Oct 14 09:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22320]: Disconnected from 45.41.207.223 port 59514 [preauth]
Oct 14 09:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22371]: Invalid user clinton from 34.57.181.41
Oct 14 09:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22371]: input_userauth_request: invalid user clinton [preauth]
Oct 14 09:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22371]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22378]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22379]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22374]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22376]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22371]: Failed password for invalid user clinton from 34.57.181.41 port 38564 ssh2
Oct 14 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22371]: Received disconnect from 34.57.181.41 port 38564:11: Bye Bye [preauth]
Oct 14 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22371]: Disconnected from 34.57.181.41 port 38564 [preauth]
Oct 14 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22552]: Successful su for rubyman by root
Oct 14 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22552]: + ??? root:rubyman
Oct 14 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410384 of user rubyman.
Oct 14 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22552]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410384.
Oct 14 09:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22374]: pam_unix(cron:session): session closed for user root
Oct 14 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33  user=root
Oct 14 09:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Failed password for root from 107.170.232.33 port 25820 ssh2
Oct 14 09:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Received disconnect from 107.170.232.33 port 25820:11: Bye Bye [preauth]
Oct 14 09:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Disconnected from 107.170.232.33 port 25820 [preauth]
Oct 14 09:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18850]: pam_unix(cron:session): session closed for user root
Oct 14 09:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22377]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.125.77  user=root
Oct 14 09:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23222]: Failed password for root from 118.70.125.77 port 16784 ssh2
Oct 14 09:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23222]: Received disconnect from 118.70.125.77 port 16784:11: Bye Bye [preauth]
Oct 14 09:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23222]: Disconnected from 118.70.125.77 port 16784 [preauth]
Oct 14 09:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23230]: Invalid user laravel from 47.250.81.225
Oct 14 09:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23230]: input_userauth_request: invalid user laravel [preauth]
Oct 14 09:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23230]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.250.81.225
Oct 14 09:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23230]: Failed password for invalid user laravel from 47.250.81.225 port 54486 ssh2
Oct 14 09:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21374]: pam_unix(cron:session): session closed for user root
Oct 14 09:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23230]: Received disconnect from 47.250.81.225 port 54486:11: Bye Bye [preauth]
Oct 14 09:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23230]: Disconnected from 47.250.81.225 port 54486 [preauth]
Oct 14 09:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: Invalid user dev from 196.251.84.92
Oct 14 09:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: input_userauth_request: invalid user dev [preauth]
Oct 14 09:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: Failed password for invalid user dev from 196.251.84.92 port 59652 ssh2
Oct 14 09:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: Connection closed by 196.251.84.92 port 59652 [preauth]
Oct 14 09:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44  user=root
Oct 14 09:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23304]: Failed password for root from 123.58.196.44 port 54628 ssh2
Oct 14 09:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23304]: Received disconnect from 123.58.196.44 port 54628:11: Bye Bye [preauth]
Oct 14 09:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23304]: Disconnected from 123.58.196.44 port 54628 [preauth]
Oct 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23348]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23350]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23387]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23386]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23387]: pam_unix(cron:session): session closed for user root
Oct 14 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23345]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23756]: Successful su for rubyman by root
Oct 14 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23756]: + ??? root:rubyman
Oct 14 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410387 of user rubyman.
Oct 14 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23756]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410387.
Oct 14 09:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19770]: pam_unix(cron:session): session closed for user root
Oct 14 09:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23348]: pam_unix(cron:session): session closed for user root
Oct 14 09:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41  user=root
Oct 14 09:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: Failed password for root from 34.57.181.41 port 43230 ssh2
Oct 14 09:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: Received disconnect from 34.57.181.41 port 43230:11: Bye Bye [preauth]
Oct 14 09:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23990]: Disconnected from 34.57.181.41 port 43230 [preauth]
Oct 14 09:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24020]: Invalid user akshat from 111.198.221.98
Oct 14 09:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24020]: input_userauth_request: invalid user akshat [preauth]
Oct 14 09:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24020]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.198.221.98
Oct 14 09:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23996]: Invalid user user from 196.251.84.140
Oct 14 09:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23996]: input_userauth_request: invalid user user [preauth]
Oct 14 09:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: Invalid user user01 from 143.198.71.38
Oct 14 09:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: input_userauth_request: invalid user user01 [preauth]
Oct 14 09:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 09:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24020]: Failed password for invalid user akshat from 111.198.221.98 port 41902 ssh2
Oct 14 09:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24020]: Received disconnect from 111.198.221.98 port 41902:11: Bye Bye [preauth]
Oct 14 09:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24020]: Disconnected from 111.198.221.98 port 41902 [preauth]
Oct 14 09:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23347]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23996]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 09:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: Invalid user odoo17 from 45.41.207.223
Oct 14 09:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: input_userauth_request: invalid user odoo17 [preauth]
Oct 14 09:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 09:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: Failed password for invalid user user01 from 143.198.71.38 port 44406 ssh2
Oct 14 09:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: Received disconnect from 143.198.71.38 port 44406:11: Bye Bye [preauth]
Oct 14 09:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: Disconnected from 143.198.71.38 port 44406 [preauth]
Oct 14 09:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23996]: Failed password for invalid user user from 196.251.84.140 port 53616 ssh2
Oct 14 09:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: Failed password for invalid user odoo17 from 45.41.207.223 port 57314 ssh2
Oct 14 09:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: Received disconnect from 45.41.207.223 port 57314:11: Bye Bye [preauth]
Oct 14 09:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24050]: Disconnected from 45.41.207.223 port 57314 [preauth]
Oct 14 09:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23996]: Connection closed by 196.251.84.140 port 53616 [preauth]
Oct 14 09:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33  user=root
Oct 14 09:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: Failed password for root from 107.170.232.33 port 32052 ssh2
Oct 14 09:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: Received disconnect from 107.170.232.33 port 32052:11: Bye Bye [preauth]
Oct 14 09:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24077]: Disconnected from 107.170.232.33 port 32052 [preauth]
Oct 14 09:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24128]: Invalid user olivier from 187.33.251.218
Oct 14 09:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24128]: input_userauth_request: invalid user olivier [preauth]
Oct 14 09:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24128]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21868]: pam_unix(cron:session): session closed for user root
Oct 14 09:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24128]: Failed password for invalid user olivier from 187.33.251.218 port 32701 ssh2
Oct 14 09:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24128]: Received disconnect from 187.33.251.218 port 32701:11: Bye Bye [preauth]
Oct 14 09:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24128]: Disconnected from 187.33.251.218 port 32701 [preauth]
Oct 14 09:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.128.176  user=root
Oct 14 09:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: Failed password for root from 118.70.128.176 port 42263 ssh2
Oct 14 09:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: Received disconnect from 118.70.128.176 port 42263:11: Bye Bye [preauth]
Oct 14 09:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: Disconnected from 118.70.128.176 port 42263 [preauth]
Oct 14 09:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24235]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24234]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24233]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24232]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: Invalid user dev from 196.251.84.92
Oct 14 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: input_userauth_request: invalid user dev [preauth]
Oct 14 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24232]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24322]: Successful su for rubyman by root
Oct 14 09:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24322]: + ??? root:rubyman
Oct 14 09:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24322]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410393 of user rubyman.
Oct 14 09:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24322]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410393.
Oct 14 09:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: Failed password for invalid user dev from 196.251.84.92 port 40330 ssh2
Oct 14 09:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: Connection closed by 196.251.84.92 port 40330 [preauth]
Oct 14 09:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20330]: pam_unix(cron:session): session closed for user root
Oct 14 09:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24233]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24614]: User www-data from 34.57.181.41 not allowed because not listed in AllowUsers
Oct 14 09:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24614]: input_userauth_request: invalid user www-data [preauth]
Oct 14 09:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41  user=www-data
Oct 14 09:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24614]: Failed password for invalid user www-data from 34.57.181.41 port 47886 ssh2
Oct 14 09:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24614]: Received disconnect from 34.57.181.41 port 47886:11: Bye Bye [preauth]
Oct 14 09:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24614]: Disconnected from 34.57.181.41 port 47886 [preauth]
Oct 14 09:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22379]: pam_unix(cron:session): session closed for user root
Oct 14 09:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24704]: Invalid user robby from 123.58.196.44
Oct 14 09:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24704]: input_userauth_request: invalid user robby [preauth]
Oct 14 09:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24704]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44
Oct 14 09:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24710]: Invalid user admin from 107.170.232.33
Oct 14 09:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24710]: input_userauth_request: invalid user admin [preauth]
Oct 14 09:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24710]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33
Oct 14 09:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24704]: Failed password for invalid user robby from 123.58.196.44 port 56128 ssh2
Oct 14 09:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24704]: Received disconnect from 123.58.196.44 port 56128:11: Bye Bye [preauth]
Oct 14 09:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24704]: Disconnected from 123.58.196.44 port 56128 [preauth]
Oct 14 09:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24710]: Failed password for invalid user admin from 107.170.232.33 port 36886 ssh2
Oct 14 09:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24710]: Received disconnect from 107.170.232.33 port 36886:11: Bye Bye [preauth]
Oct 14 09:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24710]: Disconnected from 107.170.232.33 port 36886 [preauth]
Oct 14 09:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: Invalid user testuser from 45.41.207.223
Oct 14 09:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: input_userauth_request: invalid user testuser [preauth]
Oct 14 09:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 09:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: Failed password for invalid user testuser from 45.41.207.223 port 53650 ssh2
Oct 14 09:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: Received disconnect from 45.41.207.223 port 53650:11: Bye Bye [preauth]
Oct 14 09:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: Disconnected from 45.41.207.223 port 53650 [preauth]
Oct 14 09:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.125.77  user=root
Oct 14 09:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: Failed password for root from 118.70.125.77 port 16812 ssh2
Oct 14 09:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: Received disconnect from 118.70.125.77 port 16812:11: Bye Bye [preauth]
Oct 14 09:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: Disconnected from 118.70.125.77 port 16812 [preauth]
Oct 14 09:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Invalid user qclinux from 143.198.71.38
Oct 14 09:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: input_userauth_request: invalid user qclinux [preauth]
Oct 14 09:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 09:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Failed password for invalid user qclinux from 143.198.71.38 port 34350 ssh2
Oct 14 09:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Received disconnect from 143.198.71.38 port 34350:11: Bye Bye [preauth]
Oct 14 09:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Disconnected from 143.198.71.38 port 34350 [preauth]
Oct 14 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24769]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24765]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24767]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24761]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: Successful su for rubyman by root
Oct 14 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: + ??? root:rubyman
Oct 14 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410397 of user rubyman.
Oct 14 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410397.
Oct 14 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20842]: pam_unix(cron:session): session closed for user root
Oct 14 09:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24899]: Connection closed by 47.250.81.225 port 57498 [preauth]
Oct 14 09:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25064]: Invalid user developer from 196.251.84.92
Oct 14 09:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25064]: input_userauth_request: invalid user developer [preauth]
Oct 14 09:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25064]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24765]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25064]: Failed password for invalid user developer from 196.251.84.92 port 49110 ssh2
Oct 14 09:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25064]: Connection closed by 196.251.84.92 port 49110 [preauth]
Oct 14 09:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218  user=root
Oct 14 09:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25119]: Failed password for root from 187.33.251.218 port 9625 ssh2
Oct 14 09:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25119]: Received disconnect from 187.33.251.218 port 9625:11: Bye Bye [preauth]
Oct 14 09:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25119]: Disconnected from 187.33.251.218 port 9625 [preauth]
Oct 14 09:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25207]: Invalid user ai from 34.57.181.41
Oct 14 09:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25207]: input_userauth_request: invalid user ai [preauth]
Oct 14 09:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25207]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41
Oct 14 09:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23386]: pam_unix(cron:session): session closed for user root
Oct 14 09:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25207]: Failed password for invalid user ai from 34.57.181.41 port 52584 ssh2
Oct 14 09:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25207]: Received disconnect from 34.57.181.41 port 52584:11: Bye Bye [preauth]
Oct 14 09:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25207]: Disconnected from 34.57.181.41 port 52584 [preauth]
Oct 14 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25302]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25304]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25298]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25565]: Successful su for rubyman by root
Oct 14 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25565]: + ??? root:rubyman
Oct 14 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410401 of user rubyman.
Oct 14 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25565]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410401.
Oct 14 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33  user=root
Oct 14 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: Failed password for root from 107.170.232.33 port 42090 ssh2
Oct 14 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: Received disconnect from 107.170.232.33 port 42090:11: Bye Bye [preauth]
Oct 14 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: Disconnected from 107.170.232.33 port 42090 [preauth]
Oct 14 09:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25686]: Invalid user kibana from 118.70.125.77
Oct 14 09:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25686]: input_userauth_request: invalid user kibana [preauth]
Oct 14 09:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25686]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.125.77
Oct 14 09:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25686]: Failed password for invalid user kibana from 118.70.125.77 port 16809 ssh2
Oct 14 09:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21353]: pam_unix(cron:session): session closed for user root
Oct 14 09:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25686]: Received disconnect from 118.70.125.77 port 16809:11: Bye Bye [preauth]
Oct 14 09:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25686]: Disconnected from 118.70.125.77 port 16809 [preauth]
Oct 14 09:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25299]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: Invalid user jenkins from 45.41.207.223
Oct 14 09:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 09:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 09:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: Failed password for invalid user jenkins from 45.41.207.223 port 54918 ssh2
Oct 14 09:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: Received disconnect from 45.41.207.223 port 54918:11: Bye Bye [preauth]
Oct 14 09:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: Disconnected from 45.41.207.223 port 54918 [preauth]
Oct 14 09:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: Invalid user user from 196.251.84.140
Oct 14 09:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: input_userauth_request: invalid user user [preauth]
Oct 14 09:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 09:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38  user=root
Oct 14 09:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: Received disconnect from 193.46.255.20 port 38484:11:  [preauth]
Oct 14 09:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: Disconnected from 193.46.255.20 port 38484 [preauth]
Oct 14 09:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: Failed password for invalid user user from 196.251.84.140 port 48718 ssh2
Oct 14 09:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: Connection closed by 196.251.84.140 port 48718 [preauth]
Oct 14 09:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: Failed password for root from 143.198.71.38 port 45308 ssh2
Oct 14 09:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: Received disconnect from 143.198.71.38 port 45308:11: Bye Bye [preauth]
Oct 14 09:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: Disconnected from 143.198.71.38 port 45308 [preauth]
Oct 14 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: Invalid user developer from 196.251.84.92
Oct 14 09:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: input_userauth_request: invalid user developer [preauth]
Oct 14 09:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: Failed password for invalid user developer from 196.251.84.92 port 57640 ssh2
Oct 14 09:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25972]: Connection closed by 196.251.84.92 port 57640 [preauth]
Oct 14 09:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24235]: pam_unix(cron:session): session closed for user root
Oct 14 09:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41  user=root
Oct 14 09:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: Failed password for root from 34.57.181.41 port 57280 ssh2
Oct 14 09:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: Received disconnect from 34.57.181.41 port 57280:11: Bye Bye [preauth]
Oct 14 09:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26060]: Disconnected from 34.57.181.41 port 57280 [preauth]
Oct 14 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26074]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26076]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26071]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26144]: Successful su for rubyman by root
Oct 14 09:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26144]: + ??? root:rubyman
Oct 14 09:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26144]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410408 of user rubyman.
Oct 14 09:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26144]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410408.
Oct 14 09:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21867]: pam_unix(cron:session): session closed for user root
Oct 14 09:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218  user=root
Oct 14 09:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: Failed password for root from 187.33.251.218 port 46786 ssh2
Oct 14 09:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: Received disconnect from 187.33.251.218 port 46786:11: Bye Bye [preauth]
Oct 14 09:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: Disconnected from 187.33.251.218 port 46786 [preauth]
Oct 14 09:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26072]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33  user=root
Oct 14 09:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26509]: Failed password for root from 107.170.232.33 port 40118 ssh2
Oct 14 09:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26509]: Received disconnect from 107.170.232.33 port 40118:11: Bye Bye [preauth]
Oct 14 09:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26509]: Disconnected from 107.170.232.33 port 40118 [preauth]
Oct 14 09:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.250.81.225  user=root
Oct 14 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26541]: Failed password for root from 47.250.81.225 port 60520 ssh2
Oct 14 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26541]: Received disconnect from 47.250.81.225 port 60520:11: Bye Bye [preauth]
Oct 14 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26541]: Disconnected from 47.250.81.225 port 60520 [preauth]
Oct 14 09:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24769]: pam_unix(cron:session): session closed for user root
Oct 14 09:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: Invalid user developer from 196.251.84.92
Oct 14 09:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: input_userauth_request: invalid user developer [preauth]
Oct 14 09:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: Failed password for invalid user developer from 196.251.84.92 port 38372 ssh2
Oct 14 09:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26611]: Connection closed by 196.251.84.92 port 38372 [preauth]
Oct 14 09:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: Invalid user test1 from 45.41.207.223
Oct 14 09:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: input_userauth_request: invalid user test1 [preauth]
Oct 14 09:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 09:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: Failed password for invalid user test1 from 45.41.207.223 port 37184 ssh2
Oct 14 09:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: Received disconnect from 45.41.207.223 port 37184:11: Bye Bye [preauth]
Oct 14 09:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: Disconnected from 45.41.207.223 port 37184 [preauth]
Oct 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26645]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26647]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26644]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26643]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26647]: pam_unix(cron:session): session closed for user root
Oct 14 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26641]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26747]: Successful su for rubyman by root
Oct 14 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26747]: + ??? root:rubyman
Oct 14 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410410 of user rubyman.
Oct 14 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26747]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410410.
Oct 14 09:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26643]: pam_unix(cron:session): session closed for user root
Oct 14 09:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22378]: pam_unix(cron:session): session closed for user root
Oct 14 09:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26642]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.57.181.41  user=root
Oct 14 09:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: Invalid user  from 64.62.197.37
Oct 14 09:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: input_userauth_request: invalid user  [preauth]
Oct 14 09:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: Failed password for root from 34.57.181.41 port 33752 ssh2
Oct 14 09:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: Received disconnect from 34.57.181.41 port 33752:11: Bye Bye [preauth]
Oct 14 09:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: Disconnected from 34.57.181.41 port 33752 [preauth]
Oct 14 09:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27251]: Connection closed by 64.62.197.37 port 41051 [preauth]
Oct 14 09:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.128.176  user=root
Oct 14 09:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25304]: pam_unix(cron:session): session closed for user root
Oct 14 09:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27288]: Failed password for root from 118.70.128.176 port 42326 ssh2
Oct 14 09:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27288]: Received disconnect from 118.70.128.176 port 42326:11: Bye Bye [preauth]
Oct 14 09:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27288]: Disconnected from 118.70.128.176 port 42326 [preauth]
Oct 14 09:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: Invalid user django from 143.198.71.38
Oct 14 09:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: input_userauth_request: invalid user django [preauth]
Oct 14 09:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 09:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: Failed password for invalid user django from 143.198.71.38 port 46054 ssh2
Oct 14 09:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: Received disconnect from 143.198.71.38 port 46054:11: Bye Bye [preauth]
Oct 14 09:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27319]: Disconnected from 143.198.71.38 port 46054 [preauth]
Oct 14 09:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44  user=root
Oct 14 09:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27344]: Failed password for root from 123.58.196.44 port 39508 ssh2
Oct 14 09:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27344]: Received disconnect from 123.58.196.44 port 39508:11: Bye Bye [preauth]
Oct 14 09:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27344]: Disconnected from 123.58.196.44 port 39508 [preauth]
Oct 14 09:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: Invalid user spark from 107.170.232.33
Oct 14 09:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: input_userauth_request: invalid user spark [preauth]
Oct 14 09:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33
Oct 14 09:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: Failed password for invalid user spark from 107.170.232.33 port 60080 ssh2
Oct 14 09:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: Received disconnect from 107.170.232.33 port 60080:11: Bye Bye [preauth]
Oct 14 09:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: Disconnected from 107.170.232.33 port 60080 [preauth]
Oct 14 09:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: Invalid user admin from 2.57.121.25
Oct 14 09:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: input_userauth_request: invalid user admin [preauth]
Oct 14 09:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27405]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27404]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27402]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: Failed password for invalid user admin from 2.57.121.25 port 44798 ssh2
Oct 14 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27396]: Invalid user shin from 187.33.251.218
Oct 14 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27396]: input_userauth_request: invalid user shin [preauth]
Oct 14 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27396]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27502]: Successful su for rubyman by root
Oct 14 09:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27502]: + ??? root:rubyman
Oct 14 09:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410417 of user rubyman.
Oct 14 09:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27502]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410417.
Oct 14 09:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: Failed password for invalid user admin from 2.57.121.25 port 44798 ssh2
Oct 14 09:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27396]: Failed password for invalid user shin from 187.33.251.218 port 16513 ssh2
Oct 14 09:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27396]: Received disconnect from 187.33.251.218 port 16513:11: Bye Bye [preauth]
Oct 14 09:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27396]: Disconnected from 187.33.251.218 port 16513 [preauth]
Oct 14 09:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: Failed password for invalid user admin from 2.57.121.25 port 44798 ssh2
Oct 14 09:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: Failed password for invalid user admin from 2.57.121.25 port 44798 ssh2
Oct 14 09:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27888]: Invalid user developer from 196.251.84.92
Oct 14 09:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27888]: input_userauth_request: invalid user developer [preauth]
Oct 14 09:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27888]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: Failed password for invalid user admin from 2.57.121.25 port 44798 ssh2
Oct 14 09:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: Received disconnect from 2.57.121.25 port 44798:11: Bye [preauth]
Oct 14 09:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: Disconnected from 2.57.121.25 port 44798 [preauth]
Oct 14 09:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 09:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27394]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 09:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27888]: Failed password for invalid user developer from 196.251.84.92 port 46772 ssh2
Oct 14 09:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27888]: Connection closed by 196.251.84.92 port 46772 [preauth]
Oct 14 09:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23350]: pam_unix(cron:session): session closed for user root
Oct 14 09:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27403]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: Connection reset by 198.235.24.46 port 61190 [preauth]
Oct 14 09:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: Invalid user dspace from 45.41.207.223
Oct 14 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: input_userauth_request: invalid user dspace [preauth]
Oct 14 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28065]: Invalid user user from 196.251.84.140
Oct 14 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28065]: input_userauth_request: invalid user user [preauth]
Oct 14 09:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28065]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 09:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: Failed password for invalid user dspace from 45.41.207.223 port 37814 ssh2
Oct 14 09:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: Received disconnect from 45.41.207.223 port 37814:11: Bye Bye [preauth]
Oct 14 09:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: Disconnected from 45.41.207.223 port 37814 [preauth]
Oct 14 09:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28065]: Failed password for invalid user user from 196.251.84.140 port 40778 ssh2
Oct 14 09:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28065]: Connection closed by 196.251.84.140 port 40778 [preauth]
Oct 14 09:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26076]: pam_unix(cron:session): session closed for user root
Oct 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28205]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28204]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28199]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28199]: pam_unix(cron:session): session closed for user root
Oct 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28201]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28272]: Successful su for rubyman by root
Oct 14 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28272]: + ??? root:rubyman
Oct 14 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28272]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410422 of user rubyman.
Oct 14 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28272]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410422.
Oct 14 09:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 09:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: Invalid user abas from 107.170.232.33
Oct 14 09:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: input_userauth_request: invalid user abas [preauth]
Oct 14 09:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: Connection closed by 47.250.81.225 port 35308 [preauth]
Oct 14 09:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33
Oct 14 09:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24234]: pam_unix(cron:session): session closed for user root
Oct 14 09:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28356]: Failed password for root from 80.211.129.128 port 53386 ssh2
Oct 14 09:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28356]: Connection closed by 80.211.129.128 port 53386 [preauth]
Oct 14 09:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: Failed password for invalid user abas from 107.170.232.33 port 43914 ssh2
Oct 14 09:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: Received disconnect from 107.170.232.33 port 43914:11: Bye Bye [preauth]
Oct 14 09:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: Disconnected from 107.170.232.33 port 43914 [preauth]
Oct 14 09:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28203]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28773]: Invalid user client from 143.198.71.38
Oct 14 09:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28773]: input_userauth_request: invalid user client [preauth]
Oct 14 09:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28773]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 09:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28773]: Failed password for invalid user client from 143.198.71.38 port 52140 ssh2
Oct 14 09:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28773]: Received disconnect from 143.198.71.38 port 52140:11: Bye Bye [preauth]
Oct 14 09:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28773]: Disconnected from 143.198.71.38 port 52140 [preauth]
Oct 14 09:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Invalid user developer from 196.251.84.92
Oct 14 09:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: input_userauth_request: invalid user developer [preauth]
Oct 14 09:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Failed password for invalid user developer from 196.251.84.92 port 55304 ssh2
Oct 14 09:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Connection closed by 196.251.84.92 port 55304 [preauth]
Oct 14 09:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26645]: pam_unix(cron:session): session closed for user root
Oct 14 09:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: Invalid user miriam from 187.33.251.218
Oct 14 09:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: input_userauth_request: invalid user miriam [preauth]
Oct 14 09:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: Failed password for invalid user miriam from 187.33.251.218 port 62163 ssh2
Oct 14 09:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: Received disconnect from 187.33.251.218 port 62163:11: Bye Bye [preauth]
Oct 14 09:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28891]: Disconnected from 187.33.251.218 port 62163 [preauth]
Oct 14 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29020]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29024]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29019]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29018]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29122]: Successful su for rubyman by root
Oct 14 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29122]: + ??? root:rubyman
Oct 14 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410425 of user rubyman.
Oct 14 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29122]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410425.
Oct 14 09:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29206]: Invalid user ali from 45.41.207.223
Oct 14 09:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29206]: input_userauth_request: invalid user ali [preauth]
Oct 14 09:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29206]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 09:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29206]: Failed password for invalid user ali from 45.41.207.223 port 50952 ssh2
Oct 14 09:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29206]: Received disconnect from 45.41.207.223 port 50952:11: Bye Bye [preauth]
Oct 14 09:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29206]: Disconnected from 45.41.207.223 port 50952 [preauth]
Oct 14 09:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24767]: pam_unix(cron:session): session closed for user root
Oct 14 09:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29019]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33  user=root
Oct 14 09:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: Failed password for root from 107.170.232.33 port 60600 ssh2
Oct 14 09:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: Received disconnect from 107.170.232.33 port 60600:11: Bye Bye [preauth]
Oct 14 09:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29407]: Disconnected from 107.170.232.33 port 60600 [preauth]
Oct 14 09:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27405]: pam_unix(cron:session): session closed for user root
Oct 14 09:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: Invalid user developer from 196.251.84.92
Oct 14 09:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: input_userauth_request: invalid user developer [preauth]
Oct 14 09:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: Failed password for invalid user developer from 196.251.84.92 port 35798 ssh2
Oct 14 09:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: Connection closed by 196.251.84.92 port 35798 [preauth]
Oct 14 09:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38  user=root
Oct 14 09:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29533]: Failed password for root from 143.198.71.38 port 47086 ssh2
Oct 14 09:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29533]: Received disconnect from 143.198.71.38 port 47086:11: Bye Bye [preauth]
Oct 14 09:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29533]: Disconnected from 143.198.71.38 port 47086 [preauth]
Oct 14 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29550]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29551]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29548]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29633]: Successful su for rubyman by root
Oct 14 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29633]: + ??? root:rubyman
Oct 14 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410428 of user rubyman.
Oct 14 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29633]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410428.
Oct 14 09:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25302]: pam_unix(cron:session): session closed for user root
Oct 14 09:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29549]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29956]: Invalid user ubuntu from 187.33.251.218
Oct 14 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29956]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29956]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: Invalid user testor from 190.103.202.7
Oct 14 09:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: input_userauth_request: invalid user testor [preauth]
Oct 14 09:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 14 09:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29956]: Failed password for invalid user ubuntu from 187.33.251.218 port 38634 ssh2
Oct 14 09:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29956]: Received disconnect from 187.33.251.218 port 38634:11: Bye Bye [preauth]
Oct 14 09:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29956]: Disconnected from 187.33.251.218 port 38634 [preauth]
Oct 14 09:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: Failed password for invalid user testor from 190.103.202.7 port 42540 ssh2
Oct 14 09:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: Connection closed by 190.103.202.7 port 42540 [preauth]
Oct 14 09:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28205]: pam_unix(cron:session): session closed for user root
Oct 14 09:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: Invalid user admin from 107.170.232.33
Oct 14 09:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: input_userauth_request: invalid user admin [preauth]
Oct 14 09:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33
Oct 14 09:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29963]: Invalid user user from 196.251.84.140
Oct 14 09:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29963]: input_userauth_request: invalid user user [preauth]
Oct 14 09:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29963]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 09:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: Invalid user agent from 45.41.207.223
Oct 14 09:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: input_userauth_request: invalid user agent [preauth]
Oct 14 09:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 09:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29951]: Connection closed by 47.250.81.225 port 38320 [preauth]
Oct 14 09:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: Failed password for invalid user admin from 107.170.232.33 port 18344 ssh2
Oct 14 09:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: Received disconnect from 107.170.232.33 port 18344:11: Bye Bye [preauth]
Oct 14 09:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29997]: Disconnected from 107.170.232.33 port 18344 [preauth]
Oct 14 09:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29963]: Failed password for invalid user user from 196.251.84.140 port 34160 ssh2
Oct 14 09:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: Failed password for invalid user agent from 45.41.207.223 port 57878 ssh2
Oct 14 09:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29963]: Connection closed by 196.251.84.140 port 34160 [preauth]
Oct 14 09:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: Received disconnect from 45.41.207.223 port 57878:11: Bye Bye [preauth]
Oct 14 09:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: Disconnected from 45.41.207.223 port 57878 [preauth]
Oct 14 09:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30015]: Invalid user csgoserver from 123.58.196.44
Oct 14 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30015]: input_userauth_request: invalid user csgoserver [preauth]
Oct 14 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30015]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44
Oct 14 09:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30015]: Failed password for invalid user csgoserver from 123.58.196.44 port 42814 ssh2
Oct 14 09:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30015]: Received disconnect from 123.58.196.44 port 42814:11: Bye Bye [preauth]
Oct 14 09:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30015]: Disconnected from 123.58.196.44 port 42814 [preauth]
Oct 14 09:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Invalid user snipe from 111.198.221.98
Oct 14 09:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: input_userauth_request: invalid user snipe [preauth]
Oct 14 09:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.198.221.98
Oct 14 09:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Failed password for invalid user snipe from 111.198.221.98 port 53582 ssh2
Oct 14 09:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Received disconnect from 111.198.221.98 port 53582:11: Bye Bye [preauth]
Oct 14 09:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Disconnected from 111.198.221.98 port 53582 [preauth]
Oct 14 09:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Invalid user developer from 196.251.84.92
Oct 14 09:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: input_userauth_request: invalid user developer [preauth]
Oct 14 09:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Failed password for invalid user developer from 196.251.84.92 port 44252 ssh2
Oct 14 09:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30062]: Connection closed by 196.251.84.92 port 44252 [preauth]
Oct 14 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30085]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30083]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30082]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30084]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30085]: pam_unix(cron:session): session closed for user root
Oct 14 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30080]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30171]: Successful su for rubyman by root
Oct 14 09:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30171]: + ??? root:rubyman
Oct 14 09:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30171]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410432 of user rubyman.
Oct 14 09:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30171]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410432.
Oct 14 09:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26074]: pam_unix(cron:session): session closed for user root
Oct 14 09:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30082]: pam_unix(cron:session): session closed for user root
Oct 14 09:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30081]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29024]: pam_unix(cron:session): session closed for user root
Oct 14 09:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: Invalid user debian from 143.198.71.38
Oct 14 09:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: input_userauth_request: invalid user debian [preauth]
Oct 14 09:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 09:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: Failed password for invalid user debian from 143.198.71.38 port 35390 ssh2
Oct 14 09:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: Received disconnect from 143.198.71.38 port 35390:11: Bye Bye [preauth]
Oct 14 09:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: Disconnected from 143.198.71.38 port 35390 [preauth]
Oct 14 09:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124  user=root
Oct 14 09:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: Failed password for root from 138.68.58.124 port 39098 ssh2
Oct 14 09:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: Connection closed by 138.68.58.124 port 39098 [preauth]
Oct 14 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30723]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30722]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30720]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33  user=root
Oct 14 09:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30798]: Successful su for rubyman by root
Oct 14 09:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30798]: + ??? root:rubyman
Oct 14 09:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410438 of user rubyman.
Oct 14 09:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30798]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410438.
Oct 14 09:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: Failed password for root from 107.170.232.33 port 47452 ssh2
Oct 14 09:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: Received disconnect from 107.170.232.33 port 47452:11: Bye Bye [preauth]
Oct 14 09:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30725]: Disconnected from 107.170.232.33 port 47452 [preauth]
Oct 14 09:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26644]: pam_unix(cron:session): session closed for user root
Oct 14 09:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30978]: Invalid user developer from 196.251.84.92
Oct 14 09:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30978]: input_userauth_request: invalid user developer [preauth]
Oct 14 09:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30978]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30978]: Failed password for invalid user developer from 196.251.84.92 port 52698 ssh2
Oct 14 09:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30978]: Connection closed by 196.251.84.92 port 52698 [preauth]
Oct 14 09:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30721]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: Invalid user radio from 45.41.207.223
Oct 14 09:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: input_userauth_request: invalid user radio [preauth]
Oct 14 09:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 09:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218  user=root
Oct 14 09:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: Failed password for invalid user radio from 45.41.207.223 port 59302 ssh2
Oct 14 09:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: Received disconnect from 45.41.207.223 port 59302:11: Bye Bye [preauth]
Oct 14 09:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31080]: Disconnected from 45.41.207.223 port 59302 [preauth]
Oct 14 09:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: Failed password for root from 187.33.251.218 port 31574 ssh2
Oct 14 09:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: Received disconnect from 187.33.251.218 port 31574:11: Bye Bye [preauth]
Oct 14 09:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: Disconnected from 187.33.251.218 port 31574 [preauth]
Oct 14 09:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29551]: pam_unix(cron:session): session closed for user root
Oct 14 09:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31219]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31217]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31215]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31215]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31288]: Successful su for rubyman by root
Oct 14 09:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31288]: + ??? root:rubyman
Oct 14 09:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410443 of user rubyman.
Oct 14 09:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31288]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410443.
Oct 14 09:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27404]: pam_unix(cron:session): session closed for user root
Oct 14 09:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31216]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31698]: Invalid user bella from 107.170.232.33
Oct 14 09:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31698]: input_userauth_request: invalid user bella [preauth]
Oct 14 09:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31698]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33
Oct 14 09:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Invalid user ali from 143.198.71.38
Oct 14 09:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: input_userauth_request: invalid user ali [preauth]
Oct 14 09:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 09:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31698]: Failed password for invalid user bella from 107.170.232.33 port 64106 ssh2
Oct 14 09:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31698]: Received disconnect from 107.170.232.33 port 64106:11: Bye Bye [preauth]
Oct 14 09:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31698]: Disconnected from 107.170.232.33 port 64106 [preauth]
Oct 14 09:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Failed password for invalid user ali from 143.198.71.38 port 57012 ssh2
Oct 14 09:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Received disconnect from 143.198.71.38 port 57012:11: Bye Bye [preauth]
Oct 14 09:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Disconnected from 143.198.71.38 port 57012 [preauth]
Oct 14 09:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: Invalid user developer from 196.251.84.92
Oct 14 09:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: input_userauth_request: invalid user developer [preauth]
Oct 14 09:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: Failed password for invalid user developer from 196.251.84.92 port 32936 ssh2
Oct 14 09:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: Connection closed by 196.251.84.92 port 32936 [preauth]
Oct 14 09:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30084]: pam_unix(cron:session): session closed for user root
Oct 14 09:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31775]: Invalid user user from 196.251.84.140
Oct 14 09:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31775]: input_userauth_request: invalid user user [preauth]
Oct 14 09:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31775]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 09:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31775]: Failed password for invalid user user from 196.251.84.140 port 53892 ssh2
Oct 14 09:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31775]: Connection closed by 196.251.84.140 port 53892 [preauth]
Oct 14 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31823]: Invalid user user1 from 45.41.207.223
Oct 14 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31823]: input_userauth_request: invalid user user1 [preauth]
Oct 14 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31823]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 09:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31823]: Failed password for invalid user user1 from 45.41.207.223 port 49108 ssh2
Oct 14 09:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31823]: Received disconnect from 45.41.207.223 port 49108:11: Bye Bye [preauth]
Oct 14 09:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31823]: Disconnected from 45.41.207.223 port 49108 [preauth]
Oct 14 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31840]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31839]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31836]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31906]: Successful su for rubyman by root
Oct 14 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31906]: + ??? root:rubyman
Oct 14 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410447 of user rubyman.
Oct 14 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31906]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410447.
Oct 14 09:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28204]: pam_unix(cron:session): session closed for user root
Oct 14 09:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218  user=root
Oct 14 09:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: Failed password for root from 187.33.251.218 port 55342 ssh2
Oct 14 09:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: Received disconnect from 187.33.251.218 port 55342:11: Bye Bye [preauth]
Oct 14 09:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: Disconnected from 187.33.251.218 port 55342 [preauth]
Oct 14 09:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31838]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33  user=root
Oct 14 09:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30723]: pam_unix(cron:session): session closed for user root
Oct 14 09:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: Failed password for root from 107.170.232.33 port 15480 ssh2
Oct 14 09:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: Received disconnect from 107.170.232.33 port 15480:11: Bye Bye [preauth]
Oct 14 09:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: Disconnected from 107.170.232.33 port 15480 [preauth]
Oct 14 09:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Invalid user developer from 196.251.84.92
Oct 14 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: input_userauth_request: invalid user developer [preauth]
Oct 14 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Failed password for invalid user developer from 196.251.84.92 port 41356 ssh2
Oct 14 09:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Connection closed by 196.251.84.92 port 41356 [preauth]
Oct 14 09:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: Invalid user dspace from 143.198.71.38
Oct 14 09:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: input_userauth_request: invalid user dspace [preauth]
Oct 14 09:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32388]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32389]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32386]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: Failed password for invalid user dspace from 143.198.71.38 port 37968 ssh2
Oct 14 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: Received disconnect from 143.198.71.38 port 37968:11: Bye Bye [preauth]
Oct 14 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32380]: Disconnected from 143.198.71.38 port 37968 [preauth]
Oct 14 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32465]: Successful su for rubyman by root
Oct 14 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32465]: + ??? root:rubyman
Oct 14 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410453 of user rubyman.
Oct 14 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32465]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410453.
Oct 14 09:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29020]: pam_unix(cron:session): session closed for user root
Oct 14 09:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32387]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32719]: Invalid user test01 from 47.250.81.225
Oct 14 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32719]: input_userauth_request: invalid user test01 [preauth]
Oct 14 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32719]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.250.81.225
Oct 14 09:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: Invalid user odoo17 from 45.41.207.223
Oct 14 09:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: input_userauth_request: invalid user odoo17 [preauth]
Oct 14 09:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 09:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32719]: Failed password for invalid user test01 from 47.250.81.225 port 44348 ssh2
Oct 14 09:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32719]: Received disconnect from 47.250.81.225 port 44348:11: Bye Bye [preauth]
Oct 14 09:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32719]: Disconnected from 47.250.81.225 port 44348 [preauth]
Oct 14 09:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: Failed password for invalid user odoo17 from 45.41.207.223 port 46022 ssh2
Oct 14 09:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: Received disconnect from 45.41.207.223 port 46022:11: Bye Bye [preauth]
Oct 14 09:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32726]: Disconnected from 45.41.207.223 port 46022 [preauth]
Oct 14 09:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31219]: pam_unix(cron:session): session closed for user root
Oct 14 09:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: Invalid user nagios from 187.33.251.218
Oct 14 09:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: input_userauth_request: invalid user nagios [preauth]
Oct 14 09:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: Failed password for invalid user nagios from 187.33.251.218 port 42946 ssh2
Oct 14 09:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: Received disconnect from 187.33.251.218 port 42946:11: Bye Bye [preauth]
Oct 14 09:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: Disconnected from 187.33.251.218 port 42946 [preauth]
Oct 14 09:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33  user=root
Oct 14 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[390]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[387]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[391]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[392]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[392]: pam_unix(cron:session): session closed for user root
Oct 14 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[385]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: Failed password for root from 107.170.232.33 port 30450 ssh2
Oct 14 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: Received disconnect from 107.170.232.33 port 30450:11: Bye Bye [preauth]
Oct 14 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: Disconnected from 107.170.232.33 port 30450 [preauth]
Oct 14 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[473]: Invalid user developer from 196.251.84.92
Oct 14 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[473]: input_userauth_request: invalid user developer [preauth]
Oct 14 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[473]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[487]: Successful su for rubyman by root
Oct 14 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[487]: + ??? root:rubyman
Oct 14 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[487]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410454 of user rubyman.
Oct 14 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[487]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410454.
Oct 14 09:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[473]: Failed password for invalid user developer from 196.251.84.92 port 49702 ssh2
Oct 14 09:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[473]: Connection closed by 196.251.84.92 port 49702 [preauth]
Oct 14 09:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[387]: pam_unix(cron:session): session closed for user root
Oct 14 09:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29550]: pam_unix(cron:session): session closed for user root
Oct 14 09:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[386]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: Invalid user devops from 143.198.71.38
Oct 14 09:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: input_userauth_request: invalid user devops [preauth]
Oct 14 09:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 09:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: Failed password for invalid user devops from 143.198.71.38 port 47318 ssh2
Oct 14 09:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: Received disconnect from 143.198.71.38 port 47318:11: Bye Bye [preauth]
Oct 14 09:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[814]: Disconnected from 143.198.71.38 port 47318 [preauth]
Oct 14 09:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31840]: pam_unix(cron:session): session closed for user root
Oct 14 09:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: Invalid user ubuntu from 123.58.196.44
Oct 14 09:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 09:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44
Oct 14 09:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: Failed password for invalid user ubuntu from 123.58.196.44 port 53708 ssh2
Oct 14 09:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: Received disconnect from 123.58.196.44 port 53708:11: Bye Bye [preauth]
Oct 14 09:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: Disconnected from 123.58.196.44 port 53708 [preauth]
Oct 14 09:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[902]: Invalid user user from 196.251.84.140
Oct 14 09:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[902]: input_userauth_request: invalid user user [preauth]
Oct 14 09:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[902]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 09:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[902]: Failed password for invalid user user from 196.251.84.140 port 47840 ssh2
Oct 14 09:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[902]: Connection closed by 196.251.84.140 port 47840 [preauth]
Oct 14 09:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[942]: Invalid user tempuser from 45.41.207.223
Oct 14 09:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[942]: input_userauth_request: invalid user tempuser [preauth]
Oct 14 09:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[942]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223
Oct 14 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[965]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[966]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[960]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[942]: Failed password for invalid user tempuser from 45.41.207.223 port 40334 ssh2
Oct 14 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[942]: Received disconnect from 45.41.207.223 port 40334:11: Bye Bye [preauth]
Oct 14 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[942]: Disconnected from 45.41.207.223 port 40334 [preauth]
Oct 14 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1079]: Successful su for rubyman by root
Oct 14 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1079]: + ??? root:rubyman
Oct 14 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410463 of user rubyman.
Oct 14 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1079]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410463.
Oct 14 09:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30083]: pam_unix(cron:session): session closed for user root
Oct 14 09:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[961]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.248.35.196  user=root
Oct 14 09:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: User john from 107.170.232.33 not allowed because not listed in AllowUsers
Oct 14 09:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: input_userauth_request: invalid user john [preauth]
Oct 14 09:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33  user=john
Oct 14 09:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: Invalid user developer from 196.251.84.92
Oct 14 09:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: input_userauth_request: invalid user developer [preauth]
Oct 14 09:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1321]: Failed password for root from 220.248.35.196 port 48118 ssh2
Oct 14 09:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1321]: Received disconnect from 220.248.35.196 port 48118:11: Bye Bye [preauth]
Oct 14 09:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1321]: Disconnected from 220.248.35.196 port 48118 [preauth]
Oct 14 09:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: Failed password for invalid user john from 107.170.232.33 port 39230 ssh2
Oct 14 09:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: Received disconnect from 107.170.232.33 port 39230:11: Bye Bye [preauth]
Oct 14 09:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1341]: Disconnected from 107.170.232.33 port 39230 [preauth]
Oct 14 09:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: Failed password for invalid user developer from 196.251.84.92 port 58256 ssh2
Oct 14 09:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: Connection closed by 196.251.84.92 port 58256 [preauth]
Oct 14 09:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32389]: pam_unix(cron:session): session closed for user root
Oct 14 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: Invalid user akshat from 187.33.251.218
Oct 14 09:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: input_userauth_request: invalid user akshat [preauth]
Oct 14 09:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: Failed password for invalid user akshat from 187.33.251.218 port 45641 ssh2
Oct 14 09:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: Received disconnect from 187.33.251.218 port 45641:11: Bye Bye [preauth]
Oct 14 09:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: Disconnected from 187.33.251.218 port 45641 [preauth]
Oct 14 09:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: Invalid user jboss from 47.250.81.225
Oct 14 09:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: input_userauth_request: invalid user jboss [preauth]
Oct 14 09:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.250.81.225
Oct 14 09:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: Failed password for invalid user jboss from 47.250.81.225 port 47362 ssh2
Oct 14 09:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: Received disconnect from 47.250.81.225 port 47362:11: Bye Bye [preauth]
Oct 14 09:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: Disconnected from 47.250.81.225 port 47362 [preauth]
Oct 14 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1521]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1520]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1518]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1588]: Successful su for rubyman by root
Oct 14 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1588]: + ??? root:rubyman
Oct 14 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410464 of user rubyman.
Oct 14 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1588]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410464.
Oct 14 09:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30722]: pam_unix(cron:session): session closed for user root
Oct 14 09:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: Invalid user test01 from 143.198.71.38
Oct 14 09:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: input_userauth_request: invalid user test01 [preauth]
Oct 14 09:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 09:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1519]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: Failed password for invalid user test01 from 143.198.71.38 port 60068 ssh2
Oct 14 09:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: Received disconnect from 143.198.71.38 port 60068:11: Bye Bye [preauth]
Oct 14 09:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: Disconnected from 143.198.71.38 port 60068 [preauth]
Oct 14 09:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.41.207.223  user=root
Oct 14 09:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2013]: Failed password for root from 45.41.207.223 port 52766 ssh2
Oct 14 09:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2013]: Received disconnect from 45.41.207.223 port 52766:11: Bye Bye [preauth]
Oct 14 09:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2013]: Disconnected from 45.41.207.223 port 52766 [preauth]
Oct 14 09:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Invalid user developer from 196.251.84.92
Oct 14 09:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: input_userauth_request: invalid user developer [preauth]
Oct 14 09:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.92
Oct 14 09:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: Invalid user cheeki from 107.170.232.33
Oct 14 09:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: input_userauth_request: invalid user cheeki [preauth]
Oct 14 09:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33
Oct 14 09:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Failed password for invalid user developer from 196.251.84.92 port 38298 ssh2
Oct 14 09:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Connection closed by 196.251.84.92 port 38298 [preauth]
Oct 14 09:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: Failed password for invalid user cheeki from 107.170.232.33 port 15230 ssh2
Oct 14 09:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: Received disconnect from 107.170.232.33 port 15230:11: Bye Bye [preauth]
Oct 14 09:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: Disconnected from 107.170.232.33 port 15230 [preauth]
Oct 14 09:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[391]: pam_unix(cron:session): session closed for user root
Oct 14 09:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: Invalid user chenlei from 123.58.196.44
Oct 14 09:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: input_userauth_request: invalid user chenlei [preauth]
Oct 14 09:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44
Oct 14 09:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: Failed password for invalid user chenlei from 123.58.196.44 port 34906 ssh2
Oct 14 09:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: Received disconnect from 123.58.196.44 port 34906:11: Bye Bye [preauth]
Oct 14 09:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: Disconnected from 123.58.196.44 port 34906 [preauth]
Oct 14 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2108]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2106]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2104]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2189]: Successful su for rubyman by root
Oct 14 09:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2189]: + ??? root:rubyman
Oct 14 09:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410468 of user rubyman.
Oct 14 09:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2189]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410468.
Oct 14 09:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31217]: pam_unix(cron:session): session closed for user root
Oct 14 09:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2105]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[966]: pam_unix(cron:session): session closed for user root
Oct 14 09:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218  user=root
Oct 14 09:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: Failed password for root from 187.33.251.218 port 36654 ssh2
Oct 14 09:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: Received disconnect from 187.33.251.218 port 36654:11: Bye Bye [preauth]
Oct 14 09:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2502]: Disconnected from 187.33.251.218 port 36654 [preauth]
Oct 14 09:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: Invalid user user1 from 143.198.71.38
Oct 14 09:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: input_userauth_request: invalid user user1 [preauth]
Oct 14 09:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 09:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: Failed password for invalid user user1 from 143.198.71.38 port 41030 ssh2
Oct 14 09:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: Received disconnect from 143.198.71.38 port 41030:11: Bye Bye [preauth]
Oct 14 09:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: Disconnected from 143.198.71.38 port 41030 [preauth]
Oct 14 09:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Invalid user user4 from 107.170.232.33
Oct 14 09:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: input_userauth_request: invalid user user4 [preauth]
Oct 14 09:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33
Oct 14 09:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Failed password for invalid user user4 from 107.170.232.33 port 10674 ssh2
Oct 14 09:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Received disconnect from 107.170.232.33 port 10674:11: Bye Bye [preauth]
Oct 14 09:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Disconnected from 107.170.232.33 port 10674 [preauth]
Oct 14 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2560]: Invalid user user from 196.251.84.140
Oct 14 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2560]: input_userauth_request: invalid user user [preauth]
Oct 14 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2578]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2576]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2577]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2575]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2575]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2560]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2640]: Successful su for rubyman by root
Oct 14 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2640]: + ??? root:rubyman
Oct 14 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410472 of user rubyman.
Oct 14 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2640]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410472.
Oct 14 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2560]: Failed password for invalid user user from 196.251.84.140 port 39890 ssh2
Oct 14 09:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2560]: Connection closed by 196.251.84.140 port 39890 [preauth]
Oct 14 09:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31839]: pam_unix(cron:session): session closed for user root
Oct 14 09:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2576]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: Invalid user afzal from 111.198.221.98
Oct 14 09:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: input_userauth_request: invalid user afzal [preauth]
Oct 14 09:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.198.221.98
Oct 14 09:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: Failed password for invalid user afzal from 111.198.221.98 port 37028 ssh2
Oct 14 09:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: Received disconnect from 111.198.221.98 port 37028:11: Bye Bye [preauth]
Oct 14 09:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: Disconnected from 111.198.221.98 port 37028 [preauth]
Oct 14 09:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1521]: pam_unix(cron:session): session closed for user root
Oct 14 09:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Connection closed by 123.58.196.44 port 33736 [preauth]
Oct 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3026]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3028]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3025]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3027]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3028]: pam_unix(cron:session): session closed for user root
Oct 14 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3023]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[3102]: Successful su for rubyman by root
Oct 14 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[3102]: + ??? root:rubyman
Oct 14 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[3102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410479 of user rubyman.
Oct 14 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[3102]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410479.
Oct 14 09:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3025]: pam_unix(cron:session): session closed for user root
Oct 14 09:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33  user=root
Oct 14 09:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32388]: pam_unix(cron:session): session closed for user root
Oct 14 09:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3238]: Failed password for root from 107.170.232.33 port 63126 ssh2
Oct 14 09:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3238]: Received disconnect from 107.170.232.33 port 63126:11: Bye Bye [preauth]
Oct 14 09:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3238]: Disconnected from 107.170.232.33 port 63126 [preauth]
Oct 14 09:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3024]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: Invalid user paolo from 187.33.251.218
Oct 14 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: input_userauth_request: invalid user paolo [preauth]
Oct 14 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: Failed password for invalid user paolo from 187.33.251.218 port 58868 ssh2
Oct 14 09:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: Received disconnect from 187.33.251.218 port 58868:11: Bye Bye [preauth]
Oct 14 09:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: Disconnected from 187.33.251.218 port 58868 [preauth]
Oct 14 09:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: Invalid user weblogic from 143.198.71.38
Oct 14 09:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: input_userauth_request: invalid user weblogic [preauth]
Oct 14 09:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.71.38
Oct 14 09:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: Failed password for invalid user weblogic from 143.198.71.38 port 40918 ssh2
Oct 14 09:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: Received disconnect from 143.198.71.38 port 40918:11: Bye Bye [preauth]
Oct 14 09:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3400]: Disconnected from 143.198.71.38 port 40918 [preauth]
Oct 14 09:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2108]: pam_unix(cron:session): session closed for user root
Oct 14 09:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 14 09:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: Invalid user minecraft from 190.103.202.7
Oct 14 09:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 09:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 14 09:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3500]: Failed password for root from 62.60.131.157 port 63084 ssh2
Oct 14 09:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: Failed password for invalid user minecraft from 190.103.202.7 port 57570 ssh2
Oct 14 09:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: Connection closed by 190.103.202.7 port 57570 [preauth]
Oct 14 09:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3500]: Failed password for root from 62.60.131.157 port 63084 ssh2
Oct 14 09:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3500]: Failed password for root from 62.60.131.157 port 63084 ssh2
Oct 14 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3528]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3527]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3525]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3604]: Successful su for rubyman by root
Oct 14 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3604]: + ??? root:rubyman
Oct 14 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3500]: Failed password for root from 62.60.131.157 port 63084 ssh2
Oct 14 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410484 of user rubyman.
Oct 14 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3604]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410484.
Oct 14 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3500]: Failed password for root from 62.60.131.157 port 63084 ssh2
Oct 14 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3500]: Received disconnect from 62.60.131.157 port 63084:11: Bye [preauth]
Oct 14 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3500]: Disconnected from 62.60.131.157 port 63084 [preauth]
Oct 14 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3500]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 14 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3500]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 09:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[390]: pam_unix(cron:session): session closed for user root
Oct 14 09:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3526]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33  user=root
Oct 14 09:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3867]: Failed password for root from 107.170.232.33 port 17914 ssh2
Oct 14 09:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3867]: Received disconnect from 107.170.232.33 port 17914:11: Bye Bye [preauth]
Oct 14 09:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3867]: Disconnected from 107.170.232.33 port 17914 [preauth]
Oct 14 09:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2578]: pam_unix(cron:session): session closed for user root
Oct 14 09:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3982]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3983]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3980]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3980]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4058]: Successful su for rubyman by root
Oct 14 09:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4058]: + ??? root:rubyman
Oct 14 09:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410486 of user rubyman.
Oct 14 09:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4058]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410486.
Oct 14 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Invalid user user from 196.251.84.140
Oct 14 09:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: input_userauth_request: invalid user user [preauth]
Oct 14 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: Invalid user debian from 187.33.251.218
Oct 14 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: input_userauth_request: invalid user debian [preauth]
Oct 14 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[965]: pam_unix(cron:session): session closed for user root
Oct 14 09:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Failed password for invalid user user from 196.251.84.140 port 37068 ssh2
Oct 14 09:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: Failed password for invalid user debian from 187.33.251.218 port 54191 ssh2
Oct 14 09:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: Received disconnect from 187.33.251.218 port 54191:11: Bye Bye [preauth]
Oct 14 09:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4281]: Disconnected from 187.33.251.218 port 54191 [preauth]
Oct 14 09:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Connection closed by 196.251.84.140 port 37068 [preauth]
Oct 14 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3981]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3027]: pam_unix(cron:session): session closed for user root
Oct 14 09:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33  user=root
Oct 14 09:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4447]: Failed password for root from 107.170.232.33 port 58942 ssh2
Oct 14 09:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4447]: Received disconnect from 107.170.232.33 port 58942:11: Bye Bye [preauth]
Oct 14 09:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4447]: Disconnected from 107.170.232.33 port 58942 [preauth]
Oct 14 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4493]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4494]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4490]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4572]: Successful su for rubyman by root
Oct 14 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4572]: + ??? root:rubyman
Oct 14 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410491 of user rubyman.
Oct 14 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4572]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410491.
Oct 14 09:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1520]: pam_unix(cron:session): session closed for user root
Oct 14 09:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4492]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3528]: pam_unix(cron:session): session closed for user root
Oct 14 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: Invalid user afzal from 187.33.251.218
Oct 14 09:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: input_userauth_request: invalid user afzal [preauth]
Oct 14 09:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: Failed password for invalid user afzal from 187.33.251.218 port 44835 ssh2
Oct 14 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: Received disconnect from 187.33.251.218 port 44835:11: Bye Bye [preauth]
Oct 14 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: Disconnected from 187.33.251.218 port 44835 [preauth]
Oct 14 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5449]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5309]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5561]: Successful su for rubyman by root
Oct 14 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5561]: + ??? root:rubyman
Oct 14 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410495 of user rubyman.
Oct 14 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5561]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410495.
Oct 14 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33  user=root
Oct 14 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: Failed password for root from 107.170.232.33 port 53108 ssh2
Oct 14 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: Received disconnect from 107.170.232.33 port 53108:11: Bye Bye [preauth]
Oct 14 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: Disconnected from 107.170.232.33 port 53108 [preauth]
Oct 14 09:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2106]: pam_unix(cron:session): session closed for user root
Oct 14 09:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5421]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3983]: pam_unix(cron:session): session closed for user root
Oct 14 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5971]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5969]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5972]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5970]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5972]: pam_unix(cron:session): session closed for user root
Oct 14 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5966]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6043]: Successful su for rubyman by root
Oct 14 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6043]: + ??? root:rubyman
Oct 14 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410500 of user rubyman.
Oct 14 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6043]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410500.
Oct 14 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5969]: pam_unix(cron:session): session closed for user root
Oct 14 09:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2577]: pam_unix(cron:session): session closed for user root
Oct 14 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: Invalid user user from 196.251.84.140
Oct 14 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: input_userauth_request: invalid user user [preauth]
Oct 14 09:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 09:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: Failed password for invalid user user from 196.251.84.140 port 55380 ssh2
Oct 14 09:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: Connection closed by 196.251.84.140 port 55380 [preauth]
Oct 14 09:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5968]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33  user=root
Oct 14 09:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: Failed password for root from 107.170.232.33 port 47764 ssh2
Oct 14 09:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: Received disconnect from 107.170.232.33 port 47764:11: Bye Bye [preauth]
Oct 14 09:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: Disconnected from 107.170.232.33 port 47764 [preauth]
Oct 14 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4494]: pam_unix(cron:session): session closed for user root
Oct 14 09:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Invalid user maryam from 187.33.251.218
Oct 14 09:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: input_userauth_request: invalid user maryam [preauth]
Oct 14 09:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Failed password for invalid user maryam from 187.33.251.218 port 10887 ssh2
Oct 14 09:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Received disconnect from 187.33.251.218 port 10887:11: Bye Bye [preauth]
Oct 14 09:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Disconnected from 187.33.251.218 port 10887 [preauth]
Oct 14 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6444]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6443]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6440]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6539]: Successful su for rubyman by root
Oct 14 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6539]: + ??? root:rubyman
Oct 14 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6539]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410504 of user rubyman.
Oct 14 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6539]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410504.
Oct 14 09:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3026]: pam_unix(cron:session): session closed for user root
Oct 14 09:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6442]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session closed for user root
Oct 14 09:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: Invalid user w from 107.170.232.33
Oct 14 09:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: input_userauth_request: invalid user w [preauth]
Oct 14 09:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33
Oct 14 09:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6948]: Invalid user test from 47.250.81.225
Oct 14 09:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6948]: input_userauth_request: invalid user test [preauth]
Oct 14 09:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6948]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.250.81.225
Oct 14 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: Failed password for invalid user w from 107.170.232.33 port 13206 ssh2
Oct 14 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: Received disconnect from 107.170.232.33 port 13206:11: Bye Bye [preauth]
Oct 14 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6950]: Disconnected from 107.170.232.33 port 13206 [preauth]
Oct 14 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6948]: Failed password for invalid user test from 47.250.81.225 port 59422 ssh2
Oct 14 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6948]: Received disconnect from 47.250.81.225 port 59422:11: Bye Bye [preauth]
Oct 14 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6948]: Disconnected from 47.250.81.225 port 59422 [preauth]
Oct 14 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7013]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7014]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7010]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7107]: Successful su for rubyman by root
Oct 14 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7107]: + ??? root:rubyman
Oct 14 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410509 of user rubyman.
Oct 14 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7107]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410509.
Oct 14 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3527]: pam_unix(cron:session): session closed for user root
Oct 14 09:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7011]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: Invalid user njzf from 187.33.251.218
Oct 14 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: input_userauth_request: invalid user njzf [preauth]
Oct 14 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: Failed password for invalid user njzf from 187.33.251.218 port 39349 ssh2
Oct 14 09:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: Received disconnect from 187.33.251.218 port 39349:11: Bye Bye [preauth]
Oct 14 09:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: Disconnected from 187.33.251.218 port 39349 [preauth]
Oct 14 09:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5971]: pam_unix(cron:session): session closed for user root
Oct 14 09:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: Invalid user ftpuser from 123.58.196.44
Oct 14 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44
Oct 14 09:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: Failed password for invalid user ftpuser from 123.58.196.44 port 42632 ssh2
Oct 14 09:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: Received disconnect from 123.58.196.44 port 42632:11: Bye Bye [preauth]
Oct 14 09:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7514]: Disconnected from 123.58.196.44 port 42632 [preauth]
Oct 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7570]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7568]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7564]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33  user=root
Oct 14 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7635]: Successful su for rubyman by root
Oct 14 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7635]: + ??? root:rubyman
Oct 14 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410513 of user rubyman.
Oct 14 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7635]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410513.
Oct 14 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: Failed password for root from 107.170.232.33 port 62188 ssh2
Oct 14 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: Received disconnect from 107.170.232.33 port 62188:11: Bye Bye [preauth]
Oct 14 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: Disconnected from 107.170.232.33 port 62188 [preauth]
Oct 14 09:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3982]: pam_unix(cron:session): session closed for user root
Oct 14 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7566]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: Invalid user user from 196.251.84.140
Oct 14 09:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: input_userauth_request: invalid user user [preauth]
Oct 14 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.140
Oct 14 09:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: Failed password for invalid user user from 196.251.84.140 port 44554 ssh2
Oct 14 09:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: Connection closed by 196.251.84.140 port 44554 [preauth]
Oct 14 09:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6444]: pam_unix(cron:session): session closed for user root
Oct 14 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8467]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8466]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8462]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8464]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8658]: Successful su for rubyman by root
Oct 14 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8658]: + ??? root:rubyman
Oct 14 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410516 of user rubyman.
Oct 14 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8658]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410516.
Oct 14 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8462]: pam_unix(cron:session): session closed for user root
Oct 14 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: Invalid user maryam from 111.198.221.98
Oct 14 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: input_userauth_request: invalid user maryam [preauth]
Oct 14 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.198.221.98
Oct 14 09:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: Failed password for invalid user maryam from 111.198.221.98 port 48708 ssh2
Oct 14 09:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: Received disconnect from 111.198.221.98 port 48708:11: Bye Bye [preauth]
Oct 14 09:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: Disconnected from 111.198.221.98 port 48708 [preauth]
Oct 14 09:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4493]: pam_unix(cron:session): session closed for user root
Oct 14 09:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: Invalid user cgw from 187.33.251.218
Oct 14 09:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: input_userauth_request: invalid user cgw [preauth]
Oct 14 09:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: Failed password for invalid user cgw from 187.33.251.218 port 13399 ssh2
Oct 14 09:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: Received disconnect from 187.33.251.218 port 13399:11: Bye Bye [preauth]
Oct 14 09:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8966]: Disconnected from 187.33.251.218 port 13399 [preauth]
Oct 14 09:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8465]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: Invalid user esearch from 107.170.232.33
Oct 14 09:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: input_userauth_request: invalid user esearch [preauth]
Oct 14 09:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33
Oct 14 09:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: Failed password for invalid user esearch from 107.170.232.33 port 47710 ssh2
Oct 14 09:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: Received disconnect from 107.170.232.33 port 47710:11: Bye Bye [preauth]
Oct 14 09:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: Disconnected from 107.170.232.33 port 47710 [preauth]
Oct 14 09:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7014]: pam_unix(cron:session): session closed for user root
Oct 14 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44  user=root
Oct 14 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9119]: Failed password for root from 123.58.196.44 port 48872 ssh2
Oct 14 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9119]: Received disconnect from 123.58.196.44 port 48872:11: Bye Bye [preauth]
Oct 14 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9119]: Disconnected from 123.58.196.44 port 48872 [preauth]
Oct 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9271]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9278]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9279]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9270]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9273]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9275]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9279]: pam_unix(cron:session): session closed for user root
Oct 14 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9270]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9365]: Successful su for rubyman by root
Oct 14 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9365]: + ??? root:rubyman
Oct 14 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410523 of user rubyman.
Oct 14 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9365]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410523.
Oct 14 09:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9273]: pam_unix(cron:session): session closed for user root
Oct 14 09:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5449]: pam_unix(cron:session): session closed for user root
Oct 14 09:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9271]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7570]: pam_unix(cron:session): session closed for user root
Oct 14 09:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9898]: Invalid user service from 20.163.71.109
Oct 14 09:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9898]: input_userauth_request: invalid user service [preauth]
Oct 14 09:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9898]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 09:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9898]: Failed password for invalid user service from 20.163.71.109 port 52548 ssh2
Oct 14 09:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9898]: Connection closed by 20.163.71.109 port 52548 [preauth]
Oct 14 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33  user=root
Oct 14 09:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9929]: Failed password for root from 107.170.232.33 port 16018 ssh2
Oct 14 09:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9929]: Received disconnect from 107.170.232.33 port 16018:11: Bye Bye [preauth]
Oct 14 09:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9929]: Disconnected from 107.170.232.33 port 16018 [preauth]
Oct 14 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9946]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9944]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9945]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9943]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9943]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10025]: Successful su for rubyman by root
Oct 14 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10025]: + ??? root:rubyman
Oct 14 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410528 of user rubyman.
Oct 14 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10025]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410528.
Oct 14 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218  user=root
Oct 14 09:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10059]: Failed password for root from 187.33.251.218 port 47867 ssh2
Oct 14 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10059]: Received disconnect from 187.33.251.218 port 47867:11: Bye Bye [preauth]
Oct 14 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10059]: Disconnected from 187.33.251.218 port 47867 [preauth]
Oct 14 09:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5970]: pam_unix(cron:session): session closed for user root
Oct 14 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9944]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8467]: pam_unix(cron:session): session closed for user root
Oct 14 09:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.196.44  user=root
Oct 14 09:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10432]: Failed password for root from 123.58.196.44 port 48700 ssh2
Oct 14 09:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10432]: Received disconnect from 123.58.196.44 port 48700:11: Bye Bye [preauth]
Oct 14 09:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10432]: Disconnected from 123.58.196.44 port 48700 [preauth]
Oct 14 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10453]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10452]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10450]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10519]: Successful su for rubyman by root
Oct 14 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10519]: + ??? root:rubyman
Oct 14 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410531 of user rubyman.
Oct 14 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10519]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410531.
Oct 14 09:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6443]: pam_unix(cron:session): session closed for user root
Oct 14 09:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: Invalid user python from 107.170.232.33
Oct 14 09:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: input_userauth_request: invalid user python [preauth]
Oct 14 09:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33
Oct 14 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: Failed password for invalid user python from 107.170.232.33 port 35176 ssh2
Oct 14 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: Received disconnect from 107.170.232.33 port 35176:11: Bye Bye [preauth]
Oct 14 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10730]: Disconnected from 107.170.232.33 port 35176 [preauth]
Oct 14 09:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10346]: Connection closed by 47.250.81.225 port 37218 [preauth]
Oct 14 09:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10451]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9278]: pam_unix(cron:session): session closed for user root
Oct 14 09:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: Invalid user tv from 187.33.251.218
Oct 14 09:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: input_userauth_request: invalid user tv [preauth]
Oct 14 09:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: Failed password for invalid user tv from 187.33.251.218 port 58483 ssh2
Oct 14 09:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: Received disconnect from 187.33.251.218 port 58483:11: Bye Bye [preauth]
Oct 14 09:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: Disconnected from 187.33.251.218 port 58483 [preauth]
Oct 14 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10914]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10915]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10912]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10991]: Successful su for rubyman by root
Oct 14 09:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10991]: + ??? root:rubyman
Oct 14 09:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410535 of user rubyman.
Oct 14 09:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10991]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410535.
Oct 14 09:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7013]: pam_unix(cron:session): session closed for user root
Oct 14 09:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10913]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Invalid user kenji from 107.170.232.33
Oct 14 09:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: input_userauth_request: invalid user kenji [preauth]
Oct 14 09:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33
Oct 14 09:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Failed password for invalid user kenji from 107.170.232.33 port 40832 ssh2
Oct 14 09:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Received disconnect from 107.170.232.33 port 40832:11: Bye Bye [preauth]
Oct 14 09:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Disconnected from 107.170.232.33 port 40832 [preauth]
Oct 14 09:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9946]: pam_unix(cron:session): session closed for user root
Oct 14 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11375]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11376]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11371]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11444]: Successful su for rubyman by root
Oct 14 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11444]: + ??? root:rubyman
Oct 14 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410539 of user rubyman.
Oct 14 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11444]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410539.
Oct 14 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: Invalid user hamed from 47.250.81.225
Oct 14 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: input_userauth_request: invalid user hamed [preauth]
Oct 14 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.250.81.225
Oct 14 09:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: Failed password for invalid user hamed from 47.250.81.225 port 40230 ssh2
Oct 14 09:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: Received disconnect from 47.250.81.225 port 40230:11: Bye Bye [preauth]
Oct 14 09:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: Disconnected from 47.250.81.225 port 40230 [preauth]
Oct 14 09:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7568]: pam_unix(cron:session): session closed for user root
Oct 14 09:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11372]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10453]: pam_unix(cron:session): session closed for user root
Oct 14 09:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Invalid user vladimir from 187.33.251.218
Oct 14 09:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: input_userauth_request: invalid user vladimir [preauth]
Oct 14 09:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Failed password for invalid user vladimir from 187.33.251.218 port 57846 ssh2
Oct 14 09:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Received disconnect from 187.33.251.218 port 57846:11: Bye Bye [preauth]
Oct 14 09:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Disconnected from 187.33.251.218 port 57846 [preauth]
Oct 14 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: Invalid user lani from 107.170.232.33
Oct 14 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: input_userauth_request: invalid user lani [preauth]
Oct 14 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33
Oct 14 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: Failed password for invalid user lani from 107.170.232.33 port 16090 ssh2
Oct 14 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: Received disconnect from 107.170.232.33 port 16090:11: Bye Bye [preauth]
Oct 14 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: Disconnected from 107.170.232.33 port 16090 [preauth]
Oct 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11985]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11986]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11984]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11983]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11986]: pam_unix(cron:session): session closed for user root
Oct 14 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11981]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12065]: Successful su for rubyman by root
Oct 14 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12065]: + ??? root:rubyman
Oct 14 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410544 of user rubyman.
Oct 14 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12065]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410544.
Oct 14 09:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11983]: pam_unix(cron:session): session closed for user root
Oct 14 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8466]: pam_unix(cron:session): session closed for user root
Oct 14 09:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11982]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10915]: pam_unix(cron:session): session closed for user root
Oct 14 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12501]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12500]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12498]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12578]: Successful su for rubyman by root
Oct 14 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12578]: + ??? root:rubyman
Oct 14 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410549 of user rubyman.
Oct 14 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12578]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410549.
Oct 14 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: Invalid user ftpuser from 107.170.232.33
Oct 14 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33
Oct 14 09:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: Failed password for invalid user ftpuser from 107.170.232.33 port 30476 ssh2
Oct 14 09:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: Received disconnect from 107.170.232.33 port 30476:11: Bye Bye [preauth]
Oct 14 09:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: Disconnected from 107.170.232.33 port 30476 [preauth]
Oct 14 09:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9275]: pam_unix(cron:session): session closed for user root
Oct 14 09:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12499]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: Invalid user odoo12 from 187.33.251.218
Oct 14 09:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: input_userauth_request: invalid user odoo12 [preauth]
Oct 14 09:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: Failed password for invalid user odoo12 from 187.33.251.218 port 31338 ssh2
Oct 14 09:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: Received disconnect from 187.33.251.218 port 31338:11: Bye Bye [preauth]
Oct 14 09:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: Disconnected from 187.33.251.218 port 31338 [preauth]
Oct 14 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: Invalid user abbas from 47.250.81.225
Oct 14 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: input_userauth_request: invalid user abbas [preauth]
Oct 14 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.250.81.225
Oct 14 09:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: Failed password for invalid user abbas from 47.250.81.225 port 43246 ssh2
Oct 14 09:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: Received disconnect from 47.250.81.225 port 43246:11: Bye Bye [preauth]
Oct 14 09:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: Disconnected from 47.250.81.225 port 43246 [preauth]
Oct 14 09:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11376]: pam_unix(cron:session): session closed for user root
Oct 14 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13019]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13020]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13021]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13018]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13097]: Successful su for rubyman by root
Oct 14 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13097]: + ??? root:rubyman
Oct 14 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410553 of user rubyman.
Oct 14 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13097]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410553.
Oct 14 09:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9945]: pam_unix(cron:session): session closed for user root
Oct 14 09:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13019]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Invalid user i from 107.170.232.33
Oct 14 09:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: input_userauth_request: invalid user i [preauth]
Oct 14 09:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33
Oct 14 09:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Failed password for invalid user i from 107.170.232.33 port 33596 ssh2
Oct 14 09:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Received disconnect from 107.170.232.33 port 33596:11: Bye Bye [preauth]
Oct 14 09:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13476]: Disconnected from 107.170.232.33 port 33596 [preauth]
Oct 14 09:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11985]: pam_unix(cron:session): session closed for user root
Oct 14 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13606]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13607]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13603]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13670]: Successful su for rubyman by root
Oct 14 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13670]: + ??? root:rubyman
Oct 14 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410559 of user rubyman.
Oct 14 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13670]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410559.
Oct 14 09:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10452]: pam_unix(cron:session): session closed for user root
Oct 14 09:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: Invalid user soporte from 187.33.251.218
Oct 14 09:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: input_userauth_request: invalid user soporte [preauth]
Oct 14 09:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13604]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: Failed password for invalid user soporte from 187.33.251.218 port 36263 ssh2
Oct 14 09:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: Received disconnect from 187.33.251.218 port 36263:11: Bye Bye [preauth]
Oct 14 09:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: Disconnected from 187.33.251.218 port 36263 [preauth]
Oct 14 09:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12501]: pam_unix(cron:session): session closed for user root
Oct 14 09:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: Invalid user ubuntu from 107.170.232.33
Oct 14 09:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 09:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33
Oct 14 09:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: Failed password for invalid user ubuntu from 107.170.232.33 port 50888 ssh2
Oct 14 09:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: Received disconnect from 107.170.232.33 port 50888:11: Bye Bye [preauth]
Oct 14 09:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14025]: Disconnected from 107.170.232.33 port 50888 [preauth]
Oct 14 09:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: Invalid user shin from 111.198.221.98
Oct 14 09:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: input_userauth_request: invalid user shin [preauth]
Oct 14 09:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.198.221.98
Oct 14 09:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: Failed password for invalid user shin from 111.198.221.98 port 60392 ssh2
Oct 14 09:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: Received disconnect from 111.198.221.98 port 60392:11: Bye Bye [preauth]
Oct 14 09:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: Disconnected from 111.198.221.98 port 60392 [preauth]
Oct 14 09:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: Invalid user sky from 47.250.81.225
Oct 14 09:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: input_userauth_request: invalid user sky [preauth]
Oct 14 09:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.250.81.225
Oct 14 09:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Invalid user user from 62.60.131.157
Oct 14 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: input_userauth_request: invalid user user [preauth]
Oct 14 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14182]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14183]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14180]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: Failed password for invalid user sky from 47.250.81.225 port 46258 ssh2
Oct 14 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14257]: Successful su for rubyman by root
Oct 14 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14257]: + ??? root:rubyman
Oct 14 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410561 of user rubyman.
Oct 14 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14257]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410561.
Oct 14 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Failed password for invalid user user from 62.60.131.157 port 22392 ssh2
Oct 14 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Failed password for invalid user user from 62.60.131.157 port 22392 ssh2
Oct 14 09:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: Received disconnect from 47.250.81.225 port 46258:11: Bye Bye [preauth]
Oct 14 09:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: Disconnected from 47.250.81.225 port 46258 [preauth]
Oct 14 09:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 14 09:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Failed password for invalid user user from 62.60.131.157 port 22392 ssh2
Oct 14 09:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14326]: Failed password for root from 164.68.105.9 port 49404 ssh2
Oct 14 09:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14326]: Connection closed by 164.68.105.9 port 49404 [preauth]
Oct 14 09:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10914]: pam_unix(cron:session): session closed for user root
Oct 14 09:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Failed password for invalid user user from 62.60.131.157 port 22392 ssh2
Oct 14 09:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Failed password for invalid user user from 62.60.131.157 port 22392 ssh2
Oct 14 09:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Received disconnect from 62.60.131.157 port 22392:11: Bye [preauth]
Oct 14 09:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Disconnected from 62.60.131.157 port 22392 [preauth]
Oct 14 09:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 09:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 09:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14181]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13021]: pam_unix(cron:session): session closed for user root
Oct 14 09:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33  user=root
Oct 14 09:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: Invalid user ftpuser from 187.33.251.218
Oct 14 09:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 09:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14620]: Failed password for root from 107.170.232.33 port 49108 ssh2
Oct 14 09:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14620]: Received disconnect from 107.170.232.33 port 49108:11: Bye Bye [preauth]
Oct 14 09:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14620]: Disconnected from 107.170.232.33 port 49108 [preauth]
Oct 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14632]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14630]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14631]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14634]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14634]: pam_unix(cron:session): session closed for user root
Oct 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14626]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: Failed password for invalid user ftpuser from 187.33.251.218 port 64473 ssh2
Oct 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: Received disconnect from 187.33.251.218 port 64473:11: Bye Bye [preauth]
Oct 14 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: Disconnected from 187.33.251.218 port 64473 [preauth]
Oct 14 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14702]: Successful su for rubyman by root
Oct 14 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14702]: + ??? root:rubyman
Oct 14 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410565 of user rubyman.
Oct 14 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14702]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410565.
Oct 14 09:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14630]: pam_unix(cron:session): session closed for user root
Oct 14 09:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11375]: pam_unix(cron:session): session closed for user root
Oct 14 09:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14628]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13607]: pam_unix(cron:session): session closed for user root
Oct 14 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15219]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15220]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15218]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15217]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15217]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15308]: Successful su for rubyman by root
Oct 14 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15308]: + ??? root:rubyman
Oct 14 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15308]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410574 of user rubyman.
Oct 14 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15308]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410574.
Oct 14 09:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11984]: pam_unix(cron:session): session closed for user root
Oct 14 09:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15218]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Invalid user dba from 107.170.232.33
Oct 14 09:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: input_userauth_request: invalid user dba [preauth]
Oct 14 09:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.170.232.33
Oct 14 09:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Failed password for invalid user dba from 107.170.232.33 port 50900 ssh2
Oct 14 09:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Received disconnect from 107.170.232.33 port 50900:11: Bye Bye [preauth]
Oct 14 09:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Disconnected from 107.170.232.33 port 50900 [preauth]
Oct 14 09:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: Invalid user nancy from 47.250.81.225
Oct 14 09:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: input_userauth_request: invalid user nancy [preauth]
Oct 14 09:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.250.81.225
Oct 14 09:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: Failed password for invalid user nancy from 47.250.81.225 port 49272 ssh2
Oct 14 09:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: Received disconnect from 47.250.81.225 port 49272:11: Bye Bye [preauth]
Oct 14 09:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15558]: Disconnected from 47.250.81.225 port 49272 [preauth]
Oct 14 09:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14183]: pam_unix(cron:session): session closed for user root
Oct 14 09:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15640]: Invalid user special from 187.33.251.218
Oct 14 09:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15640]: input_userauth_request: invalid user special [preauth]
Oct 14 09:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15640]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15640]: Failed password for invalid user special from 187.33.251.218 port 38483 ssh2
Oct 14 09:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15640]: Received disconnect from 187.33.251.218 port 38483:11: Bye Bye [preauth]
Oct 14 09:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15640]: Disconnected from 187.33.251.218 port 38483 [preauth]
Oct 14 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15694]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15695]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15691]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15691]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: Successful su for rubyman by root
Oct 14 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: + ??? root:rubyman
Oct 14 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410576 of user rubyman.
Oct 14 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410576.
Oct 14 09:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12500]: pam_unix(cron:session): session closed for user root
Oct 14 09:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15692]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 09:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: Failed password for root from 80.211.129.128 port 38100 ssh2
Oct 14 09:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: Connection closed by 80.211.129.128 port 38100 [preauth]
Oct 14 09:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14632]: pam_unix(cron:session): session closed for user root
Oct 14 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16139]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16141]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16138]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16137]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16208]: Successful su for rubyman by root
Oct 14 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16208]: + ??? root:rubyman
Oct 14 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410580 of user rubyman.
Oct 14 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16208]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410580.
Oct 14 09:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13020]: pam_unix(cron:session): session closed for user root
Oct 14 09:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16138]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Invalid user liuyong from 187.33.251.218
Oct 14 09:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: input_userauth_request: invalid user liuyong [preauth]
Oct 14 09:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.251.218
Oct 14 09:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Failed password for invalid user liuyong from 187.33.251.218 port 35277 ssh2
Oct 14 09:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Received disconnect from 187.33.251.218 port 35277:11: Bye Bye [preauth]
Oct 14 09:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Disconnected from 187.33.251.218 port 35277 [preauth]
Oct 14 09:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15220]: pam_unix(cron:session): session closed for user root
Oct 14 09:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: Invalid user admin from 47.250.81.225
Oct 14 09:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: input_userauth_request: invalid user admin [preauth]
Oct 14 09:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.250.81.225
Oct 14 09:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: Failed password for invalid user admin from 47.250.81.225 port 52284 ssh2
Oct 14 09:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: Received disconnect from 47.250.81.225 port 52284:11: Bye Bye [preauth]
Oct 14 09:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: Disconnected from 47.250.81.225 port 52284 [preauth]
Oct 14 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16622]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16621]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16617]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16677]: Successful su for rubyman by root
Oct 14 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16677]: + ??? root:rubyman
Oct 14 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410583 of user rubyman.
Oct 14 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16677]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410583.
Oct 14 09:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13606]: pam_unix(cron:session): session closed for user root
Oct 14 09:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16618]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15695]: pam_unix(cron:session): session closed for user root
Oct 14 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17059]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17063]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17062]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17061]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17063]: pam_unix(cron:session): session closed for user root
Oct 14 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17057]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17157]: Successful su for rubyman by root
Oct 14 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17157]: + ??? root:rubyman
Oct 14 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410587 of user rubyman.
Oct 14 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17157]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410587.
Oct 14 09:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17059]: pam_unix(cron:session): session closed for user root
Oct 14 09:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14182]: pam_unix(cron:session): session closed for user root
Oct 14 09:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17058]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16141]: pam_unix(cron:session): session closed for user root
Oct 14 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17556]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17558]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17553]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17553]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17638]: Successful su for rubyman by root
Oct 14 09:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17638]: + ??? root:rubyman
Oct 14 09:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17638]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410593 of user rubyman.
Oct 14 09:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17638]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410593.
Oct 14 09:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14631]: pam_unix(cron:session): session closed for user root
Oct 14 09:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17555]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Invalid user aluno from 47.250.81.225
Oct 14 09:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: input_userauth_request: invalid user aluno [preauth]
Oct 14 09:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.250.81.225
Oct 14 09:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Failed password for invalid user aluno from 47.250.81.225 port 55298 ssh2
Oct 14 09:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Received disconnect from 47.250.81.225 port 55298:11: Bye Bye [preauth]
Oct 14 09:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Disconnected from 47.250.81.225 port 55298 [preauth]
Oct 14 09:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18017]: Invalid user support from 78.128.112.74
Oct 14 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18017]: input_userauth_request: invalid user support [preauth]
Oct 14 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18017]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Oct 14 09:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18017]: Failed password for invalid user support from 78.128.112.74 port 42952 ssh2
Oct 14 09:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18017]: Connection closed by 78.128.112.74 port 42952 [preauth]
Oct 14 09:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16622]: pam_unix(cron:session): session closed for user root
Oct 14 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18237]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18236]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18124]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18307]: Successful su for rubyman by root
Oct 14 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18307]: + ??? root:rubyman
Oct 14 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410597 of user rubyman.
Oct 14 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18307]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410597.
Oct 14 09:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15219]: pam_unix(cron:session): session closed for user root
Oct 14 09:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18125]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18699]: Did not receive identification string from 80.211.129.128
Oct 14 09:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17062]: pam_unix(cron:session): session closed for user root
Oct 14 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18826]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18827]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18824]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18904]: Successful su for rubyman by root
Oct 14 09:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18904]: + ??? root:rubyman
Oct 14 09:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410602 of user rubyman.
Oct 14 09:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18904]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410602.
Oct 14 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15694]: pam_unix(cron:session): session closed for user root
Oct 14 09:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 09:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18825]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.198.221.98  user=root
Oct 14 09:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19276]: Failed password for root from 111.198.221.98 port 43836 ssh2
Oct 14 09:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19276]: Received disconnect from 111.198.221.98 port 43836:11: Bye Bye [preauth]
Oct 14 09:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19276]: Disconnected from 111.198.221.98 port 43836 [preauth]
Oct 14 09:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17558]: pam_unix(cron:session): session closed for user root
Oct 14 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19625]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19633]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19621]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19621]: pam_unix(cron:session): session closed for user p13x
Oct 14 09:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19814]: Successful su for rubyman by root
Oct 14 09:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19814]: + ??? root:rubyman
Oct 14 09:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 09:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410605 of user rubyman.
Oct 14 09:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19814]: pam_unix(su:session): session closed for user rubyman
Oct 14 09:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410605.
Oct 14 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16139]: pam_unix(cron:session): session closed for user root
Oct 14 09:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19624]: pam_unix(cron:session): session closed for user samftp
Oct 14 09:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18237]: pam_unix(cron:session): session closed for user root
Oct 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20289]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20287]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20288]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20285]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20286]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20285]: pam_unix(cron:session): session closed for user root
Oct 14 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20289]: pam_unix(cron:session): session closed for user root
Oct 14 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20282]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[20410]: Successful su for rubyman by root
Oct 14 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[20410]: + ??? root:rubyman
Oct 14 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[20410]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410609 of user rubyman.
Oct 14 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[20410]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410609.
Oct 14 10:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16621]: pam_unix(cron:session): session closed for user root
Oct 14 10:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20286]: pam_unix(cron:session): session closed for user root
Oct 14 10:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20284]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18827]: pam_unix(cron:session): session closed for user root
Oct 14 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20866]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20865]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20859]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20936]: Successful su for rubyman by root
Oct 14 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20936]: + ??? root:rubyman
Oct 14 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410618 of user rubyman.
Oct 14 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20936]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410618.
Oct 14 10:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17061]: pam_unix(cron:session): session closed for user root
Oct 14 10:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20860]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19633]: pam_unix(cron:session): session closed for user root
Oct 14 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21385]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21377]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21374]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21460]: Successful su for rubyman by root
Oct 14 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21460]: + ??? root:rubyman
Oct 14 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410620 of user rubyman.
Oct 14 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21460]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410620.
Oct 14 10:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17556]: pam_unix(cron:session): session closed for user root
Oct 14 10:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21375]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20288]: pam_unix(cron:session): session closed for user root
Oct 14 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21842]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21843]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21839]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21921]: Successful su for rubyman by root
Oct 14 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21921]: + ??? root:rubyman
Oct 14 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410627 of user rubyman.
Oct 14 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21921]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410627.
Oct 14 10:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18236]: pam_unix(cron:session): session closed for user root
Oct 14 10:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Invalid user admin from 2.57.121.112
Oct 14 10:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: input_userauth_request: invalid user admin [preauth]
Oct 14 10:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 10:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Failed password for invalid user admin from 2.57.121.112 port 11824 ssh2
Oct 14 10:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Failed password for invalid user admin from 2.57.121.112 port 11824 ssh2
Oct 14 10:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Failed password for invalid user admin from 2.57.121.112 port 11824 ssh2
Oct 14 10:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21840]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Failed password for invalid user admin from 2.57.121.112 port 11824 ssh2
Oct 14 10:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Failed password for invalid user admin from 2.57.121.112 port 11824 ssh2
Oct 14 10:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Received disconnect from 2.57.121.112 port 11824:11: Bye [preauth]
Oct 14 10:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Disconnected from 2.57.121.112 port 11824 [preauth]
Oct 14 10:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 10:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 10:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: Invalid user minecraft from 190.103.202.7
Oct 14 10:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 10:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 14 10:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: Failed password for invalid user minecraft from 190.103.202.7 port 37966 ssh2
Oct 14 10:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22224]: Connection closed by 190.103.202.7 port 37966 [preauth]
Oct 14 10:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20866]: pam_unix(cron:session): session closed for user root
Oct 14 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22359]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22357]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22358]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22356]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22433]: Successful su for rubyman by root
Oct 14 10:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22433]: + ??? root:rubyman
Oct 14 10:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410629 of user rubyman.
Oct 14 10:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22433]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410629.
Oct 14 10:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18826]: pam_unix(cron:session): session closed for user root
Oct 14 10:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22357]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21385]: pam_unix(cron:session): session closed for user root
Oct 14 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23152]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23151]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23161]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23150]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23161]: pam_unix(cron:session): session closed for user root
Oct 14 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23148]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23258]: Successful su for rubyman by root
Oct 14 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23258]: + ??? root:rubyman
Oct 14 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410633 of user rubyman.
Oct 14 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23258]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410633.
Oct 14 10:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.38.148.202  user=root
Oct 14 10:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23314]: Failed password for root from 89.38.148.202 port 58924 ssh2
Oct 14 10:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23314]: Connection closed by 89.38.148.202 port 58924 [preauth]
Oct 14 10:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23150]: pam_unix(cron:session): session closed for user root
Oct 14 10:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19625]: pam_unix(cron:session): session closed for user root
Oct 14 10:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23149]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23930]: Did not receive identification string from 80.211.129.128
Oct 14 10:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21843]: pam_unix(cron:session): session closed for user root
Oct 14 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24024]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24025]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24020]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24137]: Successful su for rubyman by root
Oct 14 10:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24137]: + ??? root:rubyman
Oct 14 10:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24137]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410639 of user rubyman.
Oct 14 10:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24137]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410639.
Oct 14 10:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20287]: pam_unix(cron:session): session closed for user root
Oct 14 10:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24022]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22359]: pam_unix(cron:session): session closed for user root
Oct 14 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24571]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24572]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24564]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24644]: Successful su for rubyman by root
Oct 14 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24644]: + ??? root:rubyman
Oct 14 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410642 of user rubyman.
Oct 14 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24644]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410642.
Oct 14 10:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20865]: pam_unix(cron:session): session closed for user root
Oct 14 10:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24565]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23152]: pam_unix(cron:session): session closed for user root
Oct 14 10:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 10:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Failed password for root from 80.211.129.128 port 42096 ssh2
Oct 14 10:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Connection closed by 80.211.129.128 port 42096 [preauth]
Oct 14 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25053]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25052]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25049]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25048]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25140]: Successful su for rubyman by root
Oct 14 10:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25140]: + ??? root:rubyman
Oct 14 10:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410647 of user rubyman.
Oct 14 10:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25140]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410647.
Oct 14 10:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21377]: pam_unix(cron:session): session closed for user root
Oct 14 10:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25049]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24025]: pam_unix(cron:session): session closed for user root
Oct 14 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25748]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25746]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25741]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25743]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26045]: Successful su for rubyman by root
Oct 14 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26045]: + ??? root:rubyman
Oct 14 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26045]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410650 of user rubyman.
Oct 14 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26045]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410650.
Oct 14 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25741]: pam_unix(cron:session): session closed for user root
Oct 14 10:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21842]: pam_unix(cron:session): session closed for user root
Oct 14 10:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25745]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24572]: pam_unix(cron:session): session closed for user root
Oct 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26532]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26534]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26535]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26531]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26535]: pam_unix(cron:session): session closed for user root
Oct 14 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26528]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26609]: Successful su for rubyman by root
Oct 14 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26609]: + ??? root:rubyman
Oct 14 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410658 of user rubyman.
Oct 14 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26609]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410658.
Oct 14 10:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26531]: pam_unix(cron:session): session closed for user root
Oct 14 10:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22358]: pam_unix(cron:session): session closed for user root
Oct 14 10:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26530]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25053]: pam_unix(cron:session): session closed for user root
Oct 14 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27256]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27254]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27255]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27253]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27253]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27338]: Successful su for rubyman by root
Oct 14 10:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27338]: + ??? root:rubyman
Oct 14 10:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410661 of user rubyman.
Oct 14 10:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27338]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410661.
Oct 14 10:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23151]: pam_unix(cron:session): session closed for user root
Oct 14 10:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27254]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25748]: pam_unix(cron:session): session closed for user root
Oct 14 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28041]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28040]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28037]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28037]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28110]: Successful su for rubyman by root
Oct 14 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28110]: + ??? root:rubyman
Oct 14 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410665 of user rubyman.
Oct 14 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28110]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410665.
Oct 14 10:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24024]: pam_unix(cron:session): session closed for user root
Oct 14 10:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28038]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26534]: pam_unix(cron:session): session closed for user root
Oct 14 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28744]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28745]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28743]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28741]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28821]: Successful su for rubyman by root
Oct 14 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28821]: + ??? root:rubyman
Oct 14 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410669 of user rubyman.
Oct 14 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28821]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410669.
Oct 14 10:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24571]: pam_unix(cron:session): session closed for user root
Oct 14 10:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28743]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27256]: pam_unix(cron:session): session closed for user root
Oct 14 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29358]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29356]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29354]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29426]: Successful su for rubyman by root
Oct 14 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29426]: + ??? root:rubyman
Oct 14 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410673 of user rubyman.
Oct 14 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29426]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410673.
Oct 14 10:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25052]: pam_unix(cron:session): session closed for user root
Oct 14 10:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29355]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28041]: pam_unix(cron:session): session closed for user root
Oct 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29849]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29850]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29845]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29843]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29850]: pam_unix(cron:session): session closed for user root
Oct 14 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29841]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29941]: Successful su for rubyman by root
Oct 14 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29941]: + ??? root:rubyman
Oct 14 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29941]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410677 of user rubyman.
Oct 14 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29941]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410677.
Oct 14 10:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29843]: pam_unix(cron:session): session closed for user root
Oct 14 10:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25746]: pam_unix(cron:session): session closed for user root
Oct 14 10:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29842]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28745]: pam_unix(cron:session): session closed for user root
Oct 14 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30412]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30413]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30410]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30583]: Successful su for rubyman by root
Oct 14 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30583]: + ??? root:rubyman
Oct 14 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410683 of user rubyman.
Oct 14 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30583]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410683.
Oct 14 10:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26532]: pam_unix(cron:session): session closed for user root
Oct 14 10:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30411]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29358]: pam_unix(cron:session): session closed for user root
Oct 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30973]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30976]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30975]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30970]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30970]: pam_unix(cron:session): session closed for user root
Oct 14 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30972]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31065]: Successful su for rubyman by root
Oct 14 10:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31065]: + ??? root:rubyman
Oct 14 10:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410689 of user rubyman.
Oct 14 10:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31065]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410689.
Oct 14 10:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27255]: pam_unix(cron:session): session closed for user root
Oct 14 10:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30973]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29849]: pam_unix(cron:session): session closed for user root
Oct 14 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31499]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31498]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31496]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31685]: Successful su for rubyman by root
Oct 14 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31685]: + ??? root:rubyman
Oct 14 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31685]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410692 of user rubyman.
Oct 14 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31685]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410692.
Oct 14 10:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28040]: pam_unix(cron:session): session closed for user root
Oct 14 10:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31497]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30413]: pam_unix(cron:session): session closed for user root
Oct 14 10:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 14 10:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: Failed password for root from 20.163.71.109 port 38456 ssh2
Oct 14 10:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: Connection closed by 20.163.71.109 port 38456 [preauth]
Oct 14 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32074]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32075]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32072]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32235]: Successful su for rubyman by root
Oct 14 10:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32235]: + ??? root:rubyman
Oct 14 10:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410697 of user rubyman.
Oct 14 10:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32235]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410697.
Oct 14 10:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28744]: pam_unix(cron:session): session closed for user root
Oct 14 10:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32073]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30976]: pam_unix(cron:session): session closed for user root
Oct 14 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32605]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32604]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32602]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32603]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32605]: pam_unix(cron:session): session closed for user root
Oct 14 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32599]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32687]: Successful su for rubyman by root
Oct 14 10:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32687]: + ??? root:rubyman
Oct 14 10:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410703 of user rubyman.
Oct 14 10:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32687]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410703.
Oct 14 10:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32602]: pam_unix(cron:session): session closed for user root
Oct 14 10:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29356]: pam_unix(cron:session): session closed for user root
Oct 14 10:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32601]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31499]: pam_unix(cron:session): session closed for user root
Oct 14 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[636]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[635]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[633]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[718]: Successful su for rubyman by root
Oct 14 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[718]: + ??? root:rubyman
Oct 14 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[718]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410707 of user rubyman.
Oct 14 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[718]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410707.
Oct 14 10:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29845]: pam_unix(cron:session): session closed for user root
Oct 14 10:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[634]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32075]: pam_unix(cron:session): session closed for user root
Oct 14 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1218]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1217]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1215]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1215]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1290]: Successful su for rubyman by root
Oct 14 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1290]: + ??? root:rubyman
Oct 14 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410711 of user rubyman.
Oct 14 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1290]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410711.
Oct 14 10:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30412]: pam_unix(cron:session): session closed for user root
Oct 14 10:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: Did not receive identification string from 196.251.71.24
Oct 14 10:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1216]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32604]: pam_unix(cron:session): session closed for user root
Oct 14 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1710]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1711]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1706]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1790]: Successful su for rubyman by root
Oct 14 10:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1790]: + ??? root:rubyman
Oct 14 10:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410714 of user rubyman.
Oct 14 10:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1790]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410714.
Oct 14 10:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30975]: pam_unix(cron:session): session closed for user root
Oct 14 10:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[636]: pam_unix(cron:session): session closed for user root
Oct 14 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2273]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2272]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2271]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2270]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2270]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2345]: Successful su for rubyman by root
Oct 14 10:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2345]: + ??? root:rubyman
Oct 14 10:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410720 of user rubyman.
Oct 14 10:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2345]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410720.
Oct 14 10:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31498]: pam_unix(cron:session): session closed for user root
Oct 14 10:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2271]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1218]: pam_unix(cron:session): session closed for user root
Oct 14 10:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: Did not receive identification string from 80.211.129.128
Oct 14 10:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: Failed password for root from 20.163.71.109 port 55022 ssh2
Oct 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: Connection closed by 20.163.71.109 port 55022 [preauth]
Oct 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2725]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2724]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2720]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2721]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2723]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2719]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2725]: pam_unix(cron:session): session closed for user root
Oct 14 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2719]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[2796]: Successful su for rubyman by root
Oct 14 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[2796]: + ??? root:rubyman
Oct 14 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[2796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410724 of user rubyman.
Oct 14 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[2796]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410724.
Oct 14 10:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2721]: pam_unix(cron:session): session closed for user root
Oct 14 10:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32074]: pam_unix(cron:session): session closed for user root
Oct 14 10:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2720]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1711]: pam_unix(cron:session): session closed for user root
Oct 14 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3192]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3193]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3190]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3272]: Successful su for rubyman by root
Oct 14 10:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3272]: + ??? root:rubyman
Oct 14 10:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3272]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410728 of user rubyman.
Oct 14 10:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3272]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410728.
Oct 14 10:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32603]: pam_unix(cron:session): session closed for user root
Oct 14 10:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3191]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2273]: pam_unix(cron:session): session closed for user root
Oct 14 10:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: Failed password for root from 196.251.71.24 port 53162 ssh2
Oct 14 10:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3585]: Connection closed by 196.251.71.24 port 53162 [preauth]
Oct 14 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3659]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3660]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3657]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3727]: Successful su for rubyman by root
Oct 14 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3727]: + ??? root:rubyman
Oct 14 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410733 of user rubyman.
Oct 14 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3727]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410733.
Oct 14 10:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[635]: pam_unix(cron:session): session closed for user root
Oct 14 10:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3658]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2724]: pam_unix(cron:session): session closed for user root
Oct 14 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4122]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4125]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4123]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4121]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4228]: Successful su for rubyman by root
Oct 14 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4228]: + ??? root:rubyman
Oct 14 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4228]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410739 of user rubyman.
Oct 14 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4228]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410739.
Oct 14 10:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: Invalid user ansible from 186.96.145.241
Oct 14 10:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: input_userauth_request: invalid user ansible [preauth]
Oct 14 10:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 14 10:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1217]: pam_unix(cron:session): session closed for user root
Oct 14 10:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: Failed password for invalid user ansible from 186.96.145.241 port 49358 ssh2
Oct 14 10:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4352]: Connection closed by 186.96.145.241 port 49358 [preauth]
Oct 14 10:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4122]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4532]: Failed password for root from 196.251.71.24 port 49958 ssh2
Oct 14 10:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3193]: pam_unix(cron:session): session closed for user root
Oct 14 10:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4532]: Connection closed by 196.251.71.24 port 49958 [preauth]
Oct 14 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4676]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4672]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4675]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4672]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4744]: Successful su for rubyman by root
Oct 14 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4744]: + ??? root:rubyman
Oct 14 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410740 of user rubyman.
Oct 14 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4744]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410740.
Oct 14 10:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1710]: pam_unix(cron:session): session closed for user root
Oct 14 10:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4674]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3660]: pam_unix(cron:session): session closed for user root
Oct 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5616]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5617]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5618]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5619]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5619]: pam_unix(cron:session): session closed for user root
Oct 14 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5614]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5708]: Successful su for rubyman by root
Oct 14 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5708]: + ??? root:rubyman
Oct 14 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410748 of user rubyman.
Oct 14 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5708]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410748.
Oct 14 10:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5616]: pam_unix(cron:session): session closed for user root
Oct 14 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2272]: pam_unix(cron:session): session closed for user root
Oct 14 10:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5615]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: Failed password for root from 196.251.71.24 port 58542 ssh2
Oct 14 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: Connection closed by 196.251.71.24 port 58542 [preauth]
Oct 14 10:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4125]: pam_unix(cron:session): session closed for user root
Oct 14 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6130]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6133]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6128]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6211]: Successful su for rubyman by root
Oct 14 10:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6211]: + ??? root:rubyman
Oct 14 10:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410751 of user rubyman.
Oct 14 10:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6211]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410751.
Oct 14 10:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: Invalid user  from 196.251.73.199
Oct 14 10:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: input_userauth_request: invalid user  [preauth]
Oct 14 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2723]: pam_unix(cron:session): session closed for user root
Oct 14 10:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6366]: Connection closed by 196.251.73.199 port 42800 [preauth]
Oct 14 10:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6129]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4676]: pam_unix(cron:session): session closed for user root
Oct 14 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6620]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6607]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6609]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6604]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6753]: Successful su for rubyman by root
Oct 14 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6753]: + ??? root:rubyman
Oct 14 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6753]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410754 of user rubyman.
Oct 14 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6753]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410754.
Oct 14 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3192]: pam_unix(cron:session): session closed for user root
Oct 14 10:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6607]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6963]: Failed password for root from 196.251.71.24 port 34284 ssh2
Oct 14 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6963]: Connection closed by 196.251.71.24 port 34284 [preauth]
Oct 14 10:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5618]: pam_unix(cron:session): session closed for user root
Oct 14 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7231]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7232]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7229]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7298]: Successful su for rubyman by root
Oct 14 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7298]: + ??? root:rubyman
Oct 14 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410758 of user rubyman.
Oct 14 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7298]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410758.
Oct 14 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3659]: pam_unix(cron:session): session closed for user root
Oct 14 10:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7230]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 10:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:104.155.20.12
Oct 14 10:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6133]: pam_unix(cron:session): session closed for user root
Oct 14 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7710]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7708]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7705]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7789]: Successful su for rubyman by root
Oct 14 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7789]: + ??? root:rubyman
Oct 14 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410763 of user rubyman.
Oct 14 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7789]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410763.
Oct 14 10:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4123]: pam_unix(cron:session): session closed for user root
Oct 14 10:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7825]: Failed password for root from 196.251.71.24 port 37198 ssh2
Oct 14 10:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7825]: Connection closed by 196.251.71.24 port 37198 [preauth]
Oct 14 10:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7707]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6620]: pam_unix(cron:session): session closed for user root
Oct 14 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8621]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8620]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8622]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8616]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8622]: pam_unix(cron:session): session closed for user root
Oct 14 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8613]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8697]: Successful su for rubyman by root
Oct 14 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8697]: + ??? root:rubyman
Oct 14 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410768 of user rubyman.
Oct 14 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8697]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410768.
Oct 14 10:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8616]: pam_unix(cron:session): session closed for user root
Oct 14 10:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4675]: pam_unix(cron:session): session closed for user root
Oct 14 10:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8614]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7232]: pam_unix(cron:session): session closed for user root
Oct 14 10:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9301]: Failed password for root from 196.251.71.24 port 36056 ssh2
Oct 14 10:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9301]: Connection closed by 196.251.71.24 port 36056 [preauth]
Oct 14 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9338]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9339]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9336]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9424]: Successful su for rubyman by root
Oct 14 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9424]: + ??? root:rubyman
Oct 14 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410774 of user rubyman.
Oct 14 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9424]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410774.
Oct 14 10:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: Failed password for root from 80.211.129.128 port 55900 ssh2
Oct 14 10:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: Connection closed by 80.211.129.128 port 55900 [preauth]
Oct 14 10:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5617]: pam_unix(cron:session): session closed for user root
Oct 14 10:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9337]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7710]: pam_unix(cron:session): session closed for user root
Oct 14 10:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: Did not receive identification string from 80.211.129.128
Oct 14 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9979]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9978]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9975]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10053]: Successful su for rubyman by root
Oct 14 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10053]: + ??? root:rubyman
Oct 14 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10053]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410776 of user rubyman.
Oct 14 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10053]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410776.
Oct 14 10:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6130]: pam_unix(cron:session): session closed for user root
Oct 14 10:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: Invalid user admin from 2.57.121.25
Oct 14 10:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: input_userauth_request: invalid user admin [preauth]
Oct 14 10:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 10:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: Failed password for invalid user admin from 2.57.121.25 port 15551 ssh2
Oct 14 10:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9976]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: Failed password for invalid user admin from 2.57.121.25 port 15551 ssh2
Oct 14 10:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: Failed password for invalid user admin from 2.57.121.25 port 15551 ssh2
Oct 14 10:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: Failed password for invalid user admin from 2.57.121.25 port 15551 ssh2
Oct 14 10:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: Failed password for invalid user admin from 2.57.121.25 port 15551 ssh2
Oct 14 10:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: Received disconnect from 2.57.121.25 port 15551:11: Bye [preauth]
Oct 14 10:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: Disconnected from 2.57.121.25 port 15551 [preauth]
Oct 14 10:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 10:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10275]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 10:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8621]: pam_unix(cron:session): session closed for user root
Oct 14 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10375]: Failed password for root from 196.251.71.24 port 33008 ssh2
Oct 14 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10375]: Connection closed by 196.251.71.24 port 33008 [preauth]
Oct 14 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10474]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10473]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10471]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10544]: Successful su for rubyman by root
Oct 14 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10544]: + ??? root:rubyman
Oct 14 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410781 of user rubyman.
Oct 14 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10544]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410781.
Oct 14 10:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6609]: pam_unix(cron:session): session closed for user root
Oct 14 10:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10472]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9339]: pam_unix(cron:session): session closed for user root
Oct 14 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10932]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10931]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10929]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10930]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10927]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10929]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11108]: Successful su for rubyman by root
Oct 14 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11108]: + ??? root:rubyman
Oct 14 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410784 of user rubyman.
Oct 14 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11108]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410784.
Oct 14 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10927]: pam_unix(cron:session): session closed for user root
Oct 14 10:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7231]: pam_unix(cron:session): session closed for user root
Oct 14 10:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10930]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: Failed password for root from 196.251.71.24 port 59170 ssh2
Oct 14 10:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: Connection closed by 196.251.71.24 port 59170 [preauth]
Oct 14 10:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9979]: pam_unix(cron:session): session closed for user root
Oct 14 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11498]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11499]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11504]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11500]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11504]: pam_unix(cron:session): session closed for user root
Oct 14 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11496]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11582]: Successful su for rubyman by root
Oct 14 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11582]: + ??? root:rubyman
Oct 14 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410789 of user rubyman.
Oct 14 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11582]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410789.
Oct 14 10:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11498]: pam_unix(cron:session): session closed for user root
Oct 14 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7708]: pam_unix(cron:session): session closed for user root
Oct 14 10:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11497]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10474]: pam_unix(cron:session): session closed for user root
Oct 14 10:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12098]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12099]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12096]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12190]: Successful su for rubyman by root
Oct 14 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12190]: + ??? root:rubyman
Oct 14 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410796 of user rubyman.
Oct 14 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12190]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410796.
Oct 14 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: Failed password for root from 196.251.71.24 port 58042 ssh2
Oct 14 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: Connection closed by 196.251.71.24 port 58042 [preauth]
Oct 14 10:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8620]: pam_unix(cron:session): session closed for user root
Oct 14 10:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12097]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10932]: pam_unix(cron:session): session closed for user root
Oct 14 10:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: Connection reset by 185.185.71.181 port 37362 [preauth]
Oct 14 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12598]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12597]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12592]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12688]: Successful su for rubyman by root
Oct 14 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12688]: + ??? root:rubyman
Oct 14 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410801 of user rubyman.
Oct 14 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12688]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410801.
Oct 14 10:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9338]: pam_unix(cron:session): session closed for user root
Oct 14 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12595]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: Invalid user juergen from 106.37.72.234
Oct 14 10:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: input_userauth_request: invalid user juergen [preauth]
Oct 14 10:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.37.72.234
Oct 14 10:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: Failed password for invalid user juergen from 106.37.72.234 port 60942 ssh2
Oct 14 10:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: Received disconnect from 106.37.72.234 port 60942:11: Bye Bye [preauth]
Oct 14 10:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: Disconnected from 106.37.72.234 port 60942 [preauth]
Oct 14 10:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.249.103.127  user=root
Oct 14 10:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: Failed password for root from 113.249.103.127 port 58710 ssh2
Oct 14 10:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: Received disconnect from 113.249.103.127 port 58710:11: Bye Bye [preauth]
Oct 14 10:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: Disconnected from 113.249.103.127 port 58710 [preauth]
Oct 14 10:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11500]: pam_unix(cron:session): session closed for user root
Oct 14 10:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: Failed password for root from 196.251.71.24 port 53346 ssh2
Oct 14 10:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13048]: Connection closed by 196.251.71.24 port 53346 [preauth]
Oct 14 10:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2  user=root
Oct 14 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13112]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13110]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13109]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13101]: Failed password for root from 27.254.235.2 port 57450 ssh2
Oct 14 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13106]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13101]: Received disconnect from 27.254.235.2 port 57450:11: Bye Bye [preauth]
Oct 14 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13101]: Disconnected from 27.254.235.2 port 57450 [preauth]
Oct 14 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13182]: Successful su for rubyman by root
Oct 14 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13182]: + ??? root:rubyman
Oct 14 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410803 of user rubyman.
Oct 14 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13182]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410803.
Oct 14 10:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9978]: pam_unix(cron:session): session closed for user root
Oct 14 10:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13109]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: Invalid user p from 170.83.166.33
Oct 14 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: input_userauth_request: invalid user p [preauth]
Oct 14 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: Failed password for invalid user p from 170.83.166.33 port 56452 ssh2
Oct 14 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: Received disconnect from 170.83.166.33 port 56452:11: Bye Bye [preauth]
Oct 14 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: Disconnected from 170.83.166.33 port 56452 [preauth]
Oct 14 10:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12099]: pam_unix(cron:session): session closed for user root
Oct 14 10:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13663]: Invalid user neolinux from 103.59.95.142
Oct 14 10:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13663]: input_userauth_request: invalid user neolinux [preauth]
Oct 14 10:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13663]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 10:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13663]: Failed password for invalid user neolinux from 103.59.95.142 port 35632 ssh2
Oct 14 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13663]: Received disconnect from 103.59.95.142 port 35632:11: Bye Bye [preauth]
Oct 14 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13663]: Disconnected from 103.59.95.142 port 35632 [preauth]
Oct 14 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13691]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13690]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13687]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13687]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13780]: Successful su for rubyman by root
Oct 14 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13780]: + ??? root:rubyman
Oct 14 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410807 of user rubyman.
Oct 14 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13780]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410807.
Oct 14 10:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10473]: pam_unix(cron:session): session closed for user root
Oct 14 10:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13688]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: Failed password for root from 196.251.71.24 port 48054 ssh2
Oct 14 10:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: Connection closed by 196.251.71.24 port 48054 [preauth]
Oct 14 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: Invalid user esuser from 209.141.43.77
Oct 14 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: input_userauth_request: invalid user esuser [preauth]
Oct 14 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: Failed password for invalid user esuser from 209.141.43.77 port 58036 ssh2
Oct 14 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: Received disconnect from 209.141.43.77 port 58036:11: Bye Bye [preauth]
Oct 14 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: Disconnected from 209.141.43.77 port 58036 [preauth]
Oct 14 10:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12598]: pam_unix(cron:session): session closed for user root
Oct 14 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14268]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14271]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14270]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14269]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14271]: pam_unix(cron:session): session closed for user root
Oct 14 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14266]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14341]: Successful su for rubyman by root
Oct 14 10:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14341]: + ??? root:rubyman
Oct 14 10:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14341]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410812 of user rubyman.
Oct 14 10:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14341]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410812.
Oct 14 10:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14268]: pam_unix(cron:session): session closed for user root
Oct 14 10:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10931]: pam_unix(cron:session): session closed for user root
Oct 14 10:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14267]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13112]: pam_unix(cron:session): session closed for user root
Oct 14 10:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2  user=root
Oct 14 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14739]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14741]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14735]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: Failed password for root from 27.254.235.2 port 52376 ssh2
Oct 14 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: Received disconnect from 27.254.235.2 port 52376:11: Bye Bye [preauth]
Oct 14 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14721]: Disconnected from 27.254.235.2 port 52376 [preauth]
Oct 14 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14832]: Successful su for rubyman by root
Oct 14 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14832]: + ??? root:rubyman
Oct 14 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410818 of user rubyman.
Oct 14 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14832]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410818.
Oct 14 10:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11499]: pam_unix(cron:session): session closed for user root
Oct 14 10:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14977]: Failed password for root from 196.251.71.24 port 47640 ssh2
Oct 14 10:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15151]: Invalid user sham from 103.59.95.142
Oct 14 10:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15151]: input_userauth_request: invalid user sham [preauth]
Oct 14 10:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15151]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 10:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14977]: Connection closed by 196.251.71.24 port 47640 [preauth]
Oct 14 10:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14736]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15151]: Failed password for invalid user sham from 103.59.95.142 port 51448 ssh2
Oct 14 10:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15151]: Received disconnect from 103.59.95.142 port 51448:11: Bye Bye [preauth]
Oct 14 10:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15151]: Disconnected from 103.59.95.142 port 51448 [preauth]
Oct 14 10:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: Invalid user account from 170.83.166.33
Oct 14 10:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: input_userauth_request: invalid user account [preauth]
Oct 14 10:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: Failed password for invalid user account from 170.83.166.33 port 63134 ssh2
Oct 14 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: Received disconnect from 170.83.166.33 port 63134:11: Bye Bye [preauth]
Oct 14 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: Disconnected from 170.83.166.33 port 63134 [preauth]
Oct 14 10:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13691]: pam_unix(cron:session): session closed for user root
Oct 14 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15337]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15336]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15330]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15409]: Successful su for rubyman by root
Oct 14 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15409]: + ??? root:rubyman
Oct 14 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410821 of user rubyman.
Oct 14 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15409]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410821.
Oct 14 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12098]: pam_unix(cron:session): session closed for user root
Oct 14 10:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77  user=root
Oct 14 10:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: Failed password for root from 209.141.43.77 port 42294 ssh2
Oct 14 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: Received disconnect from 209.141.43.77 port 42294:11: Bye Bye [preauth]
Oct 14 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: Disconnected from 209.141.43.77 port 42294 [preauth]
Oct 14 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15331]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14270]: pam_unix(cron:session): session closed for user root
Oct 14 10:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: Invalid user minecraft from 27.254.235.2
Oct 14 10:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 10:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 10:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: Failed password for invalid user minecraft from 27.254.235.2 port 60030 ssh2
Oct 14 10:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: Received disconnect from 27.254.235.2 port 60030:11: Bye Bye [preauth]
Oct 14 10:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: Disconnected from 27.254.235.2 port 60030 [preauth]
Oct 14 10:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: Invalid user minecraft from 103.59.95.142
Oct 14 10:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 10:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15787]: Failed password for root from 196.251.71.24 port 41816 ssh2
Oct 14 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15806]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15807]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15787]: Connection closed by 196.251.71.24 port 41816 [preauth]
Oct 14 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: Failed password for invalid user minecraft from 103.59.95.142 port 37824 ssh2
Oct 14 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: Received disconnect from 103.59.95.142 port 37824:11: Bye Bye [preauth]
Oct 14 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: Disconnected from 103.59.95.142 port 37824 [preauth]
Oct 14 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15876]: Successful su for rubyman by root
Oct 14 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15876]: + ??? root:rubyman
Oct 14 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410825 of user rubyman.
Oct 14 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15876]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410825.
Oct 14 10:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12597]: pam_unix(cron:session): session closed for user root
Oct 14 10:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33  user=root
Oct 14 10:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: Failed password for root from 170.83.166.33 port 37906 ssh2
Oct 14 10:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: Received disconnect from 170.83.166.33 port 37906:11: Bye Bye [preauth]
Oct 14 10:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: Disconnected from 170.83.166.33 port 37906 [preauth]
Oct 14 10:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15805]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14741]: pam_unix(cron:session): session closed for user root
Oct 14 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16266]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16265]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16263]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16342]: Successful su for rubyman by root
Oct 14 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16342]: + ??? root:rubyman
Oct 14 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410829 of user rubyman.
Oct 14 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16342]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410829.
Oct 14 10:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13110]: pam_unix(cron:session): session closed for user root
Oct 14 10:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16264]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16608]: Invalid user remote from 209.141.43.77
Oct 14 10:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16608]: input_userauth_request: invalid user remote [preauth]
Oct 14 10:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16608]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 10:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16608]: Failed password for invalid user remote from 209.141.43.77 port 46780 ssh2
Oct 14 10:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16608]: Received disconnect from 209.141.43.77 port 46780:11: Bye Bye [preauth]
Oct 14 10:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16608]: Disconnected from 209.141.43.77 port 46780 [preauth]
Oct 14 10:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15337]: pam_unix(cron:session): session closed for user root
Oct 14 10:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: Invalid user ismael from 27.254.235.2
Oct 14 10:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: input_userauth_request: invalid user ismael [preauth]
Oct 14 10:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 10:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: Failed password for invalid user ismael from 27.254.235.2 port 39456 ssh2
Oct 14 10:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: Received disconnect from 27.254.235.2 port 39456:11: Bye Bye [preauth]
Oct 14 10:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: Disconnected from 27.254.235.2 port 39456 [preauth]
Oct 14 10:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16649]: Failed password for root from 196.251.71.24 port 39108 ssh2
Oct 14 10:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16649]: Connection closed by 196.251.71.24 port 39108 [preauth]
Oct 14 10:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: Invalid user ismael from 170.83.166.33
Oct 14 10:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: input_userauth_request: invalid user ismael [preauth]
Oct 14 10:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 10:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Invalid user aa from 103.59.95.142
Oct 14 10:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: input_userauth_request: invalid user aa [preauth]
Oct 14 10:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 10:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: Failed password for invalid user ismael from 170.83.166.33 port 8531 ssh2
Oct 14 10:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Failed password for invalid user aa from 103.59.95.142 port 54720 ssh2
Oct 14 10:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: Received disconnect from 170.83.166.33 port 8531:11: Bye Bye [preauth]
Oct 14 10:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: Disconnected from 170.83.166.33 port 8531 [preauth]
Oct 14 10:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Received disconnect from 103.59.95.142 port 54720:11: Bye Bye [preauth]
Oct 14 10:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Disconnected from 103.59.95.142 port 54720 [preauth]
Oct 14 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16730]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16733]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16731]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16729]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16733]: pam_unix(cron:session): session closed for user root
Oct 14 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16727]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16829]: Successful su for rubyman by root
Oct 14 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16829]: + ??? root:rubyman
Oct 14 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410835 of user rubyman.
Oct 14 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16829]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410835.
Oct 14 10:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16729]: pam_unix(cron:session): session closed for user root
Oct 14 10:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13690]: pam_unix(cron:session): session closed for user root
Oct 14 10:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16728]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: Invalid user testi from 164.68.105.9
Oct 14 10:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: input_userauth_request: invalid user testi [preauth]
Oct 14 10:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 14 10:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: Failed password for invalid user testi from 164.68.105.9 port 45854 ssh2
Oct 14 10:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17097]: Connection closed by 164.68.105.9 port 45854 [preauth]
Oct 14 10:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15807]: pam_unix(cron:session): session closed for user root
Oct 14 10:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77  user=root
Oct 14 10:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: Failed password for root from 209.141.43.77 port 51270 ssh2
Oct 14 10:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: Received disconnect from 209.141.43.77 port 51270:11: Bye Bye [preauth]
Oct 14 10:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: Disconnected from 209.141.43.77 port 51270 [preauth]
Oct 14 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17233]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17235]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17236]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17232]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17232]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17324]: Successful su for rubyman by root
Oct 14 10:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17324]: + ??? root:rubyman
Oct 14 10:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410841 of user rubyman.
Oct 14 10:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17324]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410841.
Oct 14 10:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14269]: pam_unix(cron:session): session closed for user root
Oct 14 10:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17233]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33  user=root
Oct 14 10:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Failed password for root from 170.83.166.33 port 27922 ssh2
Oct 14 10:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Received disconnect from 170.83.166.33 port 27922:11: Bye Bye [preauth]
Oct 14 10:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Disconnected from 170.83.166.33 port 27922 [preauth]
Oct 14 10:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17559]: Failed password for root from 196.251.71.24 port 33192 ssh2
Oct 14 10:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17559]: Connection closed by 196.251.71.24 port 33192 [preauth]
Oct 14 10:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: Invalid user esuser from 103.59.95.142
Oct 14 10:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: input_userauth_request: invalid user esuser [preauth]
Oct 14 10:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 10:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: Invalid user esuser from 27.254.235.2
Oct 14 10:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: input_userauth_request: invalid user esuser [preauth]
Oct 14 10:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16266]: pam_unix(cron:session): session closed for user root
Oct 14 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: Failed password for invalid user esuser from 103.59.95.142 port 48606 ssh2
Oct 14 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17601]: Invalid user user from 183.91.2.158
Oct 14 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17601]: input_userauth_request: invalid user user [preauth]
Oct 14 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17601]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.91.2.158
Oct 14 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: Received disconnect from 103.59.95.142 port 48606:11: Bye Bye [preauth]
Oct 14 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: Disconnected from 103.59.95.142 port 48606 [preauth]
Oct 14 10:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: Failed password for invalid user esuser from 27.254.235.2 port 47116 ssh2
Oct 14 10:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: Received disconnect from 27.254.235.2 port 47116:11: Bye Bye [preauth]
Oct 14 10:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: Disconnected from 27.254.235.2 port 47116 [preauth]
Oct 14 10:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17601]: Failed password for invalid user user from 183.91.2.158 port 7844 ssh2
Oct 14 10:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17601]: Connection closed by 183.91.2.158 port 7844 [preauth]
Oct 14 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17734]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17733]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17730]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17866]: Successful su for rubyman by root
Oct 14 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17866]: + ??? root:rubyman
Oct 14 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410843 of user rubyman.
Oct 14 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17866]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410843.
Oct 14 10:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: Invalid user minecraft from 209.141.43.77
Oct 14 10:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 10:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 10:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: Failed password for invalid user minecraft from 209.141.43.77 port 55752 ssh2
Oct 14 10:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: Received disconnect from 209.141.43.77 port 55752:11: Bye Bye [preauth]
Oct 14 10:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17993]: Disconnected from 209.141.43.77 port 55752 [preauth]
Oct 14 10:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14739]: pam_unix(cron:session): session closed for user root
Oct 14 10:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17731]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16731]: pam_unix(cron:session): session closed for user root
Oct 14 10:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: Invalid user remote from 170.83.166.33
Oct 14 10:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: input_userauth_request: invalid user remote [preauth]
Oct 14 10:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 10:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: Failed password for invalid user remote from 170.83.166.33 port 21951 ssh2
Oct 14 10:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: Received disconnect from 170.83.166.33 port 21951:11: Bye Bye [preauth]
Oct 14 10:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: Disconnected from 170.83.166.33 port 21951 [preauth]
Oct 14 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18490]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18488]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18486]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18485]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18485]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18576]: Successful su for rubyman by root
Oct 14 10:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18576]: + ??? root:rubyman
Oct 14 10:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410849 of user rubyman.
Oct 14 10:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18576]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410849.
Oct 14 10:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15336]: pam_unix(cron:session): session closed for user root
Oct 14 10:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: Failed password for root from 196.251.71.24 port 58140 ssh2
Oct 14 10:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18560]: Connection closed by 196.251.71.24 port 58140 [preauth]
Oct 14 10:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18486]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142  user=root
Oct 14 10:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18845]: Invalid user account from 209.141.43.77
Oct 14 10:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18845]: input_userauth_request: invalid user account [preauth]
Oct 14 10:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18845]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 10:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: Failed password for root from 103.59.95.142 port 59550 ssh2
Oct 14 10:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: Received disconnect from 103.59.95.142 port 59550:11: Bye Bye [preauth]
Oct 14 10:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: Disconnected from 103.59.95.142 port 59550 [preauth]
Oct 14 10:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18845]: Failed password for invalid user account from 209.141.43.77 port 60226 ssh2
Oct 14 10:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18845]: Received disconnect from 209.141.43.77 port 60226:11: Bye Bye [preauth]
Oct 14 10:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18845]: Disconnected from 209.141.43.77 port 60226 [preauth]
Oct 14 10:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: Invalid user zs from 27.254.235.2
Oct 14 10:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: input_userauth_request: invalid user zs [preauth]
Oct 14 10:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 10:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: Failed password for invalid user zs from 27.254.235.2 port 54778 ssh2
Oct 14 10:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: Received disconnect from 27.254.235.2 port 54778:11: Bye Bye [preauth]
Oct 14 10:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: Disconnected from 27.254.235.2 port 54778 [preauth]
Oct 14 10:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17236]: pam_unix(cron:session): session closed for user root
Oct 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19102]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19101]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19104]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19100]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19179]: Successful su for rubyman by root
Oct 14 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19179]: + ??? root:rubyman
Oct 14 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410851 of user rubyman.
Oct 14 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19179]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410851.
Oct 14 10:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15806]: pam_unix(cron:session): session closed for user root
Oct 14 10:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19101]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19745]: Invalid user vikas from 170.83.166.33
Oct 14 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19745]: input_userauth_request: invalid user vikas [preauth]
Oct 14 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19745]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 10:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19745]: Failed password for invalid user vikas from 170.83.166.33 port 57107 ssh2
Oct 14 10:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19745]: Received disconnect from 170.83.166.33 port 57107:11: Bye Bye [preauth]
Oct 14 10:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19745]: Disconnected from 170.83.166.33 port 57107 [preauth]
Oct 14 10:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17734]: pam_unix(cron:session): session closed for user root
Oct 14 10:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19845]: Invalid user ismael from 209.141.43.77
Oct 14 10:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19845]: input_userauth_request: invalid user ismael [preauth]
Oct 14 10:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19845]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 10:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19845]: Failed password for invalid user ismael from 209.141.43.77 port 36468 ssh2
Oct 14 10:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19845]: Received disconnect from 209.141.43.77 port 36468:11: Bye Bye [preauth]
Oct 14 10:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19845]: Disconnected from 209.141.43.77 port 36468 [preauth]
Oct 14 10:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: Failed password for root from 196.251.71.24 port 53682 ssh2
Oct 14 10:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: Connection closed by 196.251.71.24 port 53682 [preauth]
Oct 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19940]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19936]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19935]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19938]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19932]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19940]: pam_unix(cron:session): session closed for user root
Oct 14 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19932]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20025]: Successful su for rubyman by root
Oct 14 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20025]: + ??? root:rubyman
Oct 14 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410858 of user rubyman.
Oct 14 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20025]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410858.
Oct 14 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142  user=root
Oct 14 10:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: Failed password for root from 103.59.95.142 port 42114 ssh2
Oct 14 10:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: Received disconnect from 103.59.95.142 port 42114:11: Bye Bye [preauth]
Oct 14 10:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: Disconnected from 103.59.95.142 port 42114 [preauth]
Oct 14 10:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19935]: pam_unix(cron:session): session closed for user root
Oct 14 10:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16265]: pam_unix(cron:session): session closed for user root
Oct 14 10:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19934]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: Invalid user user001 from 27.254.235.2
Oct 14 10:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: input_userauth_request: invalid user user001 [preauth]
Oct 14 10:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 10:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: Failed password for invalid user user001 from 27.254.235.2 port 34198 ssh2
Oct 14 10:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: Received disconnect from 27.254.235.2 port 34198:11: Bye Bye [preauth]
Oct 14 10:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20347]: Disconnected from 27.254.235.2 port 34198 [preauth]
Oct 14 10:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18490]: pam_unix(cron:session): session closed for user root
Oct 14 10:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20474]: Invalid user aline from 209.141.43.77
Oct 14 10:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20474]: input_userauth_request: invalid user aline [preauth]
Oct 14 10:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20474]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 10:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20474]: Failed password for invalid user aline from 209.141.43.77 port 40942 ssh2
Oct 14 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20474]: Received disconnect from 209.141.43.77 port 40942:11: Bye Bye [preauth]
Oct 14 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20474]: Disconnected from 209.141.43.77 port 40942 [preauth]
Oct 14 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: Invalid user gns3 from 170.83.166.33
Oct 14 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: input_userauth_request: invalid user gns3 [preauth]
Oct 14 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20497]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20493]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20573]: Successful su for rubyman by root
Oct 14 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20573]: + ??? root:rubyman
Oct 14 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410861 of user rubyman.
Oct 14 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20573]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410861.
Oct 14 10:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: Failed password for invalid user gns3 from 170.83.166.33 port 36731 ssh2
Oct 14 10:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: Received disconnect from 170.83.166.33 port 36731:11: Bye Bye [preauth]
Oct 14 10:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: Disconnected from 170.83.166.33 port 36731 [preauth]
Oct 14 10:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16730]: pam_unix(cron:session): session closed for user root
Oct 14 10:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20494]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20843]: Failed password for root from 196.251.71.24 port 49994 ssh2
Oct 14 10:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20843]: Connection closed by 196.251.71.24 port 49994 [preauth]
Oct 14 10:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19104]: pam_unix(cron:session): session closed for user root
Oct 14 10:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142  user=root
Oct 14 10:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: Failed password for root from 103.59.95.142 port 52010 ssh2
Oct 14 10:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: Received disconnect from 103.59.95.142 port 52010:11: Bye Bye [preauth]
Oct 14 10:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: Disconnected from 103.59.95.142 port 52010 [preauth]
Oct 14 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20973]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20971]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20968]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21046]: Successful su for rubyman by root
Oct 14 10:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21046]: + ??? root:rubyman
Oct 14 10:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21046]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410865 of user rubyman.
Oct 14 10:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21046]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410865.
Oct 14 10:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17235]: pam_unix(cron:session): session closed for user root
Oct 14 10:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: Invalid user p from 27.254.235.2
Oct 14 10:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: input_userauth_request: invalid user p [preauth]
Oct 14 10:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 10:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: Failed password for invalid user p from 27.254.235.2 port 41856 ssh2
Oct 14 10:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: Received disconnect from 27.254.235.2 port 41856:11: Bye Bye [preauth]
Oct 14 10:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: Disconnected from 27.254.235.2 port 41856 [preauth]
Oct 14 10:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: Invalid user gns3 from 209.141.43.77
Oct 14 10:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: input_userauth_request: invalid user gns3 [preauth]
Oct 14 10:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 10:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20970]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: Failed password for invalid user gns3 from 209.141.43.77 port 45416 ssh2
Oct 14 10:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: Received disconnect from 209.141.43.77 port 45416:11: Bye Bye [preauth]
Oct 14 10:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: Disconnected from 209.141.43.77 port 45416 [preauth]
Oct 14 10:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21393]: Invalid user user001 from 170.83.166.33
Oct 14 10:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21393]: input_userauth_request: invalid user user001 [preauth]
Oct 14 10:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21393]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 10:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21393]: Failed password for invalid user user001 from 170.83.166.33 port 6011 ssh2
Oct 14 10:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21393]: Received disconnect from 170.83.166.33 port 6011:11: Bye Bye [preauth]
Oct 14 10:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21393]: Disconnected from 170.83.166.33 port 6011 [preauth]
Oct 14 10:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19938]: pam_unix(cron:session): session closed for user root
Oct 14 10:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 14 10:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Failed password for root from 164.68.105.9 port 60516 ssh2
Oct 14 10:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Connection closed by 164.68.105.9 port 60516 [preauth]
Oct 14 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21488]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21489]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21486]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21566]: Successful su for rubyman by root
Oct 14 10:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21566]: + ??? root:rubyman
Oct 14 10:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410871 of user rubyman.
Oct 14 10:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21566]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410871.
Oct 14 10:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17733]: pam_unix(cron:session): session closed for user root
Oct 14 10:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21648]: Failed password for root from 196.251.71.24 port 44702 ssh2
Oct 14 10:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21648]: Connection closed by 196.251.71.24 port 44702 [preauth]
Oct 14 10:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21487]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21874]: Invalid user ftpuser from 209.141.43.77
Oct 14 10:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21874]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 10:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21874]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 10:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21874]: Failed password for invalid user ftpuser from 209.141.43.77 port 49890 ssh2
Oct 14 10:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21874]: Received disconnect from 209.141.43.77 port 49890:11: Bye Bye [preauth]
Oct 14 10:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21874]: Disconnected from 209.141.43.77 port 49890 [preauth]
Oct 14 10:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20497]: pam_unix(cron:session): session closed for user root
Oct 14 10:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21909]: Invalid user user from 103.59.95.142
Oct 14 10:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21909]: input_userauth_request: invalid user user [preauth]
Oct 14 10:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21909]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 10:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21909]: Failed password for invalid user user from 103.59.95.142 port 36832 ssh2
Oct 14 10:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21909]: Received disconnect from 103.59.95.142 port 36832:11: Bye Bye [preauth]
Oct 14 10:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21909]: Disconnected from 103.59.95.142 port 36832 [preauth]
Oct 14 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21964]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21966]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21962]: pam_unix(cron:session): session closed for user p13x
Oct 14 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22040]: Successful su for rubyman by root
Oct 14 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22040]: + ??? root:rubyman
Oct 14 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410873 of user rubyman.
Oct 14 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22040]: pam_unix(su:session): session closed for user rubyman
Oct 14 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410873.
Oct 14 10:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22115]: Invalid user sham from 27.254.235.2
Oct 14 10:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22115]: input_userauth_request: invalid user sham [preauth]
Oct 14 10:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22115]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 10:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22115]: Failed password for invalid user sham from 27.254.235.2 port 49514 ssh2
Oct 14 10:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22115]: Received disconnect from 27.254.235.2 port 49514:11: Bye Bye [preauth]
Oct 14 10:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22115]: Disconnected from 27.254.235.2 port 49514 [preauth]
Oct 14 10:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18488]: pam_unix(cron:session): session closed for user root
Oct 14 10:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33  user=root
Oct 14 10:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Failed password for root from 170.83.166.33 port 7570 ssh2
Oct 14 10:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Received disconnect from 170.83.166.33 port 7570:11: Bye Bye [preauth]
Oct 14 10:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Disconnected from 170.83.166.33 port 7570 [preauth]
Oct 14 10:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21963]: pam_unix(cron:session): session closed for user samftp
Oct 14 10:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20973]: pam_unix(cron:session): session closed for user root
Oct 14 10:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 10:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22456]: Invalid user user from 209.141.43.77
Oct 14 10:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22456]: input_userauth_request: invalid user user [preauth]
Oct 14 10:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22456]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 10:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 10:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.71.24  user=root
Oct 14 10:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22456]: Failed password for invalid user user from 209.141.43.77 port 54364 ssh2
Oct 14 10:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22456]: Received disconnect from 209.141.43.77 port 54364:11: Bye Bye [preauth]
Oct 14 10:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22456]: Disconnected from 209.141.43.77 port 54364 [preauth]
Oct 14 10:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: Failed password for root from 196.251.71.24 port 39034 ssh2
Oct 14 10:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: Connection closed by 196.251.71.24 port 39034 [preauth]
Oct 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22485]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22482]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22483]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22481]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22480]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22485]: pam_unix(cron:session): session closed for user root
Oct 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22480]: pam_unix(cron:session): session closed for user root
Oct 14 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22478]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[22601]: Successful su for rubyman by root
Oct 14 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[22601]: + ??? root:rubyman
Oct 14 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[22601]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410882 of user rubyman.
Oct 14 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[22601]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410882.
Oct 14 11:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19102]: pam_unix(cron:session): session closed for user root
Oct 14 11:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22481]: pam_unix(cron:session): session closed for user root
Oct 14 11:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22479]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142  user=root
Oct 14 11:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: Failed password for root from 103.59.95.142 port 36168 ssh2
Oct 14 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 14 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: Received disconnect from 103.59.95.142 port 36168:11: Bye Bye [preauth]
Oct 14 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: Disconnected from 103.59.95.142 port 36168 [preauth]
Oct 14 11:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: Failed password for root from 164.68.105.9 port 42140 ssh2
Oct 14 11:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: Connection closed by 164.68.105.9 port 42140 [preauth]
Oct 14 11:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21489]: pam_unix(cron:session): session closed for user root
Oct 14 11:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: Invalid user admin from 170.83.166.33
Oct 14 11:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: input_userauth_request: invalid user admin [preauth]
Oct 14 11:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: Failed password for invalid user admin from 170.83.166.33 port 11728 ssh2
Oct 14 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: Received disconnect from 170.83.166.33 port 11728:11: Bye Bye [preauth]
Oct 14 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: Disconnected from 170.83.166.33 port 11728 [preauth]
Oct 14 11:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Invalid user admin from 27.254.235.2
Oct 14 11:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: input_userauth_request: invalid user admin [preauth]
Oct 14 11:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 11:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Failed password for invalid user admin from 27.254.235.2 port 57172 ssh2
Oct 14 11:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Received disconnect from 27.254.235.2 port 57172:11: Bye Bye [preauth]
Oct 14 11:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Disconnected from 27.254.235.2 port 57172 [preauth]
Oct 14 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23779]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23778]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23776]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23859]: Successful su for rubyman by root
Oct 14 11:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23859]: + ??? root:rubyman
Oct 14 11:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410884 of user rubyman.
Oct 14 11:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23859]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410884.
Oct 14 11:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19936]: pam_unix(cron:session): session closed for user root
Oct 14 11:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77  user=root
Oct 14 11:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24088]: Failed password for root from 209.141.43.77 port 58858 ssh2
Oct 14 11:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24088]: Received disconnect from 209.141.43.77 port 58858:11: Bye Bye [preauth]
Oct 14 11:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24088]: Disconnected from 209.141.43.77 port 58858 [preauth]
Oct 14 11:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23777]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21966]: pam_unix(cron:session): session closed for user root
Oct 14 11:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: Invalid user user from 62.60.131.157
Oct 14 11:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: input_userauth_request: invalid user user [preauth]
Oct 14 11:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: Failed password for invalid user user from 62.60.131.157 port 41763 ssh2
Oct 14 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: Failed password for invalid user user from 62.60.131.157 port 41763 ssh2
Oct 14 11:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: Failed password for invalid user user from 62.60.131.157 port 41763 ssh2
Oct 14 11:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: Failed password for invalid user user from 62.60.131.157 port 41763 ssh2
Oct 14 11:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: Failed password for invalid user user from 62.60.131.157 port 41763 ssh2
Oct 14 11:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: Received disconnect from 62.60.131.157 port 41763:11: Bye [preauth]
Oct 14 11:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: Disconnected from 62.60.131.157 port 41763 [preauth]
Oct 14 11:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 11:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24241]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24294]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24292]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24291]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24290]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24379]: Successful su for rubyman by root
Oct 14 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24379]: + ??? root:rubyman
Oct 14 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410888 of user rubyman.
Oct 14 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24379]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410888.
Oct 14 11:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session closed for user root
Oct 14 11:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24561]: Connection closed by 113.249.103.127 port 33454 [preauth]
Oct 14 11:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24291]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Invalid user esuser from 170.83.166.33
Oct 14 11:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: input_userauth_request: invalid user esuser [preauth]
Oct 14 11:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 11:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Failed password for invalid user esuser from 170.83.166.33 port 51267 ssh2
Oct 14 11:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Received disconnect from 170.83.166.33 port 51267:11: Bye Bye [preauth]
Oct 14 11:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24691]: Disconnected from 170.83.166.33 port 51267 [preauth]
Oct 14 11:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22483]: pam_unix(cron:session): session closed for user root
Oct 14 11:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: Invalid user hadoop from 27.254.235.2
Oct 14 11:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 11:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 11:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: Failed password for invalid user hadoop from 27.254.235.2 port 36604 ssh2
Oct 14 11:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: Received disconnect from 27.254.235.2 port 36604:11: Bye Bye [preauth]
Oct 14 11:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: Disconnected from 27.254.235.2 port 36604 [preauth]
Oct 14 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24810]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24811]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24808]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24875]: Successful su for rubyman by root
Oct 14 11:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24875]: + ??? root:rubyman
Oct 14 11:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410894 of user rubyman.
Oct 14 11:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24875]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410894.
Oct 14 11:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20971]: pam_unix(cron:session): session closed for user root
Oct 14 11:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 14 11:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: Failed password for root from 62.60.131.157 port 63099 ssh2
Oct 14 11:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: message repeated 2 times: [ Failed password for root from 62.60.131.157 port 63099 ssh2]
Oct 14 11:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24809]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: Failed password for root from 62.60.131.157 port 63099 ssh2
Oct 14 11:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: Invalid user gns3 from 103.59.95.142
Oct 14 11:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: input_userauth_request: invalid user gns3 [preauth]
Oct 14 11:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 11:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: Failed password for root from 62.60.131.157 port 63099 ssh2
Oct 14 11:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: Received disconnect from 62.60.131.157 port 63099:11: Bye [preauth]
Oct 14 11:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: Disconnected from 62.60.131.157 port 63099 [preauth]
Oct 14 11:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 14 11:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 11:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: Failed password for invalid user gns3 from 103.59.95.142 port 33256 ssh2
Oct 14 11:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: Received disconnect from 103.59.95.142 port 33256:11: Bye Bye [preauth]
Oct 14 11:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25150]: Disconnected from 103.59.95.142 port 33256 [preauth]
Oct 14 11:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: Invalid user hadoop from 209.141.43.77
Oct 14 11:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 11:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 11:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: Failed password for invalid user hadoop from 209.141.43.77 port 35108 ssh2
Oct 14 11:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: Received disconnect from 209.141.43.77 port 35108:11: Bye Bye [preauth]
Oct 14 11:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25172]: Disconnected from 209.141.43.77 port 35108 [preauth]
Oct 14 11:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23779]: pam_unix(cron:session): session closed for user root
Oct 14 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25527]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25529]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25598]: Successful su for rubyman by root
Oct 14 11:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25598]: + ??? root:rubyman
Oct 14 11:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25598]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410899 of user rubyman.
Oct 14 11:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25598]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410899.
Oct 14 11:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33  user=root
Oct 14 11:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25684]: Failed password for root from 170.83.166.33 port 42240 ssh2
Oct 14 11:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25684]: Received disconnect from 170.83.166.33 port 42240:11: Bye Bye [preauth]
Oct 14 11:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25684]: Disconnected from 170.83.166.33 port 42240 [preauth]
Oct 14 11:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21488]: pam_unix(cron:session): session closed for user root
Oct 14 11:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25526]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24294]: pam_unix(cron:session): session closed for user root
Oct 14 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26035]: Invalid user raymond from 209.141.43.77
Oct 14 11:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26035]: input_userauth_request: invalid user raymond [preauth]
Oct 14 11:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26035]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 11:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26035]: Failed password for invalid user raymond from 209.141.43.77 port 39582 ssh2
Oct 14 11:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26035]: Received disconnect from 209.141.43.77 port 39582:11: Bye Bye [preauth]
Oct 14 11:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26035]: Disconnected from 209.141.43.77 port 39582 [preauth]
Oct 14 11:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26059]: Invalid user remote from 27.254.235.2
Oct 14 11:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26059]: input_userauth_request: invalid user remote [preauth]
Oct 14 11:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26059]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 11:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26059]: Failed password for invalid user remote from 27.254.235.2 port 44268 ssh2
Oct 14 11:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26059]: Received disconnect from 27.254.235.2 port 44268:11: Bye Bye [preauth]
Oct 14 11:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26059]: Disconnected from 27.254.235.2 port 44268 [preauth]
Oct 14 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26086]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26087]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26084]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26088]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26082]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26081]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26088]: pam_unix(cron:session): session closed for user root
Oct 14 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26081]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26169]: Successful su for rubyman by root
Oct 14 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26169]: + ??? root:rubyman
Oct 14 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26169]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410901 of user rubyman.
Oct 14 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26169]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410901.
Oct 14 11:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: Invalid user ftpuser from 103.59.95.142
Oct 14 11:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 11:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 11:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26084]: pam_unix(cron:session): session closed for user root
Oct 14 11:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: Failed password for invalid user ftpuser from 103.59.95.142 port 44148 ssh2
Oct 14 11:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: Received disconnect from 103.59.95.142 port 44148:11: Bye Bye [preauth]
Oct 14 11:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26275]: Disconnected from 103.59.95.142 port 44148 [preauth]
Oct 14 11:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21964]: pam_unix(cron:session): session closed for user root
Oct 14 11:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: Invalid user tcadmin from 20.163.71.109
Oct 14 11:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: input_userauth_request: invalid user tcadmin [preauth]
Oct 14 11:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 11:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: Failed password for invalid user tcadmin from 20.163.71.109 port 58718 ssh2
Oct 14 11:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26497]: Connection closed by 20.163.71.109 port 58718 [preauth]
Oct 14 11:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26082]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24811]: pam_unix(cron:session): session closed for user root
Oct 14 11:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33  user=root
Oct 14 11:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: Failed password for root from 170.83.166.33 port 63146 ssh2
Oct 14 11:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: Received disconnect from 170.83.166.33 port 63146:11: Bye Bye [preauth]
Oct 14 11:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: Disconnected from 170.83.166.33 port 63146 [preauth]
Oct 14 11:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: Invalid user mir from 209.141.43.77
Oct 14 11:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: input_userauth_request: invalid user mir [preauth]
Oct 14 11:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26710]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26714]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26704]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: Failed password for invalid user mir from 209.141.43.77 port 44058 ssh2
Oct 14 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: Received disconnect from 209.141.43.77 port 44058:11: Bye Bye [preauth]
Oct 14 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: Disconnected from 209.141.43.77 port 44058 [preauth]
Oct 14 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26821]: Successful su for rubyman by root
Oct 14 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26821]: + ??? root:rubyman
Oct 14 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410906 of user rubyman.
Oct 14 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26821]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410906.
Oct 14 11:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22482]: pam_unix(cron:session): session closed for user root
Oct 14 11:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: Did not receive identification string from 80.211.129.128
Oct 14 11:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26705]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25529]: pam_unix(cron:session): session closed for user root
Oct 14 11:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: Invalid user account from 27.254.235.2
Oct 14 11:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: input_userauth_request: invalid user account [preauth]
Oct 14 11:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 11:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: Failed password for invalid user account from 27.254.235.2 port 51926 ssh2
Oct 14 11:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: Received disconnect from 27.254.235.2 port 51926:11: Bye Bye [preauth]
Oct 14 11:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: Disconnected from 27.254.235.2 port 51926 [preauth]
Oct 14 11:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: Invalid user sara from 103.59.95.142
Oct 14 11:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: input_userauth_request: invalid user sara [preauth]
Oct 14 11:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 11:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: Failed password for invalid user sara from 103.59.95.142 port 34556 ssh2
Oct 14 11:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: Received disconnect from 103.59.95.142 port 34556:11: Bye Bye [preauth]
Oct 14 11:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27389]: Disconnected from 103.59.95.142 port 34556 [preauth]
Oct 14 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27409]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27410]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27406]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27503]: Successful su for rubyman by root
Oct 14 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27503]: + ??? root:rubyman
Oct 14 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410910 of user rubyman.
Oct 14 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27503]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410910.
Oct 14 11:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23778]: pam_unix(cron:session): session closed for user root
Oct 14 11:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: Invalid user steam from 170.83.166.33
Oct 14 11:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: input_userauth_request: invalid user steam [preauth]
Oct 14 11:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 11:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: Failed password for invalid user steam from 170.83.166.33 port 7506 ssh2
Oct 14 11:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: Received disconnect from 170.83.166.33 port 7506:11: Bye Bye [preauth]
Oct 14 11:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: Disconnected from 170.83.166.33 port 7506 [preauth]
Oct 14 11:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28023]: Invalid user vikas from 209.141.43.77
Oct 14 11:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28023]: input_userauth_request: invalid user vikas [preauth]
Oct 14 11:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28023]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 11:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27407]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28023]: Failed password for invalid user vikas from 209.141.43.77 port 48532 ssh2
Oct 14 11:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28023]: Received disconnect from 209.141.43.77 port 48532:11: Bye Bye [preauth]
Oct 14 11:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28023]: Disconnected from 209.141.43.77 port 48532 [preauth]
Oct 14 11:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26087]: pam_unix(cron:session): session closed for user root
Oct 14 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28192]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28193]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28190]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28254]: Successful su for rubyman by root
Oct 14 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28254]: + ??? root:rubyman
Oct 14 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410914 of user rubyman.
Oct 14 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28254]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410914.
Oct 14 11:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24292]: pam_unix(cron:session): session closed for user root
Oct 14 11:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28191]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Invalid user sara from 27.254.235.2
Oct 14 11:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: input_userauth_request: invalid user sara [preauth]
Oct 14 11:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 11:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Failed password for invalid user sara from 27.254.235.2 port 59580 ssh2
Oct 14 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Received disconnect from 27.254.235.2 port 59580:11: Bye Bye [preauth]
Oct 14 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Disconnected from 27.254.235.2 port 59580 [preauth]
Oct 14 11:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: Invalid user sara from 209.141.43.77
Oct 14 11:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: input_userauth_request: invalid user sara [preauth]
Oct 14 11:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 11:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Invalid user remote from 103.59.95.142
Oct 14 11:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: input_userauth_request: invalid user remote [preauth]
Oct 14 11:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 11:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26714]: pam_unix(cron:session): session closed for user root
Oct 14 11:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: Failed password for invalid user sara from 209.141.43.77 port 53008 ssh2
Oct 14 11:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: Received disconnect from 209.141.43.77 port 53008:11: Bye Bye [preauth]
Oct 14 11:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: Disconnected from 209.141.43.77 port 53008 [preauth]
Oct 14 11:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Failed password for invalid user remote from 103.59.95.142 port 59918 ssh2
Oct 14 11:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Received disconnect from 103.59.95.142 port 59918:11: Bye Bye [preauth]
Oct 14 11:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Disconnected from 103.59.95.142 port 59918 [preauth]
Oct 14 11:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: Invalid user sham from 170.83.166.33
Oct 14 11:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: input_userauth_request: invalid user sham [preauth]
Oct 14 11:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 11:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: Failed password for invalid user sham from 170.83.166.33 port 15120 ssh2
Oct 14 11:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: Received disconnect from 170.83.166.33 port 15120:11: Bye Bye [preauth]
Oct 14 11:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: Disconnected from 170.83.166.33 port 15120 [preauth]
Oct 14 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29000]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28992]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29001]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28994]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29216]: Successful su for rubyman by root
Oct 14 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29216]: + ??? root:rubyman
Oct 14 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410921 of user rubyman.
Oct 14 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[29216]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410921.
Oct 14 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28992]: pam_unix(cron:session): session closed for user root
Oct 14 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24810]: pam_unix(cron:session): session closed for user root
Oct 14 11:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28999]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27410]: pam_unix(cron:session): session closed for user root
Oct 14 11:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77  user=root
Oct 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29635]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29635]: pam_unix(cron:session): session closed for user root
Oct 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29629]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29615]: Failed password for root from 209.141.43.77 port 57498 ssh2
Oct 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29615]: Received disconnect from 209.141.43.77 port 57498:11: Bye Bye [preauth]
Oct 14 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29615]: Disconnected from 209.141.43.77 port 57498 [preauth]
Oct 14 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29718]: Successful su for rubyman by root
Oct 14 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29718]: + ??? root:rubyman
Oct 14 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29718]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410924 of user rubyman.
Oct 14 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29718]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410924.
Oct 14 11:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session closed for user root
Oct 14 11:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25527]: pam_unix(cron:session): session closed for user root
Oct 14 11:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: Invalid user hadoop from 170.83.166.33
Oct 14 11:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 11:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 11:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: Failed password for invalid user hadoop from 170.83.166.33 port 42438 ssh2
Oct 14 11:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: Received disconnect from 170.83.166.33 port 42438:11: Bye Bye [preauth]
Oct 14 11:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: Disconnected from 170.83.166.33 port 42438 [preauth]
Oct 14 11:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: Invalid user steam from 27.254.235.2
Oct 14 11:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: input_userauth_request: invalid user steam [preauth]
Oct 14 11:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 11:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: Failed password for invalid user steam from 27.254.235.2 port 39008 ssh2
Oct 14 11:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: Received disconnect from 27.254.235.2 port 39008:11: Bye Bye [preauth]
Oct 14 11:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: Disconnected from 27.254.235.2 port 39008 [preauth]
Oct 14 11:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30045]: Invalid user vikas from 103.59.95.142
Oct 14 11:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30045]: input_userauth_request: invalid user vikas [preauth]
Oct 14 11:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30045]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 11:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30045]: Failed password for invalid user vikas from 103.59.95.142 port 48380 ssh2
Oct 14 11:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30045]: Received disconnect from 103.59.95.142 port 48380:11: Bye Bye [preauth]
Oct 14 11:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30045]: Disconnected from 103.59.95.142 port 48380 [preauth]
Oct 14 11:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28193]: pam_unix(cron:session): session closed for user root
Oct 14 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30186]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30185]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30182]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30279]: Successful su for rubyman by root
Oct 14 11:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30279]: + ??? root:rubyman
Oct 14 11:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410930 of user rubyman.
Oct 14 11:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30279]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410930.
Oct 14 11:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26086]: pam_unix(cron:session): session closed for user root
Oct 14 11:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30184]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: Invalid user neolinux from 209.141.43.77
Oct 14 11:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: input_userauth_request: invalid user neolinux [preauth]
Oct 14 11:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 11:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: Failed password for invalid user neolinux from 209.141.43.77 port 33750 ssh2
Oct 14 11:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: Received disconnect from 209.141.43.77 port 33750:11: Bye Bye [preauth]
Oct 14 11:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: Disconnected from 209.141.43.77 port 33750 [preauth]
Oct 14 11:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29001]: pam_unix(cron:session): session closed for user root
Oct 14 11:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30764]: Invalid user fa from 170.83.166.33
Oct 14 11:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30764]: input_userauth_request: invalid user fa [preauth]
Oct 14 11:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30764]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 11:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30764]: Failed password for invalid user fa from 170.83.166.33 port 15063 ssh2
Oct 14 11:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30764]: Received disconnect from 170.83.166.33 port 15063:11: Bye Bye [preauth]
Oct 14 11:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30764]: Disconnected from 170.83.166.33 port 15063 [preauth]
Oct 14 11:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: Connection closed by 113.249.103.127 port 35720 [preauth]
Oct 14 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30782]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30781]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30777]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30848]: Successful su for rubyman by root
Oct 14 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30848]: + ??? root:rubyman
Oct 14 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410933 of user rubyman.
Oct 14 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30848]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410933.
Oct 14 11:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26710]: pam_unix(cron:session): session closed for user root
Oct 14 11:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: Invalid user fa from 103.59.95.142
Oct 14 11:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: input_userauth_request: invalid user fa [preauth]
Oct 14 11:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 11:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: Failed password for invalid user fa from 103.59.95.142 port 55646 ssh2
Oct 14 11:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: Received disconnect from 103.59.95.142 port 55646:11: Bye Bye [preauth]
Oct 14 11:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: Disconnected from 103.59.95.142 port 55646 [preauth]
Oct 14 11:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2  user=root
Oct 14 11:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31061]: Failed password for root from 27.254.235.2 port 46666 ssh2
Oct 14 11:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31061]: Received disconnect from 27.254.235.2 port 46666:11: Bye Bye [preauth]
Oct 14 11:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31061]: Disconnected from 27.254.235.2 port 46666 [preauth]
Oct 14 11:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30778]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77  user=root
Oct 14 11:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31175]: Failed password for root from 209.141.43.77 port 38242 ssh2
Oct 14 11:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31175]: Received disconnect from 209.141.43.77 port 38242:11: Bye Bye [preauth]
Oct 14 11:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31175]: Disconnected from 209.141.43.77 port 38242 [preauth]
Oct 14 11:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session closed for user root
Oct 14 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31267]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31269]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31265]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31339]: Successful su for rubyman by root
Oct 14 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31339]: + ??? root:rubyman
Oct 14 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31339]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410938 of user rubyman.
Oct 14 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31339]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410938.
Oct 14 11:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27409]: pam_unix(cron:session): session closed for user root
Oct 14 11:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31266]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33  user=root
Oct 14 11:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: Failed password for root from 170.83.166.33 port 63336 ssh2
Oct 14 11:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: Received disconnect from 170.83.166.33 port 63336:11: Bye Bye [preauth]
Oct 14 11:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: Disconnected from 170.83.166.33 port 63336 [preauth]
Oct 14 11:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30186]: pam_unix(cron:session): session closed for user root
Oct 14 11:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77  user=root
Oct 14 11:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: Invalid user admin from 103.59.95.142
Oct 14 11:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: input_userauth_request: invalid user admin [preauth]
Oct 14 11:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31878]: Failed password for root from 209.141.43.77 port 42740 ssh2
Oct 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31878]: Received disconnect from 209.141.43.77 port 42740:11: Bye Bye [preauth]
Oct 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31878]: Disconnected from 209.141.43.77 port 42740 [preauth]
Oct 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31897]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31896]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31894]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: Failed password for invalid user admin from 103.59.95.142 port 53904 ssh2
Oct 14 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: Received disconnect from 103.59.95.142 port 53904:11: Bye Bye [preauth]
Oct 14 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31876]: Disconnected from 103.59.95.142 port 53904 [preauth]
Oct 14 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31975]: Successful su for rubyman by root
Oct 14 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31975]: + ??? root:rubyman
Oct 14 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410942 of user rubyman.
Oct 14 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31975]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410942.
Oct 14 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31973]: Invalid user aa from 27.254.235.2
Oct 14 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31973]: input_userauth_request: invalid user aa [preauth]
Oct 14 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31973]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 11:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31973]: Failed password for invalid user aa from 27.254.235.2 port 54320 ssh2
Oct 14 11:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31973]: Received disconnect from 27.254.235.2 port 54320:11: Bye Bye [preauth]
Oct 14 11:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31973]: Disconnected from 27.254.235.2 port 54320 [preauth]
Oct 14 11:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28192]: pam_unix(cron:session): session closed for user root
Oct 14 11:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31895]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30782]: pam_unix(cron:session): session closed for user root
Oct 14 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32436]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32435]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32434]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32437]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32438]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32433]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32438]: pam_unix(cron:session): session closed for user root
Oct 14 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32433]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32513]: Successful su for rubyman by root
Oct 14 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32513]: + ??? root:rubyman
Oct 14 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410945 of user rubyman.
Oct 14 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32513]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410945.
Oct 14 11:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: Invalid user user from 170.83.166.33
Oct 14 11:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: input_userauth_request: invalid user user [preauth]
Oct 14 11:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 11:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32435]: pam_unix(cron:session): session closed for user root
Oct 14 11:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: Failed password for invalid user user from 170.83.166.33 port 39162 ssh2
Oct 14 11:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29000]: pam_unix(cron:session): session closed for user root
Oct 14 11:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: Received disconnect from 170.83.166.33 port 39162:11: Bye Bye [preauth]
Oct 14 11:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: Disconnected from 170.83.166.33 port 39162 [preauth]
Oct 14 11:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.249.103.127  user=root
Oct 14 11:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: Failed password for root from 113.249.103.127 port 56752 ssh2
Oct 14 11:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: Received disconnect from 113.249.103.127 port 56752:11: Bye Bye [preauth]
Oct 14 11:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: Disconnected from 113.249.103.127 port 56752 [preauth]
Oct 14 11:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32434]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31269]: pam_unix(cron:session): session closed for user root
Oct 14 11:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: Invalid user fa from 209.141.43.77
Oct 14 11:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: input_userauth_request: invalid user fa [preauth]
Oct 14 11:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 11:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142  user=root
Oct 14 11:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: Failed password for invalid user fa from 209.141.43.77 port 47228 ssh2
Oct 14 11:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: Received disconnect from 209.141.43.77 port 47228:11: Bye Bye [preauth]
Oct 14 11:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: Disconnected from 209.141.43.77 port 47228 [preauth]
Oct 14 11:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: Failed password for root from 103.59.95.142 port 55798 ssh2
Oct 14 11:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: Received disconnect from 103.59.95.142 port 55798:11: Bye Bye [preauth]
Oct 14 11:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: Disconnected from 103.59.95.142 port 55798 [preauth]
Oct 14 11:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: Invalid user aline from 27.254.235.2
Oct 14 11:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: input_userauth_request: invalid user aline [preauth]
Oct 14 11:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[489]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[488]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[485]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[485]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: Failed password for invalid user aline from 27.254.235.2 port 33748 ssh2
Oct 14 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: Received disconnect from 27.254.235.2 port 33748:11: Bye Bye [preauth]
Oct 14 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[481]: Disconnected from 27.254.235.2 port 33748 [preauth]
Oct 14 11:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[577]: Successful su for rubyman by root
Oct 14 11:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[577]: + ??? root:rubyman
Oct 14 11:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410952 of user rubyman.
Oct 14 11:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[577]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410952.
Oct 14 11:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session closed for user root
Oct 14 11:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[487]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31897]: pam_unix(cron:session): session closed for user root
Oct 14 11:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: Invalid user neolinux from 170.83.166.33
Oct 14 11:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: input_userauth_request: invalid user neolinux [preauth]
Oct 14 11:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 11:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: Failed password for invalid user neolinux from 170.83.166.33 port 17640 ssh2
Oct 14 11:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: Received disconnect from 170.83.166.33 port 17640:11: Bye Bye [preauth]
Oct 14 11:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: Disconnected from 170.83.166.33 port 17640 [preauth]
Oct 14 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1063]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1064]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1057]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1057]: pam_unix(cron:session): session closed for user root
Oct 14 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1060]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1138]: Successful su for rubyman by root
Oct 14 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1138]: + ??? root:rubyman
Oct 14 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410955 of user rubyman.
Oct 14 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1138]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410955.
Oct 14 11:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30185]: pam_unix(cron:session): session closed for user root
Oct 14 11:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77  user=root
Oct 14 11:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: Failed password for root from 209.141.43.77 port 51720 ssh2
Oct 14 11:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: Received disconnect from 209.141.43.77 port 51720:11: Bye Bye [preauth]
Oct 14 11:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: Disconnected from 209.141.43.77 port 51720 [preauth]
Oct 14 11:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1062]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32437]: pam_unix(cron:session): session closed for user root
Oct 14 11:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1504]: Invalid user aline from 103.59.95.142
Oct 14 11:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1504]: input_userauth_request: invalid user aline [preauth]
Oct 14 11:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1504]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 11:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1504]: Failed password for invalid user aline from 103.59.95.142 port 47468 ssh2
Oct 14 11:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1504]: Received disconnect from 103.59.95.142 port 47468:11: Bye Bye [preauth]
Oct 14 11:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1504]: Disconnected from 103.59.95.142 port 47468 [preauth]
Oct 14 11:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1539]: Invalid user mir from 27.254.235.2
Oct 14 11:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1539]: input_userauth_request: invalid user mir [preauth]
Oct 14 11:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1539]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 11:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1539]: Failed password for invalid user mir from 27.254.235.2 port 41408 ssh2
Oct 14 11:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1539]: Received disconnect from 27.254.235.2 port 41408:11: Bye Bye [preauth]
Oct 14 11:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1539]: Disconnected from 27.254.235.2 port 41408 [preauth]
Oct 14 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1558]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1559]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1554]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1631]: Successful su for rubyman by root
Oct 14 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1631]: + ??? root:rubyman
Oct 14 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410960 of user rubyman.
Oct 14 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1631]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410960.
Oct 14 11:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30781]: pam_unix(cron:session): session closed for user root
Oct 14 11:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1556]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33  user=root
Oct 14 11:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2007]: Failed password for root from 170.83.166.33 port 26411 ssh2
Oct 14 11:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2007]: Received disconnect from 170.83.166.33 port 26411:11: Bye Bye [preauth]
Oct 14 11:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2007]: Disconnected from 170.83.166.33 port 26411 [preauth]
Oct 14 11:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[489]: pam_unix(cron:session): session closed for user root
Oct 14 11:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77  user=root
Oct 14 11:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2082]: Failed password for root from 209.141.43.77 port 56226 ssh2
Oct 14 11:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2082]: Received disconnect from 209.141.43.77 port 56226:11: Bye Bye [preauth]
Oct 14 11:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2082]: Disconnected from 209.141.43.77 port 56226 [preauth]
Oct 14 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2144]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2140]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2138]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2219]: Successful su for rubyman by root
Oct 14 11:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2219]: + ??? root:rubyman
Oct 14 11:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410964 of user rubyman.
Oct 14 11:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2219]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410964.
Oct 14 11:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31267]: pam_unix(cron:session): session closed for user root
Oct 14 11:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2139]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: Invalid user raymond from 103.59.95.142
Oct 14 11:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: input_userauth_request: invalid user raymond [preauth]
Oct 14 11:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 11:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: Failed password for invalid user raymond from 103.59.95.142 port 41616 ssh2
Oct 14 11:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: Received disconnect from 103.59.95.142 port 41616:11: Bye Bye [preauth]
Oct 14 11:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: Disconnected from 103.59.95.142 port 41616 [preauth]
Oct 14 11:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1064]: pam_unix(cron:session): session closed for user root
Oct 14 11:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Invalid user raymond from 27.254.235.2
Oct 14 11:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: input_userauth_request: invalid user raymond [preauth]
Oct 14 11:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 11:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Failed password for invalid user raymond from 27.254.235.2 port 49068 ssh2
Oct 14 11:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Received disconnect from 27.254.235.2 port 49068:11: Bye Bye [preauth]
Oct 14 11:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Disconnected from 27.254.235.2 port 49068 [preauth]
Oct 14 11:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: Invalid user zs from 106.37.72.234
Oct 14 11:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: input_userauth_request: invalid user zs [preauth]
Oct 14 11:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.37.72.234
Oct 14 11:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: Failed password for invalid user zs from 106.37.72.234 port 36306 ssh2
Oct 14 11:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: Received disconnect from 106.37.72.234 port 36306:11: Bye Bye [preauth]
Oct 14 11:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: Disconnected from 106.37.72.234 port 36306 [preauth]
Oct 14 11:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33  user=root
Oct 14 11:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2587]: Failed password for root from 170.83.166.33 port 32722 ssh2
Oct 14 11:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2587]: Received disconnect from 170.83.166.33 port 32722:11: Bye Bye [preauth]
Oct 14 11:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2587]: Disconnected from 170.83.166.33 port 32722 [preauth]
Oct 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2605]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2602]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2601]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2598]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2603]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2605]: pam_unix(cron:session): session closed for user root
Oct 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2598]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Invalid user steam from 209.141.43.77
Oct 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: input_userauth_request: invalid user steam [preauth]
Oct 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2682]: Successful su for rubyman by root
Oct 14 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2682]: + ??? root:rubyman
Oct 14 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410973 of user rubyman.
Oct 14 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2682]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410973.
Oct 14 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Failed password for invalid user steam from 209.141.43.77 port 60710 ssh2
Oct 14 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Received disconnect from 209.141.43.77 port 60710:11: Bye Bye [preauth]
Oct 14 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Disconnected from 209.141.43.77 port 60710 [preauth]
Oct 14 11:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2601]: pam_unix(cron:session): session closed for user root
Oct 14 11:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31896]: pam_unix(cron:session): session closed for user root
Oct 14 11:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2600]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1559]: pam_unix(cron:session): session closed for user root
Oct 14 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3080]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3078]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3076]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3147]: Successful su for rubyman by root
Oct 14 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3147]: + ??? root:rubyman
Oct 14 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410974 of user rubyman.
Oct 14 11:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3147]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410974.
Oct 14 11:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32436]: pam_unix(cron:session): session closed for user root
Oct 14 11:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142  user=root
Oct 14 11:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3077]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Failed password for root from 103.59.95.142 port 46404 ssh2
Oct 14 11:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Received disconnect from 103.59.95.142 port 46404:11: Bye Bye [preauth]
Oct 14 11:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Disconnected from 103.59.95.142 port 46404 [preauth]
Oct 14 11:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: Invalid user user001 from 209.141.43.77
Oct 14 11:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: input_userauth_request: invalid user user001 [preauth]
Oct 14 11:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 11:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: Failed password for invalid user user001 from 209.141.43.77 port 36954 ssh2
Oct 14 11:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: Received disconnect from 209.141.43.77 port 36954:11: Bye Bye [preauth]
Oct 14 11:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: Disconnected from 209.141.43.77 port 36954 [preauth]
Oct 14 11:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3431]: Invalid user juergen from 170.83.166.33
Oct 14 11:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3431]: input_userauth_request: invalid user juergen [preauth]
Oct 14 11:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3431]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 11:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3431]: Failed password for invalid user juergen from 170.83.166.33 port 52783 ssh2
Oct 14 11:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3431]: Received disconnect from 170.83.166.33 port 52783:11: Bye Bye [preauth]
Oct 14 11:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3431]: Disconnected from 170.83.166.33 port 52783 [preauth]
Oct 14 11:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2144]: pam_unix(cron:session): session closed for user root
Oct 14 11:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3495]: Invalid user ftpuser from 27.254.235.2
Oct 14 11:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3495]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 11:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3495]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 11:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3495]: Failed password for invalid user ftpuser from 27.254.235.2 port 56728 ssh2
Oct 14 11:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3495]: Received disconnect from 27.254.235.2 port 56728:11: Bye Bye [preauth]
Oct 14 11:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3495]: Disconnected from 27.254.235.2 port 56728 [preauth]
Oct 14 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3558]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3556]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3554]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3622]: Successful su for rubyman by root
Oct 14 11:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3622]: + ??? root:rubyman
Oct 14 11:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410978 of user rubyman.
Oct 14 11:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3622]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410978.
Oct 14 11:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[488]: pam_unix(cron:session): session closed for user root
Oct 14 11:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: Invalid user admin from 2.57.121.112
Oct 14 11:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: input_userauth_request: invalid user admin [preauth]
Oct 14 11:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 11:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: Failed password for invalid user admin from 2.57.121.112 port 8122 ssh2
Oct 14 11:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3555]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: Failed password for invalid user admin from 2.57.121.112 port 8122 ssh2
Oct 14 11:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: Failed password for invalid user admin from 2.57.121.112 port 8122 ssh2
Oct 14 11:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: Failed password for invalid user admin from 2.57.121.112 port 8122 ssh2
Oct 14 11:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: Failed password for invalid user admin from 2.57.121.112 port 8122 ssh2
Oct 14 11:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: Received disconnect from 2.57.121.112 port 8122:11: Bye [preauth]
Oct 14 11:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: Disconnected from 2.57.121.112 port 8122 [preauth]
Oct 14 11:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 11:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3822]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 11:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2603]: pam_unix(cron:session): session closed for user root
Oct 14 11:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77  user=root
Oct 14 11:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3952]: Failed password for root from 209.141.43.77 port 41448 ssh2
Oct 14 11:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3952]: Received disconnect from 209.141.43.77 port 41448:11: Bye Bye [preauth]
Oct 14 11:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3952]: Disconnected from 209.141.43.77 port 41448 [preauth]
Oct 14 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4008]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4007]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4006]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4004]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4077]: Successful su for rubyman by root
Oct 14 11:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4077]: + ??? root:rubyman
Oct 14 11:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410982 of user rubyman.
Oct 14 11:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4077]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410982.
Oct 14 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Invalid user sara from 170.83.166.33
Oct 14 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: input_userauth_request: invalid user sara [preauth]
Oct 14 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 11:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Failed password for invalid user sara from 170.83.166.33 port 24082 ssh2
Oct 14 11:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Received disconnect from 170.83.166.33 port 24082:11: Bye Bye [preauth]
Oct 14 11:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Disconnected from 170.83.166.33 port 24082 [preauth]
Oct 14 11:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: Invalid user mir from 103.59.95.142
Oct 14 11:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: input_userauth_request: invalid user mir [preauth]
Oct 14 11:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 11:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: Failed password for invalid user mir from 103.59.95.142 port 34412 ssh2
Oct 14 11:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: Received disconnect from 103.59.95.142 port 34412:11: Bye Bye [preauth]
Oct 14 11:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: Disconnected from 103.59.95.142 port 34412 [preauth]
Oct 14 11:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1063]: pam_unix(cron:session): session closed for user root
Oct 14 11:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4006]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2  user=root
Oct 14 11:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: Failed password for root from 27.254.235.2 port 36156 ssh2
Oct 14 11:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: Received disconnect from 27.254.235.2 port 36156:11: Bye Bye [preauth]
Oct 14 11:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: Disconnected from 27.254.235.2 port 36156 [preauth]
Oct 14 11:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3080]: pam_unix(cron:session): session closed for user root
Oct 14 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Invalid user aa from 209.141.43.77
Oct 14 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: input_userauth_request: invalid user aa [preauth]
Oct 14 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4516]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4518]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4514]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4512]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4607]: Successful su for rubyman by root
Oct 14 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4607]: + ??? root:rubyman
Oct 14 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410986 of user rubyman.
Oct 14 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4607]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410986.
Oct 14 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Failed password for invalid user aa from 209.141.43.77 port 45932 ssh2
Oct 14 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Received disconnect from 209.141.43.77 port 45932:11: Bye Bye [preauth]
Oct 14 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Disconnected from 209.141.43.77 port 45932 [preauth]
Oct 14 11:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1558]: pam_unix(cron:session): session closed for user root
Oct 14 11:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4514]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33  user=root
Oct 14 11:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: Failed password for root from 170.83.166.33 port 64371 ssh2
Oct 14 11:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: Received disconnect from 170.83.166.33 port 64371:11: Bye Bye [preauth]
Oct 14 11:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5095]: Disconnected from 170.83.166.33 port 64371 [preauth]
Oct 14 11:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3558]: pam_unix(cron:session): session closed for user root
Oct 14 11:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: Invalid user account from 103.59.95.142
Oct 14 11:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: input_userauth_request: invalid user account [preauth]
Oct 14 11:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 11:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: Failed password for invalid user account from 103.59.95.142 port 43114 ssh2
Oct 14 11:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: Received disconnect from 103.59.95.142 port 43114:11: Bye Bye [preauth]
Oct 14 11:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5449]: Disconnected from 103.59.95.142 port 43114 [preauth]
Oct 14 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5509]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5507]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5506]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5508]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5509]: pam_unix(cron:session): session closed for user root
Oct 14 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5504]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[5589]: Successful su for rubyman by root
Oct 14 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[5589]: + ??? root:rubyman
Oct 14 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[5589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410990 of user rubyman.
Oct 14 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[5589]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410990.
Oct 14 11:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5506]: pam_unix(cron:session): session closed for user root
Oct 14 11:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2140]: pam_unix(cron:session): session closed for user root
Oct 14 11:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5838]: Invalid user juergen from 209.141.43.77
Oct 14 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5838]: input_userauth_request: invalid user juergen [preauth]
Oct 14 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5838]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5852]: Invalid user vikas from 27.254.235.2
Oct 14 11:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5852]: input_userauth_request: invalid user vikas [preauth]
Oct 14 11:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5852]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 11:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5838]: Failed password for invalid user juergen from 209.141.43.77 port 50406 ssh2
Oct 14 11:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5838]: Received disconnect from 209.141.43.77 port 50406:11: Bye Bye [preauth]
Oct 14 11:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5838]: Disconnected from 209.141.43.77 port 50406 [preauth]
Oct 14 11:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5852]: Failed password for invalid user vikas from 27.254.235.2 port 43802 ssh2
Oct 14 11:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5852]: Received disconnect from 27.254.235.2 port 43802:11: Bye Bye [preauth]
Oct 14 11:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5852]: Disconnected from 27.254.235.2 port 43802 [preauth]
Oct 14 11:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5505]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4008]: pam_unix(cron:session): session closed for user root
Oct 14 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6019]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6020]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6016]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6091]: Successful su for rubyman by root
Oct 14 11:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6091]: + ??? root:rubyman
Oct 14 11:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 410998 of user rubyman.
Oct 14 11:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6091]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 410998.
Oct 14 11:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2602]: pam_unix(cron:session): session closed for user root
Oct 14 11:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: Invalid user ftpuser from 170.83.166.33
Oct 14 11:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 11:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 11:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: Failed password for invalid user ftpuser from 170.83.166.33 port 33340 ssh2
Oct 14 11:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: Received disconnect from 170.83.166.33 port 33340:11: Bye Bye [preauth]
Oct 14 11:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: Disconnected from 170.83.166.33 port 33340 [preauth]
Oct 14 11:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6017]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Invalid user zs from 209.141.43.77
Oct 14 11:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: input_userauth_request: invalid user zs [preauth]
Oct 14 11:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 11:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4518]: pam_unix(cron:session): session closed for user root
Oct 14 11:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142  user=root
Oct 14 11:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Failed password for invalid user zs from 209.141.43.77 port 54882 ssh2
Oct 14 11:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Received disconnect from 209.141.43.77 port 54882:11: Bye Bye [preauth]
Oct 14 11:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Disconnected from 209.141.43.77 port 54882 [preauth]
Oct 14 11:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: Failed password for root from 103.59.95.142 port 52308 ssh2
Oct 14 11:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: Received disconnect from 103.59.95.142 port 52308:11: Bye Bye [preauth]
Oct 14 11:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: Disconnected from 103.59.95.142 port 52308 [preauth]
Oct 14 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6464]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6465]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6460]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6559]: Successful su for rubyman by root
Oct 14 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6559]: + ??? root:rubyman
Oct 14 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411001 of user rubyman.
Oct 14 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6559]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411001.
Oct 14 11:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: Invalid user juergen from 27.254.235.2
Oct 14 11:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: input_userauth_request: invalid user juergen [preauth]
Oct 14 11:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 11:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3078]: pam_unix(cron:session): session closed for user root
Oct 14 11:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: Failed password for invalid user juergen from 27.254.235.2 port 51464 ssh2
Oct 14 11:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: Received disconnect from 27.254.235.2 port 51464:11: Bye Bye [preauth]
Oct 14 11:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: Disconnected from 27.254.235.2 port 51464 [preauth]
Oct 14 11:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6463]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6898]: Did not receive identification string from 80.211.129.128
Oct 14 11:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5508]: pam_unix(cron:session): session closed for user root
Oct 14 11:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33  user=root
Oct 14 11:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6990]: Failed password for root from 170.83.166.33 port 2275 ssh2
Oct 14 11:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6990]: Received disconnect from 170.83.166.33 port 2275:11: Bye Bye [preauth]
Oct 14 11:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6990]: Disconnected from 170.83.166.33 port 2275 [preauth]
Oct 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7021]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7020]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7019]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7018]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: Invalid user sham from 209.141.43.77
Oct 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: input_userauth_request: invalid user sham [preauth]
Oct 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7122]: Successful su for rubyman by root
Oct 14 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7122]: + ??? root:rubyman
Oct 14 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411005 of user rubyman.
Oct 14 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7122]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411005.
Oct 14 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: Failed password for invalid user sham from 209.141.43.77 port 59358 ssh2
Oct 14 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: Received disconnect from 209.141.43.77 port 59358:11: Bye Bye [preauth]
Oct 14 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7055]: Disconnected from 209.141.43.77 port 59358 [preauth]
Oct 14 11:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3556]: pam_unix(cron:session): session closed for user root
Oct 14 11:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7019]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: Connection closed by 2.57.122.26 port 50544 [preauth]
Oct 14 11:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: Invalid user ismael from 103.59.95.142
Oct 14 11:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: input_userauth_request: invalid user ismael [preauth]
Oct 14 11:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 11:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: Failed password for invalid user ismael from 103.59.95.142 port 48526 ssh2
Oct 14 11:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: Received disconnect from 103.59.95.142 port 48526:11: Bye Bye [preauth]
Oct 14 11:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: Disconnected from 103.59.95.142 port 48526 [preauth]
Oct 14 11:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6020]: pam_unix(cron:session): session closed for user root
Oct 14 11:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.201.227  user=root
Oct 14 11:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7536]: Failed password for root from 80.211.201.227 port 34442 ssh2
Oct 14 11:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7536]: Connection closed by 80.211.201.227 port 34442 [preauth]
Oct 14 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7584]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7585]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7582]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7652]: Successful su for rubyman by root
Oct 14 11:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7652]: + ??? root:rubyman
Oct 14 11:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411009 of user rubyman.
Oct 14 11:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7652]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411009.
Oct 14 11:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7682]: Invalid user neolinux from 27.254.235.2
Oct 14 11:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7682]: input_userauth_request: invalid user neolinux [preauth]
Oct 14 11:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7682]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 11:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7682]: Failed password for invalid user neolinux from 27.254.235.2 port 59124 ssh2
Oct 14 11:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7682]: Received disconnect from 27.254.235.2 port 59124:11: Bye Bye [preauth]
Oct 14 11:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7682]: Disconnected from 27.254.235.2 port 59124 [preauth]
Oct 14 11:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4007]: pam_unix(cron:session): session closed for user root
Oct 14 11:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7583]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Invalid user admin from 209.141.43.77
Oct 14 11:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: input_userauth_request: invalid user admin [preauth]
Oct 14 11:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 11:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Failed password for invalid user admin from 209.141.43.77 port 35608 ssh2
Oct 14 11:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Received disconnect from 209.141.43.77 port 35608:11: Bye Bye [preauth]
Oct 14 11:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Disconnected from 209.141.43.77 port 35608 [preauth]
Oct 14 11:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: Invalid user esuser from 106.37.72.234
Oct 14 11:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: input_userauth_request: invalid user esuser [preauth]
Oct 14 11:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.37.72.234
Oct 14 11:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: Failed password for invalid user esuser from 106.37.72.234 port 58204 ssh2
Oct 14 11:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: Received disconnect from 106.37.72.234 port 58204:11: Bye Bye [preauth]
Oct 14 11:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: Disconnected from 106.37.72.234 port 58204 [preauth]
Oct 14 11:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: Invalid user aa from 170.83.166.33
Oct 14 11:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: input_userauth_request: invalid user aa [preauth]
Oct 14 11:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 11:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: Failed password for invalid user aa from 170.83.166.33 port 54078 ssh2
Oct 14 11:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: Received disconnect from 170.83.166.33 port 54078:11: Bye Bye [preauth]
Oct 14 11:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8396]: Disconnected from 170.83.166.33 port 54078 [preauth]
Oct 14 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6465]: pam_unix(cron:session): session closed for user root
Oct 14 11:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 14 11:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8462]: Failed password for root from 190.103.202.7 port 49382 ssh2
Oct 14 11:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8462]: Connection closed by 190.103.202.7 port 49382 [preauth]
Oct 14 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8499]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8498]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8497]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8501]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8501]: pam_unix(cron:session): session closed for user root
Oct 14 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8493]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8579]: Successful su for rubyman by root
Oct 14 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8579]: + ??? root:rubyman
Oct 14 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8579]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411013 of user rubyman.
Oct 14 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8579]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411013.
Oct 14 11:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8497]: pam_unix(cron:session): session closed for user root
Oct 14 11:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4516]: pam_unix(cron:session): session closed for user root
Oct 14 11:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8494]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142  user=root
Oct 14 11:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8986]: Failed password for root from 103.59.95.142 port 45526 ssh2
Oct 14 11:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8986]: Received disconnect from 103.59.95.142 port 45526:11: Bye Bye [preauth]
Oct 14 11:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8986]: Disconnected from 103.59.95.142 port 45526 [preauth]
Oct 14 11:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7021]: pam_unix(cron:session): session closed for user root
Oct 14 11:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77  user=root
Oct 14 11:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: Failed password for root from 209.141.43.77 port 40100 ssh2
Oct 14 11:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: Received disconnect from 209.141.43.77 port 40100:11: Bye Bye [preauth]
Oct 14 11:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: Disconnected from 209.141.43.77 port 40100 [preauth]
Oct 14 11:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2  user=root
Oct 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9118]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9119]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9116]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: Failed password for root from 27.254.235.2 port 38554 ssh2
Oct 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: Received disconnect from 27.254.235.2 port 38554:11: Bye Bye [preauth]
Oct 14 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9113]: Disconnected from 27.254.235.2 port 38554 [preauth]
Oct 14 11:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9301]: Successful su for rubyman by root
Oct 14 11:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9301]: + ??? root:rubyman
Oct 14 11:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9301]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411018 of user rubyman.
Oct 14 11:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9301]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411018.
Oct 14 11:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: Invalid user aline from 170.83.166.33
Oct 14 11:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: input_userauth_request: invalid user aline [preauth]
Oct 14 11:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 11:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: Failed password for invalid user aline from 170.83.166.33 port 39181 ssh2
Oct 14 11:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: Received disconnect from 170.83.166.33 port 39181:11: Bye Bye [preauth]
Oct 14 11:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: Disconnected from 170.83.166.33 port 39181 [preauth]
Oct 14 11:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5507]: pam_unix(cron:session): session closed for user root
Oct 14 11:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9117]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7585]: pam_unix(cron:session): session closed for user root
Oct 14 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9867]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9865]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9863]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9941]: Successful su for rubyman by root
Oct 14 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9941]: + ??? root:rubyman
Oct 14 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9941]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411022 of user rubyman.
Oct 14 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9941]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411022.
Oct 14 11:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: Invalid user p from 209.141.43.77
Oct 14 11:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: input_userauth_request: invalid user p [preauth]
Oct 14 11:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.43.77
Oct 14 11:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6019]: pam_unix(cron:session): session closed for user root
Oct 14 11:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: Failed password for invalid user p from 209.141.43.77 port 44582 ssh2
Oct 14 11:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: Received disconnect from 209.141.43.77 port 44582:11: Bye Bye [preauth]
Oct 14 11:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: Disconnected from 209.141.43.77 port 44582 [preauth]
Oct 14 11:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9864]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142  user=root
Oct 14 11:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: Failed password for root from 103.59.95.142 port 37352 ssh2
Oct 14 11:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: Received disconnect from 103.59.95.142 port 37352:11: Bye Bye [preauth]
Oct 14 11:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10177]: Disconnected from 103.59.95.142 port 37352 [preauth]
Oct 14 11:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8499]: pam_unix(cron:session): session closed for user root
Oct 14 11:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: Invalid user mir from 170.83.166.33
Oct 14 11:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: input_userauth_request: invalid user mir [preauth]
Oct 14 11:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 11:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: Failed password for invalid user mir from 170.83.166.33 port 58294 ssh2
Oct 14 11:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: Received disconnect from 170.83.166.33 port 58294:11: Bye Bye [preauth]
Oct 14 11:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10291]: Disconnected from 170.83.166.33 port 58294 [preauth]
Oct 14 11:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: Invalid user fa from 27.254.235.2
Oct 14 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: input_userauth_request: invalid user fa [preauth]
Oct 14 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 11:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: Failed password for invalid user fa from 27.254.235.2 port 46208 ssh2
Oct 14 11:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: Received disconnect from 27.254.235.2 port 46208:11: Bye Bye [preauth]
Oct 14 11:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: Disconnected from 27.254.235.2 port 46208 [preauth]
Oct 14 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10359]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10360]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10357]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10429]: Successful su for rubyman by root
Oct 14 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10429]: + ??? root:rubyman
Oct 14 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411026 of user rubyman.
Oct 14 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10429]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411026.
Oct 14 11:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6464]: pam_unix(cron:session): session closed for user root
Oct 14 11:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10358]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9119]: pam_unix(cron:session): session closed for user root
Oct 14 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10826]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10824]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10822]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10901]: Successful su for rubyman by root
Oct 14 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10901]: + ??? root:rubyman
Oct 14 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411030 of user rubyman.
Oct 14 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10901]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411030.
Oct 14 11:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11056]: Invalid user p from 103.59.95.142
Oct 14 11:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11056]: input_userauth_request: invalid user p [preauth]
Oct 14 11:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11056]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 11:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7020]: pam_unix(cron:session): session closed for user root
Oct 14 11:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11056]: Failed password for invalid user p from 103.59.95.142 port 46094 ssh2
Oct 14 11:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11056]: Received disconnect from 103.59.95.142 port 46094:11: Bye Bye [preauth]
Oct 14 11:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11056]: Disconnected from 103.59.95.142 port 46094 [preauth]
Oct 14 11:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11128]: Bad protocol version identification 'GET / HTTP/1.1' from 143.110.236.119 port 41336
Oct 14 11:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11129]: Bad protocol version identification 'GET /favicon.ico HTTP/1.1' from 143.110.236.119 port 41352
Oct 14 11:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10823]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11145]: Invalid user minecraft from 170.83.166.33
Oct 14 11:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11145]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 11:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11145]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 11:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11145]: Failed password for invalid user minecraft from 170.83.166.33 port 40467 ssh2
Oct 14 11:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11145]: Received disconnect from 170.83.166.33 port 40467:11: Bye Bye [preauth]
Oct 14 11:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11145]: Disconnected from 170.83.166.33 port 40467 [preauth]
Oct 14 11:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9867]: pam_unix(cron:session): session closed for user root
Oct 14 11:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11258]: Invalid user user from 27.254.235.2
Oct 14 11:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11258]: input_userauth_request: invalid user user [preauth]
Oct 14 11:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11258]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 11:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11258]: Failed password for invalid user user from 27.254.235.2 port 53874 ssh2
Oct 14 11:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11258]: Received disconnect from 27.254.235.2 port 53874:11: Bye Bye [preauth]
Oct 14 11:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11258]: Disconnected from 27.254.235.2 port 53874 [preauth]
Oct 14 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11293]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11290]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11289]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11292]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11293]: pam_unix(cron:session): session closed for user root
Oct 14 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11287]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11366]: Successful su for rubyman by root
Oct 14 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11366]: + ??? root:rubyman
Oct 14 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411037 of user rubyman.
Oct 14 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11366]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411037.
Oct 14 11:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11289]: pam_unix(cron:session): session closed for user root
Oct 14 11:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7584]: pam_unix(cron:session): session closed for user root
Oct 14 11:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11288]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10360]: pam_unix(cron:session): session closed for user root
Oct 14 11:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11887]: Invalid user raymond from 170.83.166.33
Oct 14 11:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11887]: input_userauth_request: invalid user raymond [preauth]
Oct 14 11:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11887]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 11:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11887]: Failed password for invalid user raymond from 170.83.166.33 port 11977 ssh2
Oct 14 11:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11887]: Received disconnect from 170.83.166.33 port 11977:11: Bye Bye [preauth]
Oct 14 11:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11887]: Disconnected from 170.83.166.33 port 11977 [preauth]
Oct 14 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11897]: Invalid user user001 from 103.59.95.142
Oct 14 11:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11897]: input_userauth_request: invalid user user001 [preauth]
Oct 14 11:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11897]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11902]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11904]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11900]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11897]: Failed password for invalid user user001 from 103.59.95.142 port 59968 ssh2
Oct 14 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11979]: Successful su for rubyman by root
Oct 14 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11979]: + ??? root:rubyman
Oct 14 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411040 of user rubyman.
Oct 14 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11979]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411040.
Oct 14 11:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11897]: Received disconnect from 103.59.95.142 port 59968:11: Bye Bye [preauth]
Oct 14 11:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11897]: Disconnected from 103.59.95.142 port 59968 [preauth]
Oct 14 11:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 11:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:165.154.138.34
Oct 14 11:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8498]: pam_unix(cron:session): session closed for user root
Oct 14 11:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11901]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10826]: pam_unix(cron:session): session closed for user root
Oct 14 11:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: Invalid user gns3 from 27.254.235.2
Oct 14 11:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: input_userauth_request: invalid user gns3 [preauth]
Oct 14 11:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2
Oct 14 11:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: Failed password for invalid user gns3 from 27.254.235.2 port 33304 ssh2
Oct 14 11:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: Received disconnect from 27.254.235.2 port 33304:11: Bye Bye [preauth]
Oct 14 11:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: Disconnected from 27.254.235.2 port 33304 [preauth]
Oct 14 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12405]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12404]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12402]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12485]: Successful su for rubyman by root
Oct 14 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12485]: + ??? root:rubyman
Oct 14 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411044 of user rubyman.
Oct 14 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12485]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411044.
Oct 14 11:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9118]: pam_unix(cron:session): session closed for user root
Oct 14 11:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12403]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Invalid user zs from 170.83.166.33
Oct 14 11:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: input_userauth_request: invalid user zs [preauth]
Oct 14 11:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.166.33
Oct 14 11:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Failed password for invalid user zs from 170.83.166.33 port 44115 ssh2
Oct 14 11:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Received disconnect from 170.83.166.33 port 44115:11: Bye Bye [preauth]
Oct 14 11:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Disconnected from 170.83.166.33 port 44115 [preauth]
Oct 14 11:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11292]: pam_unix(cron:session): session closed for user root
Oct 14 11:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: Invalid user hadoop from 103.59.95.142
Oct 14 11:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 11:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 11:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: Failed password for invalid user hadoop from 103.59.95.142 port 40726 ssh2
Oct 14 11:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: Received disconnect from 103.59.95.142 port 40726:11: Bye Bye [preauth]
Oct 14 11:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: Disconnected from 103.59.95.142 port 40726 [preauth]
Oct 14 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12901]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12900]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12898]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12981]: Successful su for rubyman by root
Oct 14 11:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12981]: + ??? root:rubyman
Oct 14 11:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411048 of user rubyman.
Oct 14 11:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12981]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411048.
Oct 14 11:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9865]: pam_unix(cron:session): session closed for user root
Oct 14 11:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: Invalid user ec2-user from 14.103.122.90
Oct 14 11:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: input_userauth_request: invalid user ec2-user [preauth]
Oct 14 11:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.122.90
Oct 14 11:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: Failed password for invalid user ec2-user from 14.103.122.90 port 49658 ssh2
Oct 14 11:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: Received disconnect from 14.103.122.90 port 49658:11: Bye Bye [preauth]
Oct 14 11:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: Disconnected from 14.103.122.90 port 49658 [preauth]
Oct 14 11:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12899]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2  user=root
Oct 14 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13402]: Failed password for root from 27.254.235.2 port 40960 ssh2
Oct 14 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13402]: Received disconnect from 27.254.235.2 port 40960:11: Bye Bye [preauth]
Oct 14 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13402]: Disconnected from 27.254.235.2 port 40960 [preauth]
Oct 14 11:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11904]: pam_unix(cron:session): session closed for user root
Oct 14 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13510]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13502]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13508]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13506]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13680]: Successful su for rubyman by root
Oct 14 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13680]: + ??? root:rubyman
Oct 14 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411054 of user rubyman.
Oct 14 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13680]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411054.
Oct 14 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13502]: pam_unix(cron:session): session closed for user root
Oct 14 11:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10359]: pam_unix(cron:session): session closed for user root
Oct 14 11:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.37.72.234  user=root
Oct 14 11:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Failed password for root from 106.37.72.234 port 51882 ssh2
Oct 14 11:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Received disconnect from 106.37.72.234 port 51882:11: Bye Bye [preauth]
Oct 14 11:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Disconnected from 106.37.72.234 port 51882 [preauth]
Oct 14 11:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13507]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13974]: Invalid user steam from 103.59.95.142
Oct 14 11:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13974]: input_userauth_request: invalid user steam [preauth]
Oct 14 11:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13974]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 11:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13974]: Failed password for invalid user steam from 103.59.95.142 port 46800 ssh2
Oct 14 11:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13974]: Received disconnect from 103.59.95.142 port 46800:11: Bye Bye [preauth]
Oct 14 11:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13974]: Disconnected from 103.59.95.142 port 46800 [preauth]
Oct 14 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: Invalid user tcadmin from 20.163.71.109
Oct 14 11:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: input_userauth_request: invalid user tcadmin [preauth]
Oct 14 11:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 11:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: Failed password for invalid user tcadmin from 20.163.71.109 port 47138 ssh2
Oct 14 11:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: Connection closed by 20.163.71.109 port 47138 [preauth]
Oct 14 11:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12405]: pam_unix(cron:session): session closed for user root
Oct 14 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14190]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14184]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14183]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14185]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14190]: pam_unix(cron:session): session closed for user root
Oct 14 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14181]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14266]: Successful su for rubyman by root
Oct 14 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14266]: + ??? root:rubyman
Oct 14 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411061 of user rubyman.
Oct 14 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14266]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411061.
Oct 14 11:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14183]: pam_unix(cron:session): session closed for user root
Oct 14 11:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10824]: pam_unix(cron:session): session closed for user root
Oct 14 11:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14182]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2  user=root
Oct 14 11:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14539]: Failed password for root from 27.254.235.2 port 48612 ssh2
Oct 14 11:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14539]: Received disconnect from 27.254.235.2 port 48612:11: Bye Bye [preauth]
Oct 14 11:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14539]: Disconnected from 27.254.235.2 port 48612 [preauth]
Oct 14 11:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12901]: pam_unix(cron:session): session closed for user root
Oct 14 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14665]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14666]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14663]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14743]: Successful su for rubyman by root
Oct 14 11:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14743]: + ??? root:rubyman
Oct 14 11:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411065 of user rubyman.
Oct 14 11:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14743]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411065.
Oct 14 11:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14773]: Invalid user juergen from 103.59.95.142
Oct 14 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14773]: input_userauth_request: invalid user juergen [preauth]
Oct 14 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14773]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 11:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14773]: Failed password for invalid user juergen from 103.59.95.142 port 37184 ssh2
Oct 14 11:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14773]: Received disconnect from 103.59.95.142 port 37184:11: Bye Bye [preauth]
Oct 14 11:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14773]: Disconnected from 103.59.95.142 port 37184 [preauth]
Oct 14 11:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11290]: pam_unix(cron:session): session closed for user root
Oct 14 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14664]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 11:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15013]: Failed password for root from 80.211.129.128 port 37630 ssh2
Oct 14 11:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15013]: Connection closed by 80.211.129.128 port 37630 [preauth]
Oct 14 11:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13510]: pam_unix(cron:session): session closed for user root
Oct 14 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15233]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15235]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15231]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15320]: Successful su for rubyman by root
Oct 14 11:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15320]: + ??? root:rubyman
Oct 14 11:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411068 of user rubyman.
Oct 14 11:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15320]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411068.
Oct 14 11:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11902]: pam_unix(cron:session): session closed for user root
Oct 14 11:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2  user=root
Oct 14 11:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15232]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: Failed password for root from 27.254.235.2 port 56262 ssh2
Oct 14 11:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: Received disconnect from 27.254.235.2 port 56262:11: Bye Bye [preauth]
Oct 14 11:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: Disconnected from 27.254.235.2 port 56262 [preauth]
Oct 14 11:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14185]: pam_unix(cron:session): session closed for user root
Oct 14 11:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142  user=root
Oct 14 11:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: Failed password for root from 103.59.95.142 port 50106 ssh2
Oct 14 11:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: Received disconnect from 103.59.95.142 port 50106:11: Bye Bye [preauth]
Oct 14 11:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: Disconnected from 103.59.95.142 port 50106 [preauth]
Oct 14 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15694]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15692]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15690]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15764]: Successful su for rubyman by root
Oct 14 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15764]: + ??? root:rubyman
Oct 14 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411071 of user rubyman.
Oct 14 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15764]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411071.
Oct 14 11:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12404]: pam_unix(cron:session): session closed for user root
Oct 14 11:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15691]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14666]: pam_unix(cron:session): session closed for user root
Oct 14 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16137]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16134]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16135]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16132]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16203]: Successful su for rubyman by root
Oct 14 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16203]: + ??? root:rubyman
Oct 14 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411075 of user rubyman.
Oct 14 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16203]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411075.
Oct 14 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2  user=root
Oct 14 11:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: Failed password for root from 27.254.235.2 port 35680 ssh2
Oct 14 11:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: Received disconnect from 27.254.235.2 port 35680:11: Bye Bye [preauth]
Oct 14 11:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16289]: Disconnected from 27.254.235.2 port 35680 [preauth]
Oct 14 11:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12900]: pam_unix(cron:session): session closed for user root
Oct 14 11:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16134]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: Invalid user zs from 103.59.95.142
Oct 14 11:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: input_userauth_request: invalid user zs [preauth]
Oct 14 11:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
Oct 14 11:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: Failed password for invalid user zs from 103.59.95.142 port 32910 ssh2
Oct 14 11:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: Received disconnect from 103.59.95.142 port 32910:11: Bye Bye [preauth]
Oct 14 11:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: Disconnected from 103.59.95.142 port 32910 [preauth]
Oct 14 11:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15235]: pam_unix(cron:session): session closed for user root
Oct 14 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16618]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16617]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16621]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16616]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16621]: pam_unix(cron:session): session closed for user root
Oct 14 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16614]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16683]: Successful su for rubyman by root
Oct 14 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16683]: + ??? root:rubyman
Oct 14 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411079 of user rubyman.
Oct 14 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16683]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411079.
Oct 14 11:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16616]: pam_unix(cron:session): session closed for user root
Oct 14 11:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13508]: pam_unix(cron:session): session closed for user root
Oct 14 11:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16615]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15694]: pam_unix(cron:session): session closed for user root
Oct 14 11:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.2  user=root
Oct 14 11:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: Failed password for root from 27.254.235.2 port 43332 ssh2
Oct 14 11:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: Received disconnect from 27.254.235.2 port 43332:11: Bye Bye [preauth]
Oct 14 11:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: Disconnected from 27.254.235.2 port 43332 [preauth]
Oct 14 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17105]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17104]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17097]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17097]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17192]: Successful su for rubyman by root
Oct 14 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17192]: + ??? root:rubyman
Oct 14 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411087 of user rubyman.
Oct 14 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17192]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411087.
Oct 14 11:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14184]: pam_unix(cron:session): session closed for user root
Oct 14 11:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17099]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16137]: pam_unix(cron:session): session closed for user root
Oct 14 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17562]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17563]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17560]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17636]: Successful su for rubyman by root
Oct 14 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17636]: + ??? root:rubyman
Oct 14 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17636]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411090 of user rubyman.
Oct 14 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17636]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411090.
Oct 14 11:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14665]: pam_unix(cron:session): session closed for user root
Oct 14 11:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17561]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16618]: pam_unix(cron:session): session closed for user root
Oct 14 11:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.122.90  user=root
Oct 14 11:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: Failed password for root from 14.103.122.90 port 37762 ssh2
Oct 14 11:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: Received disconnect from 14.103.122.90 port 37762:11: Bye Bye [preauth]
Oct 14 11:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: Disconnected from 14.103.122.90 port 37762 [preauth]
Oct 14 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18236]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18237]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18124]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18308]: Successful su for rubyman by root
Oct 14 11:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18308]: + ??? root:rubyman
Oct 14 11:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18308]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411095 of user rubyman.
Oct 14 11:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18308]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411095.
Oct 14 11:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15233]: pam_unix(cron:session): session closed for user root
Oct 14 11:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18125]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17105]: pam_unix(cron:session): session closed for user root
Oct 14 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18822]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18823]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18818]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18900]: Successful su for rubyman by root
Oct 14 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18900]: + ??? root:rubyman
Oct 14 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411098 of user rubyman.
Oct 14 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18900]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411098.
Oct 14 11:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15692]: pam_unix(cron:session): session closed for user root
Oct 14 11:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18821]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17563]: pam_unix(cron:session): session closed for user root
Oct 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19617]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19616]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19620]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19618]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19620]: pam_unix(cron:session): session closed for user root
Oct 14 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19614]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[19827]: Successful su for rubyman by root
Oct 14 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[19827]: + ??? root:rubyman
Oct 14 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[19827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411105 of user rubyman.
Oct 14 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[19827]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411105.
Oct 14 11:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19616]: pam_unix(cron:session): session closed for user root
Oct 14 11:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16135]: pam_unix(cron:session): session closed for user root
Oct 14 11:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19615]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18237]: pam_unix(cron:session): session closed for user root
Oct 14 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20304]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20306]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20302]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20397]: Successful su for rubyman by root
Oct 14 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20397]: + ??? root:rubyman
Oct 14 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411109 of user rubyman.
Oct 14 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20397]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411109.
Oct 14 11:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16617]: pam_unix(cron:session): session closed for user root
Oct 14 11:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20303]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18823]: pam_unix(cron:session): session closed for user root
Oct 14 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20785]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20786]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20783]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20851]: Successful su for rubyman by root
Oct 14 11:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20851]: + ??? root:rubyman
Oct 14 11:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411114 of user rubyman.
Oct 14 11:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20851]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411114.
Oct 14 11:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17104]: pam_unix(cron:session): session closed for user root
Oct 14 11:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20784]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19618]: pam_unix(cron:session): session closed for user root
Oct 14 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21222]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21223]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21220]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21307]: Successful su for rubyman by root
Oct 14 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21307]: + ??? root:rubyman
Oct 14 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411115 of user rubyman.
Oct 14 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21307]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411115.
Oct 14 11:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17562]: pam_unix(cron:session): session closed for user root
Oct 14 11:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21221]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21614]: Invalid user support from 78.128.112.74
Oct 14 11:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21614]: input_userauth_request: invalid user support [preauth]
Oct 14 11:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21614]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Oct 14 11:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21614]: Failed password for invalid user support from 78.128.112.74 port 39176 ssh2
Oct 14 11:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21614]: Connection closed by 78.128.112.74 port 39176 [preauth]
Oct 14 11:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20306]: pam_unix(cron:session): session closed for user root
Oct 14 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21753]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21749]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21747]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21825]: Successful su for rubyman by root
Oct 14 11:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21825]: + ??? root:rubyman
Oct 14 11:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411120 of user rubyman.
Oct 14 11:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21825]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411120.
Oct 14 11:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18236]: pam_unix(cron:session): session closed for user root
Oct 14 11:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21748]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20786]: pam_unix(cron:session): session closed for user root
Oct 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22268]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22265]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22270]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22269]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22270]: pam_unix(cron:session): session closed for user root
Oct 14 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22262]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22354]: Successful su for rubyman by root
Oct 14 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22354]: + ??? root:rubyman
Oct 14 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411125 of user rubyman.
Oct 14 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22354]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411125.
Oct 14 11:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22265]: pam_unix(cron:session): session closed for user root
Oct 14 11:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18822]: pam_unix(cron:session): session closed for user root
Oct 14 11:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22263]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21223]: pam_unix(cron:session): session closed for user root
Oct 14 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23095]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22961]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23201]: Successful su for rubyman by root
Oct 14 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23201]: + ??? root:rubyman
Oct 14 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23201]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411132 of user rubyman.
Oct 14 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23201]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411132.
Oct 14 11:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19617]: pam_unix(cron:session): session closed for user root
Oct 14 11:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21753]: pam_unix(cron:session): session closed for user root
Oct 14 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23952]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23950]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23946]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24047]: Successful su for rubyman by root
Oct 14 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24047]: + ??? root:rubyman
Oct 14 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24047]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411133 of user rubyman.
Oct 14 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24047]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411133.
Oct 14 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Invalid user admin from 2.57.121.25
Oct 14 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: input_userauth_request: invalid user admin [preauth]
Oct 14 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 11:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20304]: pam_unix(cron:session): session closed for user root
Oct 14 11:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Failed password for invalid user admin from 2.57.121.25 port 7056 ssh2
Oct 14 11:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Failed password for invalid user admin from 2.57.121.25 port 7056 ssh2
Oct 14 11:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Failed password for invalid user admin from 2.57.121.25 port 7056 ssh2
Oct 14 11:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Failed password for invalid user admin from 2.57.121.25 port 7056 ssh2
Oct 14 11:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23947]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Failed password for invalid user admin from 2.57.121.25 port 7056 ssh2
Oct 14 11:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Received disconnect from 2.57.121.25 port 7056:11: Bye [preauth]
Oct 14 11:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Disconnected from 2.57.121.25 port 7056 [preauth]
Oct 14 11:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 11:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 11:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22269]: pam_unix(cron:session): session closed for user root
Oct 14 11:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24470]: Invalid user trung from 14.103.122.90
Oct 14 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24470]: input_userauth_request: invalid user trung [preauth]
Oct 14 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24470]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.122.90
Oct 14 11:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24470]: Failed password for invalid user trung from 14.103.122.90 port 34412 ssh2
Oct 14 11:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24470]: Received disconnect from 14.103.122.90 port 34412:11: Bye Bye [preauth]
Oct 14 11:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24470]: Disconnected from 14.103.122.90 port 34412 [preauth]
Oct 14 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24491]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24492]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24487]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24487]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24575]: Successful su for rubyman by root
Oct 14 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24575]: + ??? root:rubyman
Oct 14 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411138 of user rubyman.
Oct 14 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24575]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411138.
Oct 14 11:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20785]: pam_unix(cron:session): session closed for user root
Oct 14 11:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24488]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23095]: pam_unix(cron:session): session closed for user root
Oct 14 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24985]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24984]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24982]: pam_unix(cron:session): session closed for user p13x
Oct 14 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25056]: Successful su for rubyman by root
Oct 14 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25056]: + ??? root:rubyman
Oct 14 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411144 of user rubyman.
Oct 14 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25056]: pam_unix(su:session): session closed for user rubyman
Oct 14 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411144.
Oct 14 11:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21222]: pam_unix(cron:session): session closed for user root
Oct 14 11:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24983]: pam_unix(cron:session): session closed for user samftp
Oct 14 11:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23952]: pam_unix(cron:session): session closed for user root
Oct 14 12:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25695]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25696]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25693]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25690]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25691]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25690]: pam_unix(cron:session): session closed for user root
Oct 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25696]: pam_unix(cron:session): session closed for user root
Oct 14 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25688]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[25911]: Successful su for rubyman by root
Oct 14 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[25911]: + ??? root:rubyman
Oct 14 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[25911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411146 of user rubyman.
Oct 14 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[25911]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411146.
Oct 14 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 12:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25685]: Failed password for root from 80.211.129.128 port 35460 ssh2
Oct 14 12:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25685]: Connection closed by 80.211.129.128 port 35460 [preauth]
Oct 14 12:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25691]: pam_unix(cron:session): session closed for user root
Oct 14 12:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21749]: pam_unix(cron:session): session closed for user root
Oct 14 12:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25689]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24492]: pam_unix(cron:session): session closed for user root
Oct 14 12:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: Did not receive identification string from 80.211.129.128
Oct 14 12:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26395]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26396]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26392]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26559]: Successful su for rubyman by root
Oct 14 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26559]: + ??? root:rubyman
Oct 14 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411154 of user rubyman.
Oct 14 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26559]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411154.
Oct 14 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26362]: Connection closed by 14.103.122.90 port 57652 [preauth]
Oct 14 12:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22268]: pam_unix(cron:session): session closed for user root
Oct 14 12:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26394]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24985]: pam_unix(cron:session): session closed for user root
Oct 14 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27174]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27172]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27170]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27256]: Successful su for rubyman by root
Oct 14 12:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27256]: + ??? root:rubyman
Oct 14 12:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411156 of user rubyman.
Oct 14 12:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27256]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411156.
Oct 14 12:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session closed for user root
Oct 14 12:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27171]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25695]: pam_unix(cron:session): session closed for user root
Oct 14 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27945]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27942]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27939]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28024]: Successful su for rubyman by root
Oct 14 12:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28024]: + ??? root:rubyman
Oct 14 12:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411160 of user rubyman.
Oct 14 12:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28024]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411160.
Oct 14 12:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23950]: pam_unix(cron:session): session closed for user root
Oct 14 12:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27941]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26396]: pam_unix(cron:session): session closed for user root
Oct 14 12:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124  user=root
Oct 14 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28321]: Failed password for root from 138.68.58.124 port 37978 ssh2
Oct 14 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28321]: Connection closed by 138.68.58.124 port 37978 [preauth]
Oct 14 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28424]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28423]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28420]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28740]: Successful su for rubyman by root
Oct 14 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28740]: + ??? root:rubyman
Oct 14 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411165 of user rubyman.
Oct 14 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28740]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411165.
Oct 14 12:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24491]: pam_unix(cron:session): session closed for user root
Oct 14 12:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28421]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27174]: pam_unix(cron:session): session closed for user root
Oct 14 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29258]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29255]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29254]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29260]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29259]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29253]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29260]: pam_unix(cron:session): session closed for user root
Oct 14 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29253]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29355]: Successful su for rubyman by root
Oct 14 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29355]: + ??? root:rubyman
Oct 14 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29355]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411169 of user rubyman.
Oct 14 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29355]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411169.
Oct 14 12:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29255]: pam_unix(cron:session): session closed for user root
Oct 14 12:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24984]: pam_unix(cron:session): session closed for user root
Oct 14 12:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29254]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27945]: pam_unix(cron:session): session closed for user root
Oct 14 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29788]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29787]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29785]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29884]: Successful su for rubyman by root
Oct 14 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29884]: + ??? root:rubyman
Oct 14 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411174 of user rubyman.
Oct 14 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29884]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411174.
Oct 14 12:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25693]: pam_unix(cron:session): session closed for user root
Oct 14 12:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29786]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28424]: pam_unix(cron:session): session closed for user root
Oct 14 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30314]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30323]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30312]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30403]: Successful su for rubyman by root
Oct 14 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30403]: + ??? root:rubyman
Oct 14 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411179 of user rubyman.
Oct 14 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30403]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411179.
Oct 14 12:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26395]: pam_unix(cron:session): session closed for user root
Oct 14 12:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30313]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29259]: pam_unix(cron:session): session closed for user root
Oct 14 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30887]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30886]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30888]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30885]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30957]: Successful su for rubyman by root
Oct 14 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30957]: + ??? root:rubyman
Oct 14 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411182 of user rubyman.
Oct 14 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30957]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411182.
Oct 14 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31033]: Invalid user ubuntu from 14.103.122.90
Oct 14 12:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31033]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 12:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31033]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.122.90
Oct 14 12:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31033]: Failed password for invalid user ubuntu from 14.103.122.90 port 40636 ssh2
Oct 14 12:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31033]: Received disconnect from 14.103.122.90 port 40636:11: Bye Bye [preauth]
Oct 14 12:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31033]: Disconnected from 14.103.122.90 port 40636 [preauth]
Oct 14 12:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27172]: pam_unix(cron:session): session closed for user root
Oct 14 12:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30886]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29788]: pam_unix(cron:session): session closed for user root
Oct 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31360]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31361]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31354]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31356]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31704]: Successful su for rubyman by root
Oct 14 12:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31704]: + ??? root:rubyman
Oct 14 12:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411187 of user rubyman.
Oct 14 12:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31704]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411187.
Oct 14 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31354]: pam_unix(cron:session): session closed for user root
Oct 14 12:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27942]: pam_unix(cron:session): session closed for user root
Oct 14 12:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31358]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30323]: pam_unix(cron:session): session closed for user root
Oct 14 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32102]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32105]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32103]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32104]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32105]: pam_unix(cron:session): session closed for user root
Oct 14 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32098]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32267]: Successful su for rubyman by root
Oct 14 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32267]: + ??? root:rubyman
Oct 14 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411194 of user rubyman.
Oct 14 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32267]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411194.
Oct 14 12:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32102]: pam_unix(cron:session): session closed for user root
Oct 14 12:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28423]: pam_unix(cron:session): session closed for user root
Oct 14 12:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32100]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30888]: pam_unix(cron:session): session closed for user root
Oct 14 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32660]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32659]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32657]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32751]: Successful su for rubyman by root
Oct 14 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32751]: + ??? root:rubyman
Oct 14 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32751]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411197 of user rubyman.
Oct 14 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32751]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411197.
Oct 14 12:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: Invalid user louis from 164.68.105.9
Oct 14 12:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: input_userauth_request: invalid user louis [preauth]
Oct 14 12:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 14 12:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: Failed password for invalid user louis from 164.68.105.9 port 41902 ssh2
Oct 14 12:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: Connection closed by 164.68.105.9 port 41902 [preauth]
Oct 14 12:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29258]: pam_unix(cron:session): session closed for user root
Oct 14 12:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32658]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31361]: pam_unix(cron:session): session closed for user root
Oct 14 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[671]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[670]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[668]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[742]: Successful su for rubyman by root
Oct 14 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[742]: + ??? root:rubyman
Oct 14 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[742]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411201 of user rubyman.
Oct 14 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[742]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411201.
Oct 14 12:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29787]: pam_unix(cron:session): session closed for user root
Oct 14 12:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[669]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: Invalid user azureuser from 14.103.122.90
Oct 14 12:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: input_userauth_request: invalid user azureuser [preauth]
Oct 14 12:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.122.90
Oct 14 12:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: Failed password for invalid user azureuser from 14.103.122.90 port 48072 ssh2
Oct 14 12:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: Received disconnect from 14.103.122.90 port 48072:11: Bye Bye [preauth]
Oct 14 12:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1112]: Disconnected from 14.103.122.90 port 48072 [preauth]
Oct 14 12:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32104]: pam_unix(cron:session): session closed for user root
Oct 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1233]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1239]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1231]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1317]: Successful su for rubyman by root
Oct 14 12:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1317]: + ??? root:rubyman
Oct 14 12:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411207 of user rubyman.
Oct 14 12:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1317]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411207.
Oct 14 12:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30314]: pam_unix(cron:session): session closed for user root
Oct 14 12:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1232]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32660]: pam_unix(cron:session): session closed for user root
Oct 14 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1743]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1742]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1740]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1816]: Successful su for rubyman by root
Oct 14 12:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1816]: + ??? root:rubyman
Oct 14 12:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411209 of user rubyman.
Oct 14 12:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1816]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411209.
Oct 14 12:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30887]: pam_unix(cron:session): session closed for user root
Oct 14 12:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1741]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[671]: pam_unix(cron:session): session closed for user root
Oct 14 12:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: Invalid user user from 62.60.131.157
Oct 14 12:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: input_userauth_request: invalid user user [preauth]
Oct 14 12:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 12:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: Failed password for invalid user user from 62.60.131.157 port 50249 ssh2
Oct 14 12:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: Failed password for invalid user user from 62.60.131.157 port 50249 ssh2
Oct 14 12:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: Failed password for invalid user user from 62.60.131.157 port 50249 ssh2
Oct 14 12:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: Failed password for invalid user user from 62.60.131.157 port 50249 ssh2
Oct 14 12:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: Failed password for invalid user user from 62.60.131.157 port 50249 ssh2
Oct 14 12:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: Received disconnect from 62.60.131.157 port 50249:11: Bye [preauth]
Oct 14 12:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: Disconnected from 62.60.131.157 port 50249 [preauth]
Oct 14 12:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 12:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2265]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2299]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2298]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2295]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2296]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2293]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2299]: pam_unix(cron:session): session closed for user root
Oct 14 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2293]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2373]: Successful su for rubyman by root
Oct 14 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2373]: + ??? root:rubyman
Oct 14 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411216 of user rubyman.
Oct 14 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2373]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411216.
Oct 14 12:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2295]: pam_unix(cron:session): session closed for user root
Oct 14 12:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31360]: pam_unix(cron:session): session closed for user root
Oct 14 12:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: Did not receive identification string from 80.211.129.128
Oct 14 12:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2294]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1239]: pam_unix(cron:session): session closed for user root
Oct 14 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2769]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2770]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2767]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2855]: Successful su for rubyman by root
Oct 14 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2855]: + ??? root:rubyman
Oct 14 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411219 of user rubyman.
Oct 14 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2855]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411219.
Oct 14 12:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32103]: pam_unix(cron:session): session closed for user root
Oct 14 12:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2768]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1743]: pam_unix(cron:session): session closed for user root
Oct 14 12:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Invalid user ajarami from 14.103.122.90
Oct 14 12:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: input_userauth_request: invalid user ajarami [preauth]
Oct 14 12:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.122.90
Oct 14 12:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Failed password for invalid user ajarami from 14.103.122.90 port 55538 ssh2
Oct 14 12:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Received disconnect from 14.103.122.90 port 55538:11: Bye Bye [preauth]
Oct 14 12:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3174]: Disconnected from 14.103.122.90 port 55538 [preauth]
Oct 14 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3225]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3227]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3218]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3218]: pam_unix(cron:session): session closed for user root
Oct 14 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3220]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3311]: Successful su for rubyman by root
Oct 14 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3311]: + ??? root:rubyman
Oct 14 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411223 of user rubyman.
Oct 14 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3311]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411223.
Oct 14 12:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32659]: pam_unix(cron:session): session closed for user root
Oct 14 12:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3224]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2298]: pam_unix(cron:session): session closed for user root
Oct 14 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3683]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3684]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3679]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3679]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3771]: Successful su for rubyman by root
Oct 14 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3771]: + ??? root:rubyman
Oct 14 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411228 of user rubyman.
Oct 14 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3771]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411228.
Oct 14 12:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[670]: pam_unix(cron:session): session closed for user root
Oct 14 12:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3682]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2770]: pam_unix(cron:session): session closed for user root
Oct 14 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4168]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4167]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4164]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4274]: Successful su for rubyman by root
Oct 14 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4274]: + ??? root:rubyman
Oct 14 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411232 of user rubyman.
Oct 14 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4274]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411232.
Oct 14 12:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1233]: pam_unix(cron:session): session closed for user root
Oct 14 12:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4165]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3227]: pam_unix(cron:session): session closed for user root
Oct 14 12:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: Invalid user oracle from 190.103.202.7
Oct 14 12:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: input_userauth_request: invalid user oracle [preauth]
Oct 14 12:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 14 12:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: Failed password for invalid user oracle from 190.103.202.7 port 55844 ssh2
Oct 14 12:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: Connection closed by 190.103.202.7 port 55844 [preauth]
Oct 14 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4691]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4693]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4689]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4694]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4687]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4694]: pam_unix(cron:session): session closed for user root
Oct 14 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4687]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4770]: Successful su for rubyman by root
Oct 14 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4770]: + ??? root:rubyman
Oct 14 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411239 of user rubyman.
Oct 14 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4770]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411239.
Oct 14 12:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4689]: pam_unix(cron:session): session closed for user root
Oct 14 12:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1742]: pam_unix(cron:session): session closed for user root
Oct 14 12:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4688]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3684]: pam_unix(cron:session): session closed for user root
Oct 14 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5668]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5669]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5666]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5756]: Successful su for rubyman by root
Oct 14 12:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5756]: + ??? root:rubyman
Oct 14 12:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411242 of user rubyman.
Oct 14 12:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5756]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411242.
Oct 14 12:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2296]: pam_unix(cron:session): session closed for user root
Oct 14 12:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5667]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: Did not receive identification string from 80.211.129.128
Oct 14 12:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4168]: pam_unix(cron:session): session closed for user root
Oct 14 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6142]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6141]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6139]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6220]: Successful su for rubyman by root
Oct 14 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6220]: + ??? root:rubyman
Oct 14 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411248 of user rubyman.
Oct 14 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6220]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411248.
Oct 14 12:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2769]: pam_unix(cron:session): session closed for user root
Oct 14 12:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6140]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4693]: pam_unix(cron:session): session closed for user root
Oct 14 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6692]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6693]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6690]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6688]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6764]: Successful su for rubyman by root
Oct 14 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6764]: + ??? root:rubyman
Oct 14 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411252 of user rubyman.
Oct 14 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6764]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411252.
Oct 14 12:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3225]: pam_unix(cron:session): session closed for user root
Oct 14 12:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6977]: Did not receive identification string from 193.32.162.146
Oct 14 12:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: Received disconnect from 2.57.122.26 port 34058:11: Bye Bye [preauth]
Oct 14 12:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6973]: Disconnected from 2.57.122.26 port 34058 [preauth]
Oct 14 12:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6690]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5669]: pam_unix(cron:session): session closed for user root
Oct 14 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7231]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7232]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7229]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7304]: Successful su for rubyman by root
Oct 14 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7304]: + ??? root:rubyman
Oct 14 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411254 of user rubyman.
Oct 14 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7304]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411254.
Oct 14 12:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3683]: pam_unix(cron:session): session closed for user root
Oct 14 12:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7230]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6142]: pam_unix(cron:session): session closed for user root
Oct 14 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7680]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7687]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7678]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7683]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7682]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7684]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7687]: pam_unix(cron:session): session closed for user root
Oct 14 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7678]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7780]: Successful su for rubyman by root
Oct 14 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7780]: + ??? root:rubyman
Oct 14 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411263 of user rubyman.
Oct 14 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7780]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411263.
Oct 14 12:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7682]: pam_unix(cron:session): session closed for user root
Oct 14 12:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4167]: pam_unix(cron:session): session closed for user root
Oct 14 12:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7680]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6693]: pam_unix(cron:session): session closed for user root
Oct 14 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8629]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8628]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8626]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8704]: Successful su for rubyman by root
Oct 14 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8704]: + ??? root:rubyman
Oct 14 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411265 of user rubyman.
Oct 14 12:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8704]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411265.
Oct 14 12:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4691]: pam_unix(cron:session): session closed for user root
Oct 14 12:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8627]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7232]: pam_unix(cron:session): session closed for user root
Oct 14 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9313]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9305]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9302]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9399]: Successful su for rubyman by root
Oct 14 12:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9399]: + ??? root:rubyman
Oct 14 12:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411269 of user rubyman.
Oct 14 12:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9399]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411269.
Oct 14 12:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5668]: pam_unix(cron:session): session closed for user root
Oct 14 12:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9304]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7684]: pam_unix(cron:session): session closed for user root
Oct 14 12:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Invalid user was from 51.159.29.84
Oct 14 12:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: input_userauth_request: invalid user was [preauth]
Oct 14 12:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 12:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Failed password for invalid user was from 51.159.29.84 port 41678 ssh2
Oct 14 12:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Received disconnect from 51.159.29.84 port 41678:11: Bye Bye [preauth]
Oct 14 12:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Disconnected from 51.159.29.84 port 41678 [preauth]
Oct 14 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9945]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9946]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9944]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9943]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9943]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10018]: Successful su for rubyman by root
Oct 14 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10018]: + ??? root:rubyman
Oct 14 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411274 of user rubyman.
Oct 14 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10018]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411274.
Oct 14 12:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6141]: pam_unix(cron:session): session closed for user root
Oct 14 12:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9944]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8629]: pam_unix(cron:session): session closed for user root
Oct 14 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10425]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10423]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10420]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10495]: Successful su for rubyman by root
Oct 14 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10495]: + ??? root:rubyman
Oct 14 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411276 of user rubyman.
Oct 14 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10495]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411276.
Oct 14 12:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6692]: pam_unix(cron:session): session closed for user root
Oct 14 12:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10422]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9313]: pam_unix(cron:session): session closed for user root
Oct 14 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10899]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10896]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10898]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10895]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10899]: pam_unix(cron:session): session closed for user root
Oct 14 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10893]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10975]: Successful su for rubyman by root
Oct 14 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10975]: + ??? root:rubyman
Oct 14 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411282 of user rubyman.
Oct 14 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10975]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411282.
Oct 14 12:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10895]: pam_unix(cron:session): session closed for user root
Oct 14 12:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7231]: pam_unix(cron:session): session closed for user root
Oct 14 12:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10894]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9946]: pam_unix(cron:session): session closed for user root
Oct 14 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84  user=root
Oct 14 12:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11316]: Failed password for root from 51.159.29.84 port 60740 ssh2
Oct 14 12:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11316]: Received disconnect from 51.159.29.84 port 60740:11: Bye Bye [preauth]
Oct 14 12:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11316]: Disconnected from 51.159.29.84 port 60740 [preauth]
Oct 14 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11386]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11381]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11379]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11458]: Successful su for rubyman by root
Oct 14 12:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11458]: + ??? root:rubyman
Oct 14 12:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411286 of user rubyman.
Oct 14 12:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11458]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411286.
Oct 14 12:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7683]: pam_unix(cron:session): session closed for user root
Oct 14 12:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11380]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10425]: pam_unix(cron:session): session closed for user root
Oct 14 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11950]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11949]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11947]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12012]: Successful su for rubyman by root
Oct 14 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12012]: + ??? root:rubyman
Oct 14 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411290 of user rubyman.
Oct 14 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12012]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411290.
Oct 14 12:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Invalid user neolinux from 51.159.29.84
Oct 14 12:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: input_userauth_request: invalid user neolinux [preauth]
Oct 14 12:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 12:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8628]: pam_unix(cron:session): session closed for user root
Oct 14 12:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Failed password for invalid user neolinux from 51.159.29.84 port 59344 ssh2
Oct 14 12:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Received disconnect from 51.159.29.84 port 59344:11: Bye Bye [preauth]
Oct 14 12:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Disconnected from 51.159.29.84 port 59344 [preauth]
Oct 14 12:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11948]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10898]: pam_unix(cron:session): session closed for user root
Oct 14 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12425]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12426]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12423]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12508]: Successful su for rubyman by root
Oct 14 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12508]: + ??? root:rubyman
Oct 14 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411297 of user rubyman.
Oct 14 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12508]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411297.
Oct 14 12:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9305]: pam_unix(cron:session): session closed for user root
Oct 14 12:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12424]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Invalid user sammy from 51.159.29.84
Oct 14 12:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: input_userauth_request: invalid user sammy [preauth]
Oct 14 12:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 12:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Failed password for invalid user sammy from 51.159.29.84 port 53804 ssh2
Oct 14 12:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Received disconnect from 51.159.29.84 port 53804:11: Bye Bye [preauth]
Oct 14 12:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Disconnected from 51.159.29.84 port 53804 [preauth]
Oct 14 12:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11386]: pam_unix(cron:session): session closed for user root
Oct 14 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12923]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12922]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13008]: Successful su for rubyman by root
Oct 14 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13008]: + ??? root:rubyman
Oct 14 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411299 of user rubyman.
Oct 14 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13008]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411299.
Oct 14 12:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9945]: pam_unix(cron:session): session closed for user root
Oct 14 12:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12921]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: Invalid user admin from 62.60.131.157
Oct 14 12:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: input_userauth_request: invalid user admin [preauth]
Oct 14 12:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 12:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: Failed password for invalid user admin from 62.60.131.157 port 62653 ssh2
Oct 14 12:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: Failed password for invalid user admin from 62.60.131.157 port 62653 ssh2
Oct 14 12:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: Failed password for invalid user admin from 62.60.131.157 port 62653 ssh2
Oct 14 12:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: Failed password for invalid user admin from 62.60.131.157 port 62653 ssh2
Oct 14 12:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: Failed password for invalid user admin from 62.60.131.157 port 62653 ssh2
Oct 14 12:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: Received disconnect from 62.60.131.157 port 62653:11: Bye [preauth]
Oct 14 12:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: Disconnected from 62.60.131.157 port 62653 [preauth]
Oct 14 12:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 12:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 12:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11950]: pam_unix(cron:session): session closed for user root
Oct 14 12:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84  user=root
Oct 14 12:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 12:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.76.232.30
Oct 14 12:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Failed password for root from 51.159.29.84 port 50244 ssh2
Oct 14 12:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Received disconnect from 51.159.29.84 port 50244:11: Bye Bye [preauth]
Oct 14 12:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Disconnected from 51.159.29.84 port 50244 [preauth]
Oct 14 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13538]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13537]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13540]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13536]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13535]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13540]: pam_unix(cron:session): session closed for user root
Oct 14 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13534]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13622]: Successful su for rubyman by root
Oct 14 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13622]: + ??? root:rubyman
Oct 14 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411302 of user rubyman.
Oct 14 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13622]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411302.
Oct 14 12:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13536]: pam_unix(cron:session): session closed for user root
Oct 14 12:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10423]: pam_unix(cron:session): session closed for user root
Oct 14 12:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13535]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12426]: pam_unix(cron:session): session closed for user root
Oct 14 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14129]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14128]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14126]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14217]: Successful su for rubyman by root
Oct 14 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14217]: + ??? root:rubyman
Oct 14 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14217]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411309 of user rubyman.
Oct 14 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14217]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411309.
Oct 14 12:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84  user=root
Oct 14 12:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14361]: Failed password for root from 51.159.29.84 port 55506 ssh2
Oct 14 12:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14361]: Received disconnect from 51.159.29.84 port 55506:11: Bye Bye [preauth]
Oct 14 12:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14361]: Disconnected from 51.159.29.84 port 55506 [preauth]
Oct 14 12:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10896]: pam_unix(cron:session): session closed for user root
Oct 14 12:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14127]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12923]: pam_unix(cron:session): session closed for user root
Oct 14 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14590]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14592]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14588]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14658]: Successful su for rubyman by root
Oct 14 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14658]: + ??? root:rubyman
Oct 14 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411314 of user rubyman.
Oct 14 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14658]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411314.
Oct 14 12:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11381]: pam_unix(cron:session): session closed for user root
Oct 14 12:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14589]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14920]: Invalid user ubuntu from 51.159.29.84
Oct 14 12:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14920]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 12:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14920]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 12:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14920]: Failed password for invalid user ubuntu from 51.159.29.84 port 45918 ssh2
Oct 14 12:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14920]: Received disconnect from 51.159.29.84 port 45918:11: Bye Bye [preauth]
Oct 14 12:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14920]: Disconnected from 51.159.29.84 port 45918 [preauth]
Oct 14 12:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13538]: pam_unix(cron:session): session closed for user root
Oct 14 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15152]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15151]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15149]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15221]: Successful su for rubyman by root
Oct 14 12:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15221]: + ??? root:rubyman
Oct 14 12:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411316 of user rubyman.
Oct 14 12:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15221]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411316.
Oct 14 12:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11949]: pam_unix(cron:session): session closed for user root
Oct 14 12:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15150]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14129]: pam_unix(cron:session): session closed for user root
Oct 14 12:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Invalid user VPN from 51.159.29.84
Oct 14 12:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: input_userauth_request: invalid user VPN [preauth]
Oct 14 12:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 12:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Failed password for invalid user VPN from 51.159.29.84 port 54194 ssh2
Oct 14 12:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Received disconnect from 51.159.29.84 port 54194:11: Bye Bye [preauth]
Oct 14 12:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Disconnected from 51.159.29.84 port 54194 [preauth]
Oct 14 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15603]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15602]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15596]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15599]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[15780]: Successful su for rubyman by root
Oct 14 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[15780]: + ??? root:rubyman
Oct 14 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[15780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411320 of user rubyman.
Oct 14 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[15780]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411320.
Oct 14 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15596]: pam_unix(cron:session): session closed for user root
Oct 14 12:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12425]: pam_unix(cron:session): session closed for user root
Oct 14 12:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15601]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14592]: pam_unix(cron:session): session closed for user root
Oct 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16165]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16164]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16162]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16166]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16166]: pam_unix(cron:session): session closed for user root
Oct 14 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16160]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16244]: Successful su for rubyman by root
Oct 14 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16244]: + ??? root:rubyman
Oct 14 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411326 of user rubyman.
Oct 14 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16244]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411326.
Oct 14 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84  user=root
Oct 14 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16242]: Failed password for root from 51.159.29.84 port 53454 ssh2
Oct 14 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16242]: Received disconnect from 51.159.29.84 port 53454:11: Bye Bye [preauth]
Oct 14 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16242]: Disconnected from 51.159.29.84 port 53454 [preauth]
Oct 14 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: Invalid user admin from 2.57.121.112
Oct 14 12:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: input_userauth_request: invalid user admin [preauth]
Oct 14 12:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 12:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16162]: pam_unix(cron:session): session closed for user root
Oct 14 12:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: Failed password for invalid user admin from 2.57.121.112 port 45778 ssh2
Oct 14 12:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12922]: pam_unix(cron:session): session closed for user root
Oct 14 12:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: Failed password for invalid user admin from 2.57.121.112 port 45778 ssh2
Oct 14 12:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: Failed password for invalid user admin from 2.57.121.112 port 45778 ssh2
Oct 14 12:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: Failed password for invalid user admin from 2.57.121.112 port 45778 ssh2
Oct 14 12:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: Failed password for invalid user admin from 2.57.121.112 port 45778 ssh2
Oct 14 12:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: Received disconnect from 2.57.121.112 port 45778:11: Bye [preauth]
Oct 14 12:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: Disconnected from 2.57.121.112 port 45778 [preauth]
Oct 14 12:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 12:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 12:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 14 12:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16161]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16508]: Failed password for root from 164.68.105.9 port 49234 ssh2
Oct 14 12:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16508]: Connection closed by 164.68.105.9 port 49234 [preauth]
Oct 14 12:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15152]: pam_unix(cron:session): session closed for user root
Oct 14 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16670]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16669]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16667]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16750]: Successful su for rubyman by root
Oct 14 12:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16750]: + ??? root:rubyman
Oct 14 12:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411331 of user rubyman.
Oct 14 12:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16750]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411331.
Oct 14 12:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13537]: pam_unix(cron:session): session closed for user root
Oct 14 12:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16668]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: Invalid user cesar from 51.159.29.84
Oct 14 12:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: input_userauth_request: invalid user cesar [preauth]
Oct 14 12:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 12:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: Failed password for invalid user cesar from 51.159.29.84 port 56888 ssh2
Oct 14 12:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: Received disconnect from 51.159.29.84 port 56888:11: Bye Bye [preauth]
Oct 14 12:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: Disconnected from 51.159.29.84 port 56888 [preauth]
Oct 14 12:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15603]: pam_unix(cron:session): session closed for user root
Oct 14 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17149]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17148]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17146]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17144]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17218]: Successful su for rubyman by root
Oct 14 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17218]: + ??? root:rubyman
Oct 14 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411335 of user rubyman.
Oct 14 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17218]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411335.
Oct 14 12:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14128]: pam_unix(cron:session): session closed for user root
Oct 14 12:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17146]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: Invalid user magento from 51.159.29.84
Oct 14 12:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: input_userauth_request: invalid user magento [preauth]
Oct 14 12:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 12:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16165]: pam_unix(cron:session): session closed for user root
Oct 14 12:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: Failed password for invalid user magento from 51.159.29.84 port 39090 ssh2
Oct 14 12:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: Received disconnect from 51.159.29.84 port 39090:11: Bye Bye [preauth]
Oct 14 12:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: Disconnected from 51.159.29.84 port 39090 [preauth]
Oct 14 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17592]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17596]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17590]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17680]: Successful su for rubyman by root
Oct 14 12:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17680]: + ??? root:rubyman
Oct 14 12:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411340 of user rubyman.
Oct 14 12:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17680]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411340.
Oct 14 12:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14590]: pam_unix(cron:session): session closed for user root
Oct 14 12:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17591]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16670]: pam_unix(cron:session): session closed for user root
Oct 14 12:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 12:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: Failed password for root from 80.211.129.128 port 58608 ssh2
Oct 14 12:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: Connection closed by 80.211.129.128 port 58608 [preauth]
Oct 14 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18265]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18267]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18263]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18442]: Successful su for rubyman by root
Oct 14 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18442]: + ??? root:rubyman
Oct 14 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411343 of user rubyman.
Oct 14 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18442]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411343.
Oct 14 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: Invalid user ava from 51.159.29.84
Oct 14 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: input_userauth_request: invalid user ava [preauth]
Oct 14 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 12:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: Failed password for invalid user ava from 51.159.29.84 port 34530 ssh2
Oct 14 12:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: Received disconnect from 51.159.29.84 port 34530:11: Bye Bye [preauth]
Oct 14 12:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18479]: Disconnected from 51.159.29.84 port 34530 [preauth]
Oct 14 12:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15151]: pam_unix(cron:session): session closed for user root
Oct 14 12:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18264]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18733]: Invalid user testsftp from 20.163.71.109
Oct 14 12:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18733]: input_userauth_request: invalid user testsftp [preauth]
Oct 14 12:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18733]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 12:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18733]: Failed password for invalid user testsftp from 20.163.71.109 port 60862 ssh2
Oct 14 12:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18733]: Connection closed by 20.163.71.109 port 60862 [preauth]
Oct 14 12:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17149]: pam_unix(cron:session): session closed for user root
Oct 14 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18855]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18856]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18854]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session closed for user root
Oct 14 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18852]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18974]: Successful su for rubyman by root
Oct 14 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18974]: + ??? root:rubyman
Oct 14 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18974]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411347 of user rubyman.
Oct 14 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18974]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411347.
Oct 14 12:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18855]: pam_unix(cron:session): session closed for user root
Oct 14 12:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15602]: pam_unix(cron:session): session closed for user root
Oct 14 12:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19280]: Did not receive identification string from 80.211.129.128
Oct 14 12:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18854]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84  user=root
Oct 14 12:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19571]: Failed password for root from 51.159.29.84 port 40612 ssh2
Oct 14 12:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19571]: Received disconnect from 51.159.29.84 port 40612:11: Bye Bye [preauth]
Oct 14 12:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19571]: Disconnected from 51.159.29.84 port 40612 [preauth]
Oct 14 12:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17596]: pam_unix(cron:session): session closed for user root
Oct 14 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19810]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19812]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19808]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19927]: Successful su for rubyman by root
Oct 14 12:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19927]: + ??? root:rubyman
Oct 14 12:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411354 of user rubyman.
Oct 14 12:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19927]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411354.
Oct 14 12:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16164]: pam_unix(cron:session): session closed for user root
Oct 14 12:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19809]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18267]: pam_unix(cron:session): session closed for user root
Oct 14 12:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: Invalid user dp from 51.159.29.84
Oct 14 12:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: input_userauth_request: invalid user dp [preauth]
Oct 14 12:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 12:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: Failed password for invalid user dp from 51.159.29.84 port 42040 ssh2
Oct 14 12:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: Received disconnect from 51.159.29.84 port 42040:11: Bye Bye [preauth]
Oct 14 12:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20331]: Disconnected from 51.159.29.84 port 42040 [preauth]
Oct 14 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20361]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20360]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20357]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20438]: Successful su for rubyman by root
Oct 14 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20438]: + ??? root:rubyman
Oct 14 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20438]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411358 of user rubyman.
Oct 14 12:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20438]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411358.
Oct 14 12:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16669]: pam_unix(cron:session): session closed for user root
Oct 14 12:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20358]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session closed for user root
Oct 14 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20832]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20833]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20830]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20900]: Successful su for rubyman by root
Oct 14 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20900]: + ??? root:rubyman
Oct 14 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411363 of user rubyman.
Oct 14 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20900]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411363.
Oct 14 12:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: Invalid user lee from 51.159.29.84
Oct 14 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: input_userauth_request: invalid user lee [preauth]
Oct 14 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 12:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: Failed password for invalid user lee from 51.159.29.84 port 38508 ssh2
Oct 14 12:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: Received disconnect from 51.159.29.84 port 38508:11: Bye Bye [preauth]
Oct 14 12:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20975]: Disconnected from 51.159.29.84 port 38508 [preauth]
Oct 14 12:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17148]: pam_unix(cron:session): session closed for user root
Oct 14 12:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20831]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19812]: pam_unix(cron:session): session closed for user root
Oct 14 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21266]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21267]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21263]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21404]: Successful su for rubyman by root
Oct 14 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21404]: + ??? root:rubyman
Oct 14 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411366 of user rubyman.
Oct 14 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21404]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411366.
Oct 14 12:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17592]: pam_unix(cron:session): session closed for user root
Oct 14 12:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21264]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84  user=root
Oct 14 12:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: Failed password for root from 51.159.29.84 port 51512 ssh2
Oct 14 12:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: Received disconnect from 51.159.29.84 port 51512:11: Bye Bye [preauth]
Oct 14 12:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: Disconnected from 51.159.29.84 port 51512 [preauth]
Oct 14 12:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20361]: pam_unix(cron:session): session closed for user root
Oct 14 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21804]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21808]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21807]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21805]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21808]: pam_unix(cron:session): session closed for user root
Oct 14 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21800]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21899]: Successful su for rubyman by root
Oct 14 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21899]: + ??? root:rubyman
Oct 14 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411369 of user rubyman.
Oct 14 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21899]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411369.
Oct 14 12:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21804]: pam_unix(cron:session): session closed for user root
Oct 14 12:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18265]: pam_unix(cron:session): session closed for user root
Oct 14 12:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21801]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84  user=root
Oct 14 12:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20833]: pam_unix(cron:session): session closed for user root
Oct 14 12:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22259]: Failed password for root from 51.159.29.84 port 43790 ssh2
Oct 14 12:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22259]: Received disconnect from 51.159.29.84 port 43790:11: Bye Bye [preauth]
Oct 14 12:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22259]: Disconnected from 51.159.29.84 port 43790 [preauth]
Oct 14 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22352]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22351]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22342]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22426]: Successful su for rubyman by root
Oct 14 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22426]: + ??? root:rubyman
Oct 14 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411375 of user rubyman.
Oct 14 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22426]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411375.
Oct 14 12:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18856]: pam_unix(cron:session): session closed for user root
Oct 14 12:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22349]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22715]: Invalid user zte from 37.59.110.4
Oct 14 12:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22715]: input_userauth_request: invalid user zte [preauth]
Oct 14 12:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22715]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 12:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22715]: Failed password for invalid user zte from 37.59.110.4 port 46082 ssh2
Oct 14 12:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22715]: Received disconnect from 37.59.110.4 port 46082:11: Bye Bye [preauth]
Oct 14 12:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22715]: Disconnected from 37.59.110.4 port 46082 [preauth]
Oct 14 12:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21267]: pam_unix(cron:session): session closed for user root
Oct 14 12:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Invalid user neo4j from 51.159.29.84
Oct 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: input_userauth_request: invalid user neo4j [preauth]
Oct 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23174]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23175]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23167]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Failed password for invalid user neo4j from 51.159.29.84 port 54760 ssh2
Oct 14 12:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Received disconnect from 51.159.29.84 port 54760:11: Bye Bye [preauth]
Oct 14 12:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Disconnected from 51.159.29.84 port 54760 [preauth]
Oct 14 12:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23263]: Successful su for rubyman by root
Oct 14 12:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23263]: + ??? root:rubyman
Oct 14 12:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411381 of user rubyman.
Oct 14 12:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23263]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411381.
Oct 14 12:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19810]: pam_unix(cron:session): session closed for user root
Oct 14 12:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: Invalid user keycloak from 172.245.92.99
Oct 14 12:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: input_userauth_request: invalid user keycloak [preauth]
Oct 14 12:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 12:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: Failed password for invalid user keycloak from 172.245.92.99 port 39798 ssh2
Oct 14 12:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: Received disconnect from 172.245.92.99 port 39798:11: Bye Bye [preauth]
Oct 14 12:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23797]: Disconnected from 172.245.92.99 port 39798 [preauth]
Oct 14 12:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23168]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21807]: pam_unix(cron:session): session closed for user root
Oct 14 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23999]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24001]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23994]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24082]: Successful su for rubyman by root
Oct 14 12:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24082]: + ??? root:rubyman
Oct 14 12:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411385 of user rubyman.
Oct 14 12:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24082]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411385.
Oct 14 12:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20360]: pam_unix(cron:session): session closed for user root
Oct 14 12:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23996]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84  user=root
Oct 14 12:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: Failed password for root from 51.159.29.84 port 59892 ssh2
Oct 14 12:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: Received disconnect from 51.159.29.84 port 59892:11: Bye Bye [preauth]
Oct 14 12:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: Disconnected from 51.159.29.84 port 59892 [preauth]
Oct 14 12:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22352]: pam_unix(cron:session): session closed for user root
Oct 14 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24517]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24518]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24514]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24611]: Successful su for rubyman by root
Oct 14 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24611]: + ??? root:rubyman
Oct 14 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24611]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411388 of user rubyman.
Oct 14 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24611]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411388.
Oct 14 12:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20832]: pam_unix(cron:session): session closed for user root
Oct 14 12:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 12:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24823]: Failed password for root from 37.59.110.4 port 56146 ssh2
Oct 14 12:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24823]: Received disconnect from 37.59.110.4 port 56146:11: Bye Bye [preauth]
Oct 14 12:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24823]: Disconnected from 37.59.110.4 port 56146 [preauth]
Oct 14 12:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24515]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84  user=root
Oct 14 12:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23175]: pam_unix(cron:session): session closed for user root
Oct 14 12:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: Failed password for root from 51.159.29.84 port 44866 ssh2
Oct 14 12:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: Received disconnect from 51.159.29.84 port 44866:11: Bye Bye [preauth]
Oct 14 12:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: Disconnected from 51.159.29.84 port 44866 [preauth]
Oct 14 12:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: Invalid user jose from 172.245.92.99
Oct 14 12:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: input_userauth_request: invalid user jose [preauth]
Oct 14 12:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 12:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: Failed password for invalid user jose from 172.245.92.99 port 47684 ssh2
Oct 14 12:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: Received disconnect from 172.245.92.99 port 47684:11: Bye Bye [preauth]
Oct 14 12:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: Disconnected from 172.245.92.99 port 47684 [preauth]
Oct 14 12:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86  user=root
Oct 14 12:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25000]: Failed password for root from 200.90.8.86 port 42538 ssh2
Oct 14 12:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25000]: Received disconnect from 200.90.8.86 port 42538:11: Bye Bye [preauth]
Oct 14 12:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25000]: Disconnected from 200.90.8.86 port 42538 [preauth]
Oct 14 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25023]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25024]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25025]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25025]: pam_unix(cron:session): session closed for user root
Oct 14 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25014]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: Successful su for rubyman by root
Oct 14 12:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: + ??? root:rubyman
Oct 14 12:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411396 of user rubyman.
Oct 14 12:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411396.
Oct 14 12:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session closed for user root
Oct 14 12:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21266]: pam_unix(cron:session): session closed for user root
Oct 14 12:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25015]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 12:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25650]: Failed password for root from 37.59.110.4 port 38052 ssh2
Oct 14 12:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25650]: Received disconnect from 37.59.110.4 port 38052:11: Bye Bye [preauth]
Oct 14 12:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25650]: Disconnected from 37.59.110.4 port 38052 [preauth]
Oct 14 12:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24001]: pam_unix(cron:session): session closed for user root
Oct 14 12:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25739]: Invalid user sean from 51.159.29.84
Oct 14 12:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25739]: input_userauth_request: invalid user sean [preauth]
Oct 14 12:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25739]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 12:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25739]: Failed password for invalid user sean from 51.159.29.84 port 40236 ssh2
Oct 14 12:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25739]: Received disconnect from 51.159.29.84 port 40236:11: Bye Bye [preauth]
Oct 14 12:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25739]: Disconnected from 51.159.29.84 port 40236 [preauth]
Oct 14 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25756]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25757]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25753]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25937]: Successful su for rubyman by root
Oct 14 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25937]: + ??? root:rubyman
Oct 14 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25937]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411399 of user rubyman.
Oct 14 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25937]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411399.
Oct 14 12:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21805]: pam_unix(cron:session): session closed for user root
Oct 14 12:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25755]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99  user=root
Oct 14 12:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26197]: Failed password for root from 172.245.92.99 port 59528 ssh2
Oct 14 12:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26197]: Received disconnect from 172.245.92.99 port 59528:11: Bye Bye [preauth]
Oct 14 12:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26197]: Disconnected from 172.245.92.99 port 59528 [preauth]
Oct 14 12:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24518]: pam_unix(cron:session): session closed for user root
Oct 14 12:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 12:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: Invalid user a from 167.99.49.89
Oct 14 12:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: input_userauth_request: invalid user a [preauth]
Oct 14 12:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: Failed password for root from 37.59.110.4 port 42564 ssh2
Oct 14 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: Received disconnect from 37.59.110.4 port 42564:11: Bye Bye [preauth]
Oct 14 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: Disconnected from 37.59.110.4 port 42564 [preauth]
Oct 14 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: Failed password for invalid user a from 167.99.49.89 port 52800 ssh2
Oct 14 12:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: Received disconnect from 167.99.49.89 port 52800:11: Bye Bye [preauth]
Oct 14 12:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: Disconnected from 167.99.49.89 port 52800 [preauth]
Oct 14 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26355]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26354]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26351]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26519]: Successful su for rubyman by root
Oct 14 12:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26519]: + ??? root:rubyman
Oct 14 12:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411404 of user rubyman.
Oct 14 12:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26519]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411404.
Oct 14 12:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22351]: pam_unix(cron:session): session closed for user root
Oct 14 12:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26765]: Invalid user dmdba from 4.240.94.164
Oct 14 12:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26765]: input_userauth_request: invalid user dmdba [preauth]
Oct 14 12:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26765]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 12:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26353]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: Invalid user demo from 51.159.29.84
Oct 14 12:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: input_userauth_request: invalid user demo [preauth]
Oct 14 12:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 12:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26765]: Failed password for invalid user dmdba from 4.240.94.164 port 37778 ssh2
Oct 14 12:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26765]: Received disconnect from 4.240.94.164 port 37778:11: Bye Bye [preauth]
Oct 14 12:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26765]: Disconnected from 4.240.94.164 port 37778 [preauth]
Oct 14 12:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: Failed password for invalid user demo from 51.159.29.84 port 39210 ssh2
Oct 14 12:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: Received disconnect from 51.159.29.84 port 39210:11: Bye Bye [preauth]
Oct 14 12:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: Disconnected from 51.159.29.84 port 39210 [preauth]
Oct 14 12:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25024]: pam_unix(cron:session): session closed for user root
Oct 14 12:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: Invalid user mysftp from 172.245.92.99
Oct 14 12:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: input_userauth_request: invalid user mysftp [preauth]
Oct 14 12:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 12:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: Failed password for invalid user mysftp from 172.245.92.99 port 49316 ssh2
Oct 14 12:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: Received disconnect from 172.245.92.99 port 49316:11: Bye Bye [preauth]
Oct 14 12:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: Disconnected from 172.245.92.99 port 49316 [preauth]
Oct 14 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27132]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27133]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27131]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27130]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27223]: Successful su for rubyman by root
Oct 14 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27223]: + ??? root:rubyman
Oct 14 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27223]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411405 of user rubyman.
Oct 14 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27223]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411405.
Oct 14 12:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23174]: pam_unix(cron:session): session closed for user root
Oct 14 12:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27421]: Invalid user mysftp from 37.59.110.4
Oct 14 12:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27421]: input_userauth_request: invalid user mysftp [preauth]
Oct 14 12:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27421]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 12:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27421]: Failed password for invalid user mysftp from 37.59.110.4 port 59848 ssh2
Oct 14 12:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27421]: Received disconnect from 37.59.110.4 port 59848:11: Bye Bye [preauth]
Oct 14 12:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27421]: Disconnected from 37.59.110.4 port 59848 [preauth]
Oct 14 12:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27131]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25757]: pam_unix(cron:session): session closed for user root
Oct 14 12:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27742]: Invalid user casino from 51.159.29.84
Oct 14 12:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27742]: input_userauth_request: invalid user casino [preauth]
Oct 14 12:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27742]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 12:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27742]: Failed password for invalid user casino from 51.159.29.84 port 51986 ssh2
Oct 14 12:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27742]: Received disconnect from 51.159.29.84 port 51986:11: Bye Bye [preauth]
Oct 14 12:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27742]: Disconnected from 51.159.29.84 port 51986 [preauth]
Oct 14 12:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27904]: Invalid user postgres from 200.90.8.86
Oct 14 12:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27904]: input_userauth_request: invalid user postgres [preauth]
Oct 14 12:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27904]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 12:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27904]: Failed password for invalid user postgres from 200.90.8.86 port 32954 ssh2
Oct 14 12:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27904]: Received disconnect from 200.90.8.86 port 32954:11: Bye Bye [preauth]
Oct 14 12:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27904]: Disconnected from 200.90.8.86 port 32954 [preauth]
Oct 14 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27911]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27909]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27907]: pam_unix(cron:session): session closed for user p13x
Oct 14 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27995]: Successful su for rubyman by root
Oct 14 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27995]: + ??? root:rubyman
Oct 14 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411409 of user rubyman.
Oct 14 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27995]: pam_unix(su:session): session closed for user rubyman
Oct 14 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411409.
Oct 14 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: Invalid user dima from 172.245.92.99
Oct 14 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: input_userauth_request: invalid user dima [preauth]
Oct 14 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 12:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: Failed password for invalid user dima from 172.245.92.99 port 40342 ssh2
Oct 14 12:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: Received disconnect from 172.245.92.99 port 40342:11: Bye Bye [preauth]
Oct 14 12:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: Disconnected from 172.245.92.99 port 40342 [preauth]
Oct 14 12:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23999]: pam_unix(cron:session): session closed for user root
Oct 14 12:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28209]: Did not receive identification string from 194.0.234.20
Oct 14 12:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27908]: pam_unix(cron:session): session closed for user samftp
Oct 14 12:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: Invalid user myuser from 167.99.49.89
Oct 14 12:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: input_userauth_request: invalid user myuser [preauth]
Oct 14 12:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 12:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: Failed password for invalid user myuser from 167.99.49.89 port 50368 ssh2
Oct 14 12:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: Received disconnect from 167.99.49.89 port 50368:11: Bye Bye [preauth]
Oct 14 12:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: Disconnected from 167.99.49.89 port 50368 [preauth]
Oct 14 12:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 12:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: Invalid user yyy from 37.59.110.4
Oct 14 12:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: input_userauth_request: invalid user yyy [preauth]
Oct 14 12:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 12:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 12:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: Failed password for invalid user yyy from 37.59.110.4 port 57352 ssh2
Oct 14 12:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: Received disconnect from 37.59.110.4 port 57352:11: Bye Bye [preauth]
Oct 14 12:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: Disconnected from 37.59.110.4 port 57352 [preauth]
Oct 14 12:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26355]: pam_unix(cron:session): session closed for user root
Oct 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28408]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28404]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28402]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28405]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28407]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28402]: pam_unix(cron:session): session closed for user root
Oct 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28408]: pam_unix(cron:session): session closed for user root
Oct 14 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28400]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28765]: Successful su for rubyman by root
Oct 14 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28765]: + ??? root:rubyman
Oct 14 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411415 of user rubyman.
Oct 14 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28765]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411415.
Oct 14 13:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28847]: Invalid user joao from 51.159.29.84
Oct 14 13:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28847]: input_userauth_request: invalid user joao [preauth]
Oct 14 13:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28847]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 13:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28847]: Failed password for invalid user joao from 51.159.29.84 port 33974 ssh2
Oct 14 13:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28847]: Received disconnect from 51.159.29.84 port 33974:11: Bye Bye [preauth]
Oct 14 13:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28847]: Disconnected from 51.159.29.84 port 33974 [preauth]
Oct 14 13:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28404]: pam_unix(cron:session): session closed for user root
Oct 14 13:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24517]: pam_unix(cron:session): session closed for user root
Oct 14 13:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Invalid user zte from 172.245.92.99
Oct 14 13:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: input_userauth_request: invalid user zte [preauth]
Oct 14 13:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 13:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Failed password for invalid user zte from 172.245.92.99 port 54552 ssh2
Oct 14 13:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Received disconnect from 172.245.92.99 port 54552:11: Bye Bye [preauth]
Oct 14 13:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Disconnected from 172.245.92.99 port 54552 [preauth]
Oct 14 13:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28401]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27133]: pam_unix(cron:session): session closed for user root
Oct 14 13:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: Invalid user www from 167.99.49.89
Oct 14 13:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: input_userauth_request: invalid user www [preauth]
Oct 14 13:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: Failed password for invalid user www from 167.99.49.89 port 49470 ssh2
Oct 14 13:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: Received disconnect from 167.99.49.89 port 49470:11: Bye Bye [preauth]
Oct 14 13:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: Disconnected from 167.99.49.89 port 49470 [preauth]
Oct 14 13:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 13:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: Failed password for root from 37.59.110.4 port 46206 ssh2
Oct 14 13:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: Received disconnect from 37.59.110.4 port 46206:11: Bye Bye [preauth]
Oct 14 13:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: Disconnected from 37.59.110.4 port 46206 [preauth]
Oct 14 13:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: Invalid user jenkins from 200.90.8.86
Oct 14 13:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 13:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: Failed password for invalid user jenkins from 200.90.8.86 port 49740 ssh2
Oct 14 13:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: Received disconnect from 200.90.8.86 port 49740:11: Bye Bye [preauth]
Oct 14 13:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: Disconnected from 200.90.8.86 port 49740 [preauth]
Oct 14 13:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: Invalid user abc from 4.240.94.164
Oct 14 13:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: input_userauth_request: invalid user abc [preauth]
Oct 14 13:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: Failed password for invalid user abc from 4.240.94.164 port 33502 ssh2
Oct 14 13:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: Received disconnect from 4.240.94.164 port 33502:11: Bye Bye [preauth]
Oct 14 13:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: Disconnected from 4.240.94.164 port 33502 [preauth]
Oct 14 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29381]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29382]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29377]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29467]: Successful su for rubyman by root
Oct 14 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29467]: + ??? root:rubyman
Oct 14 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411421 of user rubyman.
Oct 14 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29467]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411421.
Oct 14 13:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25023]: pam_unix(cron:session): session closed for user root
Oct 14 13:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: Did not receive identification string from 80.211.129.128
Oct 14 13:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29379]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29736]: User john from 51.159.29.84 not allowed because not listed in AllowUsers
Oct 14 13:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29736]: input_userauth_request: invalid user john [preauth]
Oct 14 13:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84  user=john
Oct 14 13:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29736]: Failed password for invalid user john from 51.159.29.84 port 32810 ssh2
Oct 14 13:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29736]: Received disconnect from 51.159.29.84 port 32810:11: Bye Bye [preauth]
Oct 14 13:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29736]: Disconnected from 51.159.29.84 port 32810 [preauth]
Oct 14 13:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: Invalid user administrador from 172.245.92.99
Oct 14 13:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: input_userauth_request: invalid user administrador [preauth]
Oct 14 13:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 13:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27911]: pam_unix(cron:session): session closed for user root
Oct 14 13:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: Failed password for invalid user administrador from 172.245.92.99 port 35720 ssh2
Oct 14 13:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: Received disconnect from 172.245.92.99 port 35720:11: Bye Bye [preauth]
Oct 14 13:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29782]: Disconnected from 172.245.92.99 port 35720 [preauth]
Oct 14 13:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: Invalid user sysadmin from 167.99.49.89
Oct 14 13:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: input_userauth_request: invalid user sysadmin [preauth]
Oct 14 13:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: Failed password for invalid user sysadmin from 167.99.49.89 port 57618 ssh2
Oct 14 13:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: Received disconnect from 167.99.49.89 port 57618:11: Bye Bye [preauth]
Oct 14 13:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: Disconnected from 167.99.49.89 port 57618 [preauth]
Oct 14 13:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: Invalid user test from 37.59.110.4
Oct 14 13:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: input_userauth_request: invalid user test [preauth]
Oct 14 13:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 13:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: Failed password for invalid user test from 37.59.110.4 port 37518 ssh2
Oct 14 13:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: Received disconnect from 37.59.110.4 port 37518:11: Bye Bye [preauth]
Oct 14 13:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: Disconnected from 37.59.110.4 port 37518 [preauth]
Oct 14 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29902]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29900]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29898]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29981]: Successful su for rubyman by root
Oct 14 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29981]: + ??? root:rubyman
Oct 14 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411427 of user rubyman.
Oct 14 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29981]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411427.
Oct 14 13:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25756]: pam_unix(cron:session): session closed for user root
Oct 14 13:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29899]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30280]: Invalid user tempuser from 200.90.8.86
Oct 14 13:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30280]: input_userauth_request: invalid user tempuser [preauth]
Oct 14 13:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30280]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30280]: Failed password for invalid user tempuser from 200.90.8.86 port 35932 ssh2
Oct 14 13:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30280]: Received disconnect from 200.90.8.86 port 35932:11: Bye Bye [preauth]
Oct 14 13:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30280]: Disconnected from 200.90.8.86 port 35932 [preauth]
Oct 14 13:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: Invalid user git from 4.240.94.164
Oct 14 13:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: input_userauth_request: invalid user git [preauth]
Oct 14 13:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84  user=root
Oct 14 13:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: Failed password for invalid user git from 4.240.94.164 port 37068 ssh2
Oct 14 13:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: Received disconnect from 4.240.94.164 port 37068:11: Bye Bye [preauth]
Oct 14 13:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: Disconnected from 4.240.94.164 port 37068 [preauth]
Oct 14 13:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: Failed password for root from 51.159.29.84 port 50018 ssh2
Oct 14 13:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28407]: pam_unix(cron:session): session closed for user root
Oct 14 13:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: Received disconnect from 51.159.29.84 port 50018:11: Bye Bye [preauth]
Oct 14 13:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: Disconnected from 51.159.29.84 port 50018 [preauth]
Oct 14 13:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30413]: Invalid user osvaldo from 172.245.92.99
Oct 14 13:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30413]: input_userauth_request: invalid user osvaldo [preauth]
Oct 14 13:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30413]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 13:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30413]: Failed password for invalid user osvaldo from 172.245.92.99 port 45234 ssh2
Oct 14 13:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30413]: Received disconnect from 172.245.92.99 port 45234:11: Bye Bye [preauth]
Oct 14 13:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30413]: Disconnected from 172.245.92.99 port 45234 [preauth]
Oct 14 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30432]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30427]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30425]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30590]: Successful su for rubyman by root
Oct 14 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30590]: + ??? root:rubyman
Oct 14 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411429 of user rubyman.
Oct 14 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30590]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411429.
Oct 14 13:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Invalid user frappe from 167.99.49.89
Oct 14 13:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: input_userauth_request: invalid user frappe [preauth]
Oct 14 13:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Failed password for invalid user frappe from 167.99.49.89 port 37958 ssh2
Oct 14 13:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Received disconnect from 167.99.49.89 port 37958:11: Bye Bye [preauth]
Oct 14 13:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Disconnected from 167.99.49.89 port 37958 [preauth]
Oct 14 13:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26354]: pam_unix(cron:session): session closed for user root
Oct 14 13:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Invalid user systemd from 37.59.110.4
Oct 14 13:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: input_userauth_request: invalid user systemd [preauth]
Oct 14 13:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 13:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Failed password for invalid user systemd from 37.59.110.4 port 38942 ssh2
Oct 14 13:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Received disconnect from 37.59.110.4 port 38942:11: Bye Bye [preauth]
Oct 14 13:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Disconnected from 37.59.110.4 port 38942 [preauth]
Oct 14 13:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30426]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29382]: pam_unix(cron:session): session closed for user root
Oct 14 13:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84  user=root
Oct 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30978]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30979]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30977]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30976]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30976]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30972]: Failed password for root from 51.159.29.84 port 39020 ssh2
Oct 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30972]: Received disconnect from 51.159.29.84 port 39020:11: Bye Bye [preauth]
Oct 14 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30972]: Disconnected from 51.159.29.84 port 39020 [preauth]
Oct 14 13:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31080]: Successful su for rubyman by root
Oct 14 13:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31080]: + ??? root:rubyman
Oct 14 13:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411434 of user rubyman.
Oct 14 13:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31080]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411434.
Oct 14 13:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27132]: pam_unix(cron:session): session closed for user root
Oct 14 13:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: Invalid user abc from 200.90.8.86
Oct 14 13:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: input_userauth_request: invalid user abc [preauth]
Oct 14 13:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: Failed password for invalid user abc from 200.90.8.86 port 46964 ssh2
Oct 14 13:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: Received disconnect from 200.90.8.86 port 46964:11: Bye Bye [preauth]
Oct 14 13:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: Disconnected from 200.90.8.86 port 46964 [preauth]
Oct 14 13:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: Invalid user paula from 172.245.92.99
Oct 14 13:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: input_userauth_request: invalid user paula [preauth]
Oct 14 13:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 13:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30977]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: Failed password for invalid user paula from 172.245.92.99 port 59706 ssh2
Oct 14 13:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: Received disconnect from 172.245.92.99 port 59706:11: Bye Bye [preauth]
Oct 14 13:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: Disconnected from 172.245.92.99 port 59706 [preauth]
Oct 14 13:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: User backup from 167.99.49.89 not allowed because not listed in AllowUsers
Oct 14 13:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: input_userauth_request: invalid user backup [preauth]
Oct 14 13:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89  user=backup
Oct 14 13:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: Failed password for invalid user backup from 167.99.49.89 port 47352 ssh2
Oct 14 13:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: Received disconnect from 167.99.49.89 port 47352:11: Bye Bye [preauth]
Oct 14 13:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: Disconnected from 167.99.49.89 port 47352 [preauth]
Oct 14 13:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: Invalid user igor from 37.59.110.4
Oct 14 13:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: input_userauth_request: invalid user igor [preauth]
Oct 14 13:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 13:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: Invalid user teamspeak3 from 4.240.94.164
Oct 14 13:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: input_userauth_request: invalid user teamspeak3 [preauth]
Oct 14 13:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: Failed password for invalid user igor from 37.59.110.4 port 35384 ssh2
Oct 14 13:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: Received disconnect from 37.59.110.4 port 35384:11: Bye Bye [preauth]
Oct 14 13:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: Disconnected from 37.59.110.4 port 35384 [preauth]
Oct 14 13:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: Failed password for invalid user teamspeak3 from 4.240.94.164 port 45988 ssh2
Oct 14 13:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: Received disconnect from 4.240.94.164 port 45988:11: Bye Bye [preauth]
Oct 14 13:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: Disconnected from 4.240.94.164 port 45988 [preauth]
Oct 14 13:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29902]: pam_unix(cron:session): session closed for user root
Oct 14 13:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31407]: Did not receive identification string from 80.211.129.128
Oct 14 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31517]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31514]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31515]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31516]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31517]: pam_unix(cron:session): session closed for user root
Oct 14 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31512]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[31717]: Successful su for rubyman by root
Oct 14 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[31717]: + ??? root:rubyman
Oct 14 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[31717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411440 of user rubyman.
Oct 14 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[31717]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411440.
Oct 14 13:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31514]: pam_unix(cron:session): session closed for user root
Oct 14 13:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27909]: pam_unix(cron:session): session closed for user root
Oct 14 13:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31942]: Invalid user solana from 51.159.29.84
Oct 14 13:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31942]: input_userauth_request: invalid user solana [preauth]
Oct 14 13:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31942]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 13:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31942]: Failed password for invalid user solana from 51.159.29.84 port 32852 ssh2
Oct 14 13:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31942]: Received disconnect from 51.159.29.84 port 32852:11: Bye Bye [preauth]
Oct 14 13:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31942]: Disconnected from 51.159.29.84 port 32852 [preauth]
Oct 14 13:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31513]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31999]: Did not receive identification string from 80.211.129.128
Oct 14 13:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: Invalid user lbx from 103.143.238.207
Oct 14 13:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: input_userauth_request: invalid user lbx [preauth]
Oct 14 13:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: Failed password for invalid user lbx from 103.143.238.207 port 46568 ssh2
Oct 14 13:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: Received disconnect from 103.143.238.207 port 46568:11: Bye Bye [preauth]
Oct 14 13:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: Disconnected from 103.143.238.207 port 46568 [preauth]
Oct 14 13:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Invalid user runner from 167.99.49.89
Oct 14 13:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: input_userauth_request: invalid user runner [preauth]
Oct 14 13:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Failed password for invalid user runner from 167.99.49.89 port 57818 ssh2
Oct 14 13:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Received disconnect from 167.99.49.89 port 57818:11: Bye Bye [preauth]
Oct 14 13:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Disconnected from 167.99.49.89 port 57818 [preauth]
Oct 14 13:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99  user=root
Oct 14 13:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: Failed password for root from 172.245.92.99 port 52834 ssh2
Oct 14 13:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: Received disconnect from 172.245.92.99 port 52834:11: Bye Bye [preauth]
Oct 14 13:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: Disconnected from 172.245.92.99 port 52834 [preauth]
Oct 14 13:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30432]: pam_unix(cron:session): session closed for user root
Oct 14 13:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 13:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32071]: Failed password for root from 37.59.110.4 port 55756 ssh2
Oct 14 13:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32071]: Received disconnect from 37.59.110.4 port 55756:11: Bye Bye [preauth]
Oct 14 13:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32071]: Disconnected from 37.59.110.4 port 55756 [preauth]
Oct 14 13:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: Invalid user ftpuser from 200.90.8.86
Oct 14 13:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 13:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: Failed password for invalid user ftpuser from 200.90.8.86 port 59700 ssh2
Oct 14 13:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: Received disconnect from 200.90.8.86 port 59700:11: Bye Bye [preauth]
Oct 14 13:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: Disconnected from 200.90.8.86 port 59700 [preauth]
Oct 14 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32223]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32222]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32219]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32300]: Successful su for rubyman by root
Oct 14 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32300]: + ??? root:rubyman
Oct 14 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411442 of user rubyman.
Oct 14 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32300]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411442.
Oct 14 13:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28405]: pam_unix(cron:session): session closed for user root
Oct 14 13:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32496]: Invalid user ali from 4.240.94.164
Oct 14 13:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32496]: input_userauth_request: invalid user ali [preauth]
Oct 14 13:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32496]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32496]: Failed password for invalid user ali from 4.240.94.164 port 39642 ssh2
Oct 14 13:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32496]: Received disconnect from 4.240.94.164 port 39642:11: Bye Bye [preauth]
Oct 14 13:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32496]: Disconnected from 4.240.94.164 port 39642 [preauth]
Oct 14 13:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32221]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: Invalid user almalinux from 51.159.29.84
Oct 14 13:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: input_userauth_request: invalid user almalinux [preauth]
Oct 14 13:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: Failed password for invalid user almalinux from 51.159.29.84 port 44880 ssh2
Oct 14 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: Received disconnect from 51.159.29.84 port 44880:11: Bye Bye [preauth]
Oct 14 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: Disconnected from 51.159.29.84 port 44880 [preauth]
Oct 14 13:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30979]: pam_unix(cron:session): session closed for user root
Oct 14 13:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: Invalid user a from 167.99.49.89
Oct 14 13:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: input_userauth_request: invalid user a [preauth]
Oct 14 13:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: Invalid user erp from 186.96.145.241
Oct 14 13:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: input_userauth_request: invalid user erp [preauth]
Oct 14 13:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 14 13:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: Failed password for invalid user a from 167.99.49.89 port 33354 ssh2
Oct 14 13:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: Received disconnect from 167.99.49.89 port 33354:11: Bye Bye [preauth]
Oct 14 13:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: Disconnected from 167.99.49.89 port 33354 [preauth]
Oct 14 13:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: Failed password for invalid user erp from 186.96.145.241 port 33214 ssh2
Oct 14 13:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32639]: Connection closed by 186.96.145.241 port 33214 [preauth]
Oct 14 13:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32669]: Invalid user del from 37.59.110.4
Oct 14 13:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32669]: input_userauth_request: invalid user del [preauth]
Oct 14 13:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32669]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 13:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: Invalid user es from 172.245.92.99
Oct 14 13:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: input_userauth_request: invalid user es [preauth]
Oct 14 13:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 13:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32669]: Failed password for invalid user del from 37.59.110.4 port 49906 ssh2
Oct 14 13:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32669]: Received disconnect from 37.59.110.4 port 49906:11: Bye Bye [preauth]
Oct 14 13:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32669]: Disconnected from 37.59.110.4 port 49906 [preauth]
Oct 14 13:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: Failed password for invalid user es from 172.245.92.99 port 50024 ssh2
Oct 14 13:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: Received disconnect from 172.245.92.99 port 50024:11: Bye Bye [preauth]
Oct 14 13:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32680]: Disconnected from 172.245.92.99 port 50024 [preauth]
Oct 14 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32699]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32698]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32696]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[309]: Successful su for rubyman by root
Oct 14 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[309]: + ??? root:rubyman
Oct 14 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411446 of user rubyman.
Oct 14 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[309]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411446.
Oct 14 13:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29381]: pam_unix(cron:session): session closed for user root
Oct 14 13:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32697]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: Invalid user minecraft from 200.90.8.86
Oct 14 13:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 13:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: Failed password for invalid user minecraft from 200.90.8.86 port 44988 ssh2
Oct 14 13:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: Received disconnect from 200.90.8.86 port 44988:11: Bye Bye [preauth]
Oct 14 13:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: Disconnected from 200.90.8.86 port 44988 [preauth]
Oct 14 13:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31516]: pam_unix(cron:session): session closed for user root
Oct 14 13:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[664]: Invalid user mir from 51.159.29.84
Oct 14 13:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[664]: input_userauth_request: invalid user mir [preauth]
Oct 14 13:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[664]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 13:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[675]: Invalid user testuser from 167.99.49.89
Oct 14 13:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[675]: input_userauth_request: invalid user testuser [preauth]
Oct 14 13:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[675]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[664]: Failed password for invalid user mir from 51.159.29.84 port 54834 ssh2
Oct 14 13:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[664]: Received disconnect from 51.159.29.84 port 54834:11: Bye Bye [preauth]
Oct 14 13:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[664]: Disconnected from 51.159.29.84 port 54834 [preauth]
Oct 14 13:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[675]: Failed password for invalid user testuser from 167.99.49.89 port 40492 ssh2
Oct 14 13:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[675]: Received disconnect from 167.99.49.89 port 40492:11: Bye Bye [preauth]
Oct 14 13:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[675]: Disconnected from 167.99.49.89 port 40492 [preauth]
Oct 14 13:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207  user=root
Oct 14 13:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[698]: Invalid user sftpuser from 4.240.94.164
Oct 14 13:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[698]: input_userauth_request: invalid user sftpuser [preauth]
Oct 14 13:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[698]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: Failed password for root from 103.143.238.207 port 35972 ssh2
Oct 14 13:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: Received disconnect from 103.143.238.207 port 35972:11: Bye Bye [preauth]
Oct 14 13:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[696]: Disconnected from 103.143.238.207 port 35972 [preauth]
Oct 14 13:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[698]: Failed password for invalid user sftpuser from 4.240.94.164 port 60602 ssh2
Oct 14 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[698]: Received disconnect from 4.240.94.164 port 60602:11: Bye Bye [preauth]
Oct 14 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[698]: Disconnected from 4.240.94.164 port 60602 [preauth]
Oct 14 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[706]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[705]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[701]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[797]: Successful su for rubyman by root
Oct 14 13:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[797]: + ??? root:rubyman
Oct 14 13:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411450 of user rubyman.
Oct 14 13:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[797]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411450.
Oct 14 13:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 13:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: Failed password for root from 37.59.110.4 port 52012 ssh2
Oct 14 13:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: Received disconnect from 37.59.110.4 port 52012:11: Bye Bye [preauth]
Oct 14 13:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: Disconnected from 37.59.110.4 port 52012 [preauth]
Oct 14 13:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29900]: pam_unix(cron:session): session closed for user root
Oct 14 13:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Invalid user ak from 172.245.92.99
Oct 14 13:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: input_userauth_request: invalid user ak [preauth]
Oct 14 13:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 13:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[702]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Failed password for invalid user ak from 172.245.92.99 port 55640 ssh2
Oct 14 13:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Received disconnect from 172.245.92.99 port 55640:11: Bye Bye [preauth]
Oct 14 13:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Disconnected from 172.245.92.99 port 55640 [preauth]
Oct 14 13:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162  user=root
Oct 14 13:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: Failed password for root from 14.103.115.162 port 49370 ssh2
Oct 14 13:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: Received disconnect from 14.103.115.162 port 49370:11: Bye Bye [preauth]
Oct 14 13:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: Disconnected from 14.103.115.162 port 49370 [preauth]
Oct 14 13:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32223]: pam_unix(cron:session): session closed for user root
Oct 14 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1289]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1288]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1283]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1286]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1500]: Successful su for rubyman by root
Oct 14 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1500]: + ??? root:rubyman
Oct 14 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411457 of user rubyman.
Oct 14 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1500]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411457.
Oct 14 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: Invalid user alex from 167.99.49.89
Oct 14 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: input_userauth_request: invalid user alex [preauth]
Oct 14 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1283]: pam_unix(cron:session): session closed for user root
Oct 14 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1522]: Invalid user jenkins from 200.90.8.86
Oct 14 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1522]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1522]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: Failed password for invalid user alex from 167.99.49.89 port 56608 ssh2
Oct 14 13:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: Received disconnect from 167.99.49.89 port 56608:11: Bye Bye [preauth]
Oct 14 13:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: Disconnected from 167.99.49.89 port 56608 [preauth]
Oct 14 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1522]: Failed password for invalid user jenkins from 200.90.8.86 port 54552 ssh2
Oct 14 13:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1522]: Received disconnect from 200.90.8.86 port 54552:11: Bye Bye [preauth]
Oct 14 13:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1522]: Disconnected from 200.90.8.86 port 54552 [preauth]
Oct 14 13:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30427]: pam_unix(cron:session): session closed for user root
Oct 14 13:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84  user=root
Oct 14 13:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1687]: Failed password for root from 51.159.29.84 port 32812 ssh2
Oct 14 13:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1687]: Received disconnect from 51.159.29.84 port 32812:11: Bye Bye [preauth]
Oct 14 13:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1687]: Disconnected from 51.159.29.84 port 32812 [preauth]
Oct 14 13:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1287]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207  user=root
Oct 14 13:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: Failed password for root from 103.143.238.207 port 40366 ssh2
Oct 14 13:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: Received disconnect from 103.143.238.207 port 40366:11: Bye Bye [preauth]
Oct 14 13:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: Disconnected from 103.143.238.207 port 40366 [preauth]
Oct 14 13:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: Invalid user keycloak from 37.59.110.4
Oct 14 13:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: input_userauth_request: invalid user keycloak [preauth]
Oct 14 13:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 13:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: Failed password for invalid user keycloak from 37.59.110.4 port 55058 ssh2
Oct 14 13:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: Received disconnect from 37.59.110.4 port 55058:11: Bye Bye [preauth]
Oct 14 13:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1781]: Disconnected from 37.59.110.4 port 55058 [preauth]
Oct 14 13:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32699]: pam_unix(cron:session): session closed for user root
Oct 14 13:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: Invalid user del from 172.245.92.99
Oct 14 13:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: input_userauth_request: invalid user del [preauth]
Oct 14 13:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 13:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: Failed password for invalid user del from 172.245.92.99 port 49636 ssh2
Oct 14 13:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: Received disconnect from 172.245.92.99 port 49636:11: Bye Bye [preauth]
Oct 14 13:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1852]: Disconnected from 172.245.92.99 port 49636 [preauth]
Oct 14 13:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1999]: Invalid user web from 4.240.94.164
Oct 14 13:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1999]: input_userauth_request: invalid user web [preauth]
Oct 14 13:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1999]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1999]: Failed password for invalid user web from 4.240.94.164 port 35558 ssh2
Oct 14 13:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1999]: Received disconnect from 4.240.94.164 port 35558:11: Bye Bye [preauth]
Oct 14 13:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1999]: Disconnected from 4.240.94.164 port 35558 [preauth]
Oct 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2017]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2018]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2020]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2019]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2020]: pam_unix(cron:session): session closed for user root
Oct 14 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2014]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2102]: Successful su for rubyman by root
Oct 14 13:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2102]: + ??? root:rubyman
Oct 14 13:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411462 of user rubyman.
Oct 14 13:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2102]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411462.
Oct 14 13:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2017]: pam_unix(cron:session): session closed for user root
Oct 14 13:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30978]: pam_unix(cron:session): session closed for user root
Oct 14 13:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Invalid user ubuntu from 167.99.49.89
Oct 14 13:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 13:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2016]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Failed password for invalid user ubuntu from 167.99.49.89 port 35508 ssh2
Oct 14 13:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Received disconnect from 167.99.49.89 port 35508:11: Bye Bye [preauth]
Oct 14 13:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Disconnected from 167.99.49.89 port 35508 [preauth]
Oct 14 13:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: User mysql from 51.159.29.84 not allowed because not listed in AllowUsers
Oct 14 13:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: input_userauth_request: invalid user mysql [preauth]
Oct 14 13:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84  user=mysql
Oct 14 13:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: Failed password for invalid user mysql from 51.159.29.84 port 52716 ssh2
Oct 14 13:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: Received disconnect from 51.159.29.84 port 52716:11: Bye Bye [preauth]
Oct 14 13:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: Disconnected from 51.159.29.84 port 52716 [preauth]
Oct 14 13:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[706]: pam_unix(cron:session): session closed for user root
Oct 14 13:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: Invalid user git from 200.90.8.86
Oct 14 13:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: input_userauth_request: invalid user git [preauth]
Oct 14 13:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: Invalid user ftpuser from 103.143.238.207
Oct 14 13:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 13:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: Invalid user rizzo from 37.59.110.4
Oct 14 13:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: input_userauth_request: invalid user rizzo [preauth]
Oct 14 13:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 13:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: Failed password for invalid user git from 200.90.8.86 port 39396 ssh2
Oct 14 13:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: Received disconnect from 200.90.8.86 port 39396:11: Bye Bye [preauth]
Oct 14 13:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: Disconnected from 200.90.8.86 port 39396 [preauth]
Oct 14 13:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: Failed password for invalid user ftpuser from 103.143.238.207 port 44758 ssh2
Oct 14 13:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: Received disconnect from 103.143.238.207 port 44758:11: Bye Bye [preauth]
Oct 14 13:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: Disconnected from 103.143.238.207 port 44758 [preauth]
Oct 14 13:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: Failed password for invalid user rizzo from 37.59.110.4 port 59126 ssh2
Oct 14 13:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: Received disconnect from 37.59.110.4 port 59126:11: Bye Bye [preauth]
Oct 14 13:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: Disconnected from 37.59.110.4 port 59126 [preauth]
Oct 14 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2522]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2521]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2519]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2597]: Successful su for rubyman by root
Oct 14 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2597]: + ??? root:rubyman
Oct 14 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411465 of user rubyman.
Oct 14 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2597]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411465.
Oct 14 13:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: Invalid user ake from 172.245.92.99
Oct 14 13:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: input_userauth_request: invalid user ake [preauth]
Oct 14 13:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 13:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: Failed password for invalid user ake from 172.245.92.99 port 49652 ssh2
Oct 14 13:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: Received disconnect from 172.245.92.99 port 49652:11: Bye Bye [preauth]
Oct 14 13:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: Disconnected from 172.245.92.99 port 49652 [preauth]
Oct 14 13:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31515]: pam_unix(cron:session): session closed for user root
Oct 14 13:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2520]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: Invalid user ubuntu from 167.99.49.89
Oct 14 13:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 13:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: Failed password for invalid user ubuntu from 167.99.49.89 port 46870 ssh2
Oct 14 13:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: Received disconnect from 167.99.49.89 port 46870:11: Bye Bye [preauth]
Oct 14 13:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: Disconnected from 167.99.49.89 port 46870 [preauth]
Oct 14 13:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1289]: pam_unix(cron:session): session closed for user root
Oct 14 13:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2923]: Invalid user frappe from 4.240.94.164
Oct 14 13:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2923]: input_userauth_request: invalid user frappe [preauth]
Oct 14 13:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2923]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2923]: Failed password for invalid user frappe from 4.240.94.164 port 34770 ssh2
Oct 14 13:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2923]: Received disconnect from 4.240.94.164 port 34770:11: Bye Bye [preauth]
Oct 14 13:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2923]: Disconnected from 4.240.94.164 port 34770 [preauth]
Oct 14 13:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Invalid user ankur from 51.159.29.84
Oct 14 13:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: input_userauth_request: invalid user ankur [preauth]
Oct 14 13:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.159.29.84
Oct 14 13:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Failed password for invalid user ankur from 51.159.29.84 port 40242 ssh2
Oct 14 13:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Received disconnect from 51.159.29.84 port 40242:11: Bye Bye [preauth]
Oct 14 13:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Disconnected from 51.159.29.84 port 40242 [preauth]
Oct 14 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2971]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2972]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2968]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3050]: Successful su for rubyman by root
Oct 14 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3050]: + ??? root:rubyman
Oct 14 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411470 of user rubyman.
Oct 14 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3050]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411470.
Oct 14 13:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: Invalid user ake from 37.59.110.4
Oct 14 13:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: input_userauth_request: invalid user ake [preauth]
Oct 14 13:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 13:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207  user=root
Oct 14 13:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: Failed password for invalid user ake from 37.59.110.4 port 60616 ssh2
Oct 14 13:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: Received disconnect from 37.59.110.4 port 60616:11: Bye Bye [preauth]
Oct 14 13:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3116]: Disconnected from 37.59.110.4 port 60616 [preauth]
Oct 14 13:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32222]: pam_unix(cron:session): session closed for user root
Oct 14 13:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: Failed password for root from 103.143.238.207 port 49146 ssh2
Oct 14 13:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: Received disconnect from 103.143.238.207 port 49146:11: Bye Bye [preauth]
Oct 14 13:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: Disconnected from 103.143.238.207 port 49146 [preauth]
Oct 14 13:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2969]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: Invalid user django from 200.90.8.86
Oct 14 13:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: input_userauth_request: invalid user django [preauth]
Oct 14 13:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: Failed password for invalid user django from 200.90.8.86 port 40080 ssh2
Oct 14 13:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: Received disconnect from 200.90.8.86 port 40080:11: Bye Bye [preauth]
Oct 14 13:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: Disconnected from 200.90.8.86 port 40080 [preauth]
Oct 14 13:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99  user=root
Oct 14 13:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: Failed password for root from 172.245.92.99 port 49988 ssh2
Oct 14 13:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: Received disconnect from 172.245.92.99 port 49988:11: Bye Bye [preauth]
Oct 14 13:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: Disconnected from 172.245.92.99 port 49988 [preauth]
Oct 14 13:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2019]: pam_unix(cron:session): session closed for user root
Oct 14 13:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Invalid user api from 46.101.170.54
Oct 14 13:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: input_userauth_request: invalid user api [preauth]
Oct 14 13:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Oct 14 13:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Failed password for invalid user api from 46.101.170.54 port 51112 ssh2
Oct 14 13:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Connection closed by 46.101.170.54 port 51112 [preauth]
Oct 14 13:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: Invalid user ali from 167.99.49.89
Oct 14 13:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: input_userauth_request: invalid user ali [preauth]
Oct 14 13:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: Failed password for invalid user ali from 167.99.49.89 port 40784 ssh2
Oct 14 13:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: Received disconnect from 167.99.49.89 port 40784:11: Bye Bye [preauth]
Oct 14 13:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: Disconnected from 167.99.49.89 port 40784 [preauth]
Oct 14 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3443]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3442]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3440]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3512]: Successful su for rubyman by root
Oct 14 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3512]: + ??? root:rubyman
Oct 14 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411473 of user rubyman.
Oct 14 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3512]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411473.
Oct 14 13:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32698]: pam_unix(cron:session): session closed for user root
Oct 14 13:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3441]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: Invalid user jmarquez from 103.143.238.207
Oct 14 13:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: input_userauth_request: invalid user jmarquez [preauth]
Oct 14 13:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 13:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: Failed password for invalid user jmarquez from 103.143.238.207 port 53526 ssh2
Oct 14 13:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: Received disconnect from 103.143.238.207 port 53526:11: Bye Bye [preauth]
Oct 14 13:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: Disconnected from 103.143.238.207 port 53526 [preauth]
Oct 14 13:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3763]: Failed password for root from 37.59.110.4 port 54622 ssh2
Oct 14 13:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3763]: Received disconnect from 37.59.110.4 port 54622:11: Bye Bye [preauth]
Oct 14 13:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3763]: Disconnected from 37.59.110.4 port 54622 [preauth]
Oct 14 13:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Invalid user dspace from 4.240.94.164
Oct 14 13:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: input_userauth_request: invalid user dspace [preauth]
Oct 14 13:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Failed password for invalid user dspace from 4.240.94.164 port 51220 ssh2
Oct 14 13:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Received disconnect from 4.240.94.164 port 51220:11: Bye Bye [preauth]
Oct 14 13:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Disconnected from 4.240.94.164 port 51220 [preauth]
Oct 14 13:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2522]: pam_unix(cron:session): session closed for user root
Oct 14 13:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99  user=root
Oct 14 13:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: Failed password for root from 172.245.92.99 port 39702 ssh2
Oct 14 13:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: Received disconnect from 172.245.92.99 port 39702:11: Bye Bye [preauth]
Oct 14 13:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3853]: Disconnected from 172.245.92.99 port 39702 [preauth]
Oct 14 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3902]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3903]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3900]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3974]: Successful su for rubyman by root
Oct 14 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3974]: + ??? root:rubyman
Oct 14 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3974]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411477 of user rubyman.
Oct 14 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3974]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411477.
Oct 14 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: Invalid user ansible from 200.90.8.86
Oct 14 13:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: input_userauth_request: invalid user ansible [preauth]
Oct 14 13:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: Invalid user myuser from 167.99.49.89
Oct 14 13:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: input_userauth_request: invalid user myuser [preauth]
Oct 14 13:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: Failed password for invalid user ansible from 200.90.8.86 port 39414 ssh2
Oct 14 13:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: Received disconnect from 200.90.8.86 port 39414:11: Bye Bye [preauth]
Oct 14 13:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: Disconnected from 200.90.8.86 port 39414 [preauth]
Oct 14 13:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: Failed password for invalid user myuser from 167.99.49.89 port 37926 ssh2
Oct 14 13:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: Received disconnect from 167.99.49.89 port 37926:11: Bye Bye [preauth]
Oct 14 13:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: Disconnected from 167.99.49.89 port 37926 [preauth]
Oct 14 13:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[705]: pam_unix(cron:session): session closed for user root
Oct 14 13:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3901]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2972]: pam_unix(cron:session): session closed for user root
Oct 14 13:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: Invalid user es from 37.59.110.4
Oct 14 13:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: input_userauth_request: invalid user es [preauth]
Oct 14 13:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 13:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207  user=root
Oct 14 13:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: Failed password for invalid user es from 37.59.110.4 port 49436 ssh2
Oct 14 13:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: Received disconnect from 37.59.110.4 port 49436:11: Bye Bye [preauth]
Oct 14 13:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4348]: Disconnected from 37.59.110.4 port 49436 [preauth]
Oct 14 13:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4350]: Failed password for root from 103.143.238.207 port 57910 ssh2
Oct 14 13:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4350]: Received disconnect from 103.143.238.207 port 57910:11: Bye Bye [preauth]
Oct 14 13:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4350]: Disconnected from 103.143.238.207 port 57910 [preauth]
Oct 14 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4416]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4413]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4415]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4411]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4416]: pam_unix(cron:session): session closed for user root
Oct 14 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4407]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99  user=root
Oct 14 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4492]: Successful su for rubyman by root
Oct 14 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4492]: + ??? root:rubyman
Oct 14 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4492]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411485 of user rubyman.
Oct 14 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4492]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411485.
Oct 14 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Failed password for root from 172.245.92.99 port 52126 ssh2
Oct 14 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Received disconnect from 172.245.92.99 port 52126:11: Bye Bye [preauth]
Oct 14 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4488]: Disconnected from 172.245.92.99 port 52126 [preauth]
Oct 14 13:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4628]: Did not receive identification string from 91.230.168.227
Oct 14 13:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4411]: pam_unix(cron:session): session closed for user root
Oct 14 13:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1288]: pam_unix(cron:session): session closed for user root
Oct 14 13:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4629]: Did not receive identification string from 91.230.168.101
Oct 14 13:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4793]: Invalid user devops from 167.99.49.89
Oct 14 13:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4793]: input_userauth_request: invalid user devops [preauth]
Oct 14 13:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4793]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4408]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4793]: Failed password for invalid user devops from 167.99.49.89 port 33690 ssh2
Oct 14 13:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4793]: Received disconnect from 167.99.49.89 port 33690:11: Bye Bye [preauth]
Oct 14 13:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4793]: Disconnected from 167.99.49.89 port 33690 [preauth]
Oct 14 13:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4826]: Invalid user alex from 4.240.94.164
Oct 14 13:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4826]: input_userauth_request: invalid user alex [preauth]
Oct 14 13:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4826]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4826]: Failed password for invalid user alex from 4.240.94.164 port 52250 ssh2
Oct 14 13:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4826]: Received disconnect from 4.240.94.164 port 52250:11: Bye Bye [preauth]
Oct 14 13:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4826]: Disconnected from 4.240.94.164 port 52250 [preauth]
Oct 14 13:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: Bad protocol version identification '\026\003\003\001\246\001' from 91.230.168.100 port 42617
Oct 14 13:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: Did not receive identification string from 91.230.168.102
Oct 14 13:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3443]: pam_unix(cron:session): session closed for user root
Oct 14 13:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5089]: Invalid user dockeruser from 200.90.8.86
Oct 14 13:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5089]: input_userauth_request: invalid user dockeruser [preauth]
Oct 14 13:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5089]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5089]: Failed password for invalid user dockeruser from 200.90.8.86 port 50690 ssh2
Oct 14 13:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5089]: Received disconnect from 200.90.8.86 port 50690:11: Bye Bye [preauth]
Oct 14 13:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5089]: Disconnected from 200.90.8.86 port 50690 [preauth]
Oct 14 13:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: Invalid user osvaldo from 37.59.110.4
Oct 14 13:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: input_userauth_request: invalid user osvaldo [preauth]
Oct 14 13:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 13:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: Failed password for invalid user osvaldo from 37.59.110.4 port 42826 ssh2
Oct 14 13:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: Received disconnect from 37.59.110.4 port 42826:11: Bye Bye [preauth]
Oct 14 13:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: Disconnected from 37.59.110.4 port 42826 [preauth]
Oct 14 13:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: Invalid user test from 103.143.238.207
Oct 14 13:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: input_userauth_request: invalid user test [preauth]
Oct 14 13:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: Failed password for invalid user test from 103.143.238.207 port 34062 ssh2
Oct 14 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: Received disconnect from 103.143.238.207 port 34062:11: Bye Bye [preauth]
Oct 14 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: Disconnected from 103.143.238.207 port 34062 [preauth]
Oct 14 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5190]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5174]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5166]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5165]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5165]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5530]: Successful su for rubyman by root
Oct 14 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5530]: + ??? root:rubyman
Oct 14 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411488 of user rubyman.
Oct 14 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5530]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411488.
Oct 14 13:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2018]: pam_unix(cron:session): session closed for user root
Oct 14 13:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5166]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Invalid user admin from 2.57.121.25
Oct 14 13:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: input_userauth_request: invalid user admin [preauth]
Oct 14 13:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 13:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Failed password for invalid user admin from 2.57.121.25 port 20801 ssh2
Oct 14 13:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Failed password for invalid user admin from 2.57.121.25 port 20801 ssh2
Oct 14 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Failed password for invalid user admin from 2.57.121.25 port 20801 ssh2
Oct 14 13:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Failed password for invalid user admin from 2.57.121.25 port 20801 ssh2
Oct 14 13:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Failed password for invalid user admin from 2.57.121.25 port 20801 ssh2
Oct 14 13:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Received disconnect from 2.57.121.25 port 20801:11: Bye [preauth]
Oct 14 13:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Disconnected from 2.57.121.25 port 20801 [preauth]
Oct 14 13:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 13:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 13:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5840]: Invalid user proxyuser from 167.99.49.89
Oct 14 13:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5840]: input_userauth_request: invalid user proxyuser [preauth]
Oct 14 13:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5840]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5840]: Failed password for invalid user proxyuser from 167.99.49.89 port 54194 ssh2
Oct 14 13:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5840]: Received disconnect from 167.99.49.89 port 54194:11: Bye Bye [preauth]
Oct 14 13:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5840]: Disconnected from 167.99.49.89 port 54194 [preauth]
Oct 14 13:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3903]: pam_unix(cron:session): session closed for user root
Oct 14 13:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: Invalid user gg from 172.245.92.99
Oct 14 13:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: input_userauth_request: invalid user gg [preauth]
Oct 14 13:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 13:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: Failed password for invalid user gg from 172.245.92.99 port 41202 ssh2
Oct 14 13:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: Received disconnect from 172.245.92.99 port 41202:11: Bye Bye [preauth]
Oct 14 13:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5881]: Disconnected from 172.245.92.99 port 41202 [preauth]
Oct 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5954]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5953]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5951]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5949]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5949]: pam_unix(cron:session): session closed for user root
Oct 14 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5951]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6021]: Successful su for rubyman by root
Oct 14 13:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6021]: + ??? root:rubyman
Oct 14 13:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411491 of user rubyman.
Oct 14 13:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6021]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411491.
Oct 14 13:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2521]: pam_unix(cron:session): session closed for user root
Oct 14 13:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Invalid user administrador from 37.59.110.4
Oct 14 13:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: input_userauth_request: invalid user administrador [preauth]
Oct 14 13:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 13:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Failed password for invalid user administrador from 37.59.110.4 port 39294 ssh2
Oct 14 13:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Received disconnect from 37.59.110.4 port 39294:11: Bye Bye [preauth]
Oct 14 13:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Disconnected from 37.59.110.4 port 39294 [preauth]
Oct 14 13:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: Invalid user user from 103.143.238.207
Oct 14 13:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: input_userauth_request: invalid user user [preauth]
Oct 14 13:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: Failed password for invalid user user from 103.143.238.207 port 38442 ssh2
Oct 14 13:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: Received disconnect from 103.143.238.207 port 38442:11: Bye Bye [preauth]
Oct 14 13:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6234]: Disconnected from 103.143.238.207 port 38442 [preauth]
Oct 14 13:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164  user=root
Oct 14 13:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5952]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6247]: Failed password for root from 4.240.94.164 port 56620 ssh2
Oct 14 13:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6247]: Received disconnect from 4.240.94.164 port 56620:11: Bye Bye [preauth]
Oct 14 13:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6247]: Disconnected from 4.240.94.164 port 56620 [preauth]
Oct 14 13:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: Invalid user dspace from 200.90.8.86
Oct 14 13:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: input_userauth_request: invalid user dspace [preauth]
Oct 14 13:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: Failed password for invalid user dspace from 200.90.8.86 port 35930 ssh2
Oct 14 13:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: Received disconnect from 200.90.8.86 port 35930:11: Bye Bye [preauth]
Oct 14 13:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: Disconnected from 200.90.8.86 port 35930 [preauth]
Oct 14 13:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4415]: pam_unix(cron:session): session closed for user root
Oct 14 13:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: User backup from 167.99.49.89 not allowed because not listed in AllowUsers
Oct 14 13:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: input_userauth_request: invalid user backup [preauth]
Oct 14 13:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89  user=backup
Oct 14 13:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: Failed password for invalid user backup from 167.99.49.89 port 52516 ssh2
Oct 14 13:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: Received disconnect from 167.99.49.89 port 52516:11: Bye Bye [preauth]
Oct 14 13:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6359]: Disconnected from 167.99.49.89 port 52516 [preauth]
Oct 14 13:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99  user=root
Oct 14 13:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Failed password for root from 172.245.92.99 port 54196 ssh2
Oct 14 13:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Received disconnect from 172.245.92.99 port 54196:11: Bye Bye [preauth]
Oct 14 13:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Disconnected from 172.245.92.99 port 54196 [preauth]
Oct 14 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6401]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6399]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6397]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6468]: Successful su for rubyman by root
Oct 14 13:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6468]: + ??? root:rubyman
Oct 14 13:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411496 of user rubyman.
Oct 14 13:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6468]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411496.
Oct 14 13:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2971]: pam_unix(cron:session): session closed for user root
Oct 14 13:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6398]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 13:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Failed password for root from 37.59.110.4 port 33744 ssh2
Oct 14 13:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Received disconnect from 37.59.110.4 port 33744:11: Bye Bye [preauth]
Oct 14 13:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Disconnected from 37.59.110.4 port 33744 [preauth]
Oct 14 13:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: Invalid user sgd from 103.143.238.207
Oct 14 13:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: input_userauth_request: invalid user sgd [preauth]
Oct 14 13:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: Failed password for invalid user sgd from 103.143.238.207 port 42820 ssh2
Oct 14 13:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: Received disconnect from 103.143.238.207 port 42820:11: Bye Bye [preauth]
Oct 14 13:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: Disconnected from 103.143.238.207 port 42820 [preauth]
Oct 14 13:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5190]: pam_unix(cron:session): session closed for user root
Oct 14 13:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162  user=root
Oct 14 13:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: Failed password for root from 14.103.115.162 port 51192 ssh2
Oct 14 13:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: Received disconnect from 14.103.115.162 port 51192:11: Bye Bye [preauth]
Oct 14 13:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: Disconnected from 14.103.115.162 port 51192 [preauth]
Oct 14 13:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: Invalid user ftptest from 167.99.49.89
Oct 14 13:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 13:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: Failed password for invalid user ftptest from 167.99.49.89 port 48280 ssh2
Oct 14 13:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: Received disconnect from 167.99.49.89 port 48280:11: Bye Bye [preauth]
Oct 14 13:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6949]: Disconnected from 167.99.49.89 port 48280 [preauth]
Oct 14 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6964]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6965]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6961]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7035]: Successful su for rubyman by root
Oct 14 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7035]: + ??? root:rubyman
Oct 14 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7035]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411501 of user rubyman.
Oct 14 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7035]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411501.
Oct 14 13:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: Invalid user debian from 4.240.94.164
Oct 14 13:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: input_userauth_request: invalid user debian [preauth]
Oct 14 13:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: Failed password for invalid user debian from 4.240.94.164 port 46314 ssh2
Oct 14 13:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3442]: pam_unix(cron:session): session closed for user root
Oct 14 13:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: Received disconnect from 4.240.94.164 port 46314:11: Bye Bye [preauth]
Oct 14 13:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: Disconnected from 4.240.94.164 port 46314 [preauth]
Oct 14 13:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7314]: Invalid user dmdba from 200.90.8.86
Oct 14 13:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7314]: input_userauth_request: invalid user dmdba [preauth]
Oct 14 13:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7314]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Invalid user systemd from 172.245.92.99
Oct 14 13:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: input_userauth_request: invalid user systemd [preauth]
Oct 14 13:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 13:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7314]: Failed password for invalid user dmdba from 200.90.8.86 port 52670 ssh2
Oct 14 13:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7314]: Received disconnect from 200.90.8.86 port 52670:11: Bye Bye [preauth]
Oct 14 13:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7314]: Disconnected from 200.90.8.86 port 52670 [preauth]
Oct 14 13:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Failed password for invalid user systemd from 172.245.92.99 port 39576 ssh2
Oct 14 13:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Received disconnect from 172.245.92.99 port 39576:11: Bye Bye [preauth]
Oct 14 13:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Disconnected from 172.245.92.99 port 39576 [preauth]
Oct 14 13:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6963]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7437]: Invalid user team2 from 37.59.110.4
Oct 14 13:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7437]: input_userauth_request: invalid user team2 [preauth]
Oct 14 13:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7437]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 13:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7437]: Failed password for invalid user team2 from 37.59.110.4 port 39414 ssh2
Oct 14 13:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7437]: Received disconnect from 37.59.110.4 port 39414:11: Bye Bye [preauth]
Oct 14 13:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7437]: Disconnected from 37.59.110.4 port 39414 [preauth]
Oct 14 13:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5954]: pam_unix(cron:session): session closed for user root
Oct 14 13:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207  user=root
Oct 14 13:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: Failed password for root from 103.143.238.207 port 47198 ssh2
Oct 14 13:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: Received disconnect from 103.143.238.207 port 47198:11: Bye Bye [preauth]
Oct 14 13:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: Disconnected from 103.143.238.207 port 47198 [preauth]
Oct 14 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7532]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7531]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7533]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7530]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7533]: pam_unix(cron:session): session closed for user root
Oct 14 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7527]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7614]: Successful su for rubyman by root
Oct 14 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7614]: + ??? root:rubyman
Oct 14 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411504 of user rubyman.
Oct 14 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7614]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411504.
Oct 14 13:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89  user=root
Oct 14 13:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7648]: Failed password for root from 167.99.49.89 port 34114 ssh2
Oct 14 13:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7648]: Received disconnect from 167.99.49.89 port 34114:11: Bye Bye [preauth]
Oct 14 13:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7648]: Disconnected from 167.99.49.89 port 34114 [preauth]
Oct 14 13:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7530]: pam_unix(cron:session): session closed for user root
Oct 14 13:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3902]: pam_unix(cron:session): session closed for user root
Oct 14 13:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7529]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162  user=root
Oct 14 13:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Failed password for root from 14.103.115.162 port 60290 ssh2
Oct 14 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Received disconnect from 14.103.115.162 port 60290:11: Bye Bye [preauth]
Oct 14 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Disconnected from 14.103.115.162 port 60290 [preauth]
Oct 14 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8388]: User bin from 172.245.92.99 not allowed because not listed in AllowUsers
Oct 14 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8388]: input_userauth_request: invalid user bin [preauth]
Oct 14 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99  user=bin
Oct 14 13:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8388]: Failed password for invalid user bin from 172.245.92.99 port 35776 ssh2
Oct 14 13:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8388]: Received disconnect from 172.245.92.99 port 35776:11: Bye Bye [preauth]
Oct 14 13:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8388]: Disconnected from 172.245.92.99 port 35776 [preauth]
Oct 14 13:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6401]: pam_unix(cron:session): session closed for user root
Oct 14 13:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: Invalid user newuser from 200.90.8.86
Oct 14 13:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: input_userauth_request: invalid user newuser [preauth]
Oct 14 13:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: Invalid user paula from 37.59.110.4
Oct 14 13:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: input_userauth_request: invalid user paula [preauth]
Oct 14 13:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 13:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: Failed password for invalid user newuser from 200.90.8.86 port 40010 ssh2
Oct 14 13:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: Failed password for invalid user paula from 37.59.110.4 port 34140 ssh2
Oct 14 13:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: Received disconnect from 200.90.8.86 port 40010:11: Bye Bye [preauth]
Oct 14 13:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: Disconnected from 200.90.8.86 port 40010 [preauth]
Oct 14 13:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: Received disconnect from 37.59.110.4 port 34140:11: Bye Bye [preauth]
Oct 14 13:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: Disconnected from 37.59.110.4 port 34140 [preauth]
Oct 14 13:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: Invalid user dspace from 4.240.94.164
Oct 14 13:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: input_userauth_request: invalid user dspace [preauth]
Oct 14 13:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: Failed password for invalid user dspace from 4.240.94.164 port 37086 ssh2
Oct 14 13:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: Received disconnect from 4.240.94.164 port 37086:11: Bye Bye [preauth]
Oct 14 13:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: Disconnected from 4.240.94.164 port 37086 [preauth]
Oct 14 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8484]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8483]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8481]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8481]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8571]: Invalid user roo from 103.143.238.207
Oct 14 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8571]: input_userauth_request: invalid user roo [preauth]
Oct 14 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8571]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8573]: Successful su for rubyman by root
Oct 14 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8573]: + ??? root:rubyman
Oct 14 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411513 of user rubyman.
Oct 14 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8573]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411513.
Oct 14 13:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8571]: Failed password for invalid user roo from 103.143.238.207 port 51578 ssh2
Oct 14 13:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8571]: Received disconnect from 103.143.238.207 port 51578:11: Bye Bye [preauth]
Oct 14 13:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8571]: Disconnected from 103.143.238.207 port 51578 [preauth]
Oct 14 13:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4413]: pam_unix(cron:session): session closed for user root
Oct 14 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: Invalid user user01 from 167.99.49.89
Oct 14 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: input_userauth_request: invalid user user01 [preauth]
Oct 14 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: Failed password for invalid user user01 from 167.99.49.89 port 58672 ssh2
Oct 14 13:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: Received disconnect from 167.99.49.89 port 58672:11: Bye Bye [preauth]
Oct 14 13:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: Disconnected from 167.99.49.89 port 58672 [preauth]
Oct 14 13:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8482]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6965]: pam_unix(cron:session): session closed for user root
Oct 14 13:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99  user=root
Oct 14 13:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: Failed password for root from 172.245.92.99 port 48452 ssh2
Oct 14 13:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: Received disconnect from 172.245.92.99 port 48452:11: Bye Bye [preauth]
Oct 14 13:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: Disconnected from 172.245.92.99 port 48452 [preauth]
Oct 14 13:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: Invalid user gg from 37.59.110.4
Oct 14 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: input_userauth_request: invalid user gg [preauth]
Oct 14 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9088]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9087]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9083]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9258]: Successful su for rubyman by root
Oct 14 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9258]: + ??? root:rubyman
Oct 14 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411516 of user rubyman.
Oct 14 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9258]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411516.
Oct 14 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: Failed password for invalid user gg from 37.59.110.4 port 36006 ssh2
Oct 14 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: Received disconnect from 37.59.110.4 port 36006:11: Bye Bye [preauth]
Oct 14 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: Disconnected from 37.59.110.4 port 36006 [preauth]
Oct 14 13:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5174]: pam_unix(cron:session): session closed for user root
Oct 14 13:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9086]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: Invalid user user from 14.103.115.162
Oct 14 13:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: input_userauth_request: invalid user user [preauth]
Oct 14 13:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162
Oct 14 13:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: Failed password for invalid user user from 14.103.115.162 port 43754 ssh2
Oct 14 13:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: Received disconnect from 14.103.115.162 port 43754:11: Bye Bye [preauth]
Oct 14 13:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: Disconnected from 14.103.115.162 port 43754 [preauth]
Oct 14 13:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: Invalid user alex from 200.90.8.86
Oct 14 13:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: input_userauth_request: invalid user alex [preauth]
Oct 14 13:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: Invalid user sas from 103.143.238.207
Oct 14 13:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: input_userauth_request: invalid user sas [preauth]
Oct 14 13:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: Failed password for invalid user alex from 200.90.8.86 port 57468 ssh2
Oct 14 13:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: Received disconnect from 200.90.8.86 port 57468:11: Bye Bye [preauth]
Oct 14 13:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9553]: Disconnected from 200.90.8.86 port 57468 [preauth]
Oct 14 13:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: Failed password for invalid user sas from 103.143.238.207 port 55958 ssh2
Oct 14 13:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: Received disconnect from 103.143.238.207 port 55958:11: Bye Bye [preauth]
Oct 14 13:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: Disconnected from 103.143.238.207 port 55958 [preauth]
Oct 14 13:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: Invalid user deployer from 167.99.49.89
Oct 14 13:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: input_userauth_request: invalid user deployer [preauth]
Oct 14 13:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: Failed password for invalid user deployer from 167.99.49.89 port 34596 ssh2
Oct 14 13:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: Received disconnect from 167.99.49.89 port 34596:11: Bye Bye [preauth]
Oct 14 13:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: Disconnected from 167.99.49.89 port 34596 [preauth]
Oct 14 13:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: Invalid user jenkins from 4.240.94.164
Oct 14 13:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 13:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7532]: pam_unix(cron:session): session closed for user root
Oct 14 13:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: Failed password for invalid user jenkins from 4.240.94.164 port 32982 ssh2
Oct 14 13:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: Received disconnect from 4.240.94.164 port 32982:11: Bye Bye [preauth]
Oct 14 13:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: Disconnected from 4.240.94.164 port 32982 [preauth]
Oct 14 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9823]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9821]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9819]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9818]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9906]: Successful su for rubyman by root
Oct 14 13:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9906]: + ??? root:rubyman
Oct 14 13:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411519 of user rubyman.
Oct 14 13:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9906]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411519.
Oct 14 13:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5953]: pam_unix(cron:session): session closed for user root
Oct 14 13:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9819]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99  user=root
Oct 14 13:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 13:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: Failed password for root from 172.245.92.99 port 44712 ssh2
Oct 14 13:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: Received disconnect from 172.245.92.99 port 44712:11: Bye Bye [preauth]
Oct 14 13:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: Disconnected from 172.245.92.99 port 44712 [preauth]
Oct 14 13:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: Failed password for root from 37.59.110.4 port 58994 ssh2
Oct 14 13:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: Received disconnect from 37.59.110.4 port 58994:11: Bye Bye [preauth]
Oct 14 13:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: Disconnected from 37.59.110.4 port 58994 [preauth]
Oct 14 13:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8484]: pam_unix(cron:session): session closed for user root
Oct 14 13:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10259]: Invalid user postgres from 167.99.49.89
Oct 14 13:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10259]: input_userauth_request: invalid user postgres [preauth]
Oct 14 13:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10259]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10259]: Failed password for invalid user postgres from 167.99.49.89 port 39282 ssh2
Oct 14 13:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10259]: Received disconnect from 167.99.49.89 port 39282:11: Bye Bye [preauth]
Oct 14 13:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10259]: Disconnected from 167.99.49.89 port 39282 [preauth]
Oct 14 13:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10290]: Invalid user qui from 103.143.238.207
Oct 14 13:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10290]: input_userauth_request: invalid user qui [preauth]
Oct 14 13:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10290]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10290]: Failed password for invalid user qui from 103.143.238.207 port 60342 ssh2
Oct 14 13:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10290]: Received disconnect from 103.143.238.207 port 60342:11: Bye Bye [preauth]
Oct 14 13:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10290]: Disconnected from 103.143.238.207 port 60342 [preauth]
Oct 14 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10321]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10320]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10317]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10400]: Successful su for rubyman by root
Oct 14 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10400]: + ??? root:rubyman
Oct 14 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411524 of user rubyman.
Oct 14 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10400]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411524.
Oct 14 13:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10515]: Invalid user erpnext from 200.90.8.86
Oct 14 13:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10515]: input_userauth_request: invalid user erpnext [preauth]
Oct 14 13:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10515]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6399]: pam_unix(cron:session): session closed for user root
Oct 14 13:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10515]: Failed password for invalid user erpnext from 200.90.8.86 port 48536 ssh2
Oct 14 13:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10515]: Received disconnect from 200.90.8.86 port 48536:11: Bye Bye [preauth]
Oct 14 13:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10515]: Disconnected from 200.90.8.86 port 48536 [preauth]
Oct 14 13:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10319]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: Invalid user django from 4.240.94.164
Oct 14 13:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: input_userauth_request: invalid user django [preauth]
Oct 14 13:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: Failed password for invalid user django from 4.240.94.164 port 37830 ssh2
Oct 14 13:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: Received disconnect from 4.240.94.164 port 37830:11: Bye Bye [preauth]
Oct 14 13:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10694]: Disconnected from 4.240.94.164 port 37830 [preauth]
Oct 14 13:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9088]: pam_unix(cron:session): session closed for user root
Oct 14 13:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: Invalid user ak from 37.59.110.4
Oct 14 13:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: input_userauth_request: invalid user ak [preauth]
Oct 14 13:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 13:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: Failed password for invalid user ak from 37.59.110.4 port 38492 ssh2
Oct 14 13:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: Received disconnect from 37.59.110.4 port 38492:11: Bye Bye [preauth]
Oct 14 13:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: Disconnected from 37.59.110.4 port 38492 [preauth]
Oct 14 13:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: Invalid user igor from 172.245.92.99
Oct 14 13:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: input_userauth_request: invalid user igor [preauth]
Oct 14 13:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 13:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: Failed password for invalid user igor from 172.245.92.99 port 51366 ssh2
Oct 14 13:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: Received disconnect from 172.245.92.99 port 51366:11: Bye Bye [preauth]
Oct 14 13:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10775]: Disconnected from 172.245.92.99 port 51366 [preauth]
Oct 14 13:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: Invalid user ftpuser from 167.99.49.89
Oct 14 13:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 13:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10805]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10803]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10802]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10804]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10805]: pam_unix(cron:session): session closed for user root
Oct 14 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10799]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: Failed password for invalid user ftpuser from 167.99.49.89 port 60950 ssh2
Oct 14 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: Received disconnect from 167.99.49.89 port 60950:11: Bye Bye [preauth]
Oct 14 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10796]: Disconnected from 167.99.49.89 port 60950 [preauth]
Oct 14 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[10890]: Successful su for rubyman by root
Oct 14 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[10890]: + ??? root:rubyman
Oct 14 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[10890]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411529 of user rubyman.
Oct 14 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[10890]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411529.
Oct 14 13:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207  user=root
Oct 14 13:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10802]: pam_unix(cron:session): session closed for user root
Oct 14 13:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6964]: pam_unix(cron:session): session closed for user root
Oct 14 13:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: Failed password for root from 103.143.238.207 port 36496 ssh2
Oct 14 13:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: Received disconnect from 103.143.238.207 port 36496:11: Bye Bye [preauth]
Oct 14 13:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: Disconnected from 103.143.238.207 port 36496 [preauth]
Oct 14 13:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10800]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9823]: pam_unix(cron:session): session closed for user root
Oct 14 13:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Invalid user frappe from 200.90.8.86
Oct 14 13:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: input_userauth_request: invalid user frappe [preauth]
Oct 14 13:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Failed password for invalid user frappe from 200.90.8.86 port 38402 ssh2
Oct 14 13:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Received disconnect from 200.90.8.86 port 38402:11: Bye Bye [preauth]
Oct 14 13:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Disconnected from 200.90.8.86 port 38402 [preauth]
Oct 14 13:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: Invalid user jose from 37.59.110.4
Oct 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: input_userauth_request: invalid user jose [preauth]
Oct 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11301]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11298]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11296]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: Failed password for invalid user jose from 37.59.110.4 port 60914 ssh2
Oct 14 13:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11376]: Successful su for rubyman by root
Oct 14 13:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11376]: + ??? root:rubyman
Oct 14 13:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411532 of user rubyman.
Oct 14 13:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11376]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411532.
Oct 14 13:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: Received disconnect from 37.59.110.4 port 60914:11: Bye Bye [preauth]
Oct 14 13:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: Disconnected from 37.59.110.4 port 60914 [preauth]
Oct 14 13:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: Invalid user aramos from 172.245.92.99
Oct 14 13:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: input_userauth_request: invalid user aramos [preauth]
Oct 14 13:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 13:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11280]: Connection closed by 14.103.115.162 port 52860 [preauth]
Oct 14 13:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: Failed password for invalid user aramos from 172.245.92.99 port 45996 ssh2
Oct 14 13:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: Received disconnect from 172.245.92.99 port 45996:11: Bye Bye [preauth]
Oct 14 13:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11541]: Disconnected from 172.245.92.99 port 45996 [preauth]
Oct 14 13:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7531]: pam_unix(cron:session): session closed for user root
Oct 14 13:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11598]: Invalid user ubuntu from 167.99.49.89
Oct 14 13:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11598]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 13:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11598]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11297]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11598]: Failed password for invalid user ubuntu from 167.99.49.89 port 45378 ssh2
Oct 14 13:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11598]: Received disconnect from 167.99.49.89 port 45378:11: Bye Bye [preauth]
Oct 14 13:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11598]: Disconnected from 167.99.49.89 port 45378 [preauth]
Oct 14 13:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Invalid user user01 from 4.240.94.164
Oct 14 13:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: input_userauth_request: invalid user user01 [preauth]
Oct 14 13:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Failed password for invalid user user01 from 4.240.94.164 port 55576 ssh2
Oct 14 13:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Received disconnect from 4.240.94.164 port 55576:11: Bye Bye [preauth]
Oct 14 13:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Disconnected from 4.240.94.164 port 55576 [preauth]
Oct 14 13:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207  user=root
Oct 14 13:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11740]: Failed password for root from 103.143.238.207 port 40878 ssh2
Oct 14 13:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11740]: Received disconnect from 103.143.238.207 port 40878:11: Bye Bye [preauth]
Oct 14 13:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11740]: Disconnected from 103.143.238.207 port 40878 [preauth]
Oct 14 13:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10321]: pam_unix(cron:session): session closed for user root
Oct 14 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11887]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11885]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11883]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11955]: Successful su for rubyman by root
Oct 14 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11955]: + ??? root:rubyman
Oct 14 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411537 of user rubyman.
Oct 14 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11955]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411537.
Oct 14 13:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8483]: pam_unix(cron:session): session closed for user root
Oct 14 13:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: User bin from 37.59.110.4 not allowed because not listed in AllowUsers
Oct 14 13:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: input_userauth_request: invalid user bin [preauth]
Oct 14 13:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=bin
Oct 14 13:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: Failed password for invalid user bin from 37.59.110.4 port 33622 ssh2
Oct 14 13:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: Received disconnect from 37.59.110.4 port 33622:11: Bye Bye [preauth]
Oct 14 13:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: Disconnected from 37.59.110.4 port 33622 [preauth]
Oct 14 13:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11884]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12218]: Invalid user web from 200.90.8.86
Oct 14 13:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12218]: input_userauth_request: invalid user web [preauth]
Oct 14 13:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12218]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12218]: Failed password for invalid user web from 200.90.8.86 port 53092 ssh2
Oct 14 13:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12218]: Received disconnect from 200.90.8.86 port 53092:11: Bye Bye [preauth]
Oct 14 13:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12218]: Disconnected from 200.90.8.86 port 53092 [preauth]
Oct 14 13:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: Invalid user rizzo from 172.245.92.99
Oct 14 13:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: input_userauth_request: invalid user rizzo [preauth]
Oct 14 13:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 13:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: Failed password for invalid user rizzo from 172.245.92.99 port 57064 ssh2
Oct 14 13:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: Received disconnect from 172.245.92.99 port 57064:11: Bye Bye [preauth]
Oct 14 13:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: Disconnected from 172.245.92.99 port 57064 [preauth]
Oct 14 13:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12261]: Invalid user steam from 167.99.49.89
Oct 14 13:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12261]: input_userauth_request: invalid user steam [preauth]
Oct 14 13:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12261]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12261]: Failed password for invalid user steam from 167.99.49.89 port 59328 ssh2
Oct 14 13:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12261]: Received disconnect from 167.99.49.89 port 59328:11: Bye Bye [preauth]
Oct 14 13:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12261]: Disconnected from 167.99.49.89 port 59328 [preauth]
Oct 14 13:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10804]: pam_unix(cron:session): session closed for user root
Oct 14 13:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12308]: Invalid user admin from 103.143.238.207
Oct 14 13:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12308]: input_userauth_request: invalid user admin [preauth]
Oct 14 13:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12308]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12308]: Failed password for invalid user admin from 103.143.238.207 port 45260 ssh2
Oct 14 13:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12308]: Received disconnect from 103.143.238.207 port 45260:11: Bye Bye [preauth]
Oct 14 13:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12308]: Disconnected from 103.143.238.207 port 45260 [preauth]
Oct 14 13:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162  user=root
Oct 14 13:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12310]: Failed password for root from 14.103.115.162 port 33406 ssh2
Oct 14 13:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12310]: Received disconnect from 14.103.115.162 port 33406:11: Bye Bye [preauth]
Oct 14 13:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12310]: Disconnected from 14.103.115.162 port 33406 [preauth]
Oct 14 13:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Invalid user user from 62.60.131.157
Oct 14 13:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: input_userauth_request: invalid user user [preauth]
Oct 14 13:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 13:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Failed password for invalid user user from 62.60.131.157 port 56844 ssh2
Oct 14 13:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Failed password for invalid user user from 62.60.131.157 port 56844 ssh2
Oct 14 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12370]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12372]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12367]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Failed password for invalid user user from 62.60.131.157 port 56844 ssh2
Oct 14 13:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12444]: Successful su for rubyman by root
Oct 14 13:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12444]: + ??? root:rubyman
Oct 14 13:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411540 of user rubyman.
Oct 14 13:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12444]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411540.
Oct 14 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Failed password for invalid user user from 62.60.131.157 port 56844 ssh2
Oct 14 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Failed password for invalid user user from 62.60.131.157 port 56844 ssh2
Oct 14 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Received disconnect from 62.60.131.157 port 56844:11: Bye [preauth]
Oct 14 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Disconnected from 62.60.131.157 port 56844 [preauth]
Oct 14 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: Invalid user ansible from 4.240.94.164
Oct 14 13:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: input_userauth_request: invalid user ansible [preauth]
Oct 14 13:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9087]: pam_unix(cron:session): session closed for user root
Oct 14 13:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: Failed password for invalid user ansible from 4.240.94.164 port 50726 ssh2
Oct 14 13:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: Received disconnect from 4.240.94.164 port 50726:11: Bye Bye [preauth]
Oct 14 13:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: Disconnected from 4.240.94.164 port 50726 [preauth]
Oct 14 13:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12369]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: Invalid user brian from 37.59.110.4
Oct 14 13:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: input_userauth_request: invalid user brian [preauth]
Oct 14 13:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 13:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: Failed password for invalid user brian from 37.59.110.4 port 36644 ssh2
Oct 14 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: Received disconnect from 37.59.110.4 port 36644:11: Bye Bye [preauth]
Oct 14 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12738]: Disconnected from 37.59.110.4 port 36644 [preauth]
Oct 14 13:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11301]: pam_unix(cron:session): session closed for user root
Oct 14 13:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Invalid user runner from 167.99.49.89
Oct 14 13:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: input_userauth_request: invalid user runner [preauth]
Oct 14 13:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12830]: Invalid user yyy from 172.245.92.99
Oct 14 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12830]: input_userauth_request: invalid user yyy [preauth]
Oct 14 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12830]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Failed password for invalid user runner from 167.99.49.89 port 47288 ssh2
Oct 14 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Received disconnect from 167.99.49.89 port 47288:11: Bye Bye [preauth]
Oct 14 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Disconnected from 167.99.49.89 port 47288 [preauth]
Oct 14 13:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12830]: Failed password for invalid user yyy from 172.245.92.99 port 57128 ssh2
Oct 14 13:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12830]: Received disconnect from 172.245.92.99 port 57128:11: Bye Bye [preauth]
Oct 14 13:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12830]: Disconnected from 172.245.92.99 port 57128 [preauth]
Oct 14 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12858]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12859]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12855]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12947]: Successful su for rubyman by root
Oct 14 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12947]: + ??? root:rubyman
Oct 14 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12947]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411546 of user rubyman.
Oct 14 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12947]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411546.
Oct 14 13:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: Invalid user deploy from 103.143.238.207
Oct 14 13:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: input_userauth_request: invalid user deploy [preauth]
Oct 14 13:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: Failed password for invalid user deploy from 103.143.238.207 port 49636 ssh2
Oct 14 13:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: Received disconnect from 103.143.238.207 port 49636:11: Bye Bye [preauth]
Oct 14 13:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: Disconnected from 103.143.238.207 port 49636 [preauth]
Oct 14 13:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: Invalid user user01 from 200.90.8.86
Oct 14 13:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: input_userauth_request: invalid user user01 [preauth]
Oct 14 13:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: Failed password for invalid user user01 from 200.90.8.86 port 37036 ssh2
Oct 14 13:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: Received disconnect from 200.90.8.86 port 37036:11: Bye Bye [preauth]
Oct 14 13:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: Disconnected from 200.90.8.86 port 37036 [preauth]
Oct 14 13:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9821]: pam_unix(cron:session): session closed for user root
Oct 14 13:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12856]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: Invalid user delphi from 14.103.115.162
Oct 14 13:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: input_userauth_request: invalid user delphi [preauth]
Oct 14 13:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162
Oct 14 13:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: Failed password for invalid user delphi from 14.103.115.162 port 38456 ssh2
Oct 14 13:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: Received disconnect from 14.103.115.162 port 38456:11: Bye Bye [preauth]
Oct 14 13:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13373]: Disconnected from 14.103.115.162 port 38456 [preauth]
Oct 14 13:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11887]: pam_unix(cron:session): session closed for user root
Oct 14 13:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: Invalid user dima from 37.59.110.4
Oct 14 13:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: input_userauth_request: invalid user dima [preauth]
Oct 14 13:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 13:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: Failed password for invalid user dima from 37.59.110.4 port 33030 ssh2
Oct 14 13:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: Received disconnect from 37.59.110.4 port 33030:11: Bye Bye [preauth]
Oct 14 13:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: Disconnected from 37.59.110.4 port 33030 [preauth]
Oct 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13488]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13489]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13490]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13487]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13485]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13486]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13490]: pam_unix(cron:session): session closed for user root
Oct 14 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13485]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: Invalid user nagios from 167.99.49.89
Oct 14 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: input_userauth_request: invalid user nagios [preauth]
Oct 14 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164  user=root
Oct 14 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13574]: Successful su for rubyman by root
Oct 14 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13574]: + ??? root:rubyman
Oct 14 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411550 of user rubyman.
Oct 14 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13574]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411550.
Oct 14 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: Failed password for invalid user nagios from 167.99.49.89 port 44944 ssh2
Oct 14 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: Received disconnect from 167.99.49.89 port 44944:11: Bye Bye [preauth]
Oct 14 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13482]: Disconnected from 167.99.49.89 port 44944 [preauth]
Oct 14 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: Failed password for root from 4.240.94.164 port 35620 ssh2
Oct 14 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: Received disconnect from 4.240.94.164 port 35620:11: Bye Bye [preauth]
Oct 14 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: Disconnected from 4.240.94.164 port 35620 [preauth]
Oct 14 13:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13487]: pam_unix(cron:session): session closed for user root
Oct 14 13:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99  user=root
Oct 14 13:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10320]: pam_unix(cron:session): session closed for user root
Oct 14 13:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13713]: Failed password for root from 172.245.92.99 port 47636 ssh2
Oct 14 13:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13713]: Received disconnect from 172.245.92.99 port 47636:11: Bye Bye [preauth]
Oct 14 13:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13713]: Disconnected from 172.245.92.99 port 47636 [preauth]
Oct 14 13:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13486]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: Invalid user titi from 103.143.238.207
Oct 14 13:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: input_userauth_request: invalid user titi [preauth]
Oct 14 13:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: Failed password for invalid user titi from 103.143.238.207 port 54014 ssh2
Oct 14 13:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: Received disconnect from 103.143.238.207 port 54014:11: Bye Bye [preauth]
Oct 14 13:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: Disconnected from 103.143.238.207 port 54014 [preauth]
Oct 14 13:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12372]: pam_unix(cron:session): session closed for user root
Oct 14 13:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: Invalid user sftpuser from 200.90.8.86
Oct 14 13:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: input_userauth_request: invalid user sftpuser [preauth]
Oct 14 13:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: Failed password for invalid user sftpuser from 200.90.8.86 port 50892 ssh2
Oct 14 13:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: Received disconnect from 200.90.8.86 port 50892:11: Bye Bye [preauth]
Oct 14 13:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13982]: Disconnected from 200.90.8.86 port 50892 [preauth]
Oct 14 13:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Invalid user aramos from 37.59.110.4
Oct 14 13:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: input_userauth_request: invalid user aramos [preauth]
Oct 14 13:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14009]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14008]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14006]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Failed password for invalid user aramos from 37.59.110.4 port 51192 ssh2
Oct 14 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Received disconnect from 37.59.110.4 port 51192:11: Bye Bye [preauth]
Oct 14 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Disconnected from 37.59.110.4 port 51192 [preauth]
Oct 14 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14175]: Successful su for rubyman by root
Oct 14 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14175]: + ??? root:rubyman
Oct 14 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411554 of user rubyman.
Oct 14 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14175]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411554.
Oct 14 13:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10803]: pam_unix(cron:session): session closed for user root
Oct 14 13:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: Invalid user dspace from 167.99.49.89
Oct 14 13:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: input_userauth_request: invalid user dspace [preauth]
Oct 14 13:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: Failed password for invalid user dspace from 167.99.49.89 port 54072 ssh2
Oct 14 13:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: Received disconnect from 167.99.49.89 port 54072:11: Bye Bye [preauth]
Oct 14 13:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: Disconnected from 167.99.49.89 port 54072 [preauth]
Oct 14 13:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: Invalid user jona from 14.103.115.162
Oct 14 13:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: input_userauth_request: invalid user jona [preauth]
Oct 14 13:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162
Oct 14 13:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14007]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: Failed password for invalid user jona from 14.103.115.162 port 39686 ssh2
Oct 14 13:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: Received disconnect from 14.103.115.162 port 39686:11: Bye Bye [preauth]
Oct 14 13:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14381]: Disconnected from 14.103.115.162 port 39686 [preauth]
Oct 14 13:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14447]: Invalid user brian from 172.245.92.99
Oct 14 13:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14447]: input_userauth_request: invalid user brian [preauth]
Oct 14 13:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14447]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 13:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14447]: Failed password for invalid user brian from 172.245.92.99 port 40676 ssh2
Oct 14 13:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14447]: Received disconnect from 172.245.92.99 port 40676:11: Bye Bye [preauth]
Oct 14 13:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14447]: Disconnected from 172.245.92.99 port 40676 [preauth]
Oct 14 13:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12859]: pam_unix(cron:session): session closed for user root
Oct 14 13:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: Invalid user zdy from 103.143.238.207
Oct 14 13:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: input_userauth_request: invalid user zdy [preauth]
Oct 14 13:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: Failed password for invalid user zdy from 103.143.238.207 port 58394 ssh2
Oct 14 13:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: Received disconnect from 103.143.238.207 port 58394:11: Bye Bye [preauth]
Oct 14 13:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: Disconnected from 103.143.238.207 port 58394 [preauth]
Oct 14 13:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: Invalid user debian from 4.240.94.164
Oct 14 13:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: input_userauth_request: invalid user debian [preauth]
Oct 14 13:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: Failed password for invalid user debian from 4.240.94.164 port 33802 ssh2
Oct 14 13:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: Received disconnect from 4.240.94.164 port 33802:11: Bye Bye [preauth]
Oct 14 13:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14537]: Disconnected from 4.240.94.164 port 33802 [preauth]
Oct 14 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14561]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14558]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14560]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14558]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14635]: Successful su for rubyman by root
Oct 14 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14635]: + ??? root:rubyman
Oct 14 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411558 of user rubyman.
Oct 14 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14635]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411558.
Oct 14 13:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 13:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11298]: pam_unix(cron:session): session closed for user root
Oct 14 13:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14798]: Failed password for root from 37.59.110.4 port 51504 ssh2
Oct 14 13:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14798]: Received disconnect from 37.59.110.4 port 51504:11: Bye Bye [preauth]
Oct 14 13:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14798]: Disconnected from 37.59.110.4 port 51504 [preauth]
Oct 14 13:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14559]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89  user=root
Oct 14 13:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: Failed password for root from 167.99.49.89 port 35542 ssh2
Oct 14 13:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: Received disconnect from 167.99.49.89 port 35542:11: Bye Bye [preauth]
Oct 14 13:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14900]: Disconnected from 167.99.49.89 port 35542 [preauth]
Oct 14 13:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: Invalid user debian from 200.90.8.86
Oct 14 13:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: input_userauth_request: invalid user debian [preauth]
Oct 14 13:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: Failed password for invalid user debian from 200.90.8.86 port 34652 ssh2
Oct 14 13:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: Received disconnect from 200.90.8.86 port 34652:11: Bye Bye [preauth]
Oct 14 13:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14930]: Disconnected from 200.90.8.86 port 34652 [preauth]
Oct 14 13:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13489]: pam_unix(cron:session): session closed for user root
Oct 14 13:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: Invalid user team2 from 172.245.92.99
Oct 14 13:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: input_userauth_request: invalid user team2 [preauth]
Oct 14 13:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 13:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: Failed password for invalid user team2 from 172.245.92.99 port 40526 ssh2
Oct 14 13:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: Received disconnect from 172.245.92.99 port 40526:11: Bye Bye [preauth]
Oct 14 13:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15010]: Disconnected from 172.245.92.99 port 40526 [preauth]
Oct 14 13:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: User vncuser from 103.143.238.207 not allowed because not listed in AllowUsers
Oct 14 13:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: input_userauth_request: invalid user vncuser [preauth]
Oct 14 13:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207  user=vncuser
Oct 14 13:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: Failed password for invalid user vncuser from 103.143.238.207 port 34542 ssh2
Oct 14 13:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: Received disconnect from 103.143.238.207 port 34542:11: Bye Bye [preauth]
Oct 14 13:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: Disconnected from 103.143.238.207 port 34542 [preauth]
Oct 14 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15039]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15038]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15036]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15201]: Successful su for rubyman by root
Oct 14 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15201]: + ??? root:rubyman
Oct 14 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15201]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411562 of user rubyman.
Oct 14 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15201]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411562.
Oct 14 13:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11885]: pam_unix(cron:session): session closed for user root
Oct 14 13:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: Connection closed by 14.103.115.162 port 45102 [preauth]
Oct 14 13:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15037]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 13:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: Failed password for root from 37.59.110.4 port 50214 ssh2
Oct 14 13:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: Received disconnect from 37.59.110.4 port 50214:11: Bye Bye [preauth]
Oct 14 13:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: Disconnected from 37.59.110.4 port 50214 [preauth]
Oct 14 13:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15498]: Invalid user server from 167.99.49.89
Oct 14 13:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15498]: input_userauth_request: invalid user server [preauth]
Oct 14 13:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15498]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15498]: Failed password for invalid user server from 167.99.49.89 port 45752 ssh2
Oct 14 13:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15498]: Received disconnect from 167.99.49.89 port 45752:11: Bye Bye [preauth]
Oct 14 13:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15498]: Disconnected from 167.99.49.89 port 45752 [preauth]
Oct 14 13:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14009]: pam_unix(cron:session): session closed for user root
Oct 14 13:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: Invalid user jenkins from 4.240.94.164
Oct 14 13:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 13:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: Failed password for invalid user jenkins from 4.240.94.164 port 48194 ssh2
Oct 14 13:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: Received disconnect from 4.240.94.164 port 48194:11: Bye Bye [preauth]
Oct 14 13:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: Disconnected from 4.240.94.164 port 48194 [preauth]
Oct 14 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15588]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15582]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15668]: Successful su for rubyman by root
Oct 14 13:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15668]: + ??? root:rubyman
Oct 14 13:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411567 of user rubyman.
Oct 14 13:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15668]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411567.
Oct 14 13:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: Invalid user dspace from 200.90.8.86
Oct 14 13:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: input_userauth_request: invalid user dspace [preauth]
Oct 14 13:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12370]: pam_unix(cron:session): session closed for user root
Oct 14 13:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: Failed password for invalid user dspace from 200.90.8.86 port 46708 ssh2
Oct 14 13:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: Received disconnect from 200.90.8.86 port 46708:11: Bye Bye [preauth]
Oct 14 13:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15783]: Disconnected from 200.90.8.86 port 46708 [preauth]
Oct 14 13:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: Invalid user test from 172.245.92.99
Oct 14 13:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: input_userauth_request: invalid user test [preauth]
Oct 14 13:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99
Oct 14 13:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: Failed password for invalid user test from 172.245.92.99 port 44366 ssh2
Oct 14 13:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: Received disconnect from 172.245.92.99 port 44366:11: Bye Bye [preauth]
Oct 14 13:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15864]: Disconnected from 172.245.92.99 port 44366 [preauth]
Oct 14 13:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207  user=root
Oct 14 13:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15586]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15883]: Failed password for root from 103.143.238.207 port 38930 ssh2
Oct 14 13:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15883]: Received disconnect from 103.143.238.207 port 38930:11: Bye Bye [preauth]
Oct 14 13:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15883]: Disconnected from 103.143.238.207 port 38930 [preauth]
Oct 14 13:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14561]: pam_unix(cron:session): session closed for user root
Oct 14 13:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Invalid user server from 14.103.115.162
Oct 14 13:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: input_userauth_request: invalid user server [preauth]
Oct 14 13:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162
Oct 14 13:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Invalid user ftptest from 167.99.49.89
Oct 14 13:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 13:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Failed password for invalid user server from 14.103.115.162 port 33236 ssh2
Oct 14 13:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Received disconnect from 14.103.115.162 port 33236:11: Bye Bye [preauth]
Oct 14 13:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Disconnected from 14.103.115.162 port 33236 [preauth]
Oct 14 13:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Failed password for invalid user ftptest from 167.99.49.89 port 49458 ssh2
Oct 14 13:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Received disconnect from 167.99.49.89 port 49458:11: Bye Bye [preauth]
Oct 14 13:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Disconnected from 167.99.49.89 port 49458 [preauth]
Oct 14 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16056]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16058]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16057]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16059]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16055]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16059]: pam_unix(cron:session): session closed for user root
Oct 14 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16053]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16135]: Successful su for rubyman by root
Oct 14 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16135]: + ??? root:rubyman
Oct 14 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16135]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411573 of user rubyman.
Oct 14 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16135]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411573.
Oct 14 13:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16056]: pam_unix(cron:session): session closed for user root
Oct 14 13:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12858]: pam_unix(cron:session): session closed for user root
Oct 14 13:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16055]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: Invalid user ftpuser from 4.240.94.164
Oct 14 13:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 13:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: Failed password for invalid user ftpuser from 4.240.94.164 port 40518 ssh2
Oct 14 13:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: Received disconnect from 4.240.94.164 port 40518:11: Bye Bye [preauth]
Oct 14 13:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16451]: Disconnected from 4.240.94.164 port 40518 [preauth]
Oct 14 13:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99  user=root
Oct 14 13:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15039]: pam_unix(cron:session): session closed for user root
Oct 14 13:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: Failed password for root from 172.245.92.99 port 48410 ssh2
Oct 14 13:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: Received disconnect from 172.245.92.99 port 48410:11: Bye Bye [preauth]
Oct 14 13:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: Disconnected from 172.245.92.99 port 48410 [preauth]
Oct 14 13:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: Invalid user appuser from 103.143.238.207
Oct 14 13:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: input_userauth_request: invalid user appuser [preauth]
Oct 14 13:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: Failed password for invalid user appuser from 103.143.238.207 port 43314 ssh2
Oct 14 13:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: Received disconnect from 103.143.238.207 port 43314:11: Bye Bye [preauth]
Oct 14 13:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: Disconnected from 103.143.238.207 port 43314 [preauth]
Oct 14 13:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16538]: Invalid user admin from 2.57.122.26
Oct 14 13:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16538]: input_userauth_request: invalid user admin [preauth]
Oct 14 13:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16538]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26
Oct 14 13:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: Invalid user teamspeak3 from 200.90.8.86
Oct 14 13:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: input_userauth_request: invalid user teamspeak3 [preauth]
Oct 14 13:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16538]: Failed password for invalid user admin from 2.57.122.26 port 38638 ssh2
Oct 14 13:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16538]: Connection closed by 2.57.122.26 port 38638 [preauth]
Oct 14 13:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: Failed password for invalid user teamspeak3 from 200.90.8.86 port 58196 ssh2
Oct 14 13:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: Received disconnect from 200.90.8.86 port 58196:11: Bye Bye [preauth]
Oct 14 13:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: Disconnected from 200.90.8.86 port 58196 [preauth]
Oct 14 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16586]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16585]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16580]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16659]: Successful su for rubyman by root
Oct 14 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16659]: + ??? root:rubyman
Oct 14 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16659]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411577 of user rubyman.
Oct 14 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16659]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411577.
Oct 14 13:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Invalid user testuser from 167.99.49.89
Oct 14 13:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: input_userauth_request: invalid user testuser [preauth]
Oct 14 13:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89
Oct 14 13:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Failed password for invalid user testuser from 167.99.49.89 port 41204 ssh2
Oct 14 13:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Received disconnect from 167.99.49.89 port 41204:11: Bye Bye [preauth]
Oct 14 13:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Disconnected from 167.99.49.89 port 41204 [preauth]
Oct 14 13:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13488]: pam_unix(cron:session): session closed for user root
Oct 14 13:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16584]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162  user=root
Oct 14 13:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15588]: pam_unix(cron:session): session closed for user root
Oct 14 13:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16968]: Failed password for root from 14.103.115.162 port 39692 ssh2
Oct 14 13:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16968]: Received disconnect from 14.103.115.162 port 39692:11: Bye Bye [preauth]
Oct 14 13:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16968]: Disconnected from 14.103.115.162 port 39692 [preauth]
Oct 14 13:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: Did not receive identification string from 101.91.157.239
Oct 14 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17049]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17048]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17047]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17046]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17046]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17133]: Successful su for rubyman by root
Oct 14 13:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17133]: + ??? root:rubyman
Oct 14 13:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411581 of user rubyman.
Oct 14 13:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17133]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411581.
Oct 14 13:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.245.92.99  user=root
Oct 14 13:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: Failed password for root from 172.245.92.99 port 50420 ssh2
Oct 14 13:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: Received disconnect from 172.245.92.99 port 50420:11: Bye Bye [preauth]
Oct 14 13:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: Disconnected from 172.245.92.99 port 50420 [preauth]
Oct 14 13:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17211]: Invalid user steam from 103.143.238.207
Oct 14 13:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17211]: input_userauth_request: invalid user steam [preauth]
Oct 14 13:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17211]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17211]: Failed password for invalid user steam from 103.143.238.207 port 47696 ssh2
Oct 14 13:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17211]: Received disconnect from 103.143.238.207 port 47696:11: Bye Bye [preauth]
Oct 14 13:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17211]: Disconnected from 103.143.238.207 port 47696 [preauth]
Oct 14 13:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14008]: pam_unix(cron:session): session closed for user root
Oct 14 13:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17047]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.49.89  user=root
Oct 14 13:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: Failed password for root from 167.99.49.89 port 49772 ssh2
Oct 14 13:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: Received disconnect from 167.99.49.89 port 49772:11: Bye Bye [preauth]
Oct 14 13:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: Disconnected from 167.99.49.89 port 49772 [preauth]
Oct 14 13:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: Invalid user git from 200.90.8.86
Oct 14 13:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: input_userauth_request: invalid user git [preauth]
Oct 14 13:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17401]: Invalid user newuser from 4.240.94.164
Oct 14 13:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17401]: input_userauth_request: invalid user newuser [preauth]
Oct 14 13:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17401]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: Failed password for invalid user git from 200.90.8.86 port 40150 ssh2
Oct 14 13:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: Received disconnect from 200.90.8.86 port 40150:11: Bye Bye [preauth]
Oct 14 13:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: Disconnected from 200.90.8.86 port 40150 [preauth]
Oct 14 13:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17401]: Failed password for invalid user newuser from 4.240.94.164 port 60196 ssh2
Oct 14 13:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17401]: Received disconnect from 4.240.94.164 port 60196:11: Bye Bye [preauth]
Oct 14 13:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17401]: Disconnected from 4.240.94.164 port 60196 [preauth]
Oct 14 13:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16058]: pam_unix(cron:session): session closed for user root
Oct 14 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17514]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17515]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17511]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17580]: Successful su for rubyman by root
Oct 14 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17580]: + ??? root:rubyman
Oct 14 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17580]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411585 of user rubyman.
Oct 14 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17580]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411585.
Oct 14 13:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14560]: pam_unix(cron:session): session closed for user root
Oct 14 13:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17512]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: Invalid user administrator from 14.103.115.162
Oct 14 13:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: input_userauth_request: invalid user administrator [preauth]
Oct 14 13:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162
Oct 14 13:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: Failed password for invalid user administrator from 14.103.115.162 port 50864 ssh2
Oct 14 13:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: Received disconnect from 14.103.115.162 port 50864:11: Bye Bye [preauth]
Oct 14 13:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17905]: Disconnected from 14.103.115.162 port 50864 [preauth]
Oct 14 13:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17935]: Invalid user el from 103.143.238.207
Oct 14 13:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17935]: input_userauth_request: invalid user el [preauth]
Oct 14 13:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17935]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17935]: Failed password for invalid user el from 103.143.238.207 port 52076 ssh2
Oct 14 13:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17935]: Received disconnect from 103.143.238.207 port 52076:11: Bye Bye [preauth]
Oct 14 13:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17935]: Disconnected from 103.143.238.207 port 52076 [preauth]
Oct 14 13:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16586]: pam_unix(cron:session): session closed for user root
Oct 14 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18070]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18068]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18064]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18066]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18475]: Successful su for rubyman by root
Oct 14 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18475]: + ??? root:rubyman
Oct 14 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18475]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411590 of user rubyman.
Oct 14 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18475]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411590.
Oct 14 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18064]: pam_unix(cron:session): session closed for user root
Oct 14 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86  user=root
Oct 14 13:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: Failed password for root from 200.90.8.86 port 50758 ssh2
Oct 14 13:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: Received disconnect from 200.90.8.86 port 50758:11: Bye Bye [preauth]
Oct 14 13:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: Disconnected from 200.90.8.86 port 50758 [preauth]
Oct 14 13:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15038]: pam_unix(cron:session): session closed for user root
Oct 14 13:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18705]: Invalid user git from 4.240.94.164
Oct 14 13:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18705]: input_userauth_request: invalid user git [preauth]
Oct 14 13:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18705]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18705]: Failed password for invalid user git from 4.240.94.164 port 33886 ssh2
Oct 14 13:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18705]: Received disconnect from 4.240.94.164 port 33886:11: Bye Bye [preauth]
Oct 14 13:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18705]: Disconnected from 4.240.94.164 port 33886 [preauth]
Oct 14 13:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18067]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17049]: pam_unix(cron:session): session closed for user root
Oct 14 13:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18827]: Invalid user chandan from 103.143.238.207
Oct 14 13:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18827]: input_userauth_request: invalid user chandan [preauth]
Oct 14 13:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18827]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18827]: Failed password for invalid user chandan from 103.143.238.207 port 56456 ssh2
Oct 14 13:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18827]: Received disconnect from 103.143.238.207 port 56456:11: Bye Bye [preauth]
Oct 14 13:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18827]: Disconnected from 103.143.238.207 port 56456 [preauth]
Oct 14 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18902]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18900]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18901]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18898]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18902]: pam_unix(cron:session): session closed for user root
Oct 14 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18895]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19093]: Successful su for rubyman by root
Oct 14 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19093]: + ??? root:rubyman
Oct 14 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411595 of user rubyman.
Oct 14 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19093]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411595.
Oct 14 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19095]: Invalid user gpu from 14.103.115.162
Oct 14 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19095]: input_userauth_request: invalid user gpu [preauth]
Oct 14 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19095]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162
Oct 14 13:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19095]: Failed password for invalid user gpu from 14.103.115.162 port 47252 ssh2
Oct 14 13:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19095]: Received disconnect from 14.103.115.162 port 47252:11: Bye Bye [preauth]
Oct 14 13:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19095]: Disconnected from 14.103.115.162 port 47252 [preauth]
Oct 14 13:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18898]: pam_unix(cron:session): session closed for user root
Oct 14 13:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session closed for user root
Oct 14 13:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 14 13:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19438]: Failed password for root from 20.163.71.109 port 55692 ssh2
Oct 14 13:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19438]: Connection closed by 20.163.71.109 port 55692 [preauth]
Oct 14 13:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18896]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17515]: pam_unix(cron:session): session closed for user root
Oct 14 13:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86  user=root
Oct 14 13:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19786]: Failed password for root from 200.90.8.86 port 53072 ssh2
Oct 14 13:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19786]: Received disconnect from 200.90.8.86 port 53072:11: Bye Bye [preauth]
Oct 14 13:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19786]: Disconnected from 200.90.8.86 port 53072 [preauth]
Oct 14 13:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: Invalid user wangqiang from 103.143.238.207
Oct 14 13:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: input_userauth_request: invalid user wangqiang [preauth]
Oct 14 13:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: Failed password for invalid user wangqiang from 103.143.238.207 port 60838 ssh2
Oct 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: Received disconnect from 103.143.238.207 port 60838:11: Bye Bye [preauth]
Oct 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19847]: Disconnected from 103.143.238.207 port 60838 [preauth]
Oct 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19856]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19857]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19852]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19956]: Successful su for rubyman by root
Oct 14 13:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19956]: + ??? root:rubyman
Oct 14 13:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19956]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411599 of user rubyman.
Oct 14 13:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19956]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411599.
Oct 14 13:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: Invalid user tempuser from 4.240.94.164
Oct 14 13:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: input_userauth_request: invalid user tempuser [preauth]
Oct 14 13:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: Failed password for invalid user tempuser from 4.240.94.164 port 38930 ssh2
Oct 14 13:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: Received disconnect from 4.240.94.164 port 38930:11: Bye Bye [preauth]
Oct 14 13:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: Disconnected from 4.240.94.164 port 38930 [preauth]
Oct 14 13:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16057]: pam_unix(cron:session): session closed for user root
Oct 14 13:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19855]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18070]: pam_unix(cron:session): session closed for user root
Oct 14 13:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: Invalid user nexus from 14.103.115.162
Oct 14 13:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: input_userauth_request: invalid user nexus [preauth]
Oct 14 13:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162
Oct 14 13:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: Failed password for invalid user nexus from 14.103.115.162 port 48704 ssh2
Oct 14 13:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: Received disconnect from 14.103.115.162 port 48704:11: Bye Bye [preauth]
Oct 14 13:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: Disconnected from 14.103.115.162 port 48704 [preauth]
Oct 14 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20413]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20412]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20409]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20483]: Successful su for rubyman by root
Oct 14 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20483]: + ??? root:rubyman
Oct 14 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20483]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411603 of user rubyman.
Oct 14 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20483]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411603.
Oct 14 13:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16585]: pam_unix(cron:session): session closed for user root
Oct 14 13:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20410]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20736]: Invalid user admin01 from 103.143.238.207
Oct 14 13:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20736]: input_userauth_request: invalid user admin01 [preauth]
Oct 14 13:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20736]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20736]: Failed password for invalid user admin01 from 103.143.238.207 port 36988 ssh2
Oct 14 13:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20736]: Received disconnect from 103.143.238.207 port 36988:11: Bye Bye [preauth]
Oct 14 13:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20736]: Disconnected from 103.143.238.207 port 36988 [preauth]
Oct 14 13:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20747]: Invalid user debian from 200.90.8.86
Oct 14 13:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20747]: input_userauth_request: invalid user debian [preauth]
Oct 14 13:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20747]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20747]: Failed password for invalid user debian from 200.90.8.86 port 32972 ssh2
Oct 14 13:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20747]: Received disconnect from 200.90.8.86 port 32972:11: Bye Bye [preauth]
Oct 14 13:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20747]: Disconnected from 200.90.8.86 port 32972 [preauth]
Oct 14 13:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18901]: pam_unix(cron:session): session closed for user root
Oct 14 13:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: Invalid user newuser from 4.240.94.164
Oct 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: input_userauth_request: invalid user newuser [preauth]
Oct 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20876]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20877]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20874]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20944]: Successful su for rubyman by root
Oct 14 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20944]: + ??? root:rubyman
Oct 14 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411609 of user rubyman.
Oct 14 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20944]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411609.
Oct 14 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: Failed password for invalid user newuser from 4.240.94.164 port 59370 ssh2
Oct 14 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: Received disconnect from 4.240.94.164 port 59370:11: Bye Bye [preauth]
Oct 14 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: Disconnected from 4.240.94.164 port 59370 [preauth]
Oct 14 13:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17048]: pam_unix(cron:session): session closed for user root
Oct 14 13:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20875]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19857]: pam_unix(cron:session): session closed for user root
Oct 14 13:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: Invalid user el from 103.143.238.207
Oct 14 13:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: input_userauth_request: invalid user el [preauth]
Oct 14 13:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: Failed password for invalid user el from 103.143.238.207 port 41374 ssh2
Oct 14 13:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: Received disconnect from 103.143.238.207 port 41374:11: Bye Bye [preauth]
Oct 14 13:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21247]: Disconnected from 103.143.238.207 port 41374 [preauth]
Oct 14 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21374]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21375]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21351]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21462]: Successful su for rubyman by root
Oct 14 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21462]: + ??? root:rubyman
Oct 14 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21462]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411611 of user rubyman.
Oct 14 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21462]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411611.
Oct 14 13:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21535]: Invalid user system from 200.90.8.86
Oct 14 13:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21535]: input_userauth_request: invalid user system [preauth]
Oct 14 13:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21535]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21535]: Failed password for invalid user system from 200.90.8.86 port 43296 ssh2
Oct 14 13:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21535]: Received disconnect from 200.90.8.86 port 43296:11: Bye Bye [preauth]
Oct 14 13:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21535]: Disconnected from 200.90.8.86 port 43296 [preauth]
Oct 14 13:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17514]: pam_unix(cron:session): session closed for user root
Oct 14 13:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21353]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20413]: pam_unix(cron:session): session closed for user root
Oct 14 13:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: Invalid user dockeruser from 4.240.94.164
Oct 14 13:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: input_userauth_request: invalid user dockeruser [preauth]
Oct 14 13:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: Failed password for invalid user dockeruser from 4.240.94.164 port 36428 ssh2
Oct 14 13:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: Received disconnect from 4.240.94.164 port 36428:11: Bye Bye [preauth]
Oct 14 13:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: Disconnected from 4.240.94.164 port 36428 [preauth]
Oct 14 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21839]: Invalid user www from 103.143.238.207
Oct 14 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21839]: input_userauth_request: invalid user www [preauth]
Oct 14 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21839]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21839]: Failed password for invalid user www from 103.143.238.207 port 45748 ssh2
Oct 14 13:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21839]: Received disconnect from 103.143.238.207 port 45748:11: Bye Bye [preauth]
Oct 14 13:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21839]: Disconnected from 103.143.238.207 port 45748 [preauth]
Oct 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21875]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21874]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21871]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21873]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21875]: pam_unix(cron:session): session closed for user root
Oct 14 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21869]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21940]: Successful su for rubyman by root
Oct 14 13:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21940]: + ??? root:rubyman
Oct 14 13:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411616 of user rubyman.
Oct 14 13:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21940]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411616.
Oct 14 13:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21871]: pam_unix(cron:session): session closed for user root
Oct 14 13:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18068]: pam_unix(cron:session): session closed for user root
Oct 14 13:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21870]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20877]: pam_unix(cron:session): session closed for user root
Oct 14 13:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: Invalid user ali from 200.90.8.86
Oct 14 13:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: input_userauth_request: invalid user ali [preauth]
Oct 14 13:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: Failed password for invalid user ali from 200.90.8.86 port 59192 ssh2
Oct 14 13:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: Received disconnect from 200.90.8.86 port 59192:11: Bye Bye [preauth]
Oct 14 13:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22357]: Disconnected from 200.90.8.86 port 59192 [preauth]
Oct 14 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22396]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22395]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22392]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22476]: Successful su for rubyman by root
Oct 14 13:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22476]: + ??? root:rubyman
Oct 14 13:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411621 of user rubyman.
Oct 14 13:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22476]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411621.
Oct 14 13:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: Invalid user development from 103.143.238.207
Oct 14 13:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: input_userauth_request: invalid user development [preauth]
Oct 14 13:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18900]: pam_unix(cron:session): session closed for user root
Oct 14 13:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: Failed password for invalid user development from 103.143.238.207 port 50124 ssh2
Oct 14 13:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: Received disconnect from 103.143.238.207 port 50124:11: Bye Bye [preauth]
Oct 14 13:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22655]: Disconnected from 103.143.238.207 port 50124 [preauth]
Oct 14 13:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22393]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164  user=root
Oct 14 13:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21375]: pam_unix(cron:session): session closed for user root
Oct 14 13:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23110]: Failed password for root from 4.240.94.164 port 45274 ssh2
Oct 14 13:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23110]: Received disconnect from 4.240.94.164 port 45274:11: Bye Bye [preauth]
Oct 14 13:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23110]: Disconnected from 4.240.94.164 port 45274 [preauth]
Oct 14 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23234]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23235]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23231]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23320]: Successful su for rubyman by root
Oct 14 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23320]: + ??? root:rubyman
Oct 14 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411626 of user rubyman.
Oct 14 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23320]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411626.
Oct 14 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: Invalid user rajesh from 14.103.115.162
Oct 14 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: input_userauth_request: invalid user rajesh [preauth]
Oct 14 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162
Oct 14 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: Failed password for invalid user rajesh from 14.103.115.162 port 39930 ssh2
Oct 14 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: Received disconnect from 14.103.115.162 port 39930:11: Bye Bye [preauth]
Oct 14 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: Disconnected from 14.103.115.162 port 39930 [preauth]
Oct 14 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19856]: pam_unix(cron:session): session closed for user root
Oct 14 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23232]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23952]: Invalid user lrendon from 103.143.238.207
Oct 14 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23952]: input_userauth_request: invalid user lrendon [preauth]
Oct 14 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23952]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23947]: Invalid user newuser from 200.90.8.86
Oct 14 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23947]: input_userauth_request: invalid user newuser [preauth]
Oct 14 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23947]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23952]: Failed password for invalid user lrendon from 103.143.238.207 port 54504 ssh2
Oct 14 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23952]: Received disconnect from 103.143.238.207 port 54504:11: Bye Bye [preauth]
Oct 14 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23952]: Disconnected from 103.143.238.207 port 54504 [preauth]
Oct 14 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23947]: Failed password for invalid user newuser from 200.90.8.86 port 45840 ssh2
Oct 14 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23947]: Received disconnect from 200.90.8.86 port 45840:11: Bye Bye [preauth]
Oct 14 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23947]: Disconnected from 200.90.8.86 port 45840 [preauth]
Oct 14 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21874]: pam_unix(cron:session): session closed for user root
Oct 14 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24060]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24054]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24055]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24056]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24054]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24154]: Successful su for rubyman by root
Oct 14 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24154]: + ??? root:rubyman
Oct 14 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411629 of user rubyman.
Oct 14 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24154]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411629.
Oct 14 13:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20412]: pam_unix(cron:session): session closed for user root
Oct 14 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24055]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: Invalid user postgres from 4.240.94.164
Oct 14 13:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: input_userauth_request: invalid user postgres [preauth]
Oct 14 13:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: Failed password for invalid user postgres from 4.240.94.164 port 57228 ssh2
Oct 14 13:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: Received disconnect from 4.240.94.164 port 57228:11: Bye Bye [preauth]
Oct 14 13:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: Disconnected from 4.240.94.164 port 57228 [preauth]
Oct 14 13:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22396]: pam_unix(cron:session): session closed for user root
Oct 14 13:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: Invalid user solana from 14.103.115.162
Oct 14 13:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: input_userauth_request: invalid user solana [preauth]
Oct 14 13:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162
Oct 14 13:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: Failed password for invalid user solana from 14.103.115.162 port 48628 ssh2
Oct 14 13:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: Received disconnect from 14.103.115.162 port 48628:11: Bye Bye [preauth]
Oct 14 13:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: Disconnected from 14.103.115.162 port 48628 [preauth]
Oct 14 13:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: Invalid user zookeeper from 103.143.238.207
Oct 14 13:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: input_userauth_request: invalid user zookeeper [preauth]
Oct 14 13:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207
Oct 14 13:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: Failed password for invalid user zookeeper from 103.143.238.207 port 58886 ssh2
Oct 14 13:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: Received disconnect from 103.143.238.207 port 58886:11: Bye Bye [preauth]
Oct 14 13:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: Disconnected from 103.143.238.207 port 58886 [preauth]
Oct 14 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24600]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24596]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24594]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24675]: Successful su for rubyman by root
Oct 14 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24675]: + ??? root:rubyman
Oct 14 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411634 of user rubyman.
Oct 14 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24675]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411634.
Oct 14 13:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20876]: pam_unix(cron:session): session closed for user root
Oct 14 13:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: Invalid user admin from 200.90.8.86
Oct 14 13:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: input_userauth_request: invalid user admin [preauth]
Oct 14 13:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24595]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: Failed password for invalid user admin from 200.90.8.86 port 58760 ssh2
Oct 14 13:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: Received disconnect from 200.90.8.86 port 58760:11: Bye Bye [preauth]
Oct 14 13:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24892]: Disconnected from 200.90.8.86 port 58760 [preauth]
Oct 14 13:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: Invalid user support from 78.128.112.74
Oct 14 13:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: input_userauth_request: invalid user support [preauth]
Oct 14 13:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Oct 14 13:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23235]: pam_unix(cron:session): session closed for user root
Oct 14 13:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: Failed password for invalid user support from 78.128.112.74 port 57532 ssh2
Oct 14 13:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: Connection closed by 78.128.112.74 port 57532 [preauth]
Oct 14 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25084]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25073]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25075]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25072]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25071]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25070]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25084]: pam_unix(cron:session): session closed for user root
Oct 14 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25070]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25194]: Successful su for rubyman by root
Oct 14 13:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25194]: + ??? root:rubyman
Oct 14 13:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411639 of user rubyman.
Oct 14 13:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25194]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411639.
Oct 14 13:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25072]: pam_unix(cron:session): session closed for user root
Oct 14 13:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21374]: pam_unix(cron:session): session closed for user root
Oct 14 13:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.143.238.207  user=root
Oct 14 13:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Failed password for root from 103.143.238.207 port 35042 ssh2
Oct 14 13:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Received disconnect from 103.143.238.207 port 35042:11: Bye Bye [preauth]
Oct 14 13:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Disconnected from 103.143.238.207 port 35042 [preauth]
Oct 14 13:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25071]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Invalid user erpnext from 4.240.94.164
Oct 14 13:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: input_userauth_request: invalid user erpnext [preauth]
Oct 14 13:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Failed password for invalid user erpnext from 4.240.94.164 port 34356 ssh2
Oct 14 13:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Received disconnect from 4.240.94.164 port 34356:11: Bye Bye [preauth]
Oct 14 13:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Disconnected from 4.240.94.164 port 34356 [preauth]
Oct 14 13:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162  user=root
Oct 14 13:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24060]: pam_unix(cron:session): session closed for user root
Oct 14 13:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Failed password for root from 14.103.115.162 port 42624 ssh2
Oct 14 13:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Received disconnect from 14.103.115.162 port 42624:11: Bye Bye [preauth]
Oct 14 13:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Disconnected from 14.103.115.162 port 42624 [preauth]
Oct 14 13:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: Invalid user guest from 200.90.8.86
Oct 14 13:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: input_userauth_request: invalid user guest [preauth]
Oct 14 13:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.90.8.86
Oct 14 13:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: Failed password for invalid user guest from 200.90.8.86 port 44972 ssh2
Oct 14 13:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: Received disconnect from 200.90.8.86 port 44972:11: Bye Bye [preauth]
Oct 14 13:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25898]: Disconnected from 200.90.8.86 port 44972 [preauth]
Oct 14 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25915]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25916]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25913]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 14 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26023]: Successful su for rubyman by root
Oct 14 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26023]: + ??? root:rubyman
Oct 14 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411644 of user rubyman.
Oct 14 13:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26023]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411644.
Oct 14 13:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25999]: Failed password for root from 164.68.105.9 port 39754 ssh2
Oct 14 13:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25999]: Connection closed by 164.68.105.9 port 39754 [preauth]
Oct 14 13:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21873]: pam_unix(cron:session): session closed for user root
Oct 14 13:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25914]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24600]: pam_unix(cron:session): session closed for user root
Oct 14 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26504]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26505]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26503]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26502]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26573]: Successful su for rubyman by root
Oct 14 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26573]: + ??? root:rubyman
Oct 14 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411649 of user rubyman.
Oct 14 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26573]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411649.
Oct 14 13:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22395]: pam_unix(cron:session): session closed for user root
Oct 14 13:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: Invalid user system from 4.240.94.164
Oct 14 13:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: input_userauth_request: invalid user system [preauth]
Oct 14 13:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: Failed password for invalid user system from 4.240.94.164 port 41362 ssh2
Oct 14 13:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: Received disconnect from 4.240.94.164 port 41362:11: Bye Bye [preauth]
Oct 14 13:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: Disconnected from 4.240.94.164 port 41362 [preauth]
Oct 14 13:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26503]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25075]: pam_unix(cron:session): session closed for user root
Oct 14 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27202]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27201]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27197]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27282]: Successful su for rubyman by root
Oct 14 13:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27282]: + ??? root:rubyman
Oct 14 13:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411652 of user rubyman.
Oct 14 13:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27282]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411652.
Oct 14 13:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23234]: pam_unix(cron:session): session closed for user root
Oct 14 13:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27198]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: Invalid user web from 36.69.152.163
Oct 14 13:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: input_userauth_request: invalid user web [preauth]
Oct 14 13:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 13:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: Failed password for invalid user web from 36.69.152.163 port 47850 ssh2
Oct 14 13:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: Received disconnect from 36.69.152.163 port 47850:11: Bye Bye [preauth]
Oct 14 13:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: Disconnected from 36.69.152.163 port 47850 [preauth]
Oct 14 13:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25916]: pam_unix(cron:session): session closed for user root
Oct 14 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27983]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27984]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27981]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28059]: Successful su for rubyman by root
Oct 14 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28059]: + ??? root:rubyman
Oct 14 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411657 of user rubyman.
Oct 14 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28059]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411657.
Oct 14 13:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: Invalid user minecraft from 4.240.94.164
Oct 14 13:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 13:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28149]: Invalid user nss from 14.103.115.162
Oct 14 13:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28149]: input_userauth_request: invalid user nss [preauth]
Oct 14 13:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28149]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162
Oct 14 13:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: Failed password for invalid user minecraft from 4.240.94.164 port 55668 ssh2
Oct 14 13:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: Received disconnect from 4.240.94.164 port 55668:11: Bye Bye [preauth]
Oct 14 13:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28137]: Disconnected from 4.240.94.164 port 55668 [preauth]
Oct 14 13:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24056]: pam_unix(cron:session): session closed for user root
Oct 14 13:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28149]: Failed password for invalid user nss from 14.103.115.162 port 33818 ssh2
Oct 14 13:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28149]: Received disconnect from 14.103.115.162 port 33818:11: Bye Bye [preauth]
Oct 14 13:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28149]: Disconnected from 14.103.115.162 port 33818 [preauth]
Oct 14 13:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27982]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26505]: pam_unix(cron:session): session closed for user root
Oct 14 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28690]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28687]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28689]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28633]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28690]: pam_unix(cron:session): session closed for user root
Oct 14 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28613]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28785]: Successful su for rubyman by root
Oct 14 13:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28785]: + ??? root:rubyman
Oct 14 13:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28785]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411661 of user rubyman.
Oct 14 13:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28785]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411661.
Oct 14 13:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28633]: pam_unix(cron:session): session closed for user root
Oct 14 13:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24596]: pam_unix(cron:session): session closed for user root
Oct 14 13:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28614]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27202]: pam_unix(cron:session): session closed for user root
Oct 14 13:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: Invalid user admin from 4.240.94.164
Oct 14 13:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: input_userauth_request: invalid user admin [preauth]
Oct 14 13:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: Failed password for invalid user admin from 4.240.94.164 port 36224 ssh2
Oct 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29353]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29354]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29348]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: Received disconnect from 4.240.94.164 port 36224:11: Bye Bye [preauth]
Oct 14 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: Disconnected from 4.240.94.164 port 36224 [preauth]
Oct 14 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29432]: Successful su for rubyman by root
Oct 14 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29432]: + ??? root:rubyman
Oct 14 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411665 of user rubyman.
Oct 14 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29432]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411665.
Oct 14 13:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25073]: pam_unix(cron:session): session closed for user root
Oct 14 13:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29351]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27984]: pam_unix(cron:session): session closed for user root
Oct 14 13:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29786]: Invalid user sysadmin from 36.69.152.163
Oct 14 13:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29786]: input_userauth_request: invalid user sysadmin [preauth]
Oct 14 13:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29786]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 13:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29786]: Failed password for invalid user sysadmin from 36.69.152.163 port 44288 ssh2
Oct 14 13:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29786]: Received disconnect from 36.69.152.163 port 44288:11: Bye Bye [preauth]
Oct 14 13:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29786]: Disconnected from 36.69.152.163 port 44288 [preauth]
Oct 14 13:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: Invalid user admin from 2.57.121.112
Oct 14 13:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: input_userauth_request: invalid user admin [preauth]
Oct 14 13:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29849]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29845]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29842]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: Failed password for invalid user admin from 2.57.121.112 port 11795 ssh2
Oct 14 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29934]: Successful su for rubyman by root
Oct 14 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29934]: + ??? root:rubyman
Oct 14 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411669 of user rubyman.
Oct 14 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29934]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411669.
Oct 14 13:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: Failed password for invalid user admin from 2.57.121.112 port 11795 ssh2
Oct 14 13:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: Failed password for invalid user admin from 2.57.121.112 port 11795 ssh2
Oct 14 13:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: Failed password for invalid user admin from 2.57.121.112 port 11795 ssh2
Oct 14 13:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: Failed password for invalid user admin from 2.57.121.112 port 11795 ssh2
Oct 14 13:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: Received disconnect from 2.57.121.112 port 11795:11: Bye [preauth]
Oct 14 13:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: Disconnected from 2.57.121.112 port 11795 [preauth]
Oct 14 13:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 13:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 13:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25915]: pam_unix(cron:session): session closed for user root
Oct 14 13:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29843]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28689]: pam_unix(cron:session): session closed for user root
Oct 14 13:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: Invalid user guest from 4.240.94.164
Oct 14 13:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: input_userauth_request: invalid user guest [preauth]
Oct 14 13:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=4.240.94.164
Oct 14 13:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: Failed password for invalid user guest from 4.240.94.164 port 42258 ssh2
Oct 14 13:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: Received disconnect from 4.240.94.164 port 42258:11: Bye Bye [preauth]
Oct 14 13:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: Disconnected from 4.240.94.164 port 42258 [preauth]
Oct 14 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30385]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30384]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30383]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30382]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30382]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30509]: Successful su for rubyman by root
Oct 14 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30509]: + ??? root:rubyman
Oct 14 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411675 of user rubyman.
Oct 14 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30509]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411675.
Oct 14 13:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26504]: pam_unix(cron:session): session closed for user root
Oct 14 13:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30383]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30838]: Invalid user tempuser from 36.69.152.163
Oct 14 13:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30838]: input_userauth_request: invalid user tempuser [preauth]
Oct 14 13:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30838]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 13:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 13:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29354]: pam_unix(cron:session): session closed for user root
Oct 14 13:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30838]: Failed password for invalid user tempuser from 36.69.152.163 port 33828 ssh2
Oct 14 13:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30838]: Received disconnect from 36.69.152.163 port 33828:11: Bye Bye [preauth]
Oct 14 13:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30838]: Disconnected from 36.69.152.163 port 33828 [preauth]
Oct 14 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30935]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30934]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30931]: pam_unix(cron:session): session closed for user p13x
Oct 14 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31021]: Successful su for rubyman by root
Oct 14 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31021]: + ??? root:rubyman
Oct 14 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411677 of user rubyman.
Oct 14 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31021]: pam_unix(su:session): session closed for user rubyman
Oct 14 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411677.
Oct 14 13:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27201]: pam_unix(cron:session): session closed for user root
Oct 14 13:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30933]: pam_unix(cron:session): session closed for user samftp
Oct 14 13:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 13:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162  user=root
Oct 14 13:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31278]: Failed password for root from 14.103.115.162 port 41442 ssh2
Oct 14 13:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31278]: Received disconnect from 14.103.115.162 port 41442:11: Bye Bye [preauth]
Oct 14 13:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31278]: Disconnected from 14.103.115.162 port 41442 [preauth]
Oct 14 13:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29849]: pam_unix(cron:session): session closed for user root
Oct 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31419]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31418]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31413]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31417]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31422]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31413]: pam_unix(cron:session): session closed for user root
Oct 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31422]: pam_unix(cron:session): session closed for user root
Oct 14 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31410]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31705]: Successful su for rubyman by root
Oct 14 14:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31705]: + ??? root:rubyman
Oct 14 14:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411681 of user rubyman.
Oct 14 14:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31705]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411681.
Oct 14 14:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27983]: pam_unix(cron:session): session closed for user root
Oct 14 14:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31417]: pam_unix(cron:session): session closed for user root
Oct 14 14:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31411]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: Invalid user sol from 36.69.152.163
Oct 14 14:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: input_userauth_request: invalid user sol [preauth]
Oct 14 14:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: Failed password for invalid user sol from 36.69.152.163 port 43292 ssh2
Oct 14 14:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: Received disconnect from 36.69.152.163 port 43292:11: Bye Bye [preauth]
Oct 14 14:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31991]: Disconnected from 36.69.152.163 port 43292 [preauth]
Oct 14 14:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30385]: pam_unix(cron:session): session closed for user root
Oct 14 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32240]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32241]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32238]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32315]: Successful su for rubyman by root
Oct 14 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32315]: + ??? root:rubyman
Oct 14 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411689 of user rubyman.
Oct 14 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32315]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411689.
Oct 14 14:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28687]: pam_unix(cron:session): session closed for user root
Oct 14 14:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32239]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30935]: pam_unix(cron:session): session closed for user root
Oct 14 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32695]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32696]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32693]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[311]: Successful su for rubyman by root
Oct 14 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[311]: + ??? root:rubyman
Oct 14 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411693 of user rubyman.
Oct 14 14:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[311]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411693.
Oct 14 14:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29353]: pam_unix(cron:session): session closed for user root
Oct 14 14:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[525]: Invalid user azureuser from 36.69.152.163
Oct 14 14:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[525]: input_userauth_request: invalid user azureuser [preauth]
Oct 14 14:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[525]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[525]: Failed password for invalid user azureuser from 36.69.152.163 port 37556 ssh2
Oct 14 14:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[525]: Received disconnect from 36.69.152.163 port 37556:11: Bye Bye [preauth]
Oct 14 14:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[525]: Disconnected from 36.69.152.163 port 37556 [preauth]
Oct 14 14:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32694]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31419]: pam_unix(cron:session): session closed for user root
Oct 14 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[699]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[698]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[696]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[774]: Successful su for rubyman by root
Oct 14 14:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[774]: + ??? root:rubyman
Oct 14 14:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411696 of user rubyman.
Oct 14 14:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[774]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411696.
Oct 14 14:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 14:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: Failed password for root from 80.211.129.128 port 60128 ssh2
Oct 14 14:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29845]: pam_unix(cron:session): session closed for user root
Oct 14 14:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: Connection closed by 80.211.129.128 port 60128 [preauth]
Oct 14 14:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[697]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32241]: pam_unix(cron:session): session closed for user root
Oct 14 14:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: Invalid user demo from 62.60.131.157
Oct 14 14:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: input_userauth_request: invalid user demo [preauth]
Oct 14 14:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 14:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: Failed password for invalid user demo from 62.60.131.157 port 62982 ssh2
Oct 14 14:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: Failed password for invalid user demo from 62.60.131.157 port 62982 ssh2
Oct 14 14:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: Failed password for invalid user demo from 62.60.131.157 port 62982 ssh2
Oct 14 14:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: Failed password for invalid user demo from 62.60.131.157 port 62982 ssh2
Oct 14 14:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: Failed password for invalid user demo from 62.60.131.157 port 62982 ssh2
Oct 14 14:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: Received disconnect from 62.60.131.157 port 62982:11: Bye [preauth]
Oct 14 14:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: Disconnected from 62.60.131.157 port 62982 [preauth]
Oct 14 14:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 14:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1182]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 14:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: Invalid user ahmed from 36.69.152.163
Oct 14 14:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: input_userauth_request: invalid user ahmed [preauth]
Oct 14 14:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: Failed password for invalid user ahmed from 36.69.152.163 port 46794 ssh2
Oct 14 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: Received disconnect from 36.69.152.163 port 46794:11: Bye Bye [preauth]
Oct 14 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: Disconnected from 36.69.152.163 port 46794 [preauth]
Oct 14 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1276]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1277]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1274]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1358]: Successful su for rubyman by root
Oct 14 14:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1358]: + ??? root:rubyman
Oct 14 14:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411702 of user rubyman.
Oct 14 14:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1358]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411702.
Oct 14 14:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30384]: pam_unix(cron:session): session closed for user root
Oct 14 14:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1275]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32696]: pam_unix(cron:session): session closed for user root
Oct 14 14:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162  user=root
Oct 14 14:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: Failed password for root from 14.103.115.162 port 39382 ssh2
Oct 14 14:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: Received disconnect from 14.103.115.162 port 39382:11: Bye Bye [preauth]
Oct 14 14:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: Disconnected from 14.103.115.162 port 39382 [preauth]
Oct 14 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1780]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1781]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1782]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1784]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1784]: pam_unix(cron:session): session closed for user root
Oct 14 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1777]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1969]: Successful su for rubyman by root
Oct 14 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1969]: + ??? root:rubyman
Oct 14 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1969]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411707 of user rubyman.
Oct 14 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1969]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411707.
Oct 14 14:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30934]: pam_unix(cron:session): session closed for user root
Oct 14 14:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1780]: pam_unix(cron:session): session closed for user root
Oct 14 14:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1778]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26  user=root
Oct 14 14:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: Failed password for root from 2.57.122.26 port 55180 ssh2
Oct 14 14:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: Connection closed by 2.57.122.26 port 55180 [preauth]
Oct 14 14:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[699]: pam_unix(cron:session): session closed for user root
Oct 14 14:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: Invalid user frappe from 36.69.152.163
Oct 14 14:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: input_userauth_request: invalid user frappe [preauth]
Oct 14 14:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: Failed password for invalid user frappe from 36.69.152.163 port 57400 ssh2
Oct 14 14:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: Received disconnect from 36.69.152.163 port 57400:11: Bye Bye [preauth]
Oct 14 14:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: Disconnected from 36.69.152.163 port 57400 [preauth]
Oct 14 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2362]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2363]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2360]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2445]: Successful su for rubyman by root
Oct 14 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2445]: + ??? root:rubyman
Oct 14 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411712 of user rubyman.
Oct 14 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2445]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411712.
Oct 14 14:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31418]: pam_unix(cron:session): session closed for user root
Oct 14 14:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2361]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: Invalid user yaya from 14.103.115.162
Oct 14 14:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: input_userauth_request: invalid user yaya [preauth]
Oct 14 14:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.162
Oct 14 14:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: Failed password for invalid user yaya from 14.103.115.162 port 58096 ssh2
Oct 14 14:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: Received disconnect from 14.103.115.162 port 58096:11: Bye Bye [preauth]
Oct 14 14:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2708]: Disconnected from 14.103.115.162 port 58096 [preauth]
Oct 14 14:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1277]: pam_unix(cron:session): session closed for user root
Oct 14 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2825]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2826]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2822]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2900]: Successful su for rubyman by root
Oct 14 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2900]: + ??? root:rubyman
Oct 14 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411715 of user rubyman.
Oct 14 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2900]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411715.
Oct 14 14:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32240]: pam_unix(cron:session): session closed for user root
Oct 14 14:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2824]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3201]: Invalid user server from 36.69.152.163
Oct 14 14:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3201]: input_userauth_request: invalid user server [preauth]
Oct 14 14:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3201]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1782]: pam_unix(cron:session): session closed for user root
Oct 14 14:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3201]: Failed password for invalid user server from 36.69.152.163 port 58524 ssh2
Oct 14 14:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3201]: Received disconnect from 36.69.152.163 port 58524:11: Bye Bye [preauth]
Oct 14 14:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3201]: Disconnected from 36.69.152.163 port 58524 [preauth]
Oct 14 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3277]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3279]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3276]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3274]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3366]: Successful su for rubyman by root
Oct 14 14:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3366]: + ??? root:rubyman
Oct 14 14:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411719 of user rubyman.
Oct 14 14:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3366]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411719.
Oct 14 14:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32695]: pam_unix(cron:session): session closed for user root
Oct 14 14:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3276]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2363]: pam_unix(cron:session): session closed for user root
Oct 14 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3742]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3741]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3737]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3739]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3927]: Successful su for rubyman by root
Oct 14 14:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3927]: + ??? root:rubyman
Oct 14 14:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411722 of user rubyman.
Oct 14 14:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3927]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411722.
Oct 14 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3737]: pam_unix(cron:session): session closed for user root
Oct 14 14:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[698]: pam_unix(cron:session): session closed for user root
Oct 14 14:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3740]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2826]: pam_unix(cron:session): session closed for user root
Oct 14 14:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: Invalid user user from 36.69.152.163
Oct 14 14:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: input_userauth_request: invalid user user [preauth]
Oct 14 14:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: Failed password for invalid user user from 36.69.152.163 port 34054 ssh2
Oct 14 14:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: Received disconnect from 36.69.152.163 port 34054:11: Bye Bye [preauth]
Oct 14 14:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: Disconnected from 36.69.152.163 port 34054 [preauth]
Oct 14 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4366]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4365]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4363]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4362]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4364]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4361]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4366]: pam_unix(cron:session): session closed for user root
Oct 14 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4361]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4447]: Successful su for rubyman by root
Oct 14 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4447]: + ??? root:rubyman
Oct 14 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411729 of user rubyman.
Oct 14 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4447]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411729.
Oct 14 14:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4363]: pam_unix(cron:session): session closed for user root
Oct 14 14:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1276]: pam_unix(cron:session): session closed for user root
Oct 14 14:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4362]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3279]: pam_unix(cron:session): session closed for user root
Oct 14 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4931]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4933]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4920]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5211]: Successful su for rubyman by root
Oct 14 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5211]: + ??? root:rubyman
Oct 14 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411733 of user rubyman.
Oct 14 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5211]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411733.
Oct 14 14:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1781]: pam_unix(cron:session): session closed for user root
Oct 14 14:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4921]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3742]: pam_unix(cron:session): session closed for user root
Oct 14 14:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: Invalid user ubuntu from 36.69.152.163
Oct 14 14:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: Failed password for invalid user ubuntu from 36.69.152.163 port 44958 ssh2
Oct 14 14:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: Received disconnect from 36.69.152.163 port 44958:11: Bye Bye [preauth]
Oct 14 14:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5800]: Disconnected from 36.69.152.163 port 44958 [preauth]
Oct 14 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5872]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5871]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5869]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5951]: Successful su for rubyman by root
Oct 14 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5951]: + ??? root:rubyman
Oct 14 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411737 of user rubyman.
Oct 14 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5951]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411737.
Oct 14 14:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2362]: pam_unix(cron:session): session closed for user root
Oct 14 14:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5870]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Invalid user dmdba from 20.163.71.109
Oct 14 14:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: input_userauth_request: invalid user dmdba [preauth]
Oct 14 14:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 14:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Failed password for invalid user dmdba from 20.163.71.109 port 47722 ssh2
Oct 14 14:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Connection closed by 20.163.71.109 port 47722 [preauth]
Oct 14 14:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4365]: pam_unix(cron:session): session closed for user root
Oct 14 14:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6323]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6322]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6320]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6394]: Successful su for rubyman by root
Oct 14 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6394]: + ??? root:rubyman
Oct 14 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: Failed password for root from 80.211.129.128 port 58974 ssh2
Oct 14 14:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411741 of user rubyman.
Oct 14 14:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6394]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411741.
Oct 14 14:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: Connection closed by 80.211.129.128 port 58974 [preauth]
Oct 14 14:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2825]: pam_unix(cron:session): session closed for user root
Oct 14 14:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6321]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4933]: pam_unix(cron:session): session closed for user root
Oct 14 14:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6815]: Invalid user sammy from 36.69.152.163
Oct 14 14:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6815]: input_userauth_request: invalid user sammy [preauth]
Oct 14 14:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6815]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6815]: Failed password for invalid user sammy from 36.69.152.163 port 46712 ssh2
Oct 14 14:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6815]: Received disconnect from 36.69.152.163 port 46712:11: Bye Bye [preauth]
Oct 14 14:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6815]: Disconnected from 36.69.152.163 port 46712 [preauth]
Oct 14 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6874]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6873]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6869]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6949]: Successful su for rubyman by root
Oct 14 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6949]: + ??? root:rubyman
Oct 14 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411747 of user rubyman.
Oct 14 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6949]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411747.
Oct 14 14:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: Did not receive identification string from 196.251.114.29
Oct 14 14:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3277]: pam_unix(cron:session): session closed for user root
Oct 14 14:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6870]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5872]: pam_unix(cron:session): session closed for user root
Oct 14 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7432]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7433]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7434]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7435]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7435]: pam_unix(cron:session): session closed for user root
Oct 14 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7428]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7514]: Successful su for rubyman by root
Oct 14 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7514]: + ??? root:rubyman
Oct 14 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411751 of user rubyman.
Oct 14 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7514]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411751.
Oct 14 14:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7432]: pam_unix(cron:session): session closed for user root
Oct 14 14:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3741]: pam_unix(cron:session): session closed for user root
Oct 14 14:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7430]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6323]: pam_unix(cron:session): session closed for user root
Oct 14 14:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: Invalid user myuser from 36.69.152.163
Oct 14 14:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: input_userauth_request: invalid user myuser [preauth]
Oct 14 14:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: Failed password for invalid user myuser from 36.69.152.163 port 52478 ssh2
Oct 14 14:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: Received disconnect from 36.69.152.163 port 52478:11: Bye Bye [preauth]
Oct 14 14:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8308]: Disconnected from 36.69.152.163 port 52478 [preauth]
Oct 14 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8368]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8367]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8365]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8453]: Successful su for rubyman by root
Oct 14 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8453]: + ??? root:rubyman
Oct 14 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411757 of user rubyman.
Oct 14 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8453]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411757.
Oct 14 14:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4364]: pam_unix(cron:session): session closed for user root
Oct 14 14:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8366]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6874]: pam_unix(cron:session): session closed for user root
Oct 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8956]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8957]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8958]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8955]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8953]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8953]: pam_unix(cron:session): session closed for user root
Oct 14 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8955]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9044]: Successful su for rubyman by root
Oct 14 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9044]: + ??? root:rubyman
Oct 14 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9044]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411760 of user rubyman.
Oct 14 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9044]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411760.
Oct 14 14:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4931]: pam_unix(cron:session): session closed for user root
Oct 14 14:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8956]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7434]: pam_unix(cron:session): session closed for user root
Oct 14 14:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: Invalid user ansible from 36.69.152.163
Oct 14 14:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: input_userauth_request: invalid user ansible [preauth]
Oct 14 14:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: Failed password for invalid user ansible from 36.69.152.163 port 59598 ssh2
Oct 14 14:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: Received disconnect from 36.69.152.163 port 59598:11: Bye Bye [preauth]
Oct 14 14:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: Disconnected from 36.69.152.163 port 59598 [preauth]
Oct 14 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9571]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9572]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9569]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9668]: Successful su for rubyman by root
Oct 14 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9668]: + ??? root:rubyman
Oct 14 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411764 of user rubyman.
Oct 14 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9668]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411764.
Oct 14 14:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5871]: pam_unix(cron:session): session closed for user root
Oct 14 14:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9570]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8368]: pam_unix(cron:session): session closed for user root
Oct 14 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10171]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10169]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10166]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10259]: Successful su for rubyman by root
Oct 14 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10259]: + ??? root:rubyman
Oct 14 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411769 of user rubyman.
Oct 14 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10259]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411769.
Oct 14 14:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6322]: pam_unix(cron:session): session closed for user root
Oct 14 14:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10167]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8958]: pam_unix(cron:session): session closed for user root
Oct 14 14:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: Invalid user system from 36.69.152.163
Oct 14 14:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: input_userauth_request: invalid user system [preauth]
Oct 14 14:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: Failed password for invalid user system from 36.69.152.163 port 40496 ssh2
Oct 14 14:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: Received disconnect from 36.69.152.163 port 40496:11: Bye Bye [preauth]
Oct 14 14:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10593]: Disconnected from 36.69.152.163 port 40496 [preauth]
Oct 14 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10665]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10667]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10666]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10664]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10667]: pam_unix(cron:session): session closed for user root
Oct 14 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10662]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10756]: Successful su for rubyman by root
Oct 14 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10756]: + ??? root:rubyman
Oct 14 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411774 of user rubyman.
Oct 14 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10756]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411774.
Oct 14 14:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10664]: pam_unix(cron:session): session closed for user root
Oct 14 14:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6873]: pam_unix(cron:session): session closed for user root
Oct 14 14:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10663]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9572]: pam_unix(cron:session): session closed for user root
Oct 14 14:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11143]: Invalid user  from 8.217.232.214
Oct 14 14:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11143]: input_userauth_request: invalid user  [preauth]
Oct 14 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11164]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11162]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11160]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11239]: Successful su for rubyman by root
Oct 14 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11239]: + ??? root:rubyman
Oct 14 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411778 of user rubyman.
Oct 14 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11239]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411778.
Oct 14 14:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11143]: Connection closed by 8.217.232.214 port 55300 [preauth]
Oct 14 14:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7433]: pam_unix(cron:session): session closed for user root
Oct 14 14:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11161]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: Invalid user pawel from 57.129.47.135
Oct 14 14:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: input_userauth_request: invalid user pawel [preauth]
Oct 14 14:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 14:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: Failed password for invalid user pawel from 57.129.47.135 port 51582 ssh2
Oct 14 14:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: Received disconnect from 57.129.47.135 port 51582:11: Bye Bye [preauth]
Oct 14 14:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: Disconnected from 57.129.47.135 port 51582 [preauth]
Oct 14 14:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10171]: pam_unix(cron:session): session closed for user root
Oct 14 14:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: Invalid user devuser from 36.69.152.163
Oct 14 14:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: input_userauth_request: invalid user devuser [preauth]
Oct 14 14:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: Failed password for invalid user devuser from 36.69.152.163 port 46294 ssh2
Oct 14 14:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: Received disconnect from 36.69.152.163 port 46294:11: Bye Bye [preauth]
Oct 14 14:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: Disconnected from 36.69.152.163 port 46294 [preauth]
Oct 14 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11736]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11661]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11657]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11818]: Successful su for rubyman by root
Oct 14 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11818]: + ??? root:rubyman
Oct 14 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11818]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411783 of user rubyman.
Oct 14 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11818]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411783.
Oct 14 14:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8367]: pam_unix(cron:session): session closed for user root
Oct 14 14:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11659]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114  user=root
Oct 14 14:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 14:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: Failed password for root from 196.22.48.114 port 60678 ssh2
Oct 14 14:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: Received disconnect from 196.22.48.114 port 60678:11: Bye Bye [preauth]
Oct 14 14:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: Disconnected from 196.22.48.114 port 60678 [preauth]
Oct 14 14:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12117]: Failed password for root from 37.59.110.4 port 45784 ssh2
Oct 14 14:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12117]: Received disconnect from 37.59.110.4 port 45784:11: Bye Bye [preauth]
Oct 14 14:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12117]: Disconnected from 37.59.110.4 port 45784 [preauth]
Oct 14 14:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10666]: pam_unix(cron:session): session closed for user root
Oct 14 14:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: Did not receive identification string from 107.152.45.37
Oct 14 14:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: Did not receive identification string from 107.152.45.37
Oct 14 14:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12160]: Did not receive identification string from 107.152.45.37
Oct 14 14:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12166]: Failed password for root from 107.152.45.37 port 38856 ssh2
Oct 14 14:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12166]: Connection closed by 107.152.45.37 port 38856 [preauth]
Oct 14 14:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: Invalid user admin from 107.152.45.37
Oct 14 14:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: input_userauth_request: invalid user admin [preauth]
Oct 14 14:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: Failed password for root from 107.152.45.37 port 38858 ssh2
Oct 14 14:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12164]: Failed password for root from 107.152.45.37 port 38852 ssh2
Oct 14 14:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12164]: Connection closed by 107.152.45.37 port 38852 [preauth]
Oct 14 14:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12188]: Invalid user admin from 107.152.45.37
Oct 14 14:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12188]: input_userauth_request: invalid user admin [preauth]
Oct 14 14:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12188]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12167]: Connection closed by 107.152.45.37 port 38858 [preauth]
Oct 14 14:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: Invalid user admin from 107.152.45.37
Oct 14 14:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: input_userauth_request: invalid user admin [preauth]
Oct 14 14:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: Failed password for invalid user admin from 107.152.45.37 port 57898 ssh2
Oct 14 14:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: Connection closed by 107.152.45.37 port 57898 [preauth]
Oct 14 14:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: Invalid user postgres from 107.152.45.37
Oct 14 14:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: input_userauth_request: invalid user postgres [preauth]
Oct 14 14:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12188]: Failed password for invalid user admin from 107.152.45.37 port 57910 ssh2
Oct 14 14:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12188]: Connection closed by 107.152.45.37 port 57910 [preauth]
Oct 14 14:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: Invalid user kali from 107.152.45.37
Oct 14 14:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: input_userauth_request: invalid user kali [preauth]
Oct 14 14:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: Failed password for invalid user admin from 107.152.45.37 port 57924 ssh2
Oct 14 14:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: Connection closed by 107.152.45.37 port 57924 [preauth]
Oct 14 14:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: Invalid user git from 107.152.45.37
Oct 14 14:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: input_userauth_request: invalid user git [preauth]
Oct 14 14:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: Failed password for invalid user postgres from 107.152.45.37 port 57940 ssh2
Oct 14 14:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: Connection closed by 107.152.45.37 port 57940 [preauth]
Oct 14 14:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: Invalid user hadoop from 107.152.45.37
Oct 14 14:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 14:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: Failed password for invalid user kali from 107.152.45.37 port 57950 ssh2
Oct 14 14:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: Connection closed by 107.152.45.37 port 57950 [preauth]
Oct 14 14:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: Invalid user testuser from 107.152.45.37
Oct 14 14:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: input_userauth_request: invalid user testuser [preauth]
Oct 14 14:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: Failed password for invalid user git from 107.152.45.37 port 57956 ssh2
Oct 14 14:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: Connection closed by 107.152.45.37 port 57956 [preauth]
Oct 14 14:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: Failed password for invalid user hadoop from 107.152.45.37 port 57960 ssh2
Oct 14 14:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: Connection closed by 107.152.45.37 port 57960 [preauth]
Oct 14 14:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: User mysql from 107.152.45.37 not allowed because not listed in AllowUsers
Oct 14 14:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: input_userauth_request: invalid user mysql [preauth]
Oct 14 14:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: Failed password for invalid user testuser from 107.152.45.37 port 57968 ssh2
Oct 14 14:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=mysql
Oct 14 14:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12232]: Connection closed by 107.152.45.37 port 57968 [preauth]
Oct 14 14:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: Failed password for root from 107.152.45.37 port 57972 ssh2
Oct 14 14:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: Invalid user es from 107.152.45.37
Oct 14 14:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: input_userauth_request: invalid user es [preauth]
Oct 14 14:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12235]: Connection closed by 107.152.45.37 port 57972 [preauth]
Oct 14 14:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12243]: Invalid user odoo18 from 107.152.45.37
Oct 14 14:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12243]: input_userauth_request: invalid user odoo18 [preauth]
Oct 14 14:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12243]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: Failed password for invalid user mysql from 107.152.45.37 port 57980 ssh2
Oct 14 14:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12237]: Connection closed by 107.152.45.37 port 57980 [preauth]
Oct 14 14:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: Failed password for invalid user es from 107.152.45.37 port 57982 ssh2
Oct 14 14:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12239]: Connection closed by 107.152.45.37 port 57982 [preauth]
Oct 14 14:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12243]: Failed password for invalid user odoo18 from 107.152.45.37 port 57990 ssh2
Oct 14 14:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12243]: Connection closed by 107.152.45.37 port 57990 [preauth]
Oct 14 14:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12249]: User mysql from 107.152.45.37 not allowed because not listed in AllowUsers
Oct 14 14:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12249]: input_userauth_request: invalid user mysql [preauth]
Oct 14 14:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=mysql
Oct 14 14:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: Invalid user odoo from 107.152.45.37
Oct 14 14:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: input_userauth_request: invalid user odoo [preauth]
Oct 14 14:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: Failed password for root from 107.152.45.37 port 58004 ssh2
Oct 14 14:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: Connection closed by 107.152.45.37 port 58004 [preauth]
Oct 14 14:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12265]: Invalid user vpn from 107.152.45.37
Oct 14 14:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12265]: input_userauth_request: invalid user vpn [preauth]
Oct 14 14:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12265]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12249]: Failed password for invalid user mysql from 107.152.45.37 port 58012 ssh2
Oct 14 14:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12249]: Connection closed by 107.152.45.37 port 58012 [preauth]
Oct 14 14:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: Failed password for invalid user odoo from 107.152.45.37 port 58014 ssh2
Oct 14 14:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: Connection closed by 107.152.45.37 port 58014 [preauth]
Oct 14 14:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12270]: Invalid user ubuntu from 107.152.45.37
Oct 14 14:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12270]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12270]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12265]: Failed password for invalid user vpn from 107.152.45.37 port 38554 ssh2
Oct 14 14:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12265]: Connection closed by 107.152.45.37 port 38554 [preauth]
Oct 14 14:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: Invalid user fa from 107.152.45.37
Oct 14 14:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: input_userauth_request: invalid user fa [preauth]
Oct 14 14:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12268]: Failed password for root from 107.152.45.37 port 38560 ssh2
Oct 14 14:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12268]: Connection closed by 107.152.45.37 port 38560 [preauth]
Oct 14 14:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12270]: Failed password for invalid user ubuntu from 107.152.45.37 port 38570 ssh2
Oct 14 14:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12270]: Connection closed by 107.152.45.37 port 38570 [preauth]
Oct 14 14:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: Invalid user pi from 107.152.45.37
Oct 14 14:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: input_userauth_request: invalid user pi [preauth]
Oct 14 14:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: Failed password for invalid user fa from 107.152.45.37 port 38582 ssh2
Oct 14 14:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: Connection closed by 107.152.45.37 port 38582 [preauth]
Oct 14 14:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12278]: Failed password for root from 107.152.45.37 port 38594 ssh2
Oct 14 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12278]: Connection closed by 107.152.45.37 port 38594 [preauth]
Oct 14 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: Failed password for invalid user pi from 107.152.45.37 port 38600 ssh2
Oct 14 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12281]: Connection closed by 107.152.45.37 port 38600 [preauth]
Oct 14 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12299]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12298]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12296]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: Invalid user odroid from 107.152.45.37
Oct 14 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: input_userauth_request: invalid user odroid [preauth]
Oct 14 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: Failed password for root from 107.152.45.37 port 38612 ssh2
Oct 14 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: Connection closed by 107.152.45.37 port 38612 [preauth]
Oct 14 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12363]: Invalid user vyos from 107.152.45.37
Oct 14 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12363]: input_userauth_request: invalid user vyos [preauth]
Oct 14 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12363]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12376]: Successful su for rubyman by root
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12376]: + ??? root:rubyman
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411788 of user rubyman.
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12376]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411788.
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12288]: Failed password for root from 107.152.45.37 port 38622 ssh2
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12288]: Connection closed by 107.152.45.37 port 38622 [preauth]
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: Failed password for invalid user odroid from 107.152.45.37 port 38638 ssh2
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: Connection closed by 107.152.45.37 port 38638 [preauth]
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: Invalid user test from 107.152.45.37
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: input_userauth_request: invalid user test [preauth]
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: Invalid user user from 107.152.45.37
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: input_userauth_request: invalid user user [preauth]
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12363]: Failed password for invalid user vyos from 107.152.45.37 port 38654 ssh2
Oct 14 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12363]: Connection closed by 107.152.45.37 port 38654 [preauth]
Oct 14 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: Invalid user guest from 107.152.45.37
Oct 14 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: input_userauth_request: invalid user guest [preauth]
Oct 14 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: Failed password for invalid user test from 107.152.45.37 port 38684 ssh2
Oct 14 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: Failed password for invalid user user from 107.152.45.37 port 38670 ssh2
Oct 14 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: Connection closed by 107.152.45.37 port 38670 [preauth]
Oct 14 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12404]: Connection closed by 107.152.45.37 port 38684 [preauth]
Oct 14 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: Invalid user vagrant from 107.152.45.37
Oct 14 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: input_userauth_request: invalid user vagrant [preauth]
Oct 14 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: Failed password for invalid user guest from 107.152.45.37 port 38686 ssh2
Oct 14 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: Connection closed by 107.152.45.37 port 38686 [preauth]
Oct 14 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Invalid user orangepi from 107.152.45.37
Oct 14 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: input_userauth_request: invalid user orangepi [preauth]
Oct 14 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: Failed password for invalid user vagrant from 107.152.45.37 port 39938 ssh2
Oct 14 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: Failed password for root from 107.152.45.37 port 39926 ssh2
Oct 14 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12467]: Connection closed by 107.152.45.37 port 39938 [preauth]
Oct 14 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: Connection closed by 107.152.45.37 port 39926 [preauth]
Oct 14 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8957]: pam_unix(cron:session): session closed for user root
Oct 14 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Failed password for invalid user orangepi from 107.152.45.37 port 39950 ssh2
Oct 14 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Connection closed by 107.152.45.37 port 39950 [preauth]
Oct 14 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: Invalid user ubuntu from 107.152.45.37
Oct 14 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: Failed password for root from 107.152.45.37 port 39962 ssh2
Oct 14 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: Connection closed by 107.152.45.37 port 39962 [preauth]
Oct 14 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: Failed password for root from 107.152.45.37 port 39966 ssh2
Oct 14 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: Connection closed by 107.152.45.37 port 39966 [preauth]
Oct 14 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: Failed password for invalid user ubuntu from 107.152.45.37 port 39974 ssh2
Oct 14 14:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12575]: Connection closed by 107.152.45.37 port 39974 [preauth]
Oct 14 14:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12610]: Invalid user ubuntu from 107.152.45.37
Oct 14 14:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12610]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12610]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: Failed password for root from 107.152.45.37 port 39992 ssh2
Oct 14 14:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: Failed password for root from 107.152.45.37 port 39986 ssh2
Oct 14 14:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: Connection closed by 107.152.45.37 port 39992 [preauth]
Oct 14 14:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: Connection closed by 107.152.45.37 port 39986 [preauth]
Oct 14 14:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: Invalid user jenkins from 107.152.45.37
Oct 14 14:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 14:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: Invalid user jenkins from 107.152.45.37
Oct 14 14:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 14:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12610]: Failed password for invalid user ubuntu from 107.152.45.37 port 39998 ssh2
Oct 14 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12610]: Connection closed by 107.152.45.37 port 39998 [preauth]
Oct 14 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: Invalid user ubnt from 107.152.45.37
Oct 14 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: input_userauth_request: invalid user ubnt [preauth]
Oct 14 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: Failed password for invalid user jenkins from 107.152.45.37 port 40006 ssh2
Oct 14 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: Failed password for invalid user jenkins from 107.152.45.37 port 40012 ssh2
Oct 14 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: Connection closed by 107.152.45.37 port 40006 [preauth]
Oct 14 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: Connection closed by 107.152.45.37 port 40012 [preauth]
Oct 14 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12636]: Invalid user devops from 107.152.45.37
Oct 14 14:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12636]: input_userauth_request: invalid user devops [preauth]
Oct 14 14:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12636]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Invalid user ubnt from 107.152.45.37
Oct 14 14:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: input_userauth_request: invalid user ubnt [preauth]
Oct 14 14:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: Failed password for invalid user ubnt from 107.152.45.37 port 40024 ssh2
Oct 14 14:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12632]: Connection closed by 107.152.45.37 port 40024 [preauth]
Oct 14 14:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12636]: Failed password for invalid user devops from 107.152.45.37 port 40028 ssh2
Oct 14 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12636]: Connection closed by 107.152.45.37 port 40028 [preauth]
Oct 14 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Failed password for invalid user ubnt from 107.152.45.37 port 40040 ssh2
Oct 14 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Connection closed by 107.152.45.37 port 40040 [preauth]
Oct 14 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12656]: Invalid user dspace from 107.152.45.37
Oct 14 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12656]: input_userauth_request: invalid user dspace [preauth]
Oct 14 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12656]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: Invalid user pi from 107.152.45.37
Oct 14 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: input_userauth_request: invalid user pi [preauth]
Oct 14 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12660]: Invalid user elastic from 107.152.45.37
Oct 14 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12660]: input_userauth_request: invalid user elastic [preauth]
Oct 14 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12660]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12297]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12656]: Failed password for invalid user dspace from 107.152.45.37 port 36850 ssh2
Oct 14 14:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12656]: Connection closed by 107.152.45.37 port 36850 [preauth]
Oct 14 14:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: Failed password for invalid user pi from 107.152.45.37 port 36872 ssh2
Oct 14 14:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: Connection closed by 107.152.45.37 port 36872 [preauth]
Oct 14 14:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12660]: Failed password for invalid user elastic from 107.152.45.37 port 36858 ssh2
Oct 14 14:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Invalid user debian from 107.152.45.37
Oct 14 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: input_userauth_request: invalid user debian [preauth]
Oct 14 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12660]: Connection closed by 107.152.45.37 port 36858 [preauth]
Oct 14 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12703]: Invalid user ubuntu from 107.152.45.37
Oct 14 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12703]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12703]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: Failed password for root from 107.152.45.37 port 36874 ssh2
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: Connection closed by 107.152.45.37 port 36874 [preauth]
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Failed password for invalid user debian from 107.152.45.37 port 36890 ssh2
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Connection closed by 107.152.45.37 port 36890 [preauth]
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: Invalid user devops from 107.152.45.37
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: input_userauth_request: invalid user devops [preauth]
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: Invalid user odoo from 107.152.45.37
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: input_userauth_request: invalid user odoo [preauth]
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12703]: Failed password for invalid user ubuntu from 107.152.45.37 port 36902 ssh2
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12703]: Connection closed by 107.152.45.37 port 36902 [preauth]
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: Invalid user ubnt from 107.152.45.37
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: input_userauth_request: invalid user ubnt [preauth]
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: Failed password for invalid user devops from 107.152.45.37 port 36904 ssh2
Oct 14 14:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: Connection closed by 107.152.45.37 port 36904 [preauth]
Oct 14 14:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: Failed password for invalid user odoo from 107.152.45.37 port 36906 ssh2
Oct 14 14:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: Connection closed by 107.152.45.37 port 36906 [preauth]
Oct 14 14:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: Invalid user ts3 from 107.152.45.37
Oct 14 14:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: input_userauth_request: invalid user ts3 [preauth]
Oct 14 14:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: Failed password for invalid user ubnt from 107.152.45.37 port 36908 ssh2
Oct 14 14:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12717]: Connection closed by 107.152.45.37 port 36908 [preauth]
Oct 14 14:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: Invalid user vyos from 107.152.45.37
Oct 14 14:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: input_userauth_request: invalid user vyos [preauth]
Oct 14 14:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: Failed password for invalid user ts3 from 107.152.45.37 port 36918 ssh2
Oct 14 14:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12720]: Connection closed by 107.152.45.37 port 36918 [preauth]
Oct 14 14:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: Invalid user postgres from 107.152.45.37
Oct 14 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: input_userauth_request: invalid user postgres [preauth]
Oct 14 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: Failed password for root from 107.152.45.37 port 36934 ssh2
Oct 14 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: Connection closed by 107.152.45.37 port 36934 [preauth]
Oct 14 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: Failed password for invalid user vyos from 107.152.45.37 port 36942 ssh2
Oct 14 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: Connection closed by 107.152.45.37 port 36942 [preauth]
Oct 14 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: Invalid user vpn from 107.152.45.37
Oct 14 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: input_userauth_request: invalid user vpn [preauth]
Oct 14 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: Invalid user ubuntu from 107.152.45.37
Oct 14 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: Failed password for invalid user postgres from 107.152.45.37 port 36946 ssh2
Oct 14 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: Connection closed by 107.152.45.37 port 36946 [preauth]
Oct 14 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: Failed password for invalid user vpn from 107.152.45.37 port 36950 ssh2
Oct 14 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: Connection closed by 107.152.45.37 port 36950 [preauth]
Oct 14 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: Invalid user debian from 107.152.45.37
Oct 14 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: input_userauth_request: invalid user debian [preauth]
Oct 14 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: Failed password for invalid user ubuntu from 107.152.45.37 port 36958 ssh2
Oct 14 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: Connection closed by 107.152.45.37 port 36958 [preauth]
Oct 14 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12749]: Invalid user postgres from 107.152.45.37
Oct 14 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12749]: input_userauth_request: invalid user postgres [preauth]
Oct 14 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12749]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: Failed password for invalid user debian from 107.152.45.37 port 41746 ssh2
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: Connection closed by 107.152.45.37 port 41746 [preauth]
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12747]: Failed password for root from 107.152.45.37 port 41760 ssh2
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12747]: Connection closed by 107.152.45.37 port 41760 [preauth]
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12751]: Invalid user ubuntu from 107.152.45.37
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12749]: Failed password for invalid user postgres from 107.152.45.37 port 41768 ssh2
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12751]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12749]: Connection closed by 107.152.45.37 port 41768 [preauth]
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12751]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: Invalid user deployer from 107.152.45.37
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: input_userauth_request: invalid user deployer [preauth]
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12756]: Invalid user admin from 107.152.45.37
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12756]: input_userauth_request: invalid user admin [preauth]
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12756]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: Invalid user openstack from 176.65.151.22
Oct 14 14:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: input_userauth_request: invalid user openstack [preauth]
Oct 14 14:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12751]: Failed password for invalid user ubuntu from 107.152.45.37 port 41770 ssh2
Oct 14 14:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: Failed password for invalid user deployer from 107.152.45.37 port 41778 ssh2
Oct 14 14:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: Connection closed by 107.152.45.37 port 41778 [preauth]
Oct 14 14:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12756]: Failed password for invalid user admin from 107.152.45.37 port 41786 ssh2
Oct 14 14:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12751]: Connection closed by 107.152.45.37 port 41770 [preauth]
Oct 14 14:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12756]: Connection closed by 107.152.45.37 port 41786 [preauth]
Oct 14 14:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: Invalid user minecraft from 107.152.45.37
Oct 14 14:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 14:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10  user=root
Oct 14 14:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: Failed password for invalid user openstack from 176.65.151.22 port 43394 ssh2
Oct 14 14:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: Received disconnect from 176.65.151.22 port 43394:11: Bye Bye [preauth]
Oct 14 14:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12769]: Disconnected from 176.65.151.22 port 43394 [preauth]
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: Failed password for root from 107.152.45.37 port 41802 ssh2
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: Connection closed by 107.152.45.37 port 41802 [preauth]
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12792]: Failed password for root from 107.152.45.37 port 41810 ssh2
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: Failed password for invalid user minecraft from 107.152.45.37 port 41818 ssh2
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12795]: Connection closed by 107.152.45.37 port 41818 [preauth]
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12792]: Connection closed by 107.152.45.37 port 41810 [preauth]
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: Invalid user kafka from 107.152.45.37
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: input_userauth_request: invalid user kafka [preauth]
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Failed password for root from 179.40.112.10 port 44694 ssh2
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12799]: Invalid user ftpuser from 107.152.45.37
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12799]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12799]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Received disconnect from 179.40.112.10 port 44694:11: Bye Bye [preauth]
Oct 14 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Disconnected from 179.40.112.10 port 44694 [preauth]
Oct 14 14:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: Failed password for invalid user kafka from 107.152.45.37 port 41826 ssh2
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: Connection closed by 107.152.45.37 port 41826 [preauth]
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12799]: Failed password for invalid user ftpuser from 107.152.45.37 port 41828 ssh2
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12803]: Failed password for root from 107.152.45.37 port 41832 ssh2
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12799]: Connection closed by 107.152.45.37 port 41828 [preauth]
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163  user=root
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12803]: Connection closed by 107.152.45.37 port 41832 [preauth]
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: Invalid user deploy from 107.152.45.37
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: input_userauth_request: invalid user deploy [preauth]
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Invalid user ansible from 107.152.45.37
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: input_userauth_request: invalid user ansible [preauth]
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: Invalid user ftpuser from 107.152.45.37
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Failed password for root from 36.69.152.163 port 43214 ssh2
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: Failed password for invalid user deploy from 107.152.45.37 port 41850 ssh2
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Received disconnect from 36.69.152.163 port 43214:11: Bye Bye [preauth]
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Disconnected from 36.69.152.163 port 43214 [preauth]
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12808]: Connection closed by 107.152.45.37 port 41850 [preauth]
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Failed password for invalid user ansible from 107.152.45.37 port 41842 ssh2
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12807]: Connection closed by 107.152.45.37 port 41842 [preauth]
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: Failed password for invalid user ftpuser from 107.152.45.37 port 41856 ssh2
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: Connection closed by 107.152.45.37 port 41856 [preauth]
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: Invalid user vagrant from 107.152.45.37
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: input_userauth_request: invalid user vagrant [preauth]
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: Invalid user admin from 107.152.45.37
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: input_userauth_request: invalid user admin [preauth]
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11164]: pam_unix(cron:session): session closed for user root
Oct 14 14:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: Failed password for invalid user vagrant from 107.152.45.37 port 58656 ssh2
Oct 14 14:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: Failed password for invalid user admin from 107.152.45.37 port 58662 ssh2
Oct 14 14:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: Connection closed by 107.152.45.37 port 58656 [preauth]
Oct 14 14:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: Connection closed by 107.152.45.37 port 58662 [preauth]
Oct 14 14:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12835]: Failed password for root from 107.152.45.37 port 58676 ssh2
Oct 14 14:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12835]: Connection closed by 107.152.45.37 port 58676 [preauth]
Oct 14 14:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12854]: Failed password for root from 107.152.45.37 port 58678 ssh2
Oct 14 14:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: Failed password for root from 107.152.45.37 port 58692 ssh2
Oct 14 14:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12854]: Connection closed by 107.152.45.37 port 58678 [preauth]
Oct 14 14:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: Connection closed by 107.152.45.37 port 58692 [preauth]
Oct 14 14:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12859]: Failed password for root from 107.152.45.37 port 58708 ssh2
Oct 14 14:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12859]: Connection closed by 107.152.45.37 port 58708 [preauth]
Oct 14 14:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: Invalid user user from 107.152.45.37
Oct 14 14:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: input_userauth_request: invalid user user [preauth]
Oct 14 14:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Invalid user ubuntu from 107.152.45.37
Oct 14 14:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: Failed password for invalid user user from 107.152.45.37 port 58718 ssh2
Oct 14 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Failed password for invalid user ubuntu from 107.152.45.37 port 58730 ssh2
Oct 14 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: Connection closed by 107.152.45.37 port 58718 [preauth]
Oct 14 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Connection closed by 107.152.45.37 port 58730 [preauth]
Oct 14 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: Failed password for root from 107.152.45.37 port 58740 ssh2
Oct 14 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: Connection closed by 107.152.45.37 port 58740 [preauth]
Oct 14 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12902]: Invalid user dspace from 107.152.45.37
Oct 14 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12902]: input_userauth_request: invalid user dspace [preauth]
Oct 14 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12902]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: Invalid user user from 107.152.45.37
Oct 14 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: input_userauth_request: invalid user user [preauth]
Oct 14 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: Failed password for root from 107.152.45.37 port 58744 ssh2
Oct 14 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: Connection closed by 107.152.45.37 port 58744 [preauth]
Oct 14 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Invalid user linaro from 107.152.45.37
Oct 14 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: input_userauth_request: invalid user linaro [preauth]
Oct 14 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12902]: Failed password for invalid user dspace from 107.152.45.37 port 58756 ssh2
Oct 14 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12902]: Connection closed by 107.152.45.37 port 58756 [preauth]
Oct 14 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: Failed password for invalid user user from 107.152.45.37 port 58752 ssh2
Oct 14 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: Invalid user testuser from 107.152.45.37
Oct 14 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: input_userauth_request: invalid user testuser [preauth]
Oct 14 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12900]: Connection closed by 107.152.45.37 port 58752 [preauth]
Oct 14 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Failed password for invalid user linaro from 107.152.45.37 port 58770 ssh2
Oct 14 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Connection closed by 107.152.45.37 port 58770 [preauth]
Oct 14 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: Failed password for invalid user testuser from 107.152.45.37 port 58772 ssh2
Oct 14 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: Connection closed by 107.152.45.37 port 58772 [preauth]
Oct 14 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: Failed password for root from 107.152.45.37 port 44388 ssh2
Oct 14 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: Invalid user pi from 107.152.45.37
Oct 14 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: input_userauth_request: invalid user pi [preauth]
Oct 14 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: Connection closed by 107.152.45.37 port 44388 [preauth]
Oct 14 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: Invalid user linaro from 107.152.45.37
Oct 14 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: input_userauth_request: invalid user linaro [preauth]
Oct 14 14:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: Failed password for root from 107.152.45.37 port 44402 ssh2
Oct 14 14:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: Connection closed by 107.152.45.37 port 44402 [preauth]
Oct 14 14:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: Failed password for invalid user pi from 107.152.45.37 port 44412 ssh2
Oct 14 14:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: Connection closed by 107.152.45.37 port 44412 [preauth]
Oct 14 14:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: Failed password for invalid user linaro from 107.152.45.37 port 44420 ssh2
Oct 14 14:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: Invalid user ubuntu from 107.152.45.37
Oct 14 14:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: Connection closed by 107.152.45.37 port 44420 [preauth]
Oct 14 14:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: Failed password for root from 107.152.45.37 port 44452 ssh2
Oct 14 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: Connection closed by 107.152.45.37 port 44452 [preauth]
Oct 14 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12959]: Invalid user git from 107.152.45.37
Oct 14 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12959]: input_userauth_request: invalid user git [preauth]
Oct 14 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12959]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: Failed password for invalid user ubuntu from 107.152.45.37 port 44464 ssh2
Oct 14 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: Connection closed by 107.152.45.37 port 44464 [preauth]
Oct 14 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12957]: Failed password for root from 107.152.45.37 port 44468 ssh2
Oct 14 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12957]: Connection closed by 107.152.45.37 port 44468 [preauth]
Oct 14 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Invalid user deploy from 107.152.45.37
Oct 14 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: input_userauth_request: invalid user deploy [preauth]
Oct 14 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12959]: Failed password for invalid user git from 107.152.45.37 port 44512 ssh2
Oct 14 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12959]: Connection closed by 107.152.45.37 port 44512 [preauth]
Oct 14 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: Invalid user deploy from 107.152.45.37
Oct 14 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: input_userauth_request: invalid user deploy [preauth]
Oct 14 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12963]: Failed password for root from 107.152.45.37 port 44524 ssh2
Oct 14 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12963]: Connection closed by 107.152.45.37 port 44524 [preauth]
Oct 14 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: Invalid user ubuntu from 107.152.45.37
Oct 14 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Failed password for invalid user deploy from 107.152.45.37 port 44530 ssh2
Oct 14 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Connection closed by 107.152.45.37 port 44530 [preauth]
Oct 14 14:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: Failed password for invalid user deploy from 107.152.45.37 port 44548 ssh2
Oct 14 14:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: Connection closed by 107.152.45.37 port 44548 [preauth]
Oct 14 14:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Invalid user es from 107.152.45.37
Oct 14 14:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: input_userauth_request: invalid user es [preauth]
Oct 14 14:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: Failed password for invalid user ubuntu from 107.152.45.37 port 44570 ssh2
Oct 14 14:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12981]: Connection closed by 107.152.45.37 port 44570 [preauth]
Oct 14 14:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12984]: Failed password for root from 107.152.45.37 port 44584 ssh2
Oct 14 14:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12984]: Connection closed by 107.152.45.37 port 44584 [preauth]
Oct 14 14:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Failed password for invalid user es from 107.152.45.37 port 55250 ssh2
Oct 14 14:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Connection closed by 107.152.45.37 port 55250 [preauth]
Oct 14 14:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12993]: Failed password for root from 107.152.45.37 port 55260 ssh2
Oct 14 14:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12993]: Connection closed by 107.152.45.37 port 55260 [preauth]
Oct 14 14:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12996]: Failed password for root from 107.152.45.37 port 55266 ssh2
Oct 14 14:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12996]: Connection closed by 107.152.45.37 port 55266 [preauth]
Oct 14 14:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Invalid user test from 107.152.45.37
Oct 14 14:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: input_userauth_request: invalid user test [preauth]
Oct 14 14:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: Failed password for root from 107.152.45.37 port 55280 ssh2
Oct 14 14:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: Connection closed by 107.152.45.37 port 55280 [preauth]
Oct 14 14:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13008]: Failed password for root from 107.152.45.37 port 55288 ssh2
Oct 14 14:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13008]: Connection closed by 107.152.45.37 port 55288 [preauth]
Oct 14 14:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13021]: Invalid user jenkins from 107.152.45.37
Oct 14 14:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13021]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 14:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13021]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Failed password for invalid user test from 107.152.45.37 port 55290 ssh2
Oct 14 14:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Connection closed by 107.152.45.37 port 55290 [preauth]
Oct 14 14:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: Invalid user devuser from 107.152.45.37
Oct 14 14:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: input_userauth_request: invalid user devuser [preauth]
Oct 14 14:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13036]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13033]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13031]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13021]: Failed password for invalid user jenkins from 107.152.45.37 port 55306 ssh2
Oct 14 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13021]: Connection closed by 107.152.45.37 port 55306 [preauth]
Oct 14 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: Invalid user oracle from 107.152.45.37
Oct 14 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: input_userauth_request: invalid user oracle [preauth]
Oct 14 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13115]: Successful su for rubyman by root
Oct 14 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13115]: + ??? root:rubyman
Oct 14 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411790 of user rubyman.
Oct 14 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13115]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411790.
Oct 14 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: Failed password for invalid user devuser from 107.152.45.37 port 55308 ssh2
Oct 14 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: Connection closed by 107.152.45.37 port 55308 [preauth]
Oct 14 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: Failed password for root from 107.152.45.37 port 55310 ssh2
Oct 14 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: Connection closed by 107.152.45.37 port 55310 [preauth]
Oct 14 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: Failed password for invalid user oracle from 107.152.45.37 port 55314 ssh2
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: Connection closed by 107.152.45.37 port 55314 [preauth]
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Failed password for root from 107.152.45.37 port 55326 ssh2
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Connection closed by 107.152.45.37 port 55326 [preauth]
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13192]: Invalid user test from 107.152.45.37
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13192]: input_userauth_request: invalid user test [preauth]
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13192]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13138]: Failed password for root from 107.152.45.37 port 55332 ssh2
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: Invalid user kafka from 107.152.45.37
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: input_userauth_request: invalid user kafka [preauth]
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13138]: Connection closed by 107.152.45.37 port 55332 [preauth]
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13199]: Invalid user devops from 107.152.45.37
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13199]: input_userauth_request: invalid user devops [preauth]
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13199]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13192]: Failed password for invalid user test from 107.152.45.37 port 55346 ssh2
Oct 14 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13192]: Connection closed by 107.152.45.37 port 55346 [preauth]
Oct 14 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: Failed password for invalid user kafka from 107.152.45.37 port 55348 ssh2
Oct 14 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Invalid user test from 107.152.45.37
Oct 14 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: input_userauth_request: invalid user test [preauth]
Oct 14 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: Connection closed by 107.152.45.37 port 55348 [preauth]
Oct 14 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: Invalid user linaro from 107.152.45.37
Oct 14 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: input_userauth_request: invalid user linaro [preauth]
Oct 14 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13199]: Failed password for invalid user devops from 107.152.45.37 port 55354 ssh2
Oct 14 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13199]: Connection closed by 107.152.45.37 port 55354 [preauth]
Oct 14 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Failed password for invalid user test from 107.152.45.37 port 40796 ssh2
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Connection closed by 107.152.45.37 port 40796 [preauth]
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: Failed password for invalid user linaro from 107.152.45.37 port 40812 ssh2
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: Invalid user pi from 107.152.45.37
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: input_userauth_request: invalid user pi [preauth]
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13241]: Connection closed by 107.152.45.37 port 40812 [preauth]
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: Invalid user oracle from 107.152.45.37
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: input_userauth_request: invalid user oracle [preauth]
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Failed password for root from 107.152.45.37 port 40814 ssh2
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Connection closed by 107.152.45.37 port 40814 [preauth]
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13423]: Invalid user pi from 107.152.45.37
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13423]: input_userauth_request: invalid user pi [preauth]
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13423]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9571]: pam_unix(cron:session): session closed for user root
Oct 14 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: Failed password for invalid user pi from 107.152.45.37 port 40822 ssh2
Oct 14 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13412]: Connection closed by 107.152.45.37 port 40822 [preauth]
Oct 14 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: Invalid user ubuntu from 107.152.45.37
Oct 14 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: Failed password for invalid user oracle from 107.152.45.37 port 40826 ssh2
Oct 14 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: Connection closed by 107.152.45.37 port 40826 [preauth]
Oct 14 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: Invalid user deploy from 107.152.45.37
Oct 14 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: input_userauth_request: invalid user deploy [preauth]
Oct 14 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13423]: Failed password for invalid user pi from 107.152.45.37 port 40832 ssh2
Oct 14 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13423]: Connection closed by 107.152.45.37 port 40832 [preauth]
Oct 14 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13465]: Failed password for root from 107.152.45.37 port 40874 ssh2
Oct 14 14:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: Failed password for invalid user ubuntu from 107.152.45.37 port 40846 ssh2
Oct 14 14:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13465]: Connection closed by 107.152.45.37 port 40874 [preauth]
Oct 14 14:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: Connection closed by 107.152.45.37 port 40846 [preauth]
Oct 14 14:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: Failed password for invalid user deploy from 107.152.45.37 port 40862 ssh2
Oct 14 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: Invalid user devuser from 107.152.45.37
Oct 14 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: input_userauth_request: invalid user devuser [preauth]
Oct 14 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13462]: Connection closed by 107.152.45.37 port 40862 [preauth]
Oct 14 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: Invalid user minecraft from 107.152.45.37
Oct 14 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: Failed password for invalid user devuser from 107.152.45.37 port 40878 ssh2
Oct 14 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13484]: Connection closed by 107.152.45.37 port 40878 [preauth]
Oct 14 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13485]: Failed password for root from 107.152.45.37 port 40886 ssh2
Oct 14 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13485]: Connection closed by 107.152.45.37 port 40886 [preauth]
Oct 14 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: Invalid user deploy from 107.152.45.37
Oct 14 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: input_userauth_request: invalid user deploy [preauth]
Oct 14 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: Failed password for invalid user minecraft from 107.152.45.37 port 40902 ssh2
Oct 14 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13488]: Connection closed by 107.152.45.37 port 40902 [preauth]
Oct 14 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Invalid user deploy from 107.152.45.37
Oct 14 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: input_userauth_request: invalid user deploy [preauth]
Oct 14 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13032]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: Failed password for invalid user deploy from 107.152.45.37 port 33486 ssh2
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: Connection closed by 107.152.45.37 port 33486 [preauth]
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13525]: Invalid user backupuser from 57.129.47.135
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13525]: input_userauth_request: invalid user backupuser [preauth]
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Failed password for invalid user deploy from 107.152.45.37 port 33496 ssh2
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13525]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Connection closed by 107.152.45.37 port 33496 [preauth]
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13502]: Failed password for root from 107.152.45.37 port 33498 ssh2
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: Invalid user postgres from 107.152.45.37
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: input_userauth_request: invalid user postgres [preauth]
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13502]: Connection closed by 107.152.45.37 port 33498 [preauth]
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: Invalid user deployer from 107.152.45.37
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: input_userauth_request: invalid user deployer [preauth]
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13538]: Invalid user debian from 107.152.45.37
Oct 14 14:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13538]: input_userauth_request: invalid user debian [preauth]
Oct 14 14:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13538]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13525]: Failed password for invalid user backupuser from 57.129.47.135 port 56260 ssh2
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13525]: Received disconnect from 57.129.47.135 port 56260:11: Bye Bye [preauth]
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13525]: Disconnected from 57.129.47.135 port 56260 [preauth]
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: Failed password for invalid user postgres from 107.152.45.37 port 33500 ssh2
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: Connection closed by 107.152.45.37 port 33500 [preauth]
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: Invalid user ubuntu from 107.152.45.37
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: Failed password for invalid user deployer from 107.152.45.37 port 33512 ssh2
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13536]: Connection closed by 107.152.45.37 port 33512 [preauth]
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13554]: Invalid user admin from 107.152.45.37
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13554]: input_userauth_request: invalid user admin [preauth]
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13554]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13538]: Failed password for invalid user debian from 107.152.45.37 port 33526 ssh2
Oct 14 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13538]: Connection closed by 107.152.45.37 port 33526 [preauth]
Oct 14 14:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: Invalid user test from 107.152.45.37
Oct 14 14:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: input_userauth_request: invalid user test [preauth]
Oct 14 14:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: Failed password for invalid user test from 107.152.45.37 port 33540 ssh2
Oct 14 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13563]: Connection closed by 107.152.45.37 port 33540 [preauth]
Oct 14 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: Failed password for invalid user ubuntu from 107.152.45.37 port 33528 ssh2
Oct 14 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: Connection closed by 107.152.45.37 port 33528 [preauth]
Oct 14 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13570]: Invalid user postgres from 107.152.45.37
Oct 14 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13570]: input_userauth_request: invalid user postgres [preauth]
Oct 14 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13570]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13554]: Failed password for invalid user admin from 107.152.45.37 port 33534 ssh2
Oct 14 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13554]: Connection closed by 107.152.45.37 port 33534 [preauth]
Oct 14 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: Invalid user testuser from 107.152.45.37
Oct 14 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: input_userauth_request: invalid user testuser [preauth]
Oct 14 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13570]: Failed password for invalid user postgres from 107.152.45.37 port 33558 ssh2
Oct 14 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13570]: Connection closed by 107.152.45.37 port 33558 [preauth]
Oct 14 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13566]: Failed password for root from 107.152.45.37 port 33554 ssh2
Oct 14 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13566]: Connection closed by 107.152.45.37 port 33554 [preauth]
Oct 14 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13583]: Invalid user hadoop from 107.152.45.37
Oct 14 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13583]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Invalid user admin from 107.152.45.37
Oct 14 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: input_userauth_request: invalid user admin [preauth]
Oct 14 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13583]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: Failed password for invalid user testuser from 107.152.45.37 port 33564 ssh2
Oct 14 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13573]: Connection closed by 107.152.45.37 port 33564 [preauth]
Oct 14 14:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13583]: Failed password for invalid user hadoop from 107.152.45.37 port 33568 ssh2
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Failed password for invalid user admin from 107.152.45.37 port 33576 ssh2
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13583]: Connection closed by 107.152.45.37 port 33568 [preauth]
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Connection closed by 107.152.45.37 port 33576 [preauth]
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: Invalid user oracle from 107.152.45.37
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: input_userauth_request: invalid user oracle [preauth]
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: Invalid user steam from 107.152.45.37
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: input_userauth_request: invalid user steam [preauth]
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13587]: Failed password for root from 107.152.45.37 port 59136 ssh2
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13587]: Connection closed by 107.152.45.37 port 59136 [preauth]
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: Invalid user kafka from 107.152.45.37
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: input_userauth_request: invalid user kafka [preauth]
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: Failed password for invalid user oracle from 107.152.45.37 port 59140 ssh2
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: Failed password for invalid user steam from 107.152.45.37 port 59150 ssh2
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13591]: Connection closed by 107.152.45.37 port 59140 [preauth]
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: Connection closed by 107.152.45.37 port 59150 [preauth]
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Invalid user admin from 107.152.45.37
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: input_userauth_request: invalid user admin [preauth]
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.160.96  user=root
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: Failed password for invalid user kafka from 107.152.45.37 port 59166 ssh2
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: Connection closed by 107.152.45.37 port 59166 [preauth]
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Invalid user devopsuser from 107.152.45.37
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: input_userauth_request: invalid user devopsuser [preauth]
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Failed password for invalid user admin from 107.152.45.37 port 59180 ssh2
Oct 14 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: Failed password for root from 94.177.160.96 port 51144 ssh2
Oct 14 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Connection closed by 107.152.45.37 port 59180 [preauth]
Oct 14 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: Failed password for root from 107.152.45.37 port 59188 ssh2
Oct 14 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: Connection closed by 107.152.45.37 port 59188 [preauth]
Oct 14 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: Connection closed by 94.177.160.96 port 51144 [preauth]
Oct 14 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13630]: Invalid user ubuntu from 107.152.45.37
Oct 14 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13630]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13630]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Failed password for invalid user devopsuser from 107.152.45.37 port 59200 ssh2
Oct 14 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Connection closed by 107.152.45.37 port 59200 [preauth]
Oct 14 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13634]: Invalid user odroid from 107.152.45.37
Oct 14 14:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13634]: input_userauth_request: invalid user odroid [preauth]
Oct 14 14:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13634]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37
Oct 14 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13630]: Failed password for invalid user ubuntu from 107.152.45.37 port 59210 ssh2
Oct 14 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13630]: Connection closed by 107.152.45.37 port 59210 [preauth]
Oct 14 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13634]: Failed password for invalid user odroid from 107.152.45.37 port 59224 ssh2
Oct 14 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13634]: Connection closed by 107.152.45.37 port 59224 [preauth]
Oct 14 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: Failed password for root from 107.152.45.37 port 59218 ssh2
Oct 14 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: Connection closed by 107.152.45.37 port 59218 [preauth]
Oct 14 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.152.45.37  user=root
Oct 14 14:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13638]: Failed password for root from 107.152.45.37 port 59236 ssh2
Oct 14 14:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13638]: Connection closed by 107.152.45.37 port 59236 [preauth]
Oct 14 14:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13640]: Failed password for root from 107.152.45.37 port 59244 ssh2
Oct 14 14:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13640]: Connection closed by 107.152.45.37 port 59244 [preauth]
Oct 14 14:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: Failed password for root from 107.152.45.37 port 59246 ssh2
Oct 14 14:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: Connection closed by 107.152.45.37 port 59246 [preauth]
Oct 14 14:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11736]: pam_unix(cron:session): session closed for user root
Oct 14 14:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138  user=root
Oct 14 14:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Failed password for root from 146.190.144.138 port 39146 ssh2
Oct 14 14:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Received disconnect from 146.190.144.138 port 39146:11: Bye Bye [preauth]
Oct 14 14:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Disconnected from 146.190.144.138 port 39146 [preauth]
Oct 14 14:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13733]: Invalid user kube from 37.59.110.4
Oct 14 14:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13733]: input_userauth_request: invalid user kube [preauth]
Oct 14 14:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13733]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13733]: Failed password for invalid user kube from 37.59.110.4 port 44966 ssh2
Oct 14 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13733]: Received disconnect from 37.59.110.4 port 44966:11: Bye Bye [preauth]
Oct 14 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13733]: Disconnected from 37.59.110.4 port 44966 [preauth]
Oct 14 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13760]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13754]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13756]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13755]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13760]: pam_unix(cron:session): session closed for user root
Oct 14 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13750]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13861]: Successful su for rubyman by root
Oct 14 14:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13861]: + ??? root:rubyman
Oct 14 14:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411797 of user rubyman.
Oct 14 14:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13861]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411797.
Oct 14 14:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13754]: pam_unix(cron:session): session closed for user root
Oct 14 14:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10169]: pam_unix(cron:session): session closed for user root
Oct 14 14:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: Invalid user roberto from 176.65.151.22
Oct 14 14:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: input_userauth_request: invalid user roberto [preauth]
Oct 14 14:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114  user=root
Oct 14 14:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: Failed password for invalid user roberto from 176.65.151.22 port 41670 ssh2
Oct 14 14:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: Received disconnect from 176.65.151.22 port 41670:11: Bye Bye [preauth]
Oct 14 14:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: Disconnected from 176.65.151.22 port 41670 [preauth]
Oct 14 14:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: Failed password for root from 196.22.48.114 port 37190 ssh2
Oct 14 14:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: Received disconnect from 196.22.48.114 port 37190:11: Bye Bye [preauth]
Oct 14 14:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14228]: Disconnected from 196.22.48.114 port 37190 [preauth]
Oct 14 14:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: Invalid user admin1 from 36.69.152.163
Oct 14 14:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: input_userauth_request: invalid user admin1 [preauth]
Oct 14 14:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: Failed password for invalid user admin1 from 36.69.152.163 port 39410 ssh2
Oct 14 14:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: Received disconnect from 36.69.152.163 port 39410:11: Bye Bye [preauth]
Oct 14 14:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: Disconnected from 36.69.152.163 port 39410 [preauth]
Oct 14 14:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135  user=root
Oct 14 14:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12299]: pam_unix(cron:session): session closed for user root
Oct 14 14:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: Failed password for root from 57.129.47.135 port 46518 ssh2
Oct 14 14:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: Received disconnect from 57.129.47.135 port 46518:11: Bye Bye [preauth]
Oct 14 14:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14268]: Disconnected from 57.129.47.135 port 46518 [preauth]
Oct 14 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14349]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14348]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14345]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14418]: Successful su for rubyman by root
Oct 14 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14418]: + ??? root:rubyman
Oct 14 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411800 of user rubyman.
Oct 14 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14418]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411800.
Oct 14 14:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10665]: pam_unix(cron:session): session closed for user root
Oct 14 14:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: Invalid user openstack from 37.59.110.4
Oct 14 14:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: input_userauth_request: invalid user openstack [preauth]
Oct 14 14:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 14:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: Invalid user leyla from 179.40.112.10
Oct 14 14:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: input_userauth_request: invalid user leyla [preauth]
Oct 14 14:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 14:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14347]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: Failed password for invalid user openstack from 37.59.110.4 port 39904 ssh2
Oct 14 14:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: Received disconnect from 37.59.110.4 port 39904:11: Bye Bye [preauth]
Oct 14 14:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: Disconnected from 37.59.110.4 port 39904 [preauth]
Oct 14 14:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: Failed password for invalid user leyla from 179.40.112.10 port 60910 ssh2
Oct 14 14:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: Received disconnect from 179.40.112.10 port 60910:11: Bye Bye [preauth]
Oct 14 14:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: Disconnected from 179.40.112.10 port 60910 [preauth]
Oct 14 14:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13036]: pam_unix(cron:session): session closed for user root
Oct 14 14:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22  user=root
Oct 14 14:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: Failed password for root from 176.65.151.22 port 52092 ssh2
Oct 14 14:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: Received disconnect from 176.65.151.22 port 52092:11: Bye Bye [preauth]
Oct 14 14:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: Disconnected from 176.65.151.22 port 52092 [preauth]
Oct 14 14:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: Invalid user cindy from 57.129.47.135
Oct 14 14:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: input_userauth_request: invalid user cindy [preauth]
Oct 14 14:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 14:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: Failed password for invalid user cindy from 57.129.47.135 port 53876 ssh2
Oct 14 14:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: Received disconnect from 57.129.47.135 port 53876:11: Bye Bye [preauth]
Oct 14 14:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: Disconnected from 57.129.47.135 port 53876 [preauth]
Oct 14 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14827]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14829]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14828]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14825]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14899]: Successful su for rubyman by root
Oct 14 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14899]: + ??? root:rubyman
Oct 14 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411806 of user rubyman.
Oct 14 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14899]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411806.
Oct 14 14:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11162]: pam_unix(cron:session): session closed for user root
Oct 14 14:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14827]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114  user=root
Oct 14 14:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15241]: Failed password for root from 196.22.48.114 port 40746 ssh2
Oct 14 14:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15241]: Received disconnect from 196.22.48.114 port 40746:11: Bye Bye [preauth]
Oct 14 14:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15241]: Disconnected from 196.22.48.114 port 40746 [preauth]
Oct 14 14:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: Invalid user zjc from 164.68.105.9
Oct 14 14:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: input_userauth_request: invalid user zjc [preauth]
Oct 14 14:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 14 14:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: Failed password for invalid user zjc from 164.68.105.9 port 43080 ssh2
Oct 14 14:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: Connection closed by 164.68.105.9 port 43080 [preauth]
Oct 14 14:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: Invalid user nginx from 37.59.110.4
Oct 14 14:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: input_userauth_request: invalid user nginx [preauth]
Oct 14 14:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 14:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: Failed password for invalid user nginx from 37.59.110.4 port 40312 ssh2
Oct 14 14:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: Received disconnect from 37.59.110.4 port 40312:11: Bye Bye [preauth]
Oct 14 14:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: Disconnected from 37.59.110.4 port 40312 [preauth]
Oct 14 14:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15307]: Invalid user debian from 36.69.152.163
Oct 14 14:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15307]: input_userauth_request: invalid user debian [preauth]
Oct 14 14:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15307]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15307]: Failed password for invalid user debian from 36.69.152.163 port 32926 ssh2
Oct 14 14:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15307]: Received disconnect from 36.69.152.163 port 32926:11: Bye Bye [preauth]
Oct 14 14:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15307]: Disconnected from 36.69.152.163 port 32926 [preauth]
Oct 14 14:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13756]: pam_unix(cron:session): session closed for user root
Oct 14 14:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22  user=root
Oct 14 14:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: Failed password for root from 176.65.151.22 port 43256 ssh2
Oct 14 14:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: Received disconnect from 176.65.151.22 port 43256:11: Bye Bye [preauth]
Oct 14 14:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: Disconnected from 176.65.151.22 port 43256 [preauth]
Oct 14 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15410]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15411]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15408]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15471]: Successful su for rubyman by root
Oct 14 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15471]: + ??? root:rubyman
Oct 14 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411811 of user rubyman.
Oct 14 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15471]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411811.
Oct 14 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Invalid user kube from 179.40.112.10
Oct 14 14:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: input_userauth_request: invalid user kube [preauth]
Oct 14 14:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 14:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Failed password for invalid user kube from 179.40.112.10 port 37194 ssh2
Oct 14 14:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Received disconnect from 179.40.112.10 port 37194:11: Bye Bye [preauth]
Oct 14 14:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Disconnected from 179.40.112.10 port 37194 [preauth]
Oct 14 14:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11661]: pam_unix(cron:session): session closed for user root
Oct 14 14:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135  user=root
Oct 14 14:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: Failed password for root from 57.129.47.135 port 45608 ssh2
Oct 14 14:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: Received disconnect from 57.129.47.135 port 45608:11: Bye Bye [preauth]
Oct 14 14:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: Disconnected from 57.129.47.135 port 45608 [preauth]
Oct 14 14:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15409]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14349]: pam_unix(cron:session): session closed for user root
Oct 14 14:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 14:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15798]: Failed password for root from 37.59.110.4 port 35750 ssh2
Oct 14 14:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15798]: Received disconnect from 37.59.110.4 port 35750:11: Bye Bye [preauth]
Oct 14 14:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15798]: Disconnected from 37.59.110.4 port 35750 [preauth]
Oct 14 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15852]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15851]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15849]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15923]: Successful su for rubyman by root
Oct 14 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15923]: + ??? root:rubyman
Oct 14 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411814 of user rubyman.
Oct 14 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15923]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411814.
Oct 14 14:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Invalid user user2 from 176.65.151.22
Oct 14 14:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: input_userauth_request: invalid user user2 [preauth]
Oct 14 14:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Failed password for invalid user user2 from 176.65.151.22 port 42168 ssh2
Oct 14 14:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12298]: pam_unix(cron:session): session closed for user root
Oct 14 14:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Received disconnect from 176.65.151.22 port 42168:11: Bye Bye [preauth]
Oct 14 14:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Disconnected from 176.65.151.22 port 42168 [preauth]
Oct 14 14:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114  user=root
Oct 14 14:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: Failed password for root from 196.22.48.114 port 40916 ssh2
Oct 14 14:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: Received disconnect from 196.22.48.114 port 40916:11: Bye Bye [preauth]
Oct 14 14:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: Disconnected from 196.22.48.114 port 40916 [preauth]
Oct 14 14:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15850]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135  user=root
Oct 14 14:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: Failed password for root from 57.129.47.135 port 36212 ssh2
Oct 14 14:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: Received disconnect from 57.129.47.135 port 36212:11: Bye Bye [preauth]
Oct 14 14:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: Disconnected from 57.129.47.135 port 36212 [preauth]
Oct 14 14:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16226]: Invalid user radio from 36.69.152.163
Oct 14 14:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16226]: input_userauth_request: invalid user radio [preauth]
Oct 14 14:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16226]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14829]: pam_unix(cron:session): session closed for user root
Oct 14 14:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16226]: Failed password for invalid user radio from 36.69.152.163 port 51302 ssh2
Oct 14 14:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16226]: Received disconnect from 36.69.152.163 port 51302:11: Bye Bye [preauth]
Oct 14 14:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16226]: Disconnected from 36.69.152.163 port 51302 [preauth]
Oct 14 14:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: Invalid user valeria from 179.40.112.10
Oct 14 14:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: input_userauth_request: invalid user valeria [preauth]
Oct 14 14:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 14:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: Failed password for invalid user valeria from 179.40.112.10 port 41928 ssh2
Oct 14 14:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: Received disconnect from 179.40.112.10 port 41928:11: Bye Bye [preauth]
Oct 14 14:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: Disconnected from 179.40.112.10 port 41928 [preauth]
Oct 14 14:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Invalid user backupuser from 37.59.110.4
Oct 14 14:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: input_userauth_request: invalid user backupuser [preauth]
Oct 14 14:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 14:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Failed password for invalid user backupuser from 37.59.110.4 port 43308 ssh2
Oct 14 14:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Received disconnect from 37.59.110.4 port 43308:11: Bye Bye [preauth]
Oct 14 14:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Disconnected from 37.59.110.4 port 43308 [preauth]
Oct 14 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16320]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16327]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16325]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16326]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16327]: pam_unix(cron:session): session closed for user root
Oct 14 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16317]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16412]: Successful su for rubyman by root
Oct 14 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16412]: + ??? root:rubyman
Oct 14 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411820 of user rubyman.
Oct 14 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16412]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411820.
Oct 14 14:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13033]: pam_unix(cron:session): session closed for user root
Oct 14 14:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16320]: pam_unix(cron:session): session closed for user root
Oct 14 14:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: Invalid user emilio from 176.65.151.22
Oct 14 14:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: input_userauth_request: invalid user emilio [preauth]
Oct 14 14:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: Failed password for invalid user emilio from 176.65.151.22 port 43318 ssh2
Oct 14 14:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: Received disconnect from 176.65.151.22 port 43318:11: Bye Bye [preauth]
Oct 14 14:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16651]: Disconnected from 176.65.151.22 port 43318 [preauth]
Oct 14 14:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16318]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Invalid user zjc from 164.68.105.9
Oct 14 14:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: input_userauth_request: invalid user zjc [preauth]
Oct 14 14:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 14 14:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15411]: pam_unix(cron:session): session closed for user root
Oct 14 14:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Failed password for invalid user zjc from 164.68.105.9 port 53154 ssh2
Oct 14 14:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Connection closed by 164.68.105.9 port 53154 [preauth]
Oct 14 14:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16781]: Invalid user admin from 57.129.47.135
Oct 14 14:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16781]: input_userauth_request: invalid user admin [preauth]
Oct 14 14:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16781]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 14:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16781]: Failed password for invalid user admin from 57.129.47.135 port 46692 ssh2
Oct 14 14:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16781]: Received disconnect from 57.129.47.135 port 46692:11: Bye Bye [preauth]
Oct 14 14:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16781]: Disconnected from 57.129.47.135 port 46692 [preauth]
Oct 14 14:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: Invalid user nps from 196.22.48.114
Oct 14 14:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: input_userauth_request: invalid user nps [preauth]
Oct 14 14:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 14:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: Failed password for invalid user nps from 196.22.48.114 port 35566 ssh2
Oct 14 14:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: Received disconnect from 196.22.48.114 port 35566:11: Bye Bye [preauth]
Oct 14 14:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: Disconnected from 196.22.48.114 port 35566 [preauth]
Oct 14 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16844]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16843]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16841]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16918]: Successful su for rubyman by root
Oct 14 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16918]: + ??? root:rubyman
Oct 14 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411822 of user rubyman.
Oct 14 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16918]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411822.
Oct 14 14:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: Invalid user admin from 37.59.110.4
Oct 14 14:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: input_userauth_request: invalid user admin [preauth]
Oct 14 14:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 14:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: Failed password for invalid user admin from 37.59.110.4 port 42086 ssh2
Oct 14 14:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: Received disconnect from 37.59.110.4 port 42086:11: Bye Bye [preauth]
Oct 14 14:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: Disconnected from 37.59.110.4 port 42086 [preauth]
Oct 14 14:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17090]: Bad protocol version identification '\026\003\001\001\027\001' from 165.154.100.42 port 55780
Oct 14 14:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13755]: pam_unix(cron:session): session closed for user root
Oct 14 14:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16842]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Invalid user nginx from 176.65.151.22
Oct 14 14:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: input_userauth_request: invalid user nginx [preauth]
Oct 14 14:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Invalid user local from 179.40.112.10
Oct 14 14:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: input_userauth_request: invalid user local [preauth]
Oct 14 14:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 14:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: Did not receive identification string from 165.154.100.42
Oct 14 14:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17203]: Connection closed by 165.154.100.42 port 43040 [preauth]
Oct 14 14:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17221]: Protocol major versions differ for 165.154.100.42: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Server
Oct 14 14:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Failed password for invalid user nginx from 176.65.151.22 port 39250 ssh2
Oct 14 14:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Failed password for invalid user local from 179.40.112.10 port 46568 ssh2
Oct 14 14:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Received disconnect from 176.65.151.22 port 39250:11: Bye Bye [preauth]
Oct 14 14:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Disconnected from 176.65.151.22 port 39250 [preauth]
Oct 14 14:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Received disconnect from 179.40.112.10 port 46568:11: Bye Bye [preauth]
Oct 14 14:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Disconnected from 179.40.112.10 port 46568 [preauth]
Oct 14 14:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: Invalid user oracle from 36.69.152.163
Oct 14 14:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: input_userauth_request: invalid user oracle [preauth]
Oct 14 14:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15852]: pam_unix(cron:session): session closed for user root
Oct 14 14:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: Failed password for invalid user oracle from 36.69.152.163 port 53876 ssh2
Oct 14 14:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: Received disconnect from 36.69.152.163 port 53876:11: Bye Bye [preauth]
Oct 14 14:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17235]: Disconnected from 36.69.152.163 port 53876 [preauth]
Oct 14 14:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135  user=root
Oct 14 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17334]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17335]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17332]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17408]: Successful su for rubyman by root
Oct 14 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17408]: + ??? root:rubyman
Oct 14 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: Failed password for root from 57.129.47.135 port 48670 ssh2
Oct 14 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411827 of user rubyman.
Oct 14 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17408]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411827.
Oct 14 14:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: Received disconnect from 57.129.47.135 port 48670:11: Bye Bye [preauth]
Oct 14 14:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17317]: Disconnected from 57.129.47.135 port 48670 [preauth]
Oct 14 14:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14348]: pam_unix(cron:session): session closed for user root
Oct 14 14:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17333]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 14:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17653]: Failed password for root from 37.59.110.4 port 52820 ssh2
Oct 14 14:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17653]: Received disconnect from 37.59.110.4 port 52820:11: Bye Bye [preauth]
Oct 14 14:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17653]: Disconnected from 37.59.110.4 port 52820 [preauth]
Oct 14 14:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16326]: pam_unix(cron:session): session closed for user root
Oct 14 14:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17761]: Invalid user nps from 176.65.151.22
Oct 14 14:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17761]: input_userauth_request: invalid user nps [preauth]
Oct 14 14:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17761]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17761]: Failed password for invalid user nps from 176.65.151.22 port 52700 ssh2
Oct 14 14:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17761]: Received disconnect from 176.65.151.22 port 52700:11: Bye Bye [preauth]
Oct 14 14:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17761]: Disconnected from 176.65.151.22 port 52700 [preauth]
Oct 14 14:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: Invalid user ts3user from 196.22.48.114
Oct 14 14:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: input_userauth_request: invalid user ts3user [preauth]
Oct 14 14:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 14:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: Failed password for invalid user ts3user from 196.22.48.114 port 54340 ssh2
Oct 14 14:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: Received disconnect from 196.22.48.114 port 54340:11: Bye Bye [preauth]
Oct 14 14:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: Disconnected from 196.22.48.114 port 54340 [preauth]
Oct 14 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17879]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17881]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17877]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17955]: Successful su for rubyman by root
Oct 14 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17955]: + ??? root:rubyman
Oct 14 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411831 of user rubyman.
Oct 14 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17955]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411831.
Oct 14 14:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14828]: pam_unix(cron:session): session closed for user root
Oct 14 14:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18264]: Invalid user nps from 179.40.112.10
Oct 14 14:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18264]: input_userauth_request: invalid user nps [preauth]
Oct 14 14:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18264]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 14:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18264]: Failed password for invalid user nps from 179.40.112.10 port 51054 ssh2
Oct 14 14:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18264]: Received disconnect from 179.40.112.10 port 51054:11: Bye Bye [preauth]
Oct 14 14:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18264]: Disconnected from 179.40.112.10 port 51054 [preauth]
Oct 14 14:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17878]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18442]: Invalid user nginx from 57.129.47.135
Oct 14 14:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18442]: input_userauth_request: invalid user nginx [preauth]
Oct 14 14:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18442]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 14:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18442]: Failed password for invalid user nginx from 57.129.47.135 port 35152 ssh2
Oct 14 14:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18442]: Received disconnect from 57.129.47.135 port 35152:11: Bye Bye [preauth]
Oct 14 14:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18442]: Disconnected from 57.129.47.135 port 35152 [preauth]
Oct 14 14:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16844]: pam_unix(cron:session): session closed for user root
Oct 14 14:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: Invalid user nagios from 36.69.152.163
Oct 14 14:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: input_userauth_request: invalid user nagios [preauth]
Oct 14 14:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: Failed password for invalid user nagios from 36.69.152.163 port 46368 ssh2
Oct 14 14:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: Received disconnect from 36.69.152.163 port 46368:11: Bye Bye [preauth]
Oct 14 14:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: Disconnected from 36.69.152.163 port 46368 [preauth]
Oct 14 14:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: Invalid user pawel from 37.59.110.4
Oct 14 14:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: input_userauth_request: invalid user pawel [preauth]
Oct 14 14:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 14:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: Invalid user admin from 2.57.121.25
Oct 14 14:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: input_userauth_request: invalid user admin [preauth]
Oct 14 14:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 14:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: Failed password for invalid user pawel from 37.59.110.4 port 39804 ssh2
Oct 14 14:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: Received disconnect from 37.59.110.4 port 39804:11: Bye Bye [preauth]
Oct 14 14:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: Disconnected from 37.59.110.4 port 39804 [preauth]
Oct 14 14:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: Failed password for invalid user admin from 2.57.121.25 port 31034 ssh2
Oct 14 14:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: Failed password for invalid user admin from 2.57.121.25 port 31034 ssh2
Oct 14 14:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: Failed password for invalid user admin from 2.57.121.25 port 31034 ssh2
Oct 14 14:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: Failed password for invalid user admin from 2.57.121.25 port 31034 ssh2
Oct 14 14:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: Failed password for invalid user admin from 2.57.121.25 port 31034 ssh2
Oct 14 14:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: Received disconnect from 2.57.121.25 port 31034:11: Bye [preauth]
Oct 14 14:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: Disconnected from 2.57.121.25 port 31034 [preauth]
Oct 14 14:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 14:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 14:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22  user=root
Oct 14 14:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: Failed password for root from 176.65.151.22 port 45386 ssh2
Oct 14 14:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: Received disconnect from 176.65.151.22 port 45386:11: Bye Bye [preauth]
Oct 14 14:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: Disconnected from 176.65.151.22 port 45386 [preauth]
Oct 14 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18605]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18608]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18602]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18680]: Successful su for rubyman by root
Oct 14 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18680]: + ??? root:rubyman
Oct 14 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411837 of user rubyman.
Oct 14 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18680]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411837.
Oct 14 14:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15410]: pam_unix(cron:session): session closed for user root
Oct 14 14:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18604]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17335]: pam_unix(cron:session): session closed for user root
Oct 14 14:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19135]: Invalid user elasticsearch from 196.22.48.114
Oct 14 14:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19135]: input_userauth_request: invalid user elasticsearch [preauth]
Oct 14 14:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19135]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 14:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19135]: Failed password for invalid user elasticsearch from 196.22.48.114 port 48810 ssh2
Oct 14 14:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19135]: Received disconnect from 196.22.48.114 port 48810:11: Bye Bye [preauth]
Oct 14 14:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19135]: Disconnected from 196.22.48.114 port 48810 [preauth]
Oct 14 14:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19160]: Invalid user local from 57.129.47.135
Oct 14 14:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19160]: input_userauth_request: invalid user local [preauth]
Oct 14 14:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19160]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 14:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10  user=root
Oct 14 14:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19160]: Failed password for invalid user local from 57.129.47.135 port 40090 ssh2
Oct 14 14:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19160]: Received disconnect from 57.129.47.135 port 40090:11: Bye Bye [preauth]
Oct 14 14:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19160]: Disconnected from 57.129.47.135 port 40090 [preauth]
Oct 14 14:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19173]: Failed password for root from 179.40.112.10 port 55528 ssh2
Oct 14 14:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19173]: Received disconnect from 179.40.112.10 port 55528:11: Bye Bye [preauth]
Oct 14 14:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19173]: Disconnected from 179.40.112.10 port 55528 [preauth]
Oct 14 14:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19188]: Invalid user emilio from 37.59.110.4
Oct 14 14:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19188]: input_userauth_request: invalid user emilio [preauth]
Oct 14 14:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19188]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 14:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19188]: Failed password for invalid user emilio from 37.59.110.4 port 36820 ssh2
Oct 14 14:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.217.232.214  user=root
Oct 14 14:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19188]: Received disconnect from 37.59.110.4 port 36820:11: Bye Bye [preauth]
Oct 14 14:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19188]: Disconnected from 37.59.110.4 port 36820 [preauth]
Oct 14 14:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: Failed password for root from 8.217.232.214 port 54204 ssh2
Oct 14 14:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19190]: Connection closed by 8.217.232.214 port 54204 [preauth]
Oct 14 14:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19207]: Invalid user pi from 8.217.232.214
Oct 14 14:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19207]: input_userauth_request: invalid user pi [preauth]
Oct 14 14:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19207]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.217.232.214
Oct 14 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19207]: Failed password for invalid user pi from 8.217.232.214 port 43884 ssh2
Oct 14 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19207]: Connection closed by 8.217.232.214 port 43884 [preauth]
Oct 14 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19223]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19221]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19222]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19225]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19225]: pam_unix(cron:session): session closed for user root
Oct 14 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19219]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19251]: Invalid user hive from 8.217.232.214
Oct 14 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19251]: input_userauth_request: invalid user hive [preauth]
Oct 14 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19251]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.217.232.214
Oct 14 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: Invalid user backupuser from 176.65.151.22
Oct 14 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: input_userauth_request: invalid user backupuser [preauth]
Oct 14 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19371]: Successful su for rubyman by root
Oct 14 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19371]: + ??? root:rubyman
Oct 14 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411838 of user rubyman.
Oct 14 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19371]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411838.
Oct 14 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: Failed password for invalid user backupuser from 176.65.151.22 port 43648 ssh2
Oct 14 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19251]: Failed password for invalid user hive from 8.217.232.214 port 43926 ssh2
Oct 14 14:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: Received disconnect from 176.65.151.22 port 43648:11: Bye Bye [preauth]
Oct 14 14:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: Disconnected from 176.65.151.22 port 43648 [preauth]
Oct 14 14:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19251]: Connection closed by 8.217.232.214 port 43926 [preauth]
Oct 14 14:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19554]: Invalid user git from 8.217.232.214
Oct 14 14:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19554]: input_userauth_request: invalid user git [preauth]
Oct 14 14:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19554]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.217.232.214
Oct 14 14:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19554]: Failed password for invalid user git from 8.217.232.214 port 43968 ssh2
Oct 14 14:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19554]: Connection closed by 8.217.232.214 port 43968 [preauth]
Oct 14 14:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19221]: pam_unix(cron:session): session closed for user root
Oct 14 14:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19748]: Invalid user wang from 8.217.232.214
Oct 14 14:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19748]: input_userauth_request: invalid user wang [preauth]
Oct 14 14:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19748]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.217.232.214
Oct 14 14:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15851]: pam_unix(cron:session): session closed for user root
Oct 14 14:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19748]: Failed password for invalid user wang from 8.217.232.214 port 39674 ssh2
Oct 14 14:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19748]: Connection closed by 8.217.232.214 port 39674 [preauth]
Oct 14 14:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: Invalid user nginx from 8.217.232.214
Oct 14 14:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: input_userauth_request: invalid user nginx [preauth]
Oct 14 14:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.217.232.214
Oct 14 14:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: Failed password for invalid user nginx from 8.217.232.214 port 39702 ssh2
Oct 14 14:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19864]: Connection closed by 8.217.232.214 port 39702 [preauth]
Oct 14 14:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19896]: Invalid user mongo from 8.217.232.214
Oct 14 14:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19896]: input_userauth_request: invalid user mongo [preauth]
Oct 14 14:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19896]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.217.232.214
Oct 14 14:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19896]: Failed password for invalid user mongo from 8.217.232.214 port 39730 ssh2
Oct 14 14:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19896]: Connection closed by 8.217.232.214 port 39730 [preauth]
Oct 14 14:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: Invalid user user from 8.217.232.214
Oct 14 14:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: input_userauth_request: invalid user user [preauth]
Oct 14 14:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.217.232.214
Oct 14 14:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19220]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: Failed password for invalid user user from 8.217.232.214 port 51786 ssh2
Oct 14 14:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: Connection closed by 8.217.232.214 port 51786 [preauth]
Oct 14 14:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: Invalid user oracle from 8.217.232.214
Oct 14 14:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: input_userauth_request: invalid user oracle [preauth]
Oct 14 14:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.217.232.214
Oct 14 14:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: Failed password for invalid user oracle from 8.217.232.214 port 51810 ssh2
Oct 14 14:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: Connection closed by 8.217.232.214 port 51810 [preauth]
Oct 14 14:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19966]: Invalid user gpadmin from 8.217.232.214
Oct 14 14:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19966]: input_userauth_request: invalid user gpadmin [preauth]
Oct 14 14:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19966]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.217.232.214
Oct 14 14:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19966]: Failed password for invalid user gpadmin from 8.217.232.214 port 51834 ssh2
Oct 14 14:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19966]: Connection closed by 8.217.232.214 port 51834 [preauth]
Oct 14 14:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.217.232.214  user=root
Oct 14 14:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19969]: Failed password for root from 8.217.232.214 port 51858 ssh2
Oct 14 14:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19969]: Connection closed by 8.217.232.214 port 51858 [preauth]
Oct 14 14:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: Invalid user nps from 146.190.144.138
Oct 14 14:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: input_userauth_request: invalid user nps [preauth]
Oct 14 14:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138
Oct 14 14:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: Invalid user esroot from 8.217.232.214
Oct 14 14:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: input_userauth_request: invalid user esroot [preauth]
Oct 14 14:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.217.232.214
Oct 14 14:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: Failed password for invalid user nps from 146.190.144.138 port 36502 ssh2
Oct 14 14:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: Received disconnect from 146.190.144.138 port 36502:11: Bye Bye [preauth]
Oct 14 14:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: Disconnected from 146.190.144.138 port 36502 [preauth]
Oct 14 14:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: Invalid user radio from 36.69.152.163
Oct 14 14:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: input_userauth_request: invalid user radio [preauth]
Oct 14 14:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: Failed password for invalid user esroot from 8.217.232.214 port 36838 ssh2
Oct 14 14:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: Connection closed by 8.217.232.214 port 36838 [preauth]
Oct 14 14:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Invalid user gitlab from 8.217.232.214
Oct 14 14:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: input_userauth_request: invalid user gitlab [preauth]
Oct 14 14:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.217.232.214
Oct 14 14:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: Failed password for invalid user radio from 36.69.152.163 port 47176 ssh2
Oct 14 14:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: Received disconnect from 36.69.152.163 port 47176:11: Bye Bye [preauth]
Oct 14 14:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: Disconnected from 36.69.152.163 port 47176 [preauth]
Oct 14 14:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Failed password for invalid user gitlab from 8.217.232.214 port 36854 ssh2
Oct 14 14:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Connection closed by 8.217.232.214 port 36854 [preauth]
Oct 14 14:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17881]: pam_unix(cron:session): session closed for user root
Oct 14 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20127]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20126]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20121]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20225]: Successful su for rubyman by root
Oct 14 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20225]: + ??? root:rubyman
Oct 14 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411845 of user rubyman.
Oct 14 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20225]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411845.
Oct 14 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: Did not receive identification string from 91.196.152.147
Oct 14 14:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: Failed password for root from 37.59.110.4 port 44442 ssh2
Oct 14 14:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: Received disconnect from 37.59.110.4 port 44442:11: Bye Bye [preauth]
Oct 14 14:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: Disconnected from 37.59.110.4 port 44442 [preauth]
Oct 14 14:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16325]: pam_unix(cron:session): session closed for user root
Oct 14 14:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: Invalid user guest from 176.65.151.22
Oct 14 14:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: input_userauth_request: invalid user guest [preauth]
Oct 14 14:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: Failed password for invalid user guest from 176.65.151.22 port 46802 ssh2
Oct 14 14:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: Received disconnect from 176.65.151.22 port 46802:11: Bye Bye [preauth]
Oct 14 14:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20429]: Disconnected from 176.65.151.22 port 46802 [preauth]
Oct 14 14:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135  user=root
Oct 14 14:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20328]: Did not receive identification string from 91.196.152.161
Oct 14 14:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20123]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: Failed password for root from 57.129.47.135 port 33636 ssh2
Oct 14 14:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: Received disconnect from 57.129.47.135 port 33636:11: Bye Bye [preauth]
Oct 14 14:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: Disconnected from 57.129.47.135 port 33636 [preauth]
Oct 14 14:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10  user=root
Oct 14 14:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: Failed password for root from 179.40.112.10 port 60204 ssh2
Oct 14 14:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: Received disconnect from 179.40.112.10 port 60204:11: Bye Bye [preauth]
Oct 14 14:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: Disconnected from 179.40.112.10 port 60204 [preauth]
Oct 14 14:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: Bad protocol version identification '\026\003\003\001\246\001' from 91.196.152.145 port 45075
Oct 14 14:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: Invalid user local from 196.22.48.114
Oct 14 14:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: input_userauth_request: invalid user local [preauth]
Oct 14 14:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 14:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: Failed password for invalid user local from 196.22.48.114 port 32852 ssh2
Oct 14 14:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20552]: Did not receive identification string from 91.196.152.162
Oct 14 14:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: Received disconnect from 196.22.48.114 port 32852:11: Bye Bye [preauth]
Oct 14 14:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: Disconnected from 196.22.48.114 port 32852 [preauth]
Oct 14 14:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18608]: pam_unix(cron:session): session closed for user root
Oct 14 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20653]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20651]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20649]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20729]: Successful su for rubyman by root
Oct 14 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20729]: + ??? root:rubyman
Oct 14 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411849 of user rubyman.
Oct 14 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20729]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411849.
Oct 14 14:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16843]: pam_unix(cron:session): session closed for user root
Oct 14 14:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: Invalid user ubuntu from 2.57.122.26
Oct 14 14:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26
Oct 14 14:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20650]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: Failed password for invalid user ubuntu from 2.57.122.26 port 36882 ssh2
Oct 14 14:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20940]: Connection closed by 2.57.122.26 port 36882 [preauth]
Oct 14 14:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: Invalid user ts3user from 37.59.110.4
Oct 14 14:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: input_userauth_request: invalid user ts3user [preauth]
Oct 14 14:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 14:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: Failed password for invalid user ts3user from 37.59.110.4 port 41794 ssh2
Oct 14 14:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: Received disconnect from 37.59.110.4 port 41794:11: Bye Bye [preauth]
Oct 14 14:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: Disconnected from 37.59.110.4 port 41794 [preauth]
Oct 14 14:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: Invalid user admin from 176.65.151.22
Oct 14 14:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: input_userauth_request: invalid user admin [preauth]
Oct 14 14:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: Failed password for invalid user admin from 176.65.151.22 port 55314 ssh2
Oct 14 14:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: Received disconnect from 176.65.151.22 port 55314:11: Bye Bye [preauth]
Oct 14 14:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: Disconnected from 176.65.151.22 port 55314 [preauth]
Oct 14 14:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163  user=root
Oct 14 14:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21014]: Failed password for root from 36.69.152.163 port 44116 ssh2
Oct 14 14:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21014]: Received disconnect from 36.69.152.163 port 44116:11: Bye Bye [preauth]
Oct 14 14:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21014]: Disconnected from 36.69.152.163 port 44116 [preauth]
Oct 14 14:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: Invalid user local from 146.190.144.138
Oct 14 14:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: input_userauth_request: invalid user local [preauth]
Oct 14 14:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138
Oct 14 14:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: Failed password for invalid user local from 146.190.144.138 port 49742 ssh2
Oct 14 14:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: Received disconnect from 146.190.144.138 port 49742:11: Bye Bye [preauth]
Oct 14 14:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: Disconnected from 146.190.144.138 port 49742 [preauth]
Oct 14 14:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19223]: pam_unix(cron:session): session closed for user root
Oct 14 14:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135  user=root
Oct 14 14:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: Failed password for root from 57.129.47.135 port 45762 ssh2
Oct 14 14:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: Received disconnect from 57.129.47.135 port 45762:11: Bye Bye [preauth]
Oct 14 14:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21081]: Disconnected from 57.129.47.135 port 45762 [preauth]
Oct 14 14:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 14:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: Failed password for root from 80.211.129.128 port 60994 ssh2
Oct 14 14:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21098]: Connection closed by 80.211.129.128 port 60994 [preauth]
Oct 14 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21132]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21131]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21129]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21199]: Successful su for rubyman by root
Oct 14 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21199]: + ??? root:rubyman
Oct 14 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411852 of user rubyman.
Oct 14 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21199]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411852.
Oct 14 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: Invalid user emilio from 179.40.112.10
Oct 14 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: input_userauth_request: invalid user emilio [preauth]
Oct 14 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 14:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: Failed password for invalid user emilio from 179.40.112.10 port 36504 ssh2
Oct 14 14:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: Received disconnect from 179.40.112.10 port 36504:11: Bye Bye [preauth]
Oct 14 14:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21185]: Disconnected from 179.40.112.10 port 36504 [preauth]
Oct 14 14:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17334]: pam_unix(cron:session): session closed for user root
Oct 14 14:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21130]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114  user=root
Oct 14 14:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21528]: Failed password for root from 196.22.48.114 port 46340 ssh2
Oct 14 14:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21528]: Received disconnect from 196.22.48.114 port 46340:11: Bye Bye [preauth]
Oct 14 14:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21528]: Disconnected from 196.22.48.114 port 46340 [preauth]
Oct 14 14:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20127]: pam_unix(cron:session): session closed for user root
Oct 14 14:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22  user=root
Oct 14 14:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21596]: Invalid user guest from 37.59.110.4
Oct 14 14:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21596]: input_userauth_request: invalid user guest [preauth]
Oct 14 14:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21596]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 14:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: Failed password for root from 176.65.151.22 port 52586 ssh2
Oct 14 14:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: Received disconnect from 176.65.151.22 port 52586:11: Bye Bye [preauth]
Oct 14 14:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: Disconnected from 176.65.151.22 port 52586 [preauth]
Oct 14 14:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21596]: Failed password for invalid user guest from 37.59.110.4 port 48072 ssh2
Oct 14 14:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21596]: Received disconnect from 37.59.110.4 port 48072:11: Bye Bye [preauth]
Oct 14 14:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21596]: Disconnected from 37.59.110.4 port 48072 [preauth]
Oct 14 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21665]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21664]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21657]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21662]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21843]: Successful su for rubyman by root
Oct 14 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21843]: + ??? root:rubyman
Oct 14 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21843]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411857 of user rubyman.
Oct 14 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21843]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411857.
Oct 14 14:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21657]: pam_unix(cron:session): session closed for user root
Oct 14 14:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17879]: pam_unix(cron:session): session closed for user root
Oct 14 14:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21663]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: Invalid user ts3user from 57.129.47.135
Oct 14 14:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: input_userauth_request: invalid user ts3user [preauth]
Oct 14 14:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 14:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: Failed password for invalid user ts3user from 57.129.47.135 port 51894 ssh2
Oct 14 14:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: Received disconnect from 57.129.47.135 port 51894:11: Bye Bye [preauth]
Oct 14 14:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: Disconnected from 57.129.47.135 port 51894 [preauth]
Oct 14 14:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163  user=root
Oct 14 14:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: Failed password for root from 36.69.152.163 port 45640 ssh2
Oct 14 14:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: Received disconnect from 36.69.152.163 port 45640:11: Bye Bye [preauth]
Oct 14 14:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: Disconnected from 36.69.152.163 port 45640 [preauth]
Oct 14 14:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22158]: Invalid user astra from 146.190.144.138
Oct 14 14:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22158]: input_userauth_request: invalid user astra [preauth]
Oct 14 14:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22158]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138
Oct 14 14:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22158]: Failed password for invalid user astra from 146.190.144.138 port 41472 ssh2
Oct 14 14:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22158]: Received disconnect from 146.190.144.138 port 41472:11: Bye Bye [preauth]
Oct 14 14:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22158]: Disconnected from 146.190.144.138 port 41472 [preauth]
Oct 14 14:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20653]: pam_unix(cron:session): session closed for user root
Oct 14 14:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10  user=root
Oct 14 14:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Failed password for root from 179.40.112.10 port 41156 ssh2
Oct 14 14:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Received disconnect from 179.40.112.10 port 41156:11: Bye Bye [preauth]
Oct 14 14:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Disconnected from 179.40.112.10 port 41156 [preauth]
Oct 14 14:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: Invalid user leyla from 176.65.151.22
Oct 14 14:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: input_userauth_request: invalid user leyla [preauth]
Oct 14 14:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: Failed password for invalid user leyla from 176.65.151.22 port 38762 ssh2
Oct 14 14:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: Received disconnect from 176.65.151.22 port 38762:11: Bye Bye [preauth]
Oct 14 14:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: Disconnected from 176.65.151.22 port 38762 [preauth]
Oct 14 14:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Failed password for root from 37.59.110.4 port 47600 ssh2
Oct 14 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Received disconnect from 37.59.110.4 port 47600:11: Bye Bye [preauth]
Oct 14 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Disconnected from 37.59.110.4 port 47600 [preauth]
Oct 14 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22298]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22297]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22299]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22296]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22299]: pam_unix(cron:session): session closed for user root
Oct 14 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22294]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22378]: Successful su for rubyman by root
Oct 14 14:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22378]: + ??? root:rubyman
Oct 14 14:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411861 of user rubyman.
Oct 14 14:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22378]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411861.
Oct 14 14:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22296]: pam_unix(cron:session): session closed for user root
Oct 14 14:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18605]: pam_unix(cron:session): session closed for user root
Oct 14 14:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22295]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114  user=root
Oct 14 14:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: Failed password for root from 196.22.48.114 port 32770 ssh2
Oct 14 14:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: Received disconnect from 196.22.48.114 port 32770:11: Bye Bye [preauth]
Oct 14 14:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: Disconnected from 196.22.48.114 port 32770 [preauth]
Oct 14 14:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21132]: pam_unix(cron:session): session closed for user root
Oct 14 14:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Invalid user user from 62.60.131.157
Oct 14 14:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: input_userauth_request: invalid user user [preauth]
Oct 14 14:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 14:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Failed password for invalid user user from 62.60.131.157 port 24835 ssh2
Oct 14 14:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135  user=root
Oct 14 14:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Failed password for invalid user user from 62.60.131.157 port 24835 ssh2
Oct 14 14:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23119]: Failed password for root from 57.129.47.135 port 54896 ssh2
Oct 14 14:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23119]: Received disconnect from 57.129.47.135 port 54896:11: Bye Bye [preauth]
Oct 14 14:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23119]: Disconnected from 57.129.47.135 port 54896 [preauth]
Oct 14 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23136]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23138]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23132]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Failed password for invalid user user from 62.60.131.157 port 24835 ssh2
Oct 14 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23247]: Successful su for rubyman by root
Oct 14 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23247]: + ??? root:rubyman
Oct 14 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411867 of user rubyman.
Oct 14 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23247]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411867.
Oct 14 14:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Failed password for invalid user user from 62.60.131.157 port 24835 ssh2
Oct 14 14:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Failed password for invalid user user from 62.60.131.157 port 24835 ssh2
Oct 14 14:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Received disconnect from 62.60.131.157 port 24835:11: Bye [preauth]
Oct 14 14:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Disconnected from 62.60.131.157 port 24835 [preauth]
Oct 14 14:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 14:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 14:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Invalid user o2 from 176.65.151.22
Oct 14 14:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: input_userauth_request: invalid user o2 [preauth]
Oct 14 14:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19222]: pam_unix(cron:session): session closed for user root
Oct 14 14:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Failed password for invalid user o2 from 176.65.151.22 port 33006 ssh2
Oct 14 14:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Received disconnect from 176.65.151.22 port 33006:11: Bye Bye [preauth]
Oct 14 14:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Disconnected from 176.65.151.22 port 33006 [preauth]
Oct 14 14:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23135]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 14:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23829]: Failed password for root from 37.59.110.4 port 36788 ssh2
Oct 14 14:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23829]: Received disconnect from 37.59.110.4 port 36788:11: Bye Bye [preauth]
Oct 14 14:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23829]: Disconnected from 37.59.110.4 port 36788 [preauth]
Oct 14 14:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: Invalid user teamspeak from 36.69.152.163
Oct 14 14:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: input_userauth_request: invalid user teamspeak [preauth]
Oct 14 14:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10  user=root
Oct 14 14:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: Failed password for invalid user teamspeak from 36.69.152.163 port 33452 ssh2
Oct 14 14:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: Received disconnect from 36.69.152.163 port 33452:11: Bye Bye [preauth]
Oct 14 14:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: Disconnected from 36.69.152.163 port 33452 [preauth]
Oct 14 14:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23867]: Failed password for root from 179.40.112.10 port 45650 ssh2
Oct 14 14:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23867]: Received disconnect from 179.40.112.10 port 45650:11: Bye Bye [preauth]
Oct 14 14:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23867]: Disconnected from 179.40.112.10 port 45650 [preauth]
Oct 14 14:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21665]: pam_unix(cron:session): session closed for user root
Oct 14 14:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138  user=root
Oct 14 14:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Failed password for root from 146.190.144.138 port 35200 ssh2
Oct 14 14:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Received disconnect from 146.190.144.138 port 35200:11: Bye Bye [preauth]
Oct 14 14:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Disconnected from 146.190.144.138 port 35200 [preauth]
Oct 14 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24004]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24003]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24001]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23999]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24084]: Successful su for rubyman by root
Oct 14 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24084]: + ??? root:rubyman
Oct 14 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24084]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411871 of user rubyman.
Oct 14 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24084]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411871.
Oct 14 14:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20126]: pam_unix(cron:session): session closed for user root
Oct 14 14:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24001]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22  user=root
Oct 14 14:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: Invalid user pawel from 196.22.48.114
Oct 14 14:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: input_userauth_request: invalid user pawel [preauth]
Oct 14 14:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 14:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: Failed password for root from 176.65.151.22 port 55076 ssh2
Oct 14 14:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: Received disconnect from 176.65.151.22 port 55076:11: Bye Bye [preauth]
Oct 14 14:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: Disconnected from 176.65.151.22 port 55076 [preauth]
Oct 14 14:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: Failed password for invalid user pawel from 196.22.48.114 port 56750 ssh2
Oct 14 14:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: Received disconnect from 196.22.48.114 port 56750:11: Bye Bye [preauth]
Oct 14 14:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: Disconnected from 196.22.48.114 port 56750 [preauth]
Oct 14 14:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: Invalid user kube from 57.129.47.135
Oct 14 14:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: input_userauth_request: invalid user kube [preauth]
Oct 14 14:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 14:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Invalid user roberto from 37.59.110.4
Oct 14 14:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: input_userauth_request: invalid user roberto [preauth]
Oct 14 14:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 14:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: Failed password for invalid user kube from 57.129.47.135 port 50564 ssh2
Oct 14 14:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: Received disconnect from 57.129.47.135 port 50564:11: Bye Bye [preauth]
Oct 14 14:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: Disconnected from 57.129.47.135 port 50564 [preauth]
Oct 14 14:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Failed password for invalid user roberto from 37.59.110.4 port 48150 ssh2
Oct 14 14:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Received disconnect from 37.59.110.4 port 48150:11: Bye Bye [preauth]
Oct 14 14:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Disconnected from 37.59.110.4 port 48150 [preauth]
Oct 14 14:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22298]: pam_unix(cron:session): session closed for user root
Oct 14 14:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 14:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=medius20@198.199.94.12 rhost=::ffff:45.142.193.185
Oct 14 14:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 14:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=medius20 rhost=::ffff:45.142.193.185
Oct 14 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24560]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24561]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24557]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24635]: Successful su for rubyman by root
Oct 14 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24635]: + ??? root:rubyman
Oct 14 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411877 of user rubyman.
Oct 14 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24635]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411877.
Oct 14 14:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20651]: pam_unix(cron:session): session closed for user root
Oct 14 14:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24836]: Invalid user astra from 179.40.112.10
Oct 14 14:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24836]: input_userauth_request: invalid user astra [preauth]
Oct 14 14:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24836]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 14:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24836]: Failed password for invalid user astra from 179.40.112.10 port 50154 ssh2
Oct 14 14:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24836]: Received disconnect from 179.40.112.10 port 50154:11: Bye Bye [preauth]
Oct 14 14:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24836]: Disconnected from 179.40.112.10 port 50154 [preauth]
Oct 14 14:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24558]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24911]: Invalid user deploy from 36.69.152.163
Oct 14 14:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24911]: input_userauth_request: invalid user deploy [preauth]
Oct 14 14:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24911]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24911]: Failed password for invalid user deploy from 36.69.152.163 port 54134 ssh2
Oct 14 14:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24911]: Received disconnect from 36.69.152.163 port 54134:11: Bye Bye [preauth]
Oct 14 14:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24911]: Disconnected from 36.69.152.163 port 54134 [preauth]
Oct 14 14:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24931]: Invalid user astra from 176.65.151.22
Oct 14 14:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24931]: input_userauth_request: invalid user astra [preauth]
Oct 14 14:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24931]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24931]: Failed password for invalid user astra from 176.65.151.22 port 56008 ssh2
Oct 14 14:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24931]: Received disconnect from 176.65.151.22 port 56008:11: Bye Bye [preauth]
Oct 14 14:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24931]: Disconnected from 176.65.151.22 port 56008 [preauth]
Oct 14 14:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23138]: pam_unix(cron:session): session closed for user root
Oct 14 14:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138  user=root
Oct 14 14:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24991]: Failed password for root from 146.190.144.138 port 60202 ssh2
Oct 14 14:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24991]: Received disconnect from 146.190.144.138 port 60202:11: Bye Bye [preauth]
Oct 14 14:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24991]: Disconnected from 146.190.144.138 port 60202 [preauth]
Oct 14 14:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25002]: Invalid user elasticsearch from 37.59.110.4
Oct 14 14:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25002]: input_userauth_request: invalid user elasticsearch [preauth]
Oct 14 14:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25002]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 14:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25002]: Failed password for invalid user elasticsearch from 37.59.110.4 port 35472 ssh2
Oct 14 14:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25002]: Received disconnect from 37.59.110.4 port 35472:11: Bye Bye [preauth]
Oct 14 14:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25002]: Disconnected from 37.59.110.4 port 35472 [preauth]
Oct 14 14:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25043]: Invalid user ftpuser from 57.129.47.135
Oct 14 14:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25043]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 14:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25043]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25060]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25059]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25057]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25043]: Failed password for invalid user ftpuser from 57.129.47.135 port 38730 ssh2
Oct 14 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25043]: Received disconnect from 57.129.47.135 port 38730:11: Bye Bye [preauth]
Oct 14 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25043]: Disconnected from 57.129.47.135 port 38730 [preauth]
Oct 14 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25146]: Successful su for rubyman by root
Oct 14 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25146]: + ??? root:rubyman
Oct 14 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411880 of user rubyman.
Oct 14 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25146]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411880.
Oct 14 14:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21131]: pam_unix(cron:session): session closed for user root
Oct 14 14:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25058]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: Invalid user ftpuser from 196.22.48.114
Oct 14 14:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 14:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 14:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: Failed password for invalid user ftpuser from 196.22.48.114 port 53148 ssh2
Oct 14 14:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: Received disconnect from 196.22.48.114 port 53148:11: Bye Bye [preauth]
Oct 14 14:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: Disconnected from 196.22.48.114 port 53148 [preauth]
Oct 14 14:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24004]: pam_unix(cron:session): session closed for user root
Oct 14 14:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: Invalid user pawel from 176.65.151.22
Oct 14 14:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: input_userauth_request: invalid user pawel [preauth]
Oct 14 14:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: Failed password for invalid user pawel from 176.65.151.22 port 35916 ssh2
Oct 14 14:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: Received disconnect from 176.65.151.22 port 35916:11: Bye Bye [preauth]
Oct 14 14:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: Disconnected from 176.65.151.22 port 35916 [preauth]
Oct 14 14:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: Invalid user ts3user from 179.40.112.10
Oct 14 14:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: input_userauth_request: invalid user ts3user [preauth]
Oct 14 14:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 14:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: Failed password for invalid user ts3user from 179.40.112.10 port 54624 ssh2
Oct 14 14:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: Received disconnect from 179.40.112.10 port 54624:11: Bye Bye [preauth]
Oct 14 14:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: Disconnected from 179.40.112.10 port 54624 [preauth]
Oct 14 14:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25758]: Invalid user leyla from 37.59.110.4
Oct 14 14:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25758]: input_userauth_request: invalid user leyla [preauth]
Oct 14 14:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25758]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25776]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25775]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25772]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25773]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25776]: pam_unix(cron:session): session closed for user root
Oct 14 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25770]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25758]: Failed password for invalid user leyla from 37.59.110.4 port 39582 ssh2
Oct 14 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25758]: Received disconnect from 37.59.110.4 port 39582:11: Bye Bye [preauth]
Oct 14 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25758]: Disconnected from 37.59.110.4 port 39582 [preauth]
Oct 14 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25961]: Successful su for rubyman by root
Oct 14 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25961]: + ??? root:rubyman
Oct 14 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411884 of user rubyman.
Oct 14 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25961]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411884.
Oct 14 14:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25772]: pam_unix(cron:session): session closed for user root
Oct 14 14:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21664]: pam_unix(cron:session): session closed for user root
Oct 14 14:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25771]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135  user=root
Oct 14 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: Invalid user edit from 103.30.41.231
Oct 14 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: input_userauth_request: invalid user edit [preauth]
Oct 14 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 14:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: Invalid user builduser from 36.69.152.163
Oct 14 14:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: input_userauth_request: invalid user builduser [preauth]
Oct 14 14:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26285]: Failed password for root from 57.129.47.135 port 57890 ssh2
Oct 14 14:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26285]: Received disconnect from 57.129.47.135 port 57890:11: Bye Bye [preauth]
Oct 14 14:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26285]: Disconnected from 57.129.47.135 port 57890 [preauth]
Oct 14 14:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: Failed password for invalid user builduser from 36.69.152.163 port 53322 ssh2
Oct 14 14:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: Received disconnect from 36.69.152.163 port 53322:11: Bye Bye [preauth]
Oct 14 14:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: Disconnected from 36.69.152.163 port 53322 [preauth]
Oct 14 14:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: Failed password for invalid user edit from 103.30.41.231 port 54922 ssh2
Oct 14 14:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: Received disconnect from 103.30.41.231 port 54922:11: Bye Bye [preauth]
Oct 14 14:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: Disconnected from 103.30.41.231 port 54922 [preauth]
Oct 14 14:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24561]: pam_unix(cron:session): session closed for user root
Oct 14 14:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: Invalid user guest from 146.190.144.138
Oct 14 14:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: input_userauth_request: invalid user guest [preauth]
Oct 14 14:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138
Oct 14 14:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: Failed password for invalid user guest from 146.190.144.138 port 48178 ssh2
Oct 14 14:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: Received disconnect from 146.190.144.138 port 48178:11: Bye Bye [preauth]
Oct 14 14:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26358]: Disconnected from 146.190.144.138 port 48178 [preauth]
Oct 14 14:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22  user=root
Oct 14 14:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26391]: Failed password for root from 176.65.151.22 port 46500 ssh2
Oct 14 14:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26391]: Received disconnect from 176.65.151.22 port 46500:11: Bye Bye [preauth]
Oct 14 14:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26391]: Disconnected from 176.65.151.22 port 46500 [preauth]
Oct 14 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26495]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26494]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26493]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26491]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26494]: pam_unix(cron:session): session closed for user root
Oct 14 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26580]: Successful su for rubyman by root
Oct 14 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26580]: + ??? root:rubyman
Oct 14 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26580]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411890 of user rubyman.
Oct 14 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26580]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411890.
Oct 14 14:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22297]: pam_unix(cron:session): session closed for user root
Oct 14 14:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26492]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 14:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: Failed password for root from 37.59.110.4 port 40532 ssh2
Oct 14 14:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: Received disconnect from 37.59.110.4 port 40532:11: Bye Bye [preauth]
Oct 14 14:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: Disconnected from 37.59.110.4 port 40532 [preauth]
Oct 14 14:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: Invalid user backupuser from 196.22.48.114
Oct 14 14:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: input_userauth_request: invalid user backupuser [preauth]
Oct 14 14:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 14:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: Failed password for root from 222.95.45.9 port 33716 ssh2
Oct 14 14:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: Connection closed by 222.95.45.9 port 33716 [preauth]
Oct 14 14:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: Failed password for invalid user backupuser from 196.22.48.114 port 57920 ssh2
Oct 14 14:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: Received disconnect from 196.22.48.114 port 57920:11: Bye Bye [preauth]
Oct 14 14:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26921]: Disconnected from 196.22.48.114 port 57920 [preauth]
Oct 14 14:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: Failed password for root from 222.95.45.9 port 37363 ssh2
Oct 14 14:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26928]: Connection closed by 222.95.45.9 port 37363 [preauth]
Oct 14 14:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: Failed password for root from 222.95.45.9 port 41654 ssh2
Oct 14 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26958]: Connection closed by 222.95.45.9 port 41654 [preauth]
Oct 14 14:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: Failed password for root from 222.95.45.9 port 45726 ssh2
Oct 14 14:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: Connection closed by 222.95.45.9 port 45726 [preauth]
Oct 14 14:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25060]: pam_unix(cron:session): session closed for user root
Oct 14 14:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10  user=root
Oct 14 14:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Failed password for root from 222.95.45.9 port 50007 ssh2
Oct 14 14:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Connection closed by 222.95.45.9 port 50007 [preauth]
Oct 14 14:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27149]: Failed password for root from 179.40.112.10 port 59094 ssh2
Oct 14 14:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27149]: Received disconnect from 179.40.112.10 port 59094:11: Bye Bye [preauth]
Oct 14 14:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27149]: Disconnected from 179.40.112.10 port 59094 [preauth]
Oct 14 14:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27160]: Failed password for root from 222.95.45.9 port 53839 ssh2
Oct 14 14:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27160]: Connection closed by 222.95.45.9 port 53839 [preauth]
Oct 14 14:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27178]: Failed password for root from 222.95.45.9 port 57958 ssh2
Oct 14 14:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27178]: Connection closed by 222.95.45.9 port 57958 [preauth]
Oct 14 14:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: Failed password for root from 222.95.45.9 port 34066 ssh2
Oct 14 14:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27207]: Connection closed by 222.95.45.9 port 34066 [preauth]
Oct 14 14:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27216]: Invalid user gituser from 202.165.15.132
Oct 14 14:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27216]: input_userauth_request: invalid user gituser [preauth]
Oct 14 14:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27216]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 14:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27216]: Failed password for invalid user gituser from 202.165.15.132 port 57465 ssh2
Oct 14 14:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27216]: Received disconnect from 202.165.15.132 port 57465:11: Bye Bye [preauth]
Oct 14 14:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27216]: Disconnected from 202.165.15.132 port 57465 [preauth]
Oct 14 14:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27220]: Failed password for root from 222.95.45.9 port 37020 ssh2
Oct 14 14:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27220]: Connection closed by 222.95.45.9 port 37020 [preauth]
Oct 14 14:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27230]: Failed password for root from 222.95.45.9 port 40547 ssh2
Oct 14 14:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27230]: Connection closed by 222.95.45.9 port 40547 [preauth]
Oct 14 14:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27248]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27247]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27244]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27240]: Failed password for root from 222.95.45.9 port 44780 ssh2
Oct 14 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27240]: Connection closed by 222.95.45.9 port 44780 [preauth]
Oct 14 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27317]: Successful su for rubyman by root
Oct 14 14:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27317]: + ??? root:rubyman
Oct 14 14:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411895 of user rubyman.
Oct 14 14:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27317]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411895.
Oct 14 14:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: Failed password for root from 222.95.45.9 port 47876 ssh2
Oct 14 14:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: Connection closed by 222.95.45.9 port 47876 [preauth]
Oct 14 14:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135  user=root
Oct 14 14:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27414]: Failed password for root from 57.129.47.135 port 35626 ssh2
Oct 14 14:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27414]: Received disconnect from 57.129.47.135 port 35626:11: Bye Bye [preauth]
Oct 14 14:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27414]: Disconnected from 57.129.47.135 port 35626 [preauth]
Oct 14 14:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23136]: pam_unix(cron:session): session closed for user root
Oct 14 14:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22  user=root
Oct 14 14:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27420]: Failed password for root from 222.95.45.9 port 51330 ssh2
Oct 14 14:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27420]: Connection closed by 222.95.45.9 port 51330 [preauth]
Oct 14 14:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: Failed password for root from 176.65.151.22 port 45898 ssh2
Oct 14 14:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: Received disconnect from 176.65.151.22 port 45898:11: Bye Bye [preauth]
Oct 14 14:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: Disconnected from 176.65.151.22 port 45898 [preauth]
Oct 14 14:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: Failed password for root from 222.95.45.9 port 56159 ssh2
Oct 14 14:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: Connection closed by 222.95.45.9 port 56159 [preauth]
Oct 14 14:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27245]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: Failed password for root from 222.95.45.9 port 59200 ssh2
Oct 14 14:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: Connection closed by 222.95.45.9 port 59200 [preauth]
Oct 14 14:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: Failed password for root from 222.95.45.9 port 35157 ssh2
Oct 14 14:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: Connection closed by 222.95.45.9 port 35157 [preauth]
Oct 14 14:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: Failed password for root from 222.95.45.9 port 39343 ssh2
Oct 14 14:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27899]: Connection closed by 222.95.45.9 port 39343 [preauth]
Oct 14 14:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Failed password for root from 222.95.45.9 port 42352 ssh2
Oct 14 14:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Connection closed by 222.95.45.9 port 42352 [preauth]
Oct 14 14:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27939]: Invalid user valeria from 37.59.110.4
Oct 14 14:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27939]: input_userauth_request: invalid user valeria [preauth]
Oct 14 14:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27939]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 14:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27939]: Failed password for invalid user valeria from 37.59.110.4 port 47484 ssh2
Oct 14 14:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27939]: Received disconnect from 37.59.110.4 port 47484:11: Bye Bye [preauth]
Oct 14 14:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27939]: Disconnected from 37.59.110.4 port 47484 [preauth]
Oct 14 14:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Failed password for root from 222.95.45.9 port 46907 ssh2
Oct 14 14:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Connection closed by 222.95.45.9 port 46907 [preauth]
Oct 14 14:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27956]: Invalid user devuser from 36.69.152.163
Oct 14 14:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27956]: input_userauth_request: invalid user devuser [preauth]
Oct 14 14:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27956]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27954]: Failed password for root from 222.95.45.9 port 51866 ssh2
Oct 14 14:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27956]: Failed password for invalid user devuser from 36.69.152.163 port 49962 ssh2
Oct 14 14:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27954]: Connection closed by 222.95.45.9 port 51866 [preauth]
Oct 14 14:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27956]: Received disconnect from 36.69.152.163 port 49962:11: Bye Bye [preauth]
Oct 14 14:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27956]: Disconnected from 36.69.152.163 port 49962 [preauth]
Oct 14 14:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25775]: pam_unix(cron:session): session closed for user root
Oct 14 14:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: Failed password for root from 222.95.45.9 port 56208 ssh2
Oct 14 14:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: Connection closed by 222.95.45.9 port 56208 [preauth]
Oct 14 14:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: Failed password for root from 222.95.45.9 port 60051 ssh2
Oct 14 14:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: Connection closed by 222.95.45.9 port 60051 [preauth]
Oct 14 14:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138  user=root
Oct 14 14:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: Failed password for root from 222.95.45.9 port 36788 ssh2
Oct 14 14:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: Failed password for root from 146.190.144.138 port 55466 ssh2
Oct 14 14:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: Received disconnect from 146.190.144.138 port 55466:11: Bye Bye [preauth]
Oct 14 14:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28037]: Disconnected from 146.190.144.138 port 55466 [preauth]
Oct 14 14:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: Connection closed by 222.95.45.9 port 36788 [preauth]
Oct 14 14:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: Failed password for root from 222.95.45.9 port 40164 ssh2
Oct 14 14:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: Connection closed by 222.95.45.9 port 40164 [preauth]
Oct 14 14:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28054]: Failed password for root from 222.95.45.9 port 44836 ssh2
Oct 14 14:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28054]: Connection closed by 222.95.45.9 port 44836 [preauth]
Oct 14 14:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28071]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28073]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28070]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28069]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28149]: Successful su for rubyman by root
Oct 14 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28149]: + ??? root:rubyman
Oct 14 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411898 of user rubyman.
Oct 14 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28149]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411898.
Oct 14 14:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: Failed password for root from 222.95.45.9 port 48195 ssh2
Oct 14 14:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: Connection closed by 222.95.45.9 port 48195 [preauth]
Oct 14 14:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28226]: Failed password for root from 222.95.45.9 port 53892 ssh2
Oct 14 14:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24003]: pam_unix(cron:session): session closed for user root
Oct 14 14:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28226]: Connection closed by 222.95.45.9 port 53892 [preauth]
Oct 14 14:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28345]: Failed password for root from 222.95.45.9 port 57471 ssh2
Oct 14 14:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28345]: Connection closed by 222.95.45.9 port 57471 [preauth]
Oct 14 14:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28070]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: Invalid user pawel from 179.40.112.10
Oct 14 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: input_userauth_request: invalid user pawel [preauth]
Oct 14 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 14:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28361]: Failed password for root from 222.95.45.9 port 32771 ssh2
Oct 14 14:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114  user=root
Oct 14 14:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28361]: Connection closed by 222.95.45.9 port 32771 [preauth]
Oct 14 14:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: Failed password for invalid user pawel from 179.40.112.10 port 35328 ssh2
Oct 14 14:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: Received disconnect from 179.40.112.10 port 35328:11: Bye Bye [preauth]
Oct 14 14:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: Disconnected from 179.40.112.10 port 35328 [preauth]
Oct 14 14:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: Invalid user cindy from 176.65.151.22
Oct 14 14:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: input_userauth_request: invalid user cindy [preauth]
Oct 14 14:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: Failed password for root from 196.22.48.114 port 46536 ssh2
Oct 14 14:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: Received disconnect from 196.22.48.114 port 46536:11: Bye Bye [preauth]
Oct 14 14:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28410]: Disconnected from 196.22.48.114 port 46536 [preauth]
Oct 14 14:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: Failed password for invalid user cindy from 176.65.151.22 port 35164 ssh2
Oct 14 14:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: Received disconnect from 176.65.151.22 port 35164:11: Bye Bye [preauth]
Oct 14 14:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: Disconnected from 176.65.151.22 port 35164 [preauth]
Oct 14 14:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Failed password for root from 222.95.45.9 port 38942 ssh2
Oct 14 14:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Connection closed by 222.95.45.9 port 38942 [preauth]
Oct 14 14:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Failed password for root from 222.95.45.9 port 43401 ssh2
Oct 14 14:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Connection closed by 222.95.45.9 port 43401 [preauth]
Oct 14 14:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: Failed password for root from 222.95.45.9 port 48750 ssh2
Oct 14 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: Connection closed by 222.95.45.9 port 48750 [preauth]
Oct 14 14:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135  user=root
Oct 14 14:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28704]: Failed password for root from 57.129.47.135 port 47720 ssh2
Oct 14 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28704]: Received disconnect from 57.129.47.135 port 47720:11: Bye Bye [preauth]
Oct 14 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28704]: Disconnected from 57.129.47.135 port 47720 [preauth]
Oct 14 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26495]: pam_unix(cron:session): session closed for user root
Oct 14 14:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231  user=root
Oct 14 14:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28720]: Failed password for root from 222.95.45.9 port 53662 ssh2
Oct 14 14:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28720]: Connection closed by 222.95.45.9 port 53662 [preauth]
Oct 14 14:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28754]: Failed password for root from 103.30.41.231 port 56790 ssh2
Oct 14 14:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28754]: Received disconnect from 103.30.41.231 port 56790:11: Bye Bye [preauth]
Oct 14 14:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28754]: Disconnected from 103.30.41.231 port 56790 [preauth]
Oct 14 14:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 14:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: Failed password for root from 222.95.45.9 port 33403 ssh2
Oct 14 14:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: Connection closed by 222.95.45.9 port 33403 [preauth]
Oct 14 14:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28768]: Failed password for root from 37.59.110.4 port 42380 ssh2
Oct 14 14:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28768]: Received disconnect from 37.59.110.4 port 42380:11: Bye Bye [preauth]
Oct 14 14:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28768]: Disconnected from 37.59.110.4 port 42380 [preauth]
Oct 14 14:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: Failed password for root from 222.95.45.9 port 37350 ssh2
Oct 14 14:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28771]: Connection closed by 222.95.45.9 port 37350 [preauth]
Oct 14 14:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: Failed password for root from 222.95.45.9 port 43114 ssh2
Oct 14 14:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28800]: Connection closed by 222.95.45.9 port 43114 [preauth]
Oct 14 14:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28816]: Failed password for root from 222.95.45.9 port 48548 ssh2
Oct 14 14:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28816]: Connection closed by 222.95.45.9 port 48548 [preauth]
Oct 14 14:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28837]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28836]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28830]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28999]: Successful su for rubyman by root
Oct 14 14:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28999]: + ??? root:rubyman
Oct 14 14:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411903 of user rubyman.
Oct 14 14:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28999]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411903.
Oct 14 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28819]: Failed password for root from 222.95.45.9 port 51831 ssh2
Oct 14 14:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28819]: Connection closed by 222.95.45.9 port 51831 [preauth]
Oct 14 14:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29101]: Failed password for root from 222.95.45.9 port 56852 ssh2
Oct 14 14:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29101]: Connection closed by 222.95.45.9 port 56852 [preauth]
Oct 14 14:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24560]: pam_unix(cron:session): session closed for user root
Oct 14 14:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: Failed password for root from 222.95.45.9 port 60582 ssh2
Oct 14 14:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29216]: Connection closed by 222.95.45.9 port 60582 [preauth]
Oct 14 14:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29247]: Failed password for root from 222.95.45.9 port 36147 ssh2
Oct 14 14:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29247]: Connection closed by 222.95.45.9 port 36147 [preauth]
Oct 14 14:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28835]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: Failed password for root from 222.95.45.9 port 39062 ssh2
Oct 14 14:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: Connection closed by 222.95.45.9 port 39062 [preauth]
Oct 14 14:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29303]: Failed password for root from 222.95.45.9 port 41850 ssh2
Oct 14 14:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29303]: Connection closed by 222.95.45.9 port 41850 [preauth]
Oct 14 14:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132  user=root
Oct 14 14:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: Failed password for root from 202.165.15.132 port 43669 ssh2
Oct 14 14:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: Received disconnect from 202.165.15.132 port 43669:11: Bye Bye [preauth]
Oct 14 14:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: Disconnected from 202.165.15.132 port 43669 [preauth]
Oct 14 14:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29325]: Failed password for root from 222.95.45.9 port 45455 ssh2
Oct 14 14:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29325]: Connection closed by 222.95.45.9 port 45455 [preauth]
Oct 14 14:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29328]: Failed password for root from 222.95.45.9 port 48492 ssh2
Oct 14 14:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29328]: Connection closed by 222.95.45.9 port 48492 [preauth]
Oct 14 14:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22  user=root
Oct 14 14:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: Invalid user user1 from 36.69.152.163
Oct 14 14:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: input_userauth_request: invalid user user1 [preauth]
Oct 14 14:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29361]: Failed password for root from 176.65.151.22 port 38094 ssh2
Oct 14 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29361]: Received disconnect from 176.65.151.22 port 38094:11: Bye Bye [preauth]
Oct 14 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29361]: Disconnected from 176.65.151.22 port 38094 [preauth]
Oct 14 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: Failed password for root from 222.95.45.9 port 53757 ssh2
Oct 14 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29363]: Connection closed by 222.95.45.9 port 53757 [preauth]
Oct 14 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: Failed password for invalid user user1 from 36.69.152.163 port 36112 ssh2
Oct 14 14:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: Received disconnect from 36.69.152.163 port 36112:11: Bye Bye [preauth]
Oct 14 14:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: Disconnected from 36.69.152.163 port 36112 [preauth]
Oct 14 14:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Failed password for root from 222.95.45.9 port 57183 ssh2
Oct 14 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Connection closed by 222.95.45.9 port 57183 [preauth]
Oct 14 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27248]: pam_unix(cron:session): session closed for user root
Oct 14 14:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: Failed password for root from 222.95.45.9 port 60604 ssh2
Oct 14 14:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: Connection closed by 222.95.45.9 port 60604 [preauth]
Oct 14 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29418]: Failed password for root from 222.95.45.9 port 36957 ssh2
Oct 14 14:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29418]: Connection closed by 222.95.45.9 port 36957 [preauth]
Oct 14 14:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: Failed password for root from 222.95.45.9 port 41256 ssh2
Oct 14 14:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: Connection closed by 222.95.45.9 port 41256 [preauth]
Oct 14 14:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: Invalid user openstack from 146.190.144.138
Oct 14 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: input_userauth_request: invalid user openstack [preauth]
Oct 14 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138
Oct 14 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10  user=root
Oct 14 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29466]: Failed password for root from 222.95.45.9 port 45919 ssh2
Oct 14 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29466]: Connection closed by 222.95.45.9 port 45919 [preauth]
Oct 14 14:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: Failed password for invalid user openstack from 146.190.144.138 port 40462 ssh2
Oct 14 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: Received disconnect from 146.190.144.138 port 40462:11: Bye Bye [preauth]
Oct 14 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: Disconnected from 146.190.144.138 port 40462 [preauth]
Oct 14 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: Failed password for root from 179.40.112.10 port 39786 ssh2
Oct 14 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: Received disconnect from 179.40.112.10 port 39786:11: Bye Bye [preauth]
Oct 14 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: Disconnected from 179.40.112.10 port 39786 [preauth]
Oct 14 14:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29478]: Failed password for root from 222.95.45.9 port 49753 ssh2
Oct 14 14:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29478]: Connection closed by 222.95.45.9 port 49753 [preauth]
Oct 14 14:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29501]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29499]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29504]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29497]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29504]: pam_unix(cron:session): session closed for user root
Oct 14 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29495]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29492]: Failed password for root from 222.95.45.9 port 55128 ssh2
Oct 14 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29585]: Successful su for rubyman by root
Oct 14 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29585]: + ??? root:rubyman
Oct 14 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411907 of user rubyman.
Oct 14 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29585]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411907.
Oct 14 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29492]: Connection closed by 222.95.45.9 port 55128 [preauth]
Oct 14 14:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29711]: Invalid user elasticsearch from 57.129.47.135
Oct 14 14:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29711]: input_userauth_request: invalid user elasticsearch [preauth]
Oct 14 14:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29711]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 14:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: Invalid user local from 37.59.110.4
Oct 14 14:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: input_userauth_request: invalid user local [preauth]
Oct 14 14:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 14:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29632]: Failed password for root from 222.95.45.9 port 58630 ssh2
Oct 14 14:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29632]: Connection closed by 222.95.45.9 port 58630 [preauth]
Oct 14 14:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29497]: pam_unix(cron:session): session closed for user root
Oct 14 14:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25059]: pam_unix(cron:session): session closed for user root
Oct 14 14:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29711]: Failed password for invalid user elasticsearch from 57.129.47.135 port 49034 ssh2
Oct 14 14:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29711]: Received disconnect from 57.129.47.135 port 49034:11: Bye Bye [preauth]
Oct 14 14:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29711]: Disconnected from 57.129.47.135 port 49034 [preauth]
Oct 14 14:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: Failed password for invalid user local from 37.59.110.4 port 59542 ssh2
Oct 14 14:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: Received disconnect from 37.59.110.4 port 59542:11: Bye Bye [preauth]
Oct 14 14:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: Disconnected from 37.59.110.4 port 59542 [preauth]
Oct 14 14:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: Invalid user leyla from 196.22.48.114
Oct 14 14:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: input_userauth_request: invalid user leyla [preauth]
Oct 14 14:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 14:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: Failed password for root from 222.95.45.9 port 35231 ssh2
Oct 14 14:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29749]: Connection closed by 222.95.45.9 port 35231 [preauth]
Oct 14 14:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: Failed password for invalid user leyla from 196.22.48.114 port 48006 ssh2
Oct 14 14:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: Received disconnect from 196.22.48.114 port 48006:11: Bye Bye [preauth]
Oct 14 14:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: Disconnected from 196.22.48.114 port 48006 [preauth]
Oct 14 14:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: Failed password for root from 222.95.45.9 port 38321 ssh2
Oct 14 14:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: Connection closed by 222.95.45.9 port 38321 [preauth]
Oct 14 14:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29496]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: Failed password for root from 222.95.45.9 port 42006 ssh2
Oct 14 14:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: Connection closed by 222.95.45.9 port 42006 [preauth]
Oct 14 14:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29912]: Invalid user atul from 103.30.41.231
Oct 14 14:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29912]: input_userauth_request: invalid user atul [preauth]
Oct 14 14:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29912]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 14:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29912]: Failed password for invalid user atul from 103.30.41.231 port 38610 ssh2
Oct 14 14:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29912]: Received disconnect from 103.30.41.231 port 38610:11: Bye Bye [preauth]
Oct 14 14:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29912]: Disconnected from 103.30.41.231 port 38610 [preauth]
Oct 14 14:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29918]: Failed password for root from 222.95.45.9 port 46584 ssh2
Oct 14 14:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29918]: Connection closed by 222.95.45.9 port 46584 [preauth]
Oct 14 14:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: Failed password for root from 222.95.45.9 port 52551 ssh2
Oct 14 14:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29935]: Connection closed by 222.95.45.9 port 52551 [preauth]
Oct 14 14:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: Failed password for root from 222.95.45.9 port 56907 ssh2
Oct 14 14:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: Connection closed by 222.95.45.9 port 56907 [preauth]
Oct 14 14:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28073]: pam_unix(cron:session): session closed for user root
Oct 14 14:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: Failed password for root from 222.95.45.9 port 60602 ssh2
Oct 14 14:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: Connection closed by 222.95.45.9 port 60602 [preauth]
Oct 14 14:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: Failed password for root from 222.95.45.9 port 38795 ssh2
Oct 14 14:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30011]: Connection closed by 222.95.45.9 port 38795 [preauth]
Oct 14 14:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: Invalid user ftpuser from 176.65.151.22
Oct 14 14:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 14:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: Failed password for invalid user ftpuser from 176.65.151.22 port 45064 ssh2
Oct 14 14:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: Received disconnect from 176.65.151.22 port 45064:11: Bye Bye [preauth]
Oct 14 14:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: Disconnected from 176.65.151.22 port 45064 [preauth]
Oct 14 14:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30025]: Failed password for root from 222.95.45.9 port 42554 ssh2
Oct 14 14:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30025]: Connection closed by 222.95.45.9 port 42554 [preauth]
Oct 14 14:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Invalid user robby from 202.165.15.132
Oct 14 14:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: input_userauth_request: invalid user robby [preauth]
Oct 14 14:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 14:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Failed password for invalid user robby from 202.165.15.132 port 62407 ssh2
Oct 14 14:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Received disconnect from 202.165.15.132 port 62407:11: Bye Bye [preauth]
Oct 14 14:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Disconnected from 202.165.15.132 port 62407 [preauth]
Oct 14 14:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: Failed password for root from 222.95.45.9 port 49393 ssh2
Oct 14 14:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: Connection closed by 222.95.45.9 port 49393 [preauth]
Oct 14 14:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30096]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30095]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30093]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: Failed password for root from 222.95.45.9 port 54513 ssh2
Oct 14 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: Connection closed by 222.95.45.9 port 54513 [preauth]
Oct 14 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30185]: Successful su for rubyman by root
Oct 14 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30185]: + ??? root:rubyman
Oct 14 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411913 of user rubyman.
Oct 14 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30185]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411913.
Oct 14 14:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: Failed password for root from 222.95.45.9 port 58643 ssh2
Oct 14 14:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: Connection closed by 222.95.45.9 port 58643 [preauth]
Oct 14 14:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30308]: Failed password for root from 222.95.45.9 port 34591 ssh2
Oct 14 14:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30308]: Connection closed by 222.95.45.9 port 34591 [preauth]
Oct 14 14:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25773]: pam_unix(cron:session): session closed for user root
Oct 14 14:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30390]: Failed password for root from 222.95.45.9 port 37427 ssh2
Oct 14 14:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30390]: Connection closed by 222.95.45.9 port 37427 [preauth]
Oct 14 14:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30094]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: Failed password for root from 222.95.45.9 port 42606 ssh2
Oct 14 14:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30463]: Connection closed by 222.95.45.9 port 42606 [preauth]
Oct 14 14:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: Failed password for root from 222.95.45.9 port 45710 ssh2
Oct 14 14:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30533]: Connection closed by 222.95.45.9 port 45710 [preauth]
Oct 14 14:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: Failed password for root from 222.95.45.9 port 48880 ssh2
Oct 14 14:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30580]: Connection closed by 222.95.45.9 port 48880 [preauth]
Oct 14 14:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 14:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: Failed password for root from 37.59.110.4 port 38654 ssh2
Oct 14 14:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: Received disconnect from 37.59.110.4 port 38654:11: Bye Bye [preauth]
Oct 14 14:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30592]: Disconnected from 37.59.110.4 port 38654 [preauth]
Oct 14 14:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: Failed password for root from 222.95.45.9 port 52458 ssh2
Oct 14 14:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: Connection closed by 222.95.45.9 port 52458 [preauth]
Oct 14 14:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Invalid user dspace from 36.69.152.163
Oct 14 14:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: input_userauth_request: invalid user dspace [preauth]
Oct 14 14:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Failed password for invalid user dspace from 36.69.152.163 port 48642 ssh2
Oct 14 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Received disconnect from 36.69.152.163 port 48642:11: Bye Bye [preauth]
Oct 14 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Disconnected from 36.69.152.163 port 48642 [preauth]
Oct 14 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30620]: Failed password for root from 222.95.45.9 port 56417 ssh2
Oct 14 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30620]: Connection closed by 222.95.45.9 port 56417 [preauth]
Oct 14 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30638]: Invalid user o2 from 179.40.112.10
Oct 14 14:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30638]: input_userauth_request: invalid user o2 [preauth]
Oct 14 14:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30638]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 14:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30638]: Failed password for invalid user o2 from 179.40.112.10 port 44526 ssh2
Oct 14 14:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30638]: Received disconnect from 179.40.112.10 port 44526:11: Bye Bye [preauth]
Oct 14 14:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30638]: Disconnected from 179.40.112.10 port 44526 [preauth]
Oct 14 14:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: Failed password for root from 222.95.45.9 port 60539 ssh2
Oct 14 14:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: Connection closed by 222.95.45.9 port 60539 [preauth]
Oct 14 14:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28837]: pam_unix(cron:session): session closed for user root
Oct 14 14:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135  user=root
Oct 14 14:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: Failed password for root from 57.129.47.135 port 35768 ssh2
Oct 14 14:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: Received disconnect from 57.129.47.135 port 35768:11: Bye Bye [preauth]
Oct 14 14:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: Disconnected from 57.129.47.135 port 35768 [preauth]
Oct 14 14:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: Failed password for root from 222.95.45.9 port 35974 ssh2
Oct 14 14:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: Connection closed by 222.95.45.9 port 35974 [preauth]
Oct 14 14:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30684]: Failed password for root from 222.95.45.9 port 40897 ssh2
Oct 14 14:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30684]: Connection closed by 222.95.45.9 port 40897 [preauth]
Oct 14 14:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: Failed password for root from 222.95.45.9 port 44871 ssh2
Oct 14 14:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30702]: Connection closed by 222.95.45.9 port 44871 [preauth]
Oct 14 14:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30723]: Failed password for root from 222.95.45.9 port 49602 ssh2
Oct 14 14:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30723]: Connection closed by 222.95.45.9 port 49602 [preauth]
Oct 14 14:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: Invalid user ts3user from 146.190.144.138
Oct 14 14:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: input_userauth_request: invalid user ts3user [preauth]
Oct 14 14:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138
Oct 14 14:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: Failed password for root from 222.95.45.9 port 53082 ssh2
Oct 14 14:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: Connection closed by 222.95.45.9 port 53082 [preauth]
Oct 14 14:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: Failed password for invalid user ts3user from 146.190.144.138 port 58468 ssh2
Oct 14 14:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: Received disconnect from 146.190.144.138 port 58468:11: Bye Bye [preauth]
Oct 14 14:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: Disconnected from 146.190.144.138 port 58468 [preauth]
Oct 14 14:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30761]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30762]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30752]: Invalid user ts3user from 176.65.151.22
Oct 14 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30752]: input_userauth_request: invalid user ts3user [preauth]
Oct 14 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30752]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30759]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30754]: Invalid user integral from 103.30.41.231
Oct 14 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30754]: input_userauth_request: invalid user integral [preauth]
Oct 14 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30754]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30827]: Successful su for rubyman by root
Oct 14 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30741]: Failed password for root from 222.95.45.9 port 57143 ssh2
Oct 14 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30827]: + ??? root:rubyman
Oct 14 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411916 of user rubyman.
Oct 14 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30827]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411916.
Oct 14 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30741]: Connection closed by 222.95.45.9 port 57143 [preauth]
Oct 14 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30752]: Failed password for invalid user ts3user from 176.65.151.22 port 53696 ssh2
Oct 14 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30752]: Received disconnect from 176.65.151.22 port 53696:11: Bye Bye [preauth]
Oct 14 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30752]: Disconnected from 176.65.151.22 port 53696 [preauth]
Oct 14 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30754]: Failed password for invalid user integral from 103.30.41.231 port 55908 ssh2
Oct 14 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30754]: Received disconnect from 103.30.41.231 port 55908:11: Bye Bye [preauth]
Oct 14 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30754]: Disconnected from 103.30.41.231 port 55908 [preauth]
Oct 14 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114  user=root
Oct 14 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30855]: Failed password for root from 222.95.45.9 port 60564 ssh2
Oct 14 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30855]: Connection closed by 222.95.45.9 port 60564 [preauth]
Oct 14 14:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: Failed password for root from 196.22.48.114 port 55342 ssh2
Oct 14 14:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: Received disconnect from 196.22.48.114 port 55342:11: Bye Bye [preauth]
Oct 14 14:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: Disconnected from 196.22.48.114 port 55342 [preauth]
Oct 14 14:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9  user=root
Oct 14 14:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26493]: pam_unix(cron:session): session closed for user root
Oct 14 14:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: Failed password for root from 222.95.45.9 port 35854 ssh2
Oct 14 14:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: Connection closed by 222.95.45.9 port 35854 [preauth]
Oct 14 14:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30760]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31095]: Invalid user user from 222.95.45.9
Oct 14 14:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31095]: input_userauth_request: invalid user user [preauth]
Oct 14 14:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31095]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31095]: Failed password for invalid user user from 222.95.45.9 port 44827 ssh2
Oct 14 14:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31095]: Connection closed by 222.95.45.9 port 44827 [preauth]
Oct 14 14:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: Invalid user user from 222.95.45.9
Oct 14 14:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: input_userauth_request: invalid user user [preauth]
Oct 14 14:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: Failed password for invalid user user from 222.95.45.9 port 49233 ssh2
Oct 14 14:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: Connection closed by 222.95.45.9 port 49233 [preauth]
Oct 14 14:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: User bin from 202.165.15.132 not allowed because not listed in AllowUsers
Oct 14 14:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: input_userauth_request: invalid user bin [preauth]
Oct 14 14:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132  user=bin
Oct 14 14:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31134]: Invalid user user from 222.95.45.9
Oct 14 14:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31134]: input_userauth_request: invalid user user [preauth]
Oct 14 14:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31134]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: Failed password for invalid user bin from 202.165.15.132 port 17208 ssh2
Oct 14 14:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: Received disconnect from 202.165.15.132 port 17208:11: Bye Bye [preauth]
Oct 14 14:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: Disconnected from 202.165.15.132 port 17208 [preauth]
Oct 14 14:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31134]: Failed password for invalid user user from 222.95.45.9 port 54406 ssh2
Oct 14 14:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31134]: Connection closed by 222.95.45.9 port 54406 [preauth]
Oct 14 14:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: Invalid user user from 222.95.45.9
Oct 14 14:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: input_userauth_request: invalid user user [preauth]
Oct 14 14:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: Failed password for invalid user user from 222.95.45.9 port 57374 ssh2
Oct 14 14:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: Connection closed by 222.95.45.9 port 57374 [preauth]
Oct 14 14:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: Invalid user user from 222.95.45.9
Oct 14 14:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: input_userauth_request: invalid user user [preauth]
Oct 14 14:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: Failed password for invalid user user from 222.95.45.9 port 33422 ssh2
Oct 14 14:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31171]: Connection closed by 222.95.45.9 port 33422 [preauth]
Oct 14 14:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: Invalid user user from 222.95.45.9
Oct 14 14:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: input_userauth_request: invalid user user [preauth]
Oct 14 14:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29501]: pam_unix(cron:session): session closed for user root
Oct 14 14:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: Failed password for invalid user user from 222.95.45.9 port 37722 ssh2
Oct 14 14:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: Connection closed by 222.95.45.9 port 37722 [preauth]
Oct 14 14:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31206]: Invalid user user from 222.95.45.9
Oct 14 14:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31206]: input_userauth_request: invalid user user [preauth]
Oct 14 14:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31206]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31206]: Failed password for invalid user user from 222.95.45.9 port 40887 ssh2
Oct 14 14:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31206]: Connection closed by 222.95.45.9 port 40887 [preauth]
Oct 14 14:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: Invalid user ftpuser from 37.59.110.4
Oct 14 14:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 14:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 14:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: Invalid user user from 222.95.45.9
Oct 14 14:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: input_userauth_request: invalid user user [preauth]
Oct 14 14:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: Failed password for invalid user ftpuser from 37.59.110.4 port 53334 ssh2
Oct 14 14:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: Received disconnect from 37.59.110.4 port 53334:11: Bye Bye [preauth]
Oct 14 14:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: Disconnected from 37.59.110.4 port 53334 [preauth]
Oct 14 14:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: Failed password for invalid user user from 222.95.45.9 port 44171 ssh2
Oct 14 14:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: Connection closed by 222.95.45.9 port 44171 [preauth]
Oct 14 14:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31247]: Invalid user user from 222.95.45.9
Oct 14 14:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31247]: input_userauth_request: invalid user user [preauth]
Oct 14 14:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31247]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31247]: Failed password for invalid user user from 222.95.45.9 port 49139 ssh2
Oct 14 14:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31247]: Connection closed by 222.95.45.9 port 49139 [preauth]
Oct 14 14:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: Invalid user user from 222.95.45.9
Oct 14 14:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: input_userauth_request: invalid user user [preauth]
Oct 14 14:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: Failed password for invalid user user from 222.95.45.9 port 52821 ssh2
Oct 14 14:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: Connection closed by 222.95.45.9 port 52821 [preauth]
Oct 14 14:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: Invalid user user from 222.95.45.9
Oct 14 14:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: input_userauth_request: invalid user user [preauth]
Oct 14 14:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31275]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31274]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31272]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: Failed password for invalid user user from 222.95.45.9 port 56540 ssh2
Oct 14 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: Connection closed by 222.95.45.9 port 56540 [preauth]
Oct 14 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31351]: Successful su for rubyman by root
Oct 14 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31351]: + ??? root:rubyman
Oct 14 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411921 of user rubyman.
Oct 14 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31351]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411921.
Oct 14 14:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: Invalid user user from 222.95.45.9
Oct 14 14:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: input_userauth_request: invalid user user [preauth]
Oct 14 14:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: Failed password for invalid user user from 222.95.45.9 port 60418 ssh2
Oct 14 14:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: Connection closed by 222.95.45.9 port 60418 [preauth]
Oct 14 14:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: Invalid user user from 222.95.45.9
Oct 14 14:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: input_userauth_request: invalid user user [preauth]
Oct 14 14:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27247]: pam_unix(cron:session): session closed for user root
Oct 14 14:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: Failed password for invalid user user from 222.95.45.9 port 36593 ssh2
Oct 14 14:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: Connection closed by 222.95.45.9 port 36593 [preauth]
Oct 14 14:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31721]: Invalid user user from 222.95.45.9
Oct 14 14:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31721]: input_userauth_request: invalid user user [preauth]
Oct 14 14:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31721]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: Invalid user o2 from 57.129.47.135
Oct 14 14:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: input_userauth_request: invalid user o2 [preauth]
Oct 14 14:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 14:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31721]: Failed password for invalid user user from 222.95.45.9 port 42047 ssh2
Oct 14 14:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10  user=root
Oct 14 14:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31721]: Connection closed by 222.95.45.9 port 42047 [preauth]
Oct 14 14:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: Failed password for invalid user o2 from 57.129.47.135 port 41764 ssh2
Oct 14 14:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: Received disconnect from 57.129.47.135 port 41764:11: Bye Bye [preauth]
Oct 14 14:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: Disconnected from 57.129.47.135 port 41764 [preauth]
Oct 14 14:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: Invalid user valeria from 176.65.151.22
Oct 14 14:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: input_userauth_request: invalid user valeria [preauth]
Oct 14 14:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31273]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Failed password for root from 179.40.112.10 port 49024 ssh2
Oct 14 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Received disconnect from 179.40.112.10 port 49024:11: Bye Bye [preauth]
Oct 14 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Disconnected from 179.40.112.10 port 49024 [preauth]
Oct 14 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: Failed password for invalid user valeria from 176.65.151.22 port 37530 ssh2
Oct 14 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: Received disconnect from 176.65.151.22 port 37530:11: Bye Bye [preauth]
Oct 14 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: Disconnected from 176.65.151.22 port 37530 [preauth]
Oct 14 14:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: Invalid user user from 222.95.45.9
Oct 14 14:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: input_userauth_request: invalid user user [preauth]
Oct 14 14:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: Failed password for invalid user user from 222.95.45.9 port 44978 ssh2
Oct 14 14:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: Connection closed by 222.95.45.9 port 44978 [preauth]
Oct 14 14:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31780]: Invalid user user from 222.95.45.9
Oct 14 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31780]: input_userauth_request: invalid user user [preauth]
Oct 14 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31780]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31780]: Failed password for invalid user user from 222.95.45.9 port 51158 ssh2
Oct 14 14:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31780]: Connection closed by 222.95.45.9 port 51158 [preauth]
Oct 14 14:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: Invalid user adminuser from 36.69.152.163
Oct 14 14:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: input_userauth_request: invalid user adminuser [preauth]
Oct 14 14:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31797]: Invalid user user from 222.95.45.9
Oct 14 14:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31797]: input_userauth_request: invalid user user [preauth]
Oct 14 14:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31797]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: Failed password for invalid user adminuser from 36.69.152.163 port 34860 ssh2
Oct 14 14:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: Received disconnect from 36.69.152.163 port 34860:11: Bye Bye [preauth]
Oct 14 14:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31794]: Disconnected from 36.69.152.163 port 34860 [preauth]
Oct 14 14:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31797]: Failed password for invalid user user from 222.95.45.9 port 56063 ssh2
Oct 14 14:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31797]: Connection closed by 222.95.45.9 port 56063 [preauth]
Oct 14 14:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31825]: Invalid user user from 222.95.45.9
Oct 14 14:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31825]: input_userauth_request: invalid user user [preauth]
Oct 14 14:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31825]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31825]: Failed password for invalid user user from 222.95.45.9 port 33282 ssh2
Oct 14 14:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31825]: Connection closed by 222.95.45.9 port 33282 [preauth]
Oct 14 14:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: Invalid user user from 222.95.45.9
Oct 14 14:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: input_userauth_request: invalid user user [preauth]
Oct 14 14:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231  user=root
Oct 14 14:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30096]: pam_unix(cron:session): session closed for user root
Oct 14 14:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: Failed password for invalid user user from 222.95.45.9 port 36177 ssh2
Oct 14 14:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: Connection closed by 222.95.45.9 port 36177 [preauth]
Oct 14 14:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: Failed password for root from 103.30.41.231 port 46950 ssh2
Oct 14 14:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: Received disconnect from 103.30.41.231 port 46950:11: Bye Bye [preauth]
Oct 14 14:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: Disconnected from 103.30.41.231 port 46950 [preauth]
Oct 14 14:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: Invalid user user from 222.95.45.9
Oct 14 14:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: input_userauth_request: invalid user user [preauth]
Oct 14 14:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: Failed password for invalid user user from 222.95.45.9 port 39726 ssh2
Oct 14 14:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: Connection closed by 222.95.45.9 port 39726 [preauth]
Oct 14 14:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31880]: Invalid user user from 222.95.45.9
Oct 14 14:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31880]: input_userauth_request: invalid user user [preauth]
Oct 14 14:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31880]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31880]: Failed password for invalid user user from 222.95.45.9 port 45920 ssh2
Oct 14 14:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31880]: Connection closed by 222.95.45.9 port 45920 [preauth]
Oct 14 14:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31905]: Invalid user user from 222.95.45.9
Oct 14 14:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31905]: input_userauth_request: invalid user user [preauth]
Oct 14 14:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31905]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31905]: Failed password for invalid user user from 222.95.45.9 port 49103 ssh2
Oct 14 14:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132  user=root
Oct 14 14:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31905]: Connection closed by 222.95.45.9 port 49103 [preauth]
Oct 14 14:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31924]: Invalid user user from 222.95.45.9
Oct 14 14:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31924]: input_userauth_request: invalid user user [preauth]
Oct 14 14:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31924]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31921]: Failed password for root from 202.165.15.132 port 62306 ssh2
Oct 14 14:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31921]: Received disconnect from 202.165.15.132 port 62306:11: Bye Bye [preauth]
Oct 14 14:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31921]: Disconnected from 202.165.15.132 port 62306 [preauth]
Oct 14 14:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31924]: Failed password for invalid user user from 222.95.45.9 port 55668 ssh2
Oct 14 14:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31924]: Connection closed by 222.95.45.9 port 55668 [preauth]
Oct 14 14:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31944]: Invalid user user from 222.95.45.9
Oct 14 14:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31944]: input_userauth_request: invalid user user [preauth]
Oct 14 14:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31944]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114  user=root
Oct 14 14:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31946]: Invalid user astra from 37.59.110.4
Oct 14 14:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31946]: input_userauth_request: invalid user astra [preauth]
Oct 14 14:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31946]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31952]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31954]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31949]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32024]: Successful su for rubyman by root
Oct 14 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32024]: + ??? root:rubyman
Oct 14 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411925 of user rubyman.
Oct 14 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32024]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411925.
Oct 14 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31944]: Failed password for invalid user user from 222.95.45.9 port 58970 ssh2
Oct 14 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31942]: Failed password for root from 196.22.48.114 port 52904 ssh2
Oct 14 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31946]: Failed password for invalid user astra from 37.59.110.4 port 46202 ssh2
Oct 14 14:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31944]: Connection closed by 222.95.45.9 port 58970 [preauth]
Oct 14 14:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31946]: Received disconnect from 37.59.110.4 port 46202:11: Bye Bye [preauth]
Oct 14 14:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31946]: Disconnected from 37.59.110.4 port 46202 [preauth]
Oct 14 14:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31942]: Received disconnect from 196.22.48.114 port 52904:11: Bye Bye [preauth]
Oct 14 14:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31942]: Disconnected from 196.22.48.114 port 52904 [preauth]
Oct 14 14:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: Invalid user user from 222.95.45.9
Oct 14 14:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: input_userauth_request: invalid user user [preauth]
Oct 14 14:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28071]: pam_unix(cron:session): session closed for user root
Oct 14 14:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: Failed password for invalid user user from 222.95.45.9 port 34259 ssh2
Oct 14 14:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: Connection closed by 222.95.45.9 port 34259 [preauth]
Oct 14 14:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Invalid user user from 222.95.45.9
Oct 14 14:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: input_userauth_request: invalid user user [preauth]
Oct 14 14:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31951]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Failed password for invalid user user from 222.95.45.9 port 41121 ssh2
Oct 14 14:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Connection closed by 222.95.45.9 port 41121 [preauth]
Oct 14 14:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: Invalid user user from 222.95.45.9
Oct 14 14:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: input_userauth_request: invalid user user [preauth]
Oct 14 14:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: Failed password for invalid user user from 222.95.45.9 port 47682 ssh2
Oct 14 14:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: Connection closed by 222.95.45.9 port 47682 [preauth]
Oct 14 14:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: Invalid user user from 222.95.45.9
Oct 14 14:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: input_userauth_request: invalid user user [preauth]
Oct 14 14:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: Failed password for invalid user user from 222.95.45.9 port 52840 ssh2
Oct 14 14:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32374]: Connection closed by 222.95.45.9 port 52840 [preauth]
Oct 14 14:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22  user=root
Oct 14 14:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32386]: Invalid user user from 222.95.45.9
Oct 14 14:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32386]: input_userauth_request: invalid user user [preauth]
Oct 14 14:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32386]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32384]: Failed password for root from 176.65.151.22 port 38100 ssh2
Oct 14 14:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32384]: Received disconnect from 176.65.151.22 port 38100:11: Bye Bye [preauth]
Oct 14 14:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32384]: Disconnected from 176.65.151.22 port 38100 [preauth]
Oct 14 14:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32386]: Failed password for invalid user user from 222.95.45.9 port 56092 ssh2
Oct 14 14:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32386]: Connection closed by 222.95.45.9 port 56092 [preauth]
Oct 14 14:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32412]: Invalid user user from 222.95.45.9
Oct 14 14:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32412]: input_userauth_request: invalid user user [preauth]
Oct 14 14:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32412]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32412]: Failed password for invalid user user from 222.95.45.9 port 59294 ssh2
Oct 14 14:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32412]: Connection closed by 222.95.45.9 port 59294 [preauth]
Oct 14 14:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32416]: Invalid user user from 222.95.45.9
Oct 14 14:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32416]: input_userauth_request: invalid user user [preauth]
Oct 14 14:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32416]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30762]: pam_unix(cron:session): session closed for user root
Oct 14 14:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32416]: Failed password for invalid user user from 222.95.45.9 port 35179 ssh2
Oct 14 14:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32416]: Connection closed by 222.95.45.9 port 35179 [preauth]
Oct 14 14:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: Invalid user user from 222.95.45.9
Oct 14 14:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: input_userauth_request: invalid user user [preauth]
Oct 14 14:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: Failed password for invalid user user from 222.95.45.9 port 38617 ssh2
Oct 14 14:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: Connection closed by 222.95.45.9 port 38617 [preauth]
Oct 14 14:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: Invalid user roberto from 57.129.47.135
Oct 14 14:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: input_userauth_request: invalid user roberto [preauth]
Oct 14 14:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 14:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32464]: Invalid user user from 222.95.45.9
Oct 14 14:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32464]: input_userauth_request: invalid user user [preauth]
Oct 14 14:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32464]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: Failed password for invalid user roberto from 57.129.47.135 port 34834 ssh2
Oct 14 14:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: Received disconnect from 57.129.47.135 port 34834:11: Bye Bye [preauth]
Oct 14 14:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32466]: Disconnected from 57.129.47.135 port 34834 [preauth]
Oct 14 14:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32464]: Failed password for invalid user user from 222.95.45.9 port 44542 ssh2
Oct 14 14:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32464]: Connection closed by 222.95.45.9 port 44542 [preauth]
Oct 14 14:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Invalid user user from 222.95.45.9
Oct 14 14:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: input_userauth_request: invalid user user [preauth]
Oct 14 14:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: Invalid user user2 from 179.40.112.10
Oct 14 14:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: input_userauth_request: invalid user user2 [preauth]
Oct 14 14:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 14:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Failed password for invalid user user from 222.95.45.9 port 49118 ssh2
Oct 14 14:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Connection closed by 222.95.45.9 port 49118 [preauth]
Oct 14 14:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: Failed password for invalid user user2 from 179.40.112.10 port 53778 ssh2
Oct 14 14:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: Received disconnect from 179.40.112.10 port 53778:11: Bye Bye [preauth]
Oct 14 14:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: Disconnected from 179.40.112.10 port 53778 [preauth]
Oct 14 14:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32510]: Invalid user user from 222.95.45.9
Oct 14 14:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32510]: input_userauth_request: invalid user user [preauth]
Oct 14 14:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32510]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32526]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32527]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32525]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32524]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32527]: pam_unix(cron:session): session closed for user root
Oct 14 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32522]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32510]: Failed password for invalid user user from 222.95.45.9 port 53775 ssh2
Oct 14 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32510]: Connection closed by 222.95.45.9 port 53775 [preauth]
Oct 14 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32603]: Successful su for rubyman by root
Oct 14 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32603]: + ??? root:rubyman
Oct 14 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411928 of user rubyman.
Oct 14 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32603]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411928.
Oct 14 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: Invalid user user from 222.95.45.9
Oct 14 14:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: input_userauth_request: invalid user user [preauth]
Oct 14 14:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: Failed password for invalid user user from 222.95.45.9 port 34427 ssh2
Oct 14 14:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32636]: Connection closed by 222.95.45.9 port 34427 [preauth]
Oct 14 14:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32524]: pam_unix(cron:session): session closed for user root
Oct 14 14:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28836]: pam_unix(cron:session): session closed for user root
Oct 14 14:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[308]: Invalid user elemental from 103.30.41.231
Oct 14 14:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[308]: input_userauth_request: invalid user elemental [preauth]
Oct 14 14:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[308]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 14:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32735]: Invalid user user from 222.95.45.9
Oct 14 14:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32735]: input_userauth_request: invalid user user [preauth]
Oct 14 14:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32735]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[308]: Failed password for invalid user elemental from 103.30.41.231 port 59464 ssh2
Oct 14 14:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[308]: Received disconnect from 103.30.41.231 port 59464:11: Bye Bye [preauth]
Oct 14 14:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[308]: Disconnected from 103.30.41.231 port 59464 [preauth]
Oct 14 14:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32735]: Failed password for invalid user user from 222.95.45.9 port 38939 ssh2
Oct 14 14:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 14:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32735]: Connection closed by 222.95.45.9 port 38939 [preauth]
Oct 14 14:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Failed password for root from 37.59.110.4 port 49318 ssh2
Oct 14 14:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Received disconnect from 37.59.110.4 port 49318:11: Bye Bye [preauth]
Oct 14 14:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Disconnected from 37.59.110.4 port 49318 [preauth]
Oct 14 14:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: Invalid user user from 222.95.45.9
Oct 14 14:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: input_userauth_request: invalid user user [preauth]
Oct 14 14:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32523]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: Failed password for invalid user user from 222.95.45.9 port 45179 ssh2
Oct 14 14:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: Connection closed by 222.95.45.9 port 45179 [preauth]
Oct 14 14:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132  user=root
Oct 14 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: Invalid user user from 222.95.45.9
Oct 14 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: input_userauth_request: invalid user user [preauth]
Oct 14 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: Failed password for root from 202.165.15.132 port 47333 ssh2
Oct 14 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: Received disconnect from 202.165.15.132 port 47333:11: Bye Bye [preauth]
Oct 14 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: Disconnected from 202.165.15.132 port 47333 [preauth]
Oct 14 14:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: Failed password for invalid user user from 222.95.45.9 port 49852 ssh2
Oct 14 14:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: Connection closed by 222.95.45.9 port 49852 [preauth]
Oct 14 14:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: Invalid user ubuntu from 36.69.152.163
Oct 14 14:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: Failed password for invalid user ubuntu from 36.69.152.163 port 50600 ssh2
Oct 14 14:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: Received disconnect from 36.69.152.163 port 50600:11: Bye Bye [preauth]
Oct 14 14:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: Disconnected from 36.69.152.163 port 50600 [preauth]
Oct 14 14:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: Invalid user user from 222.95.45.9
Oct 14 14:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: input_userauth_request: invalid user user [preauth]
Oct 14 14:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: Failed password for invalid user user from 222.95.45.9 port 53746 ssh2
Oct 14 14:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[478]: Connection closed by 222.95.45.9 port 53746 [preauth]
Oct 14 14:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[508]: Invalid user user from 222.95.45.9
Oct 14 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[508]: input_userauth_request: invalid user user [preauth]
Oct 14 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[508]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[508]: Failed password for invalid user user from 222.95.45.9 port 33261 ssh2
Oct 14 14:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[508]: Connection closed by 222.95.45.9 port 33261 [preauth]
Oct 14 14:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22  user=root
Oct 14 14:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31275]: pam_unix(cron:session): session closed for user root
Oct 14 14:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: Failed password for root from 176.65.151.22 port 55700 ssh2
Oct 14 14:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: Received disconnect from 176.65.151.22 port 55700:11: Bye Bye [preauth]
Oct 14 14:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: Disconnected from 176.65.151.22 port 55700 [preauth]
Oct 14 14:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: Invalid user user from 222.95.45.9
Oct 14 14:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: input_userauth_request: invalid user user [preauth]
Oct 14 14:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: Failed password for invalid user user from 222.95.45.9 port 36419 ssh2
Oct 14 14:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[512]: Connection closed by 222.95.45.9 port 36419 [preauth]
Oct 14 14:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: Invalid user user from 222.95.45.9
Oct 14 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: input_userauth_request: invalid user user [preauth]
Oct 14 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: Failed password for invalid user user from 222.95.45.9 port 47380 ssh2
Oct 14 14:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: Connection closed by 222.95.45.9 port 47380 [preauth]
Oct 14 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: Invalid user kube from 196.22.48.114
Oct 14 14:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: input_userauth_request: invalid user kube [preauth]
Oct 14 14:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 14:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: Failed password for invalid user kube from 196.22.48.114 port 57526 ssh2
Oct 14 14:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: Received disconnect from 196.22.48.114 port 57526:11: Bye Bye [preauth]
Oct 14 14:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: Disconnected from 196.22.48.114 port 57526 [preauth]
Oct 14 14:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[588]: Invalid user user from 222.95.45.9
Oct 14 14:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[588]: input_userauth_request: invalid user user [preauth]
Oct 14 14:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[588]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[588]: Failed password for invalid user user from 222.95.45.9 port 51758 ssh2
Oct 14 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[588]: Connection closed by 222.95.45.9 port 51758 [preauth]
Oct 14 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[614]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[613]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[611]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Invalid user user from 222.95.45.9
Oct 14 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: input_userauth_request: invalid user user [preauth]
Oct 14 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[691]: Successful su for rubyman by root
Oct 14 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[691]: + ??? root:rubyman
Oct 14 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411934 of user rubyman.
Oct 14 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[691]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411934.
Oct 14 14:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Failed password for invalid user user from 222.95.45.9 port 59944 ssh2
Oct 14 14:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Connection closed by 222.95.45.9 port 59944 [preauth]
Oct 14 14:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[797]: Invalid user user from 222.95.45.9
Oct 14 14:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[797]: input_userauth_request: invalid user user [preauth]
Oct 14 14:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[797]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[797]: Failed password for invalid user user from 222.95.45.9 port 34868 ssh2
Oct 14 14:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[797]: Connection closed by 222.95.45.9 port 34868 [preauth]
Oct 14 14:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29499]: pam_unix(cron:session): session closed for user root
Oct 14 14:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: Invalid user user from 222.95.45.9
Oct 14 14:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: input_userauth_request: invalid user user [preauth]
Oct 14 14:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: Failed password for invalid user user from 222.95.45.9 port 39602 ssh2
Oct 14 14:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: Connection closed by 222.95.45.9 port 39602 [preauth]
Oct 14 14:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[612]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: Invalid user valeria from 57.129.47.135
Oct 14 14:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: input_userauth_request: invalid user valeria [preauth]
Oct 14 14:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 14:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Invalid user user from 222.95.45.9
Oct 14 14:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: input_userauth_request: invalid user user [preauth]
Oct 14 14:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: Failed password for invalid user valeria from 57.129.47.135 port 60962 ssh2
Oct 14 14:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: Received disconnect from 57.129.47.135 port 60962:11: Bye Bye [preauth]
Oct 14 14:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: Disconnected from 57.129.47.135 port 60962 [preauth]
Oct 14 14:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Failed password for invalid user user from 222.95.45.9 port 44835 ssh2
Oct 14 14:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Connection closed by 222.95.45.9 port 44835 [preauth]
Oct 14 14:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: Invalid user user from 222.95.45.9
Oct 14 14:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: input_userauth_request: invalid user user [preauth]
Oct 14 14:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: Invalid user nps from 37.59.110.4
Oct 14 14:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: input_userauth_request: invalid user nps [preauth]
Oct 14 14:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 14:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: Failed password for invalid user user from 222.95.45.9 port 51903 ssh2
Oct 14 14:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1075]: Connection closed by 222.95.45.9 port 51903 [preauth]
Oct 14 14:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: Failed password for invalid user nps from 37.59.110.4 port 53036 ssh2
Oct 14 14:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: Received disconnect from 37.59.110.4 port 53036:11: Bye Bye [preauth]
Oct 14 14:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1091]: Disconnected from 37.59.110.4 port 53036 [preauth]
Oct 14 14:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: Invalid user user from 222.95.45.9
Oct 14 14:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: input_userauth_request: invalid user user [preauth]
Oct 14 14:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: Invalid user cindy from 179.40.112.10
Oct 14 14:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: input_userauth_request: invalid user cindy [preauth]
Oct 14 14:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 14:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: Failed password for invalid user user from 222.95.45.9 port 57097 ssh2
Oct 14 14:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: Connection closed by 222.95.45.9 port 57097 [preauth]
Oct 14 14:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: Failed password for invalid user cindy from 179.40.112.10 port 58856 ssh2
Oct 14 14:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: Received disconnect from 179.40.112.10 port 58856:11: Bye Bye [preauth]
Oct 14 14:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: Disconnected from 179.40.112.10 port 58856 [preauth]
Oct 14 14:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31954]: pam_unix(cron:session): session closed for user root
Oct 14 14:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: Invalid user user from 222.95.45.9
Oct 14 14:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: input_userauth_request: invalid user user [preauth]
Oct 14 14:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: Failed password for invalid user user from 222.95.45.9 port 60528 ssh2
Oct 14 14:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: Connection closed by 222.95.45.9 port 60528 [preauth]
Oct 14 14:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1160]: Invalid user user from 222.95.45.9
Oct 14 14:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1160]: input_userauth_request: invalid user user [preauth]
Oct 14 14:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1160]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Invalid user eugene from 103.30.41.231
Oct 14 14:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: input_userauth_request: invalid user eugene [preauth]
Oct 14 14:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 14:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1160]: Failed password for invalid user user from 222.95.45.9 port 37758 ssh2
Oct 14 14:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1160]: Connection closed by 222.95.45.9 port 37758 [preauth]
Oct 14 14:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Failed password for invalid user eugene from 103.30.41.231 port 58946 ssh2
Oct 14 14:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Received disconnect from 103.30.41.231 port 58946:11: Bye Bye [preauth]
Oct 14 14:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Disconnected from 103.30.41.231 port 58946 [preauth]
Oct 14 14:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1173]: Invalid user donald from 202.165.15.132
Oct 14 14:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1173]: input_userauth_request: invalid user donald [preauth]
Oct 14 14:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1173]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 14:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1176]: Invalid user user from 222.95.45.9
Oct 14 14:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1176]: input_userauth_request: invalid user user [preauth]
Oct 14 14:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1176]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: Invalid user local from 176.65.151.22
Oct 14 14:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: input_userauth_request: invalid user local [preauth]
Oct 14 14:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1173]: Failed password for invalid user donald from 202.165.15.132 port 25647 ssh2
Oct 14 14:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1173]: Received disconnect from 202.165.15.132 port 25647:11: Bye Bye [preauth]
Oct 14 14:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1173]: Disconnected from 202.165.15.132 port 25647 [preauth]
Oct 14 14:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1176]: Failed password for invalid user user from 222.95.45.9 port 41916 ssh2
Oct 14 14:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: Failed password for invalid user local from 176.65.151.22 port 56038 ssh2
Oct 14 14:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: Received disconnect from 176.65.151.22 port 56038:11: Bye Bye [preauth]
Oct 14 14:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: Disconnected from 176.65.151.22 port 56038 [preauth]
Oct 14 14:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1176]: Connection closed by 222.95.45.9 port 41916 [preauth]
Oct 14 14:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: Invalid user user from 222.95.45.9
Oct 14 14:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: input_userauth_request: invalid user user [preauth]
Oct 14 14:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: Failed password for invalid user user from 222.95.45.9 port 46802 ssh2
Oct 14 14:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1205]: Connection closed by 222.95.45.9 port 46802 [preauth]
Oct 14 14:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1220]: Invalid user user from 222.95.45.9
Oct 14 14:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1220]: input_userauth_request: invalid user user [preauth]
Oct 14 14:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1220]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1244]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1241]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1240]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1239]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1239]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1220]: Failed password for invalid user user from 222.95.45.9 port 53004 ssh2
Oct 14 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1309]: Successful su for rubyman by root
Oct 14 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1309]: + ??? root:rubyman
Oct 14 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1220]: Connection closed by 222.95.45.9 port 53004 [preauth]
Oct 14 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411938 of user rubyman.
Oct 14 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1309]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411938.
Oct 14 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: Invalid user user from 222.95.45.9
Oct 14 14:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: input_userauth_request: invalid user user [preauth]
Oct 14 14:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: Failed password for invalid user user from 222.95.45.9 port 58483 ssh2
Oct 14 14:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: Connection closed by 222.95.45.9 port 58483 [preauth]
Oct 14 14:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30095]: pam_unix(cron:session): session closed for user root
Oct 14 14:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: Invalid user user from 222.95.45.9
Oct 14 14:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: input_userauth_request: invalid user user [preauth]
Oct 14 14:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: Failed password for invalid user user from 222.95.45.9 port 35769 ssh2
Oct 14 14:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: Connection closed by 222.95.45.9 port 35769 [preauth]
Oct 14 14:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1240]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: Invalid user user from 222.95.45.9
Oct 14 14:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: input_userauth_request: invalid user user [preauth]
Oct 14 14:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: Failed password for invalid user user from 222.95.45.9 port 39925 ssh2
Oct 14 14:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1552]: Connection closed by 222.95.45.9 port 39925 [preauth]
Oct 14 14:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: Invalid user user from 222.95.45.9
Oct 14 14:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: input_userauth_request: invalid user user [preauth]
Oct 14 14:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: Invalid user tempuser from 36.69.152.163
Oct 14 14:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: input_userauth_request: invalid user tempuser [preauth]
Oct 14 14:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.69.152.163
Oct 14 14:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: Failed password for invalid user tempuser from 36.69.152.163 port 39732 ssh2
Oct 14 14:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: Received disconnect from 36.69.152.163 port 39732:11: Bye Bye [preauth]
Oct 14 14:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1600]: Disconnected from 36.69.152.163 port 39732 [preauth]
Oct 14 14:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: Failed password for invalid user user from 222.95.45.9 port 45176 ssh2
Oct 14 14:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: Connection closed by 222.95.45.9 port 45176 [preauth]
Oct 14 14:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: Invalid user user from 222.95.45.9
Oct 14 14:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: input_userauth_request: invalid user user [preauth]
Oct 14 14:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: Failed password for invalid user user from 222.95.45.9 port 50698 ssh2
Oct 14 14:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1603]: Connection closed by 222.95.45.9 port 50698 [preauth]
Oct 14 14:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: Invalid user user from 222.95.45.9
Oct 14 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: input_userauth_request: invalid user user [preauth]
Oct 14 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: Failed password for invalid user user from 222.95.45.9 port 54896 ssh2
Oct 14 14:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32526]: pam_unix(cron:session): session closed for user root
Oct 14 14:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1639]: Connection closed by 222.95.45.9 port 54896 [preauth]
Oct 14 14:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: Invalid user user2 from 37.59.110.4
Oct 14 14:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: input_userauth_request: invalid user user2 [preauth]
Oct 14 14:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 14:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: Invalid user user from 222.95.45.9
Oct 14 14:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: input_userauth_request: invalid user user [preauth]
Oct 14 14:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: Failed password for invalid user user2 from 37.59.110.4 port 44642 ssh2
Oct 14 14:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: Received disconnect from 37.59.110.4 port 44642:11: Bye Bye [preauth]
Oct 14 14:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1696]: Disconnected from 37.59.110.4 port 44642 [preauth]
Oct 14 14:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: Failed password for invalid user user from 222.95.45.9 port 36280 ssh2
Oct 14 14:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: Connection closed by 222.95.45.9 port 36280 [preauth]
Oct 14 14:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1724]: Invalid user user2 from 57.129.47.135
Oct 14 14:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1724]: input_userauth_request: invalid user user2 [preauth]
Oct 14 14:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1724]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 14:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Invalid user user from 222.95.45.9
Oct 14 14:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: input_userauth_request: invalid user user [preauth]
Oct 14 14:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1724]: Failed password for invalid user user2 from 57.129.47.135 port 49604 ssh2
Oct 14 14:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1724]: Received disconnect from 57.129.47.135 port 49604:11: Bye Bye [preauth]
Oct 14 14:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1724]: Disconnected from 57.129.47.135 port 49604 [preauth]
Oct 14 14:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Failed password for invalid user user from 222.95.45.9 port 39414 ssh2
Oct 14 14:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Connection closed by 222.95.45.9 port 39414 [preauth]
Oct 14 14:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: Invalid user user from 222.95.45.9
Oct 14 14:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: input_userauth_request: invalid user user [preauth]
Oct 14 14:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114  user=root
Oct 14 14:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: Failed password for invalid user user from 222.95.45.9 port 42491 ssh2
Oct 14 14:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1751]: Connection closed by 222.95.45.9 port 42491 [preauth]
Oct 14 14:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1755]: Invalid user user from 222.95.45.9
Oct 14 14:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1755]: input_userauth_request: invalid user user [preauth]
Oct 14 14:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: Failed password for root from 196.22.48.114 port 34434 ssh2
Oct 14 14:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: Received disconnect from 196.22.48.114 port 34434:11: Bye Bye [preauth]
Oct 14 14:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: Disconnected from 196.22.48.114 port 34434 [preauth]
Oct 14 14:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1755]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1755]: Failed password for invalid user user from 222.95.45.9 port 45282 ssh2
Oct 14 14:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1755]: Connection closed by 222.95.45.9 port 45282 [preauth]
Oct 14 14:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1784]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1786]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1781]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: Invalid user user from 222.95.45.9
Oct 14 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: input_userauth_request: invalid user user [preauth]
Oct 14 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1854]: Successful su for rubyman by root
Oct 14 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1854]: + ??? root:rubyman
Oct 14 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411945 of user rubyman.
Oct 14 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1854]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411945.
Oct 14 14:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: Invalid user kube from 176.65.151.22
Oct 14 14:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: input_userauth_request: invalid user kube [preauth]
Oct 14 14:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: Failed password for invalid user user from 222.95.45.9 port 49800 ssh2
Oct 14 14:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: Connection closed by 222.95.45.9 port 49800 [preauth]
Oct 14 14:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: Failed password for invalid user kube from 176.65.151.22 port 37340 ssh2
Oct 14 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: Received disconnect from 176.65.151.22 port 37340:11: Bye Bye [preauth]
Oct 14 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1989]: Disconnected from 176.65.151.22 port 37340 [preauth]
Oct 14 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: Invalid user user from 222.95.45.9
Oct 14 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: input_userauth_request: invalid user user [preauth]
Oct 14 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: Invalid user nginx from 146.190.144.138
Oct 14 14:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: input_userauth_request: invalid user nginx [preauth]
Oct 14 14:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138
Oct 14 14:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: Failed password for invalid user user from 222.95.45.9 port 55740 ssh2
Oct 14 14:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: Failed password for invalid user nginx from 146.190.144.138 port 37096 ssh2
Oct 14 14:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: Received disconnect from 146.190.144.138 port 37096:11: Bye Bye [preauth]
Oct 14 14:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2116]: Disconnected from 146.190.144.138 port 37096 [preauth]
Oct 14 14:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: Connection closed by 222.95.45.9 port 55740 [preauth]
Oct 14 14:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30761]: pam_unix(cron:session): session closed for user root
Oct 14 14:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: Invalid user user from 222.95.45.9
Oct 14 14:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: input_userauth_request: invalid user user [preauth]
Oct 14 14:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132  user=root
Oct 14 14:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: Failed password for invalid user user from 222.95.45.9 port 58966 ssh2
Oct 14 14:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: Connection closed by 222.95.45.9 port 58966 [preauth]
Oct 14 14:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1782]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: Invalid user user from 222.95.45.9
Oct 14 14:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: input_userauth_request: invalid user user [preauth]
Oct 14 14:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2179]: Failed password for root from 202.165.15.132 port 60651 ssh2
Oct 14 14:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2179]: Received disconnect from 202.165.15.132 port 60651:11: Bye Bye [preauth]
Oct 14 14:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2179]: Disconnected from 202.165.15.132 port 60651 [preauth]
Oct 14 14:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2224]: Invalid user elasticsearch from 179.40.112.10
Oct 14 14:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2224]: input_userauth_request: invalid user elasticsearch [preauth]
Oct 14 14:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2224]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 14:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: Failed password for invalid user user from 222.95.45.9 port 36117 ssh2
Oct 14 14:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: Connection closed by 222.95.45.9 port 36117 [preauth]
Oct 14 14:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: User bin from 103.30.41.231 not allowed because not listed in AllowUsers
Oct 14 14:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: input_userauth_request: invalid user bin [preauth]
Oct 14 14:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231  user=bin
Oct 14 14:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2224]: Failed password for invalid user elasticsearch from 179.40.112.10 port 35404 ssh2
Oct 14 14:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2224]: Received disconnect from 179.40.112.10 port 35404:11: Bye Bye [preauth]
Oct 14 14:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2224]: Disconnected from 179.40.112.10 port 35404 [preauth]
Oct 14 14:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: Invalid user user from 222.95.45.9
Oct 14 14:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: input_userauth_request: invalid user user [preauth]
Oct 14 14:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Failed password for invalid user bin from 103.30.41.231 port 45506 ssh2
Oct 14 14:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Received disconnect from 103.30.41.231 port 45506:11: Bye Bye [preauth]
Oct 14 14:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Disconnected from 103.30.41.231 port 45506 [preauth]
Oct 14 14:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: Failed password for invalid user user from 222.95.45.9 port 40811 ssh2
Oct 14 14:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: Connection closed by 222.95.45.9 port 40811 [preauth]
Oct 14 14:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: Invalid user user from 222.95.45.9
Oct 14 14:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: input_userauth_request: invalid user user [preauth]
Oct 14 14:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: Failed password for invalid user user from 222.95.45.9 port 47186 ssh2
Oct 14 14:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: Connection closed by 222.95.45.9 port 47186 [preauth]
Oct 14 14:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2268]: Invalid user user from 222.95.45.9
Oct 14 14:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2268]: input_userauth_request: invalid user user [preauth]
Oct 14 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2268]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2268]: Failed password for invalid user user from 222.95.45.9 port 51134 ssh2
Oct 14 14:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2268]: Connection closed by 222.95.45.9 port 51134 [preauth]
Oct 14 14:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[614]: pam_unix(cron:session): session closed for user root
Oct 14 14:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2280]: Invalid user user from 222.95.45.9
Oct 14 14:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2280]: input_userauth_request: invalid user user [preauth]
Oct 14 14:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2280]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2280]: Failed password for invalid user user from 222.95.45.9 port 54583 ssh2
Oct 14 14:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2280]: Connection closed by 222.95.45.9 port 54583 [preauth]
Oct 14 14:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2311]: Invalid user user from 222.95.45.9
Oct 14 14:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2311]: input_userauth_request: invalid user user [preauth]
Oct 14 14:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2311]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2311]: Failed password for invalid user user from 222.95.45.9 port 59820 ssh2
Oct 14 14:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2311]: Connection closed by 222.95.45.9 port 59820 [preauth]
Oct 14 14:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: Invalid user user from 222.95.45.9
Oct 14 14:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: input_userauth_request: invalid user user [preauth]
Oct 14 14:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: Failed password for invalid user user from 222.95.45.9 port 37436 ssh2
Oct 14 14:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: Connection closed by 222.95.45.9 port 37436 [preauth]
Oct 14 14:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: Invalid user user from 222.95.45.9
Oct 14 14:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: input_userauth_request: invalid user user [preauth]
Oct 14 14:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: Failed password for invalid user user from 222.95.45.9 port 40742 ssh2
Oct 14 14:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: Connection closed by 222.95.45.9 port 40742 [preauth]
Oct 14 14:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: Invalid user user from 222.95.45.9
Oct 14 14:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: input_userauth_request: invalid user user [preauth]
Oct 14 14:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: Failed password for invalid user user from 222.95.45.9 port 44307 ssh2
Oct 14 14:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2351]: Connection closed by 222.95.45.9 port 44307 [preauth]
Oct 14 14:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2361]: Invalid user user from 222.95.45.9
Oct 14 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2361]: input_userauth_request: invalid user user [preauth]
Oct 14 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2361]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2378]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2379]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2376]: pam_unix(cron:session): session closed for user p13x
Oct 14 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2459]: Successful su for rubyman by root
Oct 14 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2459]: + ??? root:rubyman
Oct 14 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411947 of user rubyman.
Oct 14 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2459]: pam_unix(su:session): session closed for user rubyman
Oct 14 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411947.
Oct 14 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: Failed password for root from 37.59.110.4 port 54794 ssh2
Oct 14 14:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2361]: Failed password for invalid user user from 222.95.45.9 port 47629 ssh2
Oct 14 14:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: Received disconnect from 37.59.110.4 port 54794:11: Bye Bye [preauth]
Oct 14 14:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2363]: Disconnected from 37.59.110.4 port 54794 [preauth]
Oct 14 14:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2361]: Connection closed by 222.95.45.9 port 47629 [preauth]
Oct 14 14:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2544]: Invalid user user from 222.95.45.9
Oct 14 14:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2544]: input_userauth_request: invalid user user [preauth]
Oct 14 14:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2544]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31274]: pam_unix(cron:session): session closed for user root
Oct 14 14:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2544]: Failed password for invalid user user from 222.95.45.9 port 52533 ssh2
Oct 14 14:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2544]: Connection closed by 222.95.45.9 port 52533 [preauth]
Oct 14 14:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2649]: Invalid user user from 222.95.45.9
Oct 14 14:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2649]: input_userauth_request: invalid user user [preauth]
Oct 14 14:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2649]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2649]: Failed password for invalid user user from 222.95.45.9 port 57398 ssh2
Oct 14 14:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2649]: Connection closed by 222.95.45.9 port 57398 [preauth]
Oct 14 14:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: Invalid user user from 222.95.45.9
Oct 14 14:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: input_userauth_request: invalid user user [preauth]
Oct 14 14:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2377]: pam_unix(cron:session): session closed for user samftp
Oct 14 14:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: Invalid user elasticsearch from 176.65.151.22
Oct 14 14:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: input_userauth_request: invalid user elasticsearch [preauth]
Oct 14 14:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22
Oct 14 14:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: Failed password for invalid user user from 222.95.45.9 port 60825 ssh2
Oct 14 14:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: Connection closed by 222.95.45.9 port 60825 [preauth]
Oct 14 14:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: Failed password for invalid user elasticsearch from 176.65.151.22 port 34054 ssh2
Oct 14 14:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: Received disconnect from 176.65.151.22 port 34054:11: Bye Bye [preauth]
Oct 14 14:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: Disconnected from 176.65.151.22 port 34054 [preauth]
Oct 14 14:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Invalid user openstack from 57.129.47.135
Oct 14 14:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: input_userauth_request: invalid user openstack [preauth]
Oct 14 14:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 14:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: Invalid user user from 222.95.45.9
Oct 14 14:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: input_userauth_request: invalid user user [preauth]
Oct 14 14:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Failed password for invalid user openstack from 57.129.47.135 port 36526 ssh2
Oct 14 14:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Received disconnect from 57.129.47.135 port 36526:11: Bye Bye [preauth]
Oct 14 14:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Disconnected from 57.129.47.135 port 36526 [preauth]
Oct 14 14:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: Failed password for invalid user user from 222.95.45.9 port 36505 ssh2
Oct 14 14:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2705]: Connection closed by 222.95.45.9 port 36505 [preauth]
Oct 14 14:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2721]: Invalid user ubuntu from 222.95.45.9
Oct 14 14:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2721]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2721]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2721]: Failed password for invalid user ubuntu from 222.95.45.9 port 44260 ssh2
Oct 14 14:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2721]: Connection closed by 222.95.45.9 port 44260 [preauth]
Oct 14 14:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: Invalid user ubuntu from 222.95.45.9
Oct 14 14:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: Failed password for invalid user ubuntu from 222.95.45.9 port 48070 ssh2
Oct 14 14:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: Connection closed by 222.95.45.9 port 48070 [preauth]
Oct 14 14:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: Invalid user ubuntu from 222.95.45.9
Oct 14 14:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1244]: pam_unix(cron:session): session closed for user root
Oct 14 14:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: Failed password for invalid user ubuntu from 222.95.45.9 port 51598 ssh2
Oct 14 14:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2760]: Connection closed by 222.95.45.9 port 51598 [preauth]
Oct 14 14:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2793]: Invalid user ubuntu from 222.95.45.9
Oct 14 14:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2793]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2793]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: Invalid user student4 from 202.165.15.132
Oct 14 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: input_userauth_request: invalid user student4 [preauth]
Oct 14 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 14:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2793]: Failed password for invalid user ubuntu from 222.95.45.9 port 56123 ssh2
Oct 14 14:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2793]: Connection closed by 222.95.45.9 port 56123 [preauth]
Oct 14 14:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: Failed password for invalid user student4 from 202.165.15.132 port 10381 ssh2
Oct 14 14:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: Received disconnect from 202.165.15.132 port 10381:11: Bye Bye [preauth]
Oct 14 14:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: Disconnected from 202.165.15.132 port 10381 [preauth]
Oct 14 14:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2808]: Invalid user ubuntu from 222.95.45.9
Oct 14 14:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2808]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2808]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2808]: Failed password for invalid user ubuntu from 222.95.45.9 port 59409 ssh2
Oct 14 14:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2808]: Connection closed by 222.95.45.9 port 59409 [preauth]
Oct 14 14:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2830]: Invalid user ubuntu from 222.95.45.9
Oct 14 14:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2830]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2830]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2830]: Failed password for invalid user ubuntu from 222.95.45.9 port 35371 ssh2
Oct 14 14:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2830]: Connection closed by 222.95.45.9 port 35371 [preauth]
Oct 14 14:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: Invalid user ubuntu from 222.95.45.9
Oct 14 14:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 14:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: Invalid user o2 from 196.22.48.114
Oct 14 14:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: input_userauth_request: invalid user o2 [preauth]
Oct 14 14:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 14:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: Failed password for invalid user ubuntu from 222.95.45.9 port 39611 ssh2
Oct 14 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: Failed password for invalid user o2 from 196.22.48.114 port 59968 ssh2
Oct 14 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: Connection closed by 222.95.45.9 port 39611 [preauth]
Oct 14 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: Received disconnect from 196.22.48.114 port 59968:11: Bye Bye [preauth]
Oct 14 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: Disconnected from 196.22.48.114 port 59968 [preauth]
Oct 14 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2856]: Invalid user donna from 103.30.41.231
Oct 14 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2856]: input_userauth_request: invalid user donna [preauth]
Oct 14 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2856]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 15:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2858]: Invalid user ubuntu from 222.95.45.9
Oct 14 15:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2858]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 15:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2856]: Failed password for invalid user donna from 103.30.41.231 port 40836 ssh2
Oct 14 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2856]: Received disconnect from 103.30.41.231 port 40836:11: Bye Bye [preauth]
Oct 14 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2856]: Disconnected from 103.30.41.231 port 40836 [preauth]
Oct 14 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2865]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2866]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2868]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2865]: pam_unix(cron:session): session closed for user root
Oct 14 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session closed for user root
Oct 14 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2863]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2858]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 15:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2858]: Failed password for invalid user ubuntu from 222.95.45.9 port 43541 ssh2
Oct 14 15:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3000]: Successful su for rubyman by root
Oct 14 15:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3000]: + ??? root:rubyman
Oct 14 15:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411951 of user rubyman.
Oct 14 15:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3000]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2858]: Connection closed by 222.95.45.9 port 43541 [preauth]
Oct 14 15:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411951.
Oct 14 15:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10  user=root
Oct 14 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3015]: Failed password for root from 179.40.112.10 port 39872 ssh2
Oct 14 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3015]: Received disconnect from 179.40.112.10 port 39872:11: Bye Bye [preauth]
Oct 14 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3015]: Disconnected from 179.40.112.10 port 39872 [preauth]
Oct 14 15:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: Invalid user ubuntu from 222.95.45.9
Oct 14 15:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 15:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 15:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138  user=root
Oct 14 15:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2866]: pam_unix(cron:session): session closed for user root
Oct 14 15:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: Failed password for root from 146.190.144.138 port 35692 ssh2
Oct 14 15:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: Received disconnect from 146.190.144.138 port 35692:11: Bye Bye [preauth]
Oct 14 15:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: Disconnected from 146.190.144.138 port 35692 [preauth]
Oct 14 15:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31952]: pam_unix(cron:session): session closed for user root
Oct 14 15:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: Failed password for invalid user ubuntu from 222.95.45.9 port 47649 ssh2
Oct 14 15:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3219]: Invalid user o2 from 37.59.110.4
Oct 14 15:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3219]: input_userauth_request: invalid user o2 [preauth]
Oct 14 15:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3219]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 15:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3219]: Failed password for invalid user o2 from 37.59.110.4 port 42510 ssh2
Oct 14 15:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3219]: Received disconnect from 37.59.110.4 port 42510:11: Bye Bye [preauth]
Oct 14 15:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3219]: Disconnected from 37.59.110.4 port 42510 [preauth]
Oct 14 15:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: Connection closed by 222.95.45.9 port 47649 [preauth]
Oct 14 15:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2864]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3245]: Invalid user ubuntu from 222.95.45.9
Oct 14 15:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3245]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 15:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3245]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 15:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3245]: Failed password for invalid user ubuntu from 222.95.45.9 port 32867 ssh2
Oct 14 15:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3245]: Connection closed by 222.95.45.9 port 32867 [preauth]
Oct 14 15:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22  user=root
Oct 14 15:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3277]: Invalid user ubuntu from 222.95.45.9
Oct 14 15:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3277]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 15:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Failed password for root from 176.65.151.22 port 35044 ssh2
Oct 14 15:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Received disconnect from 176.65.151.22 port 35044:11: Bye Bye [preauth]
Oct 14 15:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Disconnected from 176.65.151.22 port 35044 [preauth]
Oct 14 15:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3277]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 15:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3277]: Failed password for invalid user ubuntu from 222.95.45.9 port 36109 ssh2
Oct 14 15:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3277]: Connection closed by 222.95.45.9 port 36109 [preauth]
Oct 14 15:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: Invalid user ubuntu from 222.95.45.9
Oct 14 15:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 15:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 15:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: Failed password for invalid user ubuntu from 222.95.45.9 port 44899 ssh2
Oct 14 15:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3375]: Connection closed by 222.95.45.9 port 44899 [preauth]
Oct 14 15:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1786]: pam_unix(cron:session): session closed for user root
Oct 14 15:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: Invalid user ubuntu from 222.95.45.9
Oct 14 15:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 15:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.95.45.9
Oct 14 15:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: Failed password for invalid user ubuntu from 222.95.45.9 port 48381 ssh2
Oct 14 15:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3403]: Connection closed by 222.95.45.9 port 48381 [preauth]
Oct 14 15:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135  user=root
Oct 14 15:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3431]: Failed password for root from 57.129.47.135 port 51410 ssh2
Oct 14 15:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3431]: Received disconnect from 57.129.47.135 port 51410:11: Bye Bye [preauth]
Oct 14 15:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3431]: Disconnected from 57.129.47.135 port 51410 [preauth]
Oct 14 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3477]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3475]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3471]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3555]: Successful su for rubyman by root
Oct 14 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3555]: + ??? root:rubyman
Oct 14 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411958 of user rubyman.
Oct 14 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3555]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411958.
Oct 14 15:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: Invalid user bee from 202.165.15.132
Oct 14 15:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: input_userauth_request: invalid user bee [preauth]
Oct 14 15:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 15:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32525]: pam_unix(cron:session): session closed for user root
Oct 14 15:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: Failed password for invalid user bee from 202.165.15.132 port 43708 ssh2
Oct 14 15:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: Received disconnect from 202.165.15.132 port 43708:11: Bye Bye [preauth]
Oct 14 15:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: Disconnected from 202.165.15.132 port 43708 [preauth]
Oct 14 15:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3473]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 15:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: Failed password for root from 37.59.110.4 port 46694 ssh2
Oct 14 15:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: Received disconnect from 37.59.110.4 port 46694:11: Bye Bye [preauth]
Oct 14 15:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: Disconnected from 37.59.110.4 port 46694 [preauth]
Oct 14 15:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231  user=root
Oct 14 15:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: Failed password for root from 103.30.41.231 port 54292 ssh2
Oct 14 15:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: Received disconnect from 103.30.41.231 port 54292:11: Bye Bye [preauth]
Oct 14 15:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: Disconnected from 103.30.41.231 port 54292 [preauth]
Oct 14 15:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22  user=root
Oct 14 15:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2379]: pam_unix(cron:session): session closed for user root
Oct 14 15:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3860]: Failed password for root from 176.65.151.22 port 43072 ssh2
Oct 14 15:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3860]: Received disconnect from 176.65.151.22 port 43072:11: Bye Bye [preauth]
Oct 14 15:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3860]: Disconnected from 176.65.151.22 port 43072 [preauth]
Oct 14 15:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10  user=root
Oct 14 15:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: Failed password for root from 179.40.112.10 port 44332 ssh2
Oct 14 15:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: Received disconnect from 179.40.112.10 port 44332:11: Bye Bye [preauth]
Oct 14 15:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: Disconnected from 179.40.112.10 port 44332 [preauth]
Oct 14 15:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: Invalid user cindy from 196.22.48.114
Oct 14 15:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: input_userauth_request: invalid user cindy [preauth]
Oct 14 15:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 15:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: Failed password for invalid user cindy from 196.22.48.114 port 53256 ssh2
Oct 14 15:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: Received disconnect from 196.22.48.114 port 53256:11: Bye Bye [preauth]
Oct 14 15:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3928]: Disconnected from 196.22.48.114 port 53256 [preauth]
Oct 14 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3944]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3945]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3943]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3941]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4020]: Successful su for rubyman by root
Oct 14 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4020]: + ??? root:rubyman
Oct 14 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4020]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411962 of user rubyman.
Oct 14 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4020]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411962.
Oct 14 15:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[613]: pam_unix(cron:session): session closed for user root
Oct 14 15:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3943]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135  user=root
Oct 14 15:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: Failed password for root from 57.129.47.135 port 40948 ssh2
Oct 14 15:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: Received disconnect from 57.129.47.135 port 40948:11: Bye Bye [preauth]
Oct 14 15:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4298]: Disconnected from 57.129.47.135 port 40948 [preauth]
Oct 14 15:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session closed for user root
Oct 14 15:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4395]: Invalid user boss from 202.165.15.132
Oct 14 15:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4395]: input_userauth_request: invalid user boss [preauth]
Oct 14 15:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4395]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 15:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 15:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4395]: Failed password for invalid user boss from 202.165.15.132 port 54007 ssh2
Oct 14 15:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4395]: Received disconnect from 202.165.15.132 port 54007:11: Bye Bye [preauth]
Oct 14 15:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4395]: Disconnected from 202.165.15.132 port 54007 [preauth]
Oct 14 15:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4403]: Failed password for root from 37.59.110.4 port 37318 ssh2
Oct 14 15:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4403]: Received disconnect from 37.59.110.4 port 37318:11: Bye Bye [preauth]
Oct 14 15:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4403]: Disconnected from 37.59.110.4 port 37318 [preauth]
Oct 14 15:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22  user=root
Oct 14 15:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: Failed password for root from 176.65.151.22 port 55226 ssh2
Oct 14 15:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: Received disconnect from 176.65.151.22 port 55226:11: Bye Bye [preauth]
Oct 14 15:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: Disconnected from 176.65.151.22 port 55226 [preauth]
Oct 14 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4462]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4461]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4459]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4527]: Successful su for rubyman by root
Oct 14 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4527]: + ??? root:rubyman
Oct 14 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411966 of user rubyman.
Oct 14 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4527]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411966.
Oct 14 15:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1241]: pam_unix(cron:session): session closed for user root
Oct 14 15:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4460]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Invalid user antonio from 103.30.41.231
Oct 14 15:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: input_userauth_request: invalid user antonio [preauth]
Oct 14 15:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 15:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: Invalid user yun from 190.103.202.7
Oct 14 15:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: input_userauth_request: invalid user yun [preauth]
Oct 14 15:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 14 15:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Failed password for invalid user antonio from 103.30.41.231 port 49184 ssh2
Oct 14 15:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: Failed password for invalid user yun from 190.103.202.7 port 47326 ssh2
Oct 14 15:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Received disconnect from 103.30.41.231 port 49184:11: Bye Bye [preauth]
Oct 14 15:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Disconnected from 103.30.41.231 port 49184 [preauth]
Oct 14 15:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: Connection closed by 190.103.202.7 port 47326 [preauth]
Oct 14 15:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4831]: Invalid user guest from 179.40.112.10
Oct 14 15:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4831]: input_userauth_request: invalid user guest [preauth]
Oct 14 15:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4831]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 15:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4831]: Failed password for invalid user guest from 179.40.112.10 port 48798 ssh2
Oct 14 15:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4831]: Received disconnect from 179.40.112.10 port 48798:11: Bye Bye [preauth]
Oct 14 15:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4831]: Disconnected from 179.40.112.10 port 48798 [preauth]
Oct 14 15:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3477]: pam_unix(cron:session): session closed for user root
Oct 14 15:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: Invalid user guest from 57.129.47.135
Oct 14 15:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: input_userauth_request: invalid user guest [preauth]
Oct 14 15:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 15:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: Failed password for invalid user guest from 57.129.47.135 port 46422 ssh2
Oct 14 15:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: Received disconnect from 57.129.47.135 port 46422:11: Bye Bye [preauth]
Oct 14 15:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5096]: Disconnected from 57.129.47.135 port 46422 [preauth]
Oct 14 15:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114  user=root
Oct 14 15:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: Failed password for root from 196.22.48.114 port 41422 ssh2
Oct 14 15:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: Received disconnect from 196.22.48.114 port 41422:11: Bye Bye [preauth]
Oct 14 15:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5150]: Disconnected from 196.22.48.114 port 41422 [preauth]
Oct 14 15:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4  user=root
Oct 14 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5218]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5217]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5213]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Failed password for root from 37.59.110.4 port 34442 ssh2
Oct 14 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Received disconnect from 37.59.110.4 port 34442:11: Bye Bye [preauth]
Oct 14 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Disconnected from 37.59.110.4 port 34442 [preauth]
Oct 14 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5536]: Successful su for rubyman by root
Oct 14 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5536]: + ??? root:rubyman
Oct 14 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5536]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411969 of user rubyman.
Oct 14 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5536]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411969.
Oct 14 15:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1784]: pam_unix(cron:session): session closed for user root
Oct 14 15:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.151.22  user=root
Oct 14 15:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: Failed password for root from 176.65.151.22 port 35256 ssh2
Oct 14 15:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: Received disconnect from 176.65.151.22 port 35256:11: Bye Bye [preauth]
Oct 14 15:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: Disconnected from 176.65.151.22 port 35256 [preauth]
Oct 14 15:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: Invalid user alex from 202.165.15.132
Oct 14 15:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: input_userauth_request: invalid user alex [preauth]
Oct 14 15:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 15:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: Failed password for invalid user alex from 202.165.15.132 port 49190 ssh2
Oct 14 15:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: Received disconnect from 202.165.15.132 port 49190:11: Bye Bye [preauth]
Oct 14 15:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: Disconnected from 202.165.15.132 port 49190 [preauth]
Oct 14 15:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138  user=root
Oct 14 15:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5214]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Failed password for root from 146.190.144.138 port 35060 ssh2
Oct 14 15:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Received disconnect from 146.190.144.138 port 35060:11: Bye Bye [preauth]
Oct 14 15:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Disconnected from 146.190.144.138 port 35060 [preauth]
Oct 14 15:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3945]: pam_unix(cron:session): session closed for user root
Oct 14 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5964]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5963]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5961]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5962]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5964]: pam_unix(cron:session): session closed for user root
Oct 14 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5959]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6036]: Successful su for rubyman by root
Oct 14 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6036]: + ??? root:rubyman
Oct 14 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411976 of user rubyman.
Oct 14 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6036]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411976.
Oct 14 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Invalid user bee from 103.30.41.231
Oct 14 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: input_userauth_request: invalid user bee [preauth]
Oct 14 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: Invalid user openstack from 179.40.112.10
Oct 14 15:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: input_userauth_request: invalid user openstack [preauth]
Oct 14 15:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 15:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Failed password for invalid user bee from 103.30.41.231 port 47822 ssh2
Oct 14 15:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Received disconnect from 103.30.41.231 port 47822:11: Bye Bye [preauth]
Oct 14 15:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Disconnected from 103.30.41.231 port 47822 [preauth]
Oct 14 15:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: Failed password for invalid user openstack from 179.40.112.10 port 53388 ssh2
Oct 14 15:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: Received disconnect from 179.40.112.10 port 53388:11: Bye Bye [preauth]
Oct 14 15:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: Disconnected from 179.40.112.10 port 53388 [preauth]
Oct 14 15:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5961]: pam_unix(cron:session): session closed for user root
Oct 14 15:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2378]: pam_unix(cron:session): session closed for user root
Oct 14 15:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5960]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: Invalid user leyla from 57.129.47.135
Oct 14 15:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: input_userauth_request: invalid user leyla [preauth]
Oct 14 15:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 15:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: Invalid user cindy from 37.59.110.4
Oct 14 15:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: input_userauth_request: invalid user cindy [preauth]
Oct 14 15:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.59.110.4
Oct 14 15:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: Failed password for invalid user leyla from 57.129.47.135 port 44394 ssh2
Oct 14 15:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: Received disconnect from 57.129.47.135 port 44394:11: Bye Bye [preauth]
Oct 14 15:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: Disconnected from 57.129.47.135 port 44394 [preauth]
Oct 14 15:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: Failed password for invalid user cindy from 37.59.110.4 port 33178 ssh2
Oct 14 15:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: Received disconnect from 37.59.110.4 port 33178:11: Bye Bye [preauth]
Oct 14 15:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: Disconnected from 37.59.110.4 port 33178 [preauth]
Oct 14 15:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4462]: pam_unix(cron:session): session closed for user root
Oct 14 15:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: Invalid user peertube from 202.165.15.132
Oct 14 15:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: input_userauth_request: invalid user peertube [preauth]
Oct 14 15:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 15:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: Invalid user admin from 196.22.48.114
Oct 14 15:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: input_userauth_request: invalid user admin [preauth]
Oct 14 15:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 15:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: Failed password for invalid user peertube from 202.165.15.132 port 55630 ssh2
Oct 14 15:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: Received disconnect from 202.165.15.132 port 55630:11: Bye Bye [preauth]
Oct 14 15:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6399]: Disconnected from 202.165.15.132 port 55630 [preauth]
Oct 14 15:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: Failed password for invalid user admin from 196.22.48.114 port 48726 ssh2
Oct 14 15:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: Received disconnect from 196.22.48.114 port 48726:11: Bye Bye [preauth]
Oct 14 15:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: Disconnected from 196.22.48.114 port 48726 [preauth]
Oct 14 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6448]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6449]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6446]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6545]: Successful su for rubyman by root
Oct 14 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6545]: + ??? root:rubyman
Oct 14 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411981 of user rubyman.
Oct 14 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6545]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411981.
Oct 14 15:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2868]: pam_unix(cron:session): session closed for user root
Oct 14 15:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6447]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5218]: pam_unix(cron:session): session closed for user root
Oct 14 15:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6956]: Invalid user nginx from 179.40.112.10
Oct 14 15:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6956]: input_userauth_request: invalid user nginx [preauth]
Oct 14 15:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6956]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 15:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: Did not receive identification string from 147.185.132.106
Oct 14 15:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6956]: Failed password for invalid user nginx from 179.40.112.10 port 57976 ssh2
Oct 14 15:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6956]: Received disconnect from 179.40.112.10 port 57976:11: Bye Bye [preauth]
Oct 14 15:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6956]: Disconnected from 179.40.112.10 port 57976 [preauth]
Oct 14 15:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6969]: Invalid user test from 103.30.41.231
Oct 14 15:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6969]: input_userauth_request: invalid user test [preauth]
Oct 14 15:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6969]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 15:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6969]: Failed password for invalid user test from 103.30.41.231 port 51498 ssh2
Oct 14 15:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6969]: Received disconnect from 103.30.41.231 port 51498:11: Bye Bye [preauth]
Oct 14 15:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6969]: Disconnected from 103.30.41.231 port 51498 [preauth]
Oct 14 15:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: Invalid user emilio from 57.129.47.135
Oct 14 15:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: input_userauth_request: invalid user emilio [preauth]
Oct 14 15:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 15:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: Failed password for invalid user emilio from 57.129.47.135 port 59620 ssh2
Oct 14 15:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: Received disconnect from 57.129.47.135 port 59620:11: Bye Bye [preauth]
Oct 14 15:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7002]: Disconnected from 57.129.47.135 port 59620 [preauth]
Oct 14 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7016]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7017]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7014]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7113]: Successful su for rubyman by root
Oct 14 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7113]: + ??? root:rubyman
Oct 14 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411986 of user rubyman.
Oct 14 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7113]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411986.
Oct 14 15:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3475]: pam_unix(cron:session): session closed for user root
Oct 14 15:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132  user=root
Oct 14 15:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7015]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: Failed password for root from 202.165.15.132 port 32274 ssh2
Oct 14 15:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: Received disconnect from 202.165.15.132 port 32274:11: Bye Bye [preauth]
Oct 14 15:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: Disconnected from 202.165.15.132 port 32274 [preauth]
Oct 14 15:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5963]: pam_unix(cron:session): session closed for user root
Oct 14 15:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114  user=root
Oct 14 15:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7517]: Failed password for root from 196.22.48.114 port 60546 ssh2
Oct 14 15:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7517]: Received disconnect from 196.22.48.114 port 60546:11: Bye Bye [preauth]
Oct 14 15:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7517]: Disconnected from 196.22.48.114 port 60546 [preauth]
Oct 14 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7579]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7580]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7576]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7644]: Successful su for rubyman by root
Oct 14 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7644]: + ??? root:rubyman
Oct 14 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411987 of user rubyman.
Oct 14 15:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7644]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411987.
Oct 14 15:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3944]: pam_unix(cron:session): session closed for user root
Oct 14 15:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7578]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Invalid user admin from 179.40.112.10
Oct 14 15:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: input_userauth_request: invalid user admin [preauth]
Oct 14 15:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 15:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Failed password for invalid user admin from 179.40.112.10 port 34322 ssh2
Oct 14 15:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Received disconnect from 179.40.112.10 port 34322:11: Bye Bye [preauth]
Oct 14 15:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Disconnected from 179.40.112.10 port 34322 [preauth]
Oct 14 15:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138  user=root
Oct 14 15:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8346]: Failed password for root from 146.190.144.138 port 55164 ssh2
Oct 14 15:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8346]: Received disconnect from 146.190.144.138 port 55164:11: Bye Bye [preauth]
Oct 14 15:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8346]: Disconnected from 146.190.144.138 port 55164 [preauth]
Oct 14 15:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: Invalid user rony from 103.30.41.231
Oct 14 15:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: input_userauth_request: invalid user rony [preauth]
Oct 14 15:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 15:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: Failed password for invalid user rony from 103.30.41.231 port 60824 ssh2
Oct 14 15:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: Received disconnect from 103.30.41.231 port 60824:11: Bye Bye [preauth]
Oct 14 15:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: Disconnected from 103.30.41.231 port 60824 [preauth]
Oct 14 15:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8364]: Invalid user astra from 57.129.47.135
Oct 14 15:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8364]: input_userauth_request: invalid user astra [preauth]
Oct 14 15:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8364]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 15:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8364]: Failed password for invalid user astra from 57.129.47.135 port 36306 ssh2
Oct 14 15:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8364]: Received disconnect from 57.129.47.135 port 36306:11: Bye Bye [preauth]
Oct 14 15:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8364]: Disconnected from 57.129.47.135 port 36306 [preauth]
Oct 14 15:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6449]: pam_unix(cron:session): session closed for user root
Oct 14 15:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132  user=root
Oct 14 15:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8436]: Failed password for root from 202.165.15.132 port 33632 ssh2
Oct 14 15:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8436]: Received disconnect from 202.165.15.132 port 33632:11: Bye Bye [preauth]
Oct 14 15:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8436]: Disconnected from 202.165.15.132 port 33632 [preauth]
Oct 14 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8499]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8498]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8492]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8494]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8681]: Successful su for rubyman by root
Oct 14 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8681]: + ??? root:rubyman
Oct 14 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 411991 of user rubyman.
Oct 14 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8681]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 411991.
Oct 14 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8492]: pam_unix(cron:session): session closed for user root
Oct 14 15:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4461]: pam_unix(cron:session): session closed for user root
Oct 14 15:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8497]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9098]: Invalid user nginx from 196.22.48.114
Oct 14 15:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9098]: input_userauth_request: invalid user nginx [preauth]
Oct 14 15:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9098]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 15:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7017]: pam_unix(cron:session): session closed for user root
Oct 14 15:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9098]: Failed password for invalid user nginx from 196.22.48.114 port 38410 ssh2
Oct 14 15:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9098]: Received disconnect from 196.22.48.114 port 38410:11: Bye Bye [preauth]
Oct 14 15:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9098]: Disconnected from 196.22.48.114 port 38410 [preauth]
Oct 14 15:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9284]: Received disconnect from 80.94.93.119 port 29242:11:  [preauth]
Oct 14 15:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9284]: Disconnected from 80.94.93.119 port 29242 [preauth]
Oct 14 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9300]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9298]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9301]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9302]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9302]: pam_unix(cron:session): session closed for user root
Oct 14 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9296]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9375]: Invalid user nps from 57.129.47.135
Oct 14 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9375]: input_userauth_request: invalid user nps [preauth]
Oct 14 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9375]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135
Oct 14 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9399]: Successful su for rubyman by root
Oct 14 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9399]: + ??? root:rubyman
Oct 14 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412000 of user rubyman.
Oct 14 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9399]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412000.
Oct 14 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10  user=root
Oct 14 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9375]: Failed password for invalid user nps from 57.129.47.135 port 33180 ssh2
Oct 14 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9375]: Received disconnect from 57.129.47.135 port 33180:11: Bye Bye [preauth]
Oct 14 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9375]: Disconnected from 57.129.47.135 port 33180 [preauth]
Oct 14 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9423]: Invalid user xwang from 103.30.41.231
Oct 14 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9423]: input_userauth_request: invalid user xwang [preauth]
Oct 14 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9423]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: Failed password for root from 179.40.112.10 port 39290 ssh2
Oct 14 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: Received disconnect from 179.40.112.10 port 39290:11: Bye Bye [preauth]
Oct 14 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9380]: Disconnected from 179.40.112.10 port 39290 [preauth]
Oct 14 15:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9423]: Failed password for invalid user xwang from 103.30.41.231 port 48022 ssh2
Oct 14 15:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9423]: Received disconnect from 103.30.41.231 port 48022:11: Bye Bye [preauth]
Oct 14 15:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9423]: Disconnected from 103.30.41.231 port 48022 [preauth]
Oct 14 15:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Invalid user fin from 202.165.15.132
Oct 14 15:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: input_userauth_request: invalid user fin [preauth]
Oct 14 15:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 15:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9298]: pam_unix(cron:session): session closed for user root
Oct 14 15:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Failed password for invalid user fin from 202.165.15.132 port 35501 ssh2
Oct 14 15:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Received disconnect from 202.165.15.132 port 35501:11: Bye Bye [preauth]
Oct 14 15:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Disconnected from 202.165.15.132 port 35501 [preauth]
Oct 14 15:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5217]: pam_unix(cron:session): session closed for user root
Oct 14 15:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9297]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: Invalid user ftpuser from 146.190.144.138
Oct 14 15:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 15:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138
Oct 14 15:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: Failed password for invalid user ftpuser from 146.190.144.138 port 51286 ssh2
Oct 14 15:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: Received disconnect from 146.190.144.138 port 51286:11: Bye Bye [preauth]
Oct 14 15:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: Disconnected from 146.190.144.138 port 51286 [preauth]
Oct 14 15:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7580]: pam_unix(cron:session): session closed for user root
Oct 14 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9978]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9979]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9975]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10059]: Successful su for rubyman by root
Oct 14 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10059]: + ??? root:rubyman
Oct 14 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412004 of user rubyman.
Oct 14 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10059]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412004.
Oct 14 15:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26  user=root
Oct 14 15:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Failed password for root from 2.57.122.26 port 46722 ssh2
Oct 14 15:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Connection closed by 2.57.122.26 port 46722 [preauth]
Oct 14 15:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5962]: pam_unix(cron:session): session closed for user root
Oct 14 15:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9976]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Invalid user valeria from 196.22.48.114
Oct 14 15:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: input_userauth_request: invalid user valeria [preauth]
Oct 14 15:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 15:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Failed password for invalid user valeria from 196.22.48.114 port 46528 ssh2
Oct 14 15:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Received disconnect from 196.22.48.114 port 46528:11: Bye Bye [preauth]
Oct 14 15:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Disconnected from 196.22.48.114 port 46528 [preauth]
Oct 14 15:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.129.47.135  user=root
Oct 14 15:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: Invalid user contabilidad from 202.165.15.132
Oct 14 15:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: input_userauth_request: invalid user contabilidad [preauth]
Oct 14 15:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 15:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8499]: pam_unix(cron:session): session closed for user root
Oct 14 15:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: Failed password for root from 57.129.47.135 port 39086 ssh2
Oct 14 15:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: Received disconnect from 57.129.47.135 port 39086:11: Bye Bye [preauth]
Oct 14 15:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: Disconnected from 57.129.47.135 port 39086 [preauth]
Oct 14 15:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: Failed password for invalid user contabilidad from 202.165.15.132 port 20563 ssh2
Oct 14 15:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: Received disconnect from 202.165.15.132 port 20563:11: Bye Bye [preauth]
Oct 14 15:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10404]: Disconnected from 202.165.15.132 port 20563 [preauth]
Oct 14 15:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10392]: Connection reset by 205.210.31.89 port 61352 [preauth]
Oct 14 15:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: Invalid user boss from 103.30.41.231
Oct 14 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: input_userauth_request: invalid user boss [preauth]
Oct 14 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 15:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10  user=root
Oct 14 15:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: Failed password for invalid user boss from 103.30.41.231 port 48718 ssh2
Oct 14 15:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: Received disconnect from 103.30.41.231 port 48718:11: Bye Bye [preauth]
Oct 14 15:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10438]: Disconnected from 103.30.41.231 port 48718 [preauth]
Oct 14 15:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: Failed password for root from 179.40.112.10 port 43968 ssh2
Oct 14 15:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: Received disconnect from 179.40.112.10 port 43968:11: Bye Bye [preauth]
Oct 14 15:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: Disconnected from 179.40.112.10 port 43968 [preauth]
Oct 14 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10492]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10493]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10490]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10564]: Successful su for rubyman by root
Oct 14 15:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10564]: + ??? root:rubyman
Oct 14 15:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412006 of user rubyman.
Oct 14 15:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10564]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412006.
Oct 14 15:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6448]: pam_unix(cron:session): session closed for user root
Oct 14 15:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10491]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 15:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: Failed password for root from 186.124.138.154 port 41574 ssh2
Oct 14 15:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: Received disconnect from 186.124.138.154 port 41574:11: Bye Bye [preauth]
Oct 14 15:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10833]: Disconnected from 186.124.138.154 port 41574 [preauth]
Oct 14 15:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138  user=root
Oct 14 15:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10863]: Failed password for root from 146.190.144.138 port 33684 ssh2
Oct 14 15:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10863]: Received disconnect from 146.190.144.138 port 33684:11: Bye Bye [preauth]
Oct 14 15:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10863]: Disconnected from 146.190.144.138 port 33684 [preauth]
Oct 14 15:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9301]: pam_unix(cron:session): session closed for user root
Oct 14 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10954]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10956]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10951]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10951]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11035]: Successful su for rubyman by root
Oct 14 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11035]: + ??? root:rubyman
Oct 14 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11035]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412010 of user rubyman.
Oct 14 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11035]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412010.
Oct 14 15:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: Invalid user xwang from 202.165.15.132
Oct 14 15:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: input_userauth_request: invalid user xwang [preauth]
Oct 14 15:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 15:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: Failed password for invalid user xwang from 202.165.15.132 port 16874 ssh2
Oct 14 15:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: Received disconnect from 202.165.15.132 port 16874:11: Bye Bye [preauth]
Oct 14 15:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: Disconnected from 202.165.15.132 port 16874 [preauth]
Oct 14 15:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7016]: pam_unix(cron:session): session closed for user root
Oct 14 15:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: fatal: Unable to negotiate with 54.177.117.4 port 55468: no matching host key type found. Their offer: ssh-ed25519,ssh-ed25519-cert-v01@openssh.com [preauth]
Oct 14 15:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: Connection closed by 54.177.117.4 port 55484 [preauth]
Oct 14 15:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: fatal: Unable to negotiate with 54.177.117.4 port 55498: no matching host key type found. Their offer: ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com [preauth]
Oct 14 15:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: fatal: Unable to negotiate with 54.177.117.4 port 55504: no matching host key type found. Their offer: ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com [preauth]
Oct 14 15:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11257]: Connection closed by 54.177.117.4 port 55520 [preauth]
Oct 14 15:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11262]: Connection closed by 54.177.117.4 port 55522 [preauth]
Oct 14 15:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: Connection closed by 54.177.117.4 port 55534 [preauth]
Oct 14 15:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: fatal: Unable to negotiate with 54.177.117.4 port 55548: no matching host key type found. Their offer: ssh-dss,ssh-dss-cert-v01@openssh.com [preauth]
Oct 14 15:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10952]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Invalid user admin from 2.57.121.112
Oct 14 15:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: input_userauth_request: invalid user admin [preauth]
Oct 14 15:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 15:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Failed password for invalid user admin from 2.57.121.112 port 19566 ssh2
Oct 14 15:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Failed password for invalid user admin from 2.57.121.112 port 19566 ssh2
Oct 14 15:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Failed password for invalid user admin from 2.57.121.112 port 19566 ssh2
Oct 14 15:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231  user=root
Oct 14 15:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Failed password for invalid user admin from 2.57.121.112 port 19566 ssh2
Oct 14 15:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11321]: Failed password for root from 103.30.41.231 port 37410 ssh2
Oct 14 15:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11321]: Received disconnect from 103.30.41.231 port 37410:11: Bye Bye [preauth]
Oct 14 15:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11321]: Disconnected from 103.30.41.231 port 37410 [preauth]
Oct 14 15:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Failed password for invalid user admin from 2.57.121.112 port 19566 ssh2
Oct 14 15:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Received disconnect from 2.57.121.112 port 19566:11: Bye [preauth]
Oct 14 15:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Disconnected from 2.57.121.112 port 19566 [preauth]
Oct 14 15:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 15:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 15:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Invalid user astra from 196.22.48.114
Oct 14 15:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: input_userauth_request: invalid user astra [preauth]
Oct 14 15:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 15:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11351]: Invalid user ftpuser from 179.40.112.10
Oct 14 15:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11351]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 15:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11351]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 15:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Failed password for invalid user astra from 196.22.48.114 port 46578 ssh2
Oct 14 15:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11351]: Failed password for invalid user ftpuser from 179.40.112.10 port 48886 ssh2
Oct 14 15:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Received disconnect from 196.22.48.114 port 46578:11: Bye Bye [preauth]
Oct 14 15:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Disconnected from 196.22.48.114 port 46578 [preauth]
Oct 14 15:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11351]: Received disconnect from 179.40.112.10 port 48886:11: Bye Bye [preauth]
Oct 14 15:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11351]: Disconnected from 179.40.112.10 port 48886 [preauth]
Oct 14 15:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9979]: pam_unix(cron:session): session closed for user root
Oct 14 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11447]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11446]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11445]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11444]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11444]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11520]: Successful su for rubyman by root
Oct 14 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11520]: + ??? root:rubyman
Oct 14 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412014 of user rubyman.
Oct 14 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11520]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412014.
Oct 14 15:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7579]: pam_unix(cron:session): session closed for user root
Oct 14 15:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11445]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: Invalid user backupuser from 146.190.144.138
Oct 14 15:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: input_userauth_request: invalid user backupuser [preauth]
Oct 14 15:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138
Oct 14 15:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11930]: Invalid user elemental from 202.165.15.132
Oct 14 15:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11930]: input_userauth_request: invalid user elemental [preauth]
Oct 14 15:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11930]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 15:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: Failed password for invalid user backupuser from 146.190.144.138 port 45102 ssh2
Oct 14 15:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: Received disconnect from 146.190.144.138 port 45102:11: Bye Bye [preauth]
Oct 14 15:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11926]: Disconnected from 146.190.144.138 port 45102 [preauth]
Oct 14 15:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11930]: Failed password for invalid user elemental from 202.165.15.132 port 12030 ssh2
Oct 14 15:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11930]: Received disconnect from 202.165.15.132 port 12030:11: Bye Bye [preauth]
Oct 14 15:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11930]: Disconnected from 202.165.15.132 port 12030 [preauth]
Oct 14 15:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10493]: pam_unix(cron:session): session closed for user root
Oct 14 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12022]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12020]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12023]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12019]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session closed for user root
Oct 14 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12017]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12107]: Successful su for rubyman by root
Oct 14 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12107]: + ??? root:rubyman
Oct 14 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412022 of user rubyman.
Oct 14 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12107]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412022.
Oct 14 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231  user=root
Oct 14 15:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: Failed password for root from 103.30.41.231 port 53174 ssh2
Oct 14 15:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: Received disconnect from 103.30.41.231 port 53174:11: Bye Bye [preauth]
Oct 14 15:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: Disconnected from 103.30.41.231 port 53174 [preauth]
Oct 14 15:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12020]: pam_unix(cron:session): session closed for user root
Oct 14 15:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8498]: pam_unix(cron:session): session closed for user root
Oct 14 15:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: Invalid user roberto from 179.40.112.10
Oct 14 15:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: input_userauth_request: invalid user roberto [preauth]
Oct 14 15:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 15:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: Failed password for invalid user roberto from 179.40.112.10 port 53878 ssh2
Oct 14 15:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: Received disconnect from 179.40.112.10 port 53878:11: Bye Bye [preauth]
Oct 14 15:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: Disconnected from 179.40.112.10 port 53878 [preauth]
Oct 14 15:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12019]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: Invalid user roberto from 196.22.48.114
Oct 14 15:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: input_userauth_request: invalid user roberto [preauth]
Oct 14 15:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 15:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10956]: pam_unix(cron:session): session closed for user root
Oct 14 15:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: Failed password for invalid user roberto from 196.22.48.114 port 54590 ssh2
Oct 14 15:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: Received disconnect from 196.22.48.114 port 54590:11: Bye Bye [preauth]
Oct 14 15:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: Disconnected from 196.22.48.114 port 54590 [preauth]
Oct 14 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12560]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12559]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12557]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12655]: Successful su for rubyman by root
Oct 14 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12655]: + ??? root:rubyman
Oct 14 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412025 of user rubyman.
Oct 14 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12655]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412025.
Oct 14 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132  user=root
Oct 14 15:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: Failed password for root from 202.165.15.132 port 45379 ssh2
Oct 14 15:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: Received disconnect from 202.165.15.132 port 45379:11: Bye Bye [preauth]
Oct 14 15:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: Disconnected from 202.165.15.132 port 45379 [preauth]
Oct 14 15:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9300]: pam_unix(cron:session): session closed for user root
Oct 14 15:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12558]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: Invalid user igor from 186.124.138.154
Oct 14 15:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: input_userauth_request: invalid user igor [preauth]
Oct 14 15:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: Failed password for invalid user igor from 186.124.138.154 port 43308 ssh2
Oct 14 15:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: Received disconnect from 186.124.138.154 port 43308:11: Bye Bye [preauth]
Oct 14 15:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: Disconnected from 186.124.138.154 port 43308 [preauth]
Oct 14 15:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11447]: pam_unix(cron:session): session closed for user root
Oct 14 15:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: Invalid user valeria from 146.190.144.138
Oct 14 15:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: input_userauth_request: invalid user valeria [preauth]
Oct 14 15:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138
Oct 14 15:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: Failed password for invalid user valeria from 146.190.144.138 port 47496 ssh2
Oct 14 15:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: Received disconnect from 146.190.144.138 port 47496:11: Bye Bye [preauth]
Oct 14 15:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13018]: Disconnected from 146.190.144.138 port 47496 [preauth]
Oct 14 15:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231  user=root
Oct 14 15:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13031]: Failed password for root from 103.30.41.231 port 47626 ssh2
Oct 14 15:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13031]: Received disconnect from 103.30.41.231 port 47626:11: Bye Bye [preauth]
Oct 14 15:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13031]: Disconnected from 103.30.41.231 port 47626 [preauth]
Oct 14 15:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10  user=root
Oct 14 15:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: Failed password for root from 179.40.112.10 port 58462 ssh2
Oct 14 15:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: Received disconnect from 179.40.112.10 port 58462:11: Bye Bye [preauth]
Oct 14 15:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: Disconnected from 179.40.112.10 port 58462 [preauth]
Oct 14 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13090]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13091]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13089]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13086]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13086]: pam_unix(cron:session): session closed for user root
Oct 14 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13088]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13163]: Successful su for rubyman by root
Oct 14 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13163]: + ??? root:rubyman
Oct 14 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412029 of user rubyman.
Oct 14 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13163]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412029.
Oct 14 15:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9978]: pam_unix(cron:session): session closed for user root
Oct 14 15:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13089]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13592]: Invalid user guest from 196.22.48.114
Oct 14 15:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13592]: input_userauth_request: invalid user guest [preauth]
Oct 14 15:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13592]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 15:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13592]: Failed password for invalid user guest from 196.22.48.114 port 41642 ssh2
Oct 14 15:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13592]: Received disconnect from 196.22.48.114 port 41642:11: Bye Bye [preauth]
Oct 14 15:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13592]: Disconnected from 196.22.48.114 port 41642 [preauth]
Oct 14 15:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12023]: pam_unix(cron:session): session closed for user root
Oct 14 15:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Invalid user edit from 202.165.15.132
Oct 14 15:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: input_userauth_request: invalid user edit [preauth]
Oct 14 15:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 15:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Failed password for invalid user edit from 202.165.15.132 port 52346 ssh2
Oct 14 15:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Received disconnect from 202.165.15.132 port 52346:11: Bye Bye [preauth]
Oct 14 15:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Disconnected from 202.165.15.132 port 52346 [preauth]
Oct 14 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13680]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13679]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13678]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13681]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13678]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13766]: Successful su for rubyman by root
Oct 14 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13766]: + ??? root:rubyman
Oct 14 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412033 of user rubyman.
Oct 14 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13766]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412033.
Oct 14 15:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10492]: pam_unix(cron:session): session closed for user root
Oct 14 15:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 15:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=sabaramo@omarabas.com@198.199.94.12 rhost=::ffff:79.124.49.146
Oct 14 15:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13997]: Invalid user test from 186.124.138.154
Oct 14 15:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13997]: input_userauth_request: invalid user test [preauth]
Oct 14 15:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13997]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13679]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 15:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=sabaramo@omarabas.com rhost=::ffff:79.124.49.146
Oct 14 15:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13997]: Failed password for invalid user test from 186.124.138.154 port 59070 ssh2
Oct 14 15:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13997]: Received disconnect from 186.124.138.154 port 59070:11: Bye Bye [preauth]
Oct 14 15:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13997]: Disconnected from 186.124.138.154 port 59070 [preauth]
Oct 14 15:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: Invalid user gg from 103.168.135.187
Oct 14 15:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: input_userauth_request: invalid user gg [preauth]
Oct 14 15:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.168.135.187
Oct 14 15:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: Failed password for invalid user gg from 103.168.135.187 port 37214 ssh2
Oct 14 15:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: Received disconnect from 103.168.135.187 port 37214:11: Bye Bye [preauth]
Oct 14 15:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: Disconnected from 103.168.135.187 port 37214 [preauth]
Oct 14 15:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: Invalid user peertube from 103.30.41.231
Oct 14 15:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: input_userauth_request: invalid user peertube [preauth]
Oct 14 15:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 15:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: Failed password for invalid user peertube from 103.30.41.231 port 36608 ssh2
Oct 14 15:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: Received disconnect from 103.30.41.231 port 36608:11: Bye Bye [preauth]
Oct 14 15:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14172]: Disconnected from 103.30.41.231 port 36608 [preauth]
Oct 14 15:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12560]: pam_unix(cron:session): session closed for user root
Oct 14 15:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10  user=root
Oct 14 15:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138  user=root
Oct 14 15:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14203]: Failed password for root from 179.40.112.10 port 34692 ssh2
Oct 14 15:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14206]: Failed password for root from 146.190.144.138 port 44126 ssh2
Oct 14 15:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14206]: Received disconnect from 146.190.144.138 port 44126:11: Bye Bye [preauth]
Oct 14 15:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14206]: Disconnected from 146.190.144.138 port 44126 [preauth]
Oct 14 15:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14203]: Received disconnect from 179.40.112.10 port 34692:11: Bye Bye [preauth]
Oct 14 15:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14203]: Disconnected from 179.40.112.10 port 34692 [preauth]
Oct 14 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14282]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14281]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14279]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14347]: Successful su for rubyman by root
Oct 14 15:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14347]: + ??? root:rubyman
Oct 14 15:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14347]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412037 of user rubyman.
Oct 14 15:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14347]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412037.
Oct 14 15:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: Invalid user test from 202.165.15.132
Oct 14 15:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: input_userauth_request: invalid user test [preauth]
Oct 14 15:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 15:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10954]: pam_unix(cron:session): session closed for user root
Oct 14 15:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: Failed password for invalid user test from 202.165.15.132 port 49176 ssh2
Oct 14 15:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: Received disconnect from 202.165.15.132 port 49176:11: Bye Bye [preauth]
Oct 14 15:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: Disconnected from 202.165.15.132 port 49176 [preauth]
Oct 14 15:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14280]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: Invalid user user2 from 196.22.48.114
Oct 14 15:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: input_userauth_request: invalid user user2 [preauth]
Oct 14 15:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 15:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: Failed password for invalid user user2 from 196.22.48.114 port 53576 ssh2
Oct 14 15:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: Received disconnect from 196.22.48.114 port 53576:11: Bye Bye [preauth]
Oct 14 15:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: Disconnected from 196.22.48.114 port 53576 [preauth]
Oct 14 15:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13091]: pam_unix(cron:session): session closed for user root
Oct 14 15:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: Invalid user osvaldo from 186.124.138.154
Oct 14 15:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: input_userauth_request: invalid user osvaldo [preauth]
Oct 14 15:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: Failed password for invalid user osvaldo from 186.124.138.154 port 33028 ssh2
Oct 14 15:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: Received disconnect from 186.124.138.154 port 33028:11: Bye Bye [preauth]
Oct 14 15:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: Disconnected from 186.124.138.154 port 33028 [preauth]
Oct 14 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14721]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14722]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14723]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14725]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14718]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14725]: pam_unix(cron:session): session closed for user root
Oct 14 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14718]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14818]: Successful su for rubyman by root
Oct 14 15:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14818]: + ??? root:rubyman
Oct 14 15:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14818]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412045 of user rubyman.
Oct 14 15:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14818]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412045.
Oct 14 15:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14721]: pam_unix(cron:session): session closed for user root
Oct 14 15:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11446]: pam_unix(cron:session): session closed for user root
Oct 14 15:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15153]: Invalid user fin from 103.30.41.231
Oct 14 15:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15153]: input_userauth_request: invalid user fin [preauth]
Oct 14 15:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15153]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 15:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15153]: Failed password for invalid user fin from 103.30.41.231 port 47824 ssh2
Oct 14 15:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15153]: Received disconnect from 103.30.41.231 port 47824:11: Bye Bye [preauth]
Oct 14 15:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15153]: Disconnected from 103.30.41.231 port 47824 [preauth]
Oct 14 15:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: Invalid user backupuser from 179.40.112.10
Oct 14 15:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: input_userauth_request: invalid user backupuser [preauth]
Oct 14 15:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.112.10
Oct 14 15:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14719]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: Failed password for invalid user backupuser from 179.40.112.10 port 39158 ssh2
Oct 14 15:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: Received disconnect from 179.40.112.10 port 39158:11: Bye Bye [preauth]
Oct 14 15:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: Disconnected from 179.40.112.10 port 39158 [preauth]
Oct 14 15:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13681]: pam_unix(cron:session): session closed for user root
Oct 14 15:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: Invalid user leyla from 146.190.144.138
Oct 14 15:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: input_userauth_request: invalid user leyla [preauth]
Oct 14 15:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138
Oct 14 15:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: Failed password for invalid user leyla from 146.190.144.138 port 57964 ssh2
Oct 14 15:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: Received disconnect from 146.190.144.138 port 57964:11: Bye Bye [preauth]
Oct 14 15:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15275]: Disconnected from 146.190.144.138 port 57964 [preauth]
Oct 14 15:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132  user=root
Oct 14 15:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: Failed password for root from 202.165.15.132 port 52263 ssh2
Oct 14 15:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: Received disconnect from 202.165.15.132 port 52263:11: Bye Bye [preauth]
Oct 14 15:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: Disconnected from 202.165.15.132 port 52263 [preauth]
Oct 14 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15364]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15365]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15362]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15434]: Successful su for rubyman by root
Oct 14 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15434]: + ??? root:rubyman
Oct 14 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412048 of user rubyman.
Oct 14 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15434]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412048.
Oct 14 15:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12022]: pam_unix(cron:session): session closed for user root
Oct 14 15:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15363]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114  user=root
Oct 14 15:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Failed password for root from 196.22.48.114 port 49680 ssh2
Oct 14 15:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Received disconnect from 196.22.48.114 port 49680:11: Bye Bye [preauth]
Oct 14 15:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Disconnected from 196.22.48.114 port 49680 [preauth]
Oct 14 15:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15711]: Invalid user ak from 186.124.138.154
Oct 14 15:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15711]: input_userauth_request: invalid user ak [preauth]
Oct 14 15:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15711]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15711]: Failed password for invalid user ak from 186.124.138.154 port 40788 ssh2
Oct 14 15:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15711]: Received disconnect from 186.124.138.154 port 40788:11: Bye Bye [preauth]
Oct 14 15:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15711]: Disconnected from 186.124.138.154 port 40788 [preauth]
Oct 14 15:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14282]: pam_unix(cron:session): session closed for user root
Oct 14 15:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: Invalid user alex from 103.30.41.231
Oct 14 15:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: input_userauth_request: invalid user alex [preauth]
Oct 14 15:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 15:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: Failed password for invalid user alex from 103.30.41.231 port 60376 ssh2
Oct 14 15:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: Received disconnect from 103.30.41.231 port 60376:11: Bye Bye [preauth]
Oct 14 15:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: Disconnected from 103.30.41.231 port 60376 [preauth]
Oct 14 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15814]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15815]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15812]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15886]: Successful su for rubyman by root
Oct 14 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15886]: + ??? root:rubyman
Oct 14 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412052 of user rubyman.
Oct 14 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15886]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412052.
Oct 14 15:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12559]: pam_unix(cron:session): session closed for user root
Oct 14 15:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132  user=root
Oct 14 15:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Failed password for root from 202.165.15.132 port 13767 ssh2
Oct 14 15:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Received disconnect from 202.165.15.132 port 13767:11: Bye Bye [preauth]
Oct 14 15:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Disconnected from 202.165.15.132 port 13767 [preauth]
Oct 14 15:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15813]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14723]: pam_unix(cron:session): session closed for user root
Oct 14 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16266]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16265]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16263]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16350]: Successful su for rubyman by root
Oct 14 15:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16350]: + ??? root:rubyman
Oct 14 15:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412055 of user rubyman.
Oct 14 15:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16350]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412055.
Oct 14 15:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13090]: pam_unix(cron:session): session closed for user root
Oct 14 15:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16553]: Invalid user team2 from 186.124.138.154
Oct 14 15:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16553]: input_userauth_request: invalid user team2 [preauth]
Oct 14 15:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16553]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16553]: Failed password for invalid user team2 from 186.124.138.154 port 36620 ssh2
Oct 14 15:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16553]: Received disconnect from 186.124.138.154 port 36620:11: Bye Bye [preauth]
Oct 14 15:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16553]: Disconnected from 186.124.138.154 port 36620 [preauth]
Oct 14 15:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16264]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114  user=root
Oct 14 15:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: Failed password for root from 196.22.48.114 port 49678 ssh2
Oct 14 15:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: Received disconnect from 196.22.48.114 port 49678:11: Bye Bye [preauth]
Oct 14 15:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: Disconnected from 196.22.48.114 port 49678 [preauth]
Oct 14 15:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15365]: pam_unix(cron:session): session closed for user root
Oct 14 15:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Invalid user robby from 103.30.41.231
Oct 14 15:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: input_userauth_request: invalid user robby [preauth]
Oct 14 15:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 15:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16676]: Invalid user rony from 202.165.15.132
Oct 14 15:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16676]: input_userauth_request: invalid user rony [preauth]
Oct 14 15:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16676]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 15:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Failed password for invalid user robby from 103.30.41.231 port 33540 ssh2
Oct 14 15:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Received disconnect from 103.30.41.231 port 33540:11: Bye Bye [preauth]
Oct 14 15:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Disconnected from 103.30.41.231 port 33540 [preauth]
Oct 14 15:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16676]: Failed password for invalid user rony from 202.165.15.132 port 28608 ssh2
Oct 14 15:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16676]: Received disconnect from 202.165.15.132 port 28608:11: Bye Bye [preauth]
Oct 14 15:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16676]: Disconnected from 202.165.15.132 port 28608 [preauth]
Oct 14 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16738]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16739]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16737]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16736]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16822]: Successful su for rubyman by root
Oct 14 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16822]: + ??? root:rubyman
Oct 14 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412059 of user rubyman.
Oct 14 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16822]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412059.
Oct 14 15:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13680]: pam_unix(cron:session): session closed for user root
Oct 14 15:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16737]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15815]: pam_unix(cron:session): session closed for user root
Oct 14 15:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17184]: Invalid user emilio from 146.190.144.138
Oct 14 15:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17184]: input_userauth_request: invalid user emilio [preauth]
Oct 14 15:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17184]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138
Oct 14 15:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17184]: Failed password for invalid user emilio from 146.190.144.138 port 54546 ssh2
Oct 14 15:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17184]: Received disconnect from 146.190.144.138 port 54546:11: Bye Bye [preauth]
Oct 14 15:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17184]: Disconnected from 146.190.144.138 port 54546 [preauth]
Oct 14 15:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17191]: Invalid user ake from 186.124.138.154
Oct 14 15:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17191]: input_userauth_request: invalid user ake [preauth]
Oct 14 15:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17191]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17191]: Failed password for invalid user ake from 186.124.138.154 port 49828 ssh2
Oct 14 15:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17191]: Received disconnect from 186.124.138.154 port 49828:11: Bye Bye [preauth]
Oct 14 15:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17191]: Disconnected from 186.124.138.154 port 49828 [preauth]
Oct 14 15:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: Invalid user steam from 101.126.33.0
Oct 14 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: input_userauth_request: invalid user steam [preauth]
Oct 14 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.126.33.0
Oct 14 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17218]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17217]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17221]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17220]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17222]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17216]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17222]: pam_unix(cron:session): session closed for user root
Oct 14 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17216]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: Failed password for invalid user steam from 101.126.33.0 port 50248 ssh2
Oct 14 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: Received disconnect from 101.126.33.0 port 50248:11: Bye Bye [preauth]
Oct 14 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: Disconnected from 101.126.33.0 port 50248 [preauth]
Oct 14 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17302]: Successful su for rubyman by root
Oct 14 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17302]: + ??? root:rubyman
Oct 14 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412067 of user rubyman.
Oct 14 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17302]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412067.
Oct 14 15:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17218]: pam_unix(cron:session): session closed for user root
Oct 14 15:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14281]: pam_unix(cron:session): session closed for user root
Oct 14 15:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17516]: Invalid user integral from 202.165.15.132
Oct 14 15:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17516]: input_userauth_request: invalid user integral [preauth]
Oct 14 15:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17516]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 15:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17516]: Failed password for invalid user integral from 202.165.15.132 port 40618 ssh2
Oct 14 15:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17516]: Received disconnect from 202.165.15.132 port 40618:11: Bye Bye [preauth]
Oct 14 15:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17516]: Disconnected from 202.165.15.132 port 40618 [preauth]
Oct 14 15:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17217]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: Invalid user openstack from 196.22.48.114
Oct 14 15:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: input_userauth_request: invalid user openstack [preauth]
Oct 14 15:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 15:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: Invalid user contabilidad from 103.30.41.231
Oct 14 15:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: input_userauth_request: invalid user contabilidad [preauth]
Oct 14 15:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 15:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: Failed password for invalid user openstack from 196.22.48.114 port 44612 ssh2
Oct 14 15:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: Received disconnect from 196.22.48.114 port 44612:11: Bye Bye [preauth]
Oct 14 15:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: Disconnected from 196.22.48.114 port 44612 [preauth]
Oct 14 15:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: Failed password for invalid user contabilidad from 103.30.41.231 port 57786 ssh2
Oct 14 15:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: Received disconnect from 103.30.41.231 port 57786:11: Bye Bye [preauth]
Oct 14 15:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17563]: Disconnected from 103.30.41.231 port 57786 [preauth]
Oct 14 15:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16266]: pam_unix(cron:session): session closed for user root
Oct 14 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17733]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17734]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17730]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17872]: Successful su for rubyman by root
Oct 14 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17872]: + ??? root:rubyman
Oct 14 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17872]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412069 of user rubyman.
Oct 14 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17872]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412069.
Oct 14 15:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14722]: pam_unix(cron:session): session closed for user root
Oct 14 15:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17731]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: Invalid user rizzo from 186.124.138.154
Oct 14 15:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: input_userauth_request: invalid user rizzo [preauth]
Oct 14 15:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: Failed password for invalid user rizzo from 186.124.138.154 port 43816 ssh2
Oct 14 15:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: Received disconnect from 186.124.138.154 port 43816:11: Bye Bye [preauth]
Oct 14 15:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18265]: Disconnected from 186.124.138.154 port 43816 [preauth]
Oct 14 15:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16739]: pam_unix(cron:session): session closed for user root
Oct 14 15:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: Invalid user eugene from 202.165.15.132
Oct 14 15:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: input_userauth_request: invalid user eugene [preauth]
Oct 14 15:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 15:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: Failed password for invalid user eugene from 202.165.15.132 port 33551 ssh2
Oct 14 15:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: Received disconnect from 202.165.15.132 port 33551:11: Bye Bye [preauth]
Oct 14 15:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18435]: Disconnected from 202.165.15.132 port 33551 [preauth]
Oct 14 15:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: Invalid user gituser from 103.30.41.231
Oct 14 15:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: input_userauth_request: invalid user gituser [preauth]
Oct 14 15:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 15:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: Failed password for invalid user gituser from 103.30.41.231 port 45574 ssh2
Oct 14 15:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: Received disconnect from 103.30.41.231 port 45574:11: Bye Bye [preauth]
Oct 14 15:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: Disconnected from 103.30.41.231 port 45574 [preauth]
Oct 14 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18506]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18507]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18499]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18587]: Successful su for rubyman by root
Oct 14 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18587]: + ??? root:rubyman
Oct 14 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412073 of user rubyman.
Oct 14 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18587]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412073.
Oct 14 15:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15364]: pam_unix(cron:session): session closed for user root
Oct 14 15:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18500]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Invalid user emilio from 196.22.48.114
Oct 14 15:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: input_userauth_request: invalid user emilio [preauth]
Oct 14 15:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.22.48.114
Oct 14 15:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Failed password for invalid user emilio from 196.22.48.114 port 38930 ssh2
Oct 14 15:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Received disconnect from 196.22.48.114 port 38930:11: Bye Bye [preauth]
Oct 14 15:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Disconnected from 196.22.48.114 port 38930 [preauth]
Oct 14 15:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17221]: pam_unix(cron:session): session closed for user root
Oct 14 15:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19101]: Invalid user mysftp from 186.124.138.154
Oct 14 15:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19101]: input_userauth_request: invalid user mysftp [preauth]
Oct 14 15:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19101]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19101]: Failed password for invalid user mysftp from 186.124.138.154 port 57968 ssh2
Oct 14 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19101]: Received disconnect from 186.124.138.154 port 57968:11: Bye Bye [preauth]
Oct 14 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19101]: Disconnected from 186.124.138.154 port 57968 [preauth]
Oct 14 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19119]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19118]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19116]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19115]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19115]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19196]: Successful su for rubyman by root
Oct 14 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19196]: + ??? root:rubyman
Oct 14 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412077 of user rubyman.
Oct 14 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19196]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412077.
Oct 14 15:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19301]: Invalid user antonio from 202.165.15.132
Oct 14 15:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19301]: input_userauth_request: invalid user antonio [preauth]
Oct 14 15:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19301]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 15:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19301]: Failed password for invalid user antonio from 202.165.15.132 port 10180 ssh2
Oct 14 15:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19301]: Received disconnect from 202.165.15.132 port 10180:11: Bye Bye [preauth]
Oct 14 15:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19301]: Disconnected from 202.165.15.132 port 10180 [preauth]
Oct 14 15:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15814]: pam_unix(cron:session): session closed for user root
Oct 14 15:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19116]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: Invalid user amir from 222.79.105.211
Oct 14 15:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: input_userauth_request: invalid user amir [preauth]
Oct 14 15:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.79.105.211
Oct 14 15:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: Failed password for invalid user amir from 222.79.105.211 port 39122 ssh2
Oct 14 15:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: Received disconnect from 222.79.105.211 port 39122:11: Bye Bye [preauth]
Oct 14 15:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: Disconnected from 222.79.105.211 port 39122 [preauth]
Oct 14 15:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231  user=root
Oct 14 15:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: Failed password for root from 103.30.41.231 port 59226 ssh2
Oct 14 15:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: Received disconnect from 103.30.41.231 port 59226:11: Bye Bye [preauth]
Oct 14 15:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: Disconnected from 103.30.41.231 port 59226 [preauth]
Oct 14 15:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17734]: pam_unix(cron:session): session closed for user root
Oct 14 15:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19928]: Invalid user elasticsearch from 146.190.144.138
Oct 14 15:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19928]: input_userauth_request: invalid user elasticsearch [preauth]
Oct 14 15:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19928]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138
Oct 14 15:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19928]: Failed password for invalid user elasticsearch from 146.190.144.138 port 55706 ssh2
Oct 14 15:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19928]: Received disconnect from 146.190.144.138 port 55706:11: Bye Bye [preauth]
Oct 14 15:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19928]: Disconnected from 146.190.144.138 port 55706 [preauth]
Oct 14 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19951]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19952]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19949]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20033]: Successful su for rubyman by root
Oct 14 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20033]: + ??? root:rubyman
Oct 14 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412081 of user rubyman.
Oct 14 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20033]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412081.
Oct 14 15:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16265]: pam_unix(cron:session): session closed for user root
Oct 14 15:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19950]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20342]: Invalid user adminuser from 115.190.81.138
Oct 14 15:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20342]: input_userauth_request: invalid user adminuser [preauth]
Oct 14 15:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20342]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.81.138
Oct 14 15:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20342]: Failed password for invalid user adminuser from 115.190.81.138 port 31326 ssh2
Oct 14 15:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20342]: Received disconnect from 115.190.81.138 port 31326:11: Bye Bye [preauth]
Oct 14 15:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20342]: Disconnected from 115.190.81.138 port 31326 [preauth]
Oct 14 15:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 15:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18507]: pam_unix(cron:session): session closed for user root
Oct 14 15:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20395]: Invalid user donna from 202.165.15.132
Oct 14 15:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20395]: input_userauth_request: invalid user donna [preauth]
Oct 14 15:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20395]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 15:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20376]: Failed password for root from 186.124.138.154 port 59166 ssh2
Oct 14 15:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20376]: Received disconnect from 186.124.138.154 port 59166:11: Bye Bye [preauth]
Oct 14 15:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20376]: Disconnected from 186.124.138.154 port 59166 [preauth]
Oct 14 15:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20395]: Failed password for invalid user donna from 202.165.15.132 port 60866 ssh2
Oct 14 15:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20395]: Received disconnect from 202.165.15.132 port 60866:11: Bye Bye [preauth]
Oct 14 15:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20395]: Disconnected from 202.165.15.132 port 60866 [preauth]
Oct 14 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20473]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20474]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20472]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20471]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20474]: pam_unix(cron:session): session closed for user root
Oct 14 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20468]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20554]: Successful su for rubyman by root
Oct 14 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20554]: + ??? root:rubyman
Oct 14 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412085 of user rubyman.
Oct 14 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20554]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412085.
Oct 14 15:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20471]: pam_unix(cron:session): session closed for user root
Oct 14 15:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16738]: pam_unix(cron:session): session closed for user root
Oct 14 15:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20469]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231  user=root
Oct 14 15:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20820]: Failed password for root from 103.30.41.231 port 48102 ssh2
Oct 14 15:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20820]: Received disconnect from 103.30.41.231 port 48102:11: Bye Bye [preauth]
Oct 14 15:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20820]: Disconnected from 103.30.41.231 port 48102 [preauth]
Oct 14 15:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19119]: pam_unix(cron:session): session closed for user root
Oct 14 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20978]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20977]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20975]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138  user=root
Oct 14 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21061]: Successful su for rubyman by root
Oct 14 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21061]: + ??? root:rubyman
Oct 14 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412092 of user rubyman.
Oct 14 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21061]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412092.
Oct 14 15:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20973]: Failed password for root from 146.190.144.138 port 39194 ssh2
Oct 14 15:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20973]: Received disconnect from 146.190.144.138 port 39194:11: Bye Bye [preauth]
Oct 14 15:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20973]: Disconnected from 146.190.144.138 port 39194 [preauth]
Oct 14 15:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21214]: Invalid user atul from 202.165.15.132
Oct 14 15:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21214]: input_userauth_request: invalid user atul [preauth]
Oct 14 15:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21214]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 15:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17220]: pam_unix(cron:session): session closed for user root
Oct 14 15:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21214]: Failed password for invalid user atul from 202.165.15.132 port 43753 ssh2
Oct 14 15:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21214]: Received disconnect from 202.165.15.132 port 43753:11: Bye Bye [preauth]
Oct 14 15:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21214]: Disconnected from 202.165.15.132 port 43753 [preauth]
Oct 14 15:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20976]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: Invalid user zte from 186.124.138.154
Oct 14 15:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: input_userauth_request: invalid user zte [preauth]
Oct 14 15:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: Failed password for invalid user zte from 186.124.138.154 port 58086 ssh2
Oct 14 15:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: Received disconnect from 186.124.138.154 port 58086:11: Bye Bye [preauth]
Oct 14 15:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: Disconnected from 186.124.138.154 port 58086 [preauth]
Oct 14 15:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.168.135.187  user=root
Oct 14 15:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21327]: Failed password for root from 103.168.135.187 port 42274 ssh2
Oct 14 15:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21327]: Received disconnect from 103.168.135.187 port 42274:11: Bye Bye [preauth]
Oct 14 15:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21327]: Disconnected from 103.168.135.187 port 42274 [preauth]
Oct 14 15:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.81.138  user=root
Oct 14 15:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: Failed password for root from 115.190.81.138 port 45368 ssh2
Oct 14 15:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19952]: pam_unix(cron:session): session closed for user root
Oct 14 15:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.168.135.187  user=root
Oct 14 15:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: Failed password for root from 103.168.135.187 port 34150 ssh2
Oct 14 15:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: Received disconnect from 103.168.135.187 port 34150:11: Bye Bye [preauth]
Oct 14 15:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21493]: Disconnected from 103.168.135.187 port 34150 [preauth]
Oct 14 15:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21520]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21521]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21517]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21508]: Invalid user donald from 103.30.41.231
Oct 14 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21508]: input_userauth_request: invalid user donald [preauth]
Oct 14 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21508]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21593]: Successful su for rubyman by root
Oct 14 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21593]: + ??? root:rubyman
Oct 14 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412098 of user rubyman.
Oct 14 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21593]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412098.
Oct 14 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21508]: Failed password for invalid user donald from 103.30.41.231 port 48476 ssh2
Oct 14 15:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21508]: Received disconnect from 103.30.41.231 port 48476:11: Bye Bye [preauth]
Oct 14 15:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21508]: Disconnected from 103.30.41.231 port 48476 [preauth]
Oct 14 15:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17733]: pam_unix(cron:session): session closed for user root
Oct 14 15:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21519]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 14 15:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Failed password for root from 62.60.131.157 port 63123 ssh2
Oct 14 15:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: message repeated 3 times: [ Failed password for root from 62.60.131.157 port 63123 ssh2]
Oct 14 15:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Failed password for root from 62.60.131.157 port 63123 ssh2
Oct 14 15:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Received disconnect from 62.60.131.157 port 63123:11: Bye [preauth]
Oct 14 15:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Disconnected from 62.60.131.157 port 63123 [preauth]
Oct 14 15:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 14 15:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 15:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132  user=root
Oct 14 15:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: Failed password for root from 202.165.15.132 port 55721 ssh2
Oct 14 15:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20473]: pam_unix(cron:session): session closed for user root
Oct 14 15:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: Received disconnect from 202.165.15.132 port 55721:11: Bye Bye [preauth]
Oct 14 15:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21914]: Disconnected from 202.165.15.132 port 55721 [preauth]
Oct 14 15:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21984]: Invalid user xiaolei from 164.68.105.9
Oct 14 15:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21984]: input_userauth_request: invalid user xiaolei [preauth]
Oct 14 15:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21984]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 14 15:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21984]: Failed password for invalid user xiaolei from 164.68.105.9 port 37946 ssh2
Oct 14 15:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21984]: Connection closed by 164.68.105.9 port 37946 [preauth]
Oct 14 15:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21986]: Invalid user yyy from 186.124.138.154
Oct 14 15:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21986]: input_userauth_request: invalid user yyy [preauth]
Oct 14 15:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21986]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21986]: Failed password for invalid user yyy from 186.124.138.154 port 46320 ssh2
Oct 14 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21986]: Received disconnect from 186.124.138.154 port 46320:11: Bye Bye [preauth]
Oct 14 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21986]: Disconnected from 186.124.138.154 port 46320 [preauth]
Oct 14 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22002]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22000]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21998]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.144.138  user=root
Oct 14 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22077]: Successful su for rubyman by root
Oct 14 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22077]: + ??? root:rubyman
Oct 14 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412099 of user rubyman.
Oct 14 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22077]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412099.
Oct 14 15:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: Failed password for root from 146.190.144.138 port 53634 ssh2
Oct 14 15:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: Received disconnect from 146.190.144.138 port 53634:11: Bye Bye [preauth]
Oct 14 15:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: Disconnected from 146.190.144.138 port 53634 [preauth]
Oct 14 15:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18506]: pam_unix(cron:session): session closed for user root
Oct 14 15:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.81.138  user=root
Oct 14 15:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22320]: Failed password for root from 115.190.81.138 port 23152 ssh2
Oct 14 15:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22320]: Received disconnect from 115.190.81.138 port 23152:11: Bye Bye [preauth]
Oct 14 15:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22320]: Disconnected from 115.190.81.138 port 23152 [preauth]
Oct 14 15:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21999]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20978]: pam_unix(cron:session): session closed for user root
Oct 14 15:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: Invalid user di from 103.30.41.231
Oct 14 15:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: input_userauth_request: invalid user di [preauth]
Oct 14 15:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 15:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: Failed password for invalid user di from 103.30.41.231 port 57626 ssh2
Oct 14 15:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: Received disconnect from 103.30.41.231 port 57626:11: Bye Bye [preauth]
Oct 14 15:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: Disconnected from 103.30.41.231 port 57626 [preauth]
Oct 14 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22501]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22502]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22499]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22582]: Successful su for rubyman by root
Oct 14 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22582]: + ??? root:rubyman
Oct 14 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412105 of user rubyman.
Oct 14 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22582]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412105.
Oct 14 15:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: Invalid user di from 202.165.15.132
Oct 14 15:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: input_userauth_request: invalid user di [preauth]
Oct 14 15:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132
Oct 14 15:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: Failed password for invalid user di from 202.165.15.132 port 17208 ssh2
Oct 14 15:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: Received disconnect from 202.165.15.132 port 17208:11: Bye Bye [preauth]
Oct 14 15:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22578]: Disconnected from 202.165.15.132 port 17208 [preauth]
Oct 14 15:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19118]: pam_unix(cron:session): session closed for user root
Oct 14 15:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22500]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21521]: pam_unix(cron:session): session closed for user root
Oct 14 15:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: Invalid user systemd from 186.124.138.154
Oct 14 15:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: input_userauth_request: invalid user systemd [preauth]
Oct 14 15:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: Failed password for invalid user systemd from 186.124.138.154 port 35448 ssh2
Oct 14 15:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: Received disconnect from 186.124.138.154 port 35448:11: Bye Bye [preauth]
Oct 14 15:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: Disconnected from 186.124.138.154 port 35448 [preauth]
Oct 14 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23456]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23451]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23452]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23453]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23388]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23391]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23456]: pam_unix(cron:session): session closed for user root
Oct 14 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23388]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23765]: Successful su for rubyman by root
Oct 14 15:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23765]: + ??? root:rubyman
Oct 14 15:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412109 of user rubyman.
Oct 14 15:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23765]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412109.
Oct 14 15:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23451]: pam_unix(cron:session): session closed for user root
Oct 14 15:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19951]: pam_unix(cron:session): session closed for user root
Oct 14 15:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23391]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231  user=root
Oct 14 15:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: Failed password for root from 103.30.41.231 port 43686 ssh2
Oct 14 15:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: Received disconnect from 103.30.41.231 port 43686:11: Bye Bye [preauth]
Oct 14 15:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: Disconnected from 103.30.41.231 port 43686 [preauth]
Oct 14 15:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.165.15.132  user=root
Oct 14 15:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: Failed password for root from 202.165.15.132 port 23622 ssh2
Oct 14 15:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: Received disconnect from 202.165.15.132 port 23622:11: Bye Bye [preauth]
Oct 14 15:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: Disconnected from 202.165.15.132 port 23622 [preauth]
Oct 14 15:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22002]: pam_unix(cron:session): session closed for user root
Oct 14 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24234]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24233]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24231]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24321]: Successful su for rubyman by root
Oct 14 15:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24321]: + ??? root:rubyman
Oct 14 15:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412113 of user rubyman.
Oct 14 15:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24321]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412113.
Oct 14 15:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20472]: pam_unix(cron:session): session closed for user root
Oct 14 15:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24232]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 15:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Failed password for root from 186.124.138.154 port 59348 ssh2
Oct 14 15:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Received disconnect from 186.124.138.154 port 59348:11: Bye Bye [preauth]
Oct 14 15:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Disconnected from 186.124.138.154 port 59348 [preauth]
Oct 14 15:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22502]: pam_unix(cron:session): session closed for user root
Oct 14 15:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: Invalid user botuser from 115.190.81.138
Oct 14 15:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: input_userauth_request: invalid user botuser [preauth]
Oct 14 15:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.81.138
Oct 14 15:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: Failed password for invalid user botuser from 115.190.81.138 port 19550 ssh2
Oct 14 15:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: Received disconnect from 115.190.81.138 port 19550:11: Bye Bye [preauth]
Oct 14 15:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: Disconnected from 115.190.81.138 port 19550 [preauth]
Oct 14 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24761]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24765]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24759]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24833]: Successful su for rubyman by root
Oct 14 15:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24833]: + ??? root:rubyman
Oct 14 15:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412119 of user rubyman.
Oct 14 15:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24833]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412119.
Oct 14 15:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20977]: pam_unix(cron:session): session closed for user root
Oct 14 15:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231  user=root
Oct 14 15:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25039]: Failed password for root from 103.30.41.231 port 41620 ssh2
Oct 14 15:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25039]: Received disconnect from 103.30.41.231 port 41620:11: Bye Bye [preauth]
Oct 14 15:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25039]: Disconnected from 103.30.41.231 port 41620 [preauth]
Oct 14 15:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24760]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23453]: pam_unix(cron:session): session closed for user root
Oct 14 15:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: Failed password for root from 186.124.138.154 port 41864 ssh2
Oct 14 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: Received disconnect from 186.124.138.154 port 41864:11: Bye Bye [preauth]
Oct 14 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25262]: Disconnected from 186.124.138.154 port 41864 [preauth]
Oct 14 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25279]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25278]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25276]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25554]: Successful su for rubyman by root
Oct 14 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25554]: + ??? root:rubyman
Oct 14 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412121 of user rubyman.
Oct 14 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25554]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412121.
Oct 14 15:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21520]: pam_unix(cron:session): session closed for user root
Oct 14 15:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25277]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24234]: pam_unix(cron:session): session closed for user root
Oct 14 15:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: Invalid user dummy from 115.190.81.138
Oct 14 15:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: input_userauth_request: invalid user dummy [preauth]
Oct 14 15:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.81.138
Oct 14 15:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: Failed password for invalid user dummy from 115.190.81.138 port 17742 ssh2
Oct 14 15:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: Received disconnect from 115.190.81.138 port 17742:11: Bye Bye [preauth]
Oct 14 15:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: Disconnected from 115.190.81.138 port 17742 [preauth]
Oct 14 15:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: Invalid user student4 from 103.30.41.231
Oct 14 15:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: input_userauth_request: invalid user student4 [preauth]
Oct 14 15:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231
Oct 14 15:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: Failed password for invalid user student4 from 103.30.41.231 port 38270 ssh2
Oct 14 15:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: Received disconnect from 103.30.41.231 port 38270:11: Bye Bye [preauth]
Oct 14 15:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: Disconnected from 103.30.41.231 port 38270 [preauth]
Oct 14 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26050]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26052]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26049]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26046]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26048]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26229]: Successful su for rubyman by root
Oct 14 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26229]: + ??? root:rubyman
Oct 14 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412127 of user rubyman.
Oct 14 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26229]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412127.
Oct 14 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26046]: pam_unix(cron:session): session closed for user root
Oct 14 15:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22000]: pam_unix(cron:session): session closed for user root
Oct 14 15:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26049]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: Invalid user aramos from 186.124.138.154
Oct 14 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: input_userauth_request: invalid user aramos [preauth]
Oct 14 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: Failed password for invalid user aramos from 186.124.138.154 port 46992 ssh2
Oct 14 15:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: Received disconnect from 186.124.138.154 port 46992:11: Bye Bye [preauth]
Oct 14 15:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: Disconnected from 186.124.138.154 port 46992 [preauth]
Oct 14 15:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24765]: pam_unix(cron:session): session closed for user root
Oct 14 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26748]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26750]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26755]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26749]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26755]: pam_unix(cron:session): session closed for user root
Oct 14 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26745]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26867]: Successful su for rubyman by root
Oct 14 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26867]: + ??? root:rubyman
Oct 14 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412131 of user rubyman.
Oct 14 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26867]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412131.
Oct 14 15:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26748]: pam_unix(cron:session): session closed for user root
Oct 14 15:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22501]: pam_unix(cron:session): session closed for user root
Oct 14 15:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26747]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: Invalid user ansible from 115.190.81.138
Oct 14 15:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: input_userauth_request: invalid user ansible [preauth]
Oct 14 15:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.81.138
Oct 14 15:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: Failed password for invalid user ansible from 115.190.81.138 port 12598 ssh2
Oct 14 15:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: Received disconnect from 115.190.81.138 port 12598:11: Bye Bye [preauth]
Oct 14 15:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: Disconnected from 115.190.81.138 port 12598 [preauth]
Oct 14 15:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.30.41.231  user=root
Oct 14 15:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: Failed password for root from 103.30.41.231 port 49382 ssh2
Oct 14 15:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: Received disconnect from 103.30.41.231 port 49382:11: Bye Bye [preauth]
Oct 14 15:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: Disconnected from 103.30.41.231 port 49382 [preauth]
Oct 14 15:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25279]: pam_unix(cron:session): session closed for user root
Oct 14 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27473]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27472]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27471]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27470]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27470]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27740]: Successful su for rubyman by root
Oct 14 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27740]: + ??? root:rubyman
Oct 14 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412137 of user rubyman.
Oct 14 15:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27740]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412137.
Oct 14 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Invalid user botuser from 222.79.105.211
Oct 14 15:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: input_userauth_request: invalid user botuser [preauth]
Oct 14 15:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.79.105.211
Oct 14 15:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 15:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Failed password for invalid user botuser from 222.79.105.211 port 35850 ssh2
Oct 14 15:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Received disconnect from 222.79.105.211 port 35850:11: Bye Bye [preauth]
Oct 14 15:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Disconnected from 222.79.105.211 port 35850 [preauth]
Oct 14 15:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: Failed password for root from 186.124.138.154 port 57450 ssh2
Oct 14 15:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: Received disconnect from 186.124.138.154 port 57450:11: Bye Bye [preauth]
Oct 14 15:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: Disconnected from 186.124.138.154 port 57450 [preauth]
Oct 14 15:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23452]: pam_unix(cron:session): session closed for user root
Oct 14 15:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27471]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26052]: pam_unix(cron:session): session closed for user root
Oct 14 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28249]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28250]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28245]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28319]: Successful su for rubyman by root
Oct 14 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28319]: + ??? root:rubyman
Oct 14 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412142 of user rubyman.
Oct 14 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28319]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412142.
Oct 14 15:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24233]: pam_unix(cron:session): session closed for user root
Oct 14 15:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28246]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26750]: pam_unix(cron:session): session closed for user root
Oct 14 15:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 15:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29009]: Failed password for root from 186.124.138.154 port 38016 ssh2
Oct 14 15:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29009]: Received disconnect from 186.124.138.154 port 38016:11: Bye Bye [preauth]
Oct 14 15:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29009]: Disconnected from 186.124.138.154 port 38016 [preauth]
Oct 14 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29081]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29079]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29080]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29078]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29157]: Successful su for rubyman by root
Oct 14 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29157]: + ??? root:rubyman
Oct 14 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412145 of user rubyman.
Oct 14 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29157]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412145.
Oct 14 15:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24761]: pam_unix(cron:session): session closed for user root
Oct 14 15:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29079]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27473]: pam_unix(cron:session): session closed for user root
Oct 14 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29585]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29586]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29583]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29664]: Successful su for rubyman by root
Oct 14 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29664]: + ??? root:rubyman
Oct 14 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29664]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412150 of user rubyman.
Oct 14 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29664]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412150.
Oct 14 15:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25278]: pam_unix(cron:session): session closed for user root
Oct 14 15:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29584]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29952]: Invalid user del from 186.124.138.154
Oct 14 15:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29952]: input_userauth_request: invalid user del [preauth]
Oct 14 15:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29952]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29952]: Failed password for invalid user del from 186.124.138.154 port 51536 ssh2
Oct 14 15:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29952]: Received disconnect from 186.124.138.154 port 51536:11: Bye Bye [preauth]
Oct 14 15:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29952]: Disconnected from 186.124.138.154 port 51536 [preauth]
Oct 14 15:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: Invalid user support from 78.128.112.74
Oct 14 15:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: input_userauth_request: invalid user support [preauth]
Oct 14 15:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Oct 14 15:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28250]: pam_unix(cron:session): session closed for user root
Oct 14 15:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: Failed password for invalid user support from 78.128.112.74 port 59594 ssh2
Oct 14 15:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: Connection closed by 78.128.112.74 port 59594 [preauth]
Oct 14 15:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: Invalid user jenkins from 115.190.81.138
Oct 14 15:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 15:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.81.138
Oct 14 15:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: Failed password for invalid user jenkins from 115.190.81.138 port 27240 ssh2
Oct 14 15:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: Received disconnect from 115.190.81.138 port 27240:11: Bye Bye [preauth]
Oct 14 15:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: Disconnected from 115.190.81.138 port 27240 [preauth]
Oct 14 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30108]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30106]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30105]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30107]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30108]: pam_unix(cron:session): session closed for user root
Oct 14 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30101]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30194]: Successful su for rubyman by root
Oct 14 15:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30194]: + ??? root:rubyman
Oct 14 15:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412155 of user rubyman.
Oct 14 15:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30194]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412155.
Oct 14 15:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30105]: pam_unix(cron:session): session closed for user root
Oct 14 15:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26050]: pam_unix(cron:session): session closed for user root
Oct 14 15:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30102]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30615]: Invalid user erp from 186.96.145.241
Oct 14 15:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30615]: input_userauth_request: invalid user erp [preauth]
Oct 14 15:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30615]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 14 15:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30615]: Failed password for invalid user erp from 186.96.145.241 port 45226 ssh2
Oct 14 15:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30615]: Connection closed by 186.96.145.241 port 45226 [preauth]
Oct 14 15:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29081]: pam_unix(cron:session): session closed for user root
Oct 14 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30739]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30740]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30736]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30823]: Successful su for rubyman by root
Oct 14 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30823]: + ??? root:rubyman
Oct 14 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412161 of user rubyman.
Oct 14 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30823]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412161.
Oct 14 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30816]: Invalid user keycloak from 186.124.138.154
Oct 14 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30816]: input_userauth_request: invalid user keycloak [preauth]
Oct 14 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30816]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30816]: Failed password for invalid user keycloak from 186.124.138.154 port 45552 ssh2
Oct 14 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30816]: Received disconnect from 186.124.138.154 port 45552:11: Bye Bye [preauth]
Oct 14 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30816]: Disconnected from 186.124.138.154 port 45552 [preauth]
Oct 14 15:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26749]: pam_unix(cron:session): session closed for user root
Oct 14 15:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30738]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26  user=root
Oct 14 15:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: Failed password for root from 2.57.122.26 port 32986 ssh2
Oct 14 15:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: Connection closed by 2.57.122.26 port 32986 [preauth]
Oct 14 15:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29586]: pam_unix(cron:session): session closed for user root
Oct 14 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31229]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31228]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31225]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31297]: Successful su for rubyman by root
Oct 14 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31297]: + ??? root:rubyman
Oct 14 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412163 of user rubyman.
Oct 14 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31297]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412163.
Oct 14 15:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27472]: pam_unix(cron:session): session closed for user root
Oct 14 15:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31226]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30107]: pam_unix(cron:session): session closed for user root
Oct 14 15:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31802]: Invalid user administrador from 186.124.138.154
Oct 14 15:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31802]: input_userauth_request: invalid user administrador [preauth]
Oct 14 15:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31802]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31802]: Failed password for invalid user administrador from 186.124.138.154 port 40436 ssh2
Oct 14 15:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31802]: Received disconnect from 186.124.138.154 port 40436:11: Bye Bye [preauth]
Oct 14 15:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31802]: Disconnected from 186.124.138.154 port 40436 [preauth]
Oct 14 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31852]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31853]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31849]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31926]: Successful su for rubyman by root
Oct 14 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31926]: + ??? root:rubyman
Oct 14 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31926]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412168 of user rubyman.
Oct 14 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31926]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412168.
Oct 14 15:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28249]: pam_unix(cron:session): session closed for user root
Oct 14 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31850]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Invalid user erpnext from 115.190.81.138
Oct 14 15:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: input_userauth_request: invalid user erpnext [preauth]
Oct 14 15:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.81.138
Oct 14 15:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Failed password for invalid user erpnext from 115.190.81.138 port 32014 ssh2
Oct 14 15:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Received disconnect from 115.190.81.138 port 32014:11: Bye Bye [preauth]
Oct 14 15:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Disconnected from 115.190.81.138 port 32014 [preauth]
Oct 14 15:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30740]: pam_unix(cron:session): session closed for user root
Oct 14 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32405]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32406]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32401]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32471]: Successful su for rubyman by root
Oct 14 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32471]: + ??? root:rubyman
Oct 14 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412170 of user rubyman.
Oct 14 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32471]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412170.
Oct 14 15:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29080]: pam_unix(cron:session): session closed for user root
Oct 14 15:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32403]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 15:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32746]: Failed password for root from 186.124.138.154 port 45778 ssh2
Oct 14 15:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32746]: Received disconnect from 186.124.138.154 port 45778:11: Bye Bye [preauth]
Oct 14 15:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32746]: Disconnected from 186.124.138.154 port 45778 [preauth]
Oct 14 15:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31229]: pam_unix(cron:session): session closed for user root
Oct 14 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[409]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[403]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[406]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[407]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[409]: pam_unix(cron:session): session closed for user root
Oct 14 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[401]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[499]: Successful su for rubyman by root
Oct 14 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[499]: + ??? root:rubyman
Oct 14 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412177 of user rubyman.
Oct 14 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[499]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412177.
Oct 14 15:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[403]: pam_unix(cron:session): session closed for user root
Oct 14 15:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29585]: pam_unix(cron:session): session closed for user root
Oct 14 15:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[402]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Invalid user admin from 2.57.121.25
Oct 14 15:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: input_userauth_request: invalid user admin [preauth]
Oct 14 15:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 15:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Failed password for invalid user admin from 2.57.121.25 port 44463 ssh2
Oct 14 15:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Failed password for invalid user admin from 2.57.121.25 port 44463 ssh2
Oct 14 15:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Failed password for invalid user admin from 2.57.121.25 port 44463 ssh2
Oct 14 15:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Failed password for invalid user admin from 2.57.121.25 port 44463 ssh2
Oct 14 15:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Failed password for invalid user admin from 2.57.121.25 port 44463 ssh2
Oct 14 15:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Received disconnect from 2.57.121.25 port 44463:11: Bye [preauth]
Oct 14 15:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Disconnected from 2.57.121.25 port 44463 [preauth]
Oct 14 15:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 15:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 15:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31853]: pam_unix(cron:session): session closed for user root
Oct 14 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1000]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[999]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[982]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1100]: Successful su for rubyman by root
Oct 14 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1100]: + ??? root:rubyman
Oct 14 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1100]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412182 of user rubyman.
Oct 14 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1100]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412182.
Oct 14 15:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: Invalid user gg from 186.124.138.154
Oct 14 15:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: input_userauth_request: invalid user gg [preauth]
Oct 14 15:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: Failed password for invalid user gg from 186.124.138.154 port 39506 ssh2
Oct 14 15:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: Received disconnect from 186.124.138.154 port 39506:11: Bye Bye [preauth]
Oct 14 15:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: Disconnected from 186.124.138.154 port 39506 [preauth]
Oct 14 15:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30106]: pam_unix(cron:session): session closed for user root
Oct 14 15:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[983]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: Invalid user hduser from 190.103.202.7
Oct 14 15:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: input_userauth_request: invalid user hduser [preauth]
Oct 14 15:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 14 15:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: Failed password for invalid user hduser from 190.103.202.7 port 42932 ssh2
Oct 14 15:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: Connection closed by 190.103.202.7 port 42932 [preauth]
Oct 14 15:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32406]: pam_unix(cron:session): session closed for user root
Oct 14 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1518]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1519]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1516]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1585]: Successful su for rubyman by root
Oct 14 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1585]: + ??? root:rubyman
Oct 14 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412184 of user rubyman.
Oct 14 15:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1585]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412184.
Oct 14 15:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: Invalid user admin1 from 115.190.81.138
Oct 14 15:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: input_userauth_request: invalid user admin1 [preauth]
Oct 14 15:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.81.138
Oct 14 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: Failed password for invalid user admin1 from 115.190.81.138 port 47470 ssh2
Oct 14 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: Received disconnect from 115.190.81.138 port 47470:11: Bye Bye [preauth]
Oct 14 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: Disconnected from 115.190.81.138 port 47470 [preauth]
Oct 14 15:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30739]: pam_unix(cron:session): session closed for user root
Oct 14 15:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1517]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1996]: Connection closed by 222.79.105.211 port 53424 [preauth]
Oct 14 15:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[407]: pam_unix(cron:session): session closed for user root
Oct 14 15:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2041]: Invalid user dima from 186.124.138.154
Oct 14 15:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2041]: input_userauth_request: invalid user dima [preauth]
Oct 14 15:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2041]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2041]: Failed password for invalid user dima from 186.124.138.154 port 51798 ssh2
Oct 14 15:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2041]: Received disconnect from 186.124.138.154 port 51798:11: Bye Bye [preauth]
Oct 14 15:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2041]: Disconnected from 186.124.138.154 port 51798 [preauth]
Oct 14 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2103]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2102]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2101]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2100]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2177]: Successful su for rubyman by root
Oct 14 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2177]: + ??? root:rubyman
Oct 14 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412188 of user rubyman.
Oct 14 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2177]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412188.
Oct 14 15:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31228]: pam_unix(cron:session): session closed for user root
Oct 14 15:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2101]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2413]: Invalid user sysadmin from 222.79.105.211
Oct 14 15:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2413]: input_userauth_request: invalid user sysadmin [preauth]
Oct 14 15:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2413]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.79.105.211
Oct 14 15:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2413]: Failed password for invalid user sysadmin from 222.79.105.211 port 52320 ssh2
Oct 14 15:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2413]: Received disconnect from 222.79.105.211 port 52320:11: Bye Bye [preauth]
Oct 14 15:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2413]: Disconnected from 222.79.105.211 port 52320 [preauth]
Oct 14 15:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1000]: pam_unix(cron:session): session closed for user root
Oct 14 15:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: Invalid user user from 62.60.131.157
Oct 14 15:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: input_userauth_request: invalid user user [preauth]
Oct 14 15:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 15:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: Failed password for invalid user user from 62.60.131.157 port 28311 ssh2
Oct 14 15:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: Failed password for invalid user user from 62.60.131.157 port 28311 ssh2
Oct 14 15:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: Failed password for invalid user user from 62.60.131.157 port 28311 ssh2
Oct 14 15:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: Failed password for invalid user user from 62.60.131.157 port 28311 ssh2
Oct 14 15:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2572]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2571]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2568]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: Failed password for invalid user user from 62.60.131.157 port 28311 ssh2
Oct 14 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: Received disconnect from 62.60.131.157 port 28311:11: Bye [preauth]
Oct 14 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: Disconnected from 62.60.131.157 port 28311 [preauth]
Oct 14 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2633]: Successful su for rubyman by root
Oct 14 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2633]: + ??? root:rubyman
Oct 14 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412193 of user rubyman.
Oct 14 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2633]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412193.
Oct 14 15:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31852]: pam_unix(cron:session): session closed for user root
Oct 14 15:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2569]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 15:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: Failed password for root from 186.124.138.154 port 43392 ssh2
Oct 14 15:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: Received disconnect from 186.124.138.154 port 43392:11: Bye Bye [preauth]
Oct 14 15:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: Disconnected from 186.124.138.154 port 43392 [preauth]
Oct 14 15:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2877]: Invalid user www from 222.79.105.211
Oct 14 15:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2877]: input_userauth_request: invalid user www [preauth]
Oct 14 15:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2877]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.79.105.211
Oct 14 15:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2877]: Failed password for invalid user www from 222.79.105.211 port 44444 ssh2
Oct 14 15:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1519]: pam_unix(cron:session): session closed for user root
Oct 14 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3025]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3022]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3024]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3023]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3025]: pam_unix(cron:session): session closed for user root
Oct 14 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3016]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3097]: Successful su for rubyman by root
Oct 14 15:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3097]: + ??? root:rubyman
Oct 14 15:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412200 of user rubyman.
Oct 14 15:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3097]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412200.
Oct 14 15:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3022]: pam_unix(cron:session): session closed for user root
Oct 14 15:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32405]: pam_unix(cron:session): session closed for user root
Oct 14 15:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3017]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2103]: pam_unix(cron:session): session closed for user root
Oct 14 15:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3501]: Invalid user brian from 186.124.138.154
Oct 14 15:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3501]: input_userauth_request: invalid user brian [preauth]
Oct 14 15:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3501]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3509]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3508]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3506]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3501]: Failed password for invalid user brian from 186.124.138.154 port 44292 ssh2
Oct 14 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3501]: Received disconnect from 186.124.138.154 port 44292:11: Bye Bye [preauth]
Oct 14 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3501]: Disconnected from 186.124.138.154 port 44292 [preauth]
Oct 14 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3587]: Successful su for rubyman by root
Oct 14 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3587]: + ??? root:rubyman
Oct 14 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412203 of user rubyman.
Oct 14 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3587]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412203.
Oct 14 15:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[406]: pam_unix(cron:session): session closed for user root
Oct 14 15:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3507]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2572]: pam_unix(cron:session): session closed for user root
Oct 14 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3968]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3969]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3966]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4038]: Successful su for rubyman by root
Oct 14 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4038]: + ??? root:rubyman
Oct 14 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412206 of user rubyman.
Oct 14 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4038]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412206.
Oct 14 15:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[999]: pam_unix(cron:session): session closed for user root
Oct 14 15:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3967]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 15:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: Failed password for root from 186.124.138.154 port 55722 ssh2
Oct 14 15:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: Received disconnect from 186.124.138.154 port 55722:11: Bye Bye [preauth]
Oct 14 15:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: Disconnected from 186.124.138.154 port 55722 [preauth]
Oct 14 15:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3024]: pam_unix(cron:session): session closed for user root
Oct 14 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4476]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4478]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4474]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4546]: Successful su for rubyman by root
Oct 14 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4546]: + ??? root:rubyman
Oct 14 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412210 of user rubyman.
Oct 14 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4546]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412210.
Oct 14 15:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1518]: pam_unix(cron:session): session closed for user root
Oct 14 15:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4475]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3509]: pam_unix(cron:session): session closed for user root
Oct 14 15:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5156]: Did not receive identification string from 221.211.246.37
Oct 14 15:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5225]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5221]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5219]: pam_unix(cron:session): session closed for user p13x
Oct 14 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5543]: Successful su for rubyman by root
Oct 14 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5543]: + ??? root:rubyman
Oct 14 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412215 of user rubyman.
Oct 14 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5543]: pam_unix(su:session): session closed for user rubyman
Oct 14 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412215.
Oct 14 15:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2102]: pam_unix(cron:session): session closed for user root
Oct 14 15:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 15:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: Invalid user paula from 186.124.138.154
Oct 14 15:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: input_userauth_request: invalid user paula [preauth]
Oct 14 15:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 15:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: Failed password for invalid user paula from 186.124.138.154 port 34064 ssh2
Oct 14 15:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: Received disconnect from 186.124.138.154 port 34064:11: Bye Bye [preauth]
Oct 14 15:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: Disconnected from 186.124.138.154 port 34064 [preauth]
Oct 14 15:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5745]: Invalid user vishal from 115.190.81.138
Oct 14 15:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5745]: input_userauth_request: invalid user vishal [preauth]
Oct 14 15:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5745]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 15:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.81.138
Oct 14 15:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5220]: pam_unix(cron:session): session closed for user samftp
Oct 14 15:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5745]: Failed password for invalid user vishal from 115.190.81.138 port 23156 ssh2
Oct 14 15:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5745]: Received disconnect from 115.190.81.138 port 23156:11: Bye Bye [preauth]
Oct 14 15:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5745]: Disconnected from 115.190.81.138 port 23156 [preauth]
Oct 14 15:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3969]: pam_unix(cron:session): session closed for user root
Oct 14 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5958]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5961]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5960]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5962]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5959]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5963]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5957]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5963]: pam_unix(cron:session): session closed for user root
Oct 14 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5959]: pam_unix(cron:session): session closed for user root
Oct 14 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5957]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6073]: Successful su for rubyman by root
Oct 14 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6073]: + ??? root:rubyman
Oct 14 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412223 of user rubyman.
Oct 14 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6073]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412223.
Oct 14 16:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2571]: pam_unix(cron:session): session closed for user root
Oct 14 16:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5960]: pam_unix(cron:session): session closed for user root
Oct 14 16:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5958]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4478]: pam_unix(cron:session): session closed for user root
Oct 14 16:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 16:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6496]: Failed password for root from 186.124.138.154 port 36938 ssh2
Oct 14 16:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6496]: Received disconnect from 186.124.138.154 port 36938:11: Bye Bye [preauth]
Oct 14 16:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6496]: Disconnected from 186.124.138.154 port 36938 [preauth]
Oct 14 16:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6498]: Invalid user alex from 115.190.81.138
Oct 14 16:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6498]: input_userauth_request: invalid user alex [preauth]
Oct 14 16:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6498]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.81.138
Oct 14 16:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6498]: Failed password for invalid user alex from 115.190.81.138 port 63530 ssh2
Oct 14 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6498]: Received disconnect from 115.190.81.138 port 63530:11: Bye Bye [preauth]
Oct 14 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6498]: Disconnected from 115.190.81.138 port 63530 [preauth]
Oct 14 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6526]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6525]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6513]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6694]: Successful su for rubyman by root
Oct 14 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6694]: + ??? root:rubyman
Oct 14 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412225 of user rubyman.
Oct 14 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6694]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412225.
Oct 14 16:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3023]: pam_unix(cron:session): session closed for user root
Oct 14 16:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6524]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5225]: pam_unix(cron:session): session closed for user root
Oct 14 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7102]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7092]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7090]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7090]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7239]: Successful su for rubyman by root
Oct 14 16:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7239]: + ??? root:rubyman
Oct 14 16:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412229 of user rubyman.
Oct 14 16:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7239]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412229.
Oct 14 16:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3508]: pam_unix(cron:session): session closed for user root
Oct 14 16:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7091]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 16:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: Failed password for root from 186.124.138.154 port 48177 ssh2
Oct 14 16:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: Received disconnect from 186.124.138.154 port 48177:11: Bye Bye [preauth]
Oct 14 16:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: Disconnected from 186.124.138.154 port 48177 [preauth]
Oct 14 16:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5962]: pam_unix(cron:session): session closed for user root
Oct 14 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7635]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7634]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7632]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7715]: Successful su for rubyman by root
Oct 14 16:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7715]: + ??? root:rubyman
Oct 14 16:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412233 of user rubyman.
Oct 14 16:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7715]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412233.
Oct 14 16:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3968]: pam_unix(cron:session): session closed for user root
Oct 14 16:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7633]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6526]: pam_unix(cron:session): session closed for user root
Oct 14 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8541]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8542]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8539]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8623]: Successful su for rubyman by root
Oct 14 16:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8623]: + ??? root:rubyman
Oct 14 16:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412239 of user rubyman.
Oct 14 16:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8623]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412239.
Oct 14 16:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4476]: pam_unix(cron:session): session closed for user root
Oct 14 16:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8540]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8969]: Invalid user jose from 186.124.138.154
Oct 14 16:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8969]: input_userauth_request: invalid user jose [preauth]
Oct 14 16:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8969]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 16:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8969]: Failed password for invalid user jose from 186.124.138.154 port 40276 ssh2
Oct 14 16:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8969]: Received disconnect from 186.124.138.154 port 40276:11: Bye Bye [preauth]
Oct 14 16:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8969]: Disconnected from 186.124.138.154 port 40276 [preauth]
Oct 14 16:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7102]: pam_unix(cron:session): session closed for user root
Oct 14 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9123]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9120]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9119]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9122]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9123]: pam_unix(cron:session): session closed for user root
Oct 14 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9117]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9318]: Successful su for rubyman by root
Oct 14 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9318]: + ??? root:rubyman
Oct 14 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9318]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412242 of user rubyman.
Oct 14 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9318]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412242.
Oct 14 16:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9119]: pam_unix(cron:session): session closed for user root
Oct 14 16:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5221]: pam_unix(cron:session): session closed for user root
Oct 14 16:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9118]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7635]: pam_unix(cron:session): session closed for user root
Oct 14 16:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: Invalid user es from 186.124.138.154
Oct 14 16:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: input_userauth_request: invalid user es [preauth]
Oct 14 16:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 16:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: Failed password for invalid user es from 186.124.138.154 port 54182 ssh2
Oct 14 16:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: Received disconnect from 186.124.138.154 port 54182:11: Bye Bye [preauth]
Oct 14 16:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: Disconnected from 186.124.138.154 port 54182 [preauth]
Oct 14 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9902]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9903]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9900]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9983]: Successful su for rubyman by root
Oct 14 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9983]: + ??? root:rubyman
Oct 14 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412249 of user rubyman.
Oct 14 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9983]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412249.
Oct 14 16:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5961]: pam_unix(cron:session): session closed for user root
Oct 14 16:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9901]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8542]: pam_unix(cron:session): session closed for user root
Oct 14 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10407]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10408]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10405]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10478]: Successful su for rubyman by root
Oct 14 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10478]: + ??? root:rubyman
Oct 14 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412253 of user rubyman.
Oct 14 16:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10478]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412253.
Oct 14 16:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6525]: pam_unix(cron:session): session closed for user root
Oct 14 16:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10406]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: User bin from 186.124.138.154 not allowed because not listed in AllowUsers
Oct 14 16:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: input_userauth_request: invalid user bin [preauth]
Oct 14 16:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=bin
Oct 14 16:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: Failed password for invalid user bin from 186.124.138.154 port 48837 ssh2
Oct 14 16:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: Received disconnect from 186.124.138.154 port 48837:11: Bye Bye [preauth]
Oct 14 16:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: Disconnected from 186.124.138.154 port 48837 [preauth]
Oct 14 16:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9122]: pam_unix(cron:session): session closed for user root
Oct 14 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10893]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10894]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10892]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10891]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10891]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10970]: Successful su for rubyman by root
Oct 14 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10970]: + ??? root:rubyman
Oct 14 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412256 of user rubyman.
Oct 14 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10970]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412256.
Oct 14 16:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7092]: pam_unix(cron:session): session closed for user root
Oct 14 16:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10892]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9903]: pam_unix(cron:session): session closed for user root
Oct 14 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11353]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11352]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11348]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11350]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11526]: Successful su for rubyman by root
Oct 14 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11526]: + ??? root:rubyman
Oct 14 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412259 of user rubyman.
Oct 14 16:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11526]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412259.
Oct 14 16:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11348]: pam_unix(cron:session): session closed for user root
Oct 14 16:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7634]: pam_unix(cron:session): session closed for user root
Oct 14 16:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11351]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10408]: pam_unix(cron:session): session closed for user root
Oct 14 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12023]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12025]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12022]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12025]: pam_unix(cron:session): session closed for user root
Oct 14 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12019]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12108]: Successful su for rubyman by root
Oct 14 16:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12108]: + ??? root:rubyman
Oct 14 16:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412268 of user rubyman.
Oct 14 16:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12108]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412268.
Oct 14 16:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12022]: pam_unix(cron:session): session closed for user root
Oct 14 16:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8541]: pam_unix(cron:session): session closed for user root
Oct 14 16:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12020]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10894]: pam_unix(cron:session): session closed for user root
Oct 14 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12545]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12546]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12543]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12646]: Successful su for rubyman by root
Oct 14 16:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12646]: + ??? root:rubyman
Oct 14 16:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412270 of user rubyman.
Oct 14 16:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12646]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412270.
Oct 14 16:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9120]: pam_unix(cron:session): session closed for user root
Oct 14 16:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12544]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11353]: pam_unix(cron:session): session closed for user root
Oct 14 16:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.38.148.202  user=root
Oct 14 16:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Failed password for root from 89.38.148.202 port 46692 ssh2
Oct 14 16:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Connection closed by 89.38.148.202 port 46692 [preauth]
Oct 14 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13066]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13065]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13061]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13134]: Successful su for rubyman by root
Oct 14 16:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13134]: + ??? root:rubyman
Oct 14 16:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412275 of user rubyman.
Oct 14 16:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13134]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412275.
Oct 14 16:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9902]: pam_unix(cron:session): session closed for user root
Oct 14 16:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13063]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session closed for user root
Oct 14 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13646]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13645]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13643]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13716]: Successful su for rubyman by root
Oct 14 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13716]: + ??? root:rubyman
Oct 14 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13716]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412280 of user rubyman.
Oct 14 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13716]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412280.
Oct 14 16:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10407]: pam_unix(cron:session): session closed for user root
Oct 14 16:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13644]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12546]: pam_unix(cron:session): session closed for user root
Oct 14 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14222]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14217]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14214]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14287]: Successful su for rubyman by root
Oct 14 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14287]: + ??? root:rubyman
Oct 14 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412282 of user rubyman.
Oct 14 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14287]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412282.
Oct 14 16:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10893]: pam_unix(cron:session): session closed for user root
Oct 14 16:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14215]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13066]: pam_unix(cron:session): session closed for user root
Oct 14 16:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14666]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14664]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14665]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14663]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14661]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14662]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14666]: pam_unix(cron:session): session closed for user root
Oct 14 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14661]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14734]: Successful su for rubyman by root
Oct 14 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14734]: + ??? root:rubyman
Oct 14 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14734]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412290 of user rubyman.
Oct 14 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14734]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412290.
Oct 14 16:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14663]: pam_unix(cron:session): session closed for user root
Oct 14 16:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11352]: pam_unix(cron:session): session closed for user root
Oct 14 16:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14662]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13646]: pam_unix(cron:session): session closed for user root
Oct 14 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15301]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15303]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15298]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15389]: Successful su for rubyman by root
Oct 14 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15389]: + ??? root:rubyman
Oct 14 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412294 of user rubyman.
Oct 14 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15389]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412294.
Oct 14 16:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12023]: pam_unix(cron:session): session closed for user root
Oct 14 16:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15299]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14222]: pam_unix(cron:session): session closed for user root
Oct 14 16:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15776]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15775]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15772]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15771]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15769]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15769]: pam_unix(cron:session): session closed for user root
Oct 14 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15771]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15766]: Invalid user teamspeak from 115.190.81.138
Oct 14 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15766]: input_userauth_request: invalid user teamspeak [preauth]
Oct 14 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15766]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.81.138
Oct 14 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15846]: Successful su for rubyman by root
Oct 14 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15846]: + ??? root:rubyman
Oct 14 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15846]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412297 of user rubyman.
Oct 14 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15846]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412297.
Oct 14 16:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15766]: Failed password for invalid user teamspeak from 115.190.81.138 port 20354 ssh2
Oct 14 16:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15766]: Connection reset by 115.190.81.138 port 20354 [preauth]
Oct 14 16:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12545]: pam_unix(cron:session): session closed for user root
Oct 14 16:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15772]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14665]: pam_unix(cron:session): session closed for user root
Oct 14 16:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: Invalid user hduser from 190.103.202.7
Oct 14 16:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: input_userauth_request: invalid user hduser [preauth]
Oct 14 16:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 14 16:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: Failed password for invalid user hduser from 190.103.202.7 port 41300 ssh2
Oct 14 16:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: Connection closed by 190.103.202.7 port 41300 [preauth]
Oct 14 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16240]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16239]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16234]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16312]: Successful su for rubyman by root
Oct 14 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16312]: + ??? root:rubyman
Oct 14 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16312]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412302 of user rubyman.
Oct 14 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16312]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412302.
Oct 14 16:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13065]: pam_unix(cron:session): session closed for user root
Oct 14 16:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16238]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15303]: pam_unix(cron:session): session closed for user root
Oct 14 16:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: Invalid user teamspeak3 from 115.190.81.138
Oct 14 16:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: input_userauth_request: invalid user teamspeak3 [preauth]
Oct 14 16:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.81.138
Oct 14 16:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: Failed password for invalid user teamspeak3 from 115.190.81.138 port 18640 ssh2
Oct 14 16:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: Received disconnect from 115.190.81.138 port 18640:11: Bye Bye [preauth]
Oct 14 16:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16683]: Disconnected from 115.190.81.138 port 18640 [preauth]
Oct 14 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16716]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16715]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16713]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16807]: Successful su for rubyman by root
Oct 14 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16807]: + ??? root:rubyman
Oct 14 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412307 of user rubyman.
Oct 14 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16807]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412307.
Oct 14 16:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13645]: pam_unix(cron:session): session closed for user root
Oct 14 16:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16714]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15776]: pam_unix(cron:session): session closed for user root
Oct 14 16:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17299]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17295]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17293]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17299]: pam_unix(cron:session): session closed for user root
Oct 14 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17293]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17379]: Successful su for rubyman by root
Oct 14 16:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17379]: + ??? root:rubyman
Oct 14 16:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412309 of user rubyman.
Oct 14 16:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17379]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412309.
Oct 14 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14217]: pam_unix(cron:session): session closed for user root
Oct 14 16:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17295]: pam_unix(cron:session): session closed for user root
Oct 14 16:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16240]: pam_unix(cron:session): session closed for user root
Oct 14 16:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17972]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17973]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17970]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18064]: Successful su for rubyman by root
Oct 14 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18064]: + ??? root:rubyman
Oct 14 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18064]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412316 of user rubyman.
Oct 14 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18064]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412316.
Oct 14 16:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14664]: pam_unix(cron:session): session closed for user root
Oct 14 16:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17971]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16716]: pam_unix(cron:session): session closed for user root
Oct 14 16:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18806]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18808]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18802]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18886]: Successful su for rubyman by root
Oct 14 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18886]: + ??? root:rubyman
Oct 14 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412320 of user rubyman.
Oct 14 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18886]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412320.
Oct 14 16:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15301]: pam_unix(cron:session): session closed for user root
Oct 14 16:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18805]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Invalid user agent from 115.190.81.138
Oct 14 16:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: input_userauth_request: invalid user agent [preauth]
Oct 14 16:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.81.138
Oct 14 16:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Failed password for invalid user agent from 115.190.81.138 port 47392 ssh2
Oct 14 16:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Received disconnect from 115.190.81.138 port 47392:11: Bye Bye [preauth]
Oct 14 16:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Disconnected from 115.190.81.138 port 47392 [preauth]
Oct 14 16:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session closed for user root
Oct 14 16:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19844]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19845]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19842]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19948]: Successful su for rubyman by root
Oct 14 16:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19948]: + ??? root:rubyman
Oct 14 16:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412324 of user rubyman.
Oct 14 16:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19948]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412324.
Oct 14 16:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15775]: pam_unix(cron:session): session closed for user root
Oct 14 16:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19843]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:46.100.105.199
Oct 14 16:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17973]: pam_unix(cron:session): session closed for user root
Oct 14 16:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26  user=root
Oct 14 16:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: Failed password for root from 2.57.122.26 port 60328 ssh2
Oct 14 16:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: Connection closed by 2.57.122.26 port 60328 [preauth]
Oct 14 16:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20494]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20492]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20575]: Successful su for rubyman by root
Oct 14 16:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20575]: + ??? root:rubyman
Oct 14 16:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412330 of user rubyman.
Oct 14 16:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20575]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412330.
Oct 14 16:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16239]: pam_unix(cron:session): session closed for user root
Oct 14 16:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20493]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18808]: pam_unix(cron:session): session closed for user root
Oct 14 16:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21073]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21077]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21074]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21078]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21078]: pam_unix(cron:session): session closed for user root
Oct 14 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21071]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21158]: Successful su for rubyman by root
Oct 14 16:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21158]: + ??? root:rubyman
Oct 14 16:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412334 of user rubyman.
Oct 14 16:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21158]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412334.
Oct 14 16:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21073]: pam_unix(cron:session): session closed for user root
Oct 14 16:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16715]: pam_unix(cron:session): session closed for user root
Oct 14 16:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21072]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19845]: pam_unix(cron:session): session closed for user root
Oct 14 16:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21729]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21728]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21726]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21820]: Successful su for rubyman by root
Oct 14 16:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21820]: + ??? root:rubyman
Oct 14 16:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412337 of user rubyman.
Oct 14 16:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21820]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412337.
Oct 14 16:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session closed for user root
Oct 14 16:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21727]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session closed for user root
Oct 14 16:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22334]: Invalid user student9 from 164.68.105.9
Oct 14 16:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22334]: input_userauth_request: invalid user student9 [preauth]
Oct 14 16:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22334]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 14 16:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22334]: Failed password for invalid user student9 from 164.68.105.9 port 44368 ssh2
Oct 14 16:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22334]: Connection closed by 164.68.105.9 port 44368 [preauth]
Oct 14 16:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22357]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22358]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22355]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22426]: Successful su for rubyman by root
Oct 14 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22426]: + ??? root:rubyman
Oct 14 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412343 of user rubyman.
Oct 14 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22426]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412343.
Oct 14 16:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17972]: pam_unix(cron:session): session closed for user root
Oct 14 16:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22356]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21077]: pam_unix(cron:session): session closed for user root
Oct 14 16:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23177]: Bad protocol version identification '\026\003\001' from 195.178.110.15 port 44124
Oct 14 16:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23178]: Bad protocol version identification 'GET / HTTP/1.1' from 195.178.110.15 port 44126
Oct 14 16:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: Invalid user server from 115.190.81.138
Oct 14 16:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: input_userauth_request: invalid user server [preauth]
Oct 14 16:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.81.138
Oct 14 16:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: Failed password for invalid user server from 115.190.81.138 port 26882 ssh2
Oct 14 16:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: Received disconnect from 115.190.81.138 port 26882:11: Bye Bye [preauth]
Oct 14 16:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23205]: Disconnected from 115.190.81.138 port 26882 [preauth]
Oct 14 16:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:46.100.105.199
Oct 14 16:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23293]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23290]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23284]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23487]: Successful su for rubyman by root
Oct 14 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23487]: + ??? root:rubyman
Oct 14 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23487]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412347 of user rubyman.
Oct 14 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23487]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412347.
Oct 14 16:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18806]: pam_unix(cron:session): session closed for user root
Oct 14 16:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23285]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21729]: pam_unix(cron:session): session closed for user root
Oct 14 16:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24168]: Invalid user support from 80.94.95.115
Oct 14 16:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24168]: input_userauth_request: invalid user support [preauth]
Oct 14 16:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24168]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Oct 14 16:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24168]: Failed password for invalid user support from 80.94.95.115 port 34566 ssh2
Oct 14 16:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24168]: Connection closed by 80.94.95.115 port 34566 [preauth]
Oct 14 16:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24270]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24268]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24265]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24358]: Successful su for rubyman by root
Oct 14 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24358]: + ??? root:rubyman
Oct 14 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412351 of user rubyman.
Oct 14 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24358]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412351.
Oct 14 16:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: Invalid user admin from 2.57.121.112
Oct 14 16:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: input_userauth_request: invalid user admin [preauth]
Oct 14 16:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 16:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 16:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19844]: pam_unix(cron:session): session closed for user root
Oct 14 16:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: Failed password for invalid user admin from 2.57.121.112 port 43891 ssh2
Oct 14 16:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24457]: Failed password for root from 80.211.129.128 port 34052 ssh2
Oct 14 16:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24457]: Connection closed by 80.211.129.128 port 34052 [preauth]
Oct 14 16:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: Failed password for invalid user admin from 2.57.121.112 port 43891 ssh2
Oct 14 16:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: Failed password for invalid user admin from 2.57.121.112 port 43891 ssh2
Oct 14 16:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24267]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: Failed password for invalid user admin from 2.57.121.112 port 43891 ssh2
Oct 14 16:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: Failed password for invalid user admin from 2.57.121.112 port 43891 ssh2
Oct 14 16:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: Received disconnect from 2.57.121.112 port 43891:11: Bye [preauth]
Oct 14 16:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: Disconnected from 2.57.121.112 port 43891 [preauth]
Oct 14 16:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 16:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 16:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22358]: pam_unix(cron:session): session closed for user root
Oct 14 16:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24858]: Bad protocol version identification '\026\003\001' from 195.178.110.15 port 40512
Oct 14 16:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24859]: Bad protocol version identification 'GET / HTTP/1.1' from 195.178.110.15 port 40524
Oct 14 16:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24883]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24884]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24885]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24880]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24882]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24881]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24885]: pam_unix(cron:session): session closed for user root
Oct 14 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24880]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24985]: Successful su for rubyman by root
Oct 14 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24985]: + ??? root:rubyman
Oct 14 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24985]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412355 of user rubyman.
Oct 14 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24985]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412355.
Oct 14 16:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24882]: pam_unix(cron:session): session closed for user root
Oct 14 16:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20494]: pam_unix(cron:session): session closed for user root
Oct 14 16:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24881]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23293]: pam_unix(cron:session): session closed for user root
Oct 14 16:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25768]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25766]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25765]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25764]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25764]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25959]: Successful su for rubyman by root
Oct 14 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25959]: + ??? root:rubyman
Oct 14 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25959]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412361 of user rubyman.
Oct 14 16:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25959]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412361.
Oct 14 16:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21074]: pam_unix(cron:session): session closed for user root
Oct 14 16:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25765]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24270]: pam_unix(cron:session): session closed for user root
Oct 14 16:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26565]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26563]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26561]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26638]: Successful su for rubyman by root
Oct 14 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26638]: + ??? root:rubyman
Oct 14 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26638]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412363 of user rubyman.
Oct 14 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26638]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412363.
Oct 14 16:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21728]: pam_unix(cron:session): session closed for user root
Oct 14 16:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26562]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:46.100.105.199
Oct 14 16:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24884]: pam_unix(cron:session): session closed for user root
Oct 14 16:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27359]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27358]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27357]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27355]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27443]: Successful su for rubyman by root
Oct 14 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27443]: + ??? root:rubyman
Oct 14 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412370 of user rubyman.
Oct 14 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27443]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412370.
Oct 14 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: Invalid user student9 from 164.68.105.9
Oct 14 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: input_userauth_request: invalid user student9 [preauth]
Oct 14 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 14 16:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: Failed password for invalid user student9 from 164.68.105.9 port 56388 ssh2
Oct 14 16:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27424]: Connection closed by 164.68.105.9 port 56388 [preauth]
Oct 14 16:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22357]: pam_unix(cron:session): session closed for user root
Oct 14 16:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27357]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28032]: Did not receive identification string from 193.32.162.151
Oct 14 16:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25768]: pam_unix(cron:session): session closed for user root
Oct 14 16:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28240]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28241]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28238]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28317]: Successful su for rubyman by root
Oct 14 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28317]: + ??? root:rubyman
Oct 14 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412372 of user rubyman.
Oct 14 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28317]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412372.
Oct 14 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23290]: pam_unix(cron:session): session closed for user root
Oct 14 16:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28239]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26565]: pam_unix(cron:session): session closed for user root
Oct 14 16:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29194]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29191]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29193]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29188]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29190]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29194]: pam_unix(cron:session): session closed for user root
Oct 14 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29188]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29294]: Successful su for rubyman by root
Oct 14 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29294]: + ??? root:rubyman
Oct 14 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29294]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412379 of user rubyman.
Oct 14 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29294]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412379.
Oct 14 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29190]: pam_unix(cron:session): session closed for user root
Oct 14 16:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24268]: pam_unix(cron:session): session closed for user root
Oct 14 16:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29189]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27359]: pam_unix(cron:session): session closed for user root
Oct 14 16:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29850]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29849]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29843]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29941]: Successful su for rubyman by root
Oct 14 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29941]: + ??? root:rubyman
Oct 14 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29941]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412381 of user rubyman.
Oct 14 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29941]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412381.
Oct 14 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24883]: pam_unix(cron:session): session closed for user root
Oct 14 16:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29845]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28241]: pam_unix(cron:session): session closed for user root
Oct 14 16:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:46.100.105.199
Oct 14 16:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30595]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30594]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30591]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30674]: Successful su for rubyman by root
Oct 14 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30674]: + ??? root:rubyman
Oct 14 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412385 of user rubyman.
Oct 14 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30674]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412385.
Oct 14 16:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25766]: pam_unix(cron:session): session closed for user root
Oct 14 16:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30592]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29193]: pam_unix(cron:session): session closed for user root
Oct 14 16:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31190]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31189]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31187]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31265]: Successful su for rubyman by root
Oct 14 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31265]: + ??? root:rubyman
Oct 14 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412389 of user rubyman.
Oct 14 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31265]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412389.
Oct 14 16:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26563]: pam_unix(cron:session): session closed for user root
Oct 14 16:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31188]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29850]: pam_unix(cron:session): session closed for user root
Oct 14 16:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31927]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31931]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31921]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31924]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32121]: Successful su for rubyman by root
Oct 14 16:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32121]: + ??? root:rubyman
Oct 14 16:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412393 of user rubyman.
Oct 14 16:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32121]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412393.
Oct 14 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31921]: pam_unix(cron:session): session closed for user root
Oct 14 16:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27358]: pam_unix(cron:session): session closed for user root
Oct 14 16:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31926]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30595]: pam_unix(cron:session): session closed for user root
Oct 14 16:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: Invalid user admin from 193.32.162.151
Oct 14 16:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: input_userauth_request: invalid user admin [preauth]
Oct 14 16:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 14 16:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: Failed password for invalid user admin from 193.32.162.151 port 36372 ssh2
Oct 14 16:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: Connection closed by 193.32.162.151 port 36372 [preauth]
Oct 14 16:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32658]: Invalid user admin from 194.0.234.19
Oct 14 16:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32658]: input_userauth_request: invalid user admin [preauth]
Oct 14 16:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32658]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Oct 14 16:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32658]: Failed password for invalid user admin from 194.0.234.19 port 45908 ssh2
Oct 14 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32685]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32683]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32686]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32682]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32686]: pam_unix(cron:session): session closed for user root
Oct 14 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32680]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32658]: Connection closed by 194.0.234.19 port 45908 [preauth]
Oct 14 16:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[313]: Successful su for rubyman by root
Oct 14 16:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[313]: + ??? root:rubyman
Oct 14 16:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412398 of user rubyman.
Oct 14 16:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[313]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412398.
Oct 14 16:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32682]: pam_unix(cron:session): session closed for user root
Oct 14 16:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28240]: pam_unix(cron:session): session closed for user root
Oct 14 16:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32681]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31190]: pam_unix(cron:session): session closed for user root
Oct 14 16:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[854]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[852]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[851]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[849]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1005]: Successful su for rubyman by root
Oct 14 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1005]: + ??? root:rubyman
Oct 14 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412406 of user rubyman.
Oct 14 16:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1005]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412406.
Oct 14 16:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29191]: pam_unix(cron:session): session closed for user root
Oct 14 16:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[851]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Oct 14 16:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:46.100.105.199  user=root
Oct 14 16:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31931]: pam_unix(cron:session): session closed for user root
Oct 14 16:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1558]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1559]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1554]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1628]: Successful su for rubyman by root
Oct 14 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1628]: + ??? root:rubyman
Oct 14 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1628]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412410 of user rubyman.
Oct 14 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1628]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412410.
Oct 14 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29849]: pam_unix(cron:session): session closed for user root
Oct 14 16:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1556]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32685]: pam_unix(cron:session): session closed for user root
Oct 14 16:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2248]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2247]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2245]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2318]: Successful su for rubyman by root
Oct 14 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2318]: + ??? root:rubyman
Oct 14 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2318]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412413 of user rubyman.
Oct 14 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2318]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412413.
Oct 14 16:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30594]: pam_unix(cron:session): session closed for user root
Oct 14 16:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2246]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[854]: pam_unix(cron:session): session closed for user root
Oct 14 16:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Invalid user support from 80.94.95.116
Oct 14 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: input_userauth_request: invalid user support [preauth]
Oct 14 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2796]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2793]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2791]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 14 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2865]: Successful su for rubyman by root
Oct 14 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2865]: + ??? root:rubyman
Oct 14 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412417 of user rubyman.
Oct 14 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2865]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412417.
Oct 14 16:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Failed password for invalid user support from 80.94.95.116 port 58592 ssh2
Oct 14 16:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Connection closed by 80.94.95.116 port 58592 [preauth]
Oct 14 16:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31189]: pam_unix(cron:session): session closed for user root
Oct 14 16:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2792]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1559]: pam_unix(cron:session): session closed for user root
Oct 14 16:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3375]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3372]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3374]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3373]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3375]: pam_unix(cron:session): session closed for user root
Oct 14 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3368]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3456]: Successful su for rubyman by root
Oct 14 16:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3456]: + ??? root:rubyman
Oct 14 16:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412424 of user rubyman.
Oct 14 16:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3456]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412424.
Oct 14 16:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3372]: pam_unix(cron:session): session closed for user root
Oct 14 16:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31927]: pam_unix(cron:session): session closed for user root
Oct 14 16:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3369]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Did not receive identification string from 46.20.109.15
Oct 14 16:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3772]: Failed password for root from 46.20.109.15 port 35608 ssh2
Oct 14 16:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3772]: Connection closed by 46.20.109.15 port 35608 [preauth]
Oct 14 16:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2248]: pam_unix(cron:session): session closed for user root
Oct 14 16:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:46.100.105.199
Oct 14 16:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3975]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3976]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3972]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4054]: Successful su for rubyman by root
Oct 14 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4054]: + ??? root:rubyman
Oct 14 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412427 of user rubyman.
Oct 14 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4054]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412427.
Oct 14 16:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32683]: pam_unix(cron:session): session closed for user root
Oct 14 16:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3974]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: Failed password for root from 46.20.109.15 port 37284 ssh2
Oct 14 16:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3821]: Connection closed by 46.20.109.15 port 37284 [preauth]
Oct 14 16:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2796]: pam_unix(cron:session): session closed for user root
Oct 14 16:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4607]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4608]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4605]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4707]: Successful su for rubyman by root
Oct 14 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4707]: + ??? root:rubyman
Oct 14 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412431 of user rubyman.
Oct 14 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4707]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412431.
Oct 14 16:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[852]: pam_unix(cron:session): session closed for user root
Oct 14 16:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4606]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3374]: pam_unix(cron:session): session closed for user root
Oct 14 16:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5685]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5686]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5683]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5763]: Successful su for rubyman by root
Oct 14 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5763]: + ??? root:rubyman
Oct 14 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412436 of user rubyman.
Oct 14 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5763]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412436.
Oct 14 16:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1558]: pam_unix(cron:session): session closed for user root
Oct 14 16:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5684]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: Invalid user oracle from 193.32.162.151
Oct 14 16:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: input_userauth_request: invalid user oracle [preauth]
Oct 14 16:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 14 16:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: Failed password for invalid user oracle from 193.32.162.151 port 36860 ssh2
Oct 14 16:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: Connection closed by 193.32.162.151 port 36860 [preauth]
Oct 14 16:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: Failed password for root from 46.20.109.15 port 40860 ssh2
Oct 14 16:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4485]: Connection closed by 46.20.109.15 port 40860 [preauth]
Oct 14 16:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: Failed password for root from 46.20.109.15 port 44804 ssh2
Oct 14 16:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: Connection closed by 46.20.109.15 port 44804 [preauth]
Oct 14 16:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Failed password for root from 46.20.109.15 port 45022 ssh2
Oct 14 16:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Connection closed by 46.20.109.15 port 45022 [preauth]
Oct 14 16:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3976]: pam_unix(cron:session): session closed for user root
Oct 14 16:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: Invalid user runner from 39.109.116.40
Oct 14 16:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: input_userauth_request: invalid user runner [preauth]
Oct 14 16:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 16:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: Failed password for invalid user runner from 39.109.116.40 port 36440 ssh2
Oct 14 16:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: Received disconnect from 39.109.116.40 port 36440:11: Bye Bye [preauth]
Oct 14 16:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6173]: Disconnected from 39.109.116.40 port 36440 [preauth]
Oct 14 16:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6282]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6281]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6279]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6354]: Successful su for rubyman by root
Oct 14 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6354]: + ??? root:rubyman
Oct 14 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412438 of user rubyman.
Oct 14 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6354]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412438.
Oct 14 16:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2247]: pam_unix(cron:session): session closed for user root
Oct 14 16:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Failed password for root from 46.20.109.15 port 45690 ssh2
Oct 14 16:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Connection closed by 46.20.109.15 port 45690 [preauth]
Oct 14 16:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Failed password for root from 193.32.162.157 port 49792 ssh2
Oct 14 16:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Connection closed by 193.32.162.157 port 49792 [preauth]
Oct 14 16:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6280]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6582]: Failed password for root from 46.20.109.15 port 46578 ssh2
Oct 14 16:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6582]: Connection closed by 46.20.109.15 port 46578 [preauth]
Oct 14 16:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6719]: Failed password for root from 46.20.109.15 port 46776 ssh2
Oct 14 16:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6719]: Connection closed by 46.20.109.15 port 46776 [preauth]
Oct 14 16:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6708]: Failed password for root from 193.32.162.157 port 51224 ssh2
Oct 14 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6708]: Connection closed by 193.32.162.157 port 51224 [preauth]
Oct 14 16:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4608]: pam_unix(cron:session): session closed for user root
Oct 14 16:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: Failed password for root from 46.20.109.15 port 47156 ssh2
Oct 14 16:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: Connection closed by 46.20.109.15 port 47156 [preauth]
Oct 14 16:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: Failed password for root from 46.20.109.15 port 47254 ssh2
Oct 14 16:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: Connection closed by 46.20.109.15 port 47254 [preauth]
Oct 14 16:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: Failed password for root from 46.20.109.15 port 47338 ssh2
Oct 14 16:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6887]: Connection closed by 46.20.109.15 port 47338 [preauth]
Oct 14 16:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: Failed password for root from 46.20.109.15 port 47500 ssh2
Oct 14 16:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: Connection closed by 46.20.109.15 port 47500 [preauth]
Oct 14 16:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Failed password for root from 193.32.162.157 port 57486 ssh2
Oct 14 16:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Connection closed by 193.32.162.157 port 57486 [preauth]
Oct 14 16:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6996]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6997]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7000]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6995]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7000]: pam_unix(cron:session): session closed for user root
Oct 14 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6993]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7104]: Successful su for rubyman by root
Oct 14 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7104]: + ??? root:rubyman
Oct 14 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412444 of user rubyman.
Oct 14 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7104]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412444.
Oct 14 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6944]: Failed password for root from 46.20.109.15 port 47750 ssh2
Oct 14 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6944]: Connection closed by 46.20.109.15 port 47750 [preauth]
Oct 14 16:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:46.100.105.199
Oct 14 16:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: Invalid user ubuntu from 41.63.62.103
Oct 14 16:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 16:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 16:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6995]: pam_unix(cron:session): session closed for user root
Oct 14 16:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2793]: pam_unix(cron:session): session closed for user root
Oct 14 16:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: Failed password for invalid user ubuntu from 41.63.62.103 port 58080 ssh2
Oct 14 16:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: Received disconnect from 41.63.62.103 port 58080:11: Bye Bye [preauth]
Oct 14 16:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: Disconnected from 41.63.62.103 port 58080 [preauth]
Oct 14 16:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7140]: Failed password for root from 46.20.109.15 port 48322 ssh2
Oct 14 16:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7140]: Connection closed by 46.20.109.15 port 48322 [preauth]
Oct 14 16:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: Failed password for root from 193.32.162.157 port 45970 ssh2
Oct 14 16:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6961]: Connection closed by 193.32.162.157 port 45970 [preauth]
Oct 14 16:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7427]: Failed password for root from 46.20.109.15 port 48488 ssh2
Oct 14 16:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7427]: Connection closed by 46.20.109.15 port 48488 [preauth]
Oct 14 16:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6994]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: Failed password for root from 46.20.109.15 port 48536 ssh2
Oct 14 16:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7470]: Connection closed by 46.20.109.15 port 48536 [preauth]
Oct 14 16:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7500]: Failed password for root from 46.20.109.15 port 48592 ssh2
Oct 14 16:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7500]: Connection closed by 46.20.109.15 port 48592 [preauth]
Oct 14 16:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7519]: Failed password for root from 46.20.109.15 port 48736 ssh2
Oct 14 16:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7519]: Connection closed by 46.20.109.15 port 48736 [preauth]
Oct 14 16:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7466]: Failed password for root from 193.32.162.157 port 34740 ssh2
Oct 14 16:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7466]: Connection closed by 193.32.162.157 port 34740 [preauth]
Oct 14 16:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5686]: pam_unix(cron:session): session closed for user root
Oct 14 16:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: User john from 39.109.116.40 not allowed because not listed in AllowUsers
Oct 14 16:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: input_userauth_request: invalid user john [preauth]
Oct 14 16:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40  user=john
Oct 14 16:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: Failed password for invalid user john from 39.109.116.40 port 34456 ssh2
Oct 14 16:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: Received disconnect from 39.109.116.40 port 34456:11: Bye Bye [preauth]
Oct 14 16:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: Disconnected from 39.109.116.40 port 34456 [preauth]
Oct 14 16:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: Failed password for root from 193.32.162.157 port 54932 ssh2
Oct 14 16:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: Connection closed by 193.32.162.157 port 54932 [preauth]
Oct 14 16:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: Failed password for root from 46.20.109.15 port 48936 ssh2
Oct 14 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7537]: Connection closed by 46.20.109.15 port 48936 [preauth]
Oct 14 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7719]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7720]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7718]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7717]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7814]: Successful su for rubyman by root
Oct 14 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7814]: + ??? root:rubyman
Oct 14 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412450 of user rubyman.
Oct 14 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7814]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412450.
Oct 14 16:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7721]: Failed password for root from 46.20.109.15 port 49692 ssh2
Oct 14 16:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7721]: Connection closed by 46.20.109.15 port 49692 [preauth]
Oct 14 16:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: Failed password for root from 46.20.109.15 port 49880 ssh2
Oct 14 16:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: Connection closed by 46.20.109.15 port 49880 [preauth]
Oct 14 16:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3373]: pam_unix(cron:session): session closed for user root
Oct 14 16:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7707]: Failed password for root from 193.32.162.157 port 45208 ssh2
Oct 14 16:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7718]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7707]: Connection closed by 193.32.162.157 port 45208 [preauth]
Oct 14 16:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: Invalid user asep from 59.110.46.53
Oct 14 16:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: input_userauth_request: invalid user asep [preauth]
Oct 14 16:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.110.46.53
Oct 14 16:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: Failed password for root from 193.32.162.157 port 35762 ssh2
Oct 14 16:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: Failed password for invalid user asep from 59.110.46.53 port 48798 ssh2
Oct 14 16:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: Invalid user sysop from 45.61.185.190
Oct 14 16:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: input_userauth_request: invalid user sysop [preauth]
Oct 14 16:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.61.185.190
Oct 14 16:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6282]: pam_unix(cron:session): session closed for user root
Oct 14 16:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: Connection closed by 193.32.162.157 port 35762 [preauth]
Oct 14 16:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: Failed password for invalid user sysop from 45.61.185.190 port 44874 ssh2
Oct 14 16:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: Connection closed by 45.61.185.190 port 44874 [preauth]
Oct 14 16:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: Failed password for root from 46.20.109.15 port 50032 ssh2
Oct 14 16:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: Connection closed by 46.20.109.15 port 50032 [preauth]
Oct 14 16:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Failed password for root from 193.32.162.157 port 60708 ssh2
Oct 14 16:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Connection closed by 193.32.162.157 port 60708 [preauth]
Oct 14 16:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8870]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8871]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8755]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8948]: Successful su for rubyman by root
Oct 14 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8948]: + ??? root:rubyman
Oct 14 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412453 of user rubyman.
Oct 14 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8948]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412453.
Oct 14 16:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
Oct 14 16:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: Invalid user git from 41.63.62.103
Oct 14 16:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: input_userauth_request: invalid user git [preauth]
Oct 14 16:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 16:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: Failed password for root from 80.94.95.115 port 43452 ssh2
Oct 14 16:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: Connection closed by 80.94.95.115 port 43452 [preauth]
Oct 14 16:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: Failed password for invalid user git from 41.63.62.103 port 57518 ssh2
Oct 14 16:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: Received disconnect from 41.63.62.103 port 57518:11: Bye Bye [preauth]
Oct 14 16:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: Disconnected from 41.63.62.103 port 57518 [preauth]
Oct 14 16:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3975]: pam_unix(cron:session): session closed for user root
Oct 14 16:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: Failed password for root from 193.32.162.157 port 33380 ssh2
Oct 14 16:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8869]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: Connection closed by 193.32.162.157 port 33380 [preauth]
Oct 14 16:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: Invalid user client from 39.109.116.40
Oct 14 16:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: input_userauth_request: invalid user client [preauth]
Oct 14 16:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 16:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: Failed password for invalid user client from 39.109.116.40 port 34012 ssh2
Oct 14 16:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: Received disconnect from 39.109.116.40 port 34012:11: Bye Bye [preauth]
Oct 14 16:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: Disconnected from 39.109.116.40 port 34012 [preauth]
Oct 14 16:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9427]: Invalid user teamspeak from 186.235.28.11
Oct 14 16:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9427]: input_userauth_request: invalid user teamspeak [preauth]
Oct 14 16:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9427]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 16:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9340]: Failed password for root from 193.32.162.157 port 49806 ssh2
Oct 14 16:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9427]: Failed password for invalid user teamspeak from 186.235.28.11 port 35310 ssh2
Oct 14 16:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9427]: Received disconnect from 186.235.28.11 port 35310:11: Bye Bye [preauth]
Oct 14 16:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9427]: Disconnected from 186.235.28.11 port 35310 [preauth]
Oct 14 16:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9340]: Connection closed by 193.32.162.157 port 49806 [preauth]
Oct 14 16:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6997]: pam_unix(cron:session): session closed for user root
Oct 14 16:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: Failed password for root from 193.32.162.157 port 36684 ssh2
Oct 14 16:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9585]: Did not receive identification string from 185.216.140.186
Oct 14 16:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: Connection closed by 193.32.162.157 port 36684 [preauth]
Oct 14 16:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9604]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9605]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9602]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9792]: Successful su for rubyman by root
Oct 14 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9792]: + ??? root:rubyman
Oct 14 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412456 of user rubyman.
Oct 14 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9792]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412456.
Oct 14 16:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4607]: pam_unix(cron:session): session closed for user root
Oct 14 16:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9603]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Failed password for root from 193.32.162.157 port 40926 ssh2
Oct 14 16:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10102]: Did not receive identification string from 80.211.129.128
Oct 14 16:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Connection closed by 193.32.162.157 port 40926 [preauth]
Oct 14 16:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: Failed password for root from 46.20.109.15 port 50676 ssh2
Oct 14 16:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: Connection closed by 46.20.109.15 port 50676 [preauth]
Oct 14 16:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Failed password for root from 46.20.109.15 port 53258 ssh2
Oct 14 16:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7720]: pam_unix(cron:session): session closed for user root
Oct 14 16:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Connection closed by 46.20.109.15 port 53258 [preauth]
Oct 14 16:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: Failed password for root from 193.32.162.157 port 41148 ssh2
Oct 14 16:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: Connection closed by 193.32.162.157 port 41148 [preauth]
Oct 14 16:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10254]: Failed password for root from 46.20.109.15 port 53578 ssh2
Oct 14 16:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10254]: Connection closed by 46.20.109.15 port 53578 [preauth]
Oct 14 16:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10260]: Invalid user administrator from 41.63.62.103
Oct 14 16:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10260]: input_userauth_request: invalid user administrator [preauth]
Oct 14 16:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10260]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 16:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10260]: Failed password for invalid user administrator from 41.63.62.103 port 46332 ssh2
Oct 14 16:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10260]: Received disconnect from 41.63.62.103 port 46332:11: Bye Bye [preauth]
Oct 14 16:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10260]: Disconnected from 41.63.62.103 port 46332 [preauth]
Oct 14 16:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: Invalid user imap from 193.32.162.157
Oct 14 16:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: input_userauth_request: invalid user imap [preauth]
Oct 14 16:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: Invalid user admin from 39.109.116.40
Oct 14 16:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: input_userauth_request: invalid user admin [preauth]
Oct 14 16:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 16:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10283]: Failed password for root from 46.20.109.15 port 53670 ssh2
Oct 14 16:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10283]: Connection closed by 46.20.109.15 port 53670 [preauth]
Oct 14 16:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: Failed password for invalid user admin from 39.109.116.40 port 56338 ssh2
Oct 14 16:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: Received disconnect from 39.109.116.40 port 56338:11: Bye Bye [preauth]
Oct 14 16:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10312]: Disconnected from 39.109.116.40 port 56338 [preauth]
Oct 14 16:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Invalid user asep from 167.172.153.88
Oct 14 16:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: input_userauth_request: invalid user asep [preauth]
Oct 14 16:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 16:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
Oct 14 16:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Failed password for invalid user asep from 167.172.153.88 port 40724 ssh2
Oct 14 16:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Received disconnect from 167.172.153.88 port 40724:11: Bye Bye [preauth]
Oct 14 16:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10329]: Disconnected from 167.172.153.88 port 40724 [preauth]
Oct 14 16:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: Failed password for invalid user imap from 193.32.162.157 port 48146 ssh2
Oct 14 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10371]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10370]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10368]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: Connection closed by 193.32.162.157 port 48146 [preauth]
Oct 14 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10444]: Successful su for rubyman by root
Oct 14 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10444]: + ??? root:rubyman
Oct 14 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412460 of user rubyman.
Oct 14 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10444]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412460.
Oct 14 16:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: Failed password for root from 46.20.109.15 port 53762 ssh2
Oct 14 16:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10327]: Connection closed by 46.20.109.15 port 53762 [preauth]
Oct 14 16:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5685]: pam_unix(cron:session): session closed for user root
Oct 14 16:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10631]: Failed password for root from 46.20.109.15 port 53980 ssh2
Oct 14 16:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10631]: Connection closed by 46.20.109.15 port 53980 [preauth]
Oct 14 16:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: Failed password for root from 46.20.109.15 port 54120 ssh2
Oct 14 16:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: Connection closed by 46.20.109.15 port 54120 [preauth]
Oct 14 16:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10369]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: Failed password for root from 46.20.109.15 port 54308 ssh2
Oct 14 16:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10700]: Connection closed by 46.20.109.15 port 54308 [preauth]
Oct 14 16:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10440]: Failed password for root from 193.32.162.157 port 41628 ssh2
Oct 14 16:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10440]: Connection closed by 193.32.162.157 port 41628 [preauth]
Oct 14 16:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10755]: Invalid user smtp from 193.32.162.157
Oct 14 16:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10755]: input_userauth_request: invalid user smtp [preauth]
Oct 14 16:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10755]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
Oct 14 16:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8871]: pam_unix(cron:session): session closed for user root
Oct 14 16:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10755]: Failed password for invalid user smtp from 193.32.162.157 port 42028 ssh2
Oct 14 16:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:46.100.105.199
Oct 14 16:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10755]: Connection closed by 193.32.162.157 port 42028 [preauth]
Oct 14 16:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: Failed password for root from 193.32.162.157 port 34714 ssh2
Oct 14 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10960]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10957]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10956]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10959]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10960]: pam_unix(cron:session): session closed for user root
Oct 14 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10952]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11041]: Successful su for rubyman by root
Oct 14 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11041]: + ??? root:rubyman
Oct 14 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412467 of user rubyman.
Oct 14 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11041]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412467.
Oct 14 16:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: Connection closed by 193.32.162.157 port 34714 [preauth]
Oct 14 16:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10956]: pam_unix(cron:session): session closed for user root
Oct 14 16:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6281]: pam_unix(cron:session): session closed for user root
Oct 14 16:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10954]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Invalid user www from 39.109.116.40
Oct 14 16:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: input_userauth_request: invalid user www [preauth]
Oct 14 16:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 16:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11080]: Failed password for root from 193.32.162.157 port 50938 ssh2
Oct 14 16:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Failed password for invalid user www from 39.109.116.40 port 60714 ssh2
Oct 14 16:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Received disconnect from 39.109.116.40 port 60714:11: Bye Bye [preauth]
Oct 14 16:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Disconnected from 39.109.116.40 port 60714 [preauth]
Oct 14 16:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11080]: Connection closed by 193.32.162.157 port 50938 [preauth]
Oct 14 16:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: Invalid user minecraft from 41.63.62.103
Oct 14 16:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 16:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 16:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: Failed password for invalid user minecraft from 41.63.62.103 port 48932 ssh2
Oct 14 16:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: Received disconnect from 41.63.62.103 port 48932:11: Bye Bye [preauth]
Oct 14 16:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: Disconnected from 41.63.62.103 port 48932 [preauth]
Oct 14 16:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9605]: pam_unix(cron:session): session closed for user root
Oct 14 16:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11372]: Failed password for root from 193.32.162.157 port 35360 ssh2
Oct 14 16:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11372]: Connection closed by 193.32.162.157 port 35360 [preauth]
Oct 14 16:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11  user=root
Oct 14 16:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: Failed password for root from 186.235.28.11 port 33022 ssh2
Oct 14 16:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: Received disconnect from 186.235.28.11 port 33022:11: Bye Bye [preauth]
Oct 14 16:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: Disconnected from 186.235.28.11 port 33022 [preauth]
Oct 14 16:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11579]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11573]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11575]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11574]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11573]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: Failed password for root from 193.32.162.157 port 52646 ssh2
Oct 14 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11764]: Successful su for rubyman by root
Oct 14 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11764]: + ??? root:rubyman
Oct 14 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412472 of user rubyman.
Oct 14 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11764]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412472.
Oct 14 16:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: Connection closed by 193.32.162.157 port 52646 [preauth]
Oct 14 16:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.20.109.15  user=root
Oct 14 16:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: Failed password for root from 46.20.109.15 port 54390 ssh2
Oct 14 16:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: Connection closed by 46.20.109.15 port 54390 [preauth]
Oct 14 16:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6996]: pam_unix(cron:session): session closed for user root
Oct 14 16:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11574]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: Failed password for root from 193.32.162.157 port 60728 ssh2
Oct 14 16:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11835]: Connection closed by 193.32.162.157 port 60728 [preauth]
Oct 14 16:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: Invalid user ark from 167.172.153.88
Oct 14 16:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: input_userauth_request: invalid user ark [preauth]
Oct 14 16:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 16:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: Failed password for invalid user ark from 167.172.153.88 port 45248 ssh2
Oct 14 16:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: Received disconnect from 167.172.153.88 port 45248:11: Bye Bye [preauth]
Oct 14 16:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: Disconnected from 167.172.153.88 port 45248 [preauth]
Oct 14 16:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10371]: pam_unix(cron:session): session closed for user root
Oct 14 16:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: Failed password for root from 193.32.162.157 port 52464 ssh2
Oct 14 16:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: Invalid user ubuntu from 39.109.116.40
Oct 14 16:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 16:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 16:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: Failed password for invalid user ubuntu from 39.109.116.40 port 52038 ssh2
Oct 14 16:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: Received disconnect from 39.109.116.40 port 52038:11: Bye Bye [preauth]
Oct 14 16:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: Disconnected from 39.109.116.40 port 52038 [preauth]
Oct 14 16:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12072]: Connection closed by 193.32.162.157 port 52464 [preauth]
Oct 14 16:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: Invalid user postgres from 41.63.62.103
Oct 14 16:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: input_userauth_request: invalid user postgres [preauth]
Oct 14 16:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 16:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: Failed password for invalid user postgres from 41.63.62.103 port 38046 ssh2
Oct 14 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12297]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12296]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12293]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12293]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: Connection reset by 41.63.62.103 port 38046 [preauth]
Oct 14 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12369]: Successful su for rubyman by root
Oct 14 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12369]: + ??? root:rubyman
Oct 14 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412475 of user rubyman.
Oct 14 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12369]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412475.
Oct 14 16:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: Failed password for root from 193.32.162.157 port 43034 ssh2
Oct 14 16:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: Connection closed by 193.32.162.157 port 43034 [preauth]
Oct 14 16:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7719]: pam_unix(cron:session): session closed for user root
Oct 14 16:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12294]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: Failed password for root from 193.32.162.157 port 60304 ssh2
Oct 14 16:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: Connection closed by 193.32.162.157 port 60304 [preauth]
Oct 14 16:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: Invalid user dirk from 186.235.28.11
Oct 14 16:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: input_userauth_request: invalid user dirk [preauth]
Oct 14 16:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 16:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: Failed password for invalid user dirk from 186.235.28.11 port 41036 ssh2
Oct 14 16:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: Received disconnect from 186.235.28.11 port 41036:11: Bye Bye [preauth]
Oct 14 16:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: Disconnected from 186.235.28.11 port 41036 [preauth]
Oct 14 16:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10959]: pam_unix(cron:session): session closed for user root
Oct 14 16:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: Failed password for root from 193.32.162.157 port 37232 ssh2
Oct 14 16:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: Connection closed by 193.32.162.157 port 37232 [preauth]
Oct 14 16:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12856]: Invalid user ark from 167.172.153.88
Oct 14 16:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12856]: input_userauth_request: invalid user ark [preauth]
Oct 14 16:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12856]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 16:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12856]: Failed password for invalid user ark from 167.172.153.88 port 44490 ssh2
Oct 14 16:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12856]: Received disconnect from 167.172.153.88 port 44490:11: Bye Bye [preauth]
Oct 14 16:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12856]: Disconnected from 167.172.153.88 port 44490 [preauth]
Oct 14 16:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12909]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12911]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12907]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12994]: Successful su for rubyman by root
Oct 14 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12994]: + ??? root:rubyman
Oct 14 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12994]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412478 of user rubyman.
Oct 14 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12994]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412478.
Oct 14 16:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: Failed password for root from 193.32.162.157 port 52414 ssh2
Oct 14 16:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: Connection closed by 193.32.162.157 port 52414 [preauth]
Oct 14 16:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8870]: pam_unix(cron:session): session closed for user root
Oct 14 16:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13187]: Invalid user devops from 39.109.116.40
Oct 14 16:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13187]: input_userauth_request: invalid user devops [preauth]
Oct 14 16:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13187]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 16:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13187]: Failed password for invalid user devops from 39.109.116.40 port 39830 ssh2
Oct 14 16:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13187]: Received disconnect from 39.109.116.40 port 39830:11: Bye Bye [preauth]
Oct 14 16:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13187]: Disconnected from 39.109.116.40 port 39830 [preauth]
Oct 14 16:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12908]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: Invalid user pop3server from 193.32.162.157
Oct 14 16:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: input_userauth_request: invalid user pop3server [preauth]
Oct 14 16:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
Oct 14 16:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: Failed password for invalid user pop3server from 193.32.162.157 port 60996 ssh2
Oct 14 16:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: Connection closed by 193.32.162.157 port 60996 [preauth]
Oct 14 16:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11579]: pam_unix(cron:session): session closed for user root
Oct 14 16:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13498]: Invalid user a from 41.63.62.103
Oct 14 16:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13498]: input_userauth_request: invalid user a [preauth]
Oct 14 16:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13498]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 16:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13498]: Failed password for invalid user a from 41.63.62.103 port 45654 ssh2
Oct 14 16:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13498]: Received disconnect from 41.63.62.103 port 45654:11: Bye Bye [preauth]
Oct 14 16:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13498]: Disconnected from 41.63.62.103 port 45654 [preauth]
Oct 14 16:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: Failed password for root from 193.32.162.157 port 42668 ssh2
Oct 14 16:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13459]: Connection closed by 193.32.162.157 port 42668 [preauth]
Oct 14 16:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13628]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13627]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13625]: pam_unix(cron:session): session closed for user p13x
Oct 14 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13701]: Successful su for rubyman by root
Oct 14 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13701]: + ??? root:rubyman
Oct 14 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412482 of user rubyman.
Oct 14 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13701]: pam_unix(su:session): session closed for user rubyman
Oct 14 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412482.
Oct 14 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: Failed password for root from 193.32.162.157 port 33054 ssh2
Oct 14 16:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9604]: pam_unix(cron:session): session closed for user root
Oct 14 16:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13588]: Connection closed by 193.32.162.157 port 33054 [preauth]
Oct 14 16:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 16:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:46.100.105.199
Oct 14 16:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: Invalid user ai from 167.172.153.88
Oct 14 16:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: input_userauth_request: invalid user ai [preauth]
Oct 14 16:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 16:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 16:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: Failed password for invalid user ai from 167.172.153.88 port 35956 ssh2
Oct 14 16:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: Received disconnect from 167.172.153.88 port 35956:11: Bye Bye [preauth]
Oct 14 16:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13962]: Disconnected from 167.172.153.88 port 35956 [preauth]
Oct 14 16:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13626]: pam_unix(cron:session): session closed for user samftp
Oct 14 16:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 16:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: Invalid user fff from 186.235.28.11
Oct 14 16:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: input_userauth_request: invalid user fff [preauth]
Oct 14 16:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 16:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 16:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: Failed password for invalid user fff from 186.235.28.11 port 49046 ssh2
Oct 14 16:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: Received disconnect from 186.235.28.11 port 49046:11: Bye Bye [preauth]
Oct 14 16:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: Disconnected from 186.235.28.11 port 49046 [preauth]
Oct 14 16:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13941]: Failed password for root from 193.32.162.157 port 50906 ssh2
Oct 14 16:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 16:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13941]: Connection closed by 193.32.162.157 port 50906 [preauth]
Oct 14 16:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 16:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 16:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: Invalid user debian from 39.109.116.40
Oct 14 16:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: input_userauth_request: invalid user debian [preauth]
Oct 14 16:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 16:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 16:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12297]: pam_unix(cron:session): session closed for user root
Oct 14 16:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: Failed password for invalid user debian from 39.109.116.40 port 56194 ssh2
Oct 14 16:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: Received disconnect from 39.109.116.40 port 56194:11: Bye Bye [preauth]
Oct 14 16:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14191]: Disconnected from 39.109.116.40 port 56194 [preauth]
Oct 14 16:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 16:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 16:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 16:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14155]: Failed password for root from 193.32.162.157 port 56080 ssh2
Oct 14 16:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 16:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14155]: Connection closed by 193.32.162.157 port 56080 [preauth]
Oct 14 16:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 16:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 16:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14317]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14316]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14315]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14318]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14314]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14318]: pam_unix(cron:session): session closed for user root
Oct 14 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14314]: pam_unix(cron:session): session closed for user root
Oct 14 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14312]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[14431]: Successful su for rubyman by root
Oct 14 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[14431]: + ??? root:rubyman
Oct 14 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[14431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412489 of user rubyman.
Oct 14 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[14431]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412489.
Oct 14 17:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 17:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: Failed password for root from 193.32.162.157 port 45452 ssh2
Oct 14 17:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10370]: pam_unix(cron:session): session closed for user root
Oct 14 17:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14278]: Connection closed by 193.32.162.157 port 45452 [preauth]
Oct 14 17:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14315]: pam_unix(cron:session): session closed for user root
Oct 14 17:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: Invalid user dockeruser from 41.63.62.103
Oct 14 17:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: input_userauth_request: invalid user dockeruser [preauth]
Oct 14 17:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: Failed password for invalid user dockeruser from 41.63.62.103 port 51678 ssh2
Oct 14 17:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: Received disconnect from 41.63.62.103 port 51678:11: Bye Bye [preauth]
Oct 14 17:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: Disconnected from 41.63.62.103 port 51678 [preauth]
Oct 14 17:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14313]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 17:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14620]: Failed password for root from 193.32.162.157 port 55894 ssh2
Oct 14 17:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14620]: Connection closed by 193.32.162.157 port 55894 [preauth]
Oct 14 17:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: Invalid user age from 167.172.153.88
Oct 14 17:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: input_userauth_request: invalid user age [preauth]
Oct 14 17:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12911]: pam_unix(cron:session): session closed for user root
Oct 14 17:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: Failed password for invalid user age from 167.172.153.88 port 42280 ssh2
Oct 14 17:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: Received disconnect from 167.172.153.88 port 42280:11: Bye Bye [preauth]
Oct 14 17:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: Disconnected from 167.172.153.88 port 42280 [preauth]
Oct 14 17:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Invalid user tech from 62.60.131.157
Oct 14 17:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: input_userauth_request: invalid user tech [preauth]
Oct 14 17:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 17:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Failed password for invalid user tech from 62.60.131.157 port 62932 ssh2
Oct 14 17:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Failed password for invalid user tech from 62.60.131.157 port 62932 ssh2
Oct 14 17:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 17:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: Invalid user wwwuser from 190.103.202.7
Oct 14 17:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: input_userauth_request: invalid user wwwuser [preauth]
Oct 14 17:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 14 17:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Failed password for invalid user tech from 62.60.131.157 port 62932 ssh2
Oct 14 17:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Failed password for root from 193.32.162.157 port 49456 ssh2
Oct 14 17:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: Failed password for invalid user wwwuser from 190.103.202.7 port 57320 ssh2
Oct 14 17:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14934]: Connection closed by 190.103.202.7 port 57320 [preauth]
Oct 14 17:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Failed password for invalid user tech from 62.60.131.157 port 62932 ssh2
Oct 14 17:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Connection closed by 193.32.162.157 port 49456 [preauth]
Oct 14 17:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Failed password for invalid user tech from 62.60.131.157 port 62932 ssh2
Oct 14 17:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Received disconnect from 62.60.131.157 port 62932:11: Bye [preauth]
Oct 14 17:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Disconnected from 62.60.131.157 port 62932 [preauth]
Oct 14 17:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 17:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 17:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 2 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp]
Oct 14 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15013]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15011]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15011]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15182]: Successful su for rubyman by root
Oct 14 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15182]: + ??? root:rubyman
Oct 14 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412493 of user rubyman.
Oct 14 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15182]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412493.
Oct 14 17:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15231]: Invalid user ftptest from 39.109.116.40
Oct 14 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15231]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15231]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15231]: Failed password for invalid user ftptest from 39.109.116.40 port 37502 ssh2
Oct 14 17:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15231]: Received disconnect from 39.109.116.40 port 37502:11: Bye Bye [preauth]
Oct 14 17:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15231]: Disconnected from 39.109.116.40 port 37502 [preauth]
Oct 14 17:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 17:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14973]: Failed password for root from 193.32.162.157 port 53432 ssh2
Oct 14 17:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11  user=root
Oct 14 17:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10957]: pam_unix(cron:session): session closed for user root
Oct 14 17:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14973]: Connection closed by 193.32.162.157 port 53432 [preauth]
Oct 14 17:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: Failed password for root from 186.235.28.11 port 57052 ssh2
Oct 14 17:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: Received disconnect from 186.235.28.11 port 57052:11: Bye Bye [preauth]
Oct 14 17:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: Disconnected from 186.235.28.11 port 57052 [preauth]
Oct 14 17:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15012]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 2 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp]
Oct 14 17:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 17:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15424]: Failed password for root from 193.32.162.157 port 48606 ssh2
Oct 14 17:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15424]: Connection closed by 193.32.162.157 port 48606 [preauth]
Oct 14 17:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13628]: pam_unix(cron:session): session closed for user root
Oct 14 17:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 2 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp]
Oct 14 17:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 17:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15533]: Failed password for root from 193.32.162.157 port 57642 ssh2
Oct 14 17:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15533]: Connection closed by 193.32.162.157 port 57642 [preauth]
Oct 14 17:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: Invalid user nominatim from 167.172.153.88
Oct 14 17:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: input_userauth_request: invalid user nominatim [preauth]
Oct 14 17:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15650]: Invalid user botuser from 41.63.62.103
Oct 14 17:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15650]: input_userauth_request: invalid user botuser [preauth]
Oct 14 17:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15650]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: Failed password for invalid user nominatim from 167.172.153.88 port 57904 ssh2
Oct 14 17:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: Received disconnect from 167.172.153.88 port 57904:11: Bye Bye [preauth]
Oct 14 17:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15654]: Disconnected from 167.172.153.88 port 57904 [preauth]
Oct 14 17:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15650]: Failed password for invalid user botuser from 41.63.62.103 port 57292 ssh2
Oct 14 17:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15650]: Received disconnect from 41.63.62.103 port 57292:11: Bye Bye [preauth]
Oct 14 17:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15650]: Disconnected from 41.63.62.103 port 57292 [preauth]
Oct 14 17:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15711]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15709]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15706]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15779]: Successful su for rubyman by root
Oct 14 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15779]: + ??? root:rubyman
Oct 14 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412498 of user rubyman.
Oct 14 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15779]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412498.
Oct 14 17:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 17:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15649]: Failed password for root from 193.32.162.157 port 51860 ssh2
Oct 14 17:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11575]: pam_unix(cron:session): session closed for user root
Oct 14 17:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15649]: Connection closed by 193.32.162.157 port 51860 [preauth]
Oct 14 17:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15707]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 2 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp]
Oct 14 17:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 17:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: Failed password for root from 193.32.162.157 port 56086 ssh2
Oct 14 17:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: Connection closed by 193.32.162.157 port 56086 [preauth]
Oct 14 17:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Invalid user ftpuser from 39.109.116.40
Oct 14 17:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 17:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Failed password for invalid user ftpuser from 39.109.116.40 port 33550 ssh2
Oct 14 17:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Received disconnect from 39.109.116.40 port 33550:11: Bye Bye [preauth]
Oct 14 17:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Disconnected from 39.109.116.40 port 33550 [preauth]
Oct 14 17:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14317]: pam_unix(cron:session): session closed for user root
Oct 14 17:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26  user=root
Oct 14 17:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 17:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16198]: Failed password for root from 2.57.122.26 port 39980 ssh2
Oct 14 17:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16123]: Failed password for root from 193.32.162.157 port 60588 ssh2
Oct 14 17:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16198]: Connection closed by 2.57.122.26 port 39980 [preauth]
Oct 14 17:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16123]: Connection closed by 193.32.162.157 port 60588 [preauth]
Oct 14 17:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: Invalid user user from 194.0.234.93
Oct 14 17:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: input_userauth_request: invalid user user [preauth]
Oct 14 17:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.93
Oct 14 17:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: Failed password for invalid user user from 194.0.234.93 port 54068 ssh2
Oct 14 17:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: Connection closed by 194.0.234.93 port 54068 [preauth]
Oct 14 17:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11  user=root
Oct 14 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16285]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16286]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16283]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16372]: Successful su for rubyman by root
Oct 14 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16372]: + ??? root:rubyman
Oct 14 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16372]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412501 of user rubyman.
Oct 14 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16372]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412501.
Oct 14 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16273]: Failed password for root from 186.235.28.11 port 36834 ssh2
Oct 14 17:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16273]: Received disconnect from 186.235.28.11 port 36834:11: Bye Bye [preauth]
Oct 14 17:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16273]: Disconnected from 186.235.28.11 port 36834 [preauth]
Oct 14 17:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: Invalid user pop3 from 193.32.162.157
Oct 14 17:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: input_userauth_request: invalid user pop3 [preauth]
Oct 14 17:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
Oct 14 17:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88  user=root
Oct 14 17:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: Failed password for invalid user pop3 from 193.32.162.157 port 43462 ssh2
Oct 14 17:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12296]: pam_unix(cron:session): session closed for user root
Oct 14 17:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16485]: Failed password for root from 167.172.153.88 port 48662 ssh2
Oct 14 17:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16485]: Received disconnect from 167.172.153.88 port 48662:11: Bye Bye [preauth]
Oct 14 17:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16485]: Disconnected from 167.172.153.88 port 48662 [preauth]
Oct 14 17:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16234]: Connection closed by 193.32.162.157 port 43462 [preauth]
Oct 14 17:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16284]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16596]: Invalid user imapserver from 193.32.162.157
Oct 14 17:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16596]: input_userauth_request: invalid user imapserver [preauth]
Oct 14 17:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16670]: Invalid user debian from 41.63.62.99
Oct 14 17:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16670]: input_userauth_request: invalid user debian [preauth]
Oct 14 17:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16670]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.99
Oct 14 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16596]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
Oct 14 17:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16670]: Failed password for invalid user debian from 41.63.62.99 port 58266 ssh2
Oct 14 17:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:46.100.105.199  user=ftp
Oct 14 17:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16596]: Failed password for invalid user imapserver from 193.32.162.157 port 45416 ssh2
Oct 14 17:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16596]: Connection closed by 193.32.162.157 port 45416 [preauth]
Oct 14 17:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session closed for user root
Oct 14 17:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 17:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16716]: Failed password for root from 193.32.162.157 port 47528 ssh2
Oct 14 17:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16716]: Connection closed by 193.32.162.157 port 47528 [preauth]
Oct 14 17:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16883]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16884]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16881]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16949]: Successful su for rubyman by root
Oct 14 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16949]: + ??? root:rubyman
Oct 14 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412505 of user rubyman.
Oct 14 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16949]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412505.
Oct 14 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Invalid user postgres from 39.109.116.40
Oct 14 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: input_userauth_request: invalid user postgres [preauth]
Oct 14 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Failed password for invalid user postgres from 39.109.116.40 port 51532 ssh2
Oct 14 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Received disconnect from 39.109.116.40 port 51532:11: Bye Bye [preauth]
Oct 14 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Disconnected from 39.109.116.40 port 51532 [preauth]
Oct 14 17:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 17:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12909]: pam_unix(cron:session): session closed for user root
Oct 14 17:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: Failed password for root from 193.32.162.157 port 34766 ssh2
Oct 14 17:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16839]: Connection closed by 193.32.162.157 port 34766 [preauth]
Oct 14 17:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16882]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17271]: Invalid user ddev from 167.172.153.88
Oct 14 17:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17271]: input_userauth_request: invalid user ddev [preauth]
Oct 14 17:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17271]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 17:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17271]: Failed password for invalid user ddev from 167.172.153.88 port 52778 ssh2
Oct 14 17:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17271]: Received disconnect from 167.172.153.88 port 52778:11: Bye Bye [preauth]
Oct 14 17:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17271]: Disconnected from 167.172.153.88 port 52778 [preauth]
Oct 14 17:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Failed password for root from 193.32.162.157 port 52594 ssh2
Oct 14 17:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Connection closed by 193.32.162.157 port 52594 [preauth]
Oct 14 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15711]: pam_unix(cron:session): session closed for user root
Oct 14 17:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 17:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17311]: Failed password for root from 193.32.162.157 port 59194 ssh2
Oct 14 17:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17311]: Connection closed by 193.32.162.157 port 59194 [preauth]
Oct 14 17:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17424]: Invalid user postgres from 186.235.28.11
Oct 14 17:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17424]: input_userauth_request: invalid user postgres [preauth]
Oct 14 17:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17424]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17424]: Failed password for invalid user postgres from 186.235.28.11 port 44852 ssh2
Oct 14 17:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17424]: Received disconnect from 186.235.28.11 port 44852:11: Bye Bye [preauth]
Oct 14 17:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17424]: Disconnected from 186.235.28.11 port 44852 [preauth]
Oct 14 17:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17453]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17455]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17451]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17452]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17455]: pam_unix(cron:session): session closed for user root
Oct 14 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17449]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17536]: Successful su for rubyman by root
Oct 14 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17536]: + ??? root:rubyman
Oct 14 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17536]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412509 of user rubyman.
Oct 14 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17536]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412509.
Oct 14 17:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Invalid user devops from 41.63.62.103
Oct 14 17:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: input_userauth_request: invalid user devops [preauth]
Oct 14 17:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Failed password for invalid user devops from 41.63.62.103 port 33700 ssh2
Oct 14 17:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Received disconnect from 41.63.62.103 port 33700:11: Bye Bye [preauth]
Oct 14 17:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Disconnected from 41.63.62.103 port 33700 [preauth]
Oct 14 17:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157  user=root
Oct 14 17:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17451]: pam_unix(cron:session): session closed for user root
Oct 14 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13627]: pam_unix(cron:session): session closed for user root
Oct 14 17:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: Failed password for root from 193.32.162.157 port 57362 ssh2
Oct 14 17:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: Connection closed by 193.32.162.157 port 57362 [preauth]
Oct 14 17:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17450]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: Invalid user smtpserver from 193.32.162.157
Oct 14 17:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: input_userauth_request: invalid user smtpserver [preauth]
Oct 14 17:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
Oct 14 17:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: Failed password for invalid user smtpserver from 193.32.162.157 port 46360 ssh2
Oct 14 17:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17877]: Connection closed by 193.32.162.157 port 46360 [preauth]
Oct 14 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16286]: pam_unix(cron:session): session closed for user root
Oct 14 17:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18034]: Invalid user devops from 39.109.116.40
Oct 14 17:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18034]: input_userauth_request: invalid user devops [preauth]
Oct 14 17:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18034]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18034]: Failed password for invalid user devops from 39.109.116.40 port 36666 ssh2
Oct 14 17:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18034]: Received disconnect from 39.109.116.40 port 36666:11: Bye Bye [preauth]
Oct 14 17:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18034]: Disconnected from 39.109.116.40 port 36666 [preauth]
Oct 14 17:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: Invalid user smtpd from 193.32.162.157
Oct 14 17:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: input_userauth_request: invalid user smtpd [preauth]
Oct 14 17:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.157
Oct 14 17:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: Failed password for invalid user smtpd from 193.32.162.157 port 33496 ssh2
Oct 14 17:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: Invalid user ftpuser from 167.172.153.88
Oct 14 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: Connection closed by 193.32.162.157 port 33496 [preauth]
Oct 14 17:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: Failed password for invalid user ftpuser from 167.172.153.88 port 51256 ssh2
Oct 14 17:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: Received disconnect from 167.172.153.88 port 51256:11: Bye Bye [preauth]
Oct 14 17:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: Disconnected from 167.172.153.88 port 51256 [preauth]
Oct 14 17:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18280]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18279]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18276]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18468]: Successful su for rubyman by root
Oct 14 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18468]: + ??? root:rubyman
Oct 14 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412515 of user rubyman.
Oct 14 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18468]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412515.
Oct 14 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14316]: pam_unix(cron:session): session closed for user root
Oct 14 17:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18277]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16884]: pam_unix(cron:session): session closed for user root
Oct 14 17:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18918]: Invalid user odoo17 from 41.63.62.103
Oct 14 17:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18918]: input_userauth_request: invalid user odoo17 [preauth]
Oct 14 17:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18918]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18918]: Failed password for invalid user odoo17 from 41.63.62.103 port 33798 ssh2
Oct 14 17:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: Invalid user chandan from 186.235.28.11
Oct 14 17:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: input_userauth_request: invalid user chandan [preauth]
Oct 14 17:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18918]: Received disconnect from 41.63.62.103 port 33798:11: Bye Bye [preauth]
Oct 14 17:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18918]: Disconnected from 41.63.62.103 port 33798 [preauth]
Oct 14 17:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: Failed password for invalid user chandan from 186.235.28.11 port 52866 ssh2
Oct 14 17:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: Received disconnect from 186.235.28.11 port 52866:11: Bye Bye [preauth]
Oct 14 17:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: Disconnected from 186.235.28.11 port 52866 [preauth]
Oct 14 17:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Invalid user admin from 2.57.121.25
Oct 14 17:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: input_userauth_request: invalid user admin [preauth]
Oct 14 17:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 17:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Failed password for invalid user admin from 2.57.121.25 port 10158 ssh2
Oct 14 17:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Failed password for invalid user admin from 2.57.121.25 port 10158 ssh2
Oct 14 17:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Failed password for invalid user admin from 2.57.121.25 port 10158 ssh2
Oct 14 17:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19122]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19123]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19120]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Failed password for invalid user admin from 2.57.121.25 port 10158 ssh2
Oct 14 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19203]: Successful su for rubyman by root
Oct 14 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19203]: + ??? root:rubyman
Oct 14 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412521 of user rubyman.
Oct 14 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19203]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412521.
Oct 14 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Failed password for invalid user admin from 2.57.121.25 port 10158 ssh2
Oct 14 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Received disconnect from 2.57.121.25 port 10158:11: Bye [preauth]
Oct 14 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: Disconnected from 2.57.121.25 port 10158 [preauth]
Oct 14 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19072]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 17:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: Invalid user deployer from 39.109.116.40
Oct 14 17:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: input_userauth_request: invalid user deployer [preauth]
Oct 14 17:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: Failed password for invalid user deployer from 39.109.116.40 port 56840 ssh2
Oct 14 17:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15013]: pam_unix(cron:session): session closed for user root
Oct 14 17:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: Received disconnect from 39.109.116.40 port 56840:11: Bye Bye [preauth]
Oct 14 17:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19371]: Disconnected from 39.109.116.40 port 56840 [preauth]
Oct 14 17:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19121]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88  user=root
Oct 14 17:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: Failed password for root from 167.172.153.88 port 37820 ssh2
Oct 14 17:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: Received disconnect from 167.172.153.88 port 37820:11: Bye Bye [preauth]
Oct 14 17:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: Disconnected from 167.172.153.88 port 37820 [preauth]
Oct 14 17:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17453]: pam_unix(cron:session): session closed for user root
Oct 14 17:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:46.100.105.199
Oct 14 17:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20094]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20092]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20088]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20165]: Successful su for rubyman by root
Oct 14 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20165]: + ??? root:rubyman
Oct 14 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412523 of user rubyman.
Oct 14 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20165]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412523.
Oct 14 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15709]: pam_unix(cron:session): session closed for user root
Oct 14 17:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 14 17:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20091]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Failed password for root from 185.156.73.233 port 46240 ssh2
Oct 14 17:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Connection closed by 185.156.73.233 port 46240 [preauth]
Oct 14 17:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Invalid user devops from 41.63.62.103
Oct 14 17:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: input_userauth_request: invalid user devops [preauth]
Oct 14 17:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Failed password for invalid user devops from 41.63.62.103 port 37776 ssh2
Oct 14 17:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Received disconnect from 41.63.62.103 port 37776:11: Bye Bye [preauth]
Oct 14 17:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Disconnected from 41.63.62.103 port 37776 [preauth]
Oct 14 17:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: Invalid user ansible from 39.109.116.40
Oct 14 17:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: input_userauth_request: invalid user ansible [preauth]
Oct 14 17:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: Failed password for invalid user ansible from 39.109.116.40 port 58320 ssh2
Oct 14 17:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: Received disconnect from 39.109.116.40 port 58320:11: Bye Bye [preauth]
Oct 14 17:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: Disconnected from 39.109.116.40 port 58320 [preauth]
Oct 14 17:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18280]: pam_unix(cron:session): session closed for user root
Oct 14 17:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: Invalid user ftpuser from 186.235.28.11
Oct 14 17:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 17:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: Failed password for invalid user ftpuser from 186.235.28.11 port 60874 ssh2
Oct 14 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: Received disconnect from 186.235.28.11 port 60874:11: Bye Bye [preauth]
Oct 14 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: Disconnected from 186.235.28.11 port 60874 [preauth]
Oct 14 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88  user=root
Oct 14 17:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20645]: Failed password for root from 167.172.153.88 port 50012 ssh2
Oct 14 17:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20645]: Received disconnect from 167.172.153.88 port 50012:11: Bye Bye [preauth]
Oct 14 17:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20645]: Disconnected from 167.172.153.88 port 50012 [preauth]
Oct 14 17:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: Invalid user wyk from 185.213.174.209
Oct 14 17:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: input_userauth_request: invalid user wyk [preauth]
Oct 14 17:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: Failed password for invalid user wyk from 185.213.174.209 port 48948 ssh2
Oct 14 17:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: Received disconnect from 185.213.174.209 port 48948:11: Bye Bye [preauth]
Oct 14 17:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: Disconnected from 185.213.174.209 port 48948 [preauth]
Oct 14 17:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20725]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20726]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20718]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20720]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20903]: Successful su for rubyman by root
Oct 14 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20903]: + ??? root:rubyman
Oct 14 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412528 of user rubyman.
Oct 14 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20903]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412528.
Oct 14 17:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20718]: pam_unix(cron:session): session closed for user root
Oct 14 17:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16285]: pam_unix(cron:session): session closed for user root
Oct 14 17:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21044]: Invalid user cass from 14.103.115.213
Oct 14 17:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21044]: input_userauth_request: invalid user cass [preauth]
Oct 14 17:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21044]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.213
Oct 14 17:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21044]: Failed password for invalid user cass from 14.103.115.213 port 58058 ssh2
Oct 14 17:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21044]: Received disconnect from 14.103.115.213 port 58058:11: Bye Bye [preauth]
Oct 14 17:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21044]: Disconnected from 14.103.115.213 port 58058 [preauth]
Oct 14 17:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20724]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19123]: pam_unix(cron:session): session closed for user root
Oct 14 17:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21411]: Invalid user administrator from 39.109.116.40
Oct 14 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21411]: input_userauth_request: invalid user administrator [preauth]
Oct 14 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21411]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21411]: Failed password for invalid user administrator from 39.109.116.40 port 37706 ssh2
Oct 14 17:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21411]: Received disconnect from 39.109.116.40 port 37706:11: Bye Bye [preauth]
Oct 14 17:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21411]: Disconnected from 39.109.116.40 port 37706 [preauth]
Oct 14 17:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21448]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21444]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21452]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21445]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21452]: pam_unix(cron:session): session closed for user root
Oct 14 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21438]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21434]: Invalid user user1 from 41.63.62.103
Oct 14 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21434]: input_userauth_request: invalid user user1 [preauth]
Oct 14 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21434]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21538]: Successful su for rubyman by root
Oct 14 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21538]: + ??? root:rubyman
Oct 14 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412532 of user rubyman.
Oct 14 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21538]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412532.
Oct 14 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21434]: Failed password for invalid user user1 from 41.63.62.103 port 54656 ssh2
Oct 14 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21434]: Received disconnect from 41.63.62.103 port 54656:11: Bye Bye [preauth]
Oct 14 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21434]: Disconnected from 41.63.62.103 port 54656 [preauth]
Oct 14 17:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21444]: pam_unix(cron:session): session closed for user root
Oct 14 17:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16883]: pam_unix(cron:session): session closed for user root
Oct 14 17:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21800]: Invalid user smart from 51.83.98.100
Oct 14 17:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21800]: input_userauth_request: invalid user smart [preauth]
Oct 14 17:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21800]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88  user=root
Oct 14 17:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21800]: Failed password for invalid user smart from 51.83.98.100 port 36342 ssh2
Oct 14 17:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21800]: Received disconnect from 51.83.98.100 port 36342:11: Bye Bye [preauth]
Oct 14 17:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21800]: Disconnected from 51.83.98.100 port 36342 [preauth]
Oct 14 17:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21440]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21825]: Failed password for root from 167.172.153.88 port 45376 ssh2
Oct 14 17:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21825]: Received disconnect from 167.172.153.88 port 45376:11: Bye Bye [preauth]
Oct 14 17:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21825]: Disconnected from 167.172.153.88 port 45376 [preauth]
Oct 14 17:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11  user=root
Oct 14 17:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20094]: pam_unix(cron:session): session closed for user root
Oct 14 17:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21931]: Failed password for root from 186.235.28.11 port 40654 ssh2
Oct 14 17:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21931]: Received disconnect from 186.235.28.11 port 40654:11: Bye Bye [preauth]
Oct 14 17:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21931]: Disconnected from 186.235.28.11 port 40654 [preauth]
Oct 14 17:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22076]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22077]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22074]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22173]: Successful su for rubyman by root
Oct 14 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22173]: + ??? root:rubyman
Oct 14 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22173]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412538 of user rubyman.
Oct 14 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22173]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412538.
Oct 14 17:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22277]: Invalid user rere from 45.138.158.114
Oct 14 17:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22277]: input_userauth_request: invalid user rere [preauth]
Oct 14 17:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22277]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22277]: Failed password for invalid user rere from 45.138.158.114 port 43740 ssh2
Oct 14 17:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22277]: Received disconnect from 45.138.158.114 port 43740:11: Bye Bye [preauth]
Oct 14 17:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22277]: Disconnected from 45.138.158.114 port 43740 [preauth]
Oct 14 17:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17452]: pam_unix(cron:session): session closed for user root
Oct 14 17:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: Invalid user ts1 from 185.213.174.209
Oct 14 17:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: input_userauth_request: invalid user ts1 [preauth]
Oct 14 17:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: Failed password for invalid user ts1 from 185.213.174.209 port 38152 ssh2
Oct 14 17:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: Received disconnect from 185.213.174.209 port 38152:11: Bye Bye [preauth]
Oct 14 17:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22439]: Disconnected from 185.213.174.209 port 38152 [preauth]
Oct 14 17:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: Invalid user admin from 39.109.116.40
Oct 14 17:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: input_userauth_request: invalid user admin [preauth]
Oct 14 17:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: Failed password for invalid user admin from 39.109.116.40 port 42466 ssh2
Oct 14 17:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: Received disconnect from 39.109.116.40 port 42466:11: Bye Bye [preauth]
Oct 14 17:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: Disconnected from 39.109.116.40 port 42466 [preauth]
Oct 14 17:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20726]: pam_unix(cron:session): session closed for user root
Oct 14 17:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88  user=root
Oct 14 17:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22669]: Failed password for root from 167.172.153.88 port 55528 ssh2
Oct 14 17:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22669]: Received disconnect from 167.172.153.88 port 55528:11: Bye Bye [preauth]
Oct 14 17:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22669]: Disconnected from 167.172.153.88 port 55528 [preauth]
Oct 14 17:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: Invalid user mk from 51.83.98.100
Oct 14 17:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: input_userauth_request: invalid user mk [preauth]
Oct 14 17:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22897]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22898]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22894]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: Failed password for invalid user mk from 51.83.98.100 port 51020 ssh2
Oct 14 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: Received disconnect from 51.83.98.100 port 51020:11: Bye Bye [preauth]
Oct 14 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: Disconnected from 51.83.98.100 port 51020 [preauth]
Oct 14 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23110]: Successful su for rubyman by root
Oct 14 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23110]: + ??? root:rubyman
Oct 14 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412544 of user rubyman.
Oct 14 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23110]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412544.
Oct 14 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18279]: pam_unix(cron:session): session closed for user root
Oct 14 17:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22896]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:46.100.105.199
Oct 14 17:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23847]: Invalid user water from 186.235.28.11
Oct 14 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23847]: input_userauth_request: invalid user water [preauth]
Oct 14 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23847]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23847]: Failed password for invalid user water from 186.235.28.11 port 48678 ssh2
Oct 14 17:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23864]: Invalid user save from 185.213.174.209
Oct 14 17:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23864]: input_userauth_request: invalid user save [preauth]
Oct 14 17:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23864]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23847]: Received disconnect from 186.235.28.11 port 48678:11: Bye Bye [preauth]
Oct 14 17:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23847]: Disconnected from 186.235.28.11 port 48678 [preauth]
Oct 14 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21448]: pam_unix(cron:session): session closed for user root
Oct 14 17:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23864]: Failed password for invalid user save from 185.213.174.209 port 37622 ssh2
Oct 14 17:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23864]: Received disconnect from 185.213.174.209 port 37622:11: Bye Bye [preauth]
Oct 14 17:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23864]: Disconnected from 185.213.174.209 port 37622 [preauth]
Oct 14 17:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: Invalid user erpnext from 39.109.116.40
Oct 14 17:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: input_userauth_request: invalid user erpnext [preauth]
Oct 14 17:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: Failed password for invalid user erpnext from 39.109.116.40 port 44212 ssh2
Oct 14 17:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: Received disconnect from 39.109.116.40 port 44212:11: Bye Bye [preauth]
Oct 14 17:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: Disconnected from 39.109.116.40 port 44212 [preauth]
Oct 14 17:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23990]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23991]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23986]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23986]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24072]: Successful su for rubyman by root
Oct 14 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24072]: + ??? root:rubyman
Oct 14 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412546 of user rubyman.
Oct 14 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24072]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412546.
Oct 14 17:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: Invalid user osvaldo from 45.138.158.114
Oct 14 17:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: input_userauth_request: invalid user osvaldo [preauth]
Oct 14 17:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19122]: pam_unix(cron:session): session closed for user root
Oct 14 17:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: Failed password for invalid user osvaldo from 45.138.158.114 port 39832 ssh2
Oct 14 17:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: Received disconnect from 45.138.158.114 port 39832:11: Bye Bye [preauth]
Oct 14 17:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: Disconnected from 45.138.158.114 port 39832 [preauth]
Oct 14 17:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23989]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24365]: Invalid user mapadmin from 51.83.98.100
Oct 14 17:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24365]: input_userauth_request: invalid user mapadmin [preauth]
Oct 14 17:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24365]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24365]: Failed password for invalid user mapadmin from 51.83.98.100 port 33564 ssh2
Oct 14 17:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24365]: Received disconnect from 51.83.98.100 port 33564:11: Bye Bye [preauth]
Oct 14 17:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24365]: Disconnected from 51.83.98.100 port 33564 [preauth]
Oct 14 17:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: Invalid user ftpuser from 41.63.62.103
Oct 14 17:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 17:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: Failed password for invalid user ftpuser from 41.63.62.103 port 43444 ssh2
Oct 14 17:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: Received disconnect from 41.63.62.103 port 43444:11: Bye Bye [preauth]
Oct 14 17:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: Disconnected from 41.63.62.103 port 43444 [preauth]
Oct 14 17:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24436]: Invalid user cisco from 167.172.153.88
Oct 14 17:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24436]: input_userauth_request: invalid user cisco [preauth]
Oct 14 17:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24436]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24436]: Failed password for invalid user cisco from 167.172.153.88 port 58028 ssh2
Oct 14 17:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24436]: Received disconnect from 167.172.153.88 port 58028:11: Bye Bye [preauth]
Oct 14 17:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24436]: Disconnected from 167.172.153.88 port 58028 [preauth]
Oct 14 17:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22077]: pam_unix(cron:session): session closed for user root
Oct 14 17:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24618]: Invalid user musicbot from 185.213.174.209
Oct 14 17:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24618]: input_userauth_request: invalid user musicbot [preauth]
Oct 14 17:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24618]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24618]: Failed password for invalid user musicbot from 185.213.174.209 port 52614 ssh2
Oct 14 17:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24618]: Received disconnect from 185.213.174.209 port 52614:11: Bye Bye [preauth]
Oct 14 17:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24618]: Disconnected from 185.213.174.209 port 52614 [preauth]
Oct 14 17:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24658]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24657]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24653]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24732]: Successful su for rubyman by root
Oct 14 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24732]: + ??? root:rubyman
Oct 14 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412550 of user rubyman.
Oct 14 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24732]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412550.
Oct 14 17:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20092]: pam_unix(cron:session): session closed for user root
Oct 14 17:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24655]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25037]: Invalid user newuser from 39.109.116.40
Oct 14 17:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25037]: input_userauth_request: invalid user newuser [preauth]
Oct 14 17:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25037]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25037]: Failed password for invalid user newuser from 39.109.116.40 port 48096 ssh2
Oct 14 17:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25037]: Received disconnect from 39.109.116.40 port 48096:11: Bye Bye [preauth]
Oct 14 17:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25037]: Disconnected from 39.109.116.40 port 48096 [preauth]
Oct 14 17:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Invalid user wyk from 51.83.98.100
Oct 14 17:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: input_userauth_request: invalid user wyk [preauth]
Oct 14 17:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: Invalid user loginuser from 193.32.162.151
Oct 14 17:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: input_userauth_request: invalid user loginuser [preauth]
Oct 14 17:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 14 17:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Failed password for invalid user wyk from 51.83.98.100 port 45776 ssh2
Oct 14 17:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Received disconnect from 51.83.98.100 port 45776:11: Bye Bye [preauth]
Oct 14 17:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Disconnected from 51.83.98.100 port 45776 [preauth]
Oct 14 17:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: Failed password for invalid user loginuser from 193.32.162.151 port 54420 ssh2
Oct 14 17:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25061]: Connection closed by 193.32.162.151 port 54420 [preauth]
Oct 14 17:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11  user=root
Oct 14 17:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25097]: Failed password for root from 186.235.28.11 port 56690 ssh2
Oct 14 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25097]: Received disconnect from 186.235.28.11 port 56690:11: Bye Bye [preauth]
Oct 14 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25097]: Disconnected from 186.235.28.11 port 56690 [preauth]
Oct 14 17:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22898]: pam_unix(cron:session): session closed for user root
Oct 14 17:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: Invalid user ts1 from 45.138.158.114
Oct 14 17:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: input_userauth_request: invalid user ts1 [preauth]
Oct 14 17:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: Failed password for invalid user ts1 from 45.138.158.114 port 56662 ssh2
Oct 14 17:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: Received disconnect from 45.138.158.114 port 56662:11: Bye Bye [preauth]
Oct 14 17:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: Disconnected from 45.138.158.114 port 56662 [preauth]
Oct 14 17:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: Invalid user astra from 167.172.153.88
Oct 14 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: input_userauth_request: invalid user astra [preauth]
Oct 14 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: Failed password for invalid user astra from 167.172.153.88 port 33698 ssh2
Oct 14 17:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: Received disconnect from 167.172.153.88 port 33698:11: Bye Bye [preauth]
Oct 14 17:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: Disconnected from 167.172.153.88 port 33698 [preauth]
Oct 14 17:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: Invalid user deployer from 41.63.62.103
Oct 14 17:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: input_userauth_request: invalid user deployer [preauth]
Oct 14 17:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: Failed password for invalid user deployer from 41.63.62.103 port 51294 ssh2
Oct 14 17:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: Received disconnect from 41.63.62.103 port 51294:11: Bye Bye [preauth]
Oct 14 17:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: Disconnected from 41.63.62.103 port 51294 [preauth]
Oct 14 17:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25527]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25526]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25529]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25529]: pam_unix(cron:session): session closed for user root
Oct 14 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25520]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25607]: Successful su for rubyman by root
Oct 14 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25607]: + ??? root:rubyman
Oct 14 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412554 of user rubyman.
Oct 14 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25607]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412554.
Oct 14 17:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session closed for user root
Oct 14 17:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20725]: pam_unix(cron:session): session closed for user root
Oct 14 17:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25937]: Invalid user mk from 185.213.174.209
Oct 14 17:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25937]: input_userauth_request: invalid user mk [preauth]
Oct 14 17:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25937]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25937]: Failed password for invalid user mk from 185.213.174.209 port 48396 ssh2
Oct 14 17:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25937]: Received disconnect from 185.213.174.209 port 48396:11: Bye Bye [preauth]
Oct 14 17:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25937]: Disconnected from 185.213.174.209 port 48396 [preauth]
Oct 14 17:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25521]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26080]: Invalid user halo from 51.83.98.100
Oct 14 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26080]: input_userauth_request: invalid user halo [preauth]
Oct 14 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26080]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26080]: Failed password for invalid user halo from 51.83.98.100 port 58440 ssh2
Oct 14 17:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26080]: Received disconnect from 51.83.98.100 port 58440:11: Bye Bye [preauth]
Oct 14 17:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26080]: Disconnected from 51.83.98.100 port 58440 [preauth]
Oct 14 17:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23991]: pam_unix(cron:session): session closed for user root
Oct 14 17:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Invalid user ahmed from 39.109.116.40
Oct 14 17:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: input_userauth_request: invalid user ahmed [preauth]
Oct 14 17:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Failed password for invalid user ahmed from 39.109.116.40 port 41800 ssh2
Oct 14 17:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Received disconnect from 39.109.116.40 port 41800:11: Bye Bye [preauth]
Oct 14 17:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Disconnected from 39.109.116.40 port 41800 [preauth]
Oct 14 17:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=avanazz@mediuscorp.com@198.199.94.12 rhost=::ffff:79.124.49.146
Oct 14 17:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=avanazz@mediuscorp.com rhost=::ffff:79.124.49.146
Oct 14 17:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26256]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26257]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26254]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: Invalid user smart from 45.138.158.114
Oct 14 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: input_userauth_request: invalid user smart [preauth]
Oct 14 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: Invalid user user from 62.60.131.157
Oct 14 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: input_userauth_request: invalid user user [preauth]
Oct 14 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26355]: Successful su for rubyman by root
Oct 14 17:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26355]: + ??? root:rubyman
Oct 14 17:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26355]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412561 of user rubyman.
Oct 14 17:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26355]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412561.
Oct 14 17:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: Failed password for invalid user smart from 45.138.158.114 port 58750 ssh2
Oct 14 17:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: Received disconnect from 45.138.158.114 port 58750:11: Bye Bye [preauth]
Oct 14 17:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: Disconnected from 45.138.158.114 port 58750 [preauth]
Oct 14 17:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: Failed password for invalid user user from 62.60.131.157 port 24201 ssh2
Oct 14 17:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: Failed password for invalid user user from 62.60.131.157 port 24201 ssh2
Oct 14 17:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: Failed password for invalid user user from 62.60.131.157 port 24201 ssh2
Oct 14 17:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: Failed password for invalid user user from 62.60.131.157 port 24201 ssh2
Oct 14 17:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21445]: pam_unix(cron:session): session closed for user root
Oct 14 17:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: Failed password for invalid user user from 62.60.131.157 port 24201 ssh2
Oct 14 17:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: Received disconnect from 62.60.131.157 port 24201:11: Bye [preauth]
Oct 14 17:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: Disconnected from 62.60.131.157 port 24201 [preauth]
Oct 14 17:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 17:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26246]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 17:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26688]: Invalid user dedie from 167.172.153.88
Oct 14 17:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26688]: input_userauth_request: invalid user dedie [preauth]
Oct 14 17:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26688]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26255]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26688]: Failed password for invalid user dedie from 167.172.153.88 port 51146 ssh2
Oct 14 17:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26688]: Received disconnect from 167.172.153.88 port 51146:11: Bye Bye [preauth]
Oct 14 17:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26688]: Disconnected from 167.172.153.88 port 51146 [preauth]
Oct 14 17:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: Invalid user telecomadmin from 185.156.73.233
Oct 14 17:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: input_userauth_request: invalid user telecomadmin [preauth]
Oct 14 17:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: Invalid user ftpuser from 186.235.28.11
Oct 14 17:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 17:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 14 17:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: Failed password for invalid user ftpuser from 186.235.28.11 port 36478 ssh2
Oct 14 17:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: Failed password for invalid user telecomadmin from 185.156.73.233 port 35222 ssh2
Oct 14 17:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: Connection closed by 185.156.73.233 port 35222 [preauth]
Oct 14 17:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: Received disconnect from 186.235.28.11 port 36478:11: Bye Bye [preauth]
Oct 14 17:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: Disconnected from 186.235.28.11 port 36478 [preauth]
Oct 14 17:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: Invalid user amir from 41.63.62.99
Oct 14 17:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: input_userauth_request: invalid user amir [preauth]
Oct 14 17:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.99
Oct 14 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: Failed password for invalid user amir from 41.63.62.99 port 41970 ssh2
Oct 14 17:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209  user=root
Oct 14 17:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24658]: pam_unix(cron:session): session closed for user root
Oct 14 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Failed password for root from 185.213.174.209 port 51656 ssh2
Oct 14 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Received disconnect from 185.213.174.209 port 51656:11: Bye Bye [preauth]
Oct 14 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Disconnected from 185.213.174.209 port 51656 [preauth]
Oct 14 17:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:46.100.105.199
Oct 14 17:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26959]: Invalid user cha from 51.83.98.100
Oct 14 17:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26959]: input_userauth_request: invalid user cha [preauth]
Oct 14 17:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26959]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26959]: Failed password for invalid user cha from 51.83.98.100 port 36054 ssh2
Oct 14 17:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26959]: Received disconnect from 51.83.98.100 port 36054:11: Bye Bye [preauth]
Oct 14 17:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26959]: Disconnected from 51.83.98.100 port 36054 [preauth]
Oct 14 17:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: Connection reset by 41.63.62.99 port 41970 [preauth]
Oct 14 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27194]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27192]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27188]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27188]: pam_unix(cron:session): session closed for user root
Oct 14 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27190]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27269]: Successful su for rubyman by root
Oct 14 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27269]: + ??? root:rubyman
Oct 14 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412565 of user rubyman.
Oct 14 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27269]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412565.
Oct 14 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22076]: pam_unix(cron:session): session closed for user root
Oct 14 17:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27191]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: Invalid user dockeruser from 39.109.116.40
Oct 14 17:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: input_userauth_request: invalid user dockeruser [preauth]
Oct 14 17:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: Failed password for invalid user dockeruser from 39.109.116.40 port 42538 ssh2
Oct 14 17:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: Received disconnect from 39.109.116.40 port 42538:11: Bye Bye [preauth]
Oct 14 17:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: Disconnected from 39.109.116.40 port 42538 [preauth]
Oct 14 17:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114  user=root
Oct 14 17:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27887]: Failed password for root from 45.138.158.114 port 40388 ssh2
Oct 14 17:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27887]: Received disconnect from 45.138.158.114 port 40388:11: Bye Bye [preauth]
Oct 14 17:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27887]: Disconnected from 45.138.158.114 port 40388 [preauth]
Oct 14 17:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25527]: pam_unix(cron:session): session closed for user root
Oct 14 17:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27992]: Invalid user admins from 167.172.153.88
Oct 14 17:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27992]: input_userauth_request: invalid user admins [preauth]
Oct 14 17:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27992]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27992]: Failed password for invalid user admins from 167.172.153.88 port 50828 ssh2
Oct 14 17:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27992]: Received disconnect from 167.172.153.88 port 50828:11: Bye Bye [preauth]
Oct 14 17:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27992]: Disconnected from 167.172.153.88 port 50828 [preauth]
Oct 14 17:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28059]: Invalid user musicbot from 51.83.98.100
Oct 14 17:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28059]: input_userauth_request: invalid user musicbot [preauth]
Oct 14 17:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28059]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28059]: Failed password for invalid user musicbot from 51.83.98.100 port 44960 ssh2
Oct 14 17:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28059]: Received disconnect from 51.83.98.100 port 44960:11: Bye Bye [preauth]
Oct 14 17:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28059]: Disconnected from 51.83.98.100 port 44960 [preauth]
Oct 14 17:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28082]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28084]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28079]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28161]: Successful su for rubyman by root
Oct 14 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28161]: + ??? root:rubyman
Oct 14 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412571 of user rubyman.
Oct 14 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28161]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412571.
Oct 14 17:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22897]: pam_unix(cron:session): session closed for user root
Oct 14 17:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Invalid user ftptest from 41.63.62.103
Oct 14 17:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 17:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209  user=root
Oct 14 17:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Failed password for invalid user ftptest from 41.63.62.103 port 56790 ssh2
Oct 14 17:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Received disconnect from 41.63.62.103 port 56790:11: Bye Bye [preauth]
Oct 14 17:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Disconnected from 41.63.62.103 port 56790 [preauth]
Oct 14 17:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: Failed password for root from 185.213.174.209 port 52456 ssh2
Oct 14 17:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: Received disconnect from 185.213.174.209 port 52456:11: Bye Bye [preauth]
Oct 14 17:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: Disconnected from 185.213.174.209 port 52456 [preauth]
Oct 14 17:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11  user=root
Oct 14 17:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28081]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28417]: Failed password for root from 186.235.28.11 port 44492 ssh2
Oct 14 17:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28417]: Received disconnect from 186.235.28.11 port 44492:11: Bye Bye [preauth]
Oct 14 17:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28417]: Disconnected from 186.235.28.11 port 44492 [preauth]
Oct 14 17:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.213  user=root
Oct 14 17:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28730]: Failed password for root from 14.103.115.213 port 36500 ssh2
Oct 14 17:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28730]: Received disconnect from 14.103.115.213 port 36500:11: Bye Bye [preauth]
Oct 14 17:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28730]: Disconnected from 14.103.115.213 port 36500 [preauth]
Oct 14 17:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26257]: pam_unix(cron:session): session closed for user root
Oct 14 17:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 14 17:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28863]: Failed password for root from 190.103.202.7 port 57050 ssh2
Oct 14 17:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28863]: Connection closed by 190.103.202.7 port 57050 [preauth]
Oct 14 17:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40  user=root
Oct 14 17:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28887]: Failed password for root from 39.109.116.40 port 35788 ssh2
Oct 14 17:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28887]: Received disconnect from 39.109.116.40 port 35788:11: Bye Bye [preauth]
Oct 14 17:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28887]: Disconnected from 39.109.116.40 port 35788 [preauth]
Oct 14 17:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114  user=root
Oct 14 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29020]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29019]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29017]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29121]: Successful su for rubyman by root
Oct 14 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29121]: + ??? root:rubyman
Oct 14 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412576 of user rubyman.
Oct 14 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29121]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412576.
Oct 14 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28992]: Failed password for root from 45.138.158.114 port 35476 ssh2
Oct 14 17:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28992]: Received disconnect from 45.138.158.114 port 35476:11: Bye Bye [preauth]
Oct 14 17:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28992]: Disconnected from 45.138.158.114 port 35476 [preauth]
Oct 14 17:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23990]: pam_unix(cron:session): session closed for user root
Oct 14 17:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Invalid user root1 from 51.83.98.100
Oct 14 17:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: input_userauth_request: invalid user root1 [preauth]
Oct 14 17:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Failed password for invalid user root1 from 51.83.98.100 port 43964 ssh2
Oct 14 17:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Received disconnect from 51.83.98.100 port 43964:11: Bye Bye [preauth]
Oct 14 17:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Disconnected from 51.83.98.100 port 43964 [preauth]
Oct 14 17:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: Invalid user test01 from 167.172.153.88
Oct 14 17:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: input_userauth_request: invalid user test01 [preauth]
Oct 14 17:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29018]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: Failed password for invalid user test01 from 167.172.153.88 port 46314 ssh2
Oct 14 17:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: Received disconnect from 167.172.153.88 port 46314:11: Bye Bye [preauth]
Oct 14 17:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29377]: Disconnected from 167.172.153.88 port 46314 [preauth]
Oct 14 17:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27194]: pam_unix(cron:session): session closed for user root
Oct 14 17:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29563]: Invalid user arwin from 185.213.174.209
Oct 14 17:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29563]: input_userauth_request: invalid user arwin [preauth]
Oct 14 17:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29563]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29563]: Failed password for invalid user arwin from 185.213.174.209 port 54292 ssh2
Oct 14 17:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29563]: Received disconnect from 185.213.174.209 port 54292:11: Bye Bye [preauth]
Oct 14 17:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29563]: Disconnected from 185.213.174.209 port 54292 [preauth]
Oct 14 17:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29582]: Invalid user dummy from 41.63.62.103
Oct 14 17:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29582]: input_userauth_request: invalid user dummy [preauth]
Oct 14 17:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29582]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29582]: Failed password for invalid user dummy from 41.63.62.103 port 47424 ssh2
Oct 14 17:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29582]: Received disconnect from 41.63.62.103 port 47424:11: Bye Bye [preauth]
Oct 14 17:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29582]: Disconnected from 41.63.62.103 port 47424 [preauth]
Oct 14 17:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29673]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29674]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29671]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29672]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29669]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29670]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29674]: pam_unix(cron:session): session closed for user root
Oct 14 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29669]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29756]: Successful su for rubyman by root
Oct 14 17:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29756]: + ??? root:rubyman
Oct 14 17:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412579 of user rubyman.
Oct 14 17:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29756]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412579.
Oct 14 17:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: Invalid user larry from 186.235.28.11
Oct 14 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: input_userauth_request: invalid user larry [preauth]
Oct 14 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29671]: pam_unix(cron:session): session closed for user root
Oct 14 17:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24657]: pam_unix(cron:session): session closed for user root
Oct 14 17:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: Failed password for invalid user larry from 186.235.28.11 port 52506 ssh2
Oct 14 17:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: Received disconnect from 186.235.28.11 port 52506:11: Bye Bye [preauth]
Oct 14 17:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: Disconnected from 186.235.28.11 port 52506 [preauth]
Oct 14 17:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29670]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: Invalid user git from 39.109.116.40
Oct 14 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: input_userauth_request: invalid user git [preauth]
Oct 14 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100  user=root
Oct 14 17:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: Failed password for invalid user git from 39.109.116.40 port 36464 ssh2
Oct 14 17:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: Received disconnect from 39.109.116.40 port 36464:11: Bye Bye [preauth]
Oct 14 17:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30100]: Disconnected from 39.109.116.40 port 36464 [preauth]
Oct 14 17:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: Failed password for root from 51.83.98.100 port 36710 ssh2
Oct 14 17:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: Received disconnect from 51.83.98.100 port 36710:11: Bye Bye [preauth]
Oct 14 17:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: Disconnected from 51.83.98.100 port 36710 [preauth]
Oct 14 17:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114  user=root
Oct 14 17:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: Failed password for root from 45.138.158.114 port 45318 ssh2
Oct 14 17:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: Received disconnect from 45.138.158.114 port 45318:11: Bye Bye [preauth]
Oct 14 17:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: Disconnected from 45.138.158.114 port 45318 [preauth]
Oct 14 17:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28084]: pam_unix(cron:session): session closed for user root
Oct 14 17:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: Invalid user info from 167.172.153.88
Oct 14 17:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: input_userauth_request: invalid user info [preauth]
Oct 14 17:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: Failed password for invalid user info from 167.172.153.88 port 56430 ssh2
Oct 14 17:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: Received disconnect from 167.172.153.88 port 56430:11: Bye Bye [preauth]
Oct 14 17:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30253]: Disconnected from 167.172.153.88 port 56430 [preauth]
Oct 14 17:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30372]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30373]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30368]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30502]: Successful su for rubyman by root
Oct 14 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30502]: + ??? root:rubyman
Oct 14 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412584 of user rubyman.
Oct 14 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30502]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412584.
Oct 14 17:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 17:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:46.100.105.199
Oct 14 17:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209  user=root
Oct 14 17:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: Failed password for root from 185.213.174.209 port 45012 ssh2
Oct 14 17:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25526]: pam_unix(cron:session): session closed for user root
Oct 14 17:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: Received disconnect from 185.213.174.209 port 45012:11: Bye Bye [preauth]
Oct 14 17:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: Disconnected from 185.213.174.209 port 45012 [preauth]
Oct 14 17:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30371]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103  user=root
Oct 14 17:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: Failed password for root from 41.63.62.103 port 32774 ssh2
Oct 14 17:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: Received disconnect from 41.63.62.103 port 32774:11: Bye Bye [preauth]
Oct 14 17:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: Disconnected from 41.63.62.103 port 32774 [preauth]
Oct 14 17:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.213  user=root
Oct 14 17:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100  user=root
Oct 14 17:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: Failed password for root from 14.103.115.213 port 51750 ssh2
Oct 14 17:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: Received disconnect from 14.103.115.213 port 51750:11: Bye Bye [preauth]
Oct 14 17:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30866]: Disconnected from 14.103.115.213 port 51750 [preauth]
Oct 14 17:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30890]: Failed password for root from 51.83.98.100 port 38560 ssh2
Oct 14 17:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30890]: Received disconnect from 51.83.98.100 port 38560:11: Bye Bye [preauth]
Oct 14 17:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30890]: Disconnected from 51.83.98.100 port 38560 [preauth]
Oct 14 17:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29020]: pam_unix(cron:session): session closed for user root
Oct 14 17:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: Invalid user odoo17 from 39.109.116.40
Oct 14 17:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: input_userauth_request: invalid user odoo17 [preauth]
Oct 14 17:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: Failed password for invalid user odoo17 from 39.109.116.40 port 49074 ssh2
Oct 14 17:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: Received disconnect from 39.109.116.40 port 49074:11: Bye Bye [preauth]
Oct 14 17:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30980]: Disconnected from 39.109.116.40 port 49074 [preauth]
Oct 14 17:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114  user=root
Oct 14 17:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: Failed password for root from 45.138.158.114 port 45142 ssh2
Oct 14 17:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: Received disconnect from 45.138.158.114 port 45142:11: Bye Bye [preauth]
Oct 14 17:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: Disconnected from 45.138.158.114 port 45142 [preauth]
Oct 14 17:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: Invalid user vhpadmin from 186.235.28.11
Oct 14 17:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: input_userauth_request: invalid user vhpadmin [preauth]
Oct 14 17:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31086]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31087]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31080]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: Failed password for invalid user vhpadmin from 186.235.28.11 port 60514 ssh2
Oct 14 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: Received disconnect from 186.235.28.11 port 60514:11: Bye Bye [preauth]
Oct 14 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: Disconnected from 186.235.28.11 port 60514 [preauth]
Oct 14 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31168]: Successful su for rubyman by root
Oct 14 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31168]: + ??? root:rubyman
Oct 14 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31168]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412588 of user rubyman.
Oct 14 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31168]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412588.
Oct 14 17:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: Invalid user gf from 167.172.153.88
Oct 14 17:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: input_userauth_request: invalid user gf [preauth]
Oct 14 17:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: Failed password for invalid user gf from 167.172.153.88 port 43002 ssh2
Oct 14 17:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: Received disconnect from 167.172.153.88 port 43002:11: Bye Bye [preauth]
Oct 14 17:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: Disconnected from 167.172.153.88 port 43002 [preauth]
Oct 14 17:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26256]: pam_unix(cron:session): session closed for user root
Oct 14 17:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31081]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 3 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data]
Oct 14 17:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Invalid user tao from 185.213.174.209
Oct 14 17:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: input_userauth_request: invalid user tao [preauth]
Oct 14 17:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Failed password for invalid user tao from 185.213.174.209 port 49846 ssh2
Oct 14 17:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Received disconnect from 185.213.174.209 port 49846:11: Bye Bye [preauth]
Oct 14 17:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Disconnected from 185.213.174.209 port 49846 [preauth]
Oct 14 17:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29673]: pam_unix(cron:session): session closed for user root
Oct 14 17:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: Invalid user es from 51.83.98.100
Oct 14 17:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: input_userauth_request: invalid user es [preauth]
Oct 14 17:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: Failed password for invalid user es from 51.83.98.100 port 35190 ssh2
Oct 14 17:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: Received disconnect from 51.83.98.100 port 35190:11: Bye Bye [preauth]
Oct 14 17:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: Disconnected from 51.83.98.100 port 35190 [preauth]
Oct 14 17:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 3 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data]
Oct 14 17:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: Invalid user admin from 41.63.62.103
Oct 14 17:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: input_userauth_request: invalid user admin [preauth]
Oct 14 17:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31826]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31825]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31821]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31902]: Successful su for rubyman by root
Oct 14 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31902]: + ??? root:rubyman
Oct 14 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412592 of user rubyman.
Oct 14 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31902]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412592.
Oct 14 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: Failed password for invalid user admin from 41.63.62.103 port 38400 ssh2
Oct 14 17:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: Received disconnect from 41.63.62.103 port 38400:11: Bye Bye [preauth]
Oct 14 17:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: Disconnected from 41.63.62.103 port 38400 [preauth]
Oct 14 17:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32004]: Invalid user yy from 14.103.115.213
Oct 14 17:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32004]: input_userauth_request: invalid user yy [preauth]
Oct 14 17:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32004]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.213
Oct 14 17:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27192]: pam_unix(cron:session): session closed for user root
Oct 14 17:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32004]: Failed password for invalid user yy from 14.103.115.213 port 59862 ssh2
Oct 14 17:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32004]: Received disconnect from 14.103.115.213 port 59862:11: Bye Bye [preauth]
Oct 14 17:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32004]: Disconnected from 14.103.115.213 port 59862 [preauth]
Oct 14 17:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40  user=root
Oct 14 17:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32215]: Failed password for root from 39.109.116.40 port 39934 ssh2
Oct 14 17:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32215]: Received disconnect from 39.109.116.40 port 39934:11: Bye Bye [preauth]
Oct 14 17:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32215]: Disconnected from 39.109.116.40 port 39934 [preauth]
Oct 14 17:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31823]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114  user=root
Oct 14 17:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32277]: Failed password for root from 45.138.158.114 port 60638 ssh2
Oct 14 17:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32277]: Received disconnect from 45.138.158.114 port 60638:11: Bye Bye [preauth]
Oct 14 17:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32277]: Disconnected from 45.138.158.114 port 60638 [preauth]
Oct 14 17:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 2 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data]
Oct 14 17:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32347]: Invalid user admin from 167.172.153.88
Oct 14 17:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32347]: input_userauth_request: invalid user admin [preauth]
Oct 14 17:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32347]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32347]: Failed password for invalid user admin from 167.172.153.88 port 48530 ssh2
Oct 14 17:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32347]: Received disconnect from 167.172.153.88 port 48530:11: Bye Bye [preauth]
Oct 14 17:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32347]: Disconnected from 167.172.153.88 port 48530 [preauth]
Oct 14 17:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30373]: pam_unix(cron:session): session closed for user root
Oct 14 17:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 2 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data]
Oct 14 17:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: Invalid user aziz from 186.235.28.11
Oct 14 17:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: input_userauth_request: invalid user aziz [preauth]
Oct 14 17:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: Failed password for invalid user aziz from 186.235.28.11 port 40292 ssh2
Oct 14 17:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: Received disconnect from 186.235.28.11 port 40292:11: Bye Bye [preauth]
Oct 14 17:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32449]: Disconnected from 186.235.28.11 port 40292 [preauth]
Oct 14 17:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: Invalid user rere from 51.83.98.100
Oct 14 17:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: input_userauth_request: invalid user rere [preauth]
Oct 14 17:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: Failed password for invalid user rere from 51.83.98.100 port 50914 ssh2
Oct 14 17:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: Received disconnect from 51.83.98.100 port 50914:11: Bye Bye [preauth]
Oct 14 17:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: Disconnected from 51.83.98.100 port 50914 [preauth]
Oct 14 17:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32490]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32488]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32558]: Successful su for rubyman by root
Oct 14 17:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32558]: + ??? root:rubyman
Oct 14 17:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412596 of user rubyman.
Oct 14 17:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32558]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412596.
Oct 14 17:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32651]: Invalid user test from 185.156.73.233
Oct 14 17:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32651]: input_userauth_request: invalid user test [preauth]
Oct 14 17:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32651]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 14 17:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28082]: pam_unix(cron:session): session closed for user root
Oct 14 17:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[313]: Invalid user deploy from 185.213.174.209
Oct 14 17:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[313]: input_userauth_request: invalid user deploy [preauth]
Oct 14 17:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[313]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32651]: Failed password for invalid user test from 185.156.73.233 port 22248 ssh2
Oct 14 17:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32651]: Connection closed by 185.156.73.233 port 22248 [preauth]
Oct 14 17:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[313]: Failed password for invalid user deploy from 185.213.174.209 port 53742 ssh2
Oct 14 17:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[313]: Received disconnect from 185.213.174.209 port 53742:11: Bye Bye [preauth]
Oct 14 17:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[313]: Disconnected from 185.213.174.209 port 53742 [preauth]
Oct 14 17:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32487]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 4 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data]
Oct 14 17:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31087]: pam_unix(cron:session): session closed for user root
Oct 14 17:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: Connection reset by 41.63.62.103 port 51706 [preauth]
Oct 14 17:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[522]: Invalid user dummy from 39.109.116.40
Oct 14 17:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[522]: input_userauth_request: invalid user dummy [preauth]
Oct 14 17:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[522]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[522]: Failed password for invalid user dummy from 39.109.116.40 port 44876 ssh2
Oct 14 17:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[522]: Received disconnect from 39.109.116.40 port 44876:11: Bye Bye [preauth]
Oct 14 17:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[522]: Disconnected from 39.109.116.40 port 44876 [preauth]
Oct 14 17:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: Invalid user ftpadmin1 from 45.138.158.114
Oct 14 17:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: input_userauth_request: invalid user ftpadmin1 [preauth]
Oct 14 17:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: Failed password for invalid user ftpadmin1 from 45.138.158.114 port 39254 ssh2
Oct 14 17:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: Received disconnect from 45.138.158.114 port 39254:11: Bye Bye [preauth]
Oct 14 17:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: Disconnected from 45.138.158.114 port 39254 [preauth]
Oct 14 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[612]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[613]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[609]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[611]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[613]: pam_unix(cron:session): session closed for user root
Oct 14 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[607]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[697]: Successful su for rubyman by root
Oct 14 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[697]: + ??? root:rubyman
Oct 14 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412600 of user rubyman.
Oct 14 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[697]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412600.
Oct 14 17:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88  user=root
Oct 14 17:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[609]: pam_unix(cron:session): session closed for user root
Oct 14 17:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29019]: pam_unix(cron:session): session closed for user root
Oct 14 17:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Failed password for root from 167.172.153.88 port 45522 ssh2
Oct 14 17:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Received disconnect from 167.172.153.88 port 45522:11: Bye Bye [preauth]
Oct 14 17:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Disconnected from 167.172.153.88 port 45522 [preauth]
Oct 14 17:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100  user=root
Oct 14 17:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1066]: Failed password for root from 51.83.98.100 port 39392 ssh2
Oct 14 17:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1066]: Received disconnect from 51.83.98.100 port 39392:11: Bye Bye [preauth]
Oct 14 17:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1066]: Disconnected from 51.83.98.100 port 39392 [preauth]
Oct 14 17:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[608]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data
Oct 14 17:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 3 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:46.100.105.199  user=www-data]
Oct 14 17:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31826]: pam_unix(cron:session): session closed for user root
Oct 14 17:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209  user=root
Oct 14 17:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1241]: Failed password for root from 185.213.174.209 port 44466 ssh2
Oct 14 17:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1241]: Received disconnect from 185.213.174.209 port 44466:11: Bye Bye [preauth]
Oct 14 17:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1241]: Disconnected from 185.213.174.209 port 44466 [preauth]
Oct 14 17:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: Invalid user egarcia from 186.235.28.11
Oct 14 17:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: input_userauth_request: invalid user egarcia [preauth]
Oct 14 17:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: Failed password for invalid user egarcia from 186.235.28.11 port 48306 ssh2
Oct 14 17:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: Received disconnect from 186.235.28.11 port 48306:11: Bye Bye [preauth]
Oct 14 17:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: Disconnected from 186.235.28.11 port 48306 [preauth]
Oct 14 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1287]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1286]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1283]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1379]: Successful su for rubyman by root
Oct 14 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1379]: + ??? root:rubyman
Oct 14 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412606 of user rubyman.
Oct 14 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1379]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412606.
Oct 14 17:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Invalid user ppr from 14.103.115.213
Oct 14 17:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: input_userauth_request: invalid user ppr [preauth]
Oct 14 17:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.213
Oct 14 17:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Failed password for invalid user ppr from 14.103.115.213 port 43368 ssh2
Oct 14 17:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Received disconnect from 14.103.115.213 port 43368:11: Bye Bye [preauth]
Oct 14 17:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Disconnected from 14.103.115.213 port 43368 [preauth]
Oct 14 17:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40  user=root
Oct 14 17:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29672]: pam_unix(cron:session): session closed for user root
Oct 14 17:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: Failed password for root from 39.109.116.40 port 45232 ssh2
Oct 14 17:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: Received disconnect from 39.109.116.40 port 45232:11: Bye Bye [preauth]
Oct 14 17:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: Disconnected from 39.109.116.40 port 45232 [preauth]
Oct 14 17:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1284]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: Did not receive identification string from 104.248.58.249
Oct 14 17:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: Invalid user admin from 41.63.62.103
Oct 14 17:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: input_userauth_request: invalid user admin [preauth]
Oct 14 17:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: Failed password for invalid user admin from 41.63.62.103 port 33576 ssh2
Oct 14 17:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: Received disconnect from 41.63.62.103 port 33576:11: Bye Bye [preauth]
Oct 14 17:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: Disconnected from 41.63.62.103 port 33576 [preauth]
Oct 14 17:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: Invalid user tet from 45.138.158.114
Oct 14 17:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: input_userauth_request: invalid user tet [preauth]
Oct 14 17:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: Failed password for invalid user tet from 45.138.158.114 port 52344 ssh2
Oct 14 17:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: Received disconnect from 45.138.158.114 port 52344:11: Bye Bye [preauth]
Oct 14 17:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: Disconnected from 45.138.158.114 port 52344 [preauth]
Oct 14 17:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: Invalid user osvaldo from 51.83.98.100
Oct 14 17:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: input_userauth_request: invalid user osvaldo [preauth]
Oct 14 17:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: Failed password for invalid user osvaldo from 51.83.98.100 port 39178 ssh2
Oct 14 17:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: Received disconnect from 51.83.98.100 port 39178:11: Bye Bye [preauth]
Oct 14 17:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1706]: Disconnected from 51.83.98.100 port 39178 [preauth]
Oct 14 17:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32490]: pam_unix(cron:session): session closed for user root
Oct 14 17:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: Invalid user jenkins from 167.172.153.88
Oct 14 17:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 17:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: Failed password for invalid user jenkins from 167.172.153.88 port 57288 ssh2
Oct 14 17:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: Received disconnect from 167.172.153.88 port 57288:11: Bye Bye [preauth]
Oct 14 17:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: Disconnected from 167.172.153.88 port 57288 [preauth]
Oct 14 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1818]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1819]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1816]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1996]: Successful su for rubyman by root
Oct 14 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1996]: + ??? root:rubyman
Oct 14 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412609 of user rubyman.
Oct 14 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1996]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412609.
Oct 14 17:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30372]: pam_unix(cron:session): session closed for user root
Oct 14 17:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1817]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Invalid user root1 from 185.213.174.209
Oct 14 17:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: input_userauth_request: invalid user root1 [preauth]
Oct 14 17:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Failed password for invalid user root1 from 185.213.174.209 port 42774 ssh2
Oct 14 17:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Received disconnect from 185.213.174.209 port 42774:11: Bye Bye [preauth]
Oct 14 17:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Disconnected from 185.213.174.209 port 42774 [preauth]
Oct 14 17:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: Invalid user office from 14.103.115.213
Oct 14 17:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: input_userauth_request: invalid user office [preauth]
Oct 14 17:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.213
Oct 14 17:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: Failed password for invalid user office from 14.103.115.213 port 59232 ssh2
Oct 14 17:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: Received disconnect from 14.103.115.213 port 59232:11: Bye Bye [preauth]
Oct 14 17:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: Disconnected from 14.103.115.213 port 59232 [preauth]
Oct 14 17:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: Invalid user minecraft from 39.109.116.40
Oct 14 17:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 17:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: Failed password for invalid user minecraft from 39.109.116.40 port 54310 ssh2
Oct 14 17:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: Received disconnect from 39.109.116.40 port 54310:11: Bye Bye [preauth]
Oct 14 17:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: Disconnected from 39.109.116.40 port 54310 [preauth]
Oct 14 17:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: Invalid user tet from 51.83.98.100
Oct 14 17:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: input_userauth_request: invalid user tet [preauth]
Oct 14 17:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[612]: pam_unix(cron:session): session closed for user root
Oct 14 17:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: Failed password for invalid user tet from 51.83.98.100 port 55060 ssh2
Oct 14 17:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: Received disconnect from 51.83.98.100 port 55060:11: Bye Bye [preauth]
Oct 14 17:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: Disconnected from 51.83.98.100 port 55060 [preauth]
Oct 14 17:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11  user=root
Oct 14 17:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: Failed password for root from 186.235.28.11 port 56318 ssh2
Oct 14 17:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: Received disconnect from 186.235.28.11 port 56318:11: Bye Bye [preauth]
Oct 14 17:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: Disconnected from 186.235.28.11 port 56318 [preauth]
Oct 14 17:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103  user=root
Oct 14 17:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Invalid user kamil from 45.138.158.114
Oct 14 17:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: input_userauth_request: invalid user kamil [preauth]
Oct 14 17:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: Failed password for root from 41.63.62.103 port 44944 ssh2
Oct 14 17:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: Received disconnect from 41.63.62.103 port 44944:11: Bye Bye [preauth]
Oct 14 17:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: Disconnected from 41.63.62.103 port 44944 [preauth]
Oct 14 17:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Failed password for invalid user kamil from 45.138.158.114 port 35588 ssh2
Oct 14 17:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Received disconnect from 45.138.158.114 port 35588:11: Bye Bye [preauth]
Oct 14 17:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Disconnected from 45.138.158.114 port 35588 [preauth]
Oct 14 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2373]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2375]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2371]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2449]: Successful su for rubyman by root
Oct 14 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2449]: + ??? root:rubyman
Oct 14 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412614 of user rubyman.
Oct 14 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2449]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412614.
Oct 14 17:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: Invalid user neeraj from 167.172.153.88
Oct 14 17:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: input_userauth_request: invalid user neeraj [preauth]
Oct 14 17:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: Failed password for invalid user neeraj from 167.172.153.88 port 38104 ssh2
Oct 14 17:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: Received disconnect from 167.172.153.88 port 38104:11: Bye Bye [preauth]
Oct 14 17:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2545]: Disconnected from 167.172.153.88 port 38104 [preauth]
Oct 14 17:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31086]: pam_unix(cron:session): session closed for user root
Oct 14 17:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2372]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1287]: pam_unix(cron:session): session closed for user root
Oct 14 17:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: Invalid user cha from 185.213.174.209
Oct 14 17:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: input_userauth_request: invalid user cha [preauth]
Oct 14 17:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: Invalid user ts1 from 51.83.98.100
Oct 14 17:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: input_userauth_request: invalid user ts1 [preauth]
Oct 14 17:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: Failed password for invalid user cha from 185.213.174.209 port 45580 ssh2
Oct 14 17:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: Received disconnect from 185.213.174.209 port 45580:11: Bye Bye [preauth]
Oct 14 17:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: Disconnected from 185.213.174.209 port 45580 [preauth]
Oct 14 17:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: Failed password for invalid user ts1 from 51.83.98.100 port 36154 ssh2
Oct 14 17:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: Received disconnect from 51.83.98.100 port 36154:11: Bye Bye [preauth]
Oct 14 17:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: Disconnected from 51.83.98.100 port 36154 [preauth]
Oct 14 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2836]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2835]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2833]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2911]: Successful su for rubyman by root
Oct 14 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2911]: + ??? root:rubyman
Oct 14 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412619 of user rubyman.
Oct 14 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2911]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412619.
Oct 14 17:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: Invalid user botuser from 39.109.116.40
Oct 14 17:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: input_userauth_request: invalid user botuser [preauth]
Oct 14 17:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: Failed password for invalid user botuser from 39.109.116.40 port 36968 ssh2
Oct 14 17:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: Received disconnect from 39.109.116.40 port 36968:11: Bye Bye [preauth]
Oct 14 17:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: Disconnected from 39.109.116.40 port 36968 [preauth]
Oct 14 17:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31825]: pam_unix(cron:session): session closed for user root
Oct 14 17:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2834]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: Invalid user wallabag from 45.138.158.114
Oct 14 17:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: input_userauth_request: invalid user wallabag [preauth]
Oct 14 17:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: Failed password for invalid user wallabag from 45.138.158.114 port 55950 ssh2
Oct 14 17:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: Received disconnect from 45.138.158.114 port 55950:11: Bye Bye [preauth]
Oct 14 17:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: Disconnected from 45.138.158.114 port 55950 [preauth]
Oct 14 17:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: Invalid user devops from 41.63.62.103
Oct 14 17:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: input_userauth_request: invalid user devops [preauth]
Oct 14 17:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: Failed password for invalid user devops from 41.63.62.103 port 58756 ssh2
Oct 14 17:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: Received disconnect from 41.63.62.103 port 58756:11: Bye Bye [preauth]
Oct 14 17:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: Disconnected from 41.63.62.103 port 58756 [preauth]
Oct 14 17:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: Invalid user ava from 167.172.153.88
Oct 14 17:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: input_userauth_request: invalid user ava [preauth]
Oct 14 17:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: Failed password for invalid user ava from 167.172.153.88 port 50884 ssh2
Oct 14 17:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: Received disconnect from 167.172.153.88 port 50884:11: Bye Bye [preauth]
Oct 14 17:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: Disconnected from 167.172.153.88 port 50884 [preauth]
Oct 14 17:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1819]: pam_unix(cron:session): session closed for user root
Oct 14 17:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: Invalid user ftpuser from 186.235.28.11
Oct 14 17:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 17:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: Failed password for invalid user ftpuser from 186.235.28.11 port 36100 ssh2
Oct 14 17:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: Received disconnect from 186.235.28.11 port 36100:11: Bye Bye [preauth]
Oct 14 17:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3224]: Disconnected from 186.235.28.11 port 36100 [preauth]
Oct 14 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3291]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3290]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3292]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3293]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3293]: pam_unix(cron:session): session closed for user root
Oct 14 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: Invalid user tao from 51.83.98.100
Oct 14 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: input_userauth_request: invalid user tao [preauth]
Oct 14 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3392]: Successful su for rubyman by root
Oct 14 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3392]: + ??? root:rubyman
Oct 14 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412623 of user rubyman.
Oct 14 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3392]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412623.
Oct 14 17:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: Failed password for invalid user tao from 51.83.98.100 port 36270 ssh2
Oct 14 17:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: Received disconnect from 51.83.98.100 port 36270:11: Bye Bye [preauth]
Oct 14 17:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: Disconnected from 51.83.98.100 port 36270 [preauth]
Oct 14 17:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3290]: pam_unix(cron:session): session closed for user root
Oct 14 17:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32488]: pam_unix(cron:session): session closed for user root
Oct 14 17:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Invalid user mapadmin from 185.213.174.209
Oct 14 17:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: input_userauth_request: invalid user mapadmin [preauth]
Oct 14 17:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3288]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Failed password for invalid user mapadmin from 185.213.174.209 port 33404 ssh2
Oct 14 17:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Received disconnect from 185.213.174.209 port 33404:11: Bye Bye [preauth]
Oct 14 17:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Disconnected from 185.213.174.209 port 33404 [preauth]
Oct 14 17:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2375]: pam_unix(cron:session): session closed for user root
Oct 14 17:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3722]: Invalid user a from 39.109.116.40
Oct 14 17:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3722]: input_userauth_request: invalid user a [preauth]
Oct 14 17:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3722]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3722]: Failed password for invalid user a from 39.109.116.40 port 48854 ssh2
Oct 14 17:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3722]: Received disconnect from 39.109.116.40 port 48854:11: Bye Bye [preauth]
Oct 14 17:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3722]: Disconnected from 39.109.116.40 port 48854 [preauth]
Oct 14 17:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3745]: Invalid user liuhao from 45.138.158.114
Oct 14 17:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3745]: input_userauth_request: invalid user liuhao [preauth]
Oct 14 17:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3745]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3745]: Failed password for invalid user liuhao from 45.138.158.114 port 44302 ssh2
Oct 14 17:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3745]: Received disconnect from 45.138.158.114 port 44302:11: Bye Bye [preauth]
Oct 14 17:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3745]: Disconnected from 45.138.158.114 port 44302 [preauth]
Oct 14 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3794]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3792]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3790]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3886]: Successful su for rubyman by root
Oct 14 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3886]: + ??? root:rubyman
Oct 14 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412627 of user rubyman.
Oct 14 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3886]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412627.
Oct 14 17:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88  user=root
Oct 14 17:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3911]: Failed password for root from 167.172.153.88 port 34924 ssh2
Oct 14 17:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3911]: Received disconnect from 167.172.153.88 port 34924:11: Bye Bye [preauth]
Oct 14 17:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3911]: Disconnected from 167.172.153.88 port 34924 [preauth]
Oct 14 17:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3969]: Invalid user runner from 41.63.62.103
Oct 14 17:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3969]: input_userauth_request: invalid user runner [preauth]
Oct 14 17:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3969]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3969]: Failed password for invalid user runner from 41.63.62.103 port 55918 ssh2
Oct 14 17:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3969]: Received disconnect from 41.63.62.103 port 55918:11: Bye Bye [preauth]
Oct 14 17:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3969]: Disconnected from 41.63.62.103 port 55918 [preauth]
Oct 14 17:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[611]: pam_unix(cron:session): session closed for user root
Oct 14 17:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100  user=root
Oct 14 17:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3791]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Failed password for root from 51.83.98.100 port 51630 ssh2
Oct 14 17:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Received disconnect from 51.83.98.100 port 51630:11: Bye Bye [preauth]
Oct 14 17:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Disconnected from 51.83.98.100 port 51630 [preauth]
Oct 14 17:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: Invalid user paulina from 186.235.28.11
Oct 14 17:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: input_userauth_request: invalid user paulina [preauth]
Oct 14 17:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: Failed password for invalid user paulina from 186.235.28.11 port 44112 ssh2
Oct 14 17:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: Received disconnect from 186.235.28.11 port 44112:11: Bye Bye [preauth]
Oct 14 17:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: Disconnected from 186.235.28.11 port 44112 [preauth]
Oct 14 17:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2836]: pam_unix(cron:session): session closed for user root
Oct 14 17:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: Invalid user ubnt from 185.156.73.233
Oct 14 17:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: input_userauth_request: invalid user ubnt [preauth]
Oct 14 17:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 14 17:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: Failed password for invalid user ubnt from 185.156.73.233 port 36992 ssh2
Oct 14 17:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: Connection closed by 185.156.73.233 port 36992 [preauth]
Oct 14 17:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4299]: Invalid user smart from 185.213.174.209
Oct 14 17:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4299]: input_userauth_request: invalid user smart [preauth]
Oct 14 17:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4299]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4299]: Failed password for invalid user smart from 185.213.174.209 port 56254 ssh2
Oct 14 17:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4299]: Received disconnect from 185.213.174.209 port 56254:11: Bye Bye [preauth]
Oct 14 17:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4299]: Disconnected from 185.213.174.209 port 56254 [preauth]
Oct 14 17:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4297]: Invalid user ftpuser from 14.103.115.213
Oct 14 17:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4297]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 17:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4297]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.213
Oct 14 17:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4297]: Failed password for invalid user ftpuser from 14.103.115.213 port 34988 ssh2
Oct 14 17:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4297]: Received disconnect from 14.103.115.213 port 34988:11: Bye Bye [preauth]
Oct 14 17:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4297]: Disconnected from 14.103.115.213 port 34988 [preauth]
Oct 14 17:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 14 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4332]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4333]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4329]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: Failed password for root from 20.163.71.109 port 34030 ssh2
Oct 14 17:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4316]: Connection closed by 20.163.71.109 port 34030 [preauth]
Oct 14 17:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4398]: Successful su for rubyman by root
Oct 14 17:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4398]: + ??? root:rubyman
Oct 14 17:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412631 of user rubyman.
Oct 14 17:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4398]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412631.
Oct 14 17:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1286]: pam_unix(cron:session): session closed for user root
Oct 14 17:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: Invalid user devops from 39.109.116.40
Oct 14 17:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: input_userauth_request: invalid user devops [preauth]
Oct 14 17:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: Failed password for invalid user devops from 39.109.116.40 port 51832 ssh2
Oct 14 17:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: Received disconnect from 39.109.116.40 port 51832:11: Bye Bye [preauth]
Oct 14 17:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4608]: Disconnected from 39.109.116.40 port 51832 [preauth]
Oct 14 17:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: Invalid user dmdba from 45.138.158.114
Oct 14 17:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: input_userauth_request: invalid user dmdba [preauth]
Oct 14 17:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4330]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: Failed password for invalid user dmdba from 45.138.158.114 port 51028 ssh2
Oct 14 17:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: Received disconnect from 45.138.158.114 port 51028:11: Bye Bye [preauth]
Oct 14 17:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: Disconnected from 45.138.158.114 port 51028 [preauth]
Oct 14 17:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Invalid user ftpadmin1 from 51.83.98.100
Oct 14 17:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: input_userauth_request: invalid user ftpadmin1 [preauth]
Oct 14 17:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88  user=root
Oct 14 17:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Failed password for invalid user ftpadmin1 from 51.83.98.100 port 46796 ssh2
Oct 14 17:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Received disconnect from 51.83.98.100 port 46796:11: Bye Bye [preauth]
Oct 14 17:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Disconnected from 51.83.98.100 port 46796 [preauth]
Oct 14 17:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4730]: Failed password for root from 167.172.153.88 port 57930 ssh2
Oct 14 17:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4730]: Received disconnect from 167.172.153.88 port 57930:11: Bye Bye [preauth]
Oct 14 17:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4730]: Disconnected from 167.172.153.88 port 57930 [preauth]
Oct 14 17:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3292]: pam_unix(cron:session): session closed for user root
Oct 14 17:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: Invalid user ahmed from 41.63.62.103
Oct 14 17:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: input_userauth_request: invalid user ahmed [preauth]
Oct 14 17:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: Failed password for invalid user ahmed from 41.63.62.103 port 58662 ssh2
Oct 14 17:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: Received disconnect from 41.63.62.103 port 58662:11: Bye Bye [preauth]
Oct 14 17:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4778]: Disconnected from 41.63.62.103 port 58662 [preauth]
Oct 14 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4831]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4830]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4828]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4949]: Successful su for rubyman by root
Oct 14 17:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4949]: + ??? root:rubyman
Oct 14 17:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412635 of user rubyman.
Oct 14 17:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4949]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412635.
Oct 14 17:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1818]: pam_unix(cron:session): session closed for user root
Oct 14 17:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4829]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.213  user=root
Oct 14 17:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5619]: Failed password for root from 14.103.115.213 port 46644 ssh2
Oct 14 17:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5619]: Received disconnect from 14.103.115.213 port 46644:11: Bye Bye [preauth]
Oct 14 17:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5619]: Disconnected from 14.103.115.213 port 46644 [preauth]
Oct 14 17:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: Invalid user wallabag from 185.213.174.209
Oct 14 17:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: input_userauth_request: invalid user wallabag [preauth]
Oct 14 17:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: Failed password for invalid user wallabag from 185.213.174.209 port 54876 ssh2
Oct 14 17:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: Received disconnect from 185.213.174.209 port 54876:11: Bye Bye [preauth]
Oct 14 17:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: Disconnected from 185.213.174.209 port 54876 [preauth]
Oct 14 17:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11  user=root
Oct 14 17:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: Failed password for root from 186.235.28.11 port 52118 ssh2
Oct 14 17:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: Received disconnect from 186.235.28.11 port 52118:11: Bye Bye [preauth]
Oct 14 17:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5659]: Disconnected from 186.235.28.11 port 52118 [preauth]
Oct 14 17:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3794]: pam_unix(cron:session): session closed for user root
Oct 14 17:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Invalid user amir from 39.109.116.40
Oct 14 17:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: input_userauth_request: invalid user amir [preauth]
Oct 14 17:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Failed password for invalid user amir from 39.109.116.40 port 60118 ssh2
Oct 14 17:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Received disconnect from 39.109.116.40 port 60118:11: Bye Bye [preauth]
Oct 14 17:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Disconnected from 39.109.116.40 port 60118 [preauth]
Oct 14 17:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: Invalid user deploy from 51.83.98.100
Oct 14 17:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: input_userauth_request: invalid user deploy [preauth]
Oct 14 17:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: Failed password for invalid user deploy from 51.83.98.100 port 34588 ssh2
Oct 14 17:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: Received disconnect from 51.83.98.100 port 34588:11: Bye Bye [preauth]
Oct 14 17:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: Disconnected from 51.83.98.100 port 34588 [preauth]
Oct 14 17:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: Invalid user root1 from 45.138.158.114
Oct 14 17:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: input_userauth_request: invalid user root1 [preauth]
Oct 14 17:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: Failed password for invalid user root1 from 45.138.158.114 port 41436 ssh2
Oct 14 17:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: Received disconnect from 45.138.158.114 port 41436:11: Bye Bye [preauth]
Oct 14 17:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5739]: Disconnected from 45.138.158.114 port 41436 [preauth]
Oct 14 17:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5801]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5800]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5796]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: Invalid user 1 from 167.172.153.88
Oct 14 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: input_userauth_request: invalid user 1 [preauth]
Oct 14 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5879]: Successful su for rubyman by root
Oct 14 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5879]: + ??? root:rubyman
Oct 14 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412640 of user rubyman.
Oct 14 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5879]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412640.
Oct 14 17:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: Failed password for invalid user 1 from 167.172.153.88 port 48750 ssh2
Oct 14 17:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: Received disconnect from 167.172.153.88 port 48750:11: Bye Bye [preauth]
Oct 14 17:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5790]: Disconnected from 167.172.153.88 port 48750 [preauth]
Oct 14 17:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2373]: pam_unix(cron:session): session closed for user root
Oct 14 17:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5798]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: User john from 41.63.62.103 not allowed because not listed in AllowUsers
Oct 14 17:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: input_userauth_request: invalid user john [preauth]
Oct 14 17:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103  user=john
Oct 14 17:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: Failed password for invalid user john from 41.63.62.103 port 38802 ssh2
Oct 14 17:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: Received disconnect from 41.63.62.103 port 38802:11: Bye Bye [preauth]
Oct 14 17:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6096]: Disconnected from 41.63.62.103 port 38802 [preauth]
Oct 14 17:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4333]: pam_unix(cron:session): session closed for user root
Oct 14 17:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: Invalid user halo from 185.213.174.209
Oct 14 17:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: input_userauth_request: invalid user halo [preauth]
Oct 14 17:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: Failed password for invalid user halo from 185.213.174.209 port 49872 ssh2
Oct 14 17:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: Received disconnect from 185.213.174.209 port 49872:11: Bye Bye [preauth]
Oct 14 17:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: Disconnected from 185.213.174.209 port 49872 [preauth]
Oct 14 17:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: Invalid user rbs from 51.83.98.100
Oct 14 17:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: input_userauth_request: invalid user rbs [preauth]
Oct 14 17:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: Failed password for invalid user rbs from 51.83.98.100 port 45856 ssh2
Oct 14 17:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: Received disconnect from 51.83.98.100 port 45856:11: Bye Bye [preauth]
Oct 14 17:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6243]: Disconnected from 51.83.98.100 port 45856 [preauth]
Oct 14 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6259]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6258]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6260]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6261]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6261]: pam_unix(cron:session): session closed for user root
Oct 14 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6256]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: Successful su for rubyman by root
Oct 14 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: + ??? root:rubyman
Oct 14 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412646 of user rubyman.
Oct 14 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412646.
Oct 14 17:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Invalid user ftpuser from 39.109.116.40
Oct 14 17:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 17:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Failed password for invalid user ftpuser from 39.109.116.40 port 41754 ssh2
Oct 14 17:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Received disconnect from 39.109.116.40 port 41754:11: Bye Bye [preauth]
Oct 14 17:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Disconnected from 39.109.116.40 port 41754 [preauth]
Oct 14 17:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6258]: pam_unix(cron:session): session closed for user root
Oct 14 17:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: Invalid user wyk from 45.138.158.114
Oct 14 17:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: input_userauth_request: invalid user wyk [preauth]
Oct 14 17:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2835]: pam_unix(cron:session): session closed for user root
Oct 14 17:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: Failed password for invalid user wyk from 45.138.158.114 port 33884 ssh2
Oct 14 17:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: Received disconnect from 45.138.158.114 port 33884:11: Bye Bye [preauth]
Oct 14 17:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: Disconnected from 45.138.158.114 port 33884 [preauth]
Oct 14 17:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: Invalid user nextcloud from 186.235.28.11
Oct 14 17:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: input_userauth_request: invalid user nextcloud [preauth]
Oct 14 17:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6257]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: Failed password for invalid user nextcloud from 186.235.28.11 port 60136 ssh2
Oct 14 17:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: Received disconnect from 186.235.28.11 port 60136:11: Bye Bye [preauth]
Oct 14 17:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: Disconnected from 186.235.28.11 port 60136 [preauth]
Oct 14 17:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6736]: Invalid user alba from 167.172.153.88
Oct 14 17:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6736]: input_userauth_request: invalid user alba [preauth]
Oct 14 17:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6736]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6736]: Failed password for invalid user alba from 167.172.153.88 port 47508 ssh2
Oct 14 17:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6736]: Received disconnect from 167.172.153.88 port 47508:11: Bye Bye [preauth]
Oct 14 17:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6736]: Disconnected from 167.172.153.88 port 47508 [preauth]
Oct 14 17:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4831]: pam_unix(cron:session): session closed for user root
Oct 14 17:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6835]: Invalid user ansible from 41.63.62.103
Oct 14 17:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6835]: input_userauth_request: invalid user ansible [preauth]
Oct 14 17:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6835]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6835]: Failed password for invalid user ansible from 41.63.62.103 port 36946 ssh2
Oct 14 17:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6835]: Received disconnect from 41.63.62.103 port 36946:11: Bye Bye [preauth]
Oct 14 17:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6835]: Disconnected from 41.63.62.103 port 36946 [preauth]
Oct 14 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6850]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6851]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6848]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6945]: Successful su for rubyman by root
Oct 14 17:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6945]: + ??? root:rubyman
Oct 14 17:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412649 of user rubyman.
Oct 14 17:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6945]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412649.
Oct 14 17:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: Invalid user kamil from 51.83.98.100
Oct 14 17:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: input_userauth_request: invalid user kamil [preauth]
Oct 14 17:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: Failed password for invalid user kamil from 51.83.98.100 port 55430 ssh2
Oct 14 17:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: Received disconnect from 51.83.98.100 port 55430:11: Bye Bye [preauth]
Oct 14 17:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: Disconnected from 51.83.98.100 port 55430 [preauth]
Oct 14 17:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: Invalid user sysop from 199.195.254.152
Oct 14 17:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: input_userauth_request: invalid user sysop [preauth]
Oct 14 17:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.195.254.152
Oct 14 17:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3291]: pam_unix(cron:session): session closed for user root
Oct 14 17:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: Failed password for invalid user sysop from 199.195.254.152 port 60242 ssh2
Oct 14 17:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: Connection closed by 199.195.254.152 port 60242 [preauth]
Oct 14 17:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: Invalid user sysop from 199.195.254.152
Oct 14 17:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: input_userauth_request: invalid user sysop [preauth]
Oct 14 17:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: Failed none for invalid user sysop from 199.195.254.152 port 60258 ssh2
Oct 14 17:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: Connection closed by 199.195.254.152 port 60258 [preauth]
Oct 14 17:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6849]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: Invalid user es from 185.213.174.209
Oct 14 17:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: input_userauth_request: invalid user es [preauth]
Oct 14 17:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: Failed password for invalid user es from 185.213.174.209 port 39656 ssh2
Oct 14 17:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: Received disconnect from 185.213.174.209 port 39656:11: Bye Bye [preauth]
Oct 14 17:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7285]: Disconnected from 185.213.174.209 port 39656 [preauth]
Oct 14 17:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Invalid user user1 from 39.109.116.40
Oct 14 17:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: input_userauth_request: invalid user user1 [preauth]
Oct 14 17:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.116.40
Oct 14 17:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Failed password for invalid user user1 from 39.109.116.40 port 46062 ssh2
Oct 14 17:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Received disconnect from 39.109.116.40 port 46062:11: Bye Bye [preauth]
Oct 14 17:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Disconnected from 39.109.116.40 port 46062 [preauth]
Oct 14 17:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5801]: pam_unix(cron:session): session closed for user root
Oct 14 17:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: Invalid user portfolio from 45.138.158.114
Oct 14 17:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: input_userauth_request: invalid user portfolio [preauth]
Oct 14 17:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: Failed password for invalid user portfolio from 45.138.158.114 port 33938 ssh2
Oct 14 17:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: Received disconnect from 45.138.158.114 port 33938:11: Bye Bye [preauth]
Oct 14 17:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7366]: Disconnected from 45.138.158.114 port 33938 [preauth]
Oct 14 17:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Invalid user chris from 167.172.153.88
Oct 14 17:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: input_userauth_request: invalid user chris [preauth]
Oct 14 17:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7440]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7441]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7438]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Failed password for invalid user chris from 167.172.153.88 port 48016 ssh2
Oct 14 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Received disconnect from 167.172.153.88 port 48016:11: Bye Bye [preauth]
Oct 14 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Disconnected from 167.172.153.88 port 48016 [preauth]
Oct 14 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7512]: Successful su for rubyman by root
Oct 14 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7512]: + ??? root:rubyman
Oct 14 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412654 of user rubyman.
Oct 14 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7512]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412654.
Oct 14 17:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3792]: pam_unix(cron:session): session closed for user root
Oct 14 17:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7727]: Invalid user alpha from 186.235.28.11
Oct 14 17:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7727]: input_userauth_request: invalid user alpha [preauth]
Oct 14 17:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7727]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7439]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7727]: Failed password for invalid user alpha from 186.235.28.11 port 39914 ssh2
Oct 14 17:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7727]: Received disconnect from 186.235.28.11 port 39914:11: Bye Bye [preauth]
Oct 14 17:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7727]: Disconnected from 186.235.28.11 port 39914 [preauth]
Oct 14 17:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100  user=root
Oct 14 17:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7771]: Failed password for root from 51.83.98.100 port 57050 ssh2
Oct 14 17:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7771]: Received disconnect from 51.83.98.100 port 57050:11: Bye Bye [preauth]
Oct 14 17:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7771]: Disconnected from 51.83.98.100 port 57050 [preauth]
Oct 14 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: Invalid user www from 41.63.62.103
Oct 14 17:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: input_userauth_request: invalid user www [preauth]
Oct 14 17:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: Failed password for invalid user www from 41.63.62.103 port 44044 ssh2
Oct 14 17:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: Received disconnect from 41.63.62.103 port 44044:11: Bye Bye [preauth]
Oct 14 17:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: Disconnected from 41.63.62.103 port 44044 [preauth]
Oct 14 17:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6260]: pam_unix(cron:session): session closed for user root
Oct 14 17:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: Invalid user rbs from 185.213.174.209
Oct 14 17:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: input_userauth_request: invalid user rbs [preauth]
Oct 14 17:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: Failed password for invalid user rbs from 185.213.174.209 port 39980 ssh2
Oct 14 17:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: Received disconnect from 185.213.174.209 port 39980:11: Bye Bye [preauth]
Oct 14 17:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8319]: Disconnected from 185.213.174.209 port 39980 [preauth]
Oct 14 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8331]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8330]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8328]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8424]: Successful su for rubyman by root
Oct 14 17:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8424]: + ??? root:rubyman
Oct 14 17:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412657 of user rubyman.
Oct 14 17:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8424]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412657.
Oct 14 17:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4332]: pam_unix(cron:session): session closed for user root
Oct 14 17:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8628]: Invalid user halo from 45.138.158.114
Oct 14 17:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8628]: input_userauth_request: invalid user halo [preauth]
Oct 14 17:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8628]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8628]: Failed password for invalid user halo from 45.138.158.114 port 46828 ssh2
Oct 14 17:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8628]: Received disconnect from 45.138.158.114 port 46828:11: Bye Bye [preauth]
Oct 14 17:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8628]: Disconnected from 45.138.158.114 port 46828 [preauth]
Oct 14 17:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8329]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8716]: Invalid user ubuntu from 167.172.153.88
Oct 14 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8716]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8716]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8716]: Failed password for invalid user ubuntu from 167.172.153.88 port 52086 ssh2
Oct 14 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8716]: Received disconnect from 167.172.153.88 port 52086:11: Bye Bye [preauth]
Oct 14 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8716]: Disconnected from 167.172.153.88 port 52086 [preauth]
Oct 14 17:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6851]: pam_unix(cron:session): session closed for user root
Oct 14 17:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: Invalid user ftpuser from 51.83.98.100
Oct 14 17:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 17:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: Failed password for invalid user ftpuser from 51.83.98.100 port 53672 ssh2
Oct 14 17:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: Received disconnect from 51.83.98.100 port 53672:11: Bye Bye [preauth]
Oct 14 17:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8872]: Disconnected from 51.83.98.100 port 53672 [preauth]
Oct 14 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8926]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8925]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8921]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8923]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9113]: Successful su for rubyman by root
Oct 14 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9113]: + ??? root:rubyman
Oct 14 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412661 of user rubyman.
Oct 14 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9113]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412661.
Oct 14 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8921]: pam_unix(cron:session): session closed for user root
Oct 14 17:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4830]: pam_unix(cron:session): session closed for user root
Oct 14 17:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: Invalid user cpc from 186.235.28.11
Oct 14 17:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: input_userauth_request: invalid user cpc [preauth]
Oct 14 17:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: Failed password for invalid user cpc from 186.235.28.11 port 47926 ssh2
Oct 14 17:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: Received disconnect from 186.235.28.11 port 47926:11: Bye Bye [preauth]
Oct 14 17:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: Disconnected from 186.235.28.11 port 47926 [preauth]
Oct 14 17:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: Invalid user newuser from 41.63.62.103
Oct 14 17:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: input_userauth_request: invalid user newuser [preauth]
Oct 14 17:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8924]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: Failed password for invalid user newuser from 41.63.62.103 port 34944 ssh2
Oct 14 17:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: Received disconnect from 41.63.62.103 port 34944:11: Bye Bye [preauth]
Oct 14 17:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: Disconnected from 41.63.62.103 port 34944 [preauth]
Oct 14 17:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Invalid user kamil from 185.213.174.209
Oct 14 17:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: input_userauth_request: invalid user kamil [preauth]
Oct 14 17:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Failed password for invalid user kamil from 185.213.174.209 port 39050 ssh2
Oct 14 17:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Received disconnect from 185.213.174.209 port 39050:11: Bye Bye [preauth]
Oct 14 17:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Disconnected from 185.213.174.209 port 39050 [preauth]
Oct 14 17:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7441]: pam_unix(cron:session): session closed for user root
Oct 14 17:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Invalid user deploy from 45.138.158.114
Oct 14 17:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: input_userauth_request: invalid user deploy [preauth]
Oct 14 17:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Failed password for invalid user deploy from 45.138.158.114 port 45920 ssh2
Oct 14 17:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Received disconnect from 45.138.158.114 port 45920:11: Bye Bye [preauth]
Oct 14 17:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Disconnected from 45.138.158.114 port 45920 [preauth]
Oct 14 17:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100  user=root
Oct 14 17:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: Failed password for root from 51.83.98.100 port 53534 ssh2
Oct 14 17:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: Received disconnect from 51.83.98.100 port 53534:11: Bye Bye [preauth]
Oct 14 17:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: Disconnected from 51.83.98.100 port 53534 [preauth]
Oct 14 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9716]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9698]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9718]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9709]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9692]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9718]: pam_unix(cron:session): session closed for user root
Oct 14 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9692]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Invalid user raju from 167.172.153.88
Oct 14 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: input_userauth_request: invalid user raju [preauth]
Oct 14 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Failed password for invalid user raju from 167.172.153.88 port 60036 ssh2
Oct 14 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Received disconnect from 167.172.153.88 port 60036:11: Bye Bye [preauth]
Oct 14 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Disconnected from 167.172.153.88 port 60036 [preauth]
Oct 14 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9879]: Successful su for rubyman by root
Oct 14 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9879]: + ??? root:rubyman
Oct 14 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412666 of user rubyman.
Oct 14 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9879]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412666.
Oct 14 17:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9698]: pam_unix(cron:session): session closed for user root
Oct 14 17:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5800]: pam_unix(cron:session): session closed for user root
Oct 14 17:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: Connection closed by 80.94.95.116 port 59210 [preauth]
Oct 14 17:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9697]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8331]: pam_unix(cron:session): session closed for user root
Oct 14 17:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10285]: Invalid user ftpuser from 41.63.62.103
Oct 14 17:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10285]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 17:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10285]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103
Oct 14 17:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10285]: Failed password for invalid user ftpuser from 41.63.62.103 port 53780 ssh2
Oct 14 17:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10285]: Received disconnect from 41.63.62.103 port 53780:11: Bye Bye [preauth]
Oct 14 17:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10285]: Disconnected from 41.63.62.103 port 53780 [preauth]
Oct 14 17:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10297]: Invalid user ftpuser from 185.213.174.209
Oct 14 17:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10297]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 17:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10297]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10297]: Failed password for invalid user ftpuser from 185.213.174.209 port 59012 ssh2
Oct 14 17:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10297]: Received disconnect from 185.213.174.209 port 59012:11: Bye Bye [preauth]
Oct 14 17:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10297]: Disconnected from 185.213.174.209 port 59012 [preauth]
Oct 14 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10306]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10308]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10302]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10405]: Successful su for rubyman by root
Oct 14 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10405]: + ??? root:rubyman
Oct 14 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10405]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412672 of user rubyman.
Oct 14 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10405]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412672.
Oct 14 17:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10444]: Invalid user miriam from 186.235.28.11
Oct 14 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10444]: input_userauth_request: invalid user miriam [preauth]
Oct 14 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10444]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10444]: Failed password for invalid user miriam from 186.235.28.11 port 55932 ssh2
Oct 14 17:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10444]: Received disconnect from 186.235.28.11 port 55932:11: Bye Bye [preauth]
Oct 14 17:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10444]: Disconnected from 186.235.28.11 port 55932 [preauth]
Oct 14 17:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: Invalid user dmdba from 51.83.98.100
Oct 14 17:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: input_userauth_request: invalid user dmdba [preauth]
Oct 14 17:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114  user=root
Oct 14 17:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10570]: Did not receive identification string from 47.96.95.36
Oct 14 17:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: Failed password for invalid user dmdba from 51.83.98.100 port 39530 ssh2
Oct 14 17:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: Received disconnect from 51.83.98.100 port 39530:11: Bye Bye [preauth]
Oct 14 17:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: Disconnected from 51.83.98.100 port 39530 [preauth]
Oct 14 17:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10547]: Failed password for root from 45.138.158.114 port 39070 ssh2
Oct 14 17:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10547]: Received disconnect from 45.138.158.114 port 39070:11: Bye Bye [preauth]
Oct 14 17:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10547]: Disconnected from 45.138.158.114 port 39070 [preauth]
Oct 14 17:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6259]: pam_unix(cron:session): session closed for user root
Oct 14 17:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10596]: Invalid user support from 78.128.112.74
Oct 14 17:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10596]: input_userauth_request: invalid user support [preauth]
Oct 14 17:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10596]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Oct 14 17:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10596]: Failed password for invalid user support from 78.128.112.74 port 42060 ssh2
Oct 14 17:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10596]: Connection closed by 78.128.112.74 port 42060 [preauth]
Oct 14 17:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10303]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10683]: Invalid user rose from 167.172.153.88
Oct 14 17:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10683]: input_userauth_request: invalid user rose [preauth]
Oct 14 17:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10683]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10683]: Failed password for invalid user rose from 167.172.153.88 port 36818 ssh2
Oct 14 17:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10683]: Received disconnect from 167.172.153.88 port 36818:11: Bye Bye [preauth]
Oct 14 17:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10683]: Disconnected from 167.172.153.88 port 36818 [preauth]
Oct 14 17:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8926]: pam_unix(cron:session): session closed for user root
Oct 14 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10807]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10808]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10805]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10881]: Successful su for rubyman by root
Oct 14 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10881]: + ??? root:rubyman
Oct 14 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412677 of user rubyman.
Oct 14 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10881]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412677.
Oct 14 17:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6850]: pam_unix(cron:session): session closed for user root
Oct 14 17:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10806]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100  user=root
Oct 14 17:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Failed password for root from 51.83.98.100 port 42154 ssh2
Oct 14 17:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Received disconnect from 51.83.98.100 port 42154:11: Bye Bye [preauth]
Oct 14 17:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Disconnected from 51.83.98.100 port 42154 [preauth]
Oct 14 17:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209  user=root
Oct 14 17:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: Failed password for root from 185.213.174.209 port 34606 ssh2
Oct 14 17:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: Received disconnect from 185.213.174.209 port 34606:11: Bye Bye [preauth]
Oct 14 17:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: Disconnected from 185.213.174.209 port 34606 [preauth]
Oct 14 17:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.63.62.103  user=root
Oct 14 17:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11143]: Failed password for root from 41.63.62.103 port 39692 ssh2
Oct 14 17:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11143]: Received disconnect from 41.63.62.103 port 39692:11: Bye Bye [preauth]
Oct 14 17:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11143]: Disconnected from 41.63.62.103 port 39692 [preauth]
Oct 14 17:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Invalid user rbs from 45.138.158.114
Oct 14 17:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: input_userauth_request: invalid user rbs [preauth]
Oct 14 17:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Failed password for invalid user rbs from 45.138.158.114 port 47056 ssh2
Oct 14 17:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Received disconnect from 45.138.158.114 port 47056:11: Bye Bye [preauth]
Oct 14 17:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Disconnected from 45.138.158.114 port 47056 [preauth]
Oct 14 17:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9716]: pam_unix(cron:session): session closed for user root
Oct 14 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Invalid user zx from 167.172.153.88
Oct 14 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: input_userauth_request: invalid user zx [preauth]
Oct 14 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.88
Oct 14 17:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Failed password for invalid user zx from 167.172.153.88 port 58610 ssh2
Oct 14 17:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Received disconnect from 167.172.153.88 port 58610:11: Bye Bye [preauth]
Oct 14 17:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Disconnected from 167.172.153.88 port 58610 [preauth]
Oct 14 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11270]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11268]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11264]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11  user=root
Oct 14 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11342]: Successful su for rubyman by root
Oct 14 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11342]: + ??? root:rubyman
Oct 14 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412680 of user rubyman.
Oct 14 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11342]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412680.
Oct 14 17:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: Failed password for root from 186.235.28.11 port 35714 ssh2
Oct 14 17:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: Received disconnect from 186.235.28.11 port 35714:11: Bye Bye [preauth]
Oct 14 17:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: Disconnected from 186.235.28.11 port 35714 [preauth]
Oct 14 17:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7440]: pam_unix(cron:session): session closed for user root
Oct 14 17:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11266]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100  user=root
Oct 14 17:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Failed password for root from 51.83.98.100 port 38494 ssh2
Oct 14 17:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Received disconnect from 51.83.98.100 port 38494:11: Bye Bye [preauth]
Oct 14 17:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Disconnected from 51.83.98.100 port 38494 [preauth]
Oct 14 17:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10308]: pam_unix(cron:session): session closed for user root
Oct 14 17:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: Invalid user ftpadmin1 from 185.213.174.209
Oct 14 17:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: input_userauth_request: invalid user ftpadmin1 [preauth]
Oct 14 17:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: Failed password for invalid user ftpadmin1 from 185.213.174.209 port 45502 ssh2
Oct 14 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: Received disconnect from 185.213.174.209 port 45502:11: Bye Bye [preauth]
Oct 14 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: Disconnected from 185.213.174.209 port 45502 [preauth]
Oct 14 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11848]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11844]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11916]: Successful su for rubyman by root
Oct 14 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11916]: + ??? root:rubyman
Oct 14 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11916]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412684 of user rubyman.
Oct 14 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11916]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412684.
Oct 14 17:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: Invalid user mapadmin from 45.138.158.114
Oct 14 17:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: input_userauth_request: invalid user mapadmin [preauth]
Oct 14 17:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: Failed password for invalid user mapadmin from 45.138.158.114 port 49686 ssh2
Oct 14 17:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: Received disconnect from 45.138.158.114 port 49686:11: Bye Bye [preauth]
Oct 14 17:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: Disconnected from 45.138.158.114 port 49686 [preauth]
Oct 14 17:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8330]: pam_unix(cron:session): session closed for user root
Oct 14 17:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11845]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10808]: pam_unix(cron:session): session closed for user root
Oct 14 17:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: Invalid user liuhao from 51.83.98.100
Oct 14 17:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: input_userauth_request: invalid user liuhao [preauth]
Oct 14 17:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12284]: Invalid user admin from 2.57.121.112
Oct 14 17:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12284]: input_userauth_request: invalid user admin [preauth]
Oct 14 17:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12284]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 17:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: Failed password for invalid user liuhao from 51.83.98.100 port 53182 ssh2
Oct 14 17:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: Received disconnect from 51.83.98.100 port 53182:11: Bye Bye [preauth]
Oct 14 17:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12272]: Disconnected from 51.83.98.100 port 53182 [preauth]
Oct 14 17:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12284]: Failed password for invalid user admin from 2.57.121.112 port 42072 ssh2
Oct 14 17:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12284]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12284]: Failed password for invalid user admin from 2.57.121.112 port 42072 ssh2
Oct 14 17:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12284]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12284]: Failed password for invalid user admin from 2.57.121.112 port 42072 ssh2
Oct 14 17:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12284]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12284]: Failed password for invalid user admin from 2.57.121.112 port 42072 ssh2
Oct 14 17:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12284]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12284]: Failed password for invalid user admin from 2.57.121.112 port 42072 ssh2
Oct 14 17:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12284]: Received disconnect from 2.57.121.112 port 42072:11: Bye [preauth]
Oct 14 17:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12284]: Disconnected from 2.57.121.112 port 42072 [preauth]
Oct 14 17:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12284]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 17:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12284]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 17:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: Invalid user marvin from 186.235.28.11
Oct 14 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: input_userauth_request: invalid user marvin [preauth]
Oct 14 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12323]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12325]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12324]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12322]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12325]: pam_unix(cron:session): session closed for user root
Oct 14 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12316]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
Oct 14 17:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: Failed password for invalid user marvin from 186.235.28.11 port 43738 ssh2
Oct 14 17:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: Received disconnect from 186.235.28.11 port 43738:11: Bye Bye [preauth]
Oct 14 17:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: Disconnected from 186.235.28.11 port 43738 [preauth]
Oct 14 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[12417]: Successful su for rubyman by root
Oct 14 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[12417]: + ??? root:rubyman
Oct 14 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[12417]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412691 of user rubyman.
Oct 14 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[12417]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412691.
Oct 14 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: Failed password for root from 80.94.95.116 port 37650 ssh2
Oct 14 17:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: Connection closed by 80.94.95.116 port 37650 [preauth]
Oct 14 17:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12322]: pam_unix(cron:session): session closed for user root
Oct 14 17:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8925]: pam_unix(cron:session): session closed for user root
Oct 14 17:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12320]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209  user=root
Oct 14 17:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12730]: Failed password for root from 185.213.174.209 port 36234 ssh2
Oct 14 17:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12730]: Received disconnect from 185.213.174.209 port 36234:11: Bye Bye [preauth]
Oct 14 17:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12730]: Disconnected from 185.213.174.209 port 36234 [preauth]
Oct 14 17:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12757]: Invalid user shadab from 45.138.158.114
Oct 14 17:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12757]: input_userauth_request: invalid user shadab [preauth]
Oct 14 17:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12757]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12757]: Failed password for invalid user shadab from 45.138.158.114 port 58014 ssh2
Oct 14 17:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12757]: Received disconnect from 45.138.158.114 port 58014:11: Bye Bye [preauth]
Oct 14 17:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12757]: Disconnected from 45.138.158.114 port 58014 [preauth]
Oct 14 17:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11270]: pam_unix(cron:session): session closed for user root
Oct 14 17:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Invalid user shadab from 51.83.98.100
Oct 14 17:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: input_userauth_request: invalid user shadab [preauth]
Oct 14 17:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Failed password for invalid user shadab from 51.83.98.100 port 52888 ssh2
Oct 14 17:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Received disconnect from 51.83.98.100 port 52888:11: Bye Bye [preauth]
Oct 14 17:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Disconnected from 51.83.98.100 port 52888 [preauth]
Oct 14 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12850]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12852]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12848]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12955]: Successful su for rubyman by root
Oct 14 17:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12955]: + ??? root:rubyman
Oct 14 17:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412697 of user rubyman.
Oct 14 17:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12955]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412697.
Oct 14 17:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9709]: pam_unix(cron:session): session closed for user root
Oct 14 17:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12849]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session closed for user root
Oct 14 17:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11  user=root
Oct 14 17:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: Failed password for root from 186.235.28.11 port 51744 ssh2
Oct 14 17:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: Received disconnect from 186.235.28.11 port 51744:11: Bye Bye [preauth]
Oct 14 17:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: Disconnected from 186.235.28.11 port 51744 [preauth]
Oct 14 17:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: Invalid user osvaldo from 185.213.174.209
Oct 14 17:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: input_userauth_request: invalid user osvaldo [preauth]
Oct 14 17:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: Failed password for invalid user osvaldo from 185.213.174.209 port 33886 ssh2
Oct 14 17:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: Received disconnect from 185.213.174.209 port 33886:11: Bye Bye [preauth]
Oct 14 17:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: Disconnected from 185.213.174.209 port 33886 [preauth]
Oct 14 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13476]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13480]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13474]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13555]: Successful su for rubyman by root
Oct 14 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13555]: + ??? root:rubyman
Oct 14 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412700 of user rubyman.
Oct 14 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13555]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412700.
Oct 14 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114  user=root
Oct 14 17:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13541]: Failed password for root from 45.138.158.114 port 46794 ssh2
Oct 14 17:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13541]: Received disconnect from 45.138.158.114 port 46794:11: Bye Bye [preauth]
Oct 14 17:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13541]: Disconnected from 45.138.158.114 port 46794 [preauth]
Oct 14 17:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13673]: Invalid user portfolio from 51.83.98.100
Oct 14 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13673]: input_userauth_request: invalid user portfolio [preauth]
Oct 14 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13673]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10306]: pam_unix(cron:session): session closed for user root
Oct 14 17:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13673]: Failed password for invalid user portfolio from 51.83.98.100 port 38066 ssh2
Oct 14 17:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13673]: Received disconnect from 51.83.98.100 port 38066:11: Bye Bye [preauth]
Oct 14 17:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13673]: Disconnected from 51.83.98.100 port 38066 [preauth]
Oct 14 17:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13475]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12324]: pam_unix(cron:session): session closed for user root
Oct 14 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13971]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13970]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13968]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14121]: Successful su for rubyman by root
Oct 14 17:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14121]: + ??? root:rubyman
Oct 14 17:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412703 of user rubyman.
Oct 14 17:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14121]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412703.
Oct 14 17:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10807]: pam_unix(cron:session): session closed for user root
Oct 14 17:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13969]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: Invalid user save from 51.83.98.100
Oct 14 17:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: input_userauth_request: invalid user save [preauth]
Oct 14 17:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: Failed password for invalid user save from 51.83.98.100 port 58782 ssh2
Oct 14 17:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: Received disconnect from 51.83.98.100 port 58782:11: Bye Bye [preauth]
Oct 14 17:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14359]: Disconnected from 51.83.98.100 port 58782 [preauth]
Oct 14 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209  user=root
Oct 14 17:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14371]: Failed password for root from 185.213.174.209 port 56290 ssh2
Oct 14 17:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14371]: Received disconnect from 185.213.174.209 port 56290:11: Bye Bye [preauth]
Oct 14 17:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14371]: Disconnected from 185.213.174.209 port 56290 [preauth]
Oct 14 17:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14384]: Invalid user es from 45.138.158.114
Oct 14 17:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14384]: input_userauth_request: invalid user es [preauth]
Oct 14 17:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14384]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14384]: Failed password for invalid user es from 45.138.158.114 port 38360 ssh2
Oct 14 17:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14384]: Received disconnect from 45.138.158.114 port 38360:11: Bye Bye [preauth]
Oct 14 17:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14384]: Disconnected from 45.138.158.114 port 38360 [preauth]
Oct 14 17:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12852]: pam_unix(cron:session): session closed for user root
Oct 14 17:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Invalid user hamid from 186.235.28.11
Oct 14 17:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: input_userauth_request: invalid user hamid [preauth]
Oct 14 17:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Failed password for invalid user hamid from 186.235.28.11 port 59764 ssh2
Oct 14 17:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Received disconnect from 186.235.28.11 port 59764:11: Bye Bye [preauth]
Oct 14 17:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Disconnected from 186.235.28.11 port 59764 [preauth]
Oct 14 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14502]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14500]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14498]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14572]: Successful su for rubyman by root
Oct 14 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14572]: + ??? root:rubyman
Oct 14 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412707 of user rubyman.
Oct 14 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14572]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412707.
Oct 14 17:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11268]: pam_unix(cron:session): session closed for user root
Oct 14 17:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14499]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: Invalid user wallabag from 51.83.98.100
Oct 14 17:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: input_userauth_request: invalid user wallabag [preauth]
Oct 14 17:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: Failed password for invalid user wallabag from 51.83.98.100 port 34116 ssh2
Oct 14 17:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: Received disconnect from 51.83.98.100 port 34116:11: Bye Bye [preauth]
Oct 14 17:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14871]: Disconnected from 51.83.98.100 port 34116 [preauth]
Oct 14 17:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13480]: pam_unix(cron:session): session closed for user root
Oct 14 17:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: Invalid user dmdba from 185.213.174.209
Oct 14 17:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: input_userauth_request: invalid user dmdba [preauth]
Oct 14 17:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14979]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14977]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14973]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14978]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14974]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14979]: pam_unix(cron:session): session closed for user root
Oct 14 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14972]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: Invalid user cha from 45.138.158.114
Oct 14 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: input_userauth_request: invalid user cha [preauth]
Oct 14 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: Failed password for invalid user dmdba from 185.213.174.209 port 53058 ssh2
Oct 14 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: Received disconnect from 185.213.174.209 port 53058:11: Bye Bye [preauth]
Oct 14 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: Disconnected from 185.213.174.209 port 53058 [preauth]
Oct 14 17:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15151]: Successful su for rubyman by root
Oct 14 17:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15151]: + ??? root:rubyman
Oct 14 17:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412713 of user rubyman.
Oct 14 17:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15151]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412713.
Oct 14 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: Failed password for invalid user cha from 45.138.158.114 port 38148 ssh2
Oct 14 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: Received disconnect from 45.138.158.114 port 38148:11: Bye Bye [preauth]
Oct 14 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14966]: Disconnected from 45.138.158.114 port 38148 [preauth]
Oct 14 17:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14974]: pam_unix(cron:session): session closed for user root
Oct 14 17:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11848]: pam_unix(cron:session): session closed for user root
Oct 14 17:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14973]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13971]: pam_unix(cron:session): session closed for user root
Oct 14 17:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: Invalid user spark from 186.235.28.11
Oct 14 17:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: input_userauth_request: invalid user spark [preauth]
Oct 14 17:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: Failed password for invalid user spark from 186.235.28.11 port 39544 ssh2
Oct 14 17:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: Received disconnect from 186.235.28.11 port 39544:11: Bye Bye [preauth]
Oct 14 17:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: Disconnected from 186.235.28.11 port 39544 [preauth]
Oct 14 17:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Invalid user arwin from 51.83.98.100
Oct 14 17:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: input_userauth_request: invalid user arwin [preauth]
Oct 14 17:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.100
Oct 14 17:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Failed password for invalid user arwin from 51.83.98.100 port 41192 ssh2
Oct 14 17:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Received disconnect from 51.83.98.100 port 41192:11: Bye Bye [preauth]
Oct 14 17:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15524]: Disconnected from 51.83.98.100 port 41192 [preauth]
Oct 14 17:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26  user=root
Oct 14 17:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: Failed password for root from 2.57.122.26 port 34430 ssh2
Oct 14 17:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: Connection closed by 2.57.122.26 port 34430 [preauth]
Oct 14 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15559]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15561]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15555]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15644]: Successful su for rubyman by root
Oct 14 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15644]: + ??? root:rubyman
Oct 14 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412716 of user rubyman.
Oct 14 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15644]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412716.
Oct 14 17:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12323]: pam_unix(cron:session): session closed for user root
Oct 14 17:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15558]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Invalid user musicbot from 45.138.158.114
Oct 14 17:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: input_userauth_request: invalid user musicbot [preauth]
Oct 14 17:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15928]: Invalid user shadab from 185.213.174.209
Oct 14 17:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15928]: input_userauth_request: invalid user shadab [preauth]
Oct 14 17:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15928]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Failed password for invalid user musicbot from 45.138.158.114 port 60556 ssh2
Oct 14 17:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Received disconnect from 45.138.158.114 port 60556:11: Bye Bye [preauth]
Oct 14 17:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Disconnected from 45.138.158.114 port 60556 [preauth]
Oct 14 17:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15928]: Failed password for invalid user shadab from 185.213.174.209 port 44132 ssh2
Oct 14 17:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15928]: Received disconnect from 185.213.174.209 port 44132:11: Bye Bye [preauth]
Oct 14 17:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15928]: Disconnected from 185.213.174.209 port 44132 [preauth]
Oct 14 17:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14502]: pam_unix(cron:session): session closed for user root
Oct 14 17:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16018]: Invalid user admin from 80.94.95.115
Oct 14 17:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16018]: input_userauth_request: invalid user admin [preauth]
Oct 14 17:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16018]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Oct 14 17:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16018]: Failed password for invalid user admin from 80.94.95.115 port 28590 ssh2
Oct 14 17:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16018]: Connection closed by 80.94.95.115 port 28590 [preauth]
Oct 14 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16037]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16036]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16034]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: Invalid user admin from 62.60.131.157
Oct 14 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: input_userauth_request: invalid user admin [preauth]
Oct 14 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16104]: Successful su for rubyman by root
Oct 14 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16104]: + ??? root:rubyman
Oct 14 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412722 of user rubyman.
Oct 14 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16104]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412722.
Oct 14 17:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: Failed password for invalid user admin from 62.60.131.157 port 63020 ssh2
Oct 14 17:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: Failed password for invalid user admin from 62.60.131.157 port 63020 ssh2
Oct 14 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: Failed password for invalid user admin from 62.60.131.157 port 63020 ssh2
Oct 14 17:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12850]: pam_unix(cron:session): session closed for user root
Oct 14 17:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: Failed password for invalid user admin from 62.60.131.157 port 63020 ssh2
Oct 14 17:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: Failed password for invalid user admin from 62.60.131.157 port 63020 ssh2
Oct 14 17:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: Received disconnect from 62.60.131.157 port 63020:11: Bye [preauth]
Oct 14 17:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: Disconnected from 62.60.131.157 port 63020 [preauth]
Oct 14 17:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 17:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16092]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 17:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16035]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11  user=root
Oct 14 17:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: Failed password for root from 186.235.28.11 port 47552 ssh2
Oct 14 17:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: Received disconnect from 186.235.28.11 port 47552:11: Bye Bye [preauth]
Oct 14 17:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: Disconnected from 186.235.28.11 port 47552 [preauth]
Oct 14 17:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14978]: pam_unix(cron:session): session closed for user root
Oct 14 17:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16475]: Invalid user ftpuser from 45.138.158.114
Oct 14 17:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16475]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 17:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16475]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16496]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16495]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16493]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16475]: Failed password for invalid user ftpuser from 45.138.158.114 port 36338 ssh2
Oct 14 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16475]: Received disconnect from 45.138.158.114 port 36338:11: Bye Bye [preauth]
Oct 14 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16475]: Disconnected from 45.138.158.114 port 36338 [preauth]
Oct 14 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.171.177  user=root
Oct 14 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16578]: Successful su for rubyman by root
Oct 14 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16578]: + ??? root:rubyman
Oct 14 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412725 of user rubyman.
Oct 14 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16578]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412725.
Oct 14 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16560]: Invalid user tet from 185.213.174.209
Oct 14 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16560]: input_userauth_request: invalid user tet [preauth]
Oct 14 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16560]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16555]: Failed password for root from 94.177.171.177 port 48926 ssh2
Oct 14 17:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16555]: Connection closed by 94.177.171.177 port 48926 [preauth]
Oct 14 17:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16560]: Failed password for invalid user tet from 185.213.174.209 port 50560 ssh2
Oct 14 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16560]: Received disconnect from 185.213.174.209 port 50560:11: Bye Bye [preauth]
Oct 14 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16560]: Disconnected from 185.213.174.209 port 50560 [preauth]
Oct 14 17:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13476]: pam_unix(cron:session): session closed for user root
Oct 14 17:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16494]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.213  user=root
Oct 14 17:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15561]: pam_unix(cron:session): session closed for user root
Oct 14 17:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16870]: Failed password for root from 14.103.115.213 port 35974 ssh2
Oct 14 17:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16870]: Received disconnect from 14.103.115.213 port 35974:11: Bye Bye [preauth]
Oct 14 17:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16870]: Disconnected from 14.103.115.213 port 35974 [preauth]
Oct 14 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16961]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16960]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16956]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17030]: Successful su for rubyman by root
Oct 14 17:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17030]: + ??? root:rubyman
Oct 14 17:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412730 of user rubyman.
Oct 14 17:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17030]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412730.
Oct 14 17:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13970]: pam_unix(cron:session): session closed for user root
Oct 14 17:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16957]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: Invalid user jacob from 186.235.28.11
Oct 14 17:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: input_userauth_request: invalid user jacob [preauth]
Oct 14 17:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11
Oct 14 17:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: Failed password for invalid user jacob from 186.235.28.11 port 55566 ssh2
Oct 14 17:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: Received disconnect from 186.235.28.11 port 55566:11: Bye Bye [preauth]
Oct 14 17:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17292]: Disconnected from 186.235.28.11 port 55566 [preauth]
Oct 14 17:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114  user=root
Oct 14 17:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: Failed password for root from 45.138.158.114 port 59588 ssh2
Oct 14 17:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: Received disconnect from 45.138.158.114 port 59588:11: Bye Bye [preauth]
Oct 14 17:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: Disconnected from 45.138.158.114 port 59588 [preauth]
Oct 14 17:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: Invalid user liuhao from 185.213.174.209
Oct 14 17:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: input_userauth_request: invalid user liuhao [preauth]
Oct 14 17:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: Failed password for invalid user liuhao from 185.213.174.209 port 55916 ssh2
Oct 14 17:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: Received disconnect from 185.213.174.209 port 55916:11: Bye Bye [preauth]
Oct 14 17:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: Disconnected from 185.213.174.209 port 55916 [preauth]
Oct 14 17:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16037]: pam_unix(cron:session): session closed for user root
Oct 14 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17431]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17428]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17432]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17430]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17427]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17429]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17432]: pam_unix(cron:session): session closed for user root
Oct 14 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17427]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17501]: Successful su for rubyman by root
Oct 14 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17501]: + ??? root:rubyman
Oct 14 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412732 of user rubyman.
Oct 14 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17501]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412732.
Oct 14 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17429]: pam_unix(cron:session): session closed for user root
Oct 14 17:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14500]: pam_unix(cron:session): session closed for user root
Oct 14 17:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: Received disconnect from 14.103.115.213 port 52396:11: Bye Bye [preauth]
Oct 14 17:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: Disconnected from 14.103.115.213 port 52396 [preauth]
Oct 14 17:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17428]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16496]: pam_unix(cron:session): session closed for user root
Oct 14 17:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: Invalid user tao from 45.138.158.114
Oct 14 17:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: input_userauth_request: invalid user tao [preauth]
Oct 14 17:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: Failed password for invalid user tao from 45.138.158.114 port 34834 ssh2
Oct 14 17:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: Received disconnect from 45.138.158.114 port 34834:11: Bye Bye [preauth]
Oct 14 17:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17990]: Disconnected from 45.138.158.114 port 34834 [preauth]
Oct 14 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18009]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18012]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18006]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: Invalid user portfolio from 185.213.174.209
Oct 14 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: input_userauth_request: invalid user portfolio [preauth]
Oct 14 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18108]: Successful su for rubyman by root
Oct 14 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18108]: + ??? root:rubyman
Oct 14 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412738 of user rubyman.
Oct 14 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18108]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412738.
Oct 14 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: Failed password for invalid user portfolio from 185.213.174.209 port 35440 ssh2
Oct 14 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: Received disconnect from 185.213.174.209 port 35440:11: Bye Bye [preauth]
Oct 14 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: Disconnected from 185.213.174.209 port 35440 [preauth]
Oct 14 17:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14977]: pam_unix(cron:session): session closed for user root
Oct 14 17:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18007]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.235.28.11  user=root
Oct 14 17:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18586]: Failed password for root from 186.235.28.11 port 35348 ssh2
Oct 14 17:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18586]: Received disconnect from 186.235.28.11 port 35348:11: Bye Bye [preauth]
Oct 14 17:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18586]: Disconnected from 186.235.28.11 port 35348 [preauth]
Oct 14 17:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16961]: pam_unix(cron:session): session closed for user root
Oct 14 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18729]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18728]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18726]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18800]: Successful su for rubyman by root
Oct 14 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18800]: + ??? root:rubyman
Oct 14 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412742 of user rubyman.
Oct 14 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18800]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412742.
Oct 14 17:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15559]: pam_unix(cron:session): session closed for user root
Oct 14 17:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18727]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: Invalid user mk from 45.138.158.114
Oct 14 17:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: input_userauth_request: invalid user mk [preauth]
Oct 14 17:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: Failed password for invalid user mk from 45.138.158.114 port 44702 ssh2
Oct 14 17:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: Received disconnect from 45.138.158.114 port 44702:11: Bye Bye [preauth]
Oct 14 17:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: Disconnected from 45.138.158.114 port 44702 [preauth]
Oct 14 17:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: Invalid user rere from 185.213.174.209
Oct 14 17:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: input_userauth_request: invalid user rere [preauth]
Oct 14 17:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
Oct 14 17:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: Failed password for invalid user rere from 185.213.174.209 port 33444 ssh2
Oct 14 17:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: Received disconnect from 185.213.174.209 port 33444:11: Bye Bye [preauth]
Oct 14 17:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: Disconnected from 185.213.174.209 port 33444 [preauth]
Oct 14 17:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17431]: pam_unix(cron:session): session closed for user root
Oct 14 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19432]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19433]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19430]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19614]: Successful su for rubyman by root
Oct 14 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19614]: + ??? root:rubyman
Oct 14 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412747 of user rubyman.
Oct 14 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19614]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412747.
Oct 14 17:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16036]: pam_unix(cron:session): session closed for user root
Oct 14 17:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.213  user=root
Oct 14 17:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Failed password for root from 14.103.115.213 port 45466 ssh2
Oct 14 17:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Received disconnect from 14.103.115.213 port 45466:11: Bye Bye [preauth]
Oct 14 17:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19948]: Disconnected from 14.103.115.213 port 45466 [preauth]
Oct 14 17:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19431]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18012]: pam_unix(cron:session): session closed for user root
Oct 14 17:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Invalid user arwin from 45.138.158.114
Oct 14 17:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: input_userauth_request: invalid user arwin [preauth]
Oct 14 17:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 17:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Failed password for invalid user arwin from 45.138.158.114 port 55894 ssh2
Oct 14 17:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Received disconnect from 45.138.158.114 port 55894:11: Bye Bye [preauth]
Oct 14 17:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Disconnected from 45.138.158.114 port 55894 [preauth]
Oct 14 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20168]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20170]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20165]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20165]: pam_unix(cron:session): session closed for user p13x
Oct 14 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209  user=root
Oct 14 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20274]: Successful su for rubyman by root
Oct 14 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20274]: + ??? root:rubyman
Oct 14 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412750 of user rubyman.
Oct 14 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20274]: pam_unix(su:session): session closed for user rubyman
Oct 14 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412750.
Oct 14 17:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20255]: Failed password for root from 185.213.174.209 port 42814 ssh2
Oct 14 17:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20255]: Received disconnect from 185.213.174.209 port 42814:11: Bye Bye [preauth]
Oct 14 17:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20255]: Disconnected from 185.213.174.209 port 42814 [preauth]
Oct 14 17:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16495]: pam_unix(cron:session): session closed for user root
Oct 14 17:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20167]: pam_unix(cron:session): session closed for user samftp
Oct 14 17:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18729]: pam_unix(cron:session): session closed for user root
Oct 14 17:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 17:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: Invalid user guest from 80.94.95.115
Oct 14 17:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: input_userauth_request: invalid user guest [preauth]
Oct 14 17:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 17:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Oct 14 17:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: Failed password for invalid user guest from 80.94.95.115 port 38600 ssh2
Oct 14 17:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: Connection closed by 80.94.95.115 port 38600 [preauth]
Oct 14 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20660]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20661]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20662]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20663]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20659]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20659]: pam_unix(cron:session): session closed for user root
Oct 14 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20663]: pam_unix(cron:session): session closed for user root
Oct 14 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20657]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[20799]: Successful su for rubyman by root
Oct 14 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[20799]: + ??? root:rubyman
Oct 14 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[20799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412757 of user rubyman.
Oct 14 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[20799]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412757.
Oct 14 18:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20660]: pam_unix(cron:session): session closed for user root
Oct 14 18:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16960]: pam_unix(cron:session): session closed for user root
Oct 14 18:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: Invalid user save from 45.138.158.114
Oct 14 18:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: input_userauth_request: invalid user save [preauth]
Oct 14 18:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.138.158.114
Oct 14 18:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: Failed password for invalid user save from 45.138.158.114 port 38598 ssh2
Oct 14 18:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20658]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: Received disconnect from 45.138.158.114 port 38598:11: Bye Bye [preauth]
Oct 14 18:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21034]: Disconnected from 45.138.158.114 port 38598 [preauth]
Oct 14 18:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19433]: pam_unix(cron:session): session closed for user root
Oct 14 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21225]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21224]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21222]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21324]: Successful su for rubyman by root
Oct 14 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21324]: + ??? root:rubyman
Oct 14 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412762 of user rubyman.
Oct 14 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21324]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412762.
Oct 14 18:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17430]: pam_unix(cron:session): session closed for user root
Oct 14 18:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21223]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20170]: pam_unix(cron:session): session closed for user root
Oct 14 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21765]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21766]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21763]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21834]: Successful su for rubyman by root
Oct 14 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21834]: + ??? root:rubyman
Oct 14 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412765 of user rubyman.
Oct 14 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21834]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412765.
Oct 14 18:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18009]: pam_unix(cron:session): session closed for user root
Oct 14 18:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21764]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20662]: pam_unix(cron:session): session closed for user root
Oct 14 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22273]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22271]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22269]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22270]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22269]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22341]: Successful su for rubyman by root
Oct 14 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22341]: + ??? root:rubyman
Oct 14 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22341]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412770 of user rubyman.
Oct 14 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22341]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412770.
Oct 14 18:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18728]: pam_unix(cron:session): session closed for user root
Oct 14 18:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22270]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21225]: pam_unix(cron:session): session closed for user root
Oct 14 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22920]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22919]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22917]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23130]: Successful su for rubyman by root
Oct 14 18:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23130]: + ??? root:rubyman
Oct 14 18:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412773 of user rubyman.
Oct 14 18:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23130]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412773.
Oct 14 18:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19432]: pam_unix(cron:session): session closed for user root
Oct 14 18:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 14 18:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: Failed password for root from 185.156.73.233 port 37344 ssh2
Oct 14 18:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: Connection closed by 185.156.73.233 port 37344 [preauth]
Oct 14 18:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22918]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21766]: pam_unix(cron:session): session closed for user root
Oct 14 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23890]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23888]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23887]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23889]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23890]: pam_unix(cron:session): session closed for user root
Oct 14 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23883]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23979]: Successful su for rubyman by root
Oct 14 18:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23979]: + ??? root:rubyman
Oct 14 18:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412777 of user rubyman.
Oct 14 18:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23979]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412777.
Oct 14 18:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23887]: pam_unix(cron:session): session closed for user root
Oct 14 18:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20168]: pam_unix(cron:session): session closed for user root
Oct 14 18:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23885]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22273]: pam_unix(cron:session): session closed for user root
Oct 14 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24444]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24445]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24442]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24546]: Successful su for rubyman by root
Oct 14 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24546]: + ??? root:rubyman
Oct 14 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412785 of user rubyman.
Oct 14 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24546]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412785.
Oct 14 18:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20661]: pam_unix(cron:session): session closed for user root
Oct 14 18:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24443]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22920]: pam_unix(cron:session): session closed for user root
Oct 14 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24937]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24938]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24935]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25024]: Successful su for rubyman by root
Oct 14 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25024]: + ??? root:rubyman
Oct 14 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412788 of user rubyman.
Oct 14 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25024]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412788.
Oct 14 18:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21224]: pam_unix(cron:session): session closed for user root
Oct 14 18:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24936]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.160.96  user=root
Oct 14 18:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23889]: pam_unix(cron:session): session closed for user root
Oct 14 18:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25584]: Failed password for root from 94.177.160.96 port 50816 ssh2
Oct 14 18:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25584]: Connection closed by 94.177.160.96 port 50816 [preauth]
Oct 14 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25663]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25662]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25660]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25730]: Successful su for rubyman by root
Oct 14 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25730]: + ??? root:rubyman
Oct 14 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412793 of user rubyman.
Oct 14 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25730]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412793.
Oct 14 18:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21765]: pam_unix(cron:session): session closed for user root
Oct 14 18:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25661]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36  user=root
Oct 14 18:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Failed password for root from 47.96.95.36 port 51016 ssh2
Oct 14 18:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26129]: Connection closed by 47.96.95.36 port 51016 [preauth]
Oct 14 18:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: Invalid user admin from 47.96.95.36
Oct 14 18:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: input_userauth_request: invalid user admin [preauth]
Oct 14 18:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24445]: pam_unix(cron:session): session closed for user root
Oct 14 18:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: Failed password for invalid user admin from 47.96.95.36 port 51018 ssh2
Oct 14 18:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: Connection closed by 47.96.95.36 port 51018 [preauth]
Oct 14 18:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: Invalid user test from 47.96.95.36
Oct 14 18:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: input_userauth_request: invalid user test [preauth]
Oct 14 18:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: Failed password for invalid user test from 47.96.95.36 port 51026 ssh2
Oct 14 18:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: Connection closed by 47.96.95.36 port 51026 [preauth]
Oct 14 18:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: Invalid user kafka from 47.96.95.36
Oct 14 18:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: input_userauth_request: invalid user kafka [preauth]
Oct 14 18:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: Failed password for invalid user kafka from 47.96.95.36 port 44756 ssh2
Oct 14 18:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26171]: Connection closed by 47.96.95.36 port 44756 [preauth]
Oct 14 18:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: Invalid user deploy from 47.96.95.36
Oct 14 18:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: input_userauth_request: invalid user deploy [preauth]
Oct 14 18:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: Failed password for invalid user deploy from 47.96.95.36 port 44802 ssh2
Oct 14 18:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: Connection closed by 47.96.95.36 port 44802 [preauth]
Oct 14 18:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26221]: Invalid user ubnt from 47.96.95.36
Oct 14 18:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26221]: input_userauth_request: invalid user ubnt [preauth]
Oct 14 18:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26221]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26221]: Failed password for invalid user ubnt from 47.96.95.36 port 44838 ssh2
Oct 14 18:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26221]: Connection closed by 47.96.95.36 port 44838 [preauth]
Oct 14 18:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26224]: Invalid user postgres from 47.96.95.36
Oct 14 18:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26224]: input_userauth_request: invalid user postgres [preauth]
Oct 14 18:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26224]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26224]: Failed password for invalid user postgres from 47.96.95.36 port 38912 ssh2
Oct 14 18:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26224]: Connection closed by 47.96.95.36 port 38912 [preauth]
Oct 14 18:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: Invalid user ovpn from 47.96.95.36
Oct 14 18:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: input_userauth_request: invalid user ovpn [preauth]
Oct 14 18:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26246]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26247]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26241]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26244]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: Failed password for invalid user ovpn from 47.96.95.36 port 38920 ssh2
Oct 14 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26235]: Connection closed by 47.96.95.36 port 38920 [preauth]
Oct 14 18:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26532]: Successful su for rubyman by root
Oct 14 18:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26532]: + ??? root:rubyman
Oct 14 18:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26532]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412798 of user rubyman.
Oct 14 18:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26532]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412798.
Oct 14 18:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26546]: Invalid user devuser from 47.96.95.36
Oct 14 18:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26546]: input_userauth_request: invalid user devuser [preauth]
Oct 14 18:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26546]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26241]: pam_unix(cron:session): session closed for user root
Oct 14 18:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26546]: Failed password for invalid user devuser from 47.96.95.36 port 59196 ssh2
Oct 14 18:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26546]: Connection closed by 47.96.95.36 port 59196 [preauth]
Oct 14 18:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: Invalid user ubuntu from 47.96.95.36
Oct 14 18:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 18:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22271]: pam_unix(cron:session): session closed for user root
Oct 14 18:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: Failed password for invalid user ubuntu from 47.96.95.36 port 59208 ssh2
Oct 14 18:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: Connection closed by 47.96.95.36 port 59208 [preauth]
Oct 14 18:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: Invalid user postgres from 47.96.95.36
Oct 14 18:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: input_userauth_request: invalid user postgres [preauth]
Oct 14 18:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: Failed password for invalid user postgres from 47.96.95.36 port 33198 ssh2
Oct 14 18:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: Connection closed by 47.96.95.36 port 33198 [preauth]
Oct 14 18:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: Invalid user user from 47.96.95.36
Oct 14 18:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: input_userauth_request: invalid user user [preauth]
Oct 14 18:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: Failed password for invalid user user from 47.96.95.36 port 33206 ssh2
Oct 14 18:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: Connection closed by 47.96.95.36 port 33206 [preauth]
Oct 14 18:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36  user=root
Oct 14 18:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26245]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: Failed password for root from 47.96.95.36 port 33222 ssh2
Oct 14 18:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26786]: Connection closed by 47.96.95.36 port 33222 [preauth]
Oct 14 18:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36  user=root
Oct 14 18:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26833]: Failed password for root from 47.96.95.36 port 33236 ssh2
Oct 14 18:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26833]: Connection closed by 47.96.95.36 port 33236 [preauth]
Oct 14 18:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: Invalid user deploy from 47.96.95.36
Oct 14 18:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: input_userauth_request: invalid user deploy [preauth]
Oct 14 18:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: Failed password for invalid user deploy from 47.96.95.36 port 58242 ssh2
Oct 14 18:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: Connection closed by 47.96.95.36 port 58242 [preauth]
Oct 14 18:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: Invalid user user from 47.96.95.36
Oct 14 18:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: input_userauth_request: invalid user user [preauth]
Oct 14 18:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: Failed password for invalid user user from 47.96.95.36 port 58252 ssh2
Oct 14 18:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26870]: Connection closed by 47.96.95.36 port 58252 [preauth]
Oct 14 18:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26913]: Invalid user vpn from 47.96.95.36
Oct 14 18:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26913]: input_userauth_request: invalid user vpn [preauth]
Oct 14 18:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26913]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26913]: Failed password for invalid user vpn from 47.96.95.36 port 60390 ssh2
Oct 14 18:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26913]: Connection closed by 47.96.95.36 port 60390 [preauth]
Oct 14 18:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: Invalid user fa from 47.96.95.36
Oct 14 18:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: input_userauth_request: invalid user fa [preauth]
Oct 14 18:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: Failed password for invalid user fa from 47.96.95.36 port 60398 ssh2
Oct 14 18:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: Connection closed by 47.96.95.36 port 60398 [preauth]
Oct 14 18:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24938]: pam_unix(cron:session): session closed for user root
Oct 14 18:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36  user=root
Oct 14 18:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26962]: Failed password for root from 47.96.95.36 port 60410 ssh2
Oct 14 18:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26962]: Connection closed by 47.96.95.36 port 60410 [preauth]
Oct 14 18:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27021]: Invalid user openvpn from 47.96.95.36
Oct 14 18:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27021]: input_userauth_request: invalid user openvpn [preauth]
Oct 14 18:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27021]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27021]: Failed password for invalid user openvpn from 47.96.95.36 port 45592 ssh2
Oct 14 18:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27021]: Connection closed by 47.96.95.36 port 45592 [preauth]
Oct 14 18:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: Invalid user guest from 47.96.95.36
Oct 14 18:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: input_userauth_request: invalid user guest [preauth]
Oct 14 18:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: Failed password for invalid user guest from 47.96.95.36 port 45598 ssh2
Oct 14 18:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: Connection closed by 47.96.95.36 port 45598 [preauth]
Oct 14 18:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27149]: Invalid user minecraft from 47.96.95.36
Oct 14 18:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27149]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 18:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27149]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27149]: Failed password for invalid user minecraft from 47.96.95.36 port 45614 ssh2
Oct 14 18:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27149]: Connection closed by 47.96.95.36 port 45614 [preauth]
Oct 14 18:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: Invalid user pi from 47.96.95.36
Oct 14 18:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: input_userauth_request: invalid user pi [preauth]
Oct 14 18:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: Failed password for invalid user pi from 47.96.95.36 port 36134 ssh2
Oct 14 18:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: Connection closed by 47.96.95.36 port 36134 [preauth]
Oct 14 18:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36  user=root
Oct 14 18:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: Failed password for root from 47.96.95.36 port 36136 ssh2
Oct 14 18:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27171]: Connection closed by 47.96.95.36 port 36136 [preauth]
Oct 14 18:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27203]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27201]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27204]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27202]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27204]: pam_unix(cron:session): session closed for user root
Oct 14 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27197]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: Invalid user linaro from 47.96.95.36
Oct 14 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: input_userauth_request: invalid user linaro [preauth]
Oct 14 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27277]: Successful su for rubyman by root
Oct 14 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27277]: + ??? root:rubyman
Oct 14 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412801 of user rubyman.
Oct 14 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27277]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412801.
Oct 14 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: Failed password for invalid user linaro from 47.96.95.36 port 54650 ssh2
Oct 14 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27191]: Connection closed by 47.96.95.36 port 54650 [preauth]
Oct 14 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: Invalid user jenkins from 47.96.95.36
Oct 14 18:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 18:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: Failed password for invalid user jenkins from 47.96.95.36 port 54662 ssh2
Oct 14 18:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: Connection closed by 47.96.95.36 port 54662 [preauth]
Oct 14 18:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: Invalid user devopsuser from 47.96.95.36
Oct 14 18:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: input_userauth_request: invalid user devopsuser [preauth]
Oct 14 18:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27201]: pam_unix(cron:session): session closed for user root
Oct 14 18:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: Failed password for invalid user devopsuser from 47.96.95.36 port 54670 ssh2
Oct 14 18:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: Connection closed by 47.96.95.36 port 54670 [preauth]
Oct 14 18:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22919]: pam_unix(cron:session): session closed for user root
Oct 14 18:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27510]: Invalid user ubuntu from 47.96.95.36
Oct 14 18:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27510]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 18:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27510]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27510]: Failed password for invalid user ubuntu from 47.96.95.36 port 54712 ssh2
Oct 14 18:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27510]: Connection closed by 47.96.95.36 port 54712 [preauth]
Oct 14 18:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: Invalid user orangepi from 47.96.95.36
Oct 14 18:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: input_userauth_request: invalid user orangepi [preauth]
Oct 14 18:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: Failed password for invalid user orangepi from 47.96.95.36 port 54716 ssh2
Oct 14 18:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: Connection closed by 47.96.95.36 port 54716 [preauth]
Oct 14 18:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36  user=root
Oct 14 18:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Failed password for root from 47.96.95.36 port 54730 ssh2
Oct 14 18:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27198]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Connection closed by 47.96.95.36 port 54730 [preauth]
Oct 14 18:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36  user=root
Oct 14 18:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27868]: Failed password for root from 47.96.95.36 port 34564 ssh2
Oct 14 18:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27868]: Connection closed by 47.96.95.36 port 34564 [preauth]
Oct 14 18:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25663]: pam_unix(cron:session): session closed for user root
Oct 14 18:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27888]: Invalid user hadoop from 47.96.95.36
Oct 14 18:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27888]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 18:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27888]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27888]: Failed password for invalid user hadoop from 47.96.95.36 port 34568 ssh2
Oct 14 18:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27888]: Connection closed by 47.96.95.36 port 34568 [preauth]
Oct 14 18:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27960]: Invalid user vpnuser from 47.96.95.36
Oct 14 18:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27960]: input_userauth_request: invalid user vpnuser [preauth]
Oct 14 18:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27960]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27960]: Failed password for invalid user vpnuser from 47.96.95.36 port 60608 ssh2
Oct 14 18:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27960]: Connection closed by 47.96.95.36 port 60608 [preauth]
Oct 14 18:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28023]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28024]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28018]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28108]: Successful su for rubyman by root
Oct 14 18:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28108]: + ??? root:rubyman
Oct 14 18:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412809 of user rubyman.
Oct 14 18:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28108]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412809.
Oct 14 18:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23888]: pam_unix(cron:session): session closed for user root
Oct 14 18:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28020]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26247]: pam_unix(cron:session): session closed for user root
Oct 14 18:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 14 18:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28730]: Failed password for root from 20.163.71.109 port 48706 ssh2
Oct 14 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28730]: Connection closed by 20.163.71.109 port 48706 [preauth]
Oct 14 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28747]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28746]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28744]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28820]: Successful su for rubyman by root
Oct 14 18:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28820]: + ??? root:rubyman
Oct 14 18:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412810 of user rubyman.
Oct 14 18:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28820]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412810.
Oct 14 18:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24444]: pam_unix(cron:session): session closed for user root
Oct 14 18:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28745]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29234]: Invalid user dspace from 47.96.95.36
Oct 14 18:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29234]: input_userauth_request: invalid user dspace [preauth]
Oct 14 18:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29234]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29234]: Failed password for invalid user dspace from 47.96.95.36 port 54286 ssh2
Oct 14 18:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29234]: Connection closed by 47.96.95.36 port 54286 [preauth]
Oct 14 18:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: Invalid user guest from 47.96.95.36
Oct 14 18:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: input_userauth_request: invalid user guest [preauth]
Oct 14 18:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: Failed password for invalid user guest from 47.96.95.36 port 60896 ssh2
Oct 14 18:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: Connection closed by 47.96.95.36 port 60896 [preauth]
Oct 14 18:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29251]: Invalid user deploy from 47.96.95.36
Oct 14 18:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29251]: input_userauth_request: invalid user deploy [preauth]
Oct 14 18:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29251]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29251]: Failed password for invalid user deploy from 47.96.95.36 port 60900 ssh2
Oct 14 18:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29251]: Connection closed by 47.96.95.36 port 60900 [preauth]
Oct 14 18:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29255]: Invalid user pi from 47.96.95.36
Oct 14 18:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29255]: input_userauth_request: invalid user pi [preauth]
Oct 14 18:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29255]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27203]: pam_unix(cron:session): session closed for user root
Oct 14 18:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29255]: Failed password for invalid user pi from 47.96.95.36 port 60912 ssh2
Oct 14 18:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29255]: Connection closed by 47.96.95.36 port 60912 [preauth]
Oct 14 18:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36  user=root
Oct 14 18:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: Failed password for root from 47.96.95.36 port 40874 ssh2
Oct 14 18:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: Connection closed by 47.96.95.36 port 40874 [preauth]
Oct 14 18:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36  user=root
Oct 14 18:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: Failed password for root from 47.96.95.36 port 40888 ssh2
Oct 14 18:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: Connection closed by 47.96.95.36 port 40888 [preauth]
Oct 14 18:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29319]: Invalid user odoo from 47.96.95.36
Oct 14 18:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29319]: input_userauth_request: invalid user odoo [preauth]
Oct 14 18:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29319]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29319]: Failed password for invalid user odoo from 47.96.95.36 port 40892 ssh2
Oct 14 18:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29319]: Connection closed by 47.96.95.36 port 40892 [preauth]
Oct 14 18:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: Invalid user admin from 47.96.95.36
Oct 14 18:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: input_userauth_request: invalid user admin [preauth]
Oct 14 18:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: Failed password for invalid user admin from 47.96.95.36 port 51514 ssh2
Oct 14 18:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: Connection closed by 47.96.95.36 port 51514 [preauth]
Oct 14 18:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36  user=root
Oct 14 18:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: Failed password for root from 47.96.95.36 port 51520 ssh2
Oct 14 18:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: Connection closed by 47.96.95.36 port 51520 [preauth]
Oct 14 18:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: Invalid user craft from 47.96.95.36
Oct 14 18:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: input_userauth_request: invalid user craft [preauth]
Oct 14 18:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: Failed password for invalid user craft from 47.96.95.36 port 51526 ssh2
Oct 14 18:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: Connection closed by 47.96.95.36 port 51526 [preauth]
Oct 14 18:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29369]: Invalid user postgres from 47.96.95.36
Oct 14 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29369]: input_userauth_request: invalid user postgres [preauth]
Oct 14 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29369]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29377]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29376]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29373]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29373]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29453]: Successful su for rubyman by root
Oct 14 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29453]: + ??? root:rubyman
Oct 14 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412816 of user rubyman.
Oct 14 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29453]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412816.
Oct 14 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29369]: Failed password for invalid user postgres from 47.96.95.36 port 47870 ssh2
Oct 14 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29369]: Connection closed by 47.96.95.36 port 47870 [preauth]
Oct 14 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: Invalid user oracle from 47.96.95.36
Oct 14 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: input_userauth_request: invalid user oracle [preauth]
Oct 14 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: Failed password for invalid user oracle from 47.96.95.36 port 47880 ssh2
Oct 14 18:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: Connection closed by 47.96.95.36 port 47880 [preauth]
Oct 14 18:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36  user=root
Oct 14 18:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24937]: pam_unix(cron:session): session closed for user root
Oct 14 18:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: Failed password for root from 47.96.95.36 port 47884 ssh2
Oct 14 18:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: Connection closed by 47.96.95.36 port 47884 [preauth]
Oct 14 18:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29658]: Invalid user deployer from 47.96.95.36
Oct 14 18:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29658]: input_userauth_request: invalid user deployer [preauth]
Oct 14 18:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29658]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29658]: Failed password for invalid user deployer from 47.96.95.36 port 52900 ssh2
Oct 14 18:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29658]: Connection closed by 47.96.95.36 port 52900 [preauth]
Oct 14 18:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36  user=root
Oct 14 18:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: Failed password for root from 47.96.95.36 port 52910 ssh2
Oct 14 18:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: Connection closed by 47.96.95.36 port 52910 [preauth]
Oct 14 18:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29690]: Invalid user admin from 47.96.95.36
Oct 14 18:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29690]: input_userauth_request: invalid user admin [preauth]
Oct 14 18:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29690]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29375]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29690]: Failed password for invalid user admin from 47.96.95.36 port 52924 ssh2
Oct 14 18:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29690]: Connection closed by 47.96.95.36 port 52924 [preauth]
Oct 14 18:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29736]: Invalid user admin from 47.96.95.36
Oct 14 18:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29736]: input_userauth_request: invalid user admin [preauth]
Oct 14 18:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29736]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29736]: Failed password for invalid user admin from 47.96.95.36 port 49340 ssh2
Oct 14 18:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29736]: Connection closed by 47.96.95.36 port 49340 [preauth]
Oct 14 18:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29738]: Invalid user admin from 47.96.95.36
Oct 14 18:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29738]: input_userauth_request: invalid user admin [preauth]
Oct 14 18:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29738]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.96.95.36
Oct 14 18:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29738]: Failed password for invalid user admin from 47.96.95.36 port 49342 ssh2
Oct 14 18:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29738]: Connection closed by 47.96.95.36 port 49342 [preauth]
Oct 14 18:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28024]: pam_unix(cron:session): session closed for user root
Oct 14 18:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: Invalid user sshadmin from 194.0.234.19
Oct 14 18:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: input_userauth_request: invalid user sshadmin [preauth]
Oct 14 18:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Oct 14 18:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: Failed password for invalid user sshadmin from 194.0.234.19 port 40568 ssh2
Oct 14 18:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29884]: Connection closed by 194.0.234.19 port 40568 [preauth]
Oct 14 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29898]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29899]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29896]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29978]: Successful su for rubyman by root
Oct 14 18:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29978]: + ??? root:rubyman
Oct 14 18:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412818 of user rubyman.
Oct 14 18:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29978]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412818.
Oct 14 18:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25662]: pam_unix(cron:session): session closed for user root
Oct 14 18:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29897]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28747]: pam_unix(cron:session): session closed for user root
Oct 14 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30419]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30416]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30418]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30417]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30419]: pam_unix(cron:session): session closed for user root
Oct 14 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30413]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30589]: Successful su for rubyman by root
Oct 14 18:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30589]: + ??? root:rubyman
Oct 14 18:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412822 of user rubyman.
Oct 14 18:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30589]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412822.
Oct 14 18:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30416]: pam_unix(cron:session): session closed for user root
Oct 14 18:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26246]: pam_unix(cron:session): session closed for user root
Oct 14 18:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30414]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29377]: pam_unix(cron:session): session closed for user root
Oct 14 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31007]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31008]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31005]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31006]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31005]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31105]: Successful su for rubyman by root
Oct 14 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31105]: + ??? root:rubyman
Oct 14 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412828 of user rubyman.
Oct 14 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31105]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412828.
Oct 14 18:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27202]: pam_unix(cron:session): session closed for user root
Oct 14 18:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31006]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 18:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omarabas.com@198.199.94.12 rhost=::ffff:45.142.193.185
Oct 14 18:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 18:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omarabas.com rhost=::ffff:45.142.193.185
Oct 14 18:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29899]: pam_unix(cron:session): session closed for user root
Oct 14 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31673]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31674]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31672]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session closed for user root
Oct 14 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31671]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31744]: Successful su for rubyman by root
Oct 14 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31744]: + ??? root:rubyman
Oct 14 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412833 of user rubyman.
Oct 14 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31744]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412833.
Oct 14 18:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28023]: pam_unix(cron:session): session closed for user root
Oct 14 18:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31672]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30418]: pam_unix(cron:session): session closed for user root
Oct 14 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32213]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32205]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32203]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32287]: Successful su for rubyman by root
Oct 14 18:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32287]: + ??? root:rubyman
Oct 14 18:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412837 of user rubyman.
Oct 14 18:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32287]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412837.
Oct 14 18:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28746]: pam_unix(cron:session): session closed for user root
Oct 14 18:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32204]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31008]: pam_unix(cron:session): session closed for user root
Oct 14 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32665]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32662]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32660]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32743]: Successful su for rubyman by root
Oct 14 18:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32743]: + ??? root:rubyman
Oct 14 18:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412841 of user rubyman.
Oct 14 18:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32743]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412841.
Oct 14 18:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29376]: pam_unix(cron:session): session closed for user root
Oct 14 18:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32661]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[536]: Invalid user admin from 80.94.95.115
Oct 14 18:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[536]: input_userauth_request: invalid user admin [preauth]
Oct 14 18:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[536]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Oct 14 18:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[536]: Failed password for invalid user admin from 80.94.95.115 port 59658 ssh2
Oct 14 18:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[536]: Connection closed by 80.94.95.115 port 59658 [preauth]
Oct 14 18:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[515]: Invalid user lyy from 138.68.58.124
Oct 14 18:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[515]: input_userauth_request: invalid user lyy [preauth]
Oct 14 18:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[515]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Oct 14 18:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[515]: Failed password for invalid user lyy from 138.68.58.124 port 57530 ssh2
Oct 14 18:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[515]: Connection closed by 138.68.58.124 port 57530 [preauth]
Oct 14 18:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31674]: pam_unix(cron:session): session closed for user root
Oct 14 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[666]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[667]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[665]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[664]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[667]: pam_unix(cron:session): session closed for user root
Oct 14 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[656]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[748]: Successful su for rubyman by root
Oct 14 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[748]: + ??? root:rubyman
Oct 14 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412845 of user rubyman.
Oct 14 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[748]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412845.
Oct 14 18:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[664]: pam_unix(cron:session): session closed for user root
Oct 14 18:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29898]: pam_unix(cron:session): session closed for user root
Oct 14 18:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[663]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32213]: pam_unix(cron:session): session closed for user root
Oct 14 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1268]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1267]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1265]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1345]: Successful su for rubyman by root
Oct 14 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1345]: + ??? root:rubyman
Oct 14 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412852 of user rubyman.
Oct 14 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1345]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412852.
Oct 14 18:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30417]: pam_unix(cron:session): session closed for user root
Oct 14 18:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1266]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32665]: pam_unix(cron:session): session closed for user root
Oct 14 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1781]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1782]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1778]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1850]: Successful su for rubyman by root
Oct 14 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1850]: + ??? root:rubyman
Oct 14 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412856 of user rubyman.
Oct 14 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1850]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412856.
Oct 14 18:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31007]: pam_unix(cron:session): session closed for user root
Oct 14 18:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1780]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 18:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2220]: Failed password for root from 80.211.129.128 port 50918 ssh2
Oct 14 18:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2220]: Connection closed by 80.211.129.128 port 50918 [preauth]
Oct 14 18:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[666]: pam_unix(cron:session): session closed for user root
Oct 14 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2329]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2327]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2324]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2393]: Successful su for rubyman by root
Oct 14 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2393]: + ??? root:rubyman
Oct 14 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412859 of user rubyman.
Oct 14 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Invalid user admin from 2.57.121.25
Oct 14 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: input_userauth_request: invalid user admin [preauth]
Oct 14 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2393]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412859.
Oct 14 18:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Failed password for invalid user admin from 2.57.121.25 port 19623 ssh2
Oct 14 18:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Failed password for invalid user admin from 2.57.121.25 port 19623 ssh2
Oct 14 18:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Failed password for invalid user admin from 2.57.121.25 port 19623 ssh2
Oct 14 18:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31673]: pam_unix(cron:session): session closed for user root
Oct 14 18:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Failed password for invalid user admin from 2.57.121.25 port 19623 ssh2
Oct 14 18:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Failed password for invalid user admin from 2.57.121.25 port 19623 ssh2
Oct 14 18:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Received disconnect from 2.57.121.25 port 19623:11: Bye [preauth]
Oct 14 18:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: Disconnected from 2.57.121.25 port 19623 [preauth]
Oct 14 18:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 18:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2380]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 18:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2325]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1268]: pam_unix(cron:session): session closed for user root
Oct 14 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2776]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2779]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2778]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2774]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2846]: Successful su for rubyman by root
Oct 14 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2846]: + ??? root:rubyman
Oct 14 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2846]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412863 of user rubyman.
Oct 14 18:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2846]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412863.
Oct 14 18:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: Invalid user erp from 186.96.145.241
Oct 14 18:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: input_userauth_request: invalid user erp [preauth]
Oct 14 18:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 14 18:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: Failed password for invalid user erp from 186.96.145.241 port 57246 ssh2
Oct 14 18:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: Connection closed by 186.96.145.241 port 57246 [preauth]
Oct 14 18:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32205]: pam_unix(cron:session): session closed for user root
Oct 14 18:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2776]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1782]: pam_unix(cron:session): session closed for user root
Oct 14 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3214]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3217]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3216]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3215]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3217]: pam_unix(cron:session): session closed for user root
Oct 14 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3212]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3317]: Successful su for rubyman by root
Oct 14 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3317]: + ??? root:rubyman
Oct 14 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412870 of user rubyman.
Oct 14 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3317]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412870.
Oct 14 18:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3214]: pam_unix(cron:session): session closed for user root
Oct 14 18:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32662]: pam_unix(cron:session): session closed for user root
Oct 14 18:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3213]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2329]: pam_unix(cron:session): session closed for user root
Oct 14 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3707]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3708]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3705]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3792]: Successful su for rubyman by root
Oct 14 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3792]: + ??? root:rubyman
Oct 14 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412873 of user rubyman.
Oct 14 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3792]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412873.
Oct 14 18:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[665]: pam_unix(cron:session): session closed for user root
Oct 14 18:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3706]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2779]: pam_unix(cron:session): session closed for user root
Oct 14 18:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4210]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4209]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: Connection closed by 103.29.70.204 port 55254 [preauth]
Oct 14 18:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4308]: Successful su for rubyman by root
Oct 14 18:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4308]: + ??? root:rubyman
Oct 14 18:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4308]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412877 of user rubyman.
Oct 14 18:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4308]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412877.
Oct 14 18:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1267]: pam_unix(cron:session): session closed for user root
Oct 14 18:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4475]: Invalid user admin from 80.94.95.116
Oct 14 18:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4475]: input_userauth_request: invalid user admin [preauth]
Oct 14 18:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4475]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 14 18:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4475]: Failed password for invalid user admin from 80.94.95.116 port 30896 ssh2
Oct 14 18:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4475]: Connection closed by 80.94.95.116 port 30896 [preauth]
Oct 14 18:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3216]: pam_unix(cron:session): session closed for user root
Oct 14 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4727]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4725]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4723]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4793]: Successful su for rubyman by root
Oct 14 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4793]: + ??? root:rubyman
Oct 14 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412881 of user rubyman.
Oct 14 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4793]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412881.
Oct 14 18:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1781]: pam_unix(cron:session): session closed for user root
Oct 14 18:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4724]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3708]: pam_unix(cron:session): session closed for user root
Oct 14 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5676]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5675]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5671]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5749]: Successful su for rubyman by root
Oct 14 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5749]: + ??? root:rubyman
Oct 14 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412885 of user rubyman.
Oct 14 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5749]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412885.
Oct 14 18:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2327]: pam_unix(cron:session): session closed for user root
Oct 14 18:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5674]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4210]: pam_unix(cron:session): session closed for user root
Oct 14 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6142]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6141]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6140]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6139]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6142]: pam_unix(cron:session): session closed for user root
Oct 14 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6136]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6221]: Successful su for rubyman by root
Oct 14 18:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6221]: + ??? root:rubyman
Oct 14 18:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412891 of user rubyman.
Oct 14 18:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6221]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412891.
Oct 14 18:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6139]: pam_unix(cron:session): session closed for user root
Oct 14 18:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2778]: pam_unix(cron:session): session closed for user root
Oct 14 18:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6137]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4727]: pam_unix(cron:session): session closed for user root
Oct 14 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6716]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6715]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6718]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6714]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6714]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6800]: Successful su for rubyman by root
Oct 14 18:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6800]: + ??? root:rubyman
Oct 14 18:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412896 of user rubyman.
Oct 14 18:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6800]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412896.
Oct 14 18:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3215]: pam_unix(cron:session): session closed for user root
Oct 14 18:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6715]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5676]: pam_unix(cron:session): session closed for user root
Oct 14 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7272]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7270]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7267]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7343]: Successful su for rubyman by root
Oct 14 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7343]: + ??? root:rubyman
Oct 14 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412900 of user rubyman.
Oct 14 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7343]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412900.
Oct 14 18:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3707]: pam_unix(cron:session): session closed for user root
Oct 14 18:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7268]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6141]: pam_unix(cron:session): session closed for user root
Oct 14 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7737]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7736]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7733]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7816]: Successful su for rubyman by root
Oct 14 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7816]: + ??? root:rubyman
Oct 14 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412903 of user rubyman.
Oct 14 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7816]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412903.
Oct 14 18:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4209]: pam_unix(cron:session): session closed for user root
Oct 14 18:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7734]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6718]: pam_unix(cron:session): session closed for user root
Oct 14 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8646]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8645]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8643]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8716]: Successful su for rubyman by root
Oct 14 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8716]: + ??? root:rubyman
Oct 14 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8716]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412909 of user rubyman.
Oct 14 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8716]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412909.
Oct 14 18:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4725]: pam_unix(cron:session): session closed for user root
Oct 14 18:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8644]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7272]: pam_unix(cron:session): session closed for user root
Oct 14 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9325]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9328]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9318]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9322]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9327]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9328]: pam_unix(cron:session): session closed for user root
Oct 14 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9318]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[9418]: Successful su for rubyman by root
Oct 14 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[9418]: + ??? root:rubyman
Oct 14 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[9418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412915 of user rubyman.
Oct 14 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[9418]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412915.
Oct 14 18:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9322]: pam_unix(cron:session): session closed for user root
Oct 14 18:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5675]: pam_unix(cron:session): session closed for user root
Oct 14 18:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9319]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7737]: pam_unix(cron:session): session closed for user root
Oct 14 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9981]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9982]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9978]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10069]: Successful su for rubyman by root
Oct 14 18:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10069]: + ??? root:rubyman
Oct 14 18:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10069]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412917 of user rubyman.
Oct 14 18:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10069]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412917.
Oct 14 18:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6140]: pam_unix(cron:session): session closed for user root
Oct 14 18:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9979]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8646]: pam_unix(cron:session): session closed for user root
Oct 14 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10479]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10478]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10476]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10548]: Successful su for rubyman by root
Oct 14 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10548]: + ??? root:rubyman
Oct 14 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412922 of user rubyman.
Oct 14 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10548]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412922.
Oct 14 18:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6716]: pam_unix(cron:session): session closed for user root
Oct 14 18:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10477]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: Invalid user username from 194.0.234.93
Oct 14 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: input_userauth_request: invalid user username [preauth]
Oct 14 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.93
Oct 14 18:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: Failed password for invalid user username from 194.0.234.93 port 47056 ssh2
Oct 14 18:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: Connection closed by 194.0.234.93 port 47056 [preauth]
Oct 14 18:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9327]: pam_unix(cron:session): session closed for user root
Oct 14 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10938]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10937]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10935]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11016]: Successful su for rubyman by root
Oct 14 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11016]: + ??? root:rubyman
Oct 14 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412925 of user rubyman.
Oct 14 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11016]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412925.
Oct 14 18:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7270]: pam_unix(cron:session): session closed for user root
Oct 14 18:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10936]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9982]: pam_unix(cron:session): session closed for user root
Oct 14 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11399]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11400]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11395]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11397]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11575]: Successful su for rubyman by root
Oct 14 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11575]: + ??? root:rubyman
Oct 14 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412930 of user rubyman.
Oct 14 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11575]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412930.
Oct 14 18:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11395]: pam_unix(cron:session): session closed for user root
Oct 14 18:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7736]: pam_unix(cron:session): session closed for user root
Oct 14 18:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11398]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10479]: pam_unix(cron:session): session closed for user root
Oct 14 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12073]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12070]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12069]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12072]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12073]: pam_unix(cron:session): session closed for user root
Oct 14 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12067]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[12162]: Successful su for rubyman by root
Oct 14 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[12162]: + ??? root:rubyman
Oct 14 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[12162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412934 of user rubyman.
Oct 14 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[12162]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412934.
Oct 14 18:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12069]: pam_unix(cron:session): session closed for user root
Oct 14 18:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8645]: pam_unix(cron:session): session closed for user root
Oct 14 18:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12068]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10938]: pam_unix(cron:session): session closed for user root
Oct 14 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12589]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12588]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12585]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12691]: Successful su for rubyman by root
Oct 14 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12691]: + ??? root:rubyman
Oct 14 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412943 of user rubyman.
Oct 14 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12691]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412943.
Oct 14 18:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9325]: pam_unix(cron:session): session closed for user root
Oct 14 18:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12586]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11400]: pam_unix(cron:session): session closed for user root
Oct 14 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13100]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13101]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13098]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13097]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13097]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13166]: Successful su for rubyman by root
Oct 14 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13166]: + ??? root:rubyman
Oct 14 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412945 of user rubyman.
Oct 14 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13166]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412945.
Oct 14 18:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9981]: pam_unix(cron:session): session closed for user root
Oct 14 18:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13098]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12072]: pam_unix(cron:session): session closed for user root
Oct 14 18:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26  user=root
Oct 14 18:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13663]: Failed password for root from 2.57.122.26 port 39662 ssh2
Oct 14 18:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13663]: Connection closed by 2.57.122.26 port 39662 [preauth]
Oct 14 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13680]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13679]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13677]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13764]: Successful su for rubyman by root
Oct 14 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13764]: + ??? root:rubyman
Oct 14 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412948 of user rubyman.
Oct 14 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13764]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412948.
Oct 14 18:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10478]: pam_unix(cron:session): session closed for user root
Oct 14 18:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13678]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14121]: Invalid user admin from 80.94.95.116
Oct 14 18:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14121]: input_userauth_request: invalid user admin [preauth]
Oct 14 18:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14121]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 14 18:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14121]: Failed password for invalid user admin from 80.94.95.116 port 23966 ssh2
Oct 14 18:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14121]: Connection closed by 80.94.95.116 port 23966 [preauth]
Oct 14 18:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12589]: pam_unix(cron:session): session closed for user root
Oct 14 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14259]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14258]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14256]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14318]: Successful su for rubyman by root
Oct 14 18:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14318]: + ??? root:rubyman
Oct 14 18:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14318]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412953 of user rubyman.
Oct 14 18:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14318]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412953.
Oct 14 18:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10937]: pam_unix(cron:session): session closed for user root
Oct 14 18:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14257]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13101]: pam_unix(cron:session): session closed for user root
Oct 14 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14691]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14688]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14689]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14690]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14691]: pam_unix(cron:session): session closed for user root
Oct 14 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14685]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14768]: Successful su for rubyman by root
Oct 14 18:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14768]: + ??? root:rubyman
Oct 14 18:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412956 of user rubyman.
Oct 14 18:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14768]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412956.
Oct 14 18:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14688]: pam_unix(cron:session): session closed for user root
Oct 14 18:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11399]: pam_unix(cron:session): session closed for user root
Oct 14 18:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14687]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13680]: pam_unix(cron:session): session closed for user root
Oct 14 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15293]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15294]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15291]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15290]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15389]: Successful su for rubyman by root
Oct 14 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15389]: + ??? root:rubyman
Oct 14 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412964 of user rubyman.
Oct 14 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15389]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412964.
Oct 14 18:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12070]: pam_unix(cron:session): session closed for user root
Oct 14 18:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15291]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14259]: pam_unix(cron:session): session closed for user root
Oct 14 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15755]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15752]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15750]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15817]: Successful su for rubyman by root
Oct 14 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15817]: + ??? root:rubyman
Oct 14 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15817]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412967 of user rubyman.
Oct 14 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15817]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412967.
Oct 14 18:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12588]: pam_unix(cron:session): session closed for user root
Oct 14 18:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15751]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14690]: pam_unix(cron:session): session closed for user root
Oct 14 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16199]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16200]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16197]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16275]: Successful su for rubyman by root
Oct 14 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16275]: + ??? root:rubyman
Oct 14 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412972 of user rubyman.
Oct 14 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16275]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412972.
Oct 14 18:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13100]: pam_unix(cron:session): session closed for user root
Oct 14 18:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16198]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15294]: pam_unix(cron:session): session closed for user root
Oct 14 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16661]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16660]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16662]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16659]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16659]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16733]: Successful su for rubyman by root
Oct 14 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16733]: + ??? root:rubyman
Oct 14 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16733]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412974 of user rubyman.
Oct 14 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16733]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412974.
Oct 14 18:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13679]: pam_unix(cron:session): session closed for user root
Oct 14 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16660]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15755]: pam_unix(cron:session): session closed for user root
Oct 14 18:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: Invalid user ubnt from 185.156.73.233
Oct 14 18:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: input_userauth_request: invalid user ubnt [preauth]
Oct 14 18:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 14 18:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: Failed password for invalid user ubnt from 185.156.73.233 port 63626 ssh2
Oct 14 18:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: Connection closed by 185.156.73.233 port 63626 [preauth]
Oct 14 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17132]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17133]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17131]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17130]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17133]: pam_unix(cron:session): session closed for user root
Oct 14 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17128]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17211]: Successful su for rubyman by root
Oct 14 18:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17211]: + ??? root:rubyman
Oct 14 18:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412979 of user rubyman.
Oct 14 18:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17211]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412979.
Oct 14 18:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17130]: pam_unix(cron:session): session closed for user root
Oct 14 18:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14258]: pam_unix(cron:session): session closed for user root
Oct 14 18:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17368]: Invalid user postgres from 193.32.162.151
Oct 14 18:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17368]: input_userauth_request: invalid user postgres [preauth]
Oct 14 18:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17368]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 18:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 14 18:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17368]: Failed password for invalid user postgres from 193.32.162.151 port 48070 ssh2
Oct 14 18:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17368]: Connection closed by 193.32.162.151 port 48070 [preauth]
Oct 14 18:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17129]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16200]: pam_unix(cron:session): session closed for user root
Oct 14 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17618]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17614]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17611]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17712]: Successful su for rubyman by root
Oct 14 18:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17712]: + ??? root:rubyman
Oct 14 18:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412984 of user rubyman.
Oct 14 18:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17712]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412984.
Oct 14 18:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14689]: pam_unix(cron:session): session closed for user root
Oct 14 18:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17613]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16662]: pam_unix(cron:session): session closed for user root
Oct 14 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18292]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18294]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18286]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18471]: Successful su for rubyman by root
Oct 14 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18471]: + ??? root:rubyman
Oct 14 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412990 of user rubyman.
Oct 14 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18471]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412990.
Oct 14 18:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15293]: pam_unix(cron:session): session closed for user root
Oct 14 18:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18287]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17132]: pam_unix(cron:session): session closed for user root
Oct 14 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18883]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18884]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18880]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18878]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19067]: Successful su for rubyman by root
Oct 14 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19067]: + ??? root:rubyman
Oct 14 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412992 of user rubyman.
Oct 14 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19067]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412992.
Oct 14 18:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15752]: pam_unix(cron:session): session closed for user root
Oct 14 18:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18880]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17618]: pam_unix(cron:session): session closed for user root
Oct 14 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19786]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19787]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19781]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19885]: Successful su for rubyman by root
Oct 14 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19885]: + ??? root:rubyman
Oct 14 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 412998 of user rubyman.
Oct 14 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19885]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 412998.
Oct 14 18:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16199]: pam_unix(cron:session): session closed for user root
Oct 14 18:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19784]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18294]: pam_unix(cron:session): session closed for user root
Oct 14 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20333]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20330]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20329]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20331]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20333]: pam_unix(cron:session): session closed for user root
Oct 14 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20327]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20419]: Successful su for rubyman by root
Oct 14 18:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20419]: + ??? root:rubyman
Oct 14 18:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20419]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413000 of user rubyman.
Oct 14 18:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20419]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413000.
Oct 14 18:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20329]: pam_unix(cron:session): session closed for user root
Oct 14 18:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16661]: pam_unix(cron:session): session closed for user root
Oct 14 18:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20328]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18884]: pam_unix(cron:session): session closed for user root
Oct 14 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20840]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20839]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20837]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20917]: Successful su for rubyman by root
Oct 14 18:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20917]: + ??? root:rubyman
Oct 14 18:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413006 of user rubyman.
Oct 14 18:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20917]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413006.
Oct 14 18:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17131]: pam_unix(cron:session): session closed for user root
Oct 14 18:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20838]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19787]: pam_unix(cron:session): session closed for user root
Oct 14 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21301]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21302]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21303]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21300]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21418]: Successful su for rubyman by root
Oct 14 18:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21418]: + ??? root:rubyman
Oct 14 18:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413010 of user rubyman.
Oct 14 18:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21418]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413010.
Oct 14 18:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17614]: pam_unix(cron:session): session closed for user root
Oct 14 18:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 18:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: User sshd from 185.156.73.233 not allowed because not listed in AllowUsers
Oct 14 18:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: input_userauth_request: invalid user sshd [preauth]
Oct 14 18:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21301]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=sshd
Oct 14 18:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: Failed password for invalid user sshd from 185.156.73.233 port 30800 ssh2
Oct 14 18:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: Connection closed by 185.156.73.233 port 30800 [preauth]
Oct 14 18:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20331]: pam_unix(cron:session): session closed for user root
Oct 14 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21821]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21822]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21818]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21905]: Successful su for rubyman by root
Oct 14 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21905]: + ??? root:rubyman
Oct 14 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413014 of user rubyman.
Oct 14 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21905]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413014.
Oct 14 18:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18292]: pam_unix(cron:session): session closed for user root
Oct 14 18:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21820]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20840]: pam_unix(cron:session): session closed for user root
Oct 14 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22320]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22322]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22317]: pam_unix(cron:session): session closed for user p13x
Oct 14 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22385]: Successful su for rubyman by root
Oct 14 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22385]: + ??? root:rubyman
Oct 14 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413018 of user rubyman.
Oct 14 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22385]: pam_unix(su:session): session closed for user rubyman
Oct 14 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413018.
Oct 14 18:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18883]: pam_unix(cron:session): session closed for user root
Oct 14 18:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22318]: pam_unix(cron:session): session closed for user samftp
Oct 14 18:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21303]: pam_unix(cron:session): session closed for user root
Oct 14 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23113]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23110]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23109]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23108]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23112]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23108]: pam_unix(cron:session): session closed for user root
Oct 14 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23113]: pam_unix(cron:session): session closed for user root
Oct 14 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23101]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[23272]: Successful su for rubyman by root
Oct 14 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[23272]: + ??? root:rubyman
Oct 14 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[23272]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413022 of user rubyman.
Oct 14 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[23272]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413022.
Oct 14 19:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23109]: pam_unix(cron:session): session closed for user root
Oct 14 19:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19786]: pam_unix(cron:session): session closed for user root
Oct 14 19:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: Invalid user admin from 2.57.121.112
Oct 14 19:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: input_userauth_request: invalid user admin [preauth]
Oct 14 19:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 19:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: Failed password for invalid user admin from 2.57.121.112 port 18688 ssh2
Oct 14 19:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: Failed password for invalid user admin from 2.57.121.112 port 18688 ssh2
Oct 14 19:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: Failed password for invalid user admin from 2.57.121.112 port 18688 ssh2
Oct 14 19:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: Failed password for invalid user admin from 2.57.121.112 port 18688 ssh2
Oct 14 19:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: Failed password for invalid user admin from 2.57.121.112 port 18688 ssh2
Oct 14 19:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: Received disconnect from 2.57.121.112 port 18688:11: Bye [preauth]
Oct 14 19:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: Disconnected from 2.57.121.112 port 18688 [preauth]
Oct 14 19:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 19:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 19:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23107]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21822]: pam_unix(cron:session): session closed for user root
Oct 14 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24072]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24067]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24065]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24173]: Successful su for rubyman by root
Oct 14 19:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24173]: + ??? root:rubyman
Oct 14 19:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24173]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413030 of user rubyman.
Oct 14 19:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24173]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413030.
Oct 14 19:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20330]: pam_unix(cron:session): session closed for user root
Oct 14 19:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24066]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22322]: pam_unix(cron:session): session closed for user root
Oct 14 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24594]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24595]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24592]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24679]: Successful su for rubyman by root
Oct 14 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24679]: + ??? root:rubyman
Oct 14 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413034 of user rubyman.
Oct 14 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24679]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413034.
Oct 14 19:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20839]: pam_unix(cron:session): session closed for user root
Oct 14 19:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24593]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23112]: pam_unix(cron:session): session closed for user root
Oct 14 19:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 19:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omarab12@198.199.94.12 rhost=::ffff:45.142.193.185
Oct 14 19:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 19:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=omarab12 rhost=::ffff:45.142.193.185
Oct 14 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25105]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25097]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25104]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25097]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25197]: Successful su for rubyman by root
Oct 14 19:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25197]: + ??? root:rubyman
Oct 14 19:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413037 of user rubyman.
Oct 14 19:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25197]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413037.
Oct 14 19:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21302]: pam_unix(cron:session): session closed for user root
Oct 14 19:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25103]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24072]: pam_unix(cron:session): session closed for user root
Oct 14 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25888]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25887]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25793]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25969]: Successful su for rubyman by root
Oct 14 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25969]: + ??? root:rubyman
Oct 14 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25969]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413042 of user rubyman.
Oct 14 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25969]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413042.
Oct 14 19:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21821]: pam_unix(cron:session): session closed for user root
Oct 14 19:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25794]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24595]: pam_unix(cron:session): session closed for user root
Oct 14 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26376]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26374]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26375]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26377]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26377]: pam_unix(cron:session): session closed for user root
Oct 14 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26369]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: Successful su for rubyman by root
Oct 14 19:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: + ??? root:rubyman
Oct 14 19:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413045 of user rubyman.
Oct 14 19:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413045.
Oct 14 19:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26374]: pam_unix(cron:session): session closed for user root
Oct 14 19:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22320]: pam_unix(cron:session): session closed for user root
Oct 14 19:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26371]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25105]: pam_unix(cron:session): session closed for user root
Oct 14 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27196]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27194]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27191]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27270]: Successful su for rubyman by root
Oct 14 19:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27270]: + ??? root:rubyman
Oct 14 19:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413052 of user rubyman.
Oct 14 19:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27270]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413052.
Oct 14 19:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23110]: pam_unix(cron:session): session closed for user root
Oct 14 19:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27192]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25888]: pam_unix(cron:session): session closed for user root
Oct 14 19:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27938]: Invalid user chun from 20.163.71.109
Oct 14 19:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27938]: input_userauth_request: invalid user chun [preauth]
Oct 14 19:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27938]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 19:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27938]: Failed password for invalid user chun from 20.163.71.109 port 49422 ssh2
Oct 14 19:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27938]: Connection closed by 20.163.71.109 port 49422 [preauth]
Oct 14 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27959]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27960]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27956]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28046]: Successful su for rubyman by root
Oct 14 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28046]: + ??? root:rubyman
Oct 14 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28046]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413055 of user rubyman.
Oct 14 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28046]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413055.
Oct 14 19:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24067]: pam_unix(cron:session): session closed for user root
Oct 14 19:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27957]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: Invalid user hduser from 193.32.162.151
Oct 14 19:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: input_userauth_request: invalid user hduser [preauth]
Oct 14 19:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 14 19:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: Failed password for invalid user hduser from 193.32.162.151 port 49044 ssh2
Oct 14 19:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: Connection closed by 193.32.162.151 port 49044 [preauth]
Oct 14 19:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26376]: pam_unix(cron:session): session closed for user root
Oct 14 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28600]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28602]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28457]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28753]: Successful su for rubyman by root
Oct 14 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28753]: + ??? root:rubyman
Oct 14 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28753]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413059 of user rubyman.
Oct 14 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28753]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413059.
Oct 14 19:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24594]: pam_unix(cron:session): session closed for user root
Oct 14 19:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
Oct 14 19:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28458]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29085]: Failed password for root from 80.94.95.116 port 61264 ssh2
Oct 14 19:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29085]: Connection closed by 80.94.95.116 port 61264 [preauth]
Oct 14 19:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27196]: pam_unix(cron:session): session closed for user root
Oct 14 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29294]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29296]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29280]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29290]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29488]: Successful su for rubyman by root
Oct 14 19:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29488]: + ??? root:rubyman
Oct 14 19:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413066 of user rubyman.
Oct 14 19:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29488]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413066.
Oct 14 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29280]: pam_unix(cron:session): session closed for user root
Oct 14 19:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25104]: pam_unix(cron:session): session closed for user root
Oct 14 19:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29293]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27960]: pam_unix(cron:session): session closed for user root
Oct 14 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29902]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29899]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29898]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29900]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29902]: pam_unix(cron:session): session closed for user root
Oct 14 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29896]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29987]: Successful su for rubyman by root
Oct 14 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29987]: + ??? root:rubyman
Oct 14 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29987]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413068 of user rubyman.
Oct 14 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29987]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413068.
Oct 14 19:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29898]: pam_unix(cron:session): session closed for user root
Oct 14 19:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25887]: pam_unix(cron:session): session closed for user root
Oct 14 19:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29897]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28602]: pam_unix(cron:session): session closed for user root
Oct 14 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30502]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30501]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30472]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30628]: Successful su for rubyman by root
Oct 14 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30628]: + ??? root:rubyman
Oct 14 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30628]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413074 of user rubyman.
Oct 14 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30628]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413074.
Oct 14 19:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26375]: pam_unix(cron:session): session closed for user root
Oct 14 19:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30473]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29296]: pam_unix(cron:session): session closed for user root
Oct 14 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31016]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31011]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31009]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[31111]: Successful su for rubyman by root
Oct 14 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[31111]: + ??? root:rubyman
Oct 14 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[31111]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413080 of user rubyman.
Oct 14 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[31111]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413080.
Oct 14 19:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27194]: pam_unix(cron:session): session closed for user root
Oct 14 19:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31010]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29900]: pam_unix(cron:session): session closed for user root
Oct 14 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31642]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31644]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31640]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31721]: Successful su for rubyman by root
Oct 14 19:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31721]: + ??? root:rubyman
Oct 14 19:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413083 of user rubyman.
Oct 14 19:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31721]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413083.
Oct 14 19:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27959]: pam_unix(cron:session): session closed for user root
Oct 14 19:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31641]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30502]: pam_unix(cron:session): session closed for user root
Oct 14 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32106]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32107]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32104]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32262]: Successful su for rubyman by root
Oct 14 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32262]: + ??? root:rubyman
Oct 14 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413086 of user rubyman.
Oct 14 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32262]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413086.
Oct 14 19:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28600]: pam_unix(cron:session): session closed for user root
Oct 14 19:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32105]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: Invalid user hoge from 164.68.105.9
Oct 14 19:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: input_userauth_request: invalid user hoge [preauth]
Oct 14 19:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 14 19:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31016]: pam_unix(cron:session): session closed for user root
Oct 14 19:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: Failed password for invalid user hoge from 164.68.105.9 port 56604 ssh2
Oct 14 19:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: Connection closed by 164.68.105.9 port 56604 [preauth]
Oct 14 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32636]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32637]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32639]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32640]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32640]: pam_unix(cron:session): session closed for user root
Oct 14 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32632]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32716]: Successful su for rubyman by root
Oct 14 19:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32716]: + ??? root:rubyman
Oct 14 19:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32716]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413094 of user rubyman.
Oct 14 19:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32716]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413094.
Oct 14 19:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32636]: pam_unix(cron:session): session closed for user root
Oct 14 19:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29294]: pam_unix(cron:session): session closed for user root
Oct 14 19:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32635]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31644]: pam_unix(cron:session): session closed for user root
Oct 14 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[669]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[668]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[666]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[751]: Successful su for rubyman by root
Oct 14 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[751]: + ??? root:rubyman
Oct 14 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[751]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413096 of user rubyman.
Oct 14 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[751]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413096.
Oct 14 19:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: Invalid user user from 80.94.95.116
Oct 14 19:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: input_userauth_request: invalid user user [preauth]
Oct 14 19:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 14 19:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: Failed password for invalid user user from 80.94.95.116 port 22538 ssh2
Oct 14 19:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: Connection closed by 80.94.95.116 port 22538 [preauth]
Oct 14 19:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29899]: pam_unix(cron:session): session closed for user root
Oct 14 19:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[667]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32107]: pam_unix(cron:session): session closed for user root
Oct 14 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1254]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1252]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1251]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1253]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1249]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1249]: pam_unix(cron:session): session closed for user root
Oct 14 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1251]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1327]: Successful su for rubyman by root
Oct 14 19:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1327]: + ??? root:rubyman
Oct 14 19:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413100 of user rubyman.
Oct 14 19:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1327]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413100.
Oct 14 19:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30501]: pam_unix(cron:session): session closed for user root
Oct 14 19:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1252]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32639]: pam_unix(cron:session): session closed for user root
Oct 14 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1753]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1754]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1751]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1823]: Successful su for rubyman by root
Oct 14 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1823]: + ??? root:rubyman
Oct 14 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413105 of user rubyman.
Oct 14 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1823]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413105.
Oct 14 19:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31011]: pam_unix(cron:session): session closed for user root
Oct 14 19:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1752]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[669]: pam_unix(cron:session): session closed for user root
Oct 14 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2307]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2306]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2304]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2371]: Successful su for rubyman by root
Oct 14 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2371]: + ??? root:rubyman
Oct 14 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413109 of user rubyman.
Oct 14 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2371]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413109.
Oct 14 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31642]: pam_unix(cron:session): session closed for user root
Oct 14 19:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2305]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1254]: pam_unix(cron:session): session closed for user root
Oct 14 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2753]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2750]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2752]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2749]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2753]: pam_unix(cron:session): session closed for user root
Oct 14 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2747]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2825]: Successful su for rubyman by root
Oct 14 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2825]: + ??? root:rubyman
Oct 14 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413117 of user rubyman.
Oct 14 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2825]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413117.
Oct 14 19:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32106]: pam_unix(cron:session): session closed for user root
Oct 14 19:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2749]: pam_unix(cron:session): session closed for user root
Oct 14 19:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2748]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1754]: pam_unix(cron:session): session closed for user root
Oct 14 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3218]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3217]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3215]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3215]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3310]: Successful su for rubyman by root
Oct 14 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3310]: + ??? root:rubyman
Oct 14 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3310]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413119 of user rubyman.
Oct 14 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3310]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413119.
Oct 14 19:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32637]: pam_unix(cron:session): session closed for user root
Oct 14 19:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3216]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2307]: pam_unix(cron:session): session closed for user root
Oct 14 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3693]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3692]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3689]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3771]: Successful su for rubyman by root
Oct 14 19:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3771]: + ??? root:rubyman
Oct 14 19:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413124 of user rubyman.
Oct 14 19:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3771]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413124.
Oct 14 19:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[668]: pam_unix(cron:session): session closed for user root
Oct 14 19:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3691]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2752]: pam_unix(cron:session): session closed for user root
Oct 14 19:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: Invalid user sysop from 209.141.53.162
Oct 14 19:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: input_userauth_request: invalid user sysop [preauth]
Oct 14 19:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.53.162
Oct 14 19:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: Failed password for invalid user sysop from 209.141.53.162 port 55122 ssh2
Oct 14 19:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: Connection closed by 209.141.53.162 port 55122 [preauth]
Oct 14 19:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: Invalid user sysop from 209.141.53.162
Oct 14 19:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: input_userauth_request: invalid user sysop [preauth]
Oct 14 19:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: Failed none for invalid user sysop from 209.141.53.162 port 55132 ssh2
Oct 14 19:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: Connection closed by 209.141.53.162 port 55132 [preauth]
Oct 14 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4183]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4182]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4180]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4287]: Successful su for rubyman by root
Oct 14 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4287]: + ??? root:rubyman
Oct 14 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413128 of user rubyman.
Oct 14 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4287]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413128.
Oct 14 19:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1253]: pam_unix(cron:session): session closed for user root
Oct 14 19:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4181]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
Oct 14 19:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: Failed password for root from 80.94.95.115 port 34574 ssh2
Oct 14 19:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4506]: Connection closed by 80.94.95.115 port 34574 [preauth]
Oct 14 19:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3218]: pam_unix(cron:session): session closed for user root
Oct 14 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4705]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4706]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4702]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4781]: Successful su for rubyman by root
Oct 14 19:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4781]: + ??? root:rubyman
Oct 14 19:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413133 of user rubyman.
Oct 14 19:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4781]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413133.
Oct 14 19:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1753]: pam_unix(cron:session): session closed for user root
Oct 14 19:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4703]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3693]: pam_unix(cron:session): session closed for user root
Oct 14 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5655]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5653]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5654]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5659]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5659]: pam_unix(cron:session): session closed for user root
Oct 14 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5651]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5737]: Successful su for rubyman by root
Oct 14 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5737]: + ??? root:rubyman
Oct 14 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413136 of user rubyman.
Oct 14 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5737]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413136.
Oct 14 19:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5653]: pam_unix(cron:session): session closed for user root
Oct 14 19:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2306]: pam_unix(cron:session): session closed for user root
Oct 14 19:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5652]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4183]: pam_unix(cron:session): session closed for user root
Oct 14 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6160]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6161]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6157]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6231]: Successful su for rubyman by root
Oct 14 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6231]: + ??? root:rubyman
Oct 14 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413142 of user rubyman.
Oct 14 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6231]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413142.
Oct 14 19:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2750]: pam_unix(cron:session): session closed for user root
Oct 14 19:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6158]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4706]: pam_unix(cron:session): session closed for user root
Oct 14 19:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: Invalid user user from 62.60.131.157
Oct 14 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: input_userauth_request: invalid user user [preauth]
Oct 14 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 19:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: Failed password for invalid user user from 62.60.131.157 port 22663 ssh2
Oct 14 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6716]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6715]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6713]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6784]: Successful su for rubyman by root
Oct 14 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6784]: + ??? root:rubyman
Oct 14 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413147 of user rubyman.
Oct 14 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6784]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413147.
Oct 14 19:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: Failed password for invalid user user from 62.60.131.157 port 22663 ssh2
Oct 14 19:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: Failed password for invalid user user from 62.60.131.157 port 22663 ssh2
Oct 14 19:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: Failed password for invalid user user from 62.60.131.157 port 22663 ssh2
Oct 14 19:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3217]: pam_unix(cron:session): session closed for user root
Oct 14 19:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: Failed password for invalid user user from 62.60.131.157 port 22663 ssh2
Oct 14 19:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: Received disconnect from 62.60.131.157 port 22663:11: Bye [preauth]
Oct 14 19:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: Disconnected from 62.60.131.157 port 22663 [preauth]
Oct 14 19:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 19:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 19:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6714]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5655]: pam_unix(cron:session): session closed for user root
Oct 14 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7264]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7263]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7261]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7333]: Successful su for rubyman by root
Oct 14 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7333]: + ??? root:rubyman
Oct 14 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7333]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413149 of user rubyman.
Oct 14 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7333]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413149.
Oct 14 19:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3692]: pam_unix(cron:session): session closed for user root
Oct 14 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7262]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6161]: pam_unix(cron:session): session closed for user root
Oct 14 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7729]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7731]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7730]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7727]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7809]: Successful su for rubyman by root
Oct 14 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7809]: + ??? root:rubyman
Oct 14 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413156 of user rubyman.
Oct 14 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7809]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413156.
Oct 14 19:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4182]: pam_unix(cron:session): session closed for user root
Oct 14 19:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7729]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6716]: pam_unix(cron:session): session closed for user root
Oct 14 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8638]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8637]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8636]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8639]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8639]: pam_unix(cron:session): session closed for user root
Oct 14 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8634]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8715]: Successful su for rubyman by root
Oct 14 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8715]: + ??? root:rubyman
Oct 14 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413158 of user rubyman.
Oct 14 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8715]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413158.
Oct 14 19:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8636]: pam_unix(cron:session): session closed for user root
Oct 14 19:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4705]: pam_unix(cron:session): session closed for user root
Oct 14 19:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8635]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7264]: pam_unix(cron:session): session closed for user root
Oct 14 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9364]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9362]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9363]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9359]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9442]: Successful su for rubyman by root
Oct 14 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9442]: + ??? root:rubyman
Oct 14 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413165 of user rubyman.
Oct 14 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9442]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413165.
Oct 14 19:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5654]: pam_unix(cron:session): session closed for user root
Oct 14 19:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9362]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7731]: pam_unix(cron:session): session closed for user root
Oct 14 19:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9945]: Connection closed by 167.94.138.201 port 53970 [preauth]
Oct 14 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10006]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10007]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10003]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10078]: Successful su for rubyman by root
Oct 14 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10078]: + ??? root:rubyman
Oct 14 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10078]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413167 of user rubyman.
Oct 14 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10078]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413167.
Oct 14 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155  user=root
Oct 14 19:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: Failed password for root from 103.186.0.155 port 52336 ssh2
Oct 14 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: Received disconnect from 103.186.0.155 port 52336:11: Bye Bye [preauth]
Oct 14 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10103]: Disconnected from 103.186.0.155 port 52336 [preauth]
Oct 14 19:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6160]: pam_unix(cron:session): session closed for user root
Oct 14 19:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10004]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: Invalid user operator from 80.94.95.115
Oct 14 19:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: input_userauth_request: invalid user operator [preauth]
Oct 14 19:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Oct 14 19:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: Failed password for invalid user operator from 80.94.95.115 port 55058 ssh2
Oct 14 19:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: Connection closed by 80.94.95.115 port 55058 [preauth]
Oct 14 19:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8638]: pam_unix(cron:session): session closed for user root
Oct 14 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10499]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10497]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10495]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10570]: Successful su for rubyman by root
Oct 14 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10570]: + ??? root:rubyman
Oct 14 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413171 of user rubyman.
Oct 14 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10570]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413171.
Oct 14 19:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6715]: pam_unix(cron:session): session closed for user root
Oct 14 19:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10496]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9364]: pam_unix(cron:session): session closed for user root
Oct 14 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10968]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10965]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10962]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11036]: Successful su for rubyman by root
Oct 14 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11036]: + ??? root:rubyman
Oct 14 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413176 of user rubyman.
Oct 14 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11036]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413176.
Oct 14 19:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7263]: pam_unix(cron:session): session closed for user root
Oct 14 19:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218  user=root
Oct 14 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Failed password for root from 160.202.8.218 port 39242 ssh2
Oct 14 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Received disconnect from 160.202.8.218 port 39242:11: Bye Bye [preauth]
Oct 14 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Disconnected from 160.202.8.218 port 39242 [preauth]
Oct 14 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10964]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11326]: Did not receive identification string from 166.186.196.126
Oct 14 19:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10007]: pam_unix(cron:session): session closed for user root
Oct 14 19:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: Invalid user bright from 103.186.0.155
Oct 14 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: input_userauth_request: invalid user bright [preauth]
Oct 14 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 19:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: Failed password for invalid user bright from 103.186.0.155 port 39476 ssh2
Oct 14 19:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: Received disconnect from 103.186.0.155 port 39476:11: Bye Bye [preauth]
Oct 14 19:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: Disconnected from 103.186.0.155 port 39476 [preauth]
Oct 14 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11431]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11432]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11430]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11433]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11433]: pam_unix(cron:session): session closed for user root
Oct 14 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11428]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11511]: Successful su for rubyman by root
Oct 14 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11511]: + ??? root:rubyman
Oct 14 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413181 of user rubyman.
Oct 14 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11511]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413181.
Oct 14 19:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11430]: pam_unix(cron:session): session closed for user root
Oct 14 19:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7730]: pam_unix(cron:session): session closed for user root
Oct 14 19:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11429]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10499]: pam_unix(cron:session): session closed for user root
Oct 14 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12025]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12023]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12022]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12109]: Successful su for rubyman by root
Oct 14 19:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12109]: + ??? root:rubyman
Oct 14 19:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12109]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413186 of user rubyman.
Oct 14 19:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12109]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413186.
Oct 14 19:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12265]: Did not receive identification string from 161.35.210.149
Oct 14 19:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12294]: Did not receive identification string from 161.35.210.149
Oct 14 19:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8637]: pam_unix(cron:session): session closed for user root
Oct 14 19:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12023]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155  user=root
Oct 14 19:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: Failed password for root from 103.186.0.155 port 37074 ssh2
Oct 14 19:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: Received disconnect from 103.186.0.155 port 37074:11: Bye Bye [preauth]
Oct 14 19:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: Disconnected from 103.186.0.155 port 37074 [preauth]
Oct 14 19:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10968]: pam_unix(cron:session): session closed for user root
Oct 14 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12535]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12534]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12532]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12532]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12609]: Successful su for rubyman by root
Oct 14 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12609]: + ??? root:rubyman
Oct 14 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413189 of user rubyman.
Oct 14 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12609]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413189.
Oct 14 19:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Invalid user support from 78.128.112.74
Oct 14 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: input_userauth_request: invalid user support [preauth]
Oct 14 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Oct 14 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Failed password for invalid user support from 78.128.112.74 port 39060 ssh2
Oct 14 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Connection closed by 78.128.112.74 port 39060 [preauth]
Oct 14 19:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9363]: pam_unix(cron:session): session closed for user root
Oct 14 19:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12533]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26  user=root
Oct 14 19:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: Failed password for root from 2.57.122.26 port 50164 ssh2
Oct 14 19:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: Connection closed by 2.57.122.26 port 50164 [preauth]
Oct 14 19:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11432]: pam_unix(cron:session): session closed for user root
Oct 14 19:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13049]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13048]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13042]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: Invalid user admin from 160.202.8.218
Oct 14 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: input_userauth_request: invalid user admin [preauth]
Oct 14 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13121]: Successful su for rubyman by root
Oct 14 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13121]: + ??? root:rubyman
Oct 14 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413195 of user rubyman.
Oct 14 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13121]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413195.
Oct 14 19:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: Failed password for invalid user admin from 160.202.8.218 port 36064 ssh2
Oct 14 19:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: Received disconnect from 160.202.8.218 port 36064:11: Bye Bye [preauth]
Oct 14 19:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: Disconnected from 160.202.8.218 port 36064 [preauth]
Oct 14 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10006]: pam_unix(cron:session): session closed for user root
Oct 14 19:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13043]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Invalid user tl from 103.186.0.155
Oct 14 19:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: input_userauth_request: invalid user tl [preauth]
Oct 14 19:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 19:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Failed password for invalid user tl from 103.186.0.155 port 46356 ssh2
Oct 14 19:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Received disconnect from 103.186.0.155 port 46356:11: Bye Bye [preauth]
Oct 14 19:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Disconnected from 103.186.0.155 port 46356 [preauth]
Oct 14 19:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12025]: pam_unix(cron:session): session closed for user root
Oct 14 19:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: Invalid user admin from 2.57.121.25
Oct 14 19:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: input_userauth_request: invalid user admin [preauth]
Oct 14 19:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 19:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: Failed password for invalid user admin from 2.57.121.25 port 50328 ssh2
Oct 14 19:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: Failed password for invalid user admin from 2.57.121.25 port 50328 ssh2
Oct 14 19:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: Failed password for invalid user admin from 2.57.121.25 port 50328 ssh2
Oct 14 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13628]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13629]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13624]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13626]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: Failed password for invalid user admin from 2.57.121.25 port 50328 ssh2
Oct 14 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13842]: Successful su for rubyman by root
Oct 14 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13842]: + ??? root:rubyman
Oct 14 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413198 of user rubyman.
Oct 14 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13842]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413198.
Oct 14 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13624]: pam_unix(cron:session): session closed for user root
Oct 14 19:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: Failed password for invalid user admin from 2.57.121.25 port 50328 ssh2
Oct 14 19:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: Received disconnect from 2.57.121.25 port 50328:11: Bye [preauth]
Oct 14 19:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: Disconnected from 2.57.121.25 port 50328 [preauth]
Oct 14 19:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 19:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 19:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10497]: pam_unix(cron:session): session closed for user root
Oct 14 19:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13627]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12535]: pam_unix(cron:session): session closed for user root
Oct 14 19:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: Bad protocol version identification '\026\003\001' from 195.178.110.15 port 44368
Oct 14 19:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14248]: Bad protocol version identification 'GET / HTTP/1.1' from 195.178.110.15 port 44374
Oct 14 19:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 14 19:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14260]: Failed password for root from 164.68.105.9 port 36218 ssh2
Oct 14 19:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14260]: Connection closed by 164.68.105.9 port 36218 [preauth]
Oct 14 19:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14295]: Invalid user vyos from 160.202.8.218
Oct 14 19:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14295]: input_userauth_request: invalid user vyos [preauth]
Oct 14 19:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14295]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 19:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14295]: Failed password for invalid user vyos from 160.202.8.218 port 34382 ssh2
Oct 14 19:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14295]: Received disconnect from 160.202.8.218 port 34382:11: Bye Bye [preauth]
Oct 14 19:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14295]: Disconnected from 160.202.8.218 port 34382 [preauth]
Oct 14 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14310]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14311]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14309]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14308]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14311]: pam_unix(cron:session): session closed for user root
Oct 14 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14306]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14381]: Successful su for rubyman by root
Oct 14 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14381]: + ??? root:rubyman
Oct 14 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413203 of user rubyman.
Oct 14 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14381]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413203.
Oct 14 19:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14308]: pam_unix(cron:session): session closed for user root
Oct 14 19:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10965]: pam_unix(cron:session): session closed for user root
Oct 14 19:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: Invalid user root2 from 103.186.0.155
Oct 14 19:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: input_userauth_request: invalid user root2 [preauth]
Oct 14 19:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 19:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: Failed password for invalid user root2 from 103.186.0.155 port 40908 ssh2
Oct 14 19:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: Received disconnect from 103.186.0.155 port 40908:11: Bye Bye [preauth]
Oct 14 19:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14531]: Disconnected from 103.186.0.155 port 40908 [preauth]
Oct 14 19:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14307]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13049]: pam_unix(cron:session): session closed for user root
Oct 14 19:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 14 19:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14741]: Failed password for root from 185.156.73.233 port 32706 ssh2
Oct 14 19:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14741]: Connection closed by 185.156.73.233 port 32706 [preauth]
Oct 14 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14806]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14804]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14802]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14888]: Successful su for rubyman by root
Oct 14 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14888]: + ??? root:rubyman
Oct 14 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413208 of user rubyman.
Oct 14 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14888]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413208.
Oct 14 19:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11431]: pam_unix(cron:session): session closed for user root
Oct 14 19:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14803]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13629]: pam_unix(cron:session): session closed for user root
Oct 14 19:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: Invalid user bitwarden from 160.202.8.218
Oct 14 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: input_userauth_request: invalid user bitwarden [preauth]
Oct 14 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 19:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: Failed password for invalid user bitwarden from 160.202.8.218 port 60916 ssh2
Oct 14 19:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: Received disconnect from 160.202.8.218 port 60916:11: Bye Bye [preauth]
Oct 14 19:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: Disconnected from 160.202.8.218 port 60916 [preauth]
Oct 14 19:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155  user=root
Oct 14 19:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: Failed password for root from 103.186.0.155 port 58702 ssh2
Oct 14 19:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: Received disconnect from 103.186.0.155 port 58702:11: Bye Bye [preauth]
Oct 14 19:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15380]: Disconnected from 103.186.0.155 port 58702 [preauth]
Oct 14 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15395]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15394]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15392]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15455]: Successful su for rubyman by root
Oct 14 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15455]: + ??? root:rubyman
Oct 14 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413213 of user rubyman.
Oct 14 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15455]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413213.
Oct 14 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session closed for user root
Oct 14 19:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151  user=root
Oct 14 19:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15393]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: Failed password for root from 193.32.162.151 port 43714 ssh2
Oct 14 19:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: Connection closed by 193.32.162.151 port 43714 [preauth]
Oct 14 19:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: Did not receive identification string from 211.223.41.90
Oct 14 19:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15745]: Invalid user sysadmin from 57.128.191.82
Oct 14 19:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15745]: input_userauth_request: invalid user sysadmin [preauth]
Oct 14 19:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15745]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 19:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15745]: Failed password for invalid user sysadmin from 57.128.191.82 port 34494 ssh2
Oct 14 19:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15745]: Received disconnect from 57.128.191.82 port 34494:11: Bye Bye [preauth]
Oct 14 19:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15745]: Disconnected from 57.128.191.82 port 34494 [preauth]
Oct 14 19:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14310]: pam_unix(cron:session): session closed for user root
Oct 14 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15845]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15844]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15842]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15911]: Successful su for rubyman by root
Oct 14 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15911]: + ??? root:rubyman
Oct 14 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413216 of user rubyman.
Oct 14 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15911]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413216.
Oct 14 19:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12534]: pam_unix(cron:session): session closed for user root
Oct 14 19:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15843]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14806]: pam_unix(cron:session): session closed for user root
Oct 14 19:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218  user=root
Oct 14 19:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: Failed password for root from 160.202.8.218 port 59258 ssh2
Oct 14 19:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: Received disconnect from 160.202.8.218 port 59258:11: Bye Bye [preauth]
Oct 14 19:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: Disconnected from 160.202.8.218 port 59258 [preauth]
Oct 14 19:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: Invalid user www from 103.186.0.155
Oct 14 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: input_userauth_request: invalid user www [preauth]
Oct 14 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 19:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: User john from 46.238.32.247 not allowed because not listed in AllowUsers
Oct 14 19:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: input_userauth_request: invalid user john [preauth]
Oct 14 19:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247  user=john
Oct 14 19:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: Failed password for invalid user www from 103.186.0.155 port 53526 ssh2
Oct 14 19:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: Received disconnect from 103.186.0.155 port 53526:11: Bye Bye [preauth]
Oct 14 19:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: Disconnected from 103.186.0.155 port 53526 [preauth]
Oct 14 19:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: Failed password for invalid user john from 46.238.32.247 port 33344 ssh2
Oct 14 19:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: Received disconnect from 46.238.32.247 port 33344:11: Bye Bye [preauth]
Oct 14 19:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: Disconnected from 46.238.32.247 port 33344 [preauth]
Oct 14 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16307]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16304]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16302]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16384]: Successful su for rubyman by root
Oct 14 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16384]: + ??? root:rubyman
Oct 14 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413220 of user rubyman.
Oct 14 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16384]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413220.
Oct 14 19:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13048]: pam_unix(cron:session): session closed for user root
Oct 14 19:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16303]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15395]: pam_unix(cron:session): session closed for user root
Oct 14 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: Invalid user ansible from 57.128.191.82
Oct 14 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: input_userauth_request: invalid user ansible [preauth]
Oct 14 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 19:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: Failed password for invalid user ansible from 57.128.191.82 port 59992 ssh2
Oct 14 19:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: Received disconnect from 57.128.191.82 port 59992:11: Bye Bye [preauth]
Oct 14 19:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16733]: Disconnected from 57.128.191.82 port 59992 [preauth]
Oct 14 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16786]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16784]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16783]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16785]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16786]: pam_unix(cron:session): session closed for user root
Oct 14 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16781]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16861]: Successful su for rubyman by root
Oct 14 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16861]: + ??? root:rubyman
Oct 14 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413224 of user rubyman.
Oct 14 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16861]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413224.
Oct 14 19:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16783]: pam_unix(cron:session): session closed for user root
Oct 14 19:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13628]: pam_unix(cron:session): session closed for user root
Oct 14 19:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16782]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: Invalid user ftpuser from 46.238.32.247
Oct 14 19:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 19:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 19:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: Failed password for invalid user ftpuser from 46.238.32.247 port 38494 ssh2
Oct 14 19:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: Received disconnect from 46.238.32.247 port 38494:11: Bye Bye [preauth]
Oct 14 19:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17150]: Disconnected from 46.238.32.247 port 38494 [preauth]
Oct 14 19:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15845]: pam_unix(cron:session): session closed for user root
Oct 14 19:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218  user=root
Oct 14 19:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Failed password for root from 160.202.8.218 port 57592 ssh2
Oct 14 19:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Received disconnect from 160.202.8.218 port 57592:11: Bye Bye [preauth]
Oct 14 19:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Disconnected from 160.202.8.218 port 57592 [preauth]
Oct 14 19:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: Invalid user papio from 103.186.0.155
Oct 14 19:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: input_userauth_request: invalid user papio [preauth]
Oct 14 19:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 19:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: Failed password for invalid user papio from 103.186.0.155 port 34934 ssh2
Oct 14 19:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: Received disconnect from 103.186.0.155 port 34934:11: Bye Bye [preauth]
Oct 14 19:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: Disconnected from 103.186.0.155 port 34934 [preauth]
Oct 14 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17285]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17286]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17283]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17367]: Successful su for rubyman by root
Oct 14 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17367]: + ??? root:rubyman
Oct 14 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413232 of user rubyman.
Oct 14 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17367]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413232.
Oct 14 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Invalid user sol from 57.128.191.82
Oct 14 19:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: input_userauth_request: invalid user sol [preauth]
Oct 14 19:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 19:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Failed password for invalid user sol from 57.128.191.82 port 50306 ssh2
Oct 14 19:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Received disconnect from 57.128.191.82 port 50306:11: Bye Bye [preauth]
Oct 14 19:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Disconnected from 57.128.191.82 port 50306 [preauth]
Oct 14 19:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14309]: pam_unix(cron:session): session closed for user root
Oct 14 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17284]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16307]: pam_unix(cron:session): session closed for user root
Oct 14 19:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17710]: Invalid user sysadmin from 46.238.32.247
Oct 14 19:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17710]: input_userauth_request: invalid user sysadmin [preauth]
Oct 14 19:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17710]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 19:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17710]: Failed password for invalid user sysadmin from 46.238.32.247 port 42744 ssh2
Oct 14 19:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17710]: Received disconnect from 46.238.32.247 port 42744:11: Bye Bye [preauth]
Oct 14 19:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17710]: Disconnected from 46.238.32.247 port 42744 [preauth]
Oct 14 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17785]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17783]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17781]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17900]: Successful su for rubyman by root
Oct 14 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17900]: + ??? root:rubyman
Oct 14 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413235 of user rubyman.
Oct 14 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17900]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413235.
Oct 14 19:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14804]: pam_unix(cron:session): session closed for user root
Oct 14 19:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17782]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: Invalid user administrator from 57.128.191.82
Oct 14 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: input_userauth_request: invalid user administrator [preauth]
Oct 14 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 19:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: Failed password for invalid user administrator from 57.128.191.82 port 43942 ssh2
Oct 14 19:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: Received disconnect from 57.128.191.82 port 43942:11: Bye Bye [preauth]
Oct 14 19:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: Disconnected from 57.128.191.82 port 43942 [preauth]
Oct 14 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: Invalid user adminuser from 160.202.8.218
Oct 14 19:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: input_userauth_request: invalid user adminuser [preauth]
Oct 14 19:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 19:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: Failed password for invalid user adminuser from 160.202.8.218 port 55894 ssh2
Oct 14 19:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: Received disconnect from 160.202.8.218 port 55894:11: Bye Bye [preauth]
Oct 14 19:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18313]: Disconnected from 160.202.8.218 port 55894 [preauth]
Oct 14 19:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16785]: pam_unix(cron:session): session closed for user root
Oct 14 19:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155  user=root
Oct 14 19:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: Failed password for root from 103.186.0.155 port 49046 ssh2
Oct 14 19:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: Received disconnect from 103.186.0.155 port 49046:11: Bye Bye [preauth]
Oct 14 19:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: Disconnected from 103.186.0.155 port 49046 [preauth]
Oct 14 19:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18521]: User john from 46.238.32.247 not allowed because not listed in AllowUsers
Oct 14 19:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18521]: input_userauth_request: invalid user john [preauth]
Oct 14 19:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247  user=john
Oct 14 19:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18521]: Failed password for invalid user john from 46.238.32.247 port 46990 ssh2
Oct 14 19:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18521]: Received disconnect from 46.238.32.247 port 46990:11: Bye Bye [preauth]
Oct 14 19:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18521]: Disconnected from 46.238.32.247 port 46990 [preauth]
Oct 14 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18545]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18544]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18540]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18540]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18626]: Successful su for rubyman by root
Oct 14 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18626]: + ??? root:rubyman
Oct 14 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413239 of user rubyman.
Oct 14 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18626]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413239.
Oct 14 19:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15394]: pam_unix(cron:session): session closed for user root
Oct 14 19:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18542]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: Invalid user oracle from 57.128.191.82
Oct 14 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: input_userauth_request: invalid user oracle [preauth]
Oct 14 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 19:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: Failed password for invalid user oracle from 57.128.191.82 port 36526 ssh2
Oct 14 19:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: Received disconnect from 57.128.191.82 port 36526:11: Bye Bye [preauth]
Oct 14 19:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: Disconnected from 57.128.191.82 port 36526 [preauth]
Oct 14 19:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: Invalid user 12345 from 185.156.73.233
Oct 14 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: input_userauth_request: invalid user 12345 [preauth]
Oct 14 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17286]: pam_unix(cron:session): session closed for user root
Oct 14 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 14 19:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: Failed password for invalid user 12345 from 185.156.73.233 port 63788 ssh2
Oct 14 19:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: Connection closed by 185.156.73.233 port 63788 [preauth]
Oct 14 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19146]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19147]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19144]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19229]: Successful su for rubyman by root
Oct 14 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19229]: + ??? root:rubyman
Oct 14 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413243 of user rubyman.
Oct 14 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19229]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413243.
Oct 14 19:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19609]: Invalid user sysadmin from 46.238.32.247
Oct 14 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19609]: input_userauth_request: invalid user sysadmin [preauth]
Oct 14 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19609]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15844]: pam_unix(cron:session): session closed for user root
Oct 14 19:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19609]: Failed password for invalid user sysadmin from 46.238.32.247 port 51242 ssh2
Oct 14 19:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19609]: Received disconnect from 46.238.32.247 port 51242:11: Bye Bye [preauth]
Oct 14 19:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19609]: Disconnected from 46.238.32.247 port 51242 [preauth]
Oct 14 19:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19145]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Invalid user ming from 160.202.8.218
Oct 14 19:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: input_userauth_request: invalid user ming [preauth]
Oct 14 19:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 19:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Failed password for invalid user ming from 160.202.8.218 port 54216 ssh2
Oct 14 19:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Received disconnect from 160.202.8.218 port 54216:11: Bye Bye [preauth]
Oct 14 19:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Disconnected from 160.202.8.218 port 54216 [preauth]
Oct 14 19:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17785]: pam_unix(cron:session): session closed for user root
Oct 14 19:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: User john from 57.128.191.82 not allowed because not listed in AllowUsers
Oct 14 19:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: input_userauth_request: invalid user john [preauth]
Oct 14 19:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82  user=john
Oct 14 19:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19919]: Invalid user user01 from 103.186.0.155
Oct 14 19:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19919]: input_userauth_request: invalid user user01 [preauth]
Oct 14 19:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19919]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 19:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Failed password for invalid user john from 57.128.191.82 port 43794 ssh2
Oct 14 19:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Received disconnect from 57.128.191.82 port 43794:11: Bye Bye [preauth]
Oct 14 19:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Disconnected from 57.128.191.82 port 43794 [preauth]
Oct 14 19:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19919]: Failed password for invalid user user01 from 103.186.0.155 port 55730 ssh2
Oct 14 19:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19919]: Received disconnect from 103.186.0.155 port 55730:11: Bye Bye [preauth]
Oct 14 19:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19919]: Disconnected from 103.186.0.155 port 55730 [preauth]
Oct 14 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19990]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19985]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19988]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19987]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19990]: pam_unix(cron:session): session closed for user root
Oct 14 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19983]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20085]: Successful su for rubyman by root
Oct 14 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20085]: + ??? root:rubyman
Oct 14 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413249 of user rubyman.
Oct 14 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20085]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413249.
Oct 14 19:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19985]: pam_unix(cron:session): session closed for user root
Oct 14 19:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16304]: pam_unix(cron:session): session closed for user root
Oct 14 19:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19984]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: Invalid user newuser from 46.238.32.247
Oct 14 19:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: input_userauth_request: invalid user newuser [preauth]
Oct 14 19:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: Failed password for invalid user newuser from 46.238.32.247 port 55490 ssh2
Oct 14 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: Received disconnect from 46.238.32.247 port 55490:11: Bye Bye [preauth]
Oct 14 19:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: Disconnected from 46.238.32.247 port 55490 [preauth]
Oct 14 19:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18545]: pam_unix(cron:session): session closed for user root
Oct 14 19:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20526]: User john from 57.128.191.82 not allowed because not listed in AllowUsers
Oct 14 19:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20526]: input_userauth_request: invalid user john [preauth]
Oct 14 19:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82  user=john
Oct 14 19:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20526]: Failed password for invalid user john from 57.128.191.82 port 37778 ssh2
Oct 14 19:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20526]: Received disconnect from 57.128.191.82 port 37778:11: Bye Bye [preauth]
Oct 14 19:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20526]: Disconnected from 57.128.191.82 port 37778 [preauth]
Oct 14 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20544]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20541]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20542]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20540]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20540]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20627]: Successful su for rubyman by root
Oct 14 19:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20627]: + ??? root:rubyman
Oct 14 19:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20627]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413253 of user rubyman.
Oct 14 19:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20627]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413253.
Oct 14 19:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16784]: pam_unix(cron:session): session closed for user root
Oct 14 19:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218  user=root
Oct 14 19:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20832]: Failed password for root from 160.202.8.218 port 52530 ssh2
Oct 14 19:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20832]: Received disconnect from 160.202.8.218 port 52530:11: Bye Bye [preauth]
Oct 14 19:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20832]: Disconnected from 160.202.8.218 port 52530 [preauth]
Oct 14 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20541]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20934]: Invalid user app from 46.238.32.247
Oct 14 19:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20934]: input_userauth_request: invalid user app [preauth]
Oct 14 19:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20934]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 19:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19147]: pam_unix(cron:session): session closed for user root
Oct 14 19:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20934]: Failed password for invalid user app from 46.238.32.247 port 59740 ssh2
Oct 14 19:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20934]: Received disconnect from 46.238.32.247 port 59740:11: Bye Bye [preauth]
Oct 14 19:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20934]: Disconnected from 46.238.32.247 port 59740 [preauth]
Oct 14 19:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20965]: Failed password for root from 161.35.210.149 port 33082 ssh2
Oct 14 19:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20965]: Connection closed by 161.35.210.149 port 33082 [preauth]
Oct 14 19:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: Invalid user admin from 161.35.210.149
Oct 14 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: input_userauth_request: invalid user admin [preauth]
Oct 14 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: Failed password for invalid user admin from 161.35.210.149 port 33088 ssh2
Oct 14 19:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20968]: Connection closed by 161.35.210.149 port 33088 [preauth]
Oct 14 19:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: Invalid user nemo from 103.186.0.155
Oct 14 19:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: input_userauth_request: invalid user nemo [preauth]
Oct 14 19:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 19:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: Failed password for invalid user nemo from 103.186.0.155 port 45362 ssh2
Oct 14 19:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: Invalid user ubuntu from 161.35.210.149
Oct 14 19:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 19:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: Received disconnect from 103.186.0.155 port 45362:11: Bye Bye [preauth]
Oct 14 19:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: Disconnected from 103.186.0.155 port 45362 [preauth]
Oct 14 19:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: Failed password for invalid user ubuntu from 161.35.210.149 port 33100 ssh2
Oct 14 19:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: Connection closed by 161.35.210.149 port 33100 [preauth]
Oct 14 19:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: Invalid user admin from 161.35.210.149
Oct 14 19:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: input_userauth_request: invalid user admin [preauth]
Oct 14 19:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: Failed password for invalid user admin from 161.35.210.149 port 40974 ssh2
Oct 14 19:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: Connection closed by 161.35.210.149 port 40974 [preauth]
Oct 14 19:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21014]: Invalid user postgres from 161.35.210.149
Oct 14 19:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21014]: input_userauth_request: invalid user postgres [preauth]
Oct 14 19:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21014]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21014]: Failed password for invalid user postgres from 161.35.210.149 port 40982 ssh2
Oct 14 19:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21014]: Connection closed by 161.35.210.149 port 40982 [preauth]
Oct 14 19:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21032]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21033]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21030]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21030]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: Failed password for root from 161.35.210.149 port 46638 ssh2
Oct 14 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: Connection closed by 161.35.210.149 port 46638 [preauth]
Oct 14 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21104]: Successful su for rubyman by root
Oct 14 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21104]: + ??? root:rubyman
Oct 14 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413256 of user rubyman.
Oct 14 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21104]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413256.
Oct 14 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: Failed password for root from 161.35.210.149 port 46650 ssh2
Oct 14 19:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: Connection closed by 161.35.210.149 port 46650 [preauth]
Oct 14 19:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: Invalid user ubuntu from 161.35.210.149
Oct 14 19:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 19:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: Failed password for invalid user ubuntu from 161.35.210.149 port 46656 ssh2
Oct 14 19:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21187]: Connection closed by 161.35.210.149 port 46656 [preauth]
Oct 14 19:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21267]: Invalid user debian from 161.35.210.149
Oct 14 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21267]: input_userauth_request: invalid user debian [preauth]
Oct 14 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21267]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: Invalid user minecraft from 57.128.191.82
Oct 14 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17285]: pam_unix(cron:session): session closed for user root
Oct 14 19:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21267]: Failed password for invalid user debian from 161.35.210.149 port 46670 ssh2
Oct 14 19:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21267]: Connection closed by 161.35.210.149 port 46670 [preauth]
Oct 14 19:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: Failed password for invalid user minecraft from 57.128.191.82 port 48146 ssh2
Oct 14 19:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: Received disconnect from 57.128.191.82 port 48146:11: Bye Bye [preauth]
Oct 14 19:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: Disconnected from 57.128.191.82 port 48146 [preauth]
Oct 14 19:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: Invalid user fa from 161.35.210.149
Oct 14 19:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: input_userauth_request: invalid user fa [preauth]
Oct 14 19:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21031]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: Failed password for invalid user fa from 161.35.210.149 port 59498 ssh2
Oct 14 19:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: Connection closed by 161.35.210.149 port 59498 [preauth]
Oct 14 19:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: Failed password for root from 161.35.210.149 port 59514 ssh2
Oct 14 19:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21414]: Connection closed by 161.35.210.149 port 59514 [preauth]
Oct 14 19:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21425]: Failed password for root from 161.35.210.149 port 41336 ssh2
Oct 14 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21425]: Connection closed by 161.35.210.149 port 41336 [preauth]
Oct 14 19:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Failed password for root from 161.35.210.149 port 41350 ssh2
Oct 14 19:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21438]: Connection closed by 161.35.210.149 port 41350 [preauth]
Oct 14 19:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: Invalid user vyos from 161.35.210.149
Oct 14 19:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: input_userauth_request: invalid user vyos [preauth]
Oct 14 19:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: Failed password for invalid user vyos from 161.35.210.149 port 45036 ssh2
Oct 14 19:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: Connection closed by 161.35.210.149 port 45036 [preauth]
Oct 14 19:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19988]: pam_unix(cron:session): session closed for user root
Oct 14 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: Failed password for root from 161.35.210.149 port 45038 ssh2
Oct 14 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: Connection closed by 161.35.210.149 port 45038 [preauth]
Oct 14 19:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: Invalid user odroid from 161.35.210.149
Oct 14 19:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: input_userauth_request: invalid user odroid [preauth]
Oct 14 19:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: Failed password for invalid user odroid from 161.35.210.149 port 49224 ssh2
Oct 14 19:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21523]: Connection closed by 161.35.210.149 port 49224 [preauth]
Oct 14 19:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21554]: Invalid user ftptest from 46.238.32.247
Oct 14 19:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21554]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 19:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21554]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 19:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21554]: Failed password for invalid user ftptest from 46.238.32.247 port 35754 ssh2
Oct 14 19:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21554]: Received disconnect from 46.238.32.247 port 35754:11: Bye Bye [preauth]
Oct 14 19:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21554]: Disconnected from 46.238.32.247 port 35754 [preauth]
Oct 14 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21556]: Failed password for root from 161.35.210.149 port 49248 ssh2
Oct 14 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21556]: Connection closed by 161.35.210.149 port 49248 [preauth]
Oct 14 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21567]: Failed password for root from 161.35.210.149 port 46342 ssh2
Oct 14 19:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21567]: Connection closed by 161.35.210.149 port 46342 [preauth]
Oct 14 19:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: Invalid user test from 161.35.210.149
Oct 14 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: input_userauth_request: invalid user test [preauth]
Oct 14 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21592]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21588]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21586]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21664]: Successful su for rubyman by root
Oct 14 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21664]: + ??? root:rubyman
Oct 14 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21664]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413260 of user rubyman.
Oct 14 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21664]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413260.
Oct 14 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: Failed password for invalid user test from 161.35.210.149 port 46354 ssh2
Oct 14 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: Connection closed by 161.35.210.149 port 46354 [preauth]
Oct 14 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: Invalid user atl from 160.202.8.218
Oct 14 19:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: input_userauth_request: invalid user atl [preauth]
Oct 14 19:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 19:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: Failed password for root from 161.35.210.149 port 34644 ssh2
Oct 14 19:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: Connection closed by 161.35.210.149 port 34644 [preauth]
Oct 14 19:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Invalid user deploy from 161.35.210.149
Oct 14 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: input_userauth_request: invalid user deploy [preauth]
Oct 14 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: Failed password for invalid user atl from 160.202.8.218 port 50848 ssh2
Oct 14 19:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: Received disconnect from 160.202.8.218 port 50848:11: Bye Bye [preauth]
Oct 14 19:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21759]: Disconnected from 160.202.8.218 port 50848 [preauth]
Oct 14 19:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17783]: pam_unix(cron:session): session closed for user root
Oct 14 19:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Failed password for invalid user deploy from 161.35.210.149 port 34650 ssh2
Oct 14 19:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21783]: Connection closed by 161.35.210.149 port 34650 [preauth]
Oct 14 19:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21882]: Invalid user oracle from 161.35.210.149
Oct 14 19:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21882]: input_userauth_request: invalid user oracle [preauth]
Oct 14 19:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21882]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21882]: Failed password for invalid user oracle from 161.35.210.149 port 48122 ssh2
Oct 14 19:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21882]: Connection closed by 161.35.210.149 port 48122 [preauth]
Oct 14 19:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21910]: Invalid user testuser from 161.35.210.149
Oct 14 19:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21910]: input_userauth_request: invalid user testuser [preauth]
Oct 14 19:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21910]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21587]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21910]: Failed password for invalid user testuser from 161.35.210.149 port 48136 ssh2
Oct 14 19:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21910]: Connection closed by 161.35.210.149 port 48136 [preauth]
Oct 14 19:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21934]: Invalid user frappe from 57.128.191.82
Oct 14 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21934]: input_userauth_request: invalid user frappe [preauth]
Oct 14 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21934]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 19:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21927]: Failed password for root from 161.35.210.149 port 48146 ssh2
Oct 14 19:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21927]: Connection closed by 161.35.210.149 port 48146 [preauth]
Oct 14 19:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: Invalid user es from 161.35.210.149
Oct 14 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: input_userauth_request: invalid user es [preauth]
Oct 14 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21934]: Failed password for invalid user frappe from 57.128.191.82 port 56266 ssh2
Oct 14 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21934]: Received disconnect from 57.128.191.82 port 56266:11: Bye Bye [preauth]
Oct 14 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21934]: Disconnected from 57.128.191.82 port 56266 [preauth]
Oct 14 19:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: Failed password for invalid user es from 161.35.210.149 port 56830 ssh2
Oct 14 19:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: Connection closed by 161.35.210.149 port 56830 [preauth]
Oct 14 19:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: Invalid user ubuntu from 161.35.210.149
Oct 14 19:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 19:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: Failed password for invalid user ubuntu from 161.35.210.149 port 56838 ssh2
Oct 14 19:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21948]: Connection closed by 161.35.210.149 port 56838 [preauth]
Oct 14 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: Invalid user user from 161.35.210.149
Oct 14 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: input_userauth_request: invalid user user [preauth]
Oct 14 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: Failed password for invalid user user from 161.35.210.149 port 56852 ssh2
Oct 14 19:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21990]: Connection closed by 161.35.210.149 port 56852 [preauth]
Oct 14 19:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: Invalid user ansible from 161.35.210.149
Oct 14 19:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: input_userauth_request: invalid user ansible [preauth]
Oct 14 19:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20544]: pam_unix(cron:session): session closed for user root
Oct 14 19:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: Failed password for invalid user ansible from 161.35.210.149 port 47220 ssh2
Oct 14 19:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: Connection closed by 161.35.210.149 port 47220 [preauth]
Oct 14 19:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: Failed password for root from 161.35.210.149 port 32954 ssh2
Oct 14 19:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22034]: Connection closed by 161.35.210.149 port 32954 [preauth]
Oct 14 19:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22045]: Invalid user kali from 161.35.210.149
Oct 14 19:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22045]: input_userauth_request: invalid user kali [preauth]
Oct 14 19:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22045]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155  user=root
Oct 14 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22045]: Failed password for invalid user kali from 161.35.210.149 port 32964 ssh2
Oct 14 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22048]: Failed password for root from 103.186.0.155 port 59990 ssh2
Oct 14 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22045]: Connection closed by 161.35.210.149 port 32964 [preauth]
Oct 14 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22048]: Received disconnect from 103.186.0.155 port 59990:11: Bye Bye [preauth]
Oct 14 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22048]: Disconnected from 103.186.0.155 port 59990 [preauth]
Oct 14 19:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: Failed password for root from 161.35.210.149 port 32970 ssh2
Oct 14 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: Connection closed by 161.35.210.149 port 32970 [preauth]
Oct 14 19:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: Invalid user frappe from 46.238.32.247
Oct 14 19:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: input_userauth_request: invalid user frappe [preauth]
Oct 14 19:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22108]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22109]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22106]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22209]: Successful su for rubyman by root
Oct 14 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22209]: + ??? root:rubyman
Oct 14 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413264 of user rubyman.
Oct 14 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22209]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413264.
Oct 14 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: Failed password for invalid user frappe from 46.238.32.247 port 40000 ssh2
Oct 14 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: Received disconnect from 46.238.32.247 port 40000:11: Bye Bye [preauth]
Oct 14 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22090]: Disconnected from 46.238.32.247 port 40000 [preauth]
Oct 14 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22252]: Failed password for root from 161.35.210.149 port 46710 ssh2
Oct 14 19:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22252]: Connection closed by 161.35.210.149 port 46710 [preauth]
Oct 14 19:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22311]: Invalid user jenkins from 161.35.210.149
Oct 14 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22311]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22311]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22311]: Failed password for invalid user jenkins from 161.35.210.149 port 60288 ssh2
Oct 14 19:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22311]: Connection closed by 161.35.210.149 port 60288 [preauth]
Oct 14 19:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18544]: pam_unix(cron:session): session closed for user root
Oct 14 19:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22107]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: Failed password for root from 161.35.210.149 port 60300 ssh2
Oct 14 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: Connection closed by 161.35.210.149 port 60300 [preauth]
Oct 14 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: Invalid user oracle from 161.35.210.149
Oct 14 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: input_userauth_request: invalid user oracle [preauth]
Oct 14 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: Failed password for invalid user oracle from 161.35.210.149 port 39822 ssh2
Oct 14 19:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: Connection closed by 161.35.210.149 port 39822 [preauth]
Oct 14 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: Invalid user tempuser from 57.128.191.82
Oct 14 19:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: input_userauth_request: invalid user tempuser [preauth]
Oct 14 19:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: Failed password for invalid user tempuser from 57.128.191.82 port 33206 ssh2
Oct 14 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: Received disconnect from 57.128.191.82 port 33206:11: Bye Bye [preauth]
Oct 14 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22503]: Disconnected from 57.128.191.82 port 33206 [preauth]
Oct 14 19:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21033]: pam_unix(cron:session): session closed for user root
Oct 14 19:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: Invalid user ubnt from 161.35.210.149
Oct 14 19:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: input_userauth_request: invalid user ubnt [preauth]
Oct 14 19:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: Failed password for invalid user ubnt from 161.35.210.149 port 37748 ssh2
Oct 14 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: Connection closed by 161.35.210.149 port 37748 [preauth]
Oct 14 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22553]: Invalid user devops from 161.35.210.149
Oct 14 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22553]: input_userauth_request: invalid user devops [preauth]
Oct 14 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22553]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22553]: Failed password for invalid user devops from 161.35.210.149 port 43516 ssh2
Oct 14 19:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22553]: Connection closed by 161.35.210.149 port 43516 [preauth]
Oct 14 19:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: Invalid user git from 161.35.210.149
Oct 14 19:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: input_userauth_request: invalid user git [preauth]
Oct 14 19:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: Failed password for invalid user git from 161.35.210.149 port 43524 ssh2
Oct 14 19:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22571]: Connection closed by 161.35.210.149 port 43524 [preauth]
Oct 14 19:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: Invalid user testuser from 161.35.210.149
Oct 14 19:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: input_userauth_request: invalid user testuser [preauth]
Oct 14 19:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: Failed password for invalid user testuser from 161.35.210.149 port 43534 ssh2
Oct 14 19:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: Connection closed by 161.35.210.149 port 43534 [preauth]
Oct 14 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Invalid user dspace from 161.35.210.149
Oct 14 19:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: input_userauth_request: invalid user dspace [preauth]
Oct 14 19:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Failed password for invalid user dspace from 161.35.210.149 port 57586 ssh2
Oct 14 19:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Connection closed by 161.35.210.149 port 57586 [preauth]
Oct 14 19:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22612]: Invalid user user from 161.35.210.149
Oct 14 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22612]: input_userauth_request: invalid user user [preauth]
Oct 14 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22612]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22612]: Failed password for invalid user user from 161.35.210.149 port 57596 ssh2
Oct 14 19:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22612]: Connection closed by 161.35.210.149 port 57596 [preauth]
Oct 14 19:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22614]: Invalid user radarr from 160.202.8.218
Oct 14 19:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22614]: input_userauth_request: invalid user radarr [preauth]
Oct 14 19:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22614]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 19:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22614]: Failed password for invalid user radarr from 160.202.8.218 port 49152 ssh2
Oct 14 19:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22614]: Received disconnect from 160.202.8.218 port 49152:11: Bye Bye [preauth]
Oct 14 19:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22614]: Disconnected from 160.202.8.218 port 49152 [preauth]
Oct 14 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22643]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22640]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22641]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22642]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22643]: pam_unix(cron:session): session closed for user root
Oct 14 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22627]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22918]: Successful su for rubyman by root
Oct 14 19:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22918]: + ??? root:rubyman
Oct 14 19:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413268 of user rubyman.
Oct 14 19:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22918]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413268.
Oct 14 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Failed password for root from 161.35.210.149 port 57600 ssh2
Oct 14 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Connection closed by 161.35.210.149 port 57600 [preauth]
Oct 14 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23097]: Invalid user linaro from 161.35.210.149
Oct 14 19:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23097]: input_userauth_request: invalid user linaro [preauth]
Oct 14 19:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23097]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23097]: Failed password for invalid user linaro from 161.35.210.149 port 39226 ssh2
Oct 14 19:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23097]: Connection closed by 161.35.210.149 port 39226 [preauth]
Oct 14 19:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22640]: pam_unix(cron:session): session closed for user root
Oct 14 19:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19146]: pam_unix(cron:session): session closed for user root
Oct 14 19:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23240]: Failed password for root from 161.35.210.149 port 39234 ssh2
Oct 14 19:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23240]: Connection closed by 161.35.210.149 port 39234 [preauth]
Oct 14 19:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23320]: Invalid user db2inst1 from 161.35.210.149
Oct 14 19:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23320]: input_userauth_request: invalid user db2inst1 [preauth]
Oct 14 19:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23320]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23329]: Invalid user minecraft from 46.238.32.247
Oct 14 19:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23329]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 19:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23329]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 19:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23320]: Failed password for invalid user db2inst1 from 161.35.210.149 port 45822 ssh2
Oct 14 19:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23320]: Connection closed by 161.35.210.149 port 45822 [preauth]
Oct 14 19:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23344]: Invalid user odoo18 from 161.35.210.149
Oct 14 19:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23344]: input_userauth_request: invalid user odoo18 [preauth]
Oct 14 19:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23344]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23329]: Failed password for invalid user minecraft from 46.238.32.247 port 44250 ssh2
Oct 14 19:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23329]: Received disconnect from 46.238.32.247 port 44250:11: Bye Bye [preauth]
Oct 14 19:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23329]: Disconnected from 46.238.32.247 port 44250 [preauth]
Oct 14 19:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23344]: Failed password for invalid user odoo18 from 161.35.210.149 port 45824 ssh2
Oct 14 19:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23344]: Connection closed by 161.35.210.149 port 45824 [preauth]
Oct 14 19:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22628]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Invalid user ubuntu from 161.35.210.149
Oct 14 19:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 19:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Failed password for invalid user ubuntu from 161.35.210.149 port 45826 ssh2
Oct 14 19:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Connection closed by 161.35.210.149 port 45826 [preauth]
Oct 14 19:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23535]: Invalid user devopsuser from 161.35.210.149
Oct 14 19:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23535]: input_userauth_request: invalid user devopsuser [preauth]
Oct 14 19:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23535]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23535]: Failed password for invalid user devopsuser from 161.35.210.149 port 38660 ssh2
Oct 14 19:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23535]: Connection closed by 161.35.210.149 port 38660 [preauth]
Oct 14 19:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: Failed password for root from 161.35.210.149 port 38662 ssh2
Oct 14 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23760]: Connection closed by 161.35.210.149 port 38662 [preauth]
Oct 14 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 19:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21592]: pam_unix(cron:session): session closed for user root
Oct 14 19:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23776]: Failed password for root from 161.35.210.149 port 40356 ssh2
Oct 14 19:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23776]: Connection closed by 161.35.210.149 port 40356 [preauth]
Oct 14 19:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23794]: Invalid user user from 161.35.210.149
Oct 14 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23794]: input_userauth_request: invalid user user [preauth]
Oct 14 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23794]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23794]: Failed password for invalid user user from 161.35.210.149 port 40366 ssh2
Oct 14 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23794]: Connection closed by 161.35.210.149 port 40366 [preauth]
Oct 14 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: Invalid user test from 161.35.210.149
Oct 14 19:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: input_userauth_request: invalid user test [preauth]
Oct 14 19:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 19:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: Invalid user ftpuser from 57.128.191.82
Oct 14 19:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 19:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 19:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: Invalid user geonode from 103.186.0.155
Oct 14 19:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: input_userauth_request: invalid user geonode [preauth]
Oct 14 19:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: Failed password for invalid user test from 161.35.210.149 port 42620 ssh2
Oct 14 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23817]: Connection closed by 161.35.210.149 port 42620 [preauth]
Oct 14 19:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: Failed password for invalid user ftpuser from 57.128.191.82 port 38368 ssh2
Oct 14 19:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: Failed password for invalid user geonode from 103.186.0.155 port 49824 ssh2
Oct 14 19:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: Received disconnect from 57.128.191.82 port 38368:11: Bye Bye [preauth]
Oct 14 19:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: Disconnected from 57.128.191.82 port 38368 [preauth]
Oct 14 19:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: Received disconnect from 103.186.0.155 port 49824:11: Bye Bye [preauth]
Oct 14 19:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: Disconnected from 103.186.0.155 port 49824 [preauth]
Oct 14 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23874]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23875]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23872]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23872]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23958]: Successful su for rubyman by root
Oct 14 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23958]: + ??? root:rubyman
Oct 14 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413276 of user rubyman.
Oct 14 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23958]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413276.
Oct 14 19:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19987]: pam_unix(cron:session): session closed for user root
Oct 14 19:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23873]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: Invalid user admin from 185.156.73.233
Oct 14 19:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: input_userauth_request: invalid user admin [preauth]
Oct 14 19:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 14 19:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: Failed password for invalid user admin from 185.156.73.233 port 63004 ssh2
Oct 14 19:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24215]: Connection closed by 185.156.73.233 port 63004 [preauth]
Oct 14 19:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: Invalid user ftpuser from 46.238.32.247
Oct 14 19:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 19:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 19:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: Failed password for invalid user ftpuser from 46.238.32.247 port 48500 ssh2
Oct 14 19:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: Received disconnect from 46.238.32.247 port 48500:11: Bye Bye [preauth]
Oct 14 19:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: Disconnected from 46.238.32.247 port 48500 [preauth]
Oct 14 19:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22109]: pam_unix(cron:session): session closed for user root
Oct 14 19:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218  user=root
Oct 14 19:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24395]: Failed password for root from 160.202.8.218 port 47492 ssh2
Oct 14 19:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24395]: Received disconnect from 160.202.8.218 port 47492:11: Bye Bye [preauth]
Oct 14 19:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24395]: Disconnected from 160.202.8.218 port 47492 [preauth]
Oct 14 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24422]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24423]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24417]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: Invalid user dockeruser from 57.128.191.82
Oct 14 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: input_userauth_request: invalid user dockeruser [preauth]
Oct 14 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24496]: Successful su for rubyman by root
Oct 14 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24496]: + ??? root:rubyman
Oct 14 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413278 of user rubyman.
Oct 14 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24496]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413278.
Oct 14 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: Failed password for invalid user dockeruser from 57.128.191.82 port 50592 ssh2
Oct 14 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: Received disconnect from 57.128.191.82 port 50592:11: Bye Bye [preauth]
Oct 14 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: Disconnected from 57.128.191.82 port 50592 [preauth]
Oct 14 19:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20542]: pam_unix(cron:session): session closed for user root
Oct 14 19:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24421]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22642]: pam_unix(cron:session): session closed for user root
Oct 14 19:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24857]: Invalid user copia from 103.186.0.155
Oct 14 19:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24857]: input_userauth_request: invalid user copia [preauth]
Oct 14 19:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24857]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 19:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24857]: Failed password for invalid user copia from 103.186.0.155 port 57088 ssh2
Oct 14 19:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24857]: Received disconnect from 103.186.0.155 port 57088:11: Bye Bye [preauth]
Oct 14 19:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24857]: Disconnected from 103.186.0.155 port 57088 [preauth]
Oct 14 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24885]: Invalid user ftptest from 46.238.32.247
Oct 14 19:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24885]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 19:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24885]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 19:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24885]: Failed password for invalid user ftptest from 46.238.32.247 port 52752 ssh2
Oct 14 19:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24885]: Received disconnect from 46.238.32.247 port 52752:11: Bye Bye [preauth]
Oct 14 19:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24885]: Disconnected from 46.238.32.247 port 52752 [preauth]
Oct 14 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24910]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24911]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24908]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24996]: Successful su for rubyman by root
Oct 14 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24996]: + ??? root:rubyman
Oct 14 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413283 of user rubyman.
Oct 14 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24996]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413283.
Oct 14 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21032]: pam_unix(cron:session): session closed for user root
Oct 14 19:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24909]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25330]: User ftp from 57.128.191.82 not allowed because not listed in AllowUsers
Oct 14 19:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25330]: input_userauth_request: invalid user ftp [preauth]
Oct 14 19:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82  user=ftp
Oct 14 19:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25330]: Failed password for invalid user ftp from 57.128.191.82 port 56794 ssh2
Oct 14 19:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25330]: Received disconnect from 57.128.191.82 port 56794:11: Bye Bye [preauth]
Oct 14 19:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25330]: Disconnected from 57.128.191.82 port 56794 [preauth]
Oct 14 19:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23875]: pam_unix(cron:session): session closed for user root
Oct 14 19:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: Invalid user gyli from 160.202.8.218
Oct 14 19:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: input_userauth_request: invalid user gyli [preauth]
Oct 14 19:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 19:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: Failed password for invalid user gyli from 160.202.8.218 port 45794 ssh2
Oct 14 19:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: Received disconnect from 160.202.8.218 port 45794:11: Bye Bye [preauth]
Oct 14 19:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25594]: Disconnected from 160.202.8.218 port 45794 [preauth]
Oct 14 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25644]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25645]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25643]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25642]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25642]: pam_unix(cron:session): session closed for user p13x
Oct 14 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25709]: Successful su for rubyman by root
Oct 14 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25709]: + ??? root:rubyman
Oct 14 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413286 of user rubyman.
Oct 14 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25709]: pam_unix(su:session): session closed for user rubyman
Oct 14 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413286.
Oct 14 19:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21588]: pam_unix(cron:session): session closed for user root
Oct 14 19:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26012]: Invalid user oracle from 46.238.32.247
Oct 14 19:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26012]: input_userauth_request: invalid user oracle [preauth]
Oct 14 19:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26012]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 19:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26012]: Failed password for invalid user oracle from 46.238.32.247 port 57012 ssh2
Oct 14 19:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26012]: Received disconnect from 46.238.32.247 port 57012:11: Bye Bye [preauth]
Oct 14 19:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26012]: Disconnected from 46.238.32.247 port 57012 [preauth]
Oct 14 19:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25643]: pam_unix(cron:session): session closed for user samftp
Oct 14 19:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 19:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=medius5@198.199.94.12 rhost=::ffff:45.142.193.185
Oct 14 19:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24423]: pam_unix(cron:session): session closed for user root
Oct 14 19:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: Invalid user abc from 57.128.191.82
Oct 14 19:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: input_userauth_request: invalid user abc [preauth]
Oct 14 19:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 19:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 19:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=medius5 rhost=::ffff:45.142.193.185
Oct 14 19:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26160]: Invalid user omnia from 103.186.0.155
Oct 14 19:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26160]: input_userauth_request: invalid user omnia [preauth]
Oct 14 19:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26160]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 19:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: Failed password for invalid user abc from 57.128.191.82 port 60678 ssh2
Oct 14 19:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: Received disconnect from 57.128.191.82 port 60678:11: Bye Bye [preauth]
Oct 14 19:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26145]: Disconnected from 57.128.191.82 port 60678 [preauth]
Oct 14 19:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26160]: Failed password for invalid user omnia from 103.186.0.155 port 33018 ssh2
Oct 14 19:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26160]: Received disconnect from 103.186.0.155 port 33018:11: Bye Bye [preauth]
Oct 14 19:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26160]: Disconnected from 103.186.0.155 port 33018 [preauth]
Oct 14 19:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 19:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: Invalid user ubuntu from 114.204.9.108
Oct 14 19:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 19:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 19:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 19:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: Failed password for invalid user ubuntu from 114.204.9.108 port 41794 ssh2
Oct 14 19:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: Received disconnect from 114.204.9.108 port 41794:11: Bye Bye [preauth]
Oct 14 19:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: Disconnected from 114.204.9.108 port 41794 [preauth]
Oct 14 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26237]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26239]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26233]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26236]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26234]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26235]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26232]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26239]: pam_unix(cron:session): session closed for user root
Oct 14 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26234]: pam_unix(cron:session): session closed for user root
Oct 14 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26232]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26368]: Successful su for rubyman by root
Oct 14 20:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26368]: + ??? root:rubyman
Oct 14 20:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26368]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413290 of user rubyman.
Oct 14 20:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26368]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413290.
Oct 14 20:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22108]: pam_unix(cron:session): session closed for user root
Oct 14 20:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26235]: pam_unix(cron:session): session closed for user root
Oct 14 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26233]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: Invalid user tempuser from 46.238.32.247
Oct 14 20:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: input_userauth_request: invalid user tempuser [preauth]
Oct 14 20:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 20:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: Failed password for invalid user tempuser from 46.238.32.247 port 33038 ssh2
Oct 14 20:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: Received disconnect from 46.238.32.247 port 33038:11: Bye Bye [preauth]
Oct 14 20:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: Disconnected from 46.238.32.247 port 33038 [preauth]
Oct 14 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 20:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24911]: pam_unix(cron:session): session closed for user root
Oct 14 20:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: Invalid user naim from 160.202.8.218
Oct 14 20:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: input_userauth_request: invalid user naim [preauth]
Oct 14 20:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 20:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Failed password for root from 80.211.129.128 port 53562 ssh2
Oct 14 20:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Connection closed by 80.211.129.128 port 53562 [preauth]
Oct 14 20:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: Failed password for invalid user naim from 160.202.8.218 port 44134 ssh2
Oct 14 20:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: Received disconnect from 160.202.8.218 port 44134:11: Bye Bye [preauth]
Oct 14 20:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26919]: Disconnected from 160.202.8.218 port 44134 [preauth]
Oct 14 20:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27017]: Invalid user app from 57.128.191.82
Oct 14 20:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27017]: input_userauth_request: invalid user app [preauth]
Oct 14 20:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27017]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 20:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27017]: Failed password for invalid user app from 57.128.191.82 port 33696 ssh2
Oct 14 20:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27017]: Received disconnect from 57.128.191.82 port 33696:11: Bye Bye [preauth]
Oct 14 20:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27017]: Disconnected from 57.128.191.82 port 33696 [preauth]
Oct 14 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27139]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27140]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27136]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27235]: Successful su for rubyman by root
Oct 14 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27235]: + ??? root:rubyman
Oct 14 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413298 of user rubyman.
Oct 14 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27235]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413298.
Oct 14 20:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22641]: pam_unix(cron:session): session closed for user root
Oct 14 20:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27137]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: Invalid user pippo from 103.186.0.155
Oct 14 20:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: input_userauth_request: invalid user pippo [preauth]
Oct 14 20:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 20:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: Failed password for invalid user pippo from 103.186.0.155 port 48452 ssh2
Oct 14 20:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25645]: pam_unix(cron:session): session closed for user root
Oct 14 20:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: Received disconnect from 103.186.0.155 port 48452:11: Bye Bye [preauth]
Oct 14 20:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: Disconnected from 103.186.0.155 port 48452 [preauth]
Oct 14 20:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27855]: Invalid user dockeruser from 46.238.32.247
Oct 14 20:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27855]: input_userauth_request: invalid user dockeruser [preauth]
Oct 14 20:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27855]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 20:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27855]: Failed password for invalid user dockeruser from 46.238.32.247 port 37286 ssh2
Oct 14 20:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27855]: Received disconnect from 46.238.32.247 port 37286:11: Bye Bye [preauth]
Oct 14 20:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27855]: Disconnected from 46.238.32.247 port 37286 [preauth]
Oct 14 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27931]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27932]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27928]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28012]: Successful su for rubyman by root
Oct 14 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28012]: + ??? root:rubyman
Oct 14 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413302 of user rubyman.
Oct 14 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28012]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413302.
Oct 14 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28087]: Invalid user qclinux from 57.128.191.82
Oct 14 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28087]: input_userauth_request: invalid user qclinux [preauth]
Oct 14 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28087]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 20:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28087]: Failed password for invalid user qclinux from 57.128.191.82 port 35400 ssh2
Oct 14 20:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28087]: Received disconnect from 57.128.191.82 port 35400:11: Bye Bye [preauth]
Oct 14 20:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28087]: Disconnected from 57.128.191.82 port 35400 [preauth]
Oct 14 20:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23874]: pam_unix(cron:session): session closed for user root
Oct 14 20:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27929]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108  user=root
Oct 14 20:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Failed password for root from 114.204.9.108 port 41620 ssh2
Oct 14 20:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Received disconnect from 114.204.9.108 port 41620:11: Bye Bye [preauth]
Oct 14 20:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Disconnected from 114.204.9.108 port 41620 [preauth]
Oct 14 20:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: Invalid user stu from 160.202.8.218
Oct 14 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: input_userauth_request: invalid user stu [preauth]
Oct 14 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 20:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: Failed password for invalid user stu from 160.202.8.218 port 42464 ssh2
Oct 14 20:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: Received disconnect from 160.202.8.218 port 42464:11: Bye Bye [preauth]
Oct 14 20:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: Disconnected from 160.202.8.218 port 42464 [preauth]
Oct 14 20:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26237]: pam_unix(cron:session): session closed for user root
Oct 14 20:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: User backup from 46.238.32.247 not allowed because not listed in AllowUsers
Oct 14 20:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: input_userauth_request: invalid user backup [preauth]
Oct 14 20:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247  user=backup
Oct 14 20:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: Failed password for invalid user backup from 46.238.32.247 port 41536 ssh2
Oct 14 20:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: Received disconnect from 46.238.32.247 port 41536:11: Bye Bye [preauth]
Oct 14 20:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28401]: Disconnected from 46.238.32.247 port 41536 [preauth]
Oct 14 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28429]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28430]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28428]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28426]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28738]: Successful su for rubyman by root
Oct 14 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28738]: + ??? root:rubyman
Oct 14 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28738]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413305 of user rubyman.
Oct 14 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28738]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413305.
Oct 14 20:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24422]: pam_unix(cron:session): session closed for user root
Oct 14 20:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28428]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29104]: Invalid user system from 57.128.191.82
Oct 14 20:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29104]: input_userauth_request: invalid user system [preauth]
Oct 14 20:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29104]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 20:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29104]: Failed password for invalid user system from 57.128.191.82 port 49698 ssh2
Oct 14 20:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29104]: Received disconnect from 57.128.191.82 port 49698:11: Bye Bye [preauth]
Oct 14 20:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29104]: Disconnected from 57.128.191.82 port 49698 [preauth]
Oct 14 20:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155  user=root
Oct 14 20:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: Failed password for root from 103.186.0.155 port 58268 ssh2
Oct 14 20:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: Received disconnect from 103.186.0.155 port 58268:11: Bye Bye [preauth]
Oct 14 20:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: Disconnected from 103.186.0.155 port 58268 [preauth]
Oct 14 20:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27140]: pam_unix(cron:session): session closed for user root
Oct 14 20:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29261]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29260]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29258]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: Invalid user ftpuser from 114.204.9.108
Oct 14 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29347]: Successful su for rubyman by root
Oct 14 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29347]: + ??? root:rubyman
Oct 14 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29347]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413310 of user rubyman.
Oct 14 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29347]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413310.
Oct 14 20:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: Failed password for invalid user ftpuser from 114.204.9.108 port 58558 ssh2
Oct 14 20:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: Received disconnect from 114.204.9.108 port 58558:11: Bye Bye [preauth]
Oct 14 20:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: Disconnected from 114.204.9.108 port 58558 [preauth]
Oct 14 20:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29495]: User ftp from 46.238.32.247 not allowed because not listed in AllowUsers
Oct 14 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29495]: input_userauth_request: invalid user ftp [preauth]
Oct 14 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247  user=ftp
Oct 14 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24910]: pam_unix(cron:session): session closed for user root
Oct 14 20:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29495]: Failed password for invalid user ftp from 46.238.32.247 port 45786 ssh2
Oct 14 20:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29495]: Received disconnect from 46.238.32.247 port 45786:11: Bye Bye [preauth]
Oct 14 20:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29495]: Disconnected from 46.238.32.247 port 45786 [preauth]
Oct 14 20:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29259]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29621]: Invalid user ts2 from 160.202.8.218
Oct 14 20:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29621]: input_userauth_request: invalid user ts2 [preauth]
Oct 14 20:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29621]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 20:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29621]: Failed password for invalid user ts2 from 160.202.8.218 port 40778 ssh2
Oct 14 20:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29621]: Received disconnect from 160.202.8.218 port 40778:11: Bye Bye [preauth]
Oct 14 20:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29621]: Disconnected from 160.202.8.218 port 40778 [preauth]
Oct 14 20:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: Invalid user sysadmin from 57.128.191.82
Oct 14 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: input_userauth_request: invalid user sysadmin [preauth]
Oct 14 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 20:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: Failed password for invalid user sysadmin from 57.128.191.82 port 48190 ssh2
Oct 14 20:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: Received disconnect from 57.128.191.82 port 48190:11: Bye Bye [preauth]
Oct 14 20:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: Disconnected from 57.128.191.82 port 48190 [preauth]
Oct 14 20:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27932]: pam_unix(cron:session): session closed for user root
Oct 14 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29772]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29769]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29765]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29770]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29772]: pam_unix(cron:session): session closed for user root
Oct 14 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29763]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29865]: Successful su for rubyman by root
Oct 14 20:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29865]: + ??? root:rubyman
Oct 14 20:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413316 of user rubyman.
Oct 14 20:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29865]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413316.
Oct 14 20:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29765]: pam_unix(cron:session): session closed for user root
Oct 14 20:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25644]: pam_unix(cron:session): session closed for user root
Oct 14 20:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29764]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Invalid user abc from 46.238.32.247
Oct 14 20:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: input_userauth_request: invalid user abc [preauth]
Oct 14 20:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 20:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Failed password for invalid user abc from 46.238.32.247 port 50036 ssh2
Oct 14 20:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Received disconnect from 46.238.32.247 port 50036:11: Bye Bye [preauth]
Oct 14 20:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Disconnected from 46.238.32.247 port 50036 [preauth]
Oct 14 20:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: Invalid user www from 114.204.9.108
Oct 14 20:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: input_userauth_request: invalid user www [preauth]
Oct 14 20:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: Failed password for invalid user www from 114.204.9.108 port 39474 ssh2
Oct 14 20:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: Received disconnect from 114.204.9.108 port 39474:11: Bye Bye [preauth]
Oct 14 20:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: Disconnected from 114.204.9.108 port 39474 [preauth]
Oct 14 20:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28430]: pam_unix(cron:session): session closed for user root
Oct 14 20:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30283]: Invalid user nagios from 57.128.191.82
Oct 14 20:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30283]: input_userauth_request: invalid user nagios [preauth]
Oct 14 20:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30283]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 20:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30283]: Failed password for invalid user nagios from 57.128.191.82 port 42524 ssh2
Oct 14 20:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30283]: Received disconnect from 57.128.191.82 port 42524:11: Bye Bye [preauth]
Oct 14 20:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30283]: Disconnected from 57.128.191.82 port 42524 [preauth]
Oct 14 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30357]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30356]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30354]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30457]: Successful su for rubyman by root
Oct 14 20:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30457]: + ??? root:rubyman
Oct 14 20:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413320 of user rubyman.
Oct 14 20:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30457]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413320.
Oct 14 20:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: Invalid user kamil from 185.50.38.171
Oct 14 20:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: input_userauth_request: invalid user kamil [preauth]
Oct 14 20:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: Failed password for invalid user kamil from 185.50.38.171 port 42676 ssh2
Oct 14 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: Received disconnect from 185.50.38.171 port 42676:11: Bye Bye [preauth]
Oct 14 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30443]: Disconnected from 185.50.38.171 port 42676 [preauth]
Oct 14 20:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26236]: pam_unix(cron:session): session closed for user root
Oct 14 20:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218  user=root
Oct 14 20:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: Failed password for root from 160.202.8.218 port 39090 ssh2
Oct 14 20:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: Received disconnect from 160.202.8.218 port 39090:11: Bye Bye [preauth]
Oct 14 20:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: Disconnected from 160.202.8.218 port 39090 [preauth]
Oct 14 20:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30355]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: Invalid user ubuntu from 185.255.91.50
Oct 14 20:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 20:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: Failed password for invalid user ubuntu from 185.255.91.50 port 51154 ssh2
Oct 14 20:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: Received disconnect from 185.255.91.50 port 51154:11: Bye Bye [preauth]
Oct 14 20:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: Disconnected from 185.255.91.50 port 51154 [preauth]
Oct 14 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30818]: Invalid user ahmed from 46.238.32.247
Oct 14 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30818]: input_userauth_request: invalid user ahmed [preauth]
Oct 14 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30818]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 20:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30818]: Failed password for invalid user ahmed from 46.238.32.247 port 54278 ssh2
Oct 14 20:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30818]: Received disconnect from 46.238.32.247 port 54278:11: Bye Bye [preauth]
Oct 14 20:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30818]: Disconnected from 46.238.32.247 port 54278 [preauth]
Oct 14 20:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29261]: pam_unix(cron:session): session closed for user root
Oct 14 20:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155  user=root
Oct 14 20:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: Failed password for root from 103.186.0.155 port 53330 ssh2
Oct 14 20:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: Received disconnect from 103.186.0.155 port 53330:11: Bye Bye [preauth]
Oct 14 20:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30868]: Disconnected from 103.186.0.155 port 53330 [preauth]
Oct 14 20:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30905]: Invalid user ahmed from 57.128.191.82
Oct 14 20:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30905]: input_userauth_request: invalid user ahmed [preauth]
Oct 14 20:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30905]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 20:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: Invalid user alex from 114.204.9.108
Oct 14 20:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: input_userauth_request: invalid user alex [preauth]
Oct 14 20:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30905]: Failed password for invalid user ahmed from 57.128.191.82 port 33926 ssh2
Oct 14 20:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30905]: Received disconnect from 57.128.191.82 port 33926:11: Bye Bye [preauth]
Oct 14 20:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30905]: Disconnected from 57.128.191.82 port 33926 [preauth]
Oct 14 20:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: Failed password for invalid user alex from 114.204.9.108 port 59722 ssh2
Oct 14 20:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: Received disconnect from 114.204.9.108 port 59722:11: Bye Bye [preauth]
Oct 14 20:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: Disconnected from 114.204.9.108 port 59722 [preauth]
Oct 14 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30922]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30926]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30927]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30922]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31007]: Successful su for rubyman by root
Oct 14 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31007]: + ??? root:rubyman
Oct 14 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413326 of user rubyman.
Oct 14 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31007]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413326.
Oct 14 20:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27139]: pam_unix(cron:session): session closed for user root
Oct 14 20:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30924]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29770]: pam_unix(cron:session): session closed for user root
Oct 14 20:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Invalid user ubuntu from 46.238.32.247
Oct 14 20:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 20:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 20:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Failed password for invalid user ubuntu from 46.238.32.247 port 58528 ssh2
Oct 14 20:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Received disconnect from 46.238.32.247 port 58528:11: Bye Bye [preauth]
Oct 14 20:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Disconnected from 46.238.32.247 port 58528 [preauth]
Oct 14 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31410]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31411]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31406]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31650]: Successful su for rubyman by root
Oct 14 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31650]: + ??? root:rubyman
Oct 14 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413327 of user rubyman.
Oct 14 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31650]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413327.
Oct 14 20:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Invalid user render from 160.202.8.218
Oct 14 20:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: input_userauth_request: invalid user render [preauth]
Oct 14 20:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 20:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27931]: pam_unix(cron:session): session closed for user root
Oct 14 20:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82  user=root
Oct 14 20:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Failed password for invalid user render from 160.202.8.218 port 37370 ssh2
Oct 14 20:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Received disconnect from 160.202.8.218 port 37370:11: Bye Bye [preauth]
Oct 14 20:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Disconnected from 160.202.8.218 port 37370 [preauth]
Oct 14 20:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Failed password for root from 57.128.191.82 port 34694 ssh2
Oct 14 20:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Received disconnect from 57.128.191.82 port 34694:11: Bye Bye [preauth]
Oct 14 20:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Disconnected from 57.128.191.82 port 34694 [preauth]
Oct 14 20:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31407]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: Invalid user steam from 114.204.9.108
Oct 14 20:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: input_userauth_request: invalid user steam [preauth]
Oct 14 20:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: Failed password for invalid user steam from 114.204.9.108 port 38608 ssh2
Oct 14 20:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: Received disconnect from 114.204.9.108 port 38608:11: Bye Bye [preauth]
Oct 14 20:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31904]: Disconnected from 114.204.9.108 port 38608 [preauth]
Oct 14 20:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30357]: pam_unix(cron:session): session closed for user root
Oct 14 20:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155  user=root
Oct 14 20:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: Failed password for root from 103.186.0.155 port 42114 ssh2
Oct 14 20:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: Received disconnect from 103.186.0.155 port 42114:11: Bye Bye [preauth]
Oct 14 20:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31997]: Disconnected from 103.186.0.155 port 42114 [preauth]
Oct 14 20:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.38.148.202  user=root
Oct 14 20:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: Failed password for root from 89.38.148.202 port 48054 ssh2
Oct 14 20:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32032]: Connection closed by 89.38.148.202 port 48054 [preauth]
Oct 14 20:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32054]: Invalid user admin from 194.0.234.93
Oct 14 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32054]: input_userauth_request: invalid user admin [preauth]
Oct 14 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Invalid user ahmed from 46.238.32.247
Oct 14 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: input_userauth_request: invalid user ahmed [preauth]
Oct 14 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32068]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32067]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32062]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32054]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.93
Oct 14 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32065]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32317]: Successful su for rubyman by root
Oct 14 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32317]: + ??? root:rubyman
Oct 14 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413332 of user rubyman.
Oct 14 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32317]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413332.
Oct 14 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Failed password for invalid user ahmed from 46.238.32.247 port 34546 ssh2
Oct 14 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Received disconnect from 46.238.32.247 port 34546:11: Bye Bye [preauth]
Oct 14 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Disconnected from 46.238.32.247 port 34546 [preauth]
Oct 14 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32054]: Failed password for invalid user admin from 194.0.234.93 port 60602 ssh2
Oct 14 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32054]: Connection closed by 194.0.234.93 port 60602 [preauth]
Oct 14 20:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32062]: pam_unix(cron:session): session closed for user root
Oct 14 20:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28429]: pam_unix(cron:session): session closed for user root
Oct 14 20:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32066]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: Invalid user ahmed from 57.128.191.82
Oct 14 20:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: input_userauth_request: invalid user ahmed [preauth]
Oct 14 20:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 20:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: Failed password for invalid user ahmed from 57.128.191.82 port 40504 ssh2
Oct 14 20:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: Received disconnect from 57.128.191.82 port 40504:11: Bye Bye [preauth]
Oct 14 20:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: Disconnected from 57.128.191.82 port 40504 [preauth]
Oct 14 20:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: Invalid user musicbot from 185.50.38.171
Oct 14 20:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: input_userauth_request: invalid user musicbot [preauth]
Oct 14 20:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: Failed password for invalid user musicbot from 185.50.38.171 port 51784 ssh2
Oct 14 20:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: Received disconnect from 185.50.38.171 port 51784:11: Bye Bye [preauth]
Oct 14 20:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: Disconnected from 185.50.38.171 port 51784 [preauth]
Oct 14 20:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30927]: pam_unix(cron:session): session closed for user root
Oct 14 20:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32666]: User backup from 114.204.9.108 not allowed because not listed in AllowUsers
Oct 14 20:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32666]: input_userauth_request: invalid user backup [preauth]
Oct 14 20:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108  user=backup
Oct 14 20:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32666]: Failed password for invalid user backup from 114.204.9.108 port 58798 ssh2
Oct 14 20:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32666]: Received disconnect from 114.204.9.108 port 58798:11: Bye Bye [preauth]
Oct 14 20:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32666]: Disconnected from 114.204.9.108 port 58798 [preauth]
Oct 14 20:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Invalid user amir from 185.255.91.50
Oct 14 20:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: input_userauth_request: invalid user amir [preauth]
Oct 14 20:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Failed password for invalid user amir from 185.255.91.50 port 53856 ssh2
Oct 14 20:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Received disconnect from 185.255.91.50 port 53856:11: Bye Bye [preauth]
Oct 14 20:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32690]: Disconnected from 185.255.91.50 port 53856 [preauth]
Oct 14 20:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32715]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32716]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32712]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32713]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32716]: pam_unix(cron:session): session closed for user root
Oct 14 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32710]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218  user=root
Oct 14 20:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[336]: Successful su for rubyman by root
Oct 14 20:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[336]: + ??? root:rubyman
Oct 14 20:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[336]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413339 of user rubyman.
Oct 14 20:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[336]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413339.
Oct 14 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32703]: Failed password for root from 160.202.8.218 port 35732 ssh2
Oct 14 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32703]: Received disconnect from 160.202.8.218 port 35732:11: Bye Bye [preauth]
Oct 14 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32703]: Disconnected from 160.202.8.218 port 35732 [preauth]
Oct 14 20:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32712]: pam_unix(cron:session): session closed for user root
Oct 14 20:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29260]: pam_unix(cron:session): session closed for user root
Oct 14 20:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32711]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Invalid user admin1 from 46.238.32.247
Oct 14 20:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: input_userauth_request: invalid user admin1 [preauth]
Oct 14 20:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 20:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Failed password for invalid user admin1 from 46.238.32.247 port 38804 ssh2
Oct 14 20:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Received disconnect from 46.238.32.247 port 38804:11: Bye Bye [preauth]
Oct 14 20:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Disconnected from 46.238.32.247 port 38804 [preauth]
Oct 14 20:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31411]: pam_unix(cron:session): session closed for user root
Oct 14 20:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: User backup from 57.128.191.82 not allowed because not listed in AllowUsers
Oct 14 20:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: input_userauth_request: invalid user backup [preauth]
Oct 14 20:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82  user=backup
Oct 14 20:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: Failed password for invalid user backup from 57.128.191.82 port 37804 ssh2
Oct 14 20:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: Received disconnect from 57.128.191.82 port 37804:11: Bye Bye [preauth]
Oct 14 20:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: Disconnected from 57.128.191.82 port 37804 [preauth]
Oct 14 20:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155  user=root
Oct 14 20:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: Failed password for root from 103.186.0.155 port 37510 ssh2
Oct 14 20:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: Received disconnect from 103.186.0.155 port 37510:11: Bye Bye [preauth]
Oct 14 20:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: Disconnected from 103.186.0.155 port 37510 [preauth]
Oct 14 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[763]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[759]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[757]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[884]: Successful su for rubyman by root
Oct 14 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[884]: + ??? root:rubyman
Oct 14 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413342 of user rubyman.
Oct 14 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[884]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413342.
Oct 14 20:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: Invalid user portfolio from 185.50.38.171
Oct 14 20:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: input_userauth_request: invalid user portfolio [preauth]
Oct 14 20:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29769]: pam_unix(cron:session): session closed for user root
Oct 14 20:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: Failed password for invalid user portfolio from 185.50.38.171 port 47632 ssh2
Oct 14 20:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: Received disconnect from 185.50.38.171 port 47632:11: Bye Bye [preauth]
Oct 14 20:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: Disconnected from 185.50.38.171 port 47632 [preauth]
Oct 14 20:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Invalid user runner from 114.204.9.108
Oct 14 20:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: input_userauth_request: invalid user runner [preauth]
Oct 14 20:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Failed password for invalid user runner from 114.204.9.108 port 50934 ssh2
Oct 14 20:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[758]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Received disconnect from 114.204.9.108 port 50934:11: Bye Bye [preauth]
Oct 14 20:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1165]: Disconnected from 114.204.9.108 port 50934 [preauth]
Oct 14 20:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: Invalid user hoster from 185.255.91.50
Oct 14 20:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: input_userauth_request: invalid user hoster [preauth]
Oct 14 20:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: Failed password for invalid user hoster from 185.255.91.50 port 45706 ssh2
Oct 14 20:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: Received disconnect from 185.255.91.50 port 45706:11: Bye Bye [preauth]
Oct 14 20:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1209]: Disconnected from 185.255.91.50 port 45706 [preauth]
Oct 14 20:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: Invalid user nagios from 46.238.32.247
Oct 14 20:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: input_userauth_request: invalid user nagios [preauth]
Oct 14 20:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 20:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32068]: pam_unix(cron:session): session closed for user root
Oct 14 20:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.129.128  user=root
Oct 14 20:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: Failed password for invalid user nagios from 46.238.32.247 port 43064 ssh2
Oct 14 20:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: Received disconnect from 46.238.32.247 port 43064:11: Bye Bye [preauth]
Oct 14 20:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1283]: Disconnected from 46.238.32.247 port 43064 [preauth]
Oct 14 20:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1286]: Failed password for root from 80.211.129.128 port 46308 ssh2
Oct 14 20:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1286]: Connection closed by 80.211.129.128 port 46308 [preauth]
Oct 14 20:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218  user=root
Oct 14 20:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1331]: Failed password for root from 160.202.8.218 port 34046 ssh2
Oct 14 20:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1331]: Received disconnect from 160.202.8.218 port 34046:11: Bye Bye [preauth]
Oct 14 20:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1331]: Disconnected from 160.202.8.218 port 34046 [preauth]
Oct 14 20:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Invalid user admin1 from 57.128.191.82
Oct 14 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: input_userauth_request: invalid user admin1 [preauth]
Oct 14 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1368]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1366]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1364]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1467]: Successful su for rubyman by root
Oct 14 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1467]: + ??? root:rubyman
Oct 14 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413346 of user rubyman.
Oct 14 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1467]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413346.
Oct 14 20:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Failed password for invalid user admin1 from 57.128.191.82 port 38284 ssh2
Oct 14 20:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Received disconnect from 57.128.191.82 port 38284:11: Bye Bye [preauth]
Oct 14 20:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Disconnected from 57.128.191.82 port 38284 [preauth]
Oct 14 20:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30356]: pam_unix(cron:session): session closed for user root
Oct 14 20:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1365]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32715]: pam_unix(cron:session): session closed for user root
Oct 14 20:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Invalid user proxyuser from 114.204.9.108
Oct 14 20:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: input_userauth_request: invalid user proxyuser [preauth]
Oct 14 20:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Failed password for invalid user proxyuser from 114.204.9.108 port 59328 ssh2
Oct 14 20:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Received disconnect from 114.204.9.108 port 59328:11: Bye Bye [preauth]
Oct 14 20:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Disconnected from 114.204.9.108 port 59328 [preauth]
Oct 14 20:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
Oct 14 20:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Failed password for root from 80.94.95.116 port 57118 ssh2
Oct 14 20:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Invalid user cha from 185.50.38.171
Oct 14 20:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: input_userauth_request: invalid user cha [preauth]
Oct 14 20:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Connection closed by 80.94.95.116 port 57118 [preauth]
Oct 14 20:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Failed password for invalid user cha from 185.50.38.171 port 41374 ssh2
Oct 14 20:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Received disconnect from 185.50.38.171 port 41374:11: Bye Bye [preauth]
Oct 14 20:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Disconnected from 185.50.38.171 port 41374 [preauth]
Oct 14 20:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Oct 14 20:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: Failed password for root from 185.255.91.50 port 44394 ssh2
Oct 14 20:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: Received disconnect from 185.255.91.50 port 44394:11: Bye Bye [preauth]
Oct 14 20:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: Disconnected from 185.255.91.50 port 44394 [preauth]
Oct 14 20:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: Invalid user qclinux from 46.238.32.247
Oct 14 20:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: input_userauth_request: invalid user qclinux [preauth]
Oct 14 20:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 20:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1972]: Invalid user qyy from 103.186.0.155
Oct 14 20:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1972]: input_userauth_request: invalid user qyy [preauth]
Oct 14 20:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1972]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 20:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: Failed password for invalid user qclinux from 46.238.32.247 port 47312 ssh2
Oct 14 20:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: Received disconnect from 46.238.32.247 port 47312:11: Bye Bye [preauth]
Oct 14 20:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: Disconnected from 46.238.32.247 port 47312 [preauth]
Oct 14 20:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1972]: Failed password for invalid user qyy from 103.186.0.155 port 33954 ssh2
Oct 14 20:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1972]: Received disconnect from 103.186.0.155 port 33954:11: Bye Bye [preauth]
Oct 14 20:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1972]: Disconnected from 103.186.0.155 port 33954 [preauth]
Oct 14 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1990]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1989]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1987]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2056]: Successful su for rubyman by root
Oct 14 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2056]: + ??? root:rubyman
Oct 14 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413350 of user rubyman.
Oct 14 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2056]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413350.
Oct 14 20:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30926]: pam_unix(cron:session): session closed for user root
Oct 14 20:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: Invalid user ftpuser from 57.128.191.82
Oct 14 20:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 20:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 20:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1988]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: Failed password for invalid user ftpuser from 57.128.191.82 port 54780 ssh2
Oct 14 20:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: Received disconnect from 57.128.191.82 port 54780:11: Bye Bye [preauth]
Oct 14 20:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2267]: Disconnected from 57.128.191.82 port 54780 [preauth]
Oct 14 20:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[763]: pam_unix(cron:session): session closed for user root
Oct 14 20:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218  user=root
Oct 14 20:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: Failed password for root from 160.202.8.218 port 60576 ssh2
Oct 14 20:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: Received disconnect from 160.202.8.218 port 60576:11: Bye Bye [preauth]
Oct 14 20:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: Disconnected from 160.202.8.218 port 60576 [preauth]
Oct 14 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2439]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2440]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2432]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2525]: Successful su for rubyman by root
Oct 14 20:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2525]: + ??? root:rubyman
Oct 14 20:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413354 of user rubyman.
Oct 14 20:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2525]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413354.
Oct 14 20:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: User backup from 114.204.9.108 not allowed because not listed in AllowUsers
Oct 14 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: input_userauth_request: invalid user backup [preauth]
Oct 14 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108  user=backup
Oct 14 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: Invalid user andi from 185.255.91.50
Oct 14 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: input_userauth_request: invalid user andi [preauth]
Oct 14 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: Failed password for invalid user backup from 114.204.9.108 port 56756 ssh2
Oct 14 20:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: Received disconnect from 114.204.9.108 port 56756:11: Bye Bye [preauth]
Oct 14 20:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: Disconnected from 114.204.9.108 port 56756 [preauth]
Oct 14 20:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: Failed password for invalid user andi from 185.255.91.50 port 51410 ssh2
Oct 14 20:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: Received disconnect from 185.255.91.50 port 51410:11: Bye Bye [preauth]
Oct 14 20:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2593]: Disconnected from 185.255.91.50 port 51410 [preauth]
Oct 14 20:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31410]: pam_unix(cron:session): session closed for user root
Oct 14 20:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: Invalid user sol from 46.238.32.247
Oct 14 20:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: input_userauth_request: invalid user sol [preauth]
Oct 14 20:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 20:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2710]: Invalid user wallabag from 185.50.38.171
Oct 14 20:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2710]: input_userauth_request: invalid user wallabag [preauth]
Oct 14 20:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2710]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: Failed password for invalid user sol from 46.238.32.247 port 51564 ssh2
Oct 14 20:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: Received disconnect from 46.238.32.247 port 51564:11: Bye Bye [preauth]
Oct 14 20:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2690]: Disconnected from 46.238.32.247 port 51564 [preauth]
Oct 14 20:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2710]: Failed password for invalid user wallabag from 185.50.38.171 port 55512 ssh2
Oct 14 20:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2710]: Received disconnect from 185.50.38.171 port 55512:11: Bye Bye [preauth]
Oct 14 20:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2710]: Disconnected from 185.50.38.171 port 55512 [preauth]
Oct 14 20:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2438]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: Invalid user ubuntu from 57.128.191.82
Oct 14 20:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 20:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 20:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: Failed password for invalid user ubuntu from 57.128.191.82 port 54926 ssh2
Oct 14 20:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: Received disconnect from 57.128.191.82 port 54926:11: Bye Bye [preauth]
Oct 14 20:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2771]: Disconnected from 57.128.191.82 port 54926 [preauth]
Oct 14 20:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110  user=root
Oct 14 20:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1368]: pam_unix(cron:session): session closed for user root
Oct 14 20:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: Failed password for root from 172.208.52.110 port 50954 ssh2
Oct 14 20:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: Received disconnect from 172.208.52.110 port 50954:11: Bye Bye [preauth]
Oct 14 20:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: Disconnected from 172.208.52.110 port 50954 [preauth]
Oct 14 20:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2878]: Invalid user zenith from 103.186.0.155
Oct 14 20:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2878]: input_userauth_request: invalid user zenith [preauth]
Oct 14 20:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2878]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 20:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2878]: Failed password for invalid user zenith from 103.186.0.155 port 53156 ssh2
Oct 14 20:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2878]: Received disconnect from 103.186.0.155 port 53156:11: Bye Bye [preauth]
Oct 14 20:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2878]: Disconnected from 103.186.0.155 port 53156 [preauth]
Oct 14 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2903]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2902]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2905]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2900]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2905]: pam_unix(cron:session): session closed for user root
Oct 14 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2897]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2991]: Successful su for rubyman by root
Oct 14 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2991]: + ??? root:rubyman
Oct 14 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413360 of user rubyman.
Oct 14 20:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2991]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413360.
Oct 14 20:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2900]: pam_unix(cron:session): session closed for user root
Oct 14 20:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32067]: pam_unix(cron:session): session closed for user root
Oct 14 20:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2898]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3249]: Invalid user admin from 2.57.121.112
Oct 14 20:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3249]: input_userauth_request: invalid user admin [preauth]
Oct 14 20:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3249]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 20:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3249]: Failed password for invalid user admin from 2.57.121.112 port 34523 ssh2
Oct 14 20:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3249]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3249]: Failed password for invalid user admin from 2.57.121.112 port 34523 ssh2
Oct 14 20:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3249]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247  user=root
Oct 14 20:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: Invalid user dp from 185.255.91.50
Oct 14 20:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: input_userauth_request: invalid user dp [preauth]
Oct 14 20:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3249]: Failed password for invalid user admin from 2.57.121.112 port 34523 ssh2
Oct 14 20:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3264]: Failed password for root from 46.238.32.247 port 55822 ssh2
Oct 14 20:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3249]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3264]: Received disconnect from 46.238.32.247 port 55822:11: Bye Bye [preauth]
Oct 14 20:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3264]: Disconnected from 46.238.32.247 port 55822 [preauth]
Oct 14 20:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: Failed password for invalid user dp from 185.255.91.50 port 52020 ssh2
Oct 14 20:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: Received disconnect from 185.255.91.50 port 52020:11: Bye Bye [preauth]
Oct 14 20:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: Disconnected from 185.255.91.50 port 52020 [preauth]
Oct 14 20:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3249]: Failed password for invalid user admin from 2.57.121.112 port 34523 ssh2
Oct 14 20:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3249]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3249]: Failed password for invalid user admin from 2.57.121.112 port 34523 ssh2
Oct 14 20:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3249]: Received disconnect from 2.57.121.112 port 34523:11: Bye [preauth]
Oct 14 20:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3249]: Disconnected from 2.57.121.112 port 34523 [preauth]
Oct 14 20:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3249]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 20:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3249]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 20:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: Invalid user ftptest from 114.204.9.108
Oct 14 20:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 20:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1990]: pam_unix(cron:session): session closed for user root
Oct 14 20:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: Failed password for invalid user ftptest from 114.204.9.108 port 45932 ssh2
Oct 14 20:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: Received disconnect from 114.204.9.108 port 45932:11: Bye Bye [preauth]
Oct 14 20:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3305]: Disconnected from 114.204.9.108 port 45932 [preauth]
Oct 14 20:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: Invalid user public from 160.202.8.218
Oct 14 20:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: input_userauth_request: invalid user public [preauth]
Oct 14 20:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 20:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: Failed password for invalid user public from 160.202.8.218 port 58902 ssh2
Oct 14 20:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: Received disconnect from 160.202.8.218 port 58902:11: Bye Bye [preauth]
Oct 14 20:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3329]: Disconnected from 160.202.8.218 port 58902 [preauth]
Oct 14 20:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Invalid user ansible from 57.128.191.82
Oct 14 20:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: input_userauth_request: invalid user ansible [preauth]
Oct 14 20:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 20:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: Invalid user ts1 from 185.50.38.171
Oct 14 20:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: input_userauth_request: invalid user ts1 [preauth]
Oct 14 20:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Failed password for invalid user ansible from 57.128.191.82 port 44898 ssh2
Oct 14 20:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Received disconnect from 57.128.191.82 port 44898:11: Bye Bye [preauth]
Oct 14 20:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Disconnected from 57.128.191.82 port 44898 [preauth]
Oct 14 20:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: Failed password for invalid user ts1 from 185.50.38.171 port 49706 ssh2
Oct 14 20:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: Received disconnect from 185.50.38.171 port 49706:11: Bye Bye [preauth]
Oct 14 20:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: Disconnected from 185.50.38.171 port 49706 [preauth]
Oct 14 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3442]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3441]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3439]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3521]: Successful su for rubyman by root
Oct 14 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3521]: + ??? root:rubyman
Oct 14 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413365 of user rubyman.
Oct 14 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3521]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413365.
Oct 14 20:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32713]: pam_unix(cron:session): session closed for user root
Oct 14 20:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3440]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2440]: pam_unix(cron:session): session closed for user root
Oct 14 20:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Invalid user deploy from 46.238.32.247
Oct 14 20:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: input_userauth_request: invalid user deploy [preauth]
Oct 14 20:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 20:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Failed password for invalid user deploy from 46.238.32.247 port 60076 ssh2
Oct 14 20:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Received disconnect from 46.238.32.247 port 60076:11: Bye Bye [preauth]
Oct 14 20:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3841]: Disconnected from 46.238.32.247 port 60076 [preauth]
Oct 14 20:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170  user=root
Oct 14 20:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: Failed password for root from 222.108.173.170 port 25990 ssh2
Oct 14 20:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: Received disconnect from 222.108.173.170 port 25990:11: Bye Bye [preauth]
Oct 14 20:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3855]: Disconnected from 222.108.173.170 port 25990 [preauth]
Oct 14 20:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: Invalid user poc from 185.255.91.50
Oct 14 20:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: input_userauth_request: invalid user poc [preauth]
Oct 14 20:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: Failed password for invalid user poc from 185.255.91.50 port 46944 ssh2
Oct 14 20:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: Received disconnect from 185.255.91.50 port 46944:11: Bye Bye [preauth]
Oct 14 20:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: Disconnected from 185.255.91.50 port 46944 [preauth]
Oct 14 20:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155  user=root
Oct 14 20:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3902]: Invalid user ftptest from 57.128.191.82
Oct 14 20:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3902]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 20:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3902]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 20:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3890]: Failed password for root from 103.186.0.155 port 32788 ssh2
Oct 14 20:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3890]: Received disconnect from 103.186.0.155 port 32788:11: Bye Bye [preauth]
Oct 14 20:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3890]: Disconnected from 103.186.0.155 port 32788 [preauth]
Oct 14 20:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3902]: Failed password for invalid user ftptest from 57.128.191.82 port 49142 ssh2
Oct 14 20:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3902]: Received disconnect from 57.128.191.82 port 49142:11: Bye Bye [preauth]
Oct 14 20:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3902]: Disconnected from 57.128.191.82 port 49142 [preauth]
Oct 14 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3919]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3917]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3913]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3913]: pam_unix(cron:session): session closed for user root
Oct 14 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3915]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3988]: Successful su for rubyman by root
Oct 14 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3988]: + ??? root:rubyman
Oct 14 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413368 of user rubyman.
Oct 14 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3988]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413368.
Oct 14 20:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[759]: pam_unix(cron:session): session closed for user root
Oct 14 20:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: Invalid user server from 114.204.9.108
Oct 14 20:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: input_userauth_request: invalid user server [preauth]
Oct 14 20:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4211]: Invalid user git from 172.208.52.110
Oct 14 20:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4211]: input_userauth_request: invalid user git [preauth]
Oct 14 20:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4211]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: Failed password for invalid user server from 114.204.9.108 port 42662 ssh2
Oct 14 20:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: Received disconnect from 114.204.9.108 port 42662:11: Bye Bye [preauth]
Oct 14 20:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: Disconnected from 114.204.9.108 port 42662 [preauth]
Oct 14 20:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4211]: Failed password for invalid user git from 172.208.52.110 port 58428 ssh2
Oct 14 20:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4211]: Received disconnect from 172.208.52.110 port 58428:11: Bye Bye [preauth]
Oct 14 20:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4211]: Disconnected from 172.208.52.110 port 58428 [preauth]
Oct 14 20:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3916]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: Invalid user es from 185.50.38.171
Oct 14 20:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: input_userauth_request: invalid user es [preauth]
Oct 14 20:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: Failed password for invalid user es from 185.50.38.171 port 50902 ssh2
Oct 14 20:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: Received disconnect from 185.50.38.171 port 50902:11: Bye Bye [preauth]
Oct 14 20:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: Disconnected from 185.50.38.171 port 50902 [preauth]
Oct 14 20:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4332]: Invalid user jorge from 160.202.8.218
Oct 14 20:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4332]: input_userauth_request: invalid user jorge [preauth]
Oct 14 20:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4332]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 20:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4332]: Failed password for invalid user jorge from 160.202.8.218 port 57234 ssh2
Oct 14 20:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4332]: Received disconnect from 160.202.8.218 port 57234:11: Bye Bye [preauth]
Oct 14 20:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4332]: Disconnected from 160.202.8.218 port 57234 [preauth]
Oct 14 20:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2903]: pam_unix(cron:session): session closed for user root
Oct 14 20:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: Invalid user ansible from 46.238.32.247
Oct 14 20:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: input_userauth_request: invalid user ansible [preauth]
Oct 14 20:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 20:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: Failed password for invalid user ansible from 46.238.32.247 port 36092 ssh2
Oct 14 20:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: Received disconnect from 46.238.32.247 port 36092:11: Bye Bye [preauth]
Oct 14 20:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4411]: Disconnected from 46.238.32.247 port 36092 [preauth]
Oct 14 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4431]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4430]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4427]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4427]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4503]: Successful su for rubyman by root
Oct 14 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4503]: + ??? root:rubyman
Oct 14 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413374 of user rubyman.
Oct 14 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4503]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413374.
Oct 14 20:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1366]: pam_unix(cron:session): session closed for user root
Oct 14 20:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Oct 14 20:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82  user=root
Oct 14 20:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4707]: Failed password for root from 185.255.91.50 port 41710 ssh2
Oct 14 20:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Failed password for root from 57.128.191.82 port 41394 ssh2
Oct 14 20:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4707]: Received disconnect from 185.255.91.50 port 41710:11: Bye Bye [preauth]
Oct 14 20:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4707]: Disconnected from 185.255.91.50 port 41710 [preauth]
Oct 14 20:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Received disconnect from 57.128.191.82 port 41394:11: Bye Bye [preauth]
Oct 14 20:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Disconnected from 57.128.191.82 port 41394 [preauth]
Oct 14 20:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4429]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4836]: Invalid user apolo from 172.208.52.110
Oct 14 20:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4836]: input_userauth_request: invalid user apolo [preauth]
Oct 14 20:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4836]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4836]: Failed password for invalid user apolo from 172.208.52.110 port 33700 ssh2
Oct 14 20:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4836]: Received disconnect from 172.208.52.110 port 33700:11: Bye Bye [preauth]
Oct 14 20:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4836]: Disconnected from 172.208.52.110 port 33700 [preauth]
Oct 14 20:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3442]: pam_unix(cron:session): session closed for user root
Oct 14 20:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: Invalid user user01 from 114.204.9.108
Oct 14 20:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: input_userauth_request: invalid user user01 [preauth]
Oct 14 20:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: Failed password for invalid user user01 from 114.204.9.108 port 37736 ssh2
Oct 14 20:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: Received disconnect from 114.204.9.108 port 37736:11: Bye Bye [preauth]
Oct 14 20:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4852]: Disconnected from 114.204.9.108 port 37736 [preauth]
Oct 14 20:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: Invalid user fivem from 222.108.173.170
Oct 14 20:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: input_userauth_request: invalid user fivem [preauth]
Oct 14 20:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 20:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: Failed password for invalid user fivem from 222.108.173.170 port 36168 ssh2
Oct 14 20:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: Received disconnect from 222.108.173.170 port 36168:11: Bye Bye [preauth]
Oct 14 20:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: Disconnected from 222.108.173.170 port 36168 [preauth]
Oct 14 20:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: Invalid user root1 from 185.50.38.171
Oct 14 20:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: input_userauth_request: invalid user root1 [preauth]
Oct 14 20:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: Failed password for invalid user root1 from 185.50.38.171 port 59760 ssh2
Oct 14 20:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: Received disconnect from 185.50.38.171 port 59760:11: Bye Bye [preauth]
Oct 14 20:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5033]: Disconnected from 185.50.38.171 port 59760 [preauth]
Oct 14 20:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5077]: Invalid user k8s from 103.186.0.155
Oct 14 20:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5077]: input_userauth_request: invalid user k8s [preauth]
Oct 14 20:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5077]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 20:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5077]: Failed password for invalid user k8s from 103.186.0.155 port 47044 ssh2
Oct 14 20:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5077]: Received disconnect from 103.186.0.155 port 47044:11: Bye Bye [preauth]
Oct 14 20:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5077]: Disconnected from 103.186.0.155 port 47044 [preauth]
Oct 14 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5151]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5150]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5146]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5133]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5506]: Successful su for rubyman by root
Oct 14 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5506]: + ??? root:rubyman
Oct 14 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413377 of user rubyman.
Oct 14 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5506]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413377.
Oct 14 20:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5628]: Invalid user system from 46.238.32.247
Oct 14 20:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5628]: input_userauth_request: invalid user system [preauth]
Oct 14 20:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5628]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 20:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1989]: pam_unix(cron:session): session closed for user root
Oct 14 20:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5628]: Failed password for invalid user system from 46.238.32.247 port 40342 ssh2
Oct 14 20:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5628]: Received disconnect from 46.238.32.247 port 40342:11: Bye Bye [preauth]
Oct 14 20:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5628]: Disconnected from 46.238.32.247 port 40342 [preauth]
Oct 14 20:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5146]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Invalid user newuser from 57.128.191.82
Oct 14 20:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: input_userauth_request: invalid user newuser [preauth]
Oct 14 20:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 20:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Failed password for invalid user newuser from 57.128.191.82 port 46588 ssh2
Oct 14 20:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5778]: Invalid user integra from 160.202.8.218
Oct 14 20:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5778]: input_userauth_request: invalid user integra [preauth]
Oct 14 20:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5778]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 20:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Received disconnect from 57.128.191.82 port 46588:11: Bye Bye [preauth]
Oct 14 20:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Disconnected from 57.128.191.82 port 46588 [preauth]
Oct 14 20:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5778]: Failed password for invalid user integra from 160.202.8.218 port 55578 ssh2
Oct 14 20:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5778]: Received disconnect from 160.202.8.218 port 55578:11: Bye Bye [preauth]
Oct 14 20:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5778]: Disconnected from 160.202.8.218 port 55578 [preauth]
Oct 14 20:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: Invalid user yaya from 185.255.91.50
Oct 14 20:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: input_userauth_request: invalid user yaya [preauth]
Oct 14 20:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: Failed password for invalid user yaya from 185.255.91.50 port 57846 ssh2
Oct 14 20:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: Received disconnect from 185.255.91.50 port 57846:11: Bye Bye [preauth]
Oct 14 20:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: Disconnected from 185.255.91.50 port 57846 [preauth]
Oct 14 20:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3919]: pam_unix(cron:session): session closed for user root
Oct 14 20:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5917]: Invalid user repo from 172.208.52.110
Oct 14 20:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5917]: input_userauth_request: invalid user repo [preauth]
Oct 14 20:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5917]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5917]: Failed password for invalid user repo from 172.208.52.110 port 36066 ssh2
Oct 14 20:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5917]: Received disconnect from 172.208.52.110 port 36066:11: Bye Bye [preauth]
Oct 14 20:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5917]: Disconnected from 172.208.52.110 port 36066 [preauth]
Oct 14 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5934]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5936]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5933]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5932]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5936]: pam_unix(cron:session): session closed for user root
Oct 14 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5930]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: Invalid user ftptest from 114.204.9.108
Oct 14 20:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 20:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6012]: Successful su for rubyman by root
Oct 14 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6012]: + ??? root:rubyman
Oct 14 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413381 of user rubyman.
Oct 14 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[6012]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413381.
Oct 14 20:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: Failed password for invalid user ftptest from 114.204.9.108 port 44926 ssh2
Oct 14 20:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: Received disconnect from 114.204.9.108 port 44926:11: Bye Bye [preauth]
Oct 14 20:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: Disconnected from 114.204.9.108 port 44926 [preauth]
Oct 14 20:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2439]: pam_unix(cron:session): session closed for user root
Oct 14 20:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5932]: pam_unix(cron:session): session closed for user root
Oct 14 20:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: Invalid user rbs from 185.50.38.171
Oct 14 20:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: input_userauth_request: invalid user rbs [preauth]
Oct 14 20:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: Failed password for invalid user rbs from 185.50.38.171 port 57540 ssh2
Oct 14 20:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5931]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: Received disconnect from 185.50.38.171 port 57540:11: Bye Bye [preauth]
Oct 14 20:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: Disconnected from 185.50.38.171 port 57540 [preauth]
Oct 14 20:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: Invalid user ansible from 46.238.32.247
Oct 14 20:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: input_userauth_request: invalid user ansible [preauth]
Oct 14 20:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 20:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: Invalid user ftpadmin from 222.108.173.170
Oct 14 20:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: input_userauth_request: invalid user ftpadmin [preauth]
Oct 14 20:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 20:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: Failed password for invalid user ansible from 46.238.32.247 port 44588 ssh2
Oct 14 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: Received disconnect from 46.238.32.247 port 44588:11: Bye Bye [preauth]
Oct 14 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: Disconnected from 46.238.32.247 port 44588 [preauth]
Oct 14 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: Failed password for invalid user ftpadmin from 222.108.173.170 port 27286 ssh2
Oct 14 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: Received disconnect from 222.108.173.170 port 27286:11: Bye Bye [preauth]
Oct 14 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: Disconnected from 222.108.173.170 port 27286 [preauth]
Oct 14 20:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Invalid user RPM from 80.94.95.115
Oct 14 20:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: input_userauth_request: invalid user RPM [preauth]
Oct 14 20:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Oct 14 20:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Failed password for invalid user RPM from 80.94.95.115 port 36326 ssh2
Oct 14 20:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Connection closed by 80.94.95.115 port 36326 [preauth]
Oct 14 20:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: Invalid user ftptest from 57.128.191.82
Oct 14 20:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 20:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 20:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: Failed password for invalid user ftptest from 57.128.191.82 port 41168 ssh2
Oct 14 20:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: Received disconnect from 57.128.191.82 port 41168:11: Bye Bye [preauth]
Oct 14 20:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6320]: Disconnected from 57.128.191.82 port 41168 [preauth]
Oct 14 20:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4431]: pam_unix(cron:session): session closed for user root
Oct 14 20:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155  user=root
Oct 14 20:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6367]: Failed password for root from 103.186.0.155 port 57712 ssh2
Oct 14 20:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6367]: Received disconnect from 103.186.0.155 port 57712:11: Bye Bye [preauth]
Oct 14 20:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6367]: Disconnected from 103.186.0.155 port 57712 [preauth]
Oct 14 20:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Oct 14 20:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: Failed password for root from 185.255.91.50 port 49040 ssh2
Oct 14 20:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: Received disconnect from 185.255.91.50 port 49040:11: Bye Bye [preauth]
Oct 14 20:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: Disconnected from 185.255.91.50 port 49040 [preauth]
Oct 14 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6422]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6424]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6417]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6510]: Successful su for rubyman by root
Oct 14 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6510]: + ??? root:rubyman
Oct 14 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6510]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413387 of user rubyman.
Oct 14 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6510]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413387.
Oct 14 20:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2902]: pam_unix(cron:session): session closed for user root
Oct 14 20:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6785]: Invalid user website from 160.202.8.218
Oct 14 20:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6785]: input_userauth_request: invalid user website [preauth]
Oct 14 20:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6785]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 20:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6785]: Failed password for invalid user website from 160.202.8.218 port 53900 ssh2
Oct 14 20:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6785]: Received disconnect from 160.202.8.218 port 53900:11: Bye Bye [preauth]
Oct 14 20:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6785]: Disconnected from 160.202.8.218 port 53900 [preauth]
Oct 14 20:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6420]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110  user=root
Oct 14 20:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: Failed password for root from 172.208.52.110 port 56012 ssh2
Oct 14 20:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: Received disconnect from 172.208.52.110 port 56012:11: Bye Bye [preauth]
Oct 14 20:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: Disconnected from 172.208.52.110 port 56012 [preauth]
Oct 14 20:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6895]: Invalid user ubuntu from 114.204.9.108
Oct 14 20:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6895]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 20:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6895]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6895]: Failed password for invalid user ubuntu from 114.204.9.108 port 40254 ssh2
Oct 14 20:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6895]: Received disconnect from 114.204.9.108 port 40254:11: Bye Bye [preauth]
Oct 14 20:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6895]: Disconnected from 114.204.9.108 port 40254 [preauth]
Oct 14 20:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247  user=root
Oct 14 20:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5151]: pam_unix(cron:session): session closed for user root
Oct 14 20:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6924]: Failed password for root from 46.238.32.247 port 48852 ssh2
Oct 14 20:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6924]: Received disconnect from 46.238.32.247 port 48852:11: Bye Bye [preauth]
Oct 14 20:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6924]: Disconnected from 46.238.32.247 port 48852 [preauth]
Oct 14 20:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82  user=root
Oct 14 20:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: Failed password for root from 57.128.191.82 port 33116 ssh2
Oct 14 20:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: Received disconnect from 57.128.191.82 port 33116:11: Bye Bye [preauth]
Oct 14 20:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6958]: Disconnected from 57.128.191.82 port 33116 [preauth]
Oct 14 20:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6979]: Invalid user ftpadmin1 from 185.50.38.171
Oct 14 20:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6979]: input_userauth_request: invalid user ftpadmin1 [preauth]
Oct 14 20:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6979]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6979]: Failed password for invalid user ftpadmin1 from 185.50.38.171 port 43098 ssh2
Oct 14 20:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6979]: Received disconnect from 185.50.38.171 port 43098:11: Bye Bye [preauth]
Oct 14 20:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6979]: Disconnected from 185.50.38.171 port 43098 [preauth]
Oct 14 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7011]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7013]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7009]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: Invalid user admin from 222.108.173.170
Oct 14 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: input_userauth_request: invalid user admin [preauth]
Oct 14 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7105]: Successful su for rubyman by root
Oct 14 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7105]: + ??? root:rubyman
Oct 14 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413391 of user rubyman.
Oct 14 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7105]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413391.
Oct 14 20:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: Failed password for invalid user admin from 222.108.173.170 port 6801 ssh2
Oct 14 20:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: Received disconnect from 222.108.173.170 port 6801:11: Bye Bye [preauth]
Oct 14 20:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: Disconnected from 222.108.173.170 port 6801 [preauth]
Oct 14 20:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3441]: pam_unix(cron:session): session closed for user root
Oct 14 20:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: Invalid user prometheus from 185.255.91.50
Oct 14 20:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: input_userauth_request: invalid user prometheus [preauth]
Oct 14 20:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: Failed password for invalid user prometheus from 185.255.91.50 port 51434 ssh2
Oct 14 20:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: Received disconnect from 185.255.91.50 port 51434:11: Bye Bye [preauth]
Oct 14 20:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: Disconnected from 185.255.91.50 port 51434 [preauth]
Oct 14 20:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7010]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7504]: Invalid user viper from 103.186.0.155
Oct 14 20:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7504]: input_userauth_request: invalid user viper [preauth]
Oct 14 20:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7504]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 20:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5934]: pam_unix(cron:session): session closed for user root
Oct 14 20:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7504]: Failed password for invalid user viper from 103.186.0.155 port 34174 ssh2
Oct 14 20:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7504]: Received disconnect from 103.186.0.155 port 34174:11: Bye Bye [preauth]
Oct 14 20:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7504]: Disconnected from 103.186.0.155 port 34174 [preauth]
Oct 14 20:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: Invalid user nagios from 114.204.9.108
Oct 14 20:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: input_userauth_request: invalid user nagios [preauth]
Oct 14 20:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247  user=root
Oct 14 20:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: Invalid user manoj from 172.208.52.110
Oct 14 20:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: input_userauth_request: invalid user manoj [preauth]
Oct 14 20:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: Failed password for invalid user nagios from 114.204.9.108 port 48594 ssh2
Oct 14 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: Received disconnect from 114.204.9.108 port 48594:11: Bye Bye [preauth]
Oct 14 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7559]: Disconnected from 114.204.9.108 port 48594 [preauth]
Oct 14 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: Failed password for root from 46.238.32.247 port 53116 ssh2
Oct 14 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: Failed password for invalid user manoj from 172.208.52.110 port 37252 ssh2
Oct 14 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: Received disconnect from 46.238.32.247 port 53116:11: Bye Bye [preauth]
Oct 14 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7562]: Disconnected from 46.238.32.247 port 53116 [preauth]
Oct 14 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: Received disconnect from 172.208.52.110 port 37252:11: Bye Bye [preauth]
Oct 14 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: Disconnected from 172.208.52.110 port 37252 [preauth]
Oct 14 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7583]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7582]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7579]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7645]: Successful su for rubyman by root
Oct 14 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7645]: + ??? root:rubyman
Oct 14 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413395 of user rubyman.
Oct 14 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7645]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413395.
Oct 14 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: Invalid user deploy from 57.128.191.82
Oct 14 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: input_userauth_request: invalid user deploy [preauth]
Oct 14 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.191.82
Oct 14 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7691]: Invalid user adrien from 160.202.8.218
Oct 14 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7691]: input_userauth_request: invalid user adrien [preauth]
Oct 14 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7691]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 20:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: Failed password for invalid user deploy from 57.128.191.82 port 55698 ssh2
Oct 14 20:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: Received disconnect from 57.128.191.82 port 55698:11: Bye Bye [preauth]
Oct 14 20:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: Disconnected from 57.128.191.82 port 55698 [preauth]
Oct 14 20:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7691]: Failed password for invalid user adrien from 160.202.8.218 port 52206 ssh2
Oct 14 20:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7691]: Received disconnect from 160.202.8.218 port 52206:11: Bye Bye [preauth]
Oct 14 20:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7691]: Disconnected from 160.202.8.218 port 52206 [preauth]
Oct 14 20:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3917]: pam_unix(cron:session): session closed for user root
Oct 14 20:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7580]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171  user=root
Oct 14 20:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Failed password for root from 185.50.38.171 port 48612 ssh2
Oct 14 20:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Received disconnect from 185.50.38.171 port 48612:11: Bye Bye [preauth]
Oct 14 20:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Disconnected from 185.50.38.171 port 48612 [preauth]
Oct 14 20:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6424]: pam_unix(cron:session): session closed for user root
Oct 14 20:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Invalid user oraapcc from 20.163.71.109
Oct 14 20:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: input_userauth_request: invalid user oraapcc [preauth]
Oct 14 20:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 20:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Failed password for invalid user oraapcc from 20.163.71.109 port 59918 ssh2
Oct 14 20:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Connection closed by 20.163.71.109 port 59918 [preauth]
Oct 14 20:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170  user=root
Oct 14 20:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Oct 14 20:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: Failed password for root from 222.108.173.170 port 21355 ssh2
Oct 14 20:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: Failed password for root from 185.255.91.50 port 34004 ssh2
Oct 14 20:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: Received disconnect from 222.108.173.170 port 21355:11: Bye Bye [preauth]
Oct 14 20:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8437]: Disconnected from 222.108.173.170 port 21355 [preauth]
Oct 14 20:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: Received disconnect from 185.255.91.50 port 34004:11: Bye Bye [preauth]
Oct 14 20:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: Disconnected from 185.255.91.50 port 34004 [preauth]
Oct 14 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8499]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8501]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8497]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8571]: Successful su for rubyman by root
Oct 14 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8571]: + ??? root:rubyman
Oct 14 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413401 of user rubyman.
Oct 14 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8571]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413401.
Oct 14 20:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4430]: pam_unix(cron:session): session closed for user root
Oct 14 20:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8498]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: Invalid user administrator from 46.238.32.247
Oct 14 20:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: input_userauth_request: invalid user administrator [preauth]
Oct 14 20:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.238.32.247
Oct 14 20:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: Failed password for invalid user administrator from 46.238.32.247 port 57380 ssh2
Oct 14 20:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: Received disconnect from 46.238.32.247 port 57380:11: Bye Bye [preauth]
Oct 14 20:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: Disconnected from 46.238.32.247 port 57380 [preauth]
Oct 14 20:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: Invalid user a from 114.204.9.108
Oct 14 20:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: input_userauth_request: invalid user a [preauth]
Oct 14 20:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: Failed password for invalid user a from 114.204.9.108 port 43092 ssh2
Oct 14 20:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: Received disconnect from 114.204.9.108 port 43092:11: Bye Bye [preauth]
Oct 14 20:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: Disconnected from 114.204.9.108 port 43092 [preauth]
Oct 14 20:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8983]: Invalid user parisa from 172.208.52.110
Oct 14 20:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8983]: input_userauth_request: invalid user parisa [preauth]
Oct 14 20:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8983]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8983]: Failed password for invalid user parisa from 172.208.52.110 port 59874 ssh2
Oct 14 20:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8983]: Received disconnect from 172.208.52.110 port 59874:11: Bye Bye [preauth]
Oct 14 20:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8983]: Disconnected from 172.208.52.110 port 59874 [preauth]
Oct 14 20:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7013]: pam_unix(cron:session): session closed for user root
Oct 14 20:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9034]: Invalid user panel from 103.186.0.155
Oct 14 20:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9034]: input_userauth_request: invalid user panel [preauth]
Oct 14 20:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9034]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 20:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9034]: Failed password for invalid user panel from 103.186.0.155 port 48208 ssh2
Oct 14 20:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9034]: Received disconnect from 103.186.0.155 port 48208:11: Bye Bye [preauth]
Oct 14 20:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9034]: Disconnected from 103.186.0.155 port 48208 [preauth]
Oct 14 20:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: Invalid user saeed from 160.202.8.218
Oct 14 20:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: input_userauth_request: invalid user saeed [preauth]
Oct 14 20:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 20:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: Failed password for invalid user saeed from 160.202.8.218 port 50504 ssh2
Oct 14 20:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: Received disconnect from 160.202.8.218 port 50504:11: Bye Bye [preauth]
Oct 14 20:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9072]: Disconnected from 160.202.8.218 port 50504 [preauth]
Oct 14 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9094]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9092]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9091]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9090]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9094]: pam_unix(cron:session): session closed for user root
Oct 14 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9087]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9278]: Successful su for rubyman by root
Oct 14 20:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9278]: + ??? root:rubyman
Oct 14 20:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413404 of user rubyman.
Oct 14 20:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9278]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413404.
Oct 14 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9316]: Did not receive identification string from 164.92.197.45
Oct 14 20:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: Invalid user paulina from 185.255.91.50
Oct 14 20:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: input_userauth_request: invalid user paulina [preauth]
Oct 14 20:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: Failed password for invalid user paulina from 185.255.91.50 port 56814 ssh2
Oct 14 20:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: Received disconnect from 185.255.91.50 port 56814:11: Bye Bye [preauth]
Oct 14 20:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: Disconnected from 185.255.91.50 port 56814 [preauth]
Oct 14 20:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: Invalid user tet from 185.50.38.171
Oct 14 20:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: input_userauth_request: invalid user tet [preauth]
Oct 14 20:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5150]: pam_unix(cron:session): session closed for user root
Oct 14 20:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9090]: pam_unix(cron:session): session closed for user root
Oct 14 20:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: Failed password for invalid user tet from 185.50.38.171 port 41770 ssh2
Oct 14 20:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: Received disconnect from 185.50.38.171 port 41770:11: Bye Bye [preauth]
Oct 14 20:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: Disconnected from 185.50.38.171 port 41770 [preauth]
Oct 14 20:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9088]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170  user=root
Oct 14 20:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: Failed password for root from 222.108.173.170 port 43991 ssh2
Oct 14 20:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: Received disconnect from 222.108.173.170 port 43991:11: Bye Bye [preauth]
Oct 14 20:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9615]: Disconnected from 222.108.173.170 port 43991 [preauth]
Oct 14 20:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9332]: Connection closed by 142.93.163.101 port 11282 [preauth]
Oct 14 20:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7583]: pam_unix(cron:session): session closed for user root
Oct 14 20:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9821]: Invalid user oracle from 193.32.162.151
Oct 14 20:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9821]: input_userauth_request: invalid user oracle [preauth]
Oct 14 20:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9821]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.151
Oct 14 20:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: Invalid user ubuntu from 114.204.9.108
Oct 14 20:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 20:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9821]: Failed password for invalid user oracle from 193.32.162.151 port 43804 ssh2
Oct 14 20:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9821]: Connection closed by 193.32.162.151 port 43804 [preauth]
Oct 14 20:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: Failed password for invalid user ubuntu from 114.204.9.108 port 47016 ssh2
Oct 14 20:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: Received disconnect from 114.204.9.108 port 47016:11: Bye Bye [preauth]
Oct 14 20:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: Disconnected from 114.204.9.108 port 47016 [preauth]
Oct 14 20:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: Invalid user zhangsan from 172.208.52.110
Oct 14 20:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: input_userauth_request: invalid user zhangsan [preauth]
Oct 14 20:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9878]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9879]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9876]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: Failed password for invalid user zhangsan from 172.208.52.110 port 33034 ssh2
Oct 14 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: Received disconnect from 172.208.52.110 port 33034:11: Bye Bye [preauth]
Oct 14 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: Disconnected from 172.208.52.110 port 33034 [preauth]
Oct 14 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9957]: Successful su for rubyman by root
Oct 14 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9957]: + ??? root:rubyman
Oct 14 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413409 of user rubyman.
Oct 14 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9957]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413409.
Oct 14 20:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5933]: pam_unix(cron:session): session closed for user root
Oct 14 20:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9877]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10239]: Invalid user student from 185.255.91.50
Oct 14 20:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10239]: input_userauth_request: invalid user student [preauth]
Oct 14 20:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10239]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10239]: Failed password for invalid user student from 185.255.91.50 port 35014 ssh2
Oct 14 20:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10239]: Received disconnect from 185.255.91.50 port 35014:11: Bye Bye [preauth]
Oct 14 20:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10239]: Disconnected from 185.255.91.50 port 35014 [preauth]
Oct 14 20:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8501]: pam_unix(cron:session): session closed for user root
Oct 14 20:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171  user=root
Oct 14 20:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: Invalid user abraham from 160.202.8.218
Oct 14 20:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: input_userauth_request: invalid user abraham [preauth]
Oct 14 20:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 20:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: Failed password for root from 185.50.38.171 port 40290 ssh2
Oct 14 20:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: Received disconnect from 185.50.38.171 port 40290:11: Bye Bye [preauth]
Oct 14 20:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: Disconnected from 185.50.38.171 port 40290 [preauth]
Oct 14 20:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: Failed password for invalid user abraham from 160.202.8.218 port 48810 ssh2
Oct 14 20:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155  user=root
Oct 14 20:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: Received disconnect from 160.202.8.218 port 48810:11: Bye Bye [preauth]
Oct 14 20:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10320]: Disconnected from 160.202.8.218 port 48810 [preauth]
Oct 14 20:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: Failed password for root from 103.186.0.155 port 60714 ssh2
Oct 14 20:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: Received disconnect from 103.186.0.155 port 60714:11: Bye Bye [preauth]
Oct 14 20:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10326]: Disconnected from 103.186.0.155 port 60714 [preauth]
Oct 14 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10386]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10387]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10384]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10461]: Successful su for rubyman by root
Oct 14 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10461]: + ??? root:rubyman
Oct 14 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413413 of user rubyman.
Oct 14 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10461]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413413.
Oct 14 20:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170  user=root
Oct 14 20:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: Failed password for root from 222.108.173.170 port 6885 ssh2
Oct 14 20:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: Received disconnect from 222.108.173.170 port 6885:11: Bye Bye [preauth]
Oct 14 20:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: Disconnected from 222.108.173.170 port 6885 [preauth]
Oct 14 20:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6422]: pam_unix(cron:session): session closed for user root
Oct 14 20:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: Invalid user myuser from 114.204.9.108
Oct 14 20:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: input_userauth_request: invalid user myuser [preauth]
Oct 14 20:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10385]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: Failed password for invalid user myuser from 114.204.9.108 port 44172 ssh2
Oct 14 20:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: Received disconnect from 114.204.9.108 port 44172:11: Bye Bye [preauth]
Oct 14 20:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10684]: Disconnected from 114.204.9.108 port 44172 [preauth]
Oct 14 20:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Invalid user julia from 172.208.52.110
Oct 14 20:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: input_userauth_request: invalid user julia [preauth]
Oct 14 20:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Failed password for invalid user julia from 172.208.52.110 port 50152 ssh2
Oct 14 20:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Received disconnect from 172.208.52.110 port 50152:11: Bye Bye [preauth]
Oct 14 20:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Disconnected from 172.208.52.110 port 50152 [preauth]
Oct 14 20:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9092]: pam_unix(cron:session): session closed for user root
Oct 14 20:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Oct 14 20:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10824]: Failed password for root from 185.255.91.50 port 43060 ssh2
Oct 14 20:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10824]: Received disconnect from 185.255.91.50 port 43060:11: Bye Bye [preauth]
Oct 14 20:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10824]: Disconnected from 185.255.91.50 port 43060 [preauth]
Oct 14 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10869]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10871]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10867]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10935]: Successful su for rubyman by root
Oct 14 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10935]: + ??? root:rubyman
Oct 14 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413417 of user rubyman.
Oct 14 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10935]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413417.
Oct 14 20:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7011]: pam_unix(cron:session): session closed for user root
Oct 14 20:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171  user=root
Oct 14 20:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11133]: Invalid user prueba from 80.94.95.116
Oct 14 20:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11133]: input_userauth_request: invalid user prueba [preauth]
Oct 14 20:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: Failed password for root from 185.50.38.171 port 45294 ssh2
Oct 14 20:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11133]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 14 20:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: Received disconnect from 185.50.38.171 port 45294:11: Bye Bye [preauth]
Oct 14 20:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: Disconnected from 185.50.38.171 port 45294 [preauth]
Oct 14 20:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10868]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11133]: Failed password for invalid user prueba from 80.94.95.116 port 53268 ssh2
Oct 14 20:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11133]: Connection closed by 80.94.95.116 port 53268 [preauth]
Oct 14 20:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Invalid user sunny from 160.202.8.218
Oct 14 20:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: input_userauth_request: invalid user sunny [preauth]
Oct 14 20:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 20:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9879]: pam_unix(cron:session): session closed for user root
Oct 14 20:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Failed password for invalid user sunny from 160.202.8.218 port 47104 ssh2
Oct 14 20:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Received disconnect from 160.202.8.218 port 47104:11: Bye Bye [preauth]
Oct 14 20:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Disconnected from 160.202.8.218 port 47104 [preauth]
Oct 14 20:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: Invalid user testuser from 114.204.9.108
Oct 14 20:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: input_userauth_request: invalid user testuser [preauth]
Oct 14 20:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: Failed password for invalid user testuser from 114.204.9.108 port 41226 ssh2
Oct 14 20:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: Received disconnect from 114.204.9.108 port 41226:11: Bye Bye [preauth]
Oct 14 20:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: Disconnected from 114.204.9.108 port 41226 [preauth]
Oct 14 20:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11294]: Invalid user linda from 103.186.0.155
Oct 14 20:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11294]: input_userauth_request: invalid user linda [preauth]
Oct 14 20:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11294]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 20:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11294]: Failed password for invalid user linda from 103.186.0.155 port 59844 ssh2
Oct 14 20:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11294]: Received disconnect from 103.186.0.155 port 59844:11: Bye Bye [preauth]
Oct 14 20:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11294]: Disconnected from 103.186.0.155 port 59844 [preauth]
Oct 14 20:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11325]: Invalid user guest from 222.108.173.170
Oct 14 20:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11325]: input_userauth_request: invalid user guest [preauth]
Oct 14 20:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11325]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 20:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11325]: Failed password for invalid user guest from 222.108.173.170 port 25205 ssh2
Oct 14 20:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11325]: Received disconnect from 222.108.173.170 port 25205:11: Bye Bye [preauth]
Oct 14 20:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11325]: Disconnected from 222.108.173.170 port 25205 [preauth]
Oct 14 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11339]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11340]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11337]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11407]: Successful su for rubyman by root
Oct 14 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11407]: + ??? root:rubyman
Oct 14 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413421 of user rubyman.
Oct 14 20:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11407]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413421.
Oct 14 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: Invalid user visionupdater from 172.208.52.110
Oct 14 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: input_userauth_request: invalid user visionupdater [preauth]
Oct 14 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7582]: pam_unix(cron:session): session closed for user root
Oct 14 20:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: Failed password for invalid user visionupdater from 172.208.52.110 port 57676 ssh2
Oct 14 20:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: Received disconnect from 172.208.52.110 port 57676:11: Bye Bye [preauth]
Oct 14 20:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: Disconnected from 172.208.52.110 port 57676 [preauth]
Oct 14 20:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Invalid user ubuntu from 185.255.91.50
Oct 14 20:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 20:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Failed password for invalid user ubuntu from 185.255.91.50 port 33746 ssh2
Oct 14 20:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Received disconnect from 185.255.91.50 port 33746:11: Bye Bye [preauth]
Oct 14 20:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Disconnected from 185.255.91.50 port 33746 [preauth]
Oct 14 20:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11338]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10387]: pam_unix(cron:session): session closed for user root
Oct 14 20:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Invalid user mapadmin from 185.50.38.171
Oct 14 20:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: input_userauth_request: invalid user mapadmin [preauth]
Oct 14 20:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Failed password for invalid user mapadmin from 185.50.38.171 port 32852 ssh2
Oct 14 20:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Received disconnect from 185.50.38.171 port 32852:11: Bye Bye [preauth]
Oct 14 20:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11856]: Disconnected from 185.50.38.171 port 32852 [preauth]
Oct 14 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11922]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11919]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11918]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11916]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11922]: pam_unix(cron:session): session closed for user root
Oct 14 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11914]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11992]: Successful su for rubyman by root
Oct 14 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11992]: + ??? root:rubyman
Oct 14 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11992]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413427 of user rubyman.
Oct 14 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11992]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413427.
Oct 14 20:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11916]: pam_unix(cron:session): session closed for user root
Oct 14 20:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8499]: pam_unix(cron:session): session closed for user root
Oct 14 20:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: Invalid user dspace from 114.204.9.108
Oct 14 20:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: input_userauth_request: invalid user dspace [preauth]
Oct 14 20:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11915]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: Failed password for invalid user dspace from 114.204.9.108 port 43880 ssh2
Oct 14 20:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: Received disconnect from 114.204.9.108 port 43880:11: Bye Bye [preauth]
Oct 14 20:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: Disconnected from 114.204.9.108 port 43880 [preauth]
Oct 14 20:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: Invalid user di from 160.202.8.218
Oct 14 20:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: input_userauth_request: invalid user di [preauth]
Oct 14 20:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 20:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: Failed password for invalid user di from 160.202.8.218 port 45418 ssh2
Oct 14 20:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: Received disconnect from 160.202.8.218 port 45418:11: Bye Bye [preauth]
Oct 14 20:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12301]: Disconnected from 160.202.8.218 port 45418 [preauth]
Oct 14 20:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Oct 14 20:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12329]: Failed password for root from 185.255.91.50 port 39172 ssh2
Oct 14 20:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12329]: Received disconnect from 185.255.91.50 port 39172:11: Bye Bye [preauth]
Oct 14 20:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12329]: Disconnected from 185.255.91.50 port 39172 [preauth]
Oct 14 20:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10871]: pam_unix(cron:session): session closed for user root
Oct 14 20:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110  user=root
Oct 14 20:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: Failed password for root from 172.208.52.110 port 38520 ssh2
Oct 14 20:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: Received disconnect from 172.208.52.110 port 38520:11: Bye Bye [preauth]
Oct 14 20:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: Disconnected from 172.208.52.110 port 38520 [preauth]
Oct 14 20:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: Invalid user betty from 103.186.0.155
Oct 14 20:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: input_userauth_request: invalid user betty [preauth]
Oct 14 20:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 20:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: Failed password for invalid user betty from 103.186.0.155 port 52038 ssh2
Oct 14 20:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: Received disconnect from 103.186.0.155 port 52038:11: Bye Bye [preauth]
Oct 14 20:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: Disconnected from 103.186.0.155 port 52038 [preauth]
Oct 14 20:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: Invalid user user001 from 222.108.173.170
Oct 14 20:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: input_userauth_request: invalid user user001 [preauth]
Oct 14 20:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 20:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: Failed password for invalid user user001 from 222.108.173.170 port 15755 ssh2
Oct 14 20:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: Received disconnect from 222.108.173.170 port 15755:11: Bye Bye [preauth]
Oct 14 20:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: Disconnected from 222.108.173.170 port 15755 [preauth]
Oct 14 20:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12436]: Did not receive identification string from 117.50.226.213
Oct 14 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12440]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12444]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12438]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12531]: Successful su for rubyman by root
Oct 14 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12531]: + ??? root:rubyman
Oct 14 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413431 of user rubyman.
Oct 14 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12531]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413431.
Oct 14 20:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9091]: pam_unix(cron:session): session closed for user root
Oct 14 20:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: Invalid user smart from 185.50.38.171
Oct 14 20:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: input_userauth_request: invalid user smart [preauth]
Oct 14 20:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: Failed password for invalid user smart from 185.50.38.171 port 57762 ssh2
Oct 14 20:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: Received disconnect from 185.50.38.171 port 57762:11: Bye Bye [preauth]
Oct 14 20:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12754]: Disconnected from 185.50.38.171 port 57762 [preauth]
Oct 14 20:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12439]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11340]: pam_unix(cron:session): session closed for user root
Oct 14 20:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: Invalid user myuser from 114.204.9.108
Oct 14 20:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: input_userauth_request: invalid user myuser [preauth]
Oct 14 20:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: Failed password for invalid user myuser from 114.204.9.108 port 50876 ssh2
Oct 14 20:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: Received disconnect from 114.204.9.108 port 50876:11: Bye Bye [preauth]
Oct 14 20:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: Disconnected from 114.204.9.108 port 50876 [preauth]
Oct 14 20:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Invalid user clare from 185.255.91.50
Oct 14 20:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: input_userauth_request: invalid user clare [preauth]
Oct 14 20:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Failed password for invalid user clare from 185.255.91.50 port 45464 ssh2
Oct 14 20:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Received disconnect from 185.255.91.50 port 45464:11: Bye Bye [preauth]
Oct 14 20:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12935]: Disconnected from 185.255.91.50 port 45464 [preauth]
Oct 14 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12959]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12961]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12957]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12958]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12957]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13048]: Successful su for rubyman by root
Oct 14 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13048]: + ??? root:rubyman
Oct 14 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413436 of user rubyman.
Oct 14 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13048]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413436.
Oct 14 20:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9878]: pam_unix(cron:session): session closed for user root
Oct 14 20:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Invalid user teamspeak from 172.208.52.110
Oct 14 20:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: input_userauth_request: invalid user teamspeak [preauth]
Oct 14 20:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Failed password for invalid user teamspeak from 172.208.52.110 port 43672 ssh2
Oct 14 20:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Received disconnect from 172.208.52.110 port 43672:11: Bye Bye [preauth]
Oct 14 20:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Disconnected from 172.208.52.110 port 43672 [preauth]
Oct 14 20:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12958]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13394]: Invalid user grace from 160.202.8.218
Oct 14 20:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13394]: input_userauth_request: invalid user grace [preauth]
Oct 14 20:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13394]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 20:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13394]: Failed password for invalid user grace from 160.202.8.218 port 43728 ssh2
Oct 14 20:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13394]: Received disconnect from 160.202.8.218 port 43728:11: Bye Bye [preauth]
Oct 14 20:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13394]: Disconnected from 160.202.8.218 port 43728 [preauth]
Oct 14 20:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11919]: pam_unix(cron:session): session closed for user root
Oct 14 20:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: Invalid user rere from 185.50.38.171
Oct 14 20:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: input_userauth_request: invalid user rere [preauth]
Oct 14 20:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: Failed password for invalid user rere from 185.50.38.171 port 44996 ssh2
Oct 14 20:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: Received disconnect from 185.50.38.171 port 44996:11: Bye Bye [preauth]
Oct 14 20:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13500]: Disconnected from 185.50.38.171 port 44996 [preauth]
Oct 14 20:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: Invalid user cloud from 103.186.0.155
Oct 14 20:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: input_userauth_request: invalid user cloud [preauth]
Oct 14 20:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 20:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170  user=root
Oct 14 20:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: Failed password for invalid user cloud from 103.186.0.155 port 53728 ssh2
Oct 14 20:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: Received disconnect from 103.186.0.155 port 53728:11: Bye Bye [preauth]
Oct 14 20:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: Disconnected from 103.186.0.155 port 53728 [preauth]
Oct 14 20:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13521]: Failed password for root from 222.108.173.170 port 9704 ssh2
Oct 14 20:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13521]: Received disconnect from 222.108.173.170 port 9704:11: Bye Bye [preauth]
Oct 14 20:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13521]: Disconnected from 222.108.173.170 port 9704 [preauth]
Oct 14 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13576]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13578]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13577]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13574]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13574]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13640]: Successful su for rubyman by root
Oct 14 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13640]: + ??? root:rubyman
Oct 14 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413440 of user rubyman.
Oct 14 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13640]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413440.
Oct 14 20:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: Invalid user sysadmin from 114.204.9.108
Oct 14 20:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: input_userauth_request: invalid user sysadmin [preauth]
Oct 14 20:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: Failed password for invalid user sysadmin from 114.204.9.108 port 32994 ssh2
Oct 14 20:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: Received disconnect from 114.204.9.108 port 32994:11: Bye Bye [preauth]
Oct 14 20:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: Disconnected from 114.204.9.108 port 32994 [preauth]
Oct 14 20:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10386]: pam_unix(cron:session): session closed for user root
Oct 14 20:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Oct 14 20:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: Failed password for root from 185.255.91.50 port 58226 ssh2
Oct 14 20:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: Received disconnect from 185.255.91.50 port 58226:11: Bye Bye [preauth]
Oct 14 20:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13876]: Disconnected from 185.255.91.50 port 58226 [preauth]
Oct 14 20:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13576]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12444]: pam_unix(cron:session): session closed for user root
Oct 14 20:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110  user=root
Oct 14 20:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: Failed password for root from 172.208.52.110 port 39502 ssh2
Oct 14 20:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: Received disconnect from 172.208.52.110 port 39502:11: Bye Bye [preauth]
Oct 14 20:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14007]: Disconnected from 172.208.52.110 port 39502 [preauth]
Oct 14 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14143]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14146]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14149]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14141]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14222]: Successful su for rubyman by root
Oct 14 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14222]: + ??? root:rubyman
Oct 14 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413444 of user rubyman.
Oct 14 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14222]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413444.
Oct 14 20:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14307]: Invalid user loc from 160.202.8.218
Oct 14 20:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14307]: input_userauth_request: invalid user loc [preauth]
Oct 14 20:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14307]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.202.8.218
Oct 14 20:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10869]: pam_unix(cron:session): session closed for user root
Oct 14 20:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14307]: Failed password for invalid user loc from 160.202.8.218 port 42030 ssh2
Oct 14 20:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14307]: Received disconnect from 160.202.8.218 port 42030:11: Bye Bye [preauth]
Oct 14 20:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14307]: Disconnected from 160.202.8.218 port 42030 [preauth]
Oct 14 20:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: Invalid user deploy from 185.50.38.171
Oct 14 20:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: input_userauth_request: invalid user deploy [preauth]
Oct 14 20:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: Failed password for invalid user deploy from 185.50.38.171 port 41586 ssh2
Oct 14 20:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: Received disconnect from 185.50.38.171 port 41586:11: Bye Bye [preauth]
Oct 14 20:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: Disconnected from 185.50.38.171 port 41586 [preauth]
Oct 14 20:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14143]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: Invalid user tkadmin from 185.255.91.50
Oct 14 20:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: input_userauth_request: invalid user tkadmin [preauth]
Oct 14 20:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108  user=root
Oct 14 20:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: Failed password for invalid user tkadmin from 185.255.91.50 port 58202 ssh2
Oct 14 20:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: Received disconnect from 185.255.91.50 port 58202:11: Bye Bye [preauth]
Oct 14 20:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14504]: Disconnected from 185.255.91.50 port 58202 [preauth]
Oct 14 20:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: Failed password for root from 114.204.9.108 port 52336 ssh2
Oct 14 20:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12961]: pam_unix(cron:session): session closed for user root
Oct 14 20:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: Received disconnect from 114.204.9.108 port 52336:11: Bye Bye [preauth]
Oct 14 20:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: Disconnected from 114.204.9.108 port 52336 [preauth]
Oct 14 20:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: Invalid user zw from 222.108.173.170
Oct 14 20:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: input_userauth_request: invalid user zw [preauth]
Oct 14 20:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 20:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14543]: Invalid user ari from 103.186.0.155
Oct 14 20:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14543]: input_userauth_request: invalid user ari [preauth]
Oct 14 20:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14543]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 20:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: Failed password for invalid user zw from 222.108.173.170 port 41690 ssh2
Oct 14 20:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: Received disconnect from 222.108.173.170 port 41690:11: Bye Bye [preauth]
Oct 14 20:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: Disconnected from 222.108.173.170 port 41690 [preauth]
Oct 14 20:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14543]: Failed password for invalid user ari from 103.186.0.155 port 55362 ssh2
Oct 14 20:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14543]: Received disconnect from 103.186.0.155 port 55362:11: Bye Bye [preauth]
Oct 14 20:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14543]: Disconnected from 103.186.0.155 port 55362 [preauth]
Oct 14 20:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: Invalid user ping from 62.60.131.157
Oct 14 20:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: input_userauth_request: invalid user ping [preauth]
Oct 14 20:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 20:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: Failed password for invalid user ping from 62.60.131.157 port 61813 ssh2
Oct 14 20:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14608]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14605]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14607]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14604]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14608]: pam_unix(cron:session): session closed for user root
Oct 14 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14600]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: Failed password for invalid user ping from 62.60.131.157 port 61813 ssh2
Oct 14 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14683]: Successful su for rubyman by root
Oct 14 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14683]: + ??? root:rubyman
Oct 14 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413448 of user rubyman.
Oct 14 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14683]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413448.
Oct 14 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: Failed password for invalid user ping from 62.60.131.157 port 61813 ssh2
Oct 14 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: Failed password for invalid user ping from 62.60.131.157 port 61813 ssh2
Oct 14 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: Failed password for invalid user ping from 62.60.131.157 port 61813 ssh2
Oct 14 20:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14604]: pam_unix(cron:session): session closed for user root
Oct 14 20:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: Received disconnect from 62.60.131.157 port 61813:11: Bye [preauth]
Oct 14 20:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: Disconnected from 62.60.131.157 port 61813 [preauth]
Oct 14 20:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 20:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14588]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14823]: Invalid user ubnt from 80.94.95.116
Oct 14 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14823]: input_userauth_request: invalid user ubnt [preauth]
Oct 14 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14823]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 14 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11339]: pam_unix(cron:session): session closed for user root
Oct 14 20:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14823]: Failed password for invalid user ubnt from 80.94.95.116 port 21698 ssh2
Oct 14 20:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14823]: Connection closed by 80.94.95.116 port 21698 [preauth]
Oct 14 20:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14602]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: Invalid user pdv from 172.208.52.110
Oct 14 20:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: input_userauth_request: invalid user pdv [preauth]
Oct 14 20:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: Failed password for invalid user pdv from 172.208.52.110 port 36758 ssh2
Oct 14 20:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: Received disconnect from 172.208.52.110 port 36758:11: Bye Bye [preauth]
Oct 14 20:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: Disconnected from 172.208.52.110 port 36758 [preauth]
Oct 14 20:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13578]: pam_unix(cron:session): session closed for user root
Oct 14 20:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: Invalid user dmdba from 185.50.38.171
Oct 14 20:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: input_userauth_request: invalid user dmdba [preauth]
Oct 14 20:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103  user=root
Oct 14 20:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: Failed password for invalid user dmdba from 185.50.38.171 port 55738 ssh2
Oct 14 20:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15185]: Failed password for root from 67.10.185.103 port 53568 ssh2
Oct 14 20:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15185]: Received disconnect from 67.10.185.103 port 53568:11: Bye Bye [preauth]
Oct 14 20:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15185]: Disconnected from 67.10.185.103 port 53568 [preauth]
Oct 14 20:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: Received disconnect from 185.50.38.171 port 55738:11: Bye Bye [preauth]
Oct 14 20:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: Disconnected from 185.50.38.171 port 55738 [preauth]
Oct 14 20:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26  user=root
Oct 14 20:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15196]: Failed password for root from 2.57.122.26 port 34704 ssh2
Oct 14 20:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15196]: Connection closed by 2.57.122.26 port 34704 [preauth]
Oct 14 20:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15208]: Invalid user geonode from 185.255.91.50
Oct 14 20:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15208]: input_userauth_request: invalid user geonode [preauth]
Oct 14 20:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15208]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15218]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15219]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15217]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15215]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15215]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15308]: Successful su for rubyman by root
Oct 14 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15308]: + ??? root:rubyman
Oct 14 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15308]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413456 of user rubyman.
Oct 14 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15308]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413456.
Oct 14 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15208]: Failed password for invalid user geonode from 185.255.91.50 port 59098 ssh2
Oct 14 20:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15208]: Received disconnect from 185.255.91.50 port 59098:11: Bye Bye [preauth]
Oct 14 20:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15208]: Disconnected from 185.255.91.50 port 59098 [preauth]
Oct 14 20:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: Invalid user runner from 114.204.9.108
Oct 14 20:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: input_userauth_request: invalid user runner [preauth]
Oct 14 20:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: Failed password for invalid user runner from 114.204.9.108 port 53344 ssh2
Oct 14 20:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: Received disconnect from 114.204.9.108 port 53344:11: Bye Bye [preauth]
Oct 14 20:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: Disconnected from 114.204.9.108 port 53344 [preauth]
Oct 14 20:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11918]: pam_unix(cron:session): session closed for user root
Oct 14 20:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15217]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: Invalid user testftp from 222.108.173.170
Oct 14 20:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: input_userauth_request: invalid user testftp [preauth]
Oct 14 20:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 20:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: Failed password for invalid user testftp from 222.108.173.170 port 15598 ssh2
Oct 14 20:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: Received disconnect from 222.108.173.170 port 15598:11: Bye Bye [preauth]
Oct 14 20:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: Disconnected from 222.108.173.170 port 15598 [preauth]
Oct 14 20:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14149]: pam_unix(cron:session): session closed for user root
Oct 14 20:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15630]: Invalid user clock from 103.186.0.155
Oct 14 20:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15630]: input_userauth_request: invalid user clock [preauth]
Oct 14 20:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15630]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.186.0.155
Oct 14 20:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15630]: Failed password for invalid user clock from 103.186.0.155 port 45778 ssh2
Oct 14 20:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15630]: Received disconnect from 103.186.0.155 port 45778:11: Bye Bye [preauth]
Oct 14 20:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15630]: Disconnected from 103.186.0.155 port 45778 [preauth]
Oct 14 20:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Invalid user kavita from 172.208.52.110
Oct 14 20:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: input_userauth_request: invalid user kavita [preauth]
Oct 14 20:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Failed password for invalid user kavita from 172.208.52.110 port 50942 ssh2
Oct 14 20:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Received disconnect from 172.208.52.110 port 50942:11: Bye Bye [preauth]
Oct 14 20:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Disconnected from 172.208.52.110 port 50942 [preauth]
Oct 14 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15700]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15698]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15695]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15769]: Successful su for rubyman by root
Oct 14 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15769]: + ??? root:rubyman
Oct 14 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413458 of user rubyman.
Oct 14 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15769]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413458.
Oct 14 20:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12440]: pam_unix(cron:session): session closed for user root
Oct 14 20:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15696]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Oct 14 20:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Failed password for root from 185.255.91.50 port 36312 ssh2
Oct 14 20:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Received disconnect from 185.255.91.50 port 36312:11: Bye Bye [preauth]
Oct 14 20:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Disconnected from 185.255.91.50 port 36312 [preauth]
Oct 14 20:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: Invalid user shadab from 185.50.38.171
Oct 14 20:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: input_userauth_request: invalid user shadab [preauth]
Oct 14 20:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: Invalid user devops from 114.204.9.108
Oct 14 20:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: input_userauth_request: invalid user devops [preauth]
Oct 14 20:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: Failed password for invalid user shadab from 185.50.38.171 port 47652 ssh2
Oct 14 20:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: Received disconnect from 185.50.38.171 port 47652:11: Bye Bye [preauth]
Oct 14 20:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: Disconnected from 185.50.38.171 port 47652 [preauth]
Oct 14 20:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: Failed password for invalid user devops from 114.204.9.108 port 37158 ssh2
Oct 14 20:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: Received disconnect from 114.204.9.108 port 37158:11: Bye Bye [preauth]
Oct 14 20:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16051]: Disconnected from 114.204.9.108 port 37158 [preauth]
Oct 14 20:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14607]: pam_unix(cron:session): session closed for user root
Oct 14 20:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: Invalid user radio from 67.10.185.103
Oct 14 20:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: input_userauth_request: invalid user radio [preauth]
Oct 14 20:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 20:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: Failed password for invalid user radio from 67.10.185.103 port 35360 ssh2
Oct 14 20:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: Received disconnect from 67.10.185.103 port 35360:11: Bye Bye [preauth]
Oct 14 20:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: Disconnected from 67.10.185.103 port 35360 [preauth]
Oct 14 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16160]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16159]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16157]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16228]: Successful su for rubyman by root
Oct 14 20:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16228]: + ??? root:rubyman
Oct 14 20:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16228]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413461 of user rubyman.
Oct 14 20:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16228]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413461.
Oct 14 20:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12959]: pam_unix(cron:session): session closed for user root
Oct 14 20:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16158]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170  user=root
Oct 14 20:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16493]: Failed password for root from 222.108.173.170 port 14595 ssh2
Oct 14 20:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16493]: Received disconnect from 222.108.173.170 port 14595:11: Bye Bye [preauth]
Oct 14 20:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16493]: Disconnected from 222.108.173.170 port 14595 [preauth]
Oct 14 20:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Invalid user papio from 172.208.52.110
Oct 14 20:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: input_userauth_request: invalid user papio [preauth]
Oct 14 20:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Failed password for invalid user papio from 172.208.52.110 port 59424 ssh2
Oct 14 20:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Received disconnect from 172.208.52.110 port 59424:11: Bye Bye [preauth]
Oct 14 20:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Disconnected from 172.208.52.110 port 59424 [preauth]
Oct 14 20:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15219]: pam_unix(cron:session): session closed for user root
Oct 14 20:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16617]: Invalid user ftpuser from 185.255.91.50
Oct 14 20:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16617]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 20:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16617]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16617]: Failed password for invalid user ftpuser from 185.255.91.50 port 43568 ssh2
Oct 14 20:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16617]: Received disconnect from 185.255.91.50 port 43568:11: Bye Bye [preauth]
Oct 14 20:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16617]: Disconnected from 185.255.91.50 port 43568 [preauth]
Oct 14 20:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108  user=root
Oct 14 20:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Failed password for root from 114.204.9.108 port 50960 ssh2
Oct 14 20:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Received disconnect from 114.204.9.108 port 50960:11: Bye Bye [preauth]
Oct 14 20:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Disconnected from 114.204.9.108 port 50960 [preauth]
Oct 14 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16644]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16643]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16638]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16641]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16823]: Successful su for rubyman by root
Oct 14 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16823]: + ??? root:rubyman
Oct 14 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413466 of user rubyman.
Oct 14 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16823]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413466.
Oct 14 20:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16638]: pam_unix(cron:session): session closed for user root
Oct 14 20:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16821]: Invalid user ftpuser from 185.50.38.171
Oct 14 20:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16821]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 20:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16821]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16821]: Failed password for invalid user ftpuser from 185.50.38.171 port 35410 ssh2
Oct 14 20:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16821]: Received disconnect from 185.50.38.171 port 35410:11: Bye Bye [preauth]
Oct 14 20:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16821]: Disconnected from 185.50.38.171 port 35410 [preauth]
Oct 14 20:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13577]: pam_unix(cron:session): session closed for user root
Oct 14 20:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16642]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: Invalid user desktop from 67.10.185.103
Oct 14 20:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: input_userauth_request: invalid user desktop [preauth]
Oct 14 20:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 20:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: Failed password for invalid user desktop from 67.10.185.103 port 40552 ssh2
Oct 14 20:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: Received disconnect from 67.10.185.103 port 40552:11: Bye Bye [preauth]
Oct 14 20:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17059]: Disconnected from 67.10.185.103 port 40552 [preauth]
Oct 14 20:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15700]: pam_unix(cron:session): session closed for user root
Oct 14 20:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17140]: Connection closed by 45.156.128.171 port 49271 [preauth]
Oct 14 20:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: Did not receive identification string from 45.156.128.169
Oct 14 20:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110  user=root
Oct 14 20:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Failed password for root from 172.208.52.110 port 59962 ssh2
Oct 14 20:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Received disconnect from 172.208.52.110 port 59962:11: Bye Bye [preauth]
Oct 14 20:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Disconnected from 172.208.52.110 port 59962 [preauth]
Oct 14 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17217]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17216]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17218]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17215]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17218]: pam_unix(cron:session): session closed for user root
Oct 14 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17212]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17303]: Successful su for rubyman by root
Oct 14 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17303]: + ??? root:rubyman
Oct 14 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413470 of user rubyman.
Oct 14 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17303]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413470.
Oct 14 20:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17215]: pam_unix(cron:session): session closed for user root
Oct 14 20:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: Invalid user alpha from 222.108.173.170
Oct 14 20:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: input_userauth_request: invalid user alpha [preauth]
Oct 14 20:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 20:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14146]: pam_unix(cron:session): session closed for user root
Oct 14 20:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: Failed password for invalid user alpha from 222.108.173.170 port 49134 ssh2
Oct 14 20:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: Received disconnect from 222.108.173.170 port 49134:11: Bye Bye [preauth]
Oct 14 20:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: Disconnected from 222.108.173.170 port 49134 [preauth]
Oct 14 20:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: Invalid user user3 from 185.255.91.50
Oct 14 20:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: input_userauth_request: invalid user user3 [preauth]
Oct 14 20:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: Failed password for invalid user user3 from 185.255.91.50 port 40836 ssh2
Oct 14 20:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17213]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: Received disconnect from 185.255.91.50 port 40836:11: Bye Bye [preauth]
Oct 14 20:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17525]: Disconnected from 185.255.91.50 port 40836 [preauth]
Oct 14 20:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: Invalid user frappe from 114.204.9.108
Oct 14 20:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: input_userauth_request: invalid user frappe [preauth]
Oct 14 20:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: Failed password for invalid user frappe from 114.204.9.108 port 58296 ssh2
Oct 14 20:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: Received disconnect from 114.204.9.108 port 58296:11: Bye Bye [preauth]
Oct 14 20:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: Disconnected from 114.204.9.108 port 58296 [preauth]
Oct 14 20:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: Invalid user tao from 185.50.38.171
Oct 14 20:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: input_userauth_request: invalid user tao [preauth]
Oct 14 20:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16160]: pam_unix(cron:session): session closed for user root
Oct 14 20:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: Failed password for invalid user tao from 185.50.38.171 port 45070 ssh2
Oct 14 20:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: Received disconnect from 185.50.38.171 port 45070:11: Bye Bye [preauth]
Oct 14 20:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: Disconnected from 185.50.38.171 port 45070 [preauth]
Oct 14 20:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103  user=root
Oct 14 20:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17684]: Failed password for root from 67.10.185.103 port 45744 ssh2
Oct 14 20:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17684]: Received disconnect from 67.10.185.103 port 45744:11: Bye Bye [preauth]
Oct 14 20:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17684]: Disconnected from 67.10.185.103 port 45744 [preauth]
Oct 14 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17750]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17749]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17751]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17748]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17748]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17884]: Successful su for rubyman by root
Oct 14 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17884]: + ??? root:rubyman
Oct 14 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413476 of user rubyman.
Oct 14 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17884]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413476.
Oct 14 20:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14605]: pam_unix(cron:session): session closed for user root
Oct 14 20:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17749]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: Invalid user hj from 164.68.105.9
Oct 14 20:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: input_userauth_request: invalid user hj [preauth]
Oct 14 20:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 14 20:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: Failed password for invalid user hj from 164.68.105.9 port 54012 ssh2
Oct 14 20:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18245]: Connection closed by 164.68.105.9 port 54012 [preauth]
Oct 14 20:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: Invalid user wiki from 172.208.52.110
Oct 14 20:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: input_userauth_request: invalid user wiki [preauth]
Oct 14 20:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: Failed password for invalid user wiki from 172.208.52.110 port 40040 ssh2
Oct 14 20:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: Received disconnect from 172.208.52.110 port 40040:11: Bye Bye [preauth]
Oct 14 20:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18295]: Disconnected from 172.208.52.110 port 40040 [preauth]
Oct 14 20:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16644]: pam_unix(cron:session): session closed for user root
Oct 14 20:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: Invalid user db2fenc1 from 185.255.91.50
Oct 14 20:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: input_userauth_request: invalid user db2fenc1 [preauth]
Oct 14 20:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: Failed password for invalid user db2fenc1 from 185.255.91.50 port 51444 ssh2
Oct 14 20:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: Received disconnect from 185.255.91.50 port 51444:11: Bye Bye [preauth]
Oct 14 20:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: Disconnected from 185.255.91.50 port 51444 [preauth]
Oct 14 20:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: Invalid user ali from 114.204.9.108
Oct 14 20:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: input_userauth_request: invalid user ali [preauth]
Oct 14 20:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: Failed password for invalid user ali from 114.204.9.108 port 50218 ssh2
Oct 14 20:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: Received disconnect from 114.204.9.108 port 50218:11: Bye Bye [preauth]
Oct 14 20:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18499]: Disconnected from 114.204.9.108 port 50218 [preauth]
Oct 14 20:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18521]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18522]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18518]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: Invalid user ftpuser01 from 222.108.173.170
Oct 14 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: input_userauth_request: invalid user ftpuser01 [preauth]
Oct 14 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18608]: Successful su for rubyman by root
Oct 14 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18608]: + ??? root:rubyman
Oct 14 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18608]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413482 of user rubyman.
Oct 14 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18608]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413482.
Oct 14 20:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: Failed password for invalid user ftpuser01 from 222.108.173.170 port 61938 ssh2
Oct 14 20:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: Received disconnect from 222.108.173.170 port 61938:11: Bye Bye [preauth]
Oct 14 20:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: Disconnected from 222.108.173.170 port 61938 [preauth]
Oct 14 20:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171  user=root
Oct 14 20:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15218]: pam_unix(cron:session): session closed for user root
Oct 14 20:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18781]: Failed password for root from 185.50.38.171 port 36462 ssh2
Oct 14 20:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18781]: Received disconnect from 185.50.38.171 port 36462:11: Bye Bye [preauth]
Oct 14 20:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18781]: Disconnected from 185.50.38.171 port 36462 [preauth]
Oct 14 20:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18520]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103  user=root
Oct 14 20:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18859]: Failed password for root from 67.10.185.103 port 50976 ssh2
Oct 14 20:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18859]: Received disconnect from 67.10.185.103 port 50976:11: Bye Bye [preauth]
Oct 14 20:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18859]: Disconnected from 67.10.185.103 port 50976 [preauth]
Oct 14 20:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17217]: pam_unix(cron:session): session closed for user root
Oct 14 20:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19110]: Invalid user user from 80.94.95.116
Oct 14 20:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19110]: input_userauth_request: invalid user user [preauth]
Oct 14 20:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19110]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 14 20:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19110]: Failed password for invalid user user from 80.94.95.116 port 58118 ssh2
Oct 14 20:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19110]: Connection closed by 80.94.95.116 port 58118 [preauth]
Oct 14 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19133]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19134]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19132]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19130]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19217]: Successful su for rubyman by root
Oct 14 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19217]: + ??? root:rubyman
Oct 14 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19217]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413485 of user rubyman.
Oct 14 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19217]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413485.
Oct 14 20:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: Invalid user nagios from 172.208.52.110
Oct 14 20:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: input_userauth_request: invalid user nagios [preauth]
Oct 14 20:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Invalid user test001 from 185.255.91.50
Oct 14 20:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: input_userauth_request: invalid user test001 [preauth]
Oct 14 20:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: Failed password for invalid user nagios from 172.208.52.110 port 45982 ssh2
Oct 14 20:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: Received disconnect from 172.208.52.110 port 45982:11: Bye Bye [preauth]
Oct 14 20:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19273]: Disconnected from 172.208.52.110 port 45982 [preauth]
Oct 14 20:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Failed password for invalid user test001 from 185.255.91.50 port 52618 ssh2
Oct 14 20:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Received disconnect from 185.255.91.50 port 52618:11: Bye Bye [preauth]
Oct 14 20:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19248]: Disconnected from 185.255.91.50 port 52618 [preauth]
Oct 14 20:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15698]: pam_unix(cron:session): session closed for user root
Oct 14 20:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19132]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Invalid user testuser from 114.204.9.108
Oct 14 20:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: input_userauth_request: invalid user testuser [preauth]
Oct 14 20:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Failed password for invalid user testuser from 114.204.9.108 port 39552 ssh2
Oct 14 20:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Received disconnect from 114.204.9.108 port 39552:11: Bye Bye [preauth]
Oct 14 20:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19796]: Disconnected from 114.204.9.108 port 39552 [preauth]
Oct 14 20:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17751]: pam_unix(cron:session): session closed for user root
Oct 14 20:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: Invalid user wyk from 185.50.38.171
Oct 14 20:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: input_userauth_request: invalid user wyk [preauth]
Oct 14 20:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: Failed password for invalid user wyk from 185.50.38.171 port 58060 ssh2
Oct 14 20:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: Received disconnect from 185.50.38.171 port 58060:11: Bye Bye [preauth]
Oct 14 20:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: Disconnected from 185.50.38.171 port 58060 [preauth]
Oct 14 20:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: Invalid user ubuntu from 67.10.185.103
Oct 14 20:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 20:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 20:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: Failed password for invalid user ubuntu from 67.10.185.103 port 56230 ssh2
Oct 14 20:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: Received disconnect from 67.10.185.103 port 56230:11: Bye Bye [preauth]
Oct 14 20:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: Disconnected from 67.10.185.103 port 56230 [preauth]
Oct 14 20:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19941]: Invalid user gespinoza from 222.108.173.170
Oct 14 20:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19941]: input_userauth_request: invalid user gespinoza [preauth]
Oct 14 20:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19941]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 20:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19941]: Failed password for invalid user gespinoza from 222.108.173.170 port 57995 ssh2
Oct 14 20:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19941]: Received disconnect from 222.108.173.170 port 57995:11: Bye Bye [preauth]
Oct 14 20:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19941]: Disconnected from 222.108.173.170 port 57995 [preauth]
Oct 14 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19977]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19978]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19974]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20065]: Successful su for rubyman by root
Oct 14 20:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20065]: + ??? root:rubyman
Oct 14 20:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413491 of user rubyman.
Oct 14 20:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20065]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413491.
Oct 14 20:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16159]: pam_unix(cron:session): session closed for user root
Oct 14 20:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19976]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20348]: Invalid user ram from 185.255.91.50
Oct 14 20:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20348]: input_userauth_request: invalid user ram [preauth]
Oct 14 20:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20348]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20348]: Failed password for invalid user ram from 185.255.91.50 port 48030 ssh2
Oct 14 20:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20348]: Received disconnect from 185.255.91.50 port 48030:11: Bye Bye [preauth]
Oct 14 20:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20348]: Disconnected from 185.255.91.50 port 48030 [preauth]
Oct 14 20:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110  user=root
Oct 14 20:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: Failed password for root from 172.208.52.110 port 42570 ssh2
Oct 14 20:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: Received disconnect from 172.208.52.110 port 42570:11: Bye Bye [preauth]
Oct 14 20:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20394]: Disconnected from 172.208.52.110 port 42570 [preauth]
Oct 14 20:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18522]: pam_unix(cron:session): session closed for user root
Oct 14 20:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Invalid user deployer from 114.204.9.108
Oct 14 20:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: input_userauth_request: invalid user deployer [preauth]
Oct 14 20:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Failed password for invalid user deployer from 114.204.9.108 port 34598 ssh2
Oct 14 20:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Received disconnect from 114.204.9.108 port 34598:11: Bye Bye [preauth]
Oct 14 20:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Disconnected from 114.204.9.108 port 34598 [preauth]
Oct 14 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20501]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20499]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20497]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20498]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20501]: pam_unix(cron:session): session closed for user root
Oct 14 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20494]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20578]: Successful su for rubyman by root
Oct 14 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20578]: + ??? root:rubyman
Oct 14 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413495 of user rubyman.
Oct 14 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20578]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413495.
Oct 14 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20633]: Invalid user g from 67.10.185.103
Oct 14 20:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20633]: input_userauth_request: invalid user g [preauth]
Oct 14 20:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20633]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 20:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20633]: Failed password for invalid user g from 67.10.185.103 port 33302 ssh2
Oct 14 20:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20633]: Received disconnect from 67.10.185.103 port 33302:11: Bye Bye [preauth]
Oct 14 20:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20633]: Disconnected from 67.10.185.103 port 33302 [preauth]
Oct 14 20:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20497]: pam_unix(cron:session): session closed for user root
Oct 14 20:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16643]: pam_unix(cron:session): session closed for user root
Oct 14 20:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171  user=root
Oct 14 20:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: Failed password for root from 185.50.38.171 port 59814 ssh2
Oct 14 20:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: Received disconnect from 185.50.38.171 port 59814:11: Bye Bye [preauth]
Oct 14 20:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: Disconnected from 185.50.38.171 port 59814 [preauth]
Oct 14 20:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19134]: pam_unix(cron:session): session closed for user root
Oct 14 20:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Oct 14 20:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: Invalid user rtorrent from 222.108.173.170
Oct 14 20:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: input_userauth_request: invalid user rtorrent [preauth]
Oct 14 20:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 20:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: Failed password for invalid user rtorrent from 222.108.173.170 port 32838 ssh2
Oct 14 20:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: Received disconnect from 222.108.173.170 port 32838:11: Bye Bye [preauth]
Oct 14 20:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20944]: Disconnected from 222.108.173.170 port 32838 [preauth]
Oct 14 20:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: Failed password for root from 185.255.91.50 port 52142 ssh2
Oct 14 20:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: Received disconnect from 185.255.91.50 port 52142:11: Bye Bye [preauth]
Oct 14 20:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: Disconnected from 185.255.91.50 port 52142 [preauth]
Oct 14 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21009]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21008]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21005]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21005]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21092]: Successful su for rubyman by root
Oct 14 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21092]: + ??? root:rubyman
Oct 14 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21092]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413498 of user rubyman.
Oct 14 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21092]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413498.
Oct 14 20:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110  user=root
Oct 14 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21090]: Failed password for root from 172.208.52.110 port 49158 ssh2
Oct 14 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21090]: Received disconnect from 172.208.52.110 port 49158:11: Bye Bye [preauth]
Oct 14 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21090]: Disconnected from 172.208.52.110 port 49158 [preauth]
Oct 14 20:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17216]: pam_unix(cron:session): session closed for user root
Oct 14 20:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21315]: Invalid user postgres from 114.204.9.108
Oct 14 20:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21315]: input_userauth_request: invalid user postgres [preauth]
Oct 14 20:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21315]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21007]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21315]: Failed password for invalid user postgres from 114.204.9.108 port 53538 ssh2
Oct 14 20:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21315]: Received disconnect from 114.204.9.108 port 53538:11: Bye Bye [preauth]
Oct 14 20:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21315]: Disconnected from 114.204.9.108 port 53538 [preauth]
Oct 14 20:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103  user=root
Oct 14 20:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: Failed password for root from 67.10.185.103 port 38634 ssh2
Oct 14 20:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: Received disconnect from 67.10.185.103 port 38634:11: Bye Bye [preauth]
Oct 14 20:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: Disconnected from 67.10.185.103 port 38634 [preauth]
Oct 14 20:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19978]: pam_unix(cron:session): session closed for user root
Oct 14 20:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171  user=root
Oct 14 20:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21483]: Failed password for root from 185.50.38.171 port 35092 ssh2
Oct 14 20:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21483]: Received disconnect from 185.50.38.171 port 35092:11: Bye Bye [preauth]
Oct 14 20:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21483]: Disconnected from 185.50.38.171 port 35092 [preauth]
Oct 14 20:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Invalid user jenkins from 185.255.91.50
Oct 14 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21549]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21547]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21542]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21545]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21542]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21617]: Successful su for rubyman by root
Oct 14 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21617]: + ??? root:rubyman
Oct 14 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413502 of user rubyman.
Oct 14 20:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21617]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413502.
Oct 14 20:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Failed password for invalid user jenkins from 185.255.91.50 port 42040 ssh2
Oct 14 20:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Received disconnect from 185.255.91.50 port 42040:11: Bye Bye [preauth]
Oct 14 20:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Disconnected from 185.255.91.50 port 42040 [preauth]
Oct 14 20:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17750]: pam_unix(cron:session): session closed for user root
Oct 14 20:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21545]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: Invalid user r00t from 222.108.173.170
Oct 14 20:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: input_userauth_request: invalid user r00t [preauth]
Oct 14 20:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 20:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: Failed password for invalid user r00t from 222.108.173.170 port 25617 ssh2
Oct 14 20:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: Received disconnect from 222.108.173.170 port 25617:11: Bye Bye [preauth]
Oct 14 20:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21924]: Disconnected from 222.108.173.170 port 25617 [preauth]
Oct 14 20:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: Invalid user rr from 172.208.52.110
Oct 14 20:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: input_userauth_request: invalid user rr [preauth]
Oct 14 20:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20499]: pam_unix(cron:session): session closed for user root
Oct 14 20:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: Failed password for invalid user rr from 172.208.52.110 port 39180 ssh2
Oct 14 20:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: Received disconnect from 172.208.52.110 port 39180:11: Bye Bye [preauth]
Oct 14 20:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21953]: Disconnected from 172.208.52.110 port 39180 [preauth]
Oct 14 20:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21970]: Invalid user a from 114.204.9.108
Oct 14 20:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21970]: input_userauth_request: invalid user a [preauth]
Oct 14 20:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21970]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.204.9.108
Oct 14 20:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21970]: Failed password for invalid user a from 114.204.9.108 port 60266 ssh2
Oct 14 20:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21970]: Received disconnect from 114.204.9.108 port 60266:11: Bye Bye [preauth]
Oct 14 20:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21970]: Disconnected from 114.204.9.108 port 60266 [preauth]
Oct 14 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22027]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22029]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22025]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22028]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22025]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103  user=root
Oct 14 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22105]: Successful su for rubyman by root
Oct 14 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22105]: + ??? root:rubyman
Oct 14 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413506 of user rubyman.
Oct 14 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22105]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413506.
Oct 14 20:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: Failed password for root from 67.10.185.103 port 43992 ssh2
Oct 14 20:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: Received disconnect from 67.10.185.103 port 43992:11: Bye Bye [preauth]
Oct 14 20:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: Disconnected from 67.10.185.103 port 43992 [preauth]
Oct 14 20:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18521]: pam_unix(cron:session): session closed for user root
Oct 14 20:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22027]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: Invalid user halo from 185.50.38.171
Oct 14 20:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: input_userauth_request: invalid user halo [preauth]
Oct 14 20:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: Failed password for invalid user halo from 185.50.38.171 port 40648 ssh2
Oct 14 20:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: Received disconnect from 185.50.38.171 port 40648:11: Bye Bye [preauth]
Oct 14 20:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: Disconnected from 185.50.38.171 port 40648 [preauth]
Oct 14 20:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: Invalid user admin from 185.255.91.50
Oct 14 20:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: input_userauth_request: invalid user admin [preauth]
Oct 14 20:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: Failed password for invalid user admin from 185.255.91.50 port 43496 ssh2
Oct 14 20:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: Received disconnect from 185.255.91.50 port 43496:11: Bye Bye [preauth]
Oct 14 20:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22395]: Disconnected from 185.255.91.50 port 43496 [preauth]
Oct 14 20:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21009]: pam_unix(cron:session): session closed for user root
Oct 14 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22520]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22521]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22518]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22599]: Successful su for rubyman by root
Oct 14 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22599]: + ??? root:rubyman
Oct 14 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413510 of user rubyman.
Oct 14 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22599]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413510.
Oct 14 20:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19133]: pam_unix(cron:session): session closed for user root
Oct 14 20:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Invalid user brian from 172.208.52.110
Oct 14 20:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: input_userauth_request: invalid user brian [preauth]
Oct 14 20:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22519]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Failed password for invalid user brian from 172.208.52.110 port 52850 ssh2
Oct 14 20:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Received disconnect from 172.208.52.110 port 52850:11: Bye Bye [preauth]
Oct 14 20:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Disconnected from 172.208.52.110 port 52850 [preauth]
Oct 14 20:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23232]: Invalid user admin from 80.94.95.115
Oct 14 20:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23232]: input_userauth_request: invalid user admin [preauth]
Oct 14 20:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23232]: Failed none for invalid user admin from 80.94.95.115 port 21116 ssh2
Oct 14 20:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23232]: Connection closed by 80.94.95.115 port 21116 [preauth]
Oct 14 20:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: Invalid user jeff from 67.10.185.103
Oct 14 20:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: input_userauth_request: invalid user jeff [preauth]
Oct 14 20:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 20:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: Failed password for invalid user jeff from 67.10.185.103 port 49364 ssh2
Oct 14 20:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: Received disconnect from 67.10.185.103 port 49364:11: Bye Bye [preauth]
Oct 14 20:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: Disconnected from 67.10.185.103 port 49364 [preauth]
Oct 14 20:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21549]: pam_unix(cron:session): session closed for user root
Oct 14 20:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Invalid user t128 from 222.108.173.170
Oct 14 20:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: input_userauth_request: invalid user t128 [preauth]
Oct 14 20:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 20:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Failed password for invalid user t128 from 222.108.173.170 port 42186 ssh2
Oct 14 20:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Received disconnect from 222.108.173.170 port 42186:11: Bye Bye [preauth]
Oct 14 20:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Disconnected from 222.108.173.170 port 42186 [preauth]
Oct 14 20:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Oct 14 20:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23391]: Failed password for root from 185.255.91.50 port 48694 ssh2
Oct 14 20:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23391]: Received disconnect from 185.255.91.50 port 48694:11: Bye Bye [preauth]
Oct 14 20:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23391]: Disconnected from 185.255.91.50 port 48694 [preauth]
Oct 14 20:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: Invalid user mk from 185.50.38.171
Oct 14 20:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: input_userauth_request: invalid user mk [preauth]
Oct 14 20:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: Failed password for invalid user mk from 185.50.38.171 port 53926 ssh2
Oct 14 20:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: Received disconnect from 185.50.38.171 port 53926:11: Bye Bye [preauth]
Oct 14 20:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: Disconnected from 185.50.38.171 port 53926 [preauth]
Oct 14 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23515]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23510]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23509]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23511]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23503]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23515]: pam_unix(cron:session): session closed for user root
Oct 14 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23503]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23792]: Successful su for rubyman by root
Oct 14 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23792]: + ??? root:rubyman
Oct 14 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413516 of user rubyman.
Oct 14 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23792]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413516.
Oct 14 20:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23509]: pam_unix(cron:session): session closed for user root
Oct 14 20:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19977]: pam_unix(cron:session): session closed for user root
Oct 14 20:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23508]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22029]: pam_unix(cron:session): session closed for user root
Oct 14 20:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Invalid user tunnel from 172.208.52.110
Oct 14 20:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: input_userauth_request: invalid user tunnel [preauth]
Oct 14 20:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Failed password for invalid user tunnel from 172.208.52.110 port 43822 ssh2
Oct 14 20:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Received disconnect from 172.208.52.110 port 43822:11: Bye Bye [preauth]
Oct 14 20:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24231]: Disconnected from 172.208.52.110 port 43822 [preauth]
Oct 14 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24263]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24262]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24260]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24346]: Successful su for rubyman by root
Oct 14 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24346]: + ??? root:rubyman
Oct 14 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413520 of user rubyman.
Oct 14 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24346]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413520.
Oct 14 20:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Invalid user dmdba from 67.10.185.103
Oct 14 20:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: input_userauth_request: invalid user dmdba [preauth]
Oct 14 20:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 20:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Failed password for invalid user dmdba from 67.10.185.103 port 54718 ssh2
Oct 14 20:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Received disconnect from 67.10.185.103 port 54718:11: Bye Bye [preauth]
Oct 14 20:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Disconnected from 67.10.185.103 port 54718 [preauth]
Oct 14 20:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20498]: pam_unix(cron:session): session closed for user root
Oct 14 20:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24585]: User lp from 185.255.91.50 not allowed because not listed in AllowUsers
Oct 14 20:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24585]: input_userauth_request: invalid user lp [preauth]
Oct 14 20:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=lp
Oct 14 20:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24261]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24585]: Failed password for invalid user lp from 185.255.91.50 port 57986 ssh2
Oct 14 20:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24585]: Received disconnect from 185.255.91.50 port 57986:11: Bye Bye [preauth]
Oct 14 20:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24585]: Disconnected from 185.255.91.50 port 57986 [preauth]
Oct 14 20:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171  user=root
Oct 14 20:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24644]: Failed password for root from 185.50.38.171 port 59580 ssh2
Oct 14 20:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24644]: Received disconnect from 185.50.38.171 port 59580:11: Bye Bye [preauth]
Oct 14 20:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24644]: Disconnected from 185.50.38.171 port 59580 [preauth]
Oct 14 20:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170  user=root
Oct 14 20:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Failed password for root from 222.108.173.170 port 45701 ssh2
Oct 14 20:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Received disconnect from 222.108.173.170 port 45701:11: Bye Bye [preauth]
Oct 14 20:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Disconnected from 222.108.173.170 port 45701 [preauth]
Oct 14 20:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22521]: pam_unix(cron:session): session closed for user root
Oct 14 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24797]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24798]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24795]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24861]: Successful su for rubyman by root
Oct 14 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24861]: + ??? root:rubyman
Oct 14 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413524 of user rubyman.
Oct 14 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24861]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413524.
Oct 14 20:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21008]: pam_unix(cron:session): session closed for user root
Oct 14 20:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24796]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110  user=root
Oct 14 20:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: Failed password for root from 172.208.52.110 port 45060 ssh2
Oct 14 20:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: Received disconnect from 172.208.52.110 port 45060:11: Bye Bye [preauth]
Oct 14 20:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25145]: Disconnected from 172.208.52.110 port 45060 [preauth]
Oct 14 20:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: Invalid user ubuntu from 67.10.185.103
Oct 14 20:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 20:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 20:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: Failed password for invalid user ubuntu from 67.10.185.103 port 60436 ssh2
Oct 14 20:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: Received disconnect from 67.10.185.103 port 60436:11: Bye Bye [preauth]
Oct 14 20:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: Disconnected from 67.10.185.103 port 60436 [preauth]
Oct 14 20:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: Invalid user zte from 185.255.91.50
Oct 14 20:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: input_userauth_request: invalid user zte [preauth]
Oct 14 20:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50
Oct 14 20:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23511]: pam_unix(cron:session): session closed for user root
Oct 14 20:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: Failed password for invalid user zte from 185.255.91.50 port 47454 ssh2
Oct 14 20:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: Received disconnect from 185.255.91.50 port 47454:11: Bye Bye [preauth]
Oct 14 20:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: Disconnected from 185.255.91.50 port 47454 [preauth]
Oct 14 20:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: Invalid user save from 185.50.38.171
Oct 14 20:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: input_userauth_request: invalid user save [preauth]
Oct 14 20:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25529]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25527]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: Failed password for invalid user save from 185.50.38.171 port 44556 ssh2
Oct 14 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: Received disconnect from 185.50.38.171 port 44556:11: Bye Bye [preauth]
Oct 14 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: Disconnected from 185.50.38.171 port 44556 [preauth]
Oct 14 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25598]: Successful su for rubyman by root
Oct 14 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25598]: + ??? root:rubyman
Oct 14 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25598]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413528 of user rubyman.
Oct 14 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25598]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413528.
Oct 14 20:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21547]: pam_unix(cron:session): session closed for user root
Oct 14 20:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25526]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: Invalid user admin1234 from 222.108.173.170
Oct 14 20:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: input_userauth_request: invalid user admin1234 [preauth]
Oct 14 20:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 20:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: Failed password for invalid user admin1234 from 222.108.173.170 port 38793 ssh2
Oct 14 20:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: Received disconnect from 222.108.173.170 port 38793:11: Bye Bye [preauth]
Oct 14 20:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: Disconnected from 222.108.173.170 port 38793 [preauth]
Oct 14 20:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24263]: pam_unix(cron:session): session closed for user root
Oct 14 20:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110  user=root
Oct 14 20:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Failed password for root from 172.208.52.110 port 38180 ssh2
Oct 14 20:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Received disconnect from 172.208.52.110 port 38180:11: Bye Bye [preauth]
Oct 14 20:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Disconnected from 172.208.52.110 port 38180 [preauth]
Oct 14 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26084]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26082]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26080]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26161]: Successful su for rubyman by root
Oct 14 20:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26161]: + ??? root:rubyman
Oct 14 20:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413534 of user rubyman.
Oct 14 20:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26161]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413534.
Oct 14 20:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: Invalid user ftpuser from 67.10.185.103
Oct 14 20:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 20:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 20:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.50  user=root
Oct 14 20:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: Failed password for invalid user ftpuser from 67.10.185.103 port 38100 ssh2
Oct 14 20:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: Received disconnect from 67.10.185.103 port 38100:11: Bye Bye [preauth]
Oct 14 20:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: Disconnected from 67.10.185.103 port 38100 [preauth]
Oct 14 20:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26205]: Failed password for root from 185.255.91.50 port 55970 ssh2
Oct 14 20:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26205]: Received disconnect from 185.255.91.50 port 55970:11: Bye Bye [preauth]
Oct 14 20:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26205]: Disconnected from 185.255.91.50 port 55970 [preauth]
Oct 14 20:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22028]: pam_unix(cron:session): session closed for user root
Oct 14 20:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26081]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24798]: pam_unix(cron:session): session closed for user root
Oct 14 20:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171  user=root
Oct 14 20:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: Invalid user admin from 2.57.121.25
Oct 14 20:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: input_userauth_request: invalid user admin [preauth]
Oct 14 20:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 20:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: Failed password for root from 185.50.38.171 port 36464 ssh2
Oct 14 20:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: Received disconnect from 185.50.38.171 port 36464:11: Bye Bye [preauth]
Oct 14 20:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: Disconnected from 185.50.38.171 port 36464 [preauth]
Oct 14 20:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: Failed password for invalid user admin from 2.57.121.25 port 7334 ssh2
Oct 14 20:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: Failed password for invalid user admin from 2.57.121.25 port 7334 ssh2
Oct 14 20:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: Failed password for invalid user admin from 2.57.121.25 port 7334 ssh2
Oct 14 20:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: Failed password for invalid user admin from 2.57.121.25 port 7334 ssh2
Oct 14 20:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: Failed password for invalid user admin from 2.57.121.25 port 7334 ssh2
Oct 14 20:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: Received disconnect from 2.57.121.25 port 7334:11: Bye [preauth]
Oct 14 20:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: Disconnected from 2.57.121.25 port 7334 [preauth]
Oct 14 20:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 20:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26660]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26659]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26661]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26658]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26661]: pam_unix(cron:session): session closed for user root
Oct 14 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26654]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26764]: Successful su for rubyman by root
Oct 14 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26764]: + ??? root:rubyman
Oct 14 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413538 of user rubyman.
Oct 14 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26764]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413538.
Oct 14 20:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: Invalid user www from 222.108.173.170
Oct 14 20:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: input_userauth_request: invalid user www [preauth]
Oct 14 20:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 20:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26658]: pam_unix(cron:session): session closed for user root
Oct 14 20:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22520]: pam_unix(cron:session): session closed for user root
Oct 14 20:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: Failed password for invalid user www from 222.108.173.170 port 52400 ssh2
Oct 14 20:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: Received disconnect from 222.108.173.170 port 52400:11: Bye Bye [preauth]
Oct 14 20:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: Disconnected from 222.108.173.170 port 52400 [preauth]
Oct 14 20:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26657]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27287]: Invalid user anderson from 172.208.52.110
Oct 14 20:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27287]: input_userauth_request: invalid user anderson [preauth]
Oct 14 20:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27287]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27287]: Failed password for invalid user anderson from 172.208.52.110 port 45508 ssh2
Oct 14 20:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27287]: Received disconnect from 172.208.52.110 port 45508:11: Bye Bye [preauth]
Oct 14 20:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27287]: Disconnected from 172.208.52.110 port 45508 [preauth]
Oct 14 20:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: Invalid user kontakt from 67.10.185.103
Oct 14 20:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: input_userauth_request: invalid user kontakt [preauth]
Oct 14 20:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 20:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25529]: pam_unix(cron:session): session closed for user root
Oct 14 20:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: Failed password for invalid user kontakt from 67.10.185.103 port 44044 ssh2
Oct 14 20:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: Received disconnect from 67.10.185.103 port 44044:11: Bye Bye [preauth]
Oct 14 20:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: Disconnected from 67.10.185.103 port 44044 [preauth]
Oct 14 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27407]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27409]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27405]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27501]: Successful su for rubyman by root
Oct 14 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27501]: + ??? root:rubyman
Oct 14 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413542 of user rubyman.
Oct 14 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27501]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413542.
Oct 14 20:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: Invalid user osvaldo from 185.50.38.171
Oct 14 20:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: input_userauth_request: invalid user osvaldo [preauth]
Oct 14 20:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: Failed password for invalid user osvaldo from 185.50.38.171 port 56602 ssh2
Oct 14 20:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: Received disconnect from 185.50.38.171 port 56602:11: Bye Bye [preauth]
Oct 14 20:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27893]: Disconnected from 185.50.38.171 port 56602 [preauth]
Oct 14 20:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23510]: pam_unix(cron:session): session closed for user root
Oct 14 20:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27406]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26084]: pam_unix(cron:session): session closed for user root
Oct 14 20:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170  user=root
Oct 14 20:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: Failed password for root from 222.108.173.170 port 45816 ssh2
Oct 14 20:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: Received disconnect from 222.108.173.170 port 45816:11: Bye Bye [preauth]
Oct 14 20:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: Disconnected from 222.108.173.170 port 45816 [preauth]
Oct 14 20:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28189]: Invalid user sale from 172.208.52.110
Oct 14 20:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28189]: input_userauth_request: invalid user sale [preauth]
Oct 14 20:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28189]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28194]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28195]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28192]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28189]: Failed password for invalid user sale from 172.208.52.110 port 35164 ssh2
Oct 14 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28189]: Received disconnect from 172.208.52.110 port 35164:11: Bye Bye [preauth]
Oct 14 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28189]: Disconnected from 172.208.52.110 port 35164 [preauth]
Oct 14 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103  user=root
Oct 14 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28269]: Successful su for rubyman by root
Oct 14 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28269]: + ??? root:rubyman
Oct 14 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413546 of user rubyman.
Oct 14 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28269]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413546.
Oct 14 20:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28245]: Invalid user config from 185.156.73.233
Oct 14 20:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28245]: input_userauth_request: invalid user config [preauth]
Oct 14 20:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28245]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 14 20:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28259]: Failed password for root from 67.10.185.103 port 49868 ssh2
Oct 14 20:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28259]: Received disconnect from 67.10.185.103 port 49868:11: Bye Bye [preauth]
Oct 14 20:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28259]: Disconnected from 67.10.185.103 port 49868 [preauth]
Oct 14 20:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28245]: Failed password for invalid user config from 185.156.73.233 port 40630 ssh2
Oct 14 20:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28245]: Connection closed by 185.156.73.233 port 40630 [preauth]
Oct 14 20:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24262]: pam_unix(cron:session): session closed for user root
Oct 14 20:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28193]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28819]: Invalid user liuhao from 185.50.38.171
Oct 14 20:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28819]: input_userauth_request: invalid user liuhao [preauth]
Oct 14 20:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28819]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28819]: Failed password for invalid user liuhao from 185.50.38.171 port 45636 ssh2
Oct 14 20:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28819]: Received disconnect from 185.50.38.171 port 45636:11: Bye Bye [preauth]
Oct 14 20:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28819]: Disconnected from 185.50.38.171 port 45636 [preauth]
Oct 14 20:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26660]: pam_unix(cron:session): session closed for user root
Oct 14 20:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: Did not receive identification string from 101.126.5.109
Oct 14 20:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.126.5.109  user=root
Oct 14 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29004]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29008]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29001]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: Failed password for root from 101.126.5.109 port 64982 ssh2
Oct 14 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: Connection closed by 101.126.5.109 port 64982 [preauth]
Oct 14 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29100]: Successful su for rubyman by root
Oct 14 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29100]: + ??? root:rubyman
Oct 14 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29100]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413551 of user rubyman.
Oct 14 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29100]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413551.
Oct 14 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: Invalid user admin from 101.126.5.109
Oct 14 20:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: input_userauth_request: invalid user admin [preauth]
Oct 14 20:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.126.5.109
Oct 14 20:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: Failed password for invalid user admin from 101.126.5.109 port 41240 ssh2
Oct 14 20:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29121]: Connection closed by 101.126.5.109 port 41240 [preauth]
Oct 14 20:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24797]: pam_unix(cron:session): session closed for user root
Oct 14 20:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Invalid user deploy from 101.126.5.109
Oct 14 20:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: input_userauth_request: invalid user deploy [preauth]
Oct 14 20:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.126.5.109
Oct 14 20:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Failed password for invalid user deploy from 101.126.5.109 port 41254 ssh2
Oct 14 20:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Connection closed by 101.126.5.109 port 41254 [preauth]
Oct 14 20:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: Invalid user test from 101.126.5.109
Oct 14 20:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: input_userauth_request: invalid user test [preauth]
Oct 14 20:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.126.5.109
Oct 14 20:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29003]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: Failed password for invalid user test from 101.126.5.109 port 60894 ssh2
Oct 14 20:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: Connection closed by 101.126.5.109 port 60894 [preauth]
Oct 14 20:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: Invalid user ansible from 101.126.5.109
Oct 14 20:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: input_userauth_request: invalid user ansible [preauth]
Oct 14 20:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.126.5.109
Oct 14 20:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: Failed password for invalid user ansible from 101.126.5.109 port 60910 ssh2
Oct 14 20:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: Connection closed by 101.126.5.109 port 60910 [preauth]
Oct 14 20:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: Invalid user user from 101.126.5.109
Oct 14 20:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: input_userauth_request: invalid user user [preauth]
Oct 14 20:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.126.5.109
Oct 14 20:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: Failed password for invalid user user from 101.126.5.109 port 60926 ssh2
Oct 14 20:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: Connection closed by 101.126.5.109 port 60926 [preauth]
Oct 14 20:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: Invalid user testuser from 101.126.5.109
Oct 14 20:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: input_userauth_request: invalid user testuser [preauth]
Oct 14 20:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.126.5.109
Oct 14 20:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: Failed password for invalid user testuser from 101.126.5.109 port 31796 ssh2
Oct 14 20:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: Connection closed by 101.126.5.109 port 31796 [preauth]
Oct 14 20:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110  user=root
Oct 14 20:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: Invalid user test_ftp from 67.10.185.103
Oct 14 20:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: input_userauth_request: invalid user test_ftp [preauth]
Oct 14 20:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 20:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: Failed password for root from 172.208.52.110 port 40002 ssh2
Oct 14 20:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: Received disconnect from 172.208.52.110 port 40002:11: Bye Bye [preauth]
Oct 14 20:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29435]: Disconnected from 172.208.52.110 port 40002 [preauth]
Oct 14 20:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29416]: Invalid user user from 101.126.5.109
Oct 14 20:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29416]: input_userauth_request: invalid user user [preauth]
Oct 14 20:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: Failed password for invalid user test_ftp from 67.10.185.103 port 55760 ssh2
Oct 14 20:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: Received disconnect from 67.10.185.103 port 55760:11: Bye Bye [preauth]
Oct 14 20:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: Disconnected from 67.10.185.103 port 55760 [preauth]
Oct 14 20:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29416]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.126.5.109
Oct 14 20:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29416]: Failed password for invalid user user from 101.126.5.109 port 31800 ssh2
Oct 14 20:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29416]: Connection closed by 101.126.5.109 port 31800 [preauth]
Oct 14 20:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: Invalid user elastic from 101.126.5.109
Oct 14 20:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: input_userauth_request: invalid user elastic [preauth]
Oct 14 20:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.126.5.109
Oct 14 20:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: Failed password for invalid user elastic from 101.126.5.109 port 25810 ssh2
Oct 14 20:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: Connection closed by 101.126.5.109 port 25810 [preauth]
Oct 14 20:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27409]: pam_unix(cron:session): session closed for user root
Oct 14 20:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29497]: Invalid user notes from 222.108.173.170
Oct 14 20:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29497]: input_userauth_request: invalid user notes [preauth]
Oct 14 20:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29497]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 20:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29497]: Failed password for invalid user notes from 222.108.173.170 port 27629 ssh2
Oct 14 20:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29497]: Received disconnect from 222.108.173.170 port 27629:11: Bye Bye [preauth]
Oct 14 20:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29497]: Disconnected from 222.108.173.170 port 27629 [preauth]
Oct 14 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29564]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29563]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29560]: pam_unix(cron:session): session closed for user p13x
Oct 14 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29639]: Successful su for rubyman by root
Oct 14 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29639]: + ??? root:rubyman
Oct 14 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413554 of user rubyman.
Oct 14 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29639]: pam_unix(su:session): session closed for user rubyman
Oct 14 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413554.
Oct 14 20:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: Invalid user arwin from 185.50.38.171
Oct 14 20:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: input_userauth_request: invalid user arwin [preauth]
Oct 14 20:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.50.38.171
Oct 14 20:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: Failed password for invalid user arwin from 185.50.38.171 port 37504 ssh2
Oct 14 20:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: Received disconnect from 185.50.38.171 port 37504:11: Bye Bye [preauth]
Oct 14 20:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: Disconnected from 185.50.38.171 port 37504 [preauth]
Oct 14 20:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25527]: pam_unix(cron:session): session closed for user root
Oct 14 20:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: Invalid user user from 62.60.131.157
Oct 14 20:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: input_userauth_request: invalid user user [preauth]
Oct 14 20:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 20:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: Failed password for invalid user user from 62.60.131.157 port 57835 ssh2
Oct 14 20:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29868]: Did not receive identification string from 111.70.48.48
Oct 14 20:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: Failed password for invalid user user from 62.60.131.157 port 57835 ssh2
Oct 14 20:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29561]: pam_unix(cron:session): session closed for user samftp
Oct 14 20:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: Failed password for invalid user user from 62.60.131.157 port 57835 ssh2
Oct 14 20:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: Failed password for invalid user user from 62.60.131.157 port 57835 ssh2
Oct 14 20:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 20:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: Failed password for invalid user user from 62.60.131.157 port 57835 ssh2
Oct 14 20:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: Received disconnect from 62.60.131.157 port 57835:11: Bye [preauth]
Oct 14 20:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: Disconnected from 62.60.131.157 port 57835 [preauth]
Oct 14 20:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 20:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 20:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28195]: pam_unix(cron:session): session closed for user root
Oct 14 20:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 20:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103  user=root
Oct 14 20:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110  user=root
Oct 14 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30085]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30083]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30082]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30086]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30084]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30086]: pam_unix(cron:session): session closed for user root
Oct 14 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30082]: pam_unix(cron:session): session closed for user root
Oct 14 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30080]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: Failed password for root from 67.10.185.103 port 33452 ssh2
Oct 14 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: Received disconnect from 67.10.185.103 port 33452:11: Bye Bye [preauth]
Oct 14 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30067]: Disconnected from 67.10.185.103 port 33452 [preauth]
Oct 14 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Failed password for root from 172.208.52.110 port 34144 ssh2
Oct 14 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Received disconnect from 172.208.52.110 port 34144:11: Bye Bye [preauth]
Oct 14 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Disconnected from 172.208.52.110 port 34144 [preauth]
Oct 14 21:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30222]: Successful su for rubyman by root
Oct 14 21:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30222]: + ??? root:rubyman
Oct 14 21:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413559 of user rubyman.
Oct 14 21:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30222]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413559.
Oct 14 21:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26082]: pam_unix(cron:session): session closed for user root
Oct 14 21:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30083]: pam_unix(cron:session): session closed for user root
Oct 14 21:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30383]: Did not receive identification string from 20.118.240.192
Oct 14 21:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30599]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 20.118.240.192 port 57958
Oct 14 21:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30081]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29008]: pam_unix(cron:session): session closed for user root
Oct 14 21:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: Invalid user user from 222.108.173.170
Oct 14 21:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: input_userauth_request: invalid user user [preauth]
Oct 14 21:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 21:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: Failed password for invalid user user from 222.108.173.170 port 35543 ssh2
Oct 14 21:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: Received disconnect from 222.108.173.170 port 35543:11: Bye Bye [preauth]
Oct 14 21:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: Disconnected from 222.108.173.170 port 35543 [preauth]
Oct 14 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30795]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30797]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30792]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30873]: Successful su for rubyman by root
Oct 14 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30873]: + ??? root:rubyman
Oct 14 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413566 of user rubyman.
Oct 14 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30873]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413566.
Oct 14 21:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26659]: pam_unix(cron:session): session closed for user root
Oct 14 21:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30793]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Invalid user admin1234 from 67.10.185.103
Oct 14 21:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: input_userauth_request: invalid user admin1234 [preauth]
Oct 14 21:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 21:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110  user=root
Oct 14 21:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Failed password for invalid user admin1234 from 67.10.185.103 port 39408 ssh2
Oct 14 21:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Received disconnect from 67.10.185.103 port 39408:11: Bye Bye [preauth]
Oct 14 21:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Disconnected from 67.10.185.103 port 39408 [preauth]
Oct 14 21:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31193]: Failed password for root from 172.208.52.110 port 56848 ssh2
Oct 14 21:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31193]: Received disconnect from 172.208.52.110 port 56848:11: Bye Bye [preauth]
Oct 14 21:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31193]: Disconnected from 172.208.52.110 port 56848 [preauth]
Oct 14 21:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29564]: pam_unix(cron:session): session closed for user root
Oct 14 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31290]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31291]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31287]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31358]: Successful su for rubyman by root
Oct 14 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31358]: + ??? root:rubyman
Oct 14 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413569 of user rubyman.
Oct 14 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31358]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413569.
Oct 14 21:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27407]: pam_unix(cron:session): session closed for user root
Oct 14 21:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31288]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170  user=root
Oct 14 21:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: Failed password for root from 222.108.173.170 port 11298 ssh2
Oct 14 21:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: Received disconnect from 222.108.173.170 port 11298:11: Bye Bye [preauth]
Oct 14 21:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: Disconnected from 222.108.173.170 port 11298 [preauth]
Oct 14 21:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: Invalid user erp from 186.96.145.241
Oct 14 21:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: input_userauth_request: invalid user erp [preauth]
Oct 14 21:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 14 21:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30085]: pam_unix(cron:session): session closed for user root
Oct 14 21:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: Failed password for invalid user erp from 186.96.145.241 port 41008 ssh2
Oct 14 21:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: Connection closed by 186.96.145.241 port 41008 [preauth]
Oct 14 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31917]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31913]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31911]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31995]: Successful su for rubyman by root
Oct 14 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31995]: + ??? root:rubyman
Oct 14 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413574 of user rubyman.
Oct 14 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31995]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413574.
Oct 14 21:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: Invalid user ftptest from 67.10.185.103
Oct 14 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: input_userauth_request: invalid user ftptest [preauth]
Oct 14 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110  user=root
Oct 14 21:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: Failed password for invalid user ftptest from 67.10.185.103 port 45336 ssh2
Oct 14 21:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: Received disconnect from 67.10.185.103 port 45336:11: Bye Bye [preauth]
Oct 14 21:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: Disconnected from 67.10.185.103 port 45336 [preauth]
Oct 14 21:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: Failed password for root from 172.208.52.110 port 46156 ssh2
Oct 14 21:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: Received disconnect from 172.208.52.110 port 46156:11: Bye Bye [preauth]
Oct 14 21:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32072]: Disconnected from 172.208.52.110 port 46156 [preauth]
Oct 14 21:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28194]: pam_unix(cron:session): session closed for user root
Oct 14 21:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31912]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32341]: Did not receive identification string from 165.227.171.84
Oct 14 21:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: Did not receive identification string from 165.227.171.84
Oct 14 21:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30797]: pam_unix(cron:session): session closed for user root
Oct 14 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32468]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32469]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32465]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32540]: Successful su for rubyman by root
Oct 14 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32540]: + ??? root:rubyman
Oct 14 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413579 of user rubyman.
Oct 14 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32540]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413579.
Oct 14 21:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29004]: pam_unix(cron:session): session closed for user root
Oct 14 21:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32466]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170  user=root
Oct 14 21:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[363]: Failed password for root from 222.108.173.170 port 13441 ssh2
Oct 14 21:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[363]: Received disconnect from 222.108.173.170 port 13441:11: Bye Bye [preauth]
Oct 14 21:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[363]: Disconnected from 222.108.173.170 port 13441 [preauth]
Oct 14 21:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: Invalid user gns3 from 172.208.52.110
Oct 14 21:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: input_userauth_request: invalid user gns3 [preauth]
Oct 14 21:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.208.52.110
Oct 14 21:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Invalid user esuser from 67.10.185.103
Oct 14 21:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: input_userauth_request: invalid user esuser [preauth]
Oct 14 21:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 21:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: Failed password for invalid user gns3 from 172.208.52.110 port 41606 ssh2
Oct 14 21:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: Received disconnect from 172.208.52.110 port 41606:11: Bye Bye [preauth]
Oct 14 21:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: Disconnected from 172.208.52.110 port 41606 [preauth]
Oct 14 21:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Failed password for invalid user esuser from 67.10.185.103 port 51336 ssh2
Oct 14 21:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Received disconnect from 67.10.185.103 port 51336:11: Bye Bye [preauth]
Oct 14 21:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Disconnected from 67.10.185.103 port 51336 [preauth]
Oct 14 21:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31291]: pam_unix(cron:session): session closed for user root
Oct 14 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[482]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[481]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[480]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[483]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[483]: pam_unix(cron:session): session closed for user root
Oct 14 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[478]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[572]: Successful su for rubyman by root
Oct 14 21:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[572]: + ??? root:rubyman
Oct 14 21:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413582 of user rubyman.
Oct 14 21:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[572]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413582.
Oct 14 21:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[480]: pam_unix(cron:session): session closed for user root
Oct 14 21:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29563]: pam_unix(cron:session): session closed for user root
Oct 14 21:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[479]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31917]: pam_unix(cron:session): session closed for user root
Oct 14 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1087]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1084]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1082]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1163]: Successful su for rubyman by root
Oct 14 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1163]: + ??? root:rubyman
Oct 14 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413589 of user rubyman.
Oct 14 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1163]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413589.
Oct 14 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: Invalid user pzuser from 67.10.185.103
Oct 14 21:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: input_userauth_request: invalid user pzuser [preauth]
Oct 14 21:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 21:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: Failed password for invalid user pzuser from 67.10.185.103 port 57230 ssh2
Oct 14 21:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: Received disconnect from 67.10.185.103 port 57230:11: Bye Bye [preauth]
Oct 14 21:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: Disconnected from 67.10.185.103 port 57230 [preauth]
Oct 14 21:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30084]: pam_unix(cron:session): session closed for user root
Oct 14 21:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1083]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: Invalid user deployer from 222.108.173.170
Oct 14 21:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: input_userauth_request: invalid user deployer [preauth]
Oct 14 21:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 21:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: Failed password for invalid user deployer from 222.108.173.170 port 3588 ssh2
Oct 14 21:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: Received disconnect from 222.108.173.170 port 3588:11: Bye Bye [preauth]
Oct 14 21:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: Disconnected from 222.108.173.170 port 3588 [preauth]
Oct 14 21:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32469]: pam_unix(cron:session): session closed for user root
Oct 14 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1585]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1583]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1581]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1663]: Successful su for rubyman by root
Oct 14 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1663]: + ??? root:rubyman
Oct 14 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413592 of user rubyman.
Oct 14 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1663]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413592.
Oct 14 21:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30795]: pam_unix(cron:session): session closed for user root
Oct 14 21:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1582]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103  user=root
Oct 14 21:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[482]: pam_unix(cron:session): session closed for user root
Oct 14 21:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: Failed password for root from 67.10.185.103 port 34868 ssh2
Oct 14 21:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: Received disconnect from 67.10.185.103 port 34868:11: Bye Bye [preauth]
Oct 14 21:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: Disconnected from 67.10.185.103 port 34868 [preauth]
Oct 14 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2175]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2174]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2172]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2244]: Successful su for rubyman by root
Oct 14 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2244]: + ??? root:rubyman
Oct 14 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413595 of user rubyman.
Oct 14 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2244]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413595.
Oct 14 21:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31290]: pam_unix(cron:session): session closed for user root
Oct 14 21:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2426]: Received disconnect from 193.46.255.103 port 64606:11:  [preauth]
Oct 14 21:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2426]: Disconnected from 193.46.255.103 port 64606 [preauth]
Oct 14 21:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2173]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170  user=root
Oct 14 21:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2496]: Failed password for root from 222.108.173.170 port 13082 ssh2
Oct 14 21:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2496]: Received disconnect from 222.108.173.170 port 13082:11: Bye Bye [preauth]
Oct 14 21:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2496]: Disconnected from 222.108.173.170 port 13082 [preauth]
Oct 14 21:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1087]: pam_unix(cron:session): session closed for user root
Oct 14 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2631]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2630]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2625]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2627]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2790]: Successful su for rubyman by root
Oct 14 21:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2790]: + ??? root:rubyman
Oct 14 21:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413601 of user rubyman.
Oct 14 21:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2790]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413601.
Oct 14 21:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2625]: pam_unix(cron:session): session closed for user root
Oct 14 21:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: Invalid user darko from 67.10.185.103
Oct 14 21:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: input_userauth_request: invalid user darko [preauth]
Oct 14 21:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 21:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: Failed password for invalid user darko from 67.10.185.103 port 40758 ssh2
Oct 14 21:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: Received disconnect from 67.10.185.103 port 40758:11: Bye Bye [preauth]
Oct 14 21:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2890]: Disconnected from 67.10.185.103 port 40758 [preauth]
Oct 14 21:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31913]: pam_unix(cron:session): session closed for user root
Oct 14 21:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3004]: Invalid user teste from 194.0.234.93
Oct 14 21:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3004]: input_userauth_request: invalid user teste [preauth]
Oct 14 21:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3004]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.93
Oct 14 21:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3004]: Failed password for invalid user teste from 194.0.234.93 port 58414 ssh2
Oct 14 21:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3004]: Connection closed by 194.0.234.93 port 58414 [preauth]
Oct 14 21:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2629]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1585]: pam_unix(cron:session): session closed for user root
Oct 14 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3171]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3174]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3172]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3170]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3173]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3174]: pam_unix(cron:session): session closed for user root
Oct 14 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3169]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3255]: Successful su for rubyman by root
Oct 14 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3255]: + ??? root:rubyman
Oct 14 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413609 of user rubyman.
Oct 14 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3255]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413609.
Oct 14 21:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: Invalid user ubuntu from 222.108.173.170
Oct 14 21:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 21:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 21:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3171]: pam_unix(cron:session): session closed for user root
Oct 14 21:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: Invalid user adminuser from 20.163.71.109
Oct 14 21:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: input_userauth_request: invalid user adminuser [preauth]
Oct 14 21:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 21:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32468]: pam_unix(cron:session): session closed for user root
Oct 14 21:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: Failed password for invalid user ubuntu from 222.108.173.170 port 34447 ssh2
Oct 14 21:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: Received disconnect from 222.108.173.170 port 34447:11: Bye Bye [preauth]
Oct 14 21:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: Disconnected from 222.108.173.170 port 34447 [preauth]
Oct 14 21:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: Failed password for invalid user adminuser from 20.163.71.109 port 33848 ssh2
Oct 14 21:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: Connection closed by 20.163.71.109 port 33848 [preauth]
Oct 14 21:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3170]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103  user=root
Oct 14 21:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: Failed password for root from 67.10.185.103 port 46666 ssh2
Oct 14 21:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: Received disconnect from 67.10.185.103 port 46666:11: Bye Bye [preauth]
Oct 14 21:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3594]: Disconnected from 67.10.185.103 port 46666 [preauth]
Oct 14 21:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2175]: pam_unix(cron:session): session closed for user root
Oct 14 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3679]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3678]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3676]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3763]: Successful su for rubyman by root
Oct 14 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3763]: + ??? root:rubyman
Oct 14 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413611 of user rubyman.
Oct 14 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3763]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413611.
Oct 14 21:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[481]: pam_unix(cron:session): session closed for user root
Oct 14 21:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3677]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.226.213  user=root
Oct 14 21:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: Failed password for root from 117.50.226.213 port 60044 ssh2
Oct 14 21:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: Received disconnect from 117.50.226.213 port 60044:11:  [preauth]
Oct 14 21:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: Disconnected from 117.50.226.213 port 60044 [preauth]
Oct 14 21:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2631]: pam_unix(cron:session): session closed for user root
Oct 14 21:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: Invalid user web from 222.108.173.170
Oct 14 21:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: input_userauth_request: invalid user web [preauth]
Oct 14 21:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 21:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: Invalid user marvin from 67.10.185.103
Oct 14 21:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: input_userauth_request: invalid user marvin [preauth]
Oct 14 21:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 21:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: Failed password for invalid user web from 222.108.173.170 port 26712 ssh2
Oct 14 21:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: Received disconnect from 222.108.173.170 port 26712:11: Bye Bye [preauth]
Oct 14 21:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: Disconnected from 222.108.173.170 port 26712 [preauth]
Oct 14 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: Failed password for invalid user marvin from 67.10.185.103 port 52530 ssh2
Oct 14 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4180]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4181]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4179]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4178]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4178]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: Received disconnect from 67.10.185.103 port 52530:11: Bye Bye [preauth]
Oct 14 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: Disconnected from 67.10.185.103 port 52530 [preauth]
Oct 14 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4286]: Successful su for rubyman by root
Oct 14 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4286]: + ??? root:rubyman
Oct 14 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413616 of user rubyman.
Oct 14 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4286]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413616.
Oct 14 21:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1084]: pam_unix(cron:session): session closed for user root
Oct 14 21:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4179]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3173]: pam_unix(cron:session): session closed for user root
Oct 14 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4698]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4700]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4696]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4776]: Successful su for rubyman by root
Oct 14 21:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4776]: + ??? root:rubyman
Oct 14 21:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4776]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413620 of user rubyman.
Oct 14 21:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4776]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413620.
Oct 14 21:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1583]: pam_unix(cron:session): session closed for user root
Oct 14 21:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4697]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: Invalid user bitrix from 67.10.185.103
Oct 14 21:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: input_userauth_request: invalid user bitrix [preauth]
Oct 14 21:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 21:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: Failed password for invalid user bitrix from 67.10.185.103 port 58434 ssh2
Oct 14 21:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: Received disconnect from 67.10.185.103 port 58434:11: Bye Bye [preauth]
Oct 14 21:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: Disconnected from 67.10.185.103 port 58434 [preauth]
Oct 14 21:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3679]: pam_unix(cron:session): session closed for user root
Oct 14 21:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: Invalid user natali from 222.108.173.170
Oct 14 21:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: input_userauth_request: invalid user natali [preauth]
Oct 14 21:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170
Oct 14 21:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: Failed password for invalid user natali from 222.108.173.170 port 33489 ssh2
Oct 14 21:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: Received disconnect from 222.108.173.170 port 33489:11: Bye Bye [preauth]
Oct 14 21:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: Disconnected from 222.108.173.170 port 33489 [preauth]
Oct 14 21:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5654]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5655]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5652]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5726]: Successful su for rubyman by root
Oct 14 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5726]: + ??? root:rubyman
Oct 14 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413622 of user rubyman.
Oct 14 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5726]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413622.
Oct 14 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: User sshd from 185.156.73.233 not allowed because not listed in AllowUsers
Oct 14 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: input_userauth_request: invalid user sshd [preauth]
Oct 14 21:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=sshd
Oct 14 21:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: Failed password for invalid user sshd from 185.156.73.233 port 17960 ssh2
Oct 14 21:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: Connection closed by 185.156.73.233 port 17960 [preauth]
Oct 14 21:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2174]: pam_unix(cron:session): session closed for user root
Oct 14 21:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5653]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4181]: pam_unix(cron:session): session closed for user root
Oct 14 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6135]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6130]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6133]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6134]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6135]: pam_unix(cron:session): session closed for user root
Oct 14 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6128]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: Invalid user pq from 67.10.185.103
Oct 14 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: input_userauth_request: invalid user pq [preauth]
Oct 14 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6214]: Successful su for rubyman by root
Oct 14 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6214]: + ??? root:rubyman
Oct 14 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413630 of user rubyman.
Oct 14 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6214]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413630.
Oct 14 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: Failed password for invalid user pq from 67.10.185.103 port 36088 ssh2
Oct 14 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: Received disconnect from 67.10.185.103 port 36088:11: Bye Bye [preauth]
Oct 14 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6211]: Disconnected from 67.10.185.103 port 36088 [preauth]
Oct 14 21:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6130]: pam_unix(cron:session): session closed for user root
Oct 14 21:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2630]: pam_unix(cron:session): session closed for user root
Oct 14 21:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6129]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4700]: pam_unix(cron:session): session closed for user root
Oct 14 21:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.108.173.170  user=root
Oct 14 21:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6581]: Failed password for root from 222.108.173.170 port 54367 ssh2
Oct 14 21:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6581]: Received disconnect from 222.108.173.170 port 54367:11: Bye Bye [preauth]
Oct 14 21:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6581]: Disconnected from 222.108.173.170 port 54367 [preauth]
Oct 14 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6715]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6716]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6713]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6799]: Successful su for rubyman by root
Oct 14 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6799]: + ??? root:rubyman
Oct 14 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413635 of user rubyman.
Oct 14 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6799]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413635.
Oct 14 21:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3172]: pam_unix(cron:session): session closed for user root
Oct 14 21:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6714]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: Invalid user mark from 67.10.185.103
Oct 14 21:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: input_userauth_request: invalid user mark [preauth]
Oct 14 21:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: Failed password for invalid user mark from 67.10.185.103 port 41940 ssh2
Oct 14 21:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: Received disconnect from 67.10.185.103 port 41940:11: Bye Bye [preauth]
Oct 14 21:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: Disconnected from 67.10.185.103 port 41940 [preauth]
Oct 14 21:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5655]: pam_unix(cron:session): session closed for user root
Oct 14 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7278]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7279]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7273]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7273]: pam_unix(cron:session): session closed for user root
Oct 14 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7276]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7353]: Successful su for rubyman by root
Oct 14 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7353]: + ??? root:rubyman
Oct 14 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7353]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413637 of user rubyman.
Oct 14 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7353]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413637.
Oct 14 21:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3678]: pam_unix(cron:session): session closed for user root
Oct 14 21:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7277]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: Invalid user builduser from 190.108.76.143
Oct 14 21:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: input_userauth_request: invalid user builduser [preauth]
Oct 14 21:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 21:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: Failed password for invalid user builduser from 190.108.76.143 port 7351 ssh2
Oct 14 21:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: Received disconnect from 190.108.76.143 port 7351:11: Bye Bye [preauth]
Oct 14 21:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: Disconnected from 190.108.76.143 port 7351 [preauth]
Oct 14 21:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6134]: pam_unix(cron:session): session closed for user root
Oct 14 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7755]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7758]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7753]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7832]: Successful su for rubyman by root
Oct 14 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7832]: + ??? root:rubyman
Oct 14 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413641 of user rubyman.
Oct 14 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7832]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413641.
Oct 14 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: Invalid user ict from 67.10.185.103
Oct 14 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: input_userauth_request: invalid user ict [preauth]
Oct 14 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7861]: Invalid user adminuser from 20.163.71.109
Oct 14 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7861]: input_userauth_request: invalid user adminuser [preauth]
Oct 14 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7861]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 21:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: Failed password for invalid user ict from 67.10.185.103 port 47828 ssh2
Oct 14 21:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: Received disconnect from 67.10.185.103 port 47828:11: Bye Bye [preauth]
Oct 14 21:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: Disconnected from 67.10.185.103 port 47828 [preauth]
Oct 14 21:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7861]: Failed password for invalid user adminuser from 20.163.71.109 port 51440 ssh2
Oct 14 21:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7861]: Connection closed by 20.163.71.109 port 51440 [preauth]
Oct 14 21:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4180]: pam_unix(cron:session): session closed for user root
Oct 14 21:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7754]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6716]: pam_unix(cron:session): session closed for user root
Oct 14 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8669]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8670]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8667]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8740]: Successful su for rubyman by root
Oct 14 21:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8740]: + ??? root:rubyman
Oct 14 21:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413648 of user rubyman.
Oct 14 21:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8740]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413648.
Oct 14 21:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4698]: pam_unix(cron:session): session closed for user root
Oct 14 21:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8668]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: Invalid user proxyuser from 67.10.185.103
Oct 14 21:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: input_userauth_request: invalid user proxyuser [preauth]
Oct 14 21:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 21:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: Failed password for invalid user proxyuser from 67.10.185.103 port 53382 ssh2
Oct 14 21:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: Received disconnect from 67.10.185.103 port 53382:11: Bye Bye [preauth]
Oct 14 21:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: Disconnected from 67.10.185.103 port 53382 [preauth]
Oct 14 21:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7279]: pam_unix(cron:session): session closed for user root
Oct 14 21:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: Invalid user nagios from 190.108.76.143
Oct 14 21:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: input_userauth_request: invalid user nagios [preauth]
Oct 14 21:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 21:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9337]: Failed password for root from 165.227.171.84 port 43878 ssh2
Oct 14 21:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9337]: Connection closed by 165.227.171.84 port 43878 [preauth]
Oct 14 21:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: Failed password for invalid user nagios from 190.108.76.143 port 15743 ssh2
Oct 14 21:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: Invalid user admin from 165.227.171.84
Oct 14 21:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: input_userauth_request: invalid user admin [preauth]
Oct 14 21:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: Received disconnect from 190.108.76.143 port 15743:11: Bye Bye [preauth]
Oct 14 21:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: Disconnected from 190.108.76.143 port 15743 [preauth]
Oct 14 21:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: Failed password for invalid user admin from 165.227.171.84 port 43888 ssh2
Oct 14 21:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: Connection closed by 165.227.171.84 port 43888 [preauth]
Oct 14 21:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9354]: Invalid user odroid from 165.227.171.84
Oct 14 21:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9354]: input_userauth_request: invalid user odroid [preauth]
Oct 14 21:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9354]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9375]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9374]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9373]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9371]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9375]: pam_unix(cron:session): session closed for user root
Oct 14 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9368]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9354]: Failed password for invalid user odroid from 165.227.171.84 port 43892 ssh2
Oct 14 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9354]: Connection closed by 165.227.171.84 port 43892 [preauth]
Oct 14 21:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9464]: Successful su for rubyman by root
Oct 14 21:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9464]: + ??? root:rubyman
Oct 14 21:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9464]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413651 of user rubyman.
Oct 14 21:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9464]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413651.
Oct 14 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: Invalid user vpn from 165.227.171.84
Oct 14 21:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: input_userauth_request: invalid user vpn [preauth]
Oct 14 21:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: Failed password for invalid user vpn from 165.227.171.84 port 43980 ssh2
Oct 14 21:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: Connection closed by 165.227.171.84 port 43980 [preauth]
Oct 14 21:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: Invalid user test from 165.227.171.84
Oct 14 21:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: input_userauth_request: invalid user test [preauth]
Oct 14 21:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9371]: pam_unix(cron:session): session closed for user root
Oct 14 21:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5654]: pam_unix(cron:session): session closed for user root
Oct 14 21:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: Failed password for invalid user test from 165.227.171.84 port 43990 ssh2
Oct 14 21:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9603]: Connection closed by 165.227.171.84 port 43990 [preauth]
Oct 14 21:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9369]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9884]: Invalid user minecraft from 165.227.171.84
Oct 14 21:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9884]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 21:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9884]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9884]: Failed password for invalid user minecraft from 165.227.171.84 port 45332 ssh2
Oct 14 21:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9884]: Connection closed by 165.227.171.84 port 45332 [preauth]
Oct 14 21:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: Invalid user hadoop from 165.227.171.84
Oct 14 21:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 21:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: Failed password for invalid user hadoop from 165.227.171.84 port 44556 ssh2
Oct 14 21:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9904]: Connection closed by 165.227.171.84 port 44556 [preauth]
Oct 14 21:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7758]: pam_unix(cron:session): session closed for user root
Oct 14 21:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9956]: Failed password for root from 165.227.171.84 port 44570 ssh2
Oct 14 21:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9956]: Connection closed by 165.227.171.84 port 44570 [preauth]
Oct 14 21:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9976]: Invalid user pi from 165.227.171.84
Oct 14 21:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9976]: input_userauth_request: invalid user pi [preauth]
Oct 14 21:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9976]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9976]: Failed password for invalid user pi from 165.227.171.84 port 52988 ssh2
Oct 14 21:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9976]: Connection closed by 165.227.171.84 port 52988 [preauth]
Oct 14 21:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Failed password for root from 165.227.171.84 port 52994 ssh2
Oct 14 21:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Connection closed by 165.227.171.84 port 52994 [preauth]
Oct 14 21:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10024]: Invalid user postgres from 165.227.171.84
Oct 14 21:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10024]: input_userauth_request: invalid user postgres [preauth]
Oct 14 21:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10024]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10024]: Failed password for invalid user postgres from 165.227.171.84 port 53000 ssh2
Oct 14 21:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10024]: Connection closed by 165.227.171.84 port 53000 [preauth]
Oct 14 21:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: User mysql from 165.227.171.84 not allowed because not listed in AllowUsers
Oct 14 21:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: input_userauth_request: invalid user mysql [preauth]
Oct 14 21:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=mysql
Oct 14 21:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: Failed password for invalid user mysql from 165.227.171.84 port 55300 ssh2
Oct 14 21:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: Connection closed by 165.227.171.84 port 55300 [preauth]
Oct 14 21:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: Invalid user odoo from 165.227.171.84
Oct 14 21:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: input_userauth_request: invalid user odoo [preauth]
Oct 14 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10060]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10059]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10057]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10140]: Successful su for rubyman by root
Oct 14 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10140]: + ??? root:rubyman
Oct 14 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413656 of user rubyman.
Oct 14 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10140]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413656.
Oct 14 21:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: Failed password for invalid user odoo from 165.227.171.84 port 41160 ssh2
Oct 14 21:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10054]: Connection closed by 165.227.171.84 port 41160 [preauth]
Oct 14 21:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 14 21:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10186]: Failed password for root from 164.68.105.9 port 52442 ssh2
Oct 14 21:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10186]: Connection closed by 164.68.105.9 port 52442 [preauth]
Oct 14 21:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103  user=root
Oct 14 21:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6133]: pam_unix(cron:session): session closed for user root
Oct 14 21:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: Failed password for root from 67.10.185.103 port 58646 ssh2
Oct 14 21:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: Received disconnect from 67.10.185.103 port 58646:11: Bye Bye [preauth]
Oct 14 21:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10337]: Disconnected from 67.10.185.103 port 58646 [preauth]
Oct 14 21:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10058]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10392]: User nobody from 185.156.73.233 not allowed because not listed in AllowUsers
Oct 14 21:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10392]: input_userauth_request: invalid user nobody [preauth]
Oct 14 21:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10392]: Failed none for invalid user nobody from 185.156.73.233 port 36880 ssh2
Oct 14 21:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10392]: Connection closed by 185.156.73.233 port 36880 [preauth]
Oct 14 21:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10440]: Invalid user user from 165.227.171.84
Oct 14 21:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10440]: input_userauth_request: invalid user user [preauth]
Oct 14 21:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10440]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10440]: Failed password for invalid user user from 165.227.171.84 port 35836 ssh2
Oct 14 21:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10440]: Connection closed by 165.227.171.84 port 35836 [preauth]
Oct 14 21:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8670]: pam_unix(cron:session): session closed for user root
Oct 14 21:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: Invalid user sammy from 190.108.76.143
Oct 14 21:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: input_userauth_request: invalid user sammy [preauth]
Oct 14 21:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 21:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: Failed password for invalid user sammy from 190.108.76.143 port 28881 ssh2
Oct 14 21:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: Received disconnect from 190.108.76.143 port 28881:11: Bye Bye [preauth]
Oct 14 21:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: Disconnected from 190.108.76.143 port 28881 [preauth]
Oct 14 21:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Invalid user deploy from 165.227.171.84
Oct 14 21:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: input_userauth_request: invalid user deploy [preauth]
Oct 14 21:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Failed password for invalid user deploy from 165.227.171.84 port 38136 ssh2
Oct 14 21:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Connection closed by 165.227.171.84 port 38136 [preauth]
Oct 14 21:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: Invalid user ubnt from 165.227.171.84
Oct 14 21:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: input_userauth_request: invalid user ubnt [preauth]
Oct 14 21:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: Failed password for invalid user ubnt from 165.227.171.84 port 38152 ssh2
Oct 14 21:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10555]: Connection closed by 165.227.171.84 port 38152 [preauth]
Oct 14 21:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: Invalid user guest from 165.227.171.84
Oct 14 21:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: input_userauth_request: invalid user guest [preauth]
Oct 14 21:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: Failed password for invalid user guest from 165.227.171.84 port 38162 ssh2
Oct 14 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10576]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10573]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10571]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10557]: Connection closed by 165.227.171.84 port 38162 [preauth]
Oct 14 21:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10657]: Successful su for rubyman by root
Oct 14 21:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10657]: + ??? root:rubyman
Oct 14 21:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413659 of user rubyman.
Oct 14 21:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10657]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413659.
Oct 14 21:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Invalid user odoo18 from 165.227.171.84
Oct 14 21:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: input_userauth_request: invalid user odoo18 [preauth]
Oct 14 21:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Failed password for invalid user odoo18 from 165.227.171.84 port 57528 ssh2
Oct 14 21:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Connection closed by 165.227.171.84 port 57528 [preauth]
Oct 14 21:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6715]: pam_unix(cron:session): session closed for user root
Oct 14 21:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10572]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: Invalid user devopsuser from 165.227.171.84
Oct 14 21:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: input_userauth_request: invalid user devopsuser [preauth]
Oct 14 21:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: Failed password for invalid user devopsuser from 165.227.171.84 port 58176 ssh2
Oct 14 21:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: Connection closed by 165.227.171.84 port 58176 [preauth]
Oct 14 21:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: Failed password for root from 165.227.171.84 port 58192 ssh2
Oct 14 21:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: Connection closed by 165.227.171.84 port 58192 [preauth]
Oct 14 21:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10962]: Invalid user es from 165.227.171.84
Oct 14 21:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10962]: input_userauth_request: invalid user es [preauth]
Oct 14 21:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10962]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10962]: Failed password for invalid user es from 165.227.171.84 port 34438 ssh2
Oct 14 21:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10962]: Connection closed by 165.227.171.84 port 34438 [preauth]
Oct 14 21:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103  user=root
Oct 14 21:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: Invalid user ts3 from 165.227.171.84
Oct 14 21:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: input_userauth_request: invalid user ts3 [preauth]
Oct 14 21:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9374]: pam_unix(cron:session): session closed for user root
Oct 14 21:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: Failed password for root from 67.10.185.103 port 35560 ssh2
Oct 14 21:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: Received disconnect from 67.10.185.103 port 35560:11: Bye Bye [preauth]
Oct 14 21:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: Disconnected from 67.10.185.103 port 35560 [preauth]
Oct 14 21:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: Failed password for invalid user ts3 from 165.227.171.84 port 43462 ssh2
Oct 14 21:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: Connection closed by 165.227.171.84 port 43462 [preauth]
Oct 14 21:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.171.177  user=root
Oct 14 21:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: Failed password for root from 94.177.171.177 port 55818 ssh2
Oct 14 21:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: Connection closed by 94.177.171.177 port 55818 [preauth]
Oct 14 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11048]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11047]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11044]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11126]: Successful su for rubyman by root
Oct 14 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11126]: + ??? root:rubyman
Oct 14 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11126]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413665 of user rubyman.
Oct 14 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11126]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413665.
Oct 14 21:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: Failed password for root from 165.227.171.84 port 35882 ssh2
Oct 14 21:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: Connection closed by 165.227.171.84 port 35882 [preauth]
Oct 14 21:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7278]: pam_unix(cron:session): session closed for user root
Oct 14 21:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11330]: Invalid user orangepi from 165.227.171.84
Oct 14 21:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11330]: input_userauth_request: invalid user orangepi [preauth]
Oct 14 21:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11330]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11330]: Failed password for invalid user orangepi from 165.227.171.84 port 35896 ssh2
Oct 14 21:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11330]: Connection closed by 165.227.171.84 port 35896 [preauth]
Oct 14 21:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Invalid user ubuntu from 165.227.171.84
Oct 14 21:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 21:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11045]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Failed password for invalid user ubuntu from 165.227.171.84 port 60608 ssh2
Oct 14 21:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Connection closed by 165.227.171.84 port 60608 [preauth]
Oct 14 21:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Invalid user postgres from 165.227.171.84
Oct 14 21:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: input_userauth_request: invalid user postgres [preauth]
Oct 14 21:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Failed password for invalid user postgres from 165.227.171.84 port 60642 ssh2
Oct 14 21:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11387]: Connection closed by 165.227.171.84 port 60642 [preauth]
Oct 14 21:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Invalid user git from 165.227.171.84
Oct 14 21:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: input_userauth_request: invalid user git [preauth]
Oct 14 21:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Failed password for invalid user git from 165.227.171.84 port 44802 ssh2
Oct 14 21:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Connection closed by 165.227.171.84 port 44802 [preauth]
Oct 14 21:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11431]: Invalid user dockeruser from 190.108.76.143
Oct 14 21:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11431]: input_userauth_request: invalid user dockeruser [preauth]
Oct 14 21:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11431]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 21:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11431]: Failed password for invalid user dockeruser from 190.108.76.143 port 33406 ssh2
Oct 14 21:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11431]: Received disconnect from 190.108.76.143 port 33406:11: Bye Bye [preauth]
Oct 14 21:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11431]: Disconnected from 190.108.76.143 port 33406 [preauth]
Oct 14 21:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10060]: pam_unix(cron:session): session closed for user root
Oct 14 21:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Invalid user linaro from 165.227.171.84
Oct 14 21:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: input_userauth_request: invalid user linaro [preauth]
Oct 14 21:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Failed password for invalid user linaro from 165.227.171.84 port 44814 ssh2
Oct 14 21:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11474]: Connection closed by 165.227.171.84 port 44814 [preauth]
Oct 14 21:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: Invalid user admin from 165.227.171.84
Oct 14 21:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: input_userauth_request: invalid user admin [preauth]
Oct 14 21:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: Failed password for invalid user admin from 165.227.171.84 port 60344 ssh2
Oct 14 21:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: Connection closed by 165.227.171.84 port 60344 [preauth]
Oct 14 21:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: Invalid user ftpuser from 165.227.171.84
Oct 14 21:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 21:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: Failed password for invalid user ftpuser from 165.227.171.84 port 40420 ssh2
Oct 14 21:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11514]: Connection closed by 165.227.171.84 port 40420 [preauth]
Oct 14 21:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: Invalid user deploy from 165.227.171.84
Oct 14 21:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: input_userauth_request: invalid user deploy [preauth]
Oct 14 21:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: Failed password for invalid user deploy from 165.227.171.84 port 40424 ssh2
Oct 14 21:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: Connection closed by 165.227.171.84 port 40424 [preauth]
Oct 14 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11533]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11534]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11530]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11611]: Successful su for rubyman by root
Oct 14 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11611]: + ??? root:rubyman
Oct 14 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11611]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413669 of user rubyman.
Oct 14 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11611]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413669.
Oct 14 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Failed password for root from 165.227.171.84 port 40432 ssh2
Oct 14 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11801]: Invalid user precious from 67.10.185.103
Oct 14 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11801]: input_userauth_request: invalid user precious [preauth]
Oct 14 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11801]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 21:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Connection closed by 165.227.171.84 port 40432 [preauth]
Oct 14 21:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11801]: Failed password for invalid user precious from 67.10.185.103 port 40692 ssh2
Oct 14 21:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11801]: Received disconnect from 67.10.185.103 port 40692:11: Bye Bye [preauth]
Oct 14 21:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11801]: Disconnected from 67.10.185.103 port 40692 [preauth]
Oct 14 21:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7755]: pam_unix(cron:session): session closed for user root
Oct 14 21:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11918]: Failed password for root from 165.227.171.84 port 35368 ssh2
Oct 14 21:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11918]: Connection closed by 165.227.171.84 port 35368 [preauth]
Oct 14 21:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11532]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: Invalid user oracle from 165.227.171.84
Oct 14 21:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: input_userauth_request: invalid user oracle [preauth]
Oct 14 21:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: Failed password for invalid user oracle from 165.227.171.84 port 33158 ssh2
Oct 14 21:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11949]: Connection closed by 165.227.171.84 port 33158 [preauth]
Oct 14 21:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: Failed password for root from 165.227.171.84 port 33160 ssh2
Oct 14 21:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: Connection closed by 165.227.171.84 port 33160 [preauth]
Oct 14 21:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11994]: Invalid user jenkins from 165.227.171.84
Oct 14 21:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11994]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 21:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11994]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11994]: Failed password for invalid user jenkins from 165.227.171.84 port 46972 ssh2
Oct 14 21:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11994]: Connection closed by 165.227.171.84 port 46972 [preauth]
Oct 14 21:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10576]: pam_unix(cron:session): session closed for user root
Oct 14 21:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Invalid user devops from 165.227.171.84
Oct 14 21:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: input_userauth_request: invalid user devops [preauth]
Oct 14 21:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Failed password for invalid user devops from 165.227.171.84 port 41058 ssh2
Oct 14 21:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12092]: Connection closed by 165.227.171.84 port 41058 [preauth]
Oct 14 21:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12108]: Failed password for root from 165.227.171.84 port 43460 ssh2
Oct 14 21:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12108]: Connection closed by 165.227.171.84 port 43460 [preauth]
Oct 14 21:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: Failed password for root from 165.227.171.84 port 43474 ssh2
Oct 14 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12134]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12132]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12131]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12135]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12133]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12135]: pam_unix(cron:session): session closed for user root
Oct 14 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12110]: Connection closed by 165.227.171.84 port 43474 [preauth]
Oct 14 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12130]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: Failed password for root from 165.227.171.84 port 43484 ssh2
Oct 14 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: Connection closed by 165.227.171.84 port 43484 [preauth]
Oct 14 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12231]: Successful su for rubyman by root
Oct 14 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12231]: + ??? root:rubyman
Oct 14 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413671 of user rubyman.
Oct 14 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12231]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413671.
Oct 14 21:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: Failed password for root from 165.227.171.84 port 34118 ssh2
Oct 14 21:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: Connection closed by 165.227.171.84 port 34118 [preauth]
Oct 14 21:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: Invalid user postgres from 165.227.171.84
Oct 14 21:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: input_userauth_request: invalid user postgres [preauth]
Oct 14 21:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12132]: pam_unix(cron:session): session closed for user root
Oct 14 21:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: Failed password for invalid user postgres from 165.227.171.84 port 34120 ssh2
Oct 14 21:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: Connection closed by 165.227.171.84 port 34120 [preauth]
Oct 14 21:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12395]: Invalid user debian from 165.227.171.84
Oct 14 21:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12395]: input_userauth_request: invalid user debian [preauth]
Oct 14 21:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8669]: pam_unix(cron:session): session closed for user root
Oct 14 21:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12395]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: Failed password for root from 165.227.171.84 port 34126 ssh2
Oct 14 21:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: Connection closed by 165.227.171.84 port 34126 [preauth]
Oct 14 21:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12395]: Failed password for invalid user debian from 165.227.171.84 port 34136 ssh2
Oct 14 21:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12395]: Connection closed by 165.227.171.84 port 34136 [preauth]
Oct 14 21:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12488]: Invalid user orangepi from 165.227.171.84
Oct 14 21:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12488]: input_userauth_request: invalid user orangepi [preauth]
Oct 14 21:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12488]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12488]: Failed password for invalid user orangepi from 165.227.171.84 port 58766 ssh2
Oct 14 21:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12488]: Connection closed by 165.227.171.84 port 58766 [preauth]
Oct 14 21:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: Invalid user pi from 165.227.171.84
Oct 14 21:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: input_userauth_request: invalid user pi [preauth]
Oct 14 21:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12131]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: Failed password for invalid user pi from 165.227.171.84 port 58782 ssh2
Oct 14 21:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: Connection closed by 165.227.171.84 port 58782 [preauth]
Oct 14 21:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: Invalid user nagios from 190.108.76.143
Oct 14 21:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: input_userauth_request: invalid user nagios [preauth]
Oct 14 21:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 21:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12528]: Failed password for root from 165.227.171.84 port 58770 ssh2
Oct 14 21:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12528]: Connection closed by 165.227.171.84 port 58770 [preauth]
Oct 14 21:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: Failed password for invalid user nagios from 190.108.76.143 port 21491 ssh2
Oct 14 21:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: Received disconnect from 190.108.76.143 port 21491:11: Bye Bye [preauth]
Oct 14 21:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12545]: Disconnected from 190.108.76.143 port 21491 [preauth]
Oct 14 21:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: Invalid user vagrant from 165.227.171.84
Oct 14 21:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: input_userauth_request: invalid user vagrant [preauth]
Oct 14 21:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: Invalid user user from 165.227.171.84
Oct 14 21:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: input_userauth_request: invalid user user [preauth]
Oct 14 21:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: Failed password for invalid user vagrant from 165.227.171.84 port 44214 ssh2
Oct 14 21:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: Connection closed by 165.227.171.84 port 44214 [preauth]
Oct 14 21:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: Failed password for invalid user user from 165.227.171.84 port 44220 ssh2
Oct 14 21:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: Connection closed by 165.227.171.84 port 44220 [preauth]
Oct 14 21:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Invalid user steam from 165.227.171.84
Oct 14 21:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: input_userauth_request: invalid user steam [preauth]
Oct 14 21:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: Failed password for root from 165.227.171.84 port 44226 ssh2
Oct 14 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12563]: Connection closed by 165.227.171.84 port 44226 [preauth]
Oct 14 21:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Failed password for invalid user steam from 165.227.171.84 port 40516 ssh2
Oct 14 21:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Connection closed by 165.227.171.84 port 40516 [preauth]
Oct 14 21:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: Invalid user dspace from 165.227.171.84
Oct 14 21:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: input_userauth_request: invalid user dspace [preauth]
Oct 14 21:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11048]: pam_unix(cron:session): session closed for user root
Oct 14 21:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: Invalid user billy from 67.10.185.103
Oct 14 21:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: input_userauth_request: invalid user billy [preauth]
Oct 14 21:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.10.185.103
Oct 14 21:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: Failed password for invalid user dspace from 165.227.171.84 port 40540 ssh2
Oct 14 21:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: Failed password for invalid user billy from 67.10.185.103 port 45858 ssh2
Oct 14 21:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: Connection closed by 165.227.171.84 port 40540 [preauth]
Oct 14 21:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: Received disconnect from 67.10.185.103 port 45858:11: Bye Bye [preauth]
Oct 14 21:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: Disconnected from 67.10.185.103 port 45858 [preauth]
Oct 14 21:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Invalid user user from 165.227.171.84
Oct 14 21:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: input_userauth_request: invalid user user [preauth]
Oct 14 21:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Failed password for invalid user user from 165.227.171.84 port 35674 ssh2
Oct 14 21:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Connection closed by 165.227.171.84 port 35674 [preauth]
Oct 14 21:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: Failed password for root from 165.227.171.84 port 35684 ssh2
Oct 14 21:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: Connection closed by 165.227.171.84 port 35684 [preauth]
Oct 14 21:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: Invalid user devopsuser from 165.227.171.84
Oct 14 21:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: input_userauth_request: invalid user devopsuser [preauth]
Oct 14 21:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: Failed password for invalid user devopsuser from 165.227.171.84 port 40526 ssh2
Oct 14 21:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12695]: Connection closed by 165.227.171.84 port 40526 [preauth]
Oct 14 21:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12707]: Invalid user dspace from 165.227.171.84
Oct 14 21:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12707]: input_userauth_request: invalid user dspace [preauth]
Oct 14 21:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12707]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12715]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12714]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12712]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12707]: Failed password for invalid user dspace from 165.227.171.84 port 40270 ssh2
Oct 14 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12707]: Connection closed by 165.227.171.84 port 40270 [preauth]
Oct 14 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12789]: Successful su for rubyman by root
Oct 14 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12789]: + ??? root:rubyman
Oct 14 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413677 of user rubyman.
Oct 14 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12789]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413677.
Oct 14 21:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12838]: Failed password for root from 165.227.171.84 port 53618 ssh2
Oct 14 21:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12838]: Connection closed by 165.227.171.84 port 53618 [preauth]
Oct 14 21:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9373]: pam_unix(cron:session): session closed for user root
Oct 14 21:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: Invalid user debian from 165.227.171.84
Oct 14 21:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: input_userauth_request: invalid user debian [preauth]
Oct 14 21:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: Failed password for invalid user debian from 165.227.171.84 port 53632 ssh2
Oct 14 21:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: Connection closed by 165.227.171.84 port 53632 [preauth]
Oct 14 21:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12713]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: Failed password for root from 165.227.171.84 port 40668 ssh2
Oct 14 21:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: Connection closed by 165.227.171.84 port 40668 [preauth]
Oct 14 21:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13087]: Failed password for root from 165.227.171.84 port 40682 ssh2
Oct 14 21:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13087]: Connection closed by 165.227.171.84 port 40682 [preauth]
Oct 14 21:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: Failed password for root from 165.227.171.84 port 41096 ssh2
Oct 14 21:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: Connection closed by 165.227.171.84 port 41096 [preauth]
Oct 14 21:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11534]: pam_unix(cron:session): session closed for user root
Oct 14 21:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13137]: Failed password for root from 165.227.171.84 port 39874 ssh2
Oct 14 21:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13137]: Connection closed by 165.227.171.84 port 39874 [preauth]
Oct 14 21:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: Invalid user ubuntu from 165.227.171.84
Oct 14 21:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 21:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: Failed password for invalid user ubuntu from 165.227.171.84 port 39888 ssh2
Oct 14 21:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: Connection closed by 165.227.171.84 port 39888 [preauth]
Oct 14 21:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Invalid user user from 165.227.171.84
Oct 14 21:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: input_userauth_request: invalid user user [preauth]
Oct 14 21:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Failed password for invalid user user from 165.227.171.84 port 60500 ssh2
Oct 14 21:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Connection closed by 165.227.171.84 port 60500 [preauth]
Oct 14 21:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: Failed password for root from 165.227.171.84 port 45414 ssh2
Oct 14 21:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: Connection closed by 165.227.171.84 port 45414 [preauth]
Oct 14 21:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: Invalid user oracle from 165.227.171.84
Oct 14 21:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: input_userauth_request: invalid user oracle [preauth]
Oct 14 21:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: Failed password for invalid user oracle from 165.227.171.84 port 45430 ssh2
Oct 14 21:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: Connection closed by 165.227.171.84 port 45430 [preauth]
Oct 14 21:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13357]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13356]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13429]: Successful su for rubyman by root
Oct 14 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13429]: + ??? root:rubyman
Oct 14 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413682 of user rubyman.
Oct 14 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13429]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413682.
Oct 14 21:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Failed password for root from 165.227.171.84 port 49582 ssh2
Oct 14 21:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Connection closed by 165.227.171.84 port 49582 [preauth]
Oct 14 21:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10059]: pam_unix(cron:session): session closed for user root
Oct 14 21:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: Invalid user linaro from 165.227.171.84
Oct 14 21:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: input_userauth_request: invalid user linaro [preauth]
Oct 14 21:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: Failed password for invalid user linaro from 165.227.171.84 port 49590 ssh2
Oct 14 21:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: Connection closed by 165.227.171.84 port 49590 [preauth]
Oct 14 21:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13644]: Invalid user web from 190.108.76.143
Oct 14 21:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13644]: input_userauth_request: invalid user web [preauth]
Oct 14 21:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13644]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 21:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13644]: Failed password for invalid user web from 190.108.76.143 port 16619 ssh2
Oct 14 21:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13644]: Received disconnect from 190.108.76.143 port 16619:11: Bye Bye [preauth]
Oct 14 21:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13644]: Disconnected from 190.108.76.143 port 16619 [preauth]
Oct 14 21:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13736]: Invalid user postgres from 165.227.171.84
Oct 14 21:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13736]: input_userauth_request: invalid user postgres [preauth]
Oct 14 21:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13736]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13736]: Failed password for invalid user postgres from 165.227.171.84 port 57006 ssh2
Oct 14 21:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13736]: Connection closed by 165.227.171.84 port 57006 [preauth]
Oct 14 21:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12134]: pam_unix(cron:session): session closed for user root
Oct 14 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13862]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13865]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13864]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13861]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13861]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13935]: Successful su for rubyman by root
Oct 14 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13935]: + ??? root:rubyman
Oct 14 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413686 of user rubyman.
Oct 14 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13935]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413686.
Oct 14 21:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10573]: pam_unix(cron:session): session closed for user root
Oct 14 21:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13862]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: Failed password for root from 165.227.171.84 port 59202 ssh2
Oct 14 21:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: Connection closed by 165.227.171.84 port 59202 [preauth]
Oct 14 21:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14270]: Invalid user testuser from 165.227.171.84
Oct 14 21:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14270]: input_userauth_request: invalid user testuser [preauth]
Oct 14 21:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14270]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14270]: Failed password for invalid user testuser from 165.227.171.84 port 47766 ssh2
Oct 14 21:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14270]: Connection closed by 165.227.171.84 port 47766 [preauth]
Oct 14 21:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Invalid user db2inst1 from 165.227.171.84
Oct 14 21:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: input_userauth_request: invalid user db2inst1 [preauth]
Oct 14 21:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Failed password for invalid user db2inst1 from 165.227.171.84 port 57462 ssh2
Oct 14 21:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Connection closed by 165.227.171.84 port 57462 [preauth]
Oct 14 21:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: Invalid user test from 165.227.171.84
Oct 14 21:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: input_userauth_request: invalid user test [preauth]
Oct 14 21:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: Failed password for invalid user test from 165.227.171.84 port 57472 ssh2
Oct 14 21:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: Connection closed by 165.227.171.84 port 57472 [preauth]
Oct 14 21:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Invalid user git from 165.227.171.84
Oct 14 21:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: input_userauth_request: invalid user git [preauth]
Oct 14 21:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Failed password for invalid user git from 165.227.171.84 port 57474 ssh2
Oct 14 21:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14302]: Connection closed by 165.227.171.84 port 57474 [preauth]
Oct 14 21:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Invalid user deploy from 165.227.171.84
Oct 14 21:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: input_userauth_request: invalid user deploy [preauth]
Oct 14 21:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Failed password for invalid user deploy from 165.227.171.84 port 42190 ssh2
Oct 14 21:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14312]: Connection closed by 165.227.171.84 port 42190 [preauth]
Oct 14 21:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 14 21:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12715]: pam_unix(cron:session): session closed for user root
Oct 14 21:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14314]: Failed password for root from 185.156.73.233 port 28264 ssh2
Oct 14 21:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14314]: Connection closed by 185.156.73.233 port 28264 [preauth]
Oct 14 21:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14349]: Failed password for root from 165.227.171.84 port 42204 ssh2
Oct 14 21:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14349]: Connection closed by 165.227.171.84 port 42204 [preauth]
Oct 14 21:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14360]: Failed password for root from 165.227.171.84 port 47036 ssh2
Oct 14 21:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14360]: Connection closed by 165.227.171.84 port 47036 [preauth]
Oct 14 21:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Failed password for root from 165.227.171.84 port 47038 ssh2
Oct 14 21:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Connection closed by 165.227.171.84 port 47038 [preauth]
Oct 14 21:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: Invalid user user from 165.227.171.84
Oct 14 21:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: input_userauth_request: invalid user user [preauth]
Oct 14 21:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: Failed password for invalid user user from 165.227.171.84 port 57104 ssh2
Oct 14 21:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: Connection closed by 165.227.171.84 port 57104 [preauth]
Oct 14 21:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14399]: Invalid user pi from 165.227.171.84
Oct 14 21:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14399]: input_userauth_request: invalid user pi [preauth]
Oct 14 21:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14399]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14399]: Failed password for invalid user pi from 165.227.171.84 port 57110 ssh2
Oct 14 21:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14399]: Connection closed by 165.227.171.84 port 57110 [preauth]
Oct 14 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14415]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14416]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14413]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14494]: Successful su for rubyman by root
Oct 14 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14494]: + ??? root:rubyman
Oct 14 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14494]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413689 of user rubyman.
Oct 14 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14494]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413689.
Oct 14 21:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: Invalid user user from 165.227.171.84
Oct 14 21:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: input_userauth_request: invalid user user [preauth]
Oct 14 21:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: Failed password for invalid user user from 165.227.171.84 port 58996 ssh2
Oct 14 21:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14513]: Connection closed by 165.227.171.84 port 58996 [preauth]
Oct 14 21:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: Invalid user kafka from 165.227.171.84
Oct 14 21:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: input_userauth_request: invalid user kafka [preauth]
Oct 14 21:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14592]: Invalid user radio from 190.108.76.143
Oct 14 21:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14592]: input_userauth_request: invalid user radio [preauth]
Oct 14 21:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14592]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 21:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14592]: Failed password for invalid user radio from 190.108.76.143 port 30767 ssh2
Oct 14 21:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: Failed password for invalid user kafka from 165.227.171.84 port 59000 ssh2
Oct 14 21:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14592]: Received disconnect from 190.108.76.143 port 30767:11: Bye Bye [preauth]
Oct 14 21:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14592]: Disconnected from 190.108.76.143 port 30767 [preauth]
Oct 14 21:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: Connection closed by 165.227.171.84 port 59000 [preauth]
Oct 14 21:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11047]: pam_unix(cron:session): session closed for user root
Oct 14 21:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14414]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: Failed password for root from 165.227.171.84 port 59012 ssh2
Oct 14 21:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: Connection closed by 165.227.171.84 port 59012 [preauth]
Oct 14 21:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14779]: Failed password for root from 165.227.171.84 port 49224 ssh2
Oct 14 21:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14779]: Connection closed by 165.227.171.84 port 49224 [preauth]
Oct 14 21:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13357]: pam_unix(cron:session): session closed for user root
Oct 14 21:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14810]: Invalid user ubuntu from 165.227.171.84
Oct 14 21:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14810]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 21:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14810]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14810]: Failed password for invalid user ubuntu from 165.227.171.84 port 49236 ssh2
Oct 14 21:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14810]: Connection closed by 165.227.171.84 port 49236 [preauth]
Oct 14 21:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: Invalid user vyos from 165.227.171.84
Oct 14 21:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: input_userauth_request: invalid user vyos [preauth]
Oct 14 21:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: Failed password for invalid user vyos from 165.227.171.84 port 35940 ssh2
Oct 14 21:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: Connection closed by 165.227.171.84 port 35940 [preauth]
Oct 14 21:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: Failed password for root from 165.227.171.84 port 35944 ssh2
Oct 14 21:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: Connection closed by 165.227.171.84 port 35944 [preauth]
Oct 14 21:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Invalid user fa from 165.227.171.84
Oct 14 21:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: input_userauth_request: invalid user fa [preauth]
Oct 14 21:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14899]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14897]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14898]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14896]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14899]: pam_unix(cron:session): session closed for user root
Oct 14 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14893]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Failed password for invalid user fa from 165.227.171.84 port 38282 ssh2
Oct 14 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Connection closed by 165.227.171.84 port 38282 [preauth]
Oct 14 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14993]: Successful su for rubyman by root
Oct 14 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14993]: + ??? root:rubyman
Oct 14 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14993]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413695 of user rubyman.
Oct 14 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14993]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413695.
Oct 14 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: Invalid user deploy from 165.227.171.84
Oct 14 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: input_userauth_request: invalid user deploy [preauth]
Oct 14 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: Invalid user admin from 2.57.121.112
Oct 14 21:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: input_userauth_request: invalid user admin [preauth]
Oct 14 21:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 21:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: Failed password for invalid user deploy from 165.227.171.84 port 37740 ssh2
Oct 14 21:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: Connection closed by 165.227.171.84 port 37740 [preauth]
Oct 14 21:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: Failed password for invalid user admin from 2.57.121.112 port 62022 ssh2
Oct 14 21:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15226]: Invalid user devuser from 165.227.171.84
Oct 14 21:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15226]: input_userauth_request: invalid user devuser [preauth]
Oct 14 21:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15226]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11533]: pam_unix(cron:session): session closed for user root
Oct 14 21:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: Failed password for invalid user admin from 2.57.121.112 port 62022 ssh2
Oct 14 21:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14896]: pam_unix(cron:session): session closed for user root
Oct 14 21:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: Failed password for invalid user admin from 2.57.121.112 port 62022 ssh2
Oct 14 21:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15226]: Failed password for invalid user devuser from 165.227.171.84 port 37746 ssh2
Oct 14 21:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15226]: Connection closed by 165.227.171.84 port 37746 [preauth]
Oct 14 21:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: Failed password for invalid user admin from 2.57.121.112 port 62022 ssh2
Oct 14 21:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: Invalid user postgres from 165.227.171.84
Oct 14 21:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: input_userauth_request: invalid user postgres [preauth]
Oct 14 21:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: Failed password for invalid user admin from 2.57.121.112 port 62022 ssh2
Oct 14 21:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: Received disconnect from 2.57.121.112 port 62022:11: Bye [preauth]
Oct 14 21:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: Disconnected from 2.57.121.112 port 62022 [preauth]
Oct 14 21:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 21:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 21:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: Failed password for invalid user postgres from 165.227.171.84 port 40476 ssh2
Oct 14 21:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: Connection closed by 165.227.171.84 port 40476 [preauth]
Oct 14 21:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14894]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: Failed password for root from 165.227.171.84 port 40488 ssh2
Oct 14 21:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: Connection closed by 165.227.171.84 port 40488 [preauth]
Oct 14 21:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15398]: Failed password for root from 165.227.171.84 port 59258 ssh2
Oct 14 21:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15398]: Connection closed by 165.227.171.84 port 59258 [preauth]
Oct 14 21:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: Invalid user testuser from 165.227.171.84
Oct 14 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: input_userauth_request: invalid user testuser [preauth]
Oct 14 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: Failed password for invalid user testuser from 165.227.171.84 port 44096 ssh2
Oct 14 21:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15422]: Connection closed by 165.227.171.84 port 44096 [preauth]
Oct 14 21:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13865]: pam_unix(cron:session): session closed for user root
Oct 14 21:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Failed password for root from 165.227.171.84 port 44100 ssh2
Oct 14 21:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Connection closed by 165.227.171.84 port 44100 [preauth]
Oct 14 21:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84  user=root
Oct 14 21:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: Failed password for root from 165.227.171.84 port 52678 ssh2
Oct 14 21:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15457]: Connection closed by 165.227.171.84 port 52678 [preauth]
Oct 14 21:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: Invalid user devops from 165.227.171.84
Oct 14 21:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: input_userauth_request: invalid user devops [preauth]
Oct 14 21:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.171.84
Oct 14 21:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: Failed password for invalid user devops from 165.227.171.84 port 52692 ssh2
Oct 14 21:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15481]: Connection closed by 165.227.171.84 port 52692 [preauth]
Oct 14 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15514]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15513]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15511]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15593]: Successful su for rubyman by root
Oct 14 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15593]: + ??? root:rubyman
Oct 14 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413700 of user rubyman.
Oct 14 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15593]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413700.
Oct 14 21:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12133]: pam_unix(cron:session): session closed for user root
Oct 14 21:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15512]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14416]: pam_unix(cron:session): session closed for user root
Oct 14 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15964]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15965]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15962]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16051]: Successful su for rubyman by root
Oct 14 21:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16051]: + ??? root:rubyman
Oct 14 21:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413703 of user rubyman.
Oct 14 21:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16051]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413703.
Oct 14 21:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12714]: pam_unix(cron:session): session closed for user root
Oct 14 21:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15963]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16294]: Invalid user support from 78.128.112.74
Oct 14 21:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16294]: input_userauth_request: invalid user support [preauth]
Oct 14 21:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16294]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Oct 14 21:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16294]: Failed password for invalid user support from 78.128.112.74 port 51518 ssh2
Oct 14 21:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16294]: Connection closed by 78.128.112.74 port 51518 [preauth]
Oct 14 21:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14898]: pam_unix(cron:session): session closed for user root
Oct 14 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16437]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16436]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16433]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16433]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16505]: Successful su for rubyman by root
Oct 14 21:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16505]: + ??? root:rubyman
Oct 14 21:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413707 of user rubyman.
Oct 14 21:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16505]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413707.
Oct 14 21:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13356]: pam_unix(cron:session): session closed for user root
Oct 14 21:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16435]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15514]: pam_unix(cron:session): session closed for user root
Oct 14 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16901]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16902]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16899]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16971]: Successful su for rubyman by root
Oct 14 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16971]: + ??? root:rubyman
Oct 14 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413712 of user rubyman.
Oct 14 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16971]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413712.
Oct 14 21:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13864]: pam_unix(cron:session): session closed for user root
Oct 14 21:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16900]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Invalid user ali from 190.108.76.143
Oct 14 21:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: input_userauth_request: invalid user ali [preauth]
Oct 14 21:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 21:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15965]: pam_unix(cron:session): session closed for user root
Oct 14 21:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Failed password for invalid user ali from 190.108.76.143 port 3188 ssh2
Oct 14 21:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Received disconnect from 190.108.76.143 port 3188:11: Bye Bye [preauth]
Oct 14 21:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Disconnected from 190.108.76.143 port 3188 [preauth]
Oct 14 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17370]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17369]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17368]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17371]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17371]: pam_unix(cron:session): session closed for user root
Oct 14 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17365]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17446]: Successful su for rubyman by root
Oct 14 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17446]: + ??? root:rubyman
Oct 14 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413715 of user rubyman.
Oct 14 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17446]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413715.
Oct 14 21:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17368]: pam_unix(cron:session): session closed for user root
Oct 14 21:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14415]: pam_unix(cron:session): session closed for user root
Oct 14 21:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17367]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16437]: pam_unix(cron:session): session closed for user root
Oct 14 21:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Invalid user admin from 185.156.73.233
Oct 14 21:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: input_userauth_request: invalid user admin [preauth]
Oct 14 21:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 14 21:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Failed password for invalid user admin from 185.156.73.233 port 15870 ssh2
Oct 14 21:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Connection closed by 185.156.73.233 port 15870 [preauth]
Oct 14 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17941]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17942]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17939]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18030]: Successful su for rubyman by root
Oct 14 21:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18030]: + ??? root:rubyman
Oct 14 21:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413721 of user rubyman.
Oct 14 21:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18030]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413721.
Oct 14 21:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14897]: pam_unix(cron:session): session closed for user root
Oct 14 21:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17940]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16902]: pam_unix(cron:session): session closed for user root
Oct 14 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18674]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18675]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18670]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18670]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18747]: Successful su for rubyman by root
Oct 14 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18747]: + ??? root:rubyman
Oct 14 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413727 of user rubyman.
Oct 14 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18747]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413727.
Oct 14 21:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23  user=root
Oct 14 21:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18836]: Failed password for root from 41.93.28.23 port 41382 ssh2
Oct 14 21:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18836]: Received disconnect from 41.93.28.23 port 41382:11: Bye Bye [preauth]
Oct 14 21:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18836]: Disconnected from 41.93.28.23 port 41382 [preauth]
Oct 14 21:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15513]: pam_unix(cron:session): session closed for user root
Oct 14 21:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18671]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17370]: pam_unix(cron:session): session closed for user root
Oct 14 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19301]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19310]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19298]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19553]: Successful su for rubyman by root
Oct 14 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19553]: + ??? root:rubyman
Oct 14 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413731 of user rubyman.
Oct 14 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19553]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413731.
Oct 14 21:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: Invalid user dev from 186.124.138.154
Oct 14 21:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: input_userauth_request: invalid user dev [preauth]
Oct 14 21:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 21:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15964]: pam_unix(cron:session): session closed for user root
Oct 14 21:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: Failed password for invalid user dev from 186.124.138.154 port 56806 ssh2
Oct 14 21:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: Received disconnect from 186.124.138.154 port 56806:11: Bye Bye [preauth]
Oct 14 21:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: Disconnected from 186.124.138.154 port 56806 [preauth]
Oct 14 21:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19300]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17942]: pam_unix(cron:session): session closed for user root
Oct 14 21:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123  user=root
Oct 14 21:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: Failed password for root from 107.175.189.123 port 34856 ssh2
Oct 14 21:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: Received disconnect from 107.175.189.123 port 34856:11: Bye Bye [preauth]
Oct 14 21:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20103]: Disconnected from 107.175.189.123 port 34856 [preauth]
Oct 14 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20121]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20120]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20115]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20117]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20329]: Successful su for rubyman by root
Oct 14 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20329]: + ??? root:rubyman
Oct 14 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413735 of user rubyman.
Oct 14 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20329]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413735.
Oct 14 21:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20115]: pam_unix(cron:session): session closed for user root
Oct 14 21:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16436]: pam_unix(cron:session): session closed for user root
Oct 14 21:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26  user=root
Oct 14 21:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20119]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20557]: Failed password for root from 2.57.122.26 port 42780 ssh2
Oct 14 21:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20557]: Connection closed by 2.57.122.26 port 42780 [preauth]
Oct 14 21:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18675]: pam_unix(cron:session): session closed for user root
Oct 14 21:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: Invalid user git from 64.119.29.140
Oct 14 21:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: input_userauth_request: invalid user git [preauth]
Oct 14 21:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140
Oct 14 21:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: Failed password for invalid user git from 64.119.29.140 port 37104 ssh2
Oct 14 21:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: Received disconnect from 64.119.29.140 port 37104:11: Bye Bye [preauth]
Oct 14 21:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20670]: Disconnected from 64.119.29.140 port 37104 [preauth]
Oct 14 21:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71  user=root
Oct 14 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20734]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20733]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20735]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20732]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20735]: pam_unix(cron:session): session closed for user root
Oct 14 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20730]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20727]: Failed password for root from 202.125.94.71 port 46322 ssh2
Oct 14 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20727]: Received disconnect from 202.125.94.71 port 46322:11: Bye Bye [preauth]
Oct 14 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20727]: Disconnected from 202.125.94.71 port 46322 [preauth]
Oct 14 21:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20822]: Successful su for rubyman by root
Oct 14 21:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20822]: + ??? root:rubyman
Oct 14 21:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413738 of user rubyman.
Oct 14 21:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20822]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413738.
Oct 14 21:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20732]: pam_unix(cron:session): session closed for user root
Oct 14 21:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: Invalid user dev from 190.108.76.143
Oct 14 21:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: input_userauth_request: invalid user dev [preauth]
Oct 14 21:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 21:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16901]: pam_unix(cron:session): session closed for user root
Oct 14 21:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: Failed password for invalid user dev from 190.108.76.143 port 30139 ssh2
Oct 14 21:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: Received disconnect from 190.108.76.143 port 30139:11: Bye Bye [preauth]
Oct 14 21:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: Disconnected from 190.108.76.143 port 30139 [preauth]
Oct 14 21:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20731]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19310]: pam_unix(cron:session): session closed for user root
Oct 14 21:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123  user=root
Oct 14 21:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21192]: Failed password for root from 107.175.189.123 port 47836 ssh2
Oct 14 21:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21192]: Received disconnect from 107.175.189.123 port 47836:11: Bye Bye [preauth]
Oct 14 21:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21192]: Disconnected from 107.175.189.123 port 47836 [preauth]
Oct 14 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21223]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21224]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21221]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21317]: Successful su for rubyman by root
Oct 14 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21317]: + ??? root:rubyman
Oct 14 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413745 of user rubyman.
Oct 14 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21317]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413745.
Oct 14 21:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17369]: pam_unix(cron:session): session closed for user root
Oct 14 21:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21222]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: Invalid user jjq from 41.93.28.23
Oct 14 21:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: input_userauth_request: invalid user jjq [preauth]
Oct 14 21:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 21:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 21:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: Failed password for invalid user jjq from 41.93.28.23 port 53918 ssh2
Oct 14 21:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: Failed password for root from 186.124.138.154 port 56396 ssh2
Oct 14 21:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: Received disconnect from 186.124.138.154 port 56396:11: Bye Bye [preauth]
Oct 14 21:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: Disconnected from 186.124.138.154 port 56396 [preauth]
Oct 14 21:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: Received disconnect from 41.93.28.23 port 53918:11: Bye Bye [preauth]
Oct 14 21:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: Disconnected from 41.93.28.23 port 53918 [preauth]
Oct 14 21:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20121]: pam_unix(cron:session): session closed for user root
Oct 14 21:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: Invalid user simon from 64.119.29.140
Oct 14 21:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: input_userauth_request: invalid user simon [preauth]
Oct 14 21:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140
Oct 14 21:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: Failed password for invalid user simon from 64.119.29.140 port 58046 ssh2
Oct 14 21:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: Received disconnect from 64.119.29.140 port 58046:11: Bye Bye [preauth]
Oct 14 21:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21714]: Disconnected from 64.119.29.140 port 58046 [preauth]
Oct 14 21:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143  user=root
Oct 14 21:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: Failed password for root from 190.108.76.143 port 16582 ssh2
Oct 14 21:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: Received disconnect from 190.108.76.143 port 16582:11: Bye Bye [preauth]
Oct 14 21:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21758]: Disconnected from 190.108.76.143 port 16582 [preauth]
Oct 14 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21772]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21776]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21770]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21849]: Successful su for rubyman by root
Oct 14 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21849]: + ??? root:rubyman
Oct 14 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413749 of user rubyman.
Oct 14 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21849]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413749.
Oct 14 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21830]: Invalid user alba from 202.125.94.71
Oct 14 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21830]: input_userauth_request: invalid user alba [preauth]
Oct 14 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21830]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71
Oct 14 21:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21830]: Failed password for invalid user alba from 202.125.94.71 port 55588 ssh2
Oct 14 21:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21830]: Received disconnect from 202.125.94.71 port 55588:11: Bye Bye [preauth]
Oct 14 21:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21830]: Disconnected from 202.125.94.71 port 55588 [preauth]
Oct 14 21:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17941]: pam_unix(cron:session): session closed for user root
Oct 14 21:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21771]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123  user=root
Oct 14 21:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: Failed password for root from 107.175.189.123 port 56516 ssh2
Oct 14 21:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: Received disconnect from 107.175.189.123 port 56516:11: Bye Bye [preauth]
Oct 14 21:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: Disconnected from 107.175.189.123 port 56516 [preauth]
Oct 14 21:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20734]: pam_unix(cron:session): session closed for user root
Oct 14 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22284]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22285]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22282]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22354]: Successful su for rubyman by root
Oct 14 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22354]: + ??? root:rubyman
Oct 14 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413753 of user rubyman.
Oct 14 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22354]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413753.
Oct 14 21:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 14 21:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18674]: pam_unix(cron:session): session closed for user root
Oct 14 21:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22455]: Failed password for root from 190.103.202.7 port 54522 ssh2
Oct 14 21:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22455]: Connection closed by 190.103.202.7 port 54522 [preauth]
Oct 14 21:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: Invalid user dara from 186.124.138.154
Oct 14 21:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: input_userauth_request: invalid user dara [preauth]
Oct 14 21:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 21:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: Invalid user teste from 185.156.73.233
Oct 14 21:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: input_userauth_request: invalid user teste [preauth]
Oct 14 21:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: Failed password for invalid user dara from 186.124.138.154 port 60140 ssh2
Oct 14 21:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 14 21:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: Received disconnect from 186.124.138.154 port 60140:11: Bye Bye [preauth]
Oct 14 21:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22551]: Disconnected from 186.124.138.154 port 60140 [preauth]
Oct 14 21:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: Failed password for invalid user teste from 185.156.73.233 port 23284 ssh2
Oct 14 21:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22555]: Connection closed by 185.156.73.233 port 23284 [preauth]
Oct 14 21:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22283]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: Invalid user juan from 64.119.29.140
Oct 14 21:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: input_userauth_request: invalid user juan [preauth]
Oct 14 21:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140
Oct 14 21:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23  user=root
Oct 14 21:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: Failed password for invalid user juan from 64.119.29.140 port 33024 ssh2
Oct 14 21:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: Failed password for root from 41.93.28.23 port 56724 ssh2
Oct 14 21:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: Received disconnect from 64.119.29.140 port 33024:11: Bye Bye [preauth]
Oct 14 21:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: Disconnected from 64.119.29.140 port 33024 [preauth]
Oct 14 21:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: Received disconnect from 41.93.28.23 port 56724:11: Bye Bye [preauth]
Oct 14 21:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: Disconnected from 41.93.28.23 port 56724 [preauth]
Oct 14 21:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21224]: pam_unix(cron:session): session closed for user root
Oct 14 21:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22892]: Invalid user dara from 202.125.94.71
Oct 14 21:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22892]: input_userauth_request: invalid user dara [preauth]
Oct 14 21:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22892]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71
Oct 14 21:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Invalid user morteza from 107.175.189.123
Oct 14 21:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: input_userauth_request: invalid user morteza [preauth]
Oct 14 21:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123
Oct 14 21:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22892]: Failed password for invalid user dara from 202.125.94.71 port 60666 ssh2
Oct 14 21:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Failed password for invalid user morteza from 107.175.189.123 port 36960 ssh2
Oct 14 21:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Received disconnect from 107.175.189.123 port 36960:11: Bye Bye [preauth]
Oct 14 21:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22905]: Disconnected from 107.175.189.123 port 36960 [preauth]
Oct 14 21:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22892]: Received disconnect from 202.125.94.71 port 60666:11: Bye Bye [preauth]
Oct 14 21:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22892]: Disconnected from 202.125.94.71 port 60666 [preauth]
Oct 14 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22956]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22955]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22953]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23188]: Successful su for rubyman by root
Oct 14 21:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23188]: + ??? root:rubyman
Oct 14 21:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413756 of user rubyman.
Oct 14 21:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23188]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413756.
Oct 14 21:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19301]: pam_unix(cron:session): session closed for user root
Oct 14 21:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22954]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21776]: pam_unix(cron:session): session closed for user root
Oct 14 21:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: Invalid user weblogic from 186.124.138.154
Oct 14 21:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: input_userauth_request: invalid user weblogic [preauth]
Oct 14 21:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 21:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: Invalid user ubuntu from 64.119.29.140
Oct 14 21:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 21:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140
Oct 14 21:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: Failed password for invalid user weblogic from 186.124.138.154 port 33334 ssh2
Oct 14 21:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: Received disconnect from 186.124.138.154 port 33334:11: Bye Bye [preauth]
Oct 14 21:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: Disconnected from 186.124.138.154 port 33334 [preauth]
Oct 14 21:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: Failed password for invalid user ubuntu from 64.119.29.140 port 47034 ssh2
Oct 14 21:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: Received disconnect from 64.119.29.140 port 47034:11: Bye Bye [preauth]
Oct 14 21:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: Disconnected from 64.119.29.140 port 47034 [preauth]
Oct 14 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23940]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23935]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23934]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23939]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23940]: pam_unix(cron:session): session closed for user root
Oct 14 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23931]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24022]: Successful su for rubyman by root
Oct 14 21:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24022]: + ??? root:rubyman
Oct 14 21:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413760 of user rubyman.
Oct 14 21:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24022]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413760.
Oct 14 21:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24170]: Invalid user prueba from 107.175.189.123
Oct 14 21:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24170]: input_userauth_request: invalid user prueba [preauth]
Oct 14 21:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24170]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123
Oct 14 21:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23934]: pam_unix(cron:session): session closed for user root
Oct 14 21:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20120]: pam_unix(cron:session): session closed for user root
Oct 14 21:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24170]: Failed password for invalid user prueba from 107.175.189.123 port 45642 ssh2
Oct 14 21:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24170]: Received disconnect from 107.175.189.123 port 45642:11: Bye Bye [preauth]
Oct 14 21:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24170]: Disconnected from 107.175.189.123 port 45642 [preauth]
Oct 14 21:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23932]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23  user=root
Oct 14 21:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24365]: Invalid user cris from 202.125.94.71
Oct 14 21:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24365]: input_userauth_request: invalid user cris [preauth]
Oct 14 21:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24365]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71
Oct 14 21:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: Failed password for root from 41.93.28.23 port 48586 ssh2
Oct 14 21:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: Received disconnect from 41.93.28.23 port 48586:11: Bye Bye [preauth]
Oct 14 21:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: Disconnected from 41.93.28.23 port 48586 [preauth]
Oct 14 21:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24365]: Failed password for invalid user cris from 202.125.94.71 port 37588 ssh2
Oct 14 21:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24365]: Received disconnect from 202.125.94.71 port 37588:11: Bye Bye [preauth]
Oct 14 21:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24365]: Disconnected from 202.125.94.71 port 37588 [preauth]
Oct 14 21:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22285]: pam_unix(cron:session): session closed for user root
Oct 14 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24513]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24514]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24509]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24604]: Successful su for rubyman by root
Oct 14 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24604]: + ??? root:rubyman
Oct 14 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413767 of user rubyman.
Oct 14 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24604]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413767.
Oct 14 21:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20733]: pam_unix(cron:session): session closed for user root
Oct 14 21:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24510]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24881]: Invalid user systems from 64.119.29.140
Oct 14 21:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24881]: input_userauth_request: invalid user systems [preauth]
Oct 14 21:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24881]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140
Oct 14 21:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24898]: Invalid user alba from 107.175.189.123
Oct 14 21:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24898]: input_userauth_request: invalid user alba [preauth]
Oct 14 21:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24898]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123
Oct 14 21:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24881]: Failed password for invalid user systems from 64.119.29.140 port 56430 ssh2
Oct 14 21:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24881]: Received disconnect from 64.119.29.140 port 56430:11: Bye Bye [preauth]
Oct 14 21:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24881]: Disconnected from 64.119.29.140 port 56430 [preauth]
Oct 14 21:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24898]: Failed password for invalid user alba from 107.175.189.123 port 54320 ssh2
Oct 14 21:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24898]: Received disconnect from 107.175.189.123 port 54320:11: Bye Bye [preauth]
Oct 14 21:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24898]: Disconnected from 107.175.189.123 port 54320 [preauth]
Oct 14 21:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: Invalid user prueba1 from 186.124.138.154
Oct 14 21:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: input_userauth_request: invalid user prueba1 [preauth]
Oct 14 21:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 21:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22956]: pam_unix(cron:session): session closed for user root
Oct 14 21:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: Failed password for invalid user prueba1 from 186.124.138.154 port 44732 ssh2
Oct 14 21:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: Received disconnect from 186.124.138.154 port 44732:11: Bye Bye [preauth]
Oct 14 21:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24920]: Disconnected from 186.124.138.154 port 44732 [preauth]
Oct 14 21:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: Bad protocol version identification 'GET / HTTP/1.1' from 64.62.156.162 port 17534
Oct 14 21:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: Bad protocol version identification '\026\003\001' from 184.105.247.252 port 59158
Oct 14 21:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: Invalid user dev from 202.125.94.71
Oct 14 21:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: input_userauth_request: invalid user dev [preauth]
Oct 14 21:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71
Oct 14 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25029]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25030]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25027]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: Failed password for invalid user dev from 202.125.94.71 port 42746 ssh2
Oct 14 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: Received disconnect from 202.125.94.71 port 42746:11: Bye Bye [preauth]
Oct 14 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: Disconnected from 202.125.94.71 port 42746 [preauth]
Oct 14 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: Successful su for rubyman by root
Oct 14 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: + ??? root:rubyman
Oct 14 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413770 of user rubyman.
Oct 14 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413770.
Oct 14 21:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21223]: pam_unix(cron:session): session closed for user root
Oct 14 21:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25028]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25600]: Invalid user sysadmin from 190.108.76.143
Oct 14 21:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25600]: input_userauth_request: invalid user sysadmin [preauth]
Oct 14 21:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25600]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 21:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25600]: Failed password for invalid user sysadmin from 190.108.76.143 port 27192 ssh2
Oct 14 21:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25600]: Received disconnect from 190.108.76.143 port 27192:11: Bye Bye [preauth]
Oct 14 21:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25600]: Disconnected from 190.108.76.143 port 27192 [preauth]
Oct 14 21:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: Invalid user jira from 41.93.28.23
Oct 14 21:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: input_userauth_request: invalid user jira [preauth]
Oct 14 21:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 21:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: Failed password for invalid user jira from 41.93.28.23 port 49014 ssh2
Oct 14 21:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: Received disconnect from 41.93.28.23 port 49014:11: Bye Bye [preauth]
Oct 14 21:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25602]: Disconnected from 41.93.28.23 port 49014 [preauth]
Oct 14 21:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23939]: pam_unix(cron:session): session closed for user root
Oct 14 21:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123  user=root
Oct 14 21:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: Failed password for root from 107.175.189.123 port 34756 ssh2
Oct 14 21:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: Received disconnect from 107.175.189.123 port 34756:11: Bye Bye [preauth]
Oct 14 21:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25713]: Disconnected from 107.175.189.123 port 34756 [preauth]
Oct 14 21:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: Invalid user prueba1 from 64.119.29.140
Oct 14 21:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: input_userauth_request: invalid user prueba1 [preauth]
Oct 14 21:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140
Oct 14 21:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: Failed password for invalid user prueba1 from 64.119.29.140 port 42764 ssh2
Oct 14 21:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: Received disconnect from 64.119.29.140 port 42764:11: Bye Bye [preauth]
Oct 14 21:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: Disconnected from 64.119.29.140 port 42764 [preauth]
Oct 14 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25742]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25741]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25739]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25911]: Successful su for rubyman by root
Oct 14 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25911]: + ??? root:rubyman
Oct 14 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413774 of user rubyman.
Oct 14 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25911]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413774.
Oct 14 21:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21772]: pam_unix(cron:session): session closed for user root
Oct 14 21:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: Invalid user prueba from 186.124.138.154
Oct 14 21:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: input_userauth_request: invalid user prueba [preauth]
Oct 14 21:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 21:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25740]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: Failed password for invalid user prueba from 186.124.138.154 port 42098 ssh2
Oct 14 21:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: Received disconnect from 186.124.138.154 port 42098:11: Bye Bye [preauth]
Oct 14 21:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: Disconnected from 186.124.138.154 port 42098 [preauth]
Oct 14 21:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: Invalid user rramirez from 202.125.94.71
Oct 14 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: input_userauth_request: invalid user rramirez [preauth]
Oct 14 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71
Oct 14 21:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: Failed password for invalid user rramirez from 202.125.94.71 port 47956 ssh2
Oct 14 21:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: Received disconnect from 202.125.94.71 port 47956:11: Bye Bye [preauth]
Oct 14 21:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26215]: Disconnected from 202.125.94.71 port 47956 [preauth]
Oct 14 21:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24514]: pam_unix(cron:session): session closed for user root
Oct 14 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26316]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26315]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26312]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26400]: Successful su for rubyman by root
Oct 14 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26400]: + ??? root:rubyman
Oct 14 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413778 of user rubyman.
Oct 14 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26400]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413778.
Oct 14 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: Invalid user odoo from 190.108.76.143
Oct 14 21:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: input_userauth_request: invalid user odoo [preauth]
Oct 14 21:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: Failed password for invalid user odoo from 190.108.76.143 port 30176 ssh2
Oct 14 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: Received disconnect from 190.108.76.143 port 30176:11: Bye Bye [preauth]
Oct 14 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: Disconnected from 190.108.76.143 port 30176 [preauth]
Oct 14 21:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22284]: pam_unix(cron:session): session closed for user root
Oct 14 21:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: Invalid user deamon from 41.93.28.23
Oct 14 21:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: input_userauth_request: invalid user deamon [preauth]
Oct 14 21:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 21:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: Failed password for invalid user deamon from 41.93.28.23 port 34384 ssh2
Oct 14 21:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26313]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: Received disconnect from 41.93.28.23 port 34384:11: Bye Bye [preauth]
Oct 14 21:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26710]: Disconnected from 41.93.28.23 port 34384 [preauth]
Oct 14 21:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123  user=root
Oct 14 21:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140  user=root
Oct 14 21:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: Failed password for root from 107.175.189.123 port 43432 ssh2
Oct 14 21:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: Received disconnect from 107.175.189.123 port 43432:11: Bye Bye [preauth]
Oct 14 21:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26764]: Disconnected from 107.175.189.123 port 43432 [preauth]
Oct 14 21:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26775]: Failed password for root from 64.119.29.140 port 32810 ssh2
Oct 14 21:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26775]: Received disconnect from 64.119.29.140 port 32810:11: Bye Bye [preauth]
Oct 14 21:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26775]: Disconnected from 64.119.29.140 port 32810 [preauth]
Oct 14 21:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25030]: pam_unix(cron:session): session closed for user root
Oct 14 21:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: Invalid user squid from 185.156.73.233
Oct 14 21:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: input_userauth_request: invalid user squid [preauth]
Oct 14 21:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 14 21:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: Failed password for invalid user squid from 185.156.73.233 port 32834 ssh2
Oct 14 21:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: Connection closed by 185.156.73.233 port 32834 [preauth]
Oct 14 21:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: Invalid user ubuntu from 186.124.138.154
Oct 14 21:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 21:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 21:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: Failed password for invalid user ubuntu from 186.124.138.154 port 36190 ssh2
Oct 14 21:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: Received disconnect from 186.124.138.154 port 36190:11: Bye Bye [preauth]
Oct 14 21:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: Disconnected from 186.124.138.154 port 36190 [preauth]
Oct 14 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27021]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27017]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27022]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27013]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27022]: pam_unix(cron:session): session closed for user root
Oct 14 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27007]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27212]: Successful su for rubyman by root
Oct 14 21:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27212]: + ??? root:rubyman
Oct 14 21:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413785 of user rubyman.
Oct 14 21:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27212]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413785.
Oct 14 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71  user=root
Oct 14 21:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: Failed password for root from 202.125.94.71 port 53004 ssh2
Oct 14 21:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: Received disconnect from 202.125.94.71 port 53004:11: Bye Bye [preauth]
Oct 14 21:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27238]: Disconnected from 202.125.94.71 port 53004 [preauth]
Oct 14 21:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27013]: pam_unix(cron:session): session closed for user root
Oct 14 21:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22955]: pam_unix(cron:session): session closed for user root
Oct 14 21:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27008]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25742]: pam_unix(cron:session): session closed for user root
Oct 14 21:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27887]: Invalid user cris from 64.119.29.140
Oct 14 21:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27887]: input_userauth_request: invalid user cris [preauth]
Oct 14 21:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27887]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140
Oct 14 21:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27887]: Failed password for invalid user cris from 64.119.29.140 port 50286 ssh2
Oct 14 21:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27887]: Received disconnect from 64.119.29.140 port 50286:11: Bye Bye [preauth]
Oct 14 21:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27887]: Disconnected from 64.119.29.140 port 50286 [preauth]
Oct 14 21:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Invalid user builduser from 190.108.76.143
Oct 14 21:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: input_userauth_request: invalid user builduser [preauth]
Oct 14 21:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 21:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Failed password for invalid user builduser from 190.108.76.143 port 10885 ssh2
Oct 14 21:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Received disconnect from 190.108.76.143 port 10885:11: Bye Bye [preauth]
Oct 14 21:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Disconnected from 190.108.76.143 port 10885 [preauth]
Oct 14 21:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123  user=root
Oct 14 21:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27922]: Failed password for root from 107.175.189.123 port 52116 ssh2
Oct 14 21:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27922]: Received disconnect from 107.175.189.123 port 52116:11: Bye Bye [preauth]
Oct 14 21:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27922]: Disconnected from 107.175.189.123 port 52116 [preauth]
Oct 14 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27942]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27941]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27938]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28031]: Successful su for rubyman by root
Oct 14 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28031]: + ??? root:rubyman
Oct 14 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413788 of user rubyman.
Oct 14 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28031]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413788.
Oct 14 21:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23935]: pam_unix(cron:session): session closed for user root
Oct 14 21:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23  user=root
Oct 14 21:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27939]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28239]: Failed password for root from 41.93.28.23 port 36280 ssh2
Oct 14 21:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28239]: Received disconnect from 41.93.28.23 port 36280:11: Bye Bye [preauth]
Oct 14 21:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28239]: Disconnected from 41.93.28.23 port 36280 [preauth]
Oct 14 21:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: Invalid user alba from 186.124.138.154
Oct 14 21:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: input_userauth_request: invalid user alba [preauth]
Oct 14 21:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 21:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: Failed password for invalid user alba from 186.124.138.154 port 50034 ssh2
Oct 14 21:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: Received disconnect from 186.124.138.154 port 50034:11: Bye Bye [preauth]
Oct 14 21:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: Disconnected from 186.124.138.154 port 50034 [preauth]
Oct 14 21:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26316]: pam_unix(cron:session): session closed for user root
Oct 14 21:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71  user=root
Oct 14 21:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28377]: Failed password for root from 202.125.94.71 port 58182 ssh2
Oct 14 21:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28377]: Received disconnect from 202.125.94.71 port 58182:11: Bye Bye [preauth]
Oct 14 21:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28377]: Disconnected from 202.125.94.71 port 58182 [preauth]
Oct 14 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28458]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28600]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28455]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28753]: Successful su for rubyman by root
Oct 14 21:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28753]: + ??? root:rubyman
Oct 14 21:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28753]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413794 of user rubyman.
Oct 14 21:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28753]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413794.
Oct 14 21:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24513]: pam_unix(cron:session): session closed for user root
Oct 14 21:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28457]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140  user=root
Oct 14 21:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29124]: Failed password for root from 64.119.29.140 port 49214 ssh2
Oct 14 21:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29124]: Received disconnect from 64.119.29.140 port 49214:11: Bye Bye [preauth]
Oct 14 21:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29124]: Disconnected from 64.119.29.140 port 49214 [preauth]
Oct 14 21:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29184]: Invalid user weblogic from 107.175.189.123
Oct 14 21:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29184]: input_userauth_request: invalid user weblogic [preauth]
Oct 14 21:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29184]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123
Oct 14 21:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29184]: Failed password for invalid user weblogic from 107.175.189.123 port 60802 ssh2
Oct 14 21:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29184]: Received disconnect from 107.175.189.123 port 60802:11: Bye Bye [preauth]
Oct 14 21:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29184]: Disconnected from 107.175.189.123 port 60802 [preauth]
Oct 14 21:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27021]: pam_unix(cron:session): session closed for user root
Oct 14 21:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: Invalid user test1 from 190.108.76.143
Oct 14 21:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: input_userauth_request: invalid user test1 [preauth]
Oct 14 21:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 21:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: Failed password for invalid user test1 from 190.108.76.143 port 28313 ssh2
Oct 14 21:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: Received disconnect from 190.108.76.143 port 28313:11: Bye Bye [preauth]
Oct 14 21:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: Disconnected from 190.108.76.143 port 28313 [preauth]
Oct 14 21:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Invalid user dev from 74.94.234.151
Oct 14 21:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: input_userauth_request: invalid user dev [preauth]
Oct 14 21:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 21:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Failed password for invalid user dev from 74.94.234.151 port 38948 ssh2
Oct 14 21:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Received disconnect from 74.94.234.151 port 38948:11: Bye Bye [preauth]
Oct 14 21:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Disconnected from 74.94.234.151 port 38948 [preauth]
Oct 14 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29284]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29290]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29279]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29368]: Successful su for rubyman by root
Oct 14 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29368]: + ??? root:rubyman
Oct 14 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29368]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413797 of user rubyman.
Oct 14 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29368]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413797.
Oct 14 21:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25029]: pam_unix(cron:session): session closed for user root
Oct 14 21:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: Connection reset by 147.185.132.57 port 65316 [preauth]
Oct 14 21:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 21:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: Failed password for root from 186.124.138.154 port 53206 ssh2
Oct 14 21:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: Received disconnect from 186.124.138.154 port 53206:11: Bye Bye [preauth]
Oct 14 21:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: Disconnected from 186.124.138.154 port 53206 [preauth]
Oct 14 21:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29280]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23  user=root
Oct 14 21:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: Failed password for root from 41.93.28.23 port 56860 ssh2
Oct 14 21:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: Received disconnect from 41.93.28.23 port 56860:11: Bye Bye [preauth]
Oct 14 21:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: Disconnected from 41.93.28.23 port 56860 [preauth]
Oct 14 21:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71  user=root
Oct 14 21:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: Failed password for root from 202.125.94.71 port 35222 ssh2
Oct 14 21:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: Received disconnect from 202.125.94.71 port 35222:11: Bye Bye [preauth]
Oct 14 21:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: Disconnected from 202.125.94.71 port 35222 [preauth]
Oct 14 21:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27942]: pam_unix(cron:session): session closed for user root
Oct 14 21:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29773]: Invalid user dara from 64.119.29.140
Oct 14 21:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29773]: input_userauth_request: invalid user dara [preauth]
Oct 14 21:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29773]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140
Oct 14 21:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29773]: Failed password for invalid user dara from 64.119.29.140 port 51044 ssh2
Oct 14 21:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29773]: Received disconnect from 64.119.29.140 port 51044:11: Bye Bye [preauth]
Oct 14 21:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29773]: Disconnected from 64.119.29.140 port 51044 [preauth]
Oct 14 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29791]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29792]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29789]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29789]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29881]: Successful su for rubyman by root
Oct 14 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29881]: + ??? root:rubyman
Oct 14 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413800 of user rubyman.
Oct 14 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29881]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413800.
Oct 14 21:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25741]: pam_unix(cron:session): session closed for user root
Oct 14 21:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: Invalid user sonu from 8.219.52.199
Oct 14 21:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: input_userauth_request: invalid user sonu [preauth]
Oct 14 21:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.219.52.199
Oct 14 21:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: Failed password for invalid user sonu from 8.219.52.199 port 56312 ssh2
Oct 14 21:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: Received disconnect from 8.219.52.199 port 56312:11: Bye Bye [preauth]
Oct 14 21:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: Disconnected from 8.219.52.199 port 56312 [preauth]
Oct 14 21:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29790]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.6.88  user=root
Oct 14 21:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: Failed password for root from 47.236.6.88 port 58302 ssh2
Oct 14 21:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123  user=root
Oct 14 21:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: Received disconnect from 47.236.6.88 port 58302:11: Bye Bye [preauth]
Oct 14 21:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: Disconnected from 47.236.6.88 port 58302 [preauth]
Oct 14 21:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: Failed password for root from 107.175.189.123 port 41258 ssh2
Oct 14 21:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: Received disconnect from 107.175.189.123 port 41258:11: Bye Bye [preauth]
Oct 14 21:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: Disconnected from 107.175.189.123 port 41258 [preauth]
Oct 14 21:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: Did not receive identification string from 165.154.205.83
Oct 14 21:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: Invalid user amir from 190.108.76.143
Oct 14 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: input_userauth_request: invalid user amir [preauth]
Oct 14 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 21:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: Failed password for invalid user amir from 190.108.76.143 port 30771 ssh2
Oct 14 21:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: Received disconnect from 190.108.76.143 port 30771:11: Bye Bye [preauth]
Oct 14 21:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: Disconnected from 190.108.76.143 port 30771 [preauth]
Oct 14 21:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28600]: pam_unix(cron:session): session closed for user root
Oct 14 21:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: Invalid user naim from 186.124.138.154
Oct 14 21:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: input_userauth_request: invalid user naim [preauth]
Oct 14 21:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 21:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: Failed password for invalid user naim from 186.124.138.154 port 33352 ssh2
Oct 14 21:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: Received disconnect from 186.124.138.154 port 33352:11: Bye Bye [preauth]
Oct 14 21:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: Disconnected from 186.124.138.154 port 33352 [preauth]
Oct 14 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30350]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30348]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30346]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30349]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30340]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30350]: pam_unix(cron:session): session closed for user root
Oct 14 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30340]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30432]: Successful su for rubyman by root
Oct 14 21:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30432]: + ??? root:rubyman
Oct 14 21:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413807 of user rubyman.
Oct 14 21:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30432]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413807.
Oct 14 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71  user=root
Oct 14 21:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: Failed password for root from 202.125.94.71 port 41386 ssh2
Oct 14 21:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: Received disconnect from 202.125.94.71 port 41386:11: Bye Bye [preauth]
Oct 14 21:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: Disconnected from 202.125.94.71 port 41386 [preauth]
Oct 14 21:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30346]: pam_unix(cron:session): session closed for user root
Oct 14 21:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26315]: pam_unix(cron:session): session closed for user root
Oct 14 21:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30345]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: Invalid user adu from 41.93.28.23
Oct 14 21:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: input_userauth_request: invalid user adu [preauth]
Oct 14 21:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 21:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: Failed password for invalid user adu from 41.93.28.23 port 60130 ssh2
Oct 14 21:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: Received disconnect from 41.93.28.23 port 60130:11: Bye Bye [preauth]
Oct 14 21:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: Disconnected from 41.93.28.23 port 60130 [preauth]
Oct 14 21:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140  user=root
Oct 14 21:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30823]: Failed password for root from 64.119.29.140 port 33698 ssh2
Oct 14 21:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30823]: Received disconnect from 64.119.29.140 port 33698:11: Bye Bye [preauth]
Oct 14 21:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30823]: Disconnected from 64.119.29.140 port 33698 [preauth]
Oct 14 21:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29290]: pam_unix(cron:session): session closed for user root
Oct 14 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30936]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30935]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30933]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123  user=root
Oct 14 21:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31044]: Successful su for rubyman by root
Oct 14 21:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31044]: + ??? root:rubyman
Oct 14 21:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31044]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413811 of user rubyman.
Oct 14 21:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31044]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413811.
Oct 14 21:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: Failed password for root from 107.175.189.123 port 49950 ssh2
Oct 14 21:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: Received disconnect from 107.175.189.123 port 49950:11: Bye Bye [preauth]
Oct 14 21:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31016]: Disconnected from 107.175.189.123 port 49950 [preauth]
Oct 14 21:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: Invalid user teamspeak from 74.94.234.151
Oct 14 21:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: input_userauth_request: invalid user teamspeak [preauth]
Oct 14 21:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 21:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: Failed password for invalid user teamspeak from 74.94.234.151 port 33242 ssh2
Oct 14 21:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: Received disconnect from 74.94.234.151 port 33242:11: Bye Bye [preauth]
Oct 14 21:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31077]: Disconnected from 74.94.234.151 port 33242 [preauth]
Oct 14 21:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27017]: pam_unix(cron:session): session closed for user root
Oct 14 21:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30934]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: Invalid user botuser from 190.108.76.143
Oct 14 21:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: input_userauth_request: invalid user botuser [preauth]
Oct 14 21:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 21:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: Failed password for invalid user botuser from 190.108.76.143 port 1878 ssh2
Oct 14 21:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: Received disconnect from 190.108.76.143 port 1878:11: Bye Bye [preauth]
Oct 14 21:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: Disconnected from 190.108.76.143 port 1878 [preauth]
Oct 14 21:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29792]: pam_unix(cron:session): session closed for user root
Oct 14 21:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 21:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31370]: Failed password for root from 186.124.138.154 port 57152 ssh2
Oct 14 21:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31370]: Received disconnect from 186.124.138.154 port 57152:11: Bye Bye [preauth]
Oct 14 21:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31370]: Disconnected from 186.124.138.154 port 57152 [preauth]
Oct 14 21:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: Invalid user morteza from 202.125.94.71
Oct 14 21:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: input_userauth_request: invalid user morteza [preauth]
Oct 14 21:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71
Oct 14 21:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: Failed password for invalid user morteza from 202.125.94.71 port 46884 ssh2
Oct 14 21:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: Received disconnect from 202.125.94.71 port 46884:11: Bye Bye [preauth]
Oct 14 21:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31383]: Disconnected from 202.125.94.71 port 46884 [preauth]
Oct 14 21:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140  user=root
Oct 14 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31495]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31493]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31491]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31681]: Successful su for rubyman by root
Oct 14 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31681]: + ??? root:rubyman
Oct 14 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413815 of user rubyman.
Oct 14 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31681]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413815.
Oct 14 21:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: Failed password for root from 64.119.29.140 port 35774 ssh2
Oct 14 21:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: Received disconnect from 64.119.29.140 port 35774:11: Bye Bye [preauth]
Oct 14 21:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: Disconnected from 64.119.29.140 port 35774 [preauth]
Oct 14 21:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27941]: pam_unix(cron:session): session closed for user root
Oct 14 21:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31492]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31938]: Invalid user peiyuhui from 41.93.28.23
Oct 14 21:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31938]: input_userauth_request: invalid user peiyuhui [preauth]
Oct 14 21:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31938]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 21:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31938]: Failed password for invalid user peiyuhui from 41.93.28.23 port 56420 ssh2
Oct 14 21:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31938]: Received disconnect from 41.93.28.23 port 56420:11: Bye Bye [preauth]
Oct 14 21:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31938]: Disconnected from 41.93.28.23 port 56420 [preauth]
Oct 14 21:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30349]: pam_unix(cron:session): session closed for user root
Oct 14 21:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32022]: Invalid user prueba1 from 107.175.189.123
Oct 14 21:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32022]: input_userauth_request: invalid user prueba1 [preauth]
Oct 14 21:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32022]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123
Oct 14 21:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32022]: Failed password for invalid user prueba1 from 107.175.189.123 port 58642 ssh2
Oct 14 21:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32022]: Received disconnect from 107.175.189.123 port 58642:11: Bye Bye [preauth]
Oct 14 21:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32022]: Disconnected from 107.175.189.123 port 58642 [preauth]
Oct 14 21:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: User ftp from 74.94.234.151 not allowed because not listed in AllowUsers
Oct 14 21:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: input_userauth_request: invalid user ftp [preauth]
Oct 14 21:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151  user=ftp
Oct 14 21:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Failed password for invalid user ftp from 74.94.234.151 port 37790 ssh2
Oct 14 21:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Received disconnect from 74.94.234.151 port 37790:11: Bye Bye [preauth]
Oct 14 21:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Disconnected from 74.94.234.151 port 37790 [preauth]
Oct 14 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32091]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32090]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32083]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32236]: Successful su for rubyman by root
Oct 14 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32236]: + ??? root:rubyman
Oct 14 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32236]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413818 of user rubyman.
Oct 14 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32236]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413818.
Oct 14 21:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28458]: pam_unix(cron:session): session closed for user root
Oct 14 21:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32086]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71  user=root
Oct 14 21:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 21:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Failed password for root from 202.125.94.71 port 51978 ssh2
Oct 14 21:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Received disconnect from 202.125.94.71 port 51978:11: Bye Bye [preauth]
Oct 14 21:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Disconnected from 202.125.94.71 port 51978 [preauth]
Oct 14 21:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: Failed password for root from 186.124.138.154 port 59210 ssh2
Oct 14 21:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: Received disconnect from 186.124.138.154 port 59210:11: Bye Bye [preauth]
Oct 14 21:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32495]: Disconnected from 186.124.138.154 port 59210 [preauth]
Oct 14 21:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140  user=root
Oct 14 21:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30936]: pam_unix(cron:session): session closed for user root
Oct 14 21:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: Failed password for root from 64.119.29.140 port 38734 ssh2
Oct 14 21:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: Received disconnect from 64.119.29.140 port 38734:11: Bye Bye [preauth]
Oct 14 21:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32523]: Disconnected from 64.119.29.140 port 38734 [preauth]
Oct 14 21:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: User john from 42.49.216.35 not allowed because not listed in AllowUsers
Oct 14 21:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: input_userauth_request: invalid user john [preauth]
Oct 14 21:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.49.216.35  user=john
Oct 14 21:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Failed password for invalid user john from 42.49.216.35 port 50014 ssh2
Oct 14 21:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Received disconnect from 42.49.216.35 port 50014:11: Bye Bye [preauth]
Oct 14 21:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Disconnected from 42.49.216.35 port 50014 [preauth]
Oct 14 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32629]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32628]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32625]: pam_unix(cron:session): session closed for user p13x
Oct 14 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32699]: Successful su for rubyman by root
Oct 14 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32699]: + ??? root:rubyman
Oct 14 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413822 of user rubyman.
Oct 14 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32699]: pam_unix(su:session): session closed for user rubyman
Oct 14 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413822.
Oct 14 21:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29284]: pam_unix(cron:session): session closed for user root
Oct 14 21:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32626]: pam_unix(cron:session): session closed for user samftp
Oct 14 21:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: Invalid user dev from 107.175.189.123
Oct 14 21:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: input_userauth_request: invalid user dev [preauth]
Oct 14 21:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123
Oct 14 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[543]: Invalid user dreambox from 41.93.28.23
Oct 14 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[543]: input_userauth_request: invalid user dreambox [preauth]
Oct 14 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[543]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Invalid user lichan from 20.163.71.109
Oct 14 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: input_userauth_request: invalid user lichan [preauth]
Oct 14 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 21:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: Failed password for invalid user dev from 107.175.189.123 port 39106 ssh2
Oct 14 21:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: Received disconnect from 107.175.189.123 port 39106:11: Bye Bye [preauth]
Oct 14 21:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: Disconnected from 107.175.189.123 port 39106 [preauth]
Oct 14 21:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[543]: Failed password for invalid user dreambox from 41.93.28.23 port 55808 ssh2
Oct 14 21:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[543]: Received disconnect from 41.93.28.23 port 55808:11: Bye Bye [preauth]
Oct 14 21:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[543]: Disconnected from 41.93.28.23 port 55808 [preauth]
Oct 14 21:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Failed password for invalid user lichan from 20.163.71.109 port 33854 ssh2
Oct 14 21:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Connection closed by 20.163.71.109 port 33854 [preauth]
Oct 14 21:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31495]: pam_unix(cron:session): session closed for user root
Oct 14 21:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 21:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: Invalid user a from 74.94.234.151
Oct 14 21:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: input_userauth_request: invalid user a [preauth]
Oct 14 21:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 21:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 21:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: Failed password for invalid user a from 74.94.234.151 port 42332 ssh2
Oct 14 21:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: Received disconnect from 74.94.234.151 port 42332:11: Bye Bye [preauth]
Oct 14 21:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: Disconnected from 74.94.234.151 port 42332 [preauth]
Oct 14 22:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143  user=root
Oct 14 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[648]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[642]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[637]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[639]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[638]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[641]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[640]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[648]: pam_unix(cron:session): session closed for user root
Oct 14 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[639]: pam_unix(cron:session): session closed for user root
Oct 14 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[637]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: Failed password for root from 190.108.76.143 port 28478 ssh2
Oct 14 22:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: Received disconnect from 190.108.76.143 port 28478:11: Bye Bye [preauth]
Oct 14 22:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[626]: Disconnected from 190.108.76.143 port 28478 [preauth]
Oct 14 22:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[770]: Successful su for rubyman by root
Oct 14 22:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[770]: + ??? root:rubyman
Oct 14 22:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413827 of user rubyman.
Oct 14 22:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[770]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413827.
Oct 14 22:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: Invalid user lichan from 20.163.71.109
Oct 14 22:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: input_userauth_request: invalid user lichan [preauth]
Oct 14 22:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 14 22:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: Failed password for invalid user lichan from 20.163.71.109 port 40758 ssh2
Oct 14 22:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: Connection closed by 20.163.71.109 port 40758 [preauth]
Oct 14 22:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[967]: Invalid user user from 202.125.94.71
Oct 14 22:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[967]: input_userauth_request: invalid user user [preauth]
Oct 14 22:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[967]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71
Oct 14 22:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140  user=root
Oct 14 22:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 22:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[967]: Failed password for invalid user user from 202.125.94.71 port 57132 ssh2
Oct 14 22:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[967]: Received disconnect from 202.125.94.71 port 57132:11: Bye Bye [preauth]
Oct 14 22:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[967]: Disconnected from 202.125.94.71 port 57132 [preauth]
Oct 14 22:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: Failed password for root from 64.119.29.140 port 46632 ssh2
Oct 14 22:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: Received disconnect from 64.119.29.140 port 46632:11: Bye Bye [preauth]
Oct 14 22:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: Disconnected from 64.119.29.140 port 46632 [preauth]
Oct 14 22:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29791]: pam_unix(cron:session): session closed for user root
Oct 14 22:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[640]: pam_unix(cron:session): session closed for user root
Oct 14 22:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1002]: Failed password for root from 161.35.210.149 port 38866 ssh2
Oct 14 22:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1002]: Connection closed by 161.35.210.149 port 38866 [preauth]
Oct 14 22:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1072]: Invalid user admin from 161.35.210.149
Oct 14 22:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1072]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1072]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 22:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1072]: Failed password for invalid user admin from 161.35.210.149 port 42576 ssh2
Oct 14 22:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1072]: Connection closed by 161.35.210.149 port 42576 [preauth]
Oct 14 22:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: Failed password for root from 186.124.138.154 port 52300 ssh2
Oct 14 22:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: Received disconnect from 186.124.138.154 port 52300:11: Bye Bye [preauth]
Oct 14 22:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: Disconnected from 186.124.138.154 port 52300 [preauth]
Oct 14 22:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 22:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1121]: Failed password for root from 161.35.210.149 port 42584 ssh2
Oct 14 22:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1121]: Connection closed by 161.35.210.149 port 42584 [preauth]
Oct 14 22:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[638]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: Invalid user pi from 161.35.210.149
Oct 14 22:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: input_userauth_request: invalid user pi [preauth]
Oct 14 22:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: Failed password for invalid user pi from 161.35.210.149 port 42592 ssh2
Oct 14 22:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1166]: Connection closed by 161.35.210.149 port 42592 [preauth]
Oct 14 22:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 22:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: Failed password for root from 161.35.210.149 port 34476 ssh2
Oct 14 22:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1183]: Connection closed by 161.35.210.149 port 34476 [preauth]
Oct 14 22:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Invalid user user from 161.35.210.149
Oct 14 22:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: input_userauth_request: invalid user user [preauth]
Oct 14 22:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Failed password for invalid user user from 161.35.210.149 port 35834 ssh2
Oct 14 22:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Connection closed by 161.35.210.149 port 35834 [preauth]
Oct 14 22:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Invalid user ubnt from 161.35.210.149
Oct 14 22:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: input_userauth_request: invalid user ubnt [preauth]
Oct 14 22:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Failed password for invalid user ubnt from 161.35.210.149 port 35842 ssh2
Oct 14 22:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Connection closed by 161.35.210.149 port 35842 [preauth]
Oct 14 22:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 22:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32091]: pam_unix(cron:session): session closed for user root
Oct 14 22:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: Failed password for root from 161.35.210.149 port 35848 ssh2
Oct 14 22:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1270]: Connection closed by 161.35.210.149 port 35848 [preauth]
Oct 14 22:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 22:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: Failed password for root from 161.35.210.149 port 55486 ssh2
Oct 14 22:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: Connection closed by 161.35.210.149 port 55486 [preauth]
Oct 14 22:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 22:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1301]: Failed password for root from 161.35.210.149 port 55490 ssh2
Oct 14 22:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1301]: Connection closed by 161.35.210.149 port 55490 [preauth]
Oct 14 22:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 22:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1315]: Failed password for root from 161.35.210.149 port 55504 ssh2
Oct 14 22:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1315]: Connection closed by 161.35.210.149 port 55504 [preauth]
Oct 14 22:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: Invalid user devopsuser from 161.35.210.149
Oct 14 22:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: input_userauth_request: invalid user devopsuser [preauth]
Oct 14 22:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: Failed password for invalid user devopsuser from 161.35.210.149 port 55506 ssh2
Oct 14 22:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: Connection closed by 161.35.210.149 port 55506 [preauth]
Oct 14 22:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: Invalid user deploy from 161.35.210.149
Oct 14 22:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: input_userauth_request: invalid user deploy [preauth]
Oct 14 22:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: Failed password for invalid user deploy from 161.35.210.149 port 39348 ssh2
Oct 14 22:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1344]: Connection closed by 161.35.210.149 port 39348 [preauth]
Oct 14 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1379]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1380]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1377]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1483]: Successful su for rubyman by root
Oct 14 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1483]: + ??? root:rubyman
Oct 14 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1483]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413833 of user rubyman.
Oct 14 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1483]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413833.
Oct 14 22:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Invalid user jenkins from 161.35.210.149
Oct 14 22:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 22:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123  user=root
Oct 14 22:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Failed password for invalid user jenkins from 161.35.210.149 port 39352 ssh2
Oct 14 22:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Connection closed by 161.35.210.149 port 39352 [preauth]
Oct 14 22:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1594]: Failed password for root from 107.175.189.123 port 47784 ssh2
Oct 14 22:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1594]: Received disconnect from 107.175.189.123 port 47784:11: Bye Bye [preauth]
Oct 14 22:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1594]: Disconnected from 107.175.189.123 port 47784 [preauth]
Oct 14 22:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30348]: pam_unix(cron:session): session closed for user root
Oct 14 22:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1681]: Invalid user linaro from 161.35.210.149
Oct 14 22:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1681]: input_userauth_request: invalid user linaro [preauth]
Oct 14 22:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1681]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1681]: Failed password for invalid user linaro from 161.35.210.149 port 50944 ssh2
Oct 14 22:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1681]: Connection closed by 161.35.210.149 port 50944 [preauth]
Oct 14 22:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1378]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1737]: Invalid user admin from 161.35.210.149
Oct 14 22:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1737]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1737]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1737]: Failed password for invalid user admin from 161.35.210.149 port 58650 ssh2
Oct 14 22:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1737]: Connection closed by 161.35.210.149 port 58650 [preauth]
Oct 14 22:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Invalid user sol from 74.94.234.151
Oct 14 22:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: input_userauth_request: invalid user sol [preauth]
Oct 14 22:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Failed password for invalid user sol from 74.94.234.151 port 46884 ssh2
Oct 14 22:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Received disconnect from 74.94.234.151 port 46884:11: Bye Bye [preauth]
Oct 14 22:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Disconnected from 74.94.234.151 port 46884 [preauth]
Oct 14 22:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: Invalid user es from 161.35.210.149
Oct 14 22:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: input_userauth_request: invalid user es [preauth]
Oct 14 22:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: Failed password for invalid user es from 161.35.210.149 port 38592 ssh2
Oct 14 22:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: Connection closed by 161.35.210.149 port 38592 [preauth]
Oct 14 22:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 22:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1799]: Invalid user admin from 194.0.234.19
Oct 14 22:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1799]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1799]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Oct 14 22:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1796]: Failed password for root from 161.35.210.149 port 40644 ssh2
Oct 14 22:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1796]: Connection closed by 161.35.210.149 port 40644 [preauth]
Oct 14 22:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1799]: Failed password for invalid user admin from 194.0.234.19 port 21960 ssh2
Oct 14 22:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1799]: Connection closed by 194.0.234.19 port 21960 [preauth]
Oct 14 22:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 22:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32629]: pam_unix(cron:session): session closed for user root
Oct 14 22:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Invalid user dev from 64.119.29.140
Oct 14 22:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: input_userauth_request: invalid user dev [preauth]
Oct 14 22:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140
Oct 14 22:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1814]: Failed password for root from 161.35.210.149 port 40648 ssh2
Oct 14 22:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1814]: Connection closed by 161.35.210.149 port 40648 [preauth]
Oct 14 22:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23  user=root
Oct 14 22:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Failed password for invalid user dev from 64.119.29.140 port 44726 ssh2
Oct 14 22:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Received disconnect from 64.119.29.140 port 44726:11: Bye Bye [preauth]
Oct 14 22:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Disconnected from 64.119.29.140 port 44726 [preauth]
Oct 14 22:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: Failed password for root from 41.93.28.23 port 37214 ssh2
Oct 14 22:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: Received disconnect from 41.93.28.23 port 37214:11: Bye Bye [preauth]
Oct 14 22:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: Disconnected from 41.93.28.23 port 37214 [preauth]
Oct 14 22:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71  user=root
Oct 14 22:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1975]: Invalid user deploy from 161.35.210.149
Oct 14 22:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1975]: input_userauth_request: invalid user deploy [preauth]
Oct 14 22:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1975]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: Invalid user adminuser from 190.108.76.143
Oct 14 22:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: input_userauth_request: invalid user adminuser [preauth]
Oct 14 22:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 22:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1972]: Failed password for root from 202.125.94.71 port 34200 ssh2
Oct 14 22:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1972]: Received disconnect from 202.125.94.71 port 34200:11: Bye Bye [preauth]
Oct 14 22:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1972]: Disconnected from 202.125.94.71 port 34200 [preauth]
Oct 14 22:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1975]: Failed password for invalid user deploy from 161.35.210.149 port 40656 ssh2
Oct 14 22:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: Failed password for invalid user adminuser from 190.108.76.143 port 29547 ssh2
Oct 14 22:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1975]: Connection closed by 161.35.210.149 port 40656 [preauth]
Oct 14 22:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: Received disconnect from 190.108.76.143 port 29547:11: Bye Bye [preauth]
Oct 14 22:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: Disconnected from 190.108.76.143 port 29547 [preauth]
Oct 14 22:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 22:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1990]: Failed password for root from 161.35.210.149 port 35306 ssh2
Oct 14 22:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1990]: Connection closed by 161.35.210.149 port 35306 [preauth]
Oct 14 22:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2002]: Invalid user git from 161.35.210.149
Oct 14 22:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2002]: input_userauth_request: invalid user git [preauth]
Oct 14 22:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2002]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2002]: Failed password for invalid user git from 161.35.210.149 port 45460 ssh2
Oct 14 22:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2002]: Connection closed by 161.35.210.149 port 45460 [preauth]
Oct 14 22:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2019]: Invalid user dspace from 161.35.210.149
Oct 14 22:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2019]: input_userauth_request: invalid user dspace [preauth]
Oct 14 22:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2019]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 22:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2019]: Failed password for invalid user dspace from 161.35.210.149 port 45470 ssh2
Oct 14 22:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2019]: Connection closed by 161.35.210.149 port 45470 [preauth]
Oct 14 22:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: Failed password for root from 186.124.138.154 port 47508 ssh2
Oct 14 22:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: Received disconnect from 186.124.138.154 port 47508:11: Bye Bye [preauth]
Oct 14 22:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2022]: Disconnected from 186.124.138.154 port 47508 [preauth]
Oct 14 22:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: Invalid user elastic from 161.35.210.149
Oct 14 22:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: input_userauth_request: invalid user elastic [preauth]
Oct 14 22:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2024]: Invalid user admin from 80.94.95.115
Oct 14 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2024]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2043]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2044]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2041]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: Failed password for invalid user elastic from 161.35.210.149 port 45478 ssh2
Oct 14 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2024]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Oct 14 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: Connection closed by 161.35.210.149 port 45478 [preauth]
Oct 14 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2114]: Successful su for rubyman by root
Oct 14 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2114]: + ??? root:rubyman
Oct 14 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413837 of user rubyman.
Oct 14 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2114]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413837.
Oct 14 22:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: Invalid user orangepi from 161.35.210.149
Oct 14 22:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: input_userauth_request: invalid user orangepi [preauth]
Oct 14 22:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2024]: Failed password for invalid user admin from 80.94.95.115 port 29508 ssh2
Oct 14 22:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2024]: Connection closed by 80.94.95.115 port 29508 [preauth]
Oct 14 22:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: Failed password for invalid user orangepi from 161.35.210.149 port 54804 ssh2
Oct 14 22:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2112]: Connection closed by 161.35.210.149 port 54804 [preauth]
Oct 14 22:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 22:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: Failed password for root from 161.35.210.149 port 54816 ssh2
Oct 14 22:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2223]: Connection closed by 161.35.210.149 port 54816 [preauth]
Oct 14 22:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30935]: pam_unix(cron:session): session closed for user root
Oct 14 22:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 22:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Failed password for root from 161.35.210.149 port 41960 ssh2
Oct 14 22:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Connection closed by 161.35.210.149 port 41960 [preauth]
Oct 14 22:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: Invalid user ubuntu from 161.35.210.149
Oct 14 22:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: Failed password for invalid user ubuntu from 161.35.210.149 port 41964 ssh2
Oct 14 22:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: Connection closed by 161.35.210.149 port 41964 [preauth]
Oct 14 22:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 22:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2042]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: Failed password for root from 161.35.210.149 port 41980 ssh2
Oct 14 22:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: Connection closed by 161.35.210.149 port 41980 [preauth]
Oct 14 22:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 22:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: Failed password for root from 161.35.210.149 port 41990 ssh2
Oct 14 22:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2355]: Connection closed by 161.35.210.149 port 41990 [preauth]
Oct 14 22:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2371]: Invalid user test from 161.35.210.149
Oct 14 22:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2371]: input_userauth_request: invalid user test [preauth]
Oct 14 22:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2371]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2371]: Failed password for invalid user test from 161.35.210.149 port 35960 ssh2
Oct 14 22:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2371]: Connection closed by 161.35.210.149 port 35960 [preauth]
Oct 14 22:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: Invalid user vpn from 161.35.210.149
Oct 14 22:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: input_userauth_request: invalid user vpn [preauth]
Oct 14 22:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: Failed password for invalid user vpn from 161.35.210.149 port 35974 ssh2
Oct 14 22:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2373]: Connection closed by 161.35.210.149 port 35974 [preauth]
Oct 14 22:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: Invalid user ansible from 161.35.210.149
Oct 14 22:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: input_userauth_request: invalid user ansible [preauth]
Oct 14 22:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: Failed password for invalid user ansible from 161.35.210.149 port 35988 ssh2
Oct 14 22:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2385]: Connection closed by 161.35.210.149 port 35988 [preauth]
Oct 14 22:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: Invalid user fa from 161.35.210.149
Oct 14 22:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: input_userauth_request: invalid user fa [preauth]
Oct 14 22:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: Failed password for invalid user fa from 161.35.210.149 port 54434 ssh2
Oct 14 22:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: Connection closed by 161.35.210.149 port 54434 [preauth]
Oct 14 22:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: Invalid user ftpuser from 161.35.210.149
Oct 14 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: Failed password for invalid user ftpuser from 161.35.210.149 port 54448 ssh2
Oct 14 22:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2414]: Connection closed by 161.35.210.149 port 54448 [preauth]
Oct 14 22:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 22:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: Failed password for root from 161.35.210.149 port 54460 ssh2
Oct 14 22:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: Connection closed by 161.35.210.149 port 54460 [preauth]
Oct 14 22:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: Invalid user naim from 107.175.189.123
Oct 14 22:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: input_userauth_request: invalid user naim [preauth]
Oct 14 22:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123
Oct 14 22:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[642]: pam_unix(cron:session): session closed for user root
Oct 14 22:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: Failed password for invalid user naim from 107.175.189.123 port 56472 ssh2
Oct 14 22:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: Received disconnect from 107.175.189.123 port 56472:11: Bye Bye [preauth]
Oct 14 22:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2463]: Disconnected from 107.175.189.123 port 56472 [preauth]
Oct 14 22:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 22:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: Failed password for root from 161.35.210.149 port 55022 ssh2
Oct 14 22:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: Connection closed by 161.35.210.149 port 55022 [preauth]
Oct 14 22:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2496]: Invalid user testuser from 161.35.210.149
Oct 14 22:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2496]: input_userauth_request: invalid user testuser [preauth]
Oct 14 22:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2496]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2496]: Failed password for invalid user testuser from 161.35.210.149 port 55032 ssh2
Oct 14 22:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2496]: Connection closed by 161.35.210.149 port 55032 [preauth]
Oct 14 22:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2522]: User mysql from 161.35.210.149 not allowed because not listed in AllowUsers
Oct 14 22:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2522]: input_userauth_request: invalid user mysql [preauth]
Oct 14 22:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=mysql
Oct 14 22:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2522]: Failed password for invalid user mysql from 161.35.210.149 port 59356 ssh2
Oct 14 22:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2522]: Connection closed by 161.35.210.149 port 59356 [preauth]
Oct 14 22:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2533]: Invalid user guest from 161.35.210.149
Oct 14 22:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2533]: input_userauth_request: invalid user guest [preauth]
Oct 14 22:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2533]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: Invalid user vishal from 74.94.234.151
Oct 14 22:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: input_userauth_request: invalid user vishal [preauth]
Oct 14 22:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2533]: Failed password for invalid user guest from 161.35.210.149 port 59362 ssh2
Oct 14 22:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2533]: Connection closed by 161.35.210.149 port 59362 [preauth]
Oct 14 22:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2537]: Invalid user ubuntu from 161.35.210.149
Oct 14 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2537]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2537]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: Failed password for invalid user vishal from 74.94.234.151 port 51436 ssh2
Oct 14 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: Received disconnect from 74.94.234.151 port 51436:11: Bye Bye [preauth]
Oct 14 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: Disconnected from 74.94.234.151 port 51436 [preauth]
Oct 14 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2550]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2552]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2548]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2537]: Failed password for invalid user ubuntu from 161.35.210.149 port 48066 ssh2
Oct 14 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2621]: Successful su for rubyman by root
Oct 14 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2621]: + ??? root:rubyman
Oct 14 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413843 of user rubyman.
Oct 14 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2621]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413843.
Oct 14 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2537]: Connection closed by 161.35.210.149 port 48066 [preauth]
Oct 14 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140  user=root
Oct 14 22:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: Failed password for root from 64.119.29.140 port 40248 ssh2
Oct 14 22:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: Received disconnect from 64.119.29.140 port 40248:11: Bye Bye [preauth]
Oct 14 22:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: Disconnected from 64.119.29.140 port 40248 [preauth]
Oct 14 22:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31493]: pam_unix(cron:session): session closed for user root
Oct 14 22:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149  user=root
Oct 14 22:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2549]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: Failed password for root from 161.35.210.149 port 48072 ssh2
Oct 14 22:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: Connection closed by 161.35.210.149 port 48072 [preauth]
Oct 14 22:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2844]: Invalid user weblogic from 202.125.94.71
Oct 14 22:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2844]: input_userauth_request: invalid user weblogic [preauth]
Oct 14 22:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2844]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71
Oct 14 22:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2854]: Invalid user debian from 161.35.210.149
Oct 14 22:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2854]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2854]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2844]: Failed password for invalid user weblogic from 202.125.94.71 port 39166 ssh2
Oct 14 22:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2844]: Received disconnect from 202.125.94.71 port 39166:11: Bye Bye [preauth]
Oct 14 22:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2844]: Disconnected from 202.125.94.71 port 39166 [preauth]
Oct 14 22:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2854]: Failed password for invalid user debian from 161.35.210.149 port 54036 ssh2
Oct 14 22:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2854]: Connection closed by 161.35.210.149 port 54036 [preauth]
Oct 14 22:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: Invalid user odoo from 161.35.210.149
Oct 14 22:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: input_userauth_request: invalid user odoo [preauth]
Oct 14 22:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: Failed password for invalid user odoo from 161.35.210.149 port 37326 ssh2
Oct 14 22:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: Connection closed by 161.35.210.149 port 37326 [preauth]
Oct 14 22:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2900]: Invalid user hadoop from 161.35.210.149
Oct 14 22:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2900]: input_userauth_request: invalid user hadoop [preauth]
Oct 14 22:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2900]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2900]: Failed password for invalid user hadoop from 161.35.210.149 port 37342 ssh2
Oct 14 22:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2900]: Connection closed by 161.35.210.149 port 37342 [preauth]
Oct 14 22:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: Invalid user minecraft from 161.35.210.149
Oct 14 22:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 22:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: Failed password for invalid user minecraft from 161.35.210.149 port 50324 ssh2
Oct 14 22:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: Connection closed by 161.35.210.149 port 50324 [preauth]
Oct 14 22:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Invalid user bot from 190.108.76.143
Oct 14 22:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: input_userauth_request: invalid user bot [preauth]
Oct 14 22:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 22:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1380]: pam_unix(cron:session): session closed for user root
Oct 14 22:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Failed password for invalid user bot from 190.108.76.143 port 34911 ssh2
Oct 14 22:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 22:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Received disconnect from 190.108.76.143 port 34911:11: Bye Bye [preauth]
Oct 14 22:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Disconnected from 190.108.76.143 port 34911 [preauth]
Oct 14 22:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: Invalid user postgres from 161.35.210.149
Oct 14 22:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: input_userauth_request: invalid user postgres [preauth]
Oct 14 22:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2945]: Failed password for root from 186.124.138.154 port 45134 ssh2
Oct 14 22:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2945]: Received disconnect from 186.124.138.154 port 45134:11: Bye Bye [preauth]
Oct 14 22:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2945]: Disconnected from 186.124.138.154 port 45134 [preauth]
Oct 14 22:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: Failed password for invalid user postgres from 161.35.210.149 port 50330 ssh2
Oct 14 22:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: Invalid user django from 41.93.28.23
Oct 14 22:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: input_userauth_request: invalid user django [preauth]
Oct 14 22:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 22:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: Connection closed by 161.35.210.149 port 50330 [preauth]
Oct 14 22:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: Failed password for invalid user django from 41.93.28.23 port 46848 ssh2
Oct 14 22:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: Received disconnect from 41.93.28.23 port 46848:11: Bye Bye [preauth]
Oct 14 22:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2962]: Disconnected from 41.93.28.23 port 46848 [preauth]
Oct 14 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3016]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3015]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3013]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3091]: Successful su for rubyman by root
Oct 14 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3091]: + ??? root:rubyman
Oct 14 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413845 of user rubyman.
Oct 14 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3091]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413845.
Oct 14 22:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3125]: Invalid user ts3 from 161.35.210.149
Oct 14 22:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3125]: input_userauth_request: invalid user ts3 [preauth]
Oct 14 22:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3125]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3125]: Failed password for invalid user ts3 from 161.35.210.149 port 56384 ssh2
Oct 14 22:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3125]: Connection closed by 161.35.210.149 port 56384 [preauth]
Oct 14 22:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: Invalid user odroid from 161.35.210.149
Oct 14 22:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: input_userauth_request: invalid user odroid [preauth]
Oct 14 22:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32090]: pam_unix(cron:session): session closed for user root
Oct 14 22:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: Failed password for invalid user odroid from 161.35.210.149 port 56398 ssh2
Oct 14 22:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: Connection closed by 161.35.210.149 port 56398 [preauth]
Oct 14 22:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3014]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Invalid user git from 107.175.189.123
Oct 14 22:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: input_userauth_request: invalid user git [preauth]
Oct 14 22:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123
Oct 14 22:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Failed password for invalid user git from 107.175.189.123 port 36928 ssh2
Oct 14 22:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Received disconnect from 107.175.189.123 port 36928:11: Bye Bye [preauth]
Oct 14 22:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3339]: Disconnected from 107.175.189.123 port 36928 [preauth]
Oct 14 22:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Invalid user rramirez from 64.119.29.140
Oct 14 22:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: input_userauth_request: invalid user rramirez [preauth]
Oct 14 22:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140
Oct 14 22:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: Invalid user ubuntu from 161.35.210.149
Oct 14 22:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.210.149
Oct 14 22:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.49.216.35  user=root
Oct 14 22:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Failed password for invalid user rramirez from 64.119.29.140 port 44434 ssh2
Oct 14 22:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Received disconnect from 64.119.29.140 port 44434:11: Bye Bye [preauth]
Oct 14 22:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Disconnected from 64.119.29.140 port 44434 [preauth]
Oct 14 22:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: Failed password for invalid user ubuntu from 161.35.210.149 port 47966 ssh2
Oct 14 22:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3388]: Connection closed by 161.35.210.149 port 47966 [preauth]
Oct 14 22:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: Failed password for root from 42.49.216.35 port 44373 ssh2
Oct 14 22:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: Received disconnect from 42.49.216.35 port 44373:11: Bye Bye [preauth]
Oct 14 22:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3390]: Disconnected from 42.49.216.35 port 44373 [preauth]
Oct 14 22:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2044]: pam_unix(cron:session): session closed for user root
Oct 14 22:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151  user=root
Oct 14 22:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: Failed password for root from 74.94.234.151 port 55988 ssh2
Oct 14 22:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: Received disconnect from 74.94.234.151 port 55988:11: Bye Bye [preauth]
Oct 14 22:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3430]: Disconnected from 74.94.234.151 port 55988 [preauth]
Oct 14 22:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71  user=root
Oct 14 22:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3479]: Failed password for root from 202.125.94.71 port 44006 ssh2
Oct 14 22:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3479]: Received disconnect from 202.125.94.71 port 44006:11: Bye Bye [preauth]
Oct 14 22:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3479]: Disconnected from 202.125.94.71 port 44006 [preauth]
Oct 14 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3498]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3497]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3499]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3496]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3499]: pam_unix(cron:session): session closed for user root
Oct 14 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3494]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3577]: Successful su for rubyman by root
Oct 14 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3577]: + ??? root:rubyman
Oct 14 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413849 of user rubyman.
Oct 14 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3577]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413849.
Oct 14 22:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3496]: pam_unix(cron:session): session closed for user root
Oct 14 22:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32628]: pam_unix(cron:session): session closed for user root
Oct 14 22:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3495]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: Invalid user rramirez from 186.124.138.154
Oct 14 22:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: input_userauth_request: invalid user rramirez [preauth]
Oct 14 22:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 22:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: Failed password for invalid user rramirez from 186.124.138.154 port 45932 ssh2
Oct 14 22:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: Received disconnect from 186.124.138.154 port 45932:11: Bye Bye [preauth]
Oct 14 22:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: Disconnected from 186.124.138.154 port 45932 [preauth]
Oct 14 22:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: Invalid user nagios from 190.108.76.143
Oct 14 22:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: input_userauth_request: invalid user nagios [preauth]
Oct 14 22:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 22:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: Failed password for invalid user nagios from 190.108.76.143 port 24415 ssh2
Oct 14 22:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: Received disconnect from 190.108.76.143 port 24415:11: Bye Bye [preauth]
Oct 14 22:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: Disconnected from 190.108.76.143 port 24415 [preauth]
Oct 14 22:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2552]: pam_unix(cron:session): session closed for user root
Oct 14 22:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3951]: Invalid user darren from 41.93.28.23
Oct 14 22:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3951]: input_userauth_request: invalid user darren [preauth]
Oct 14 22:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3951]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 22:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3951]: Failed password for invalid user darren from 41.93.28.23 port 57954 ssh2
Oct 14 22:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3951]: Received disconnect from 41.93.28.23 port 57954:11: Bye Bye [preauth]
Oct 14 22:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3951]: Disconnected from 41.93.28.23 port 57954 [preauth]
Oct 14 22:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: Invalid user systems from 107.175.189.123
Oct 14 22:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: input_userauth_request: invalid user systems [preauth]
Oct 14 22:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123
Oct 14 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3995]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3996]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3993]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4075]: Successful su for rubyman by root
Oct 14 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4075]: + ??? root:rubyman
Oct 14 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413856 of user rubyman.
Oct 14 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4075]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413856.
Oct 14 22:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: Failed password for invalid user systems from 107.175.189.123 port 45620 ssh2
Oct 14 22:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: Received disconnect from 107.175.189.123 port 45620:11: Bye Bye [preauth]
Oct 14 22:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: Disconnected from 107.175.189.123 port 45620 [preauth]
Oct 14 22:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140  user=root
Oct 14 22:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: Failed password for root from 64.119.29.140 port 49144 ssh2
Oct 14 22:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: Received disconnect from 64.119.29.140 port 49144:11: Bye Bye [preauth]
Oct 14 22:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: Disconnected from 64.119.29.140 port 49144 [preauth]
Oct 14 22:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[641]: pam_unix(cron:session): session closed for user root
Oct 14 22:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3994]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: Invalid user sammy from 74.94.234.151
Oct 14 22:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: input_userauth_request: invalid user sammy [preauth]
Oct 14 22:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: Failed password for invalid user sammy from 74.94.234.151 port 60532 ssh2
Oct 14 22:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: Received disconnect from 74.94.234.151 port 60532:11: Bye Bye [preauth]
Oct 14 22:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: Disconnected from 74.94.234.151 port 60532 [preauth]
Oct 14 22:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: Invalid user sana from 202.125.94.71
Oct 14 22:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: input_userauth_request: invalid user sana [preauth]
Oct 14 22:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71
Oct 14 22:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: Failed password for invalid user sana from 202.125.94.71 port 48962 ssh2
Oct 14 22:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: Received disconnect from 202.125.94.71 port 48962:11: Bye Bye [preauth]
Oct 14 22:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4408]: Disconnected from 202.125.94.71 port 48962 [preauth]
Oct 14 22:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3016]: pam_unix(cron:session): session closed for user root
Oct 14 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4511]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4512]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4508]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4607]: Successful su for rubyman by root
Oct 14 22:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4607]: + ??? root:rubyman
Oct 14 22:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413860 of user rubyman.
Oct 14 22:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4607]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413860.
Oct 14 22:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4604]: Invalid user simon from 186.124.138.154
Oct 14 22:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4604]: input_userauth_request: invalid user simon [preauth]
Oct 14 22:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4604]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 22:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4604]: Failed password for invalid user simon from 186.124.138.154 port 50798 ssh2
Oct 14 22:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4604]: Received disconnect from 186.124.138.154 port 50798:11: Bye Bye [preauth]
Oct 14 22:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4604]: Disconnected from 186.124.138.154 port 50798 [preauth]
Oct 14 22:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1379]: pam_unix(cron:session): session closed for user root
Oct 14 22:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4509]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4921]: Invalid user guest from 190.108.76.143
Oct 14 22:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4921]: input_userauth_request: invalid user guest [preauth]
Oct 14 22:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4921]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 22:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4921]: Failed password for invalid user guest from 190.108.76.143 port 22108 ssh2
Oct 14 22:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4921]: Received disconnect from 190.108.76.143 port 22108:11: Bye Bye [preauth]
Oct 14 22:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4921]: Disconnected from 190.108.76.143 port 22108 [preauth]
Oct 14 22:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5077]: Did not receive identification string from 116.177.173.185
Oct 14 22:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: Invalid user morteza from 64.119.29.140
Oct 14 22:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: input_userauth_request: invalid user morteza [preauth]
Oct 14 22:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140
Oct 14 22:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: Failed password for invalid user morteza from 64.119.29.140 port 43814 ssh2
Oct 14 22:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: Invalid user sana from 107.175.189.123
Oct 14 22:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: input_userauth_request: invalid user sana [preauth]
Oct 14 22:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123
Oct 14 22:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: Received disconnect from 64.119.29.140 port 43814:11: Bye Bye [preauth]
Oct 14 22:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5103]: Disconnected from 64.119.29.140 port 43814 [preauth]
Oct 14 22:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: Failed password for invalid user sana from 107.175.189.123 port 54304 ssh2
Oct 14 22:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: Received disconnect from 107.175.189.123 port 54304:11: Bye Bye [preauth]
Oct 14 22:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5127]: Disconnected from 107.175.189.123 port 54304 [preauth]
Oct 14 22:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3498]: pam_unix(cron:session): session closed for user root
Oct 14 22:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: Invalid user dante from 41.93.28.23
Oct 14 22:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: input_userauth_request: invalid user dante [preauth]
Oct 14 22:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 22:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: Failed password for invalid user dante from 41.93.28.23 port 42372 ssh2
Oct 14 22:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: Received disconnect from 41.93.28.23 port 42372:11: Bye Bye [preauth]
Oct 14 22:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5497]: Disconnected from 41.93.28.23 port 42372 [preauth]
Oct 14 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5511]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5513]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5509]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5594]: Successful su for rubyman by root
Oct 14 22:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5594]: + ??? root:rubyman
Oct 14 22:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413864 of user rubyman.
Oct 14 22:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5594]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413864.
Oct 14 22:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: Invalid user azureuser from 74.94.234.151
Oct 14 22:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: input_userauth_request: invalid user azureuser [preauth]
Oct 14 22:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: Failed password for invalid user azureuser from 74.94.234.151 port 36840 ssh2
Oct 14 22:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71  user=root
Oct 14 22:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: Received disconnect from 74.94.234.151 port 36840:11: Bye Bye [preauth]
Oct 14 22:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: Disconnected from 74.94.234.151 port 36840 [preauth]
Oct 14 22:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: Failed password for root from 202.125.94.71 port 53942 ssh2
Oct 14 22:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: Received disconnect from 202.125.94.71 port 53942:11: Bye Bye [preauth]
Oct 14 22:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: Disconnected from 202.125.94.71 port 53942 [preauth]
Oct 14 22:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2043]: pam_unix(cron:session): session closed for user root
Oct 14 22:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5510]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3996]: pam_unix(cron:session): session closed for user root
Oct 14 22:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 22:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: Failed password for root from 186.124.138.154 port 38310 ssh2
Oct 14 22:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: Received disconnect from 186.124.138.154 port 38310:11: Bye Bye [preauth]
Oct 14 22:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5954]: Disconnected from 186.124.138.154 port 38310 [preauth]
Oct 14 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6003]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6002]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6000]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6001]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5998]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6000]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6180]: Successful su for rubyman by root
Oct 14 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6180]: + ??? root:rubyman
Oct 14 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413867 of user rubyman.
Oct 14 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6180]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413867.
Oct 14 22:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6178]: Invalid user user from 64.119.29.140
Oct 14 22:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6178]: input_userauth_request: invalid user user [preauth]
Oct 14 22:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6178]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140
Oct 14 22:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5998]: pam_unix(cron:session): session closed for user root
Oct 14 22:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6178]: Failed password for invalid user user from 64.119.29.140 port 34640 ssh2
Oct 14 22:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6178]: Received disconnect from 64.119.29.140 port 34640:11: Bye Bye [preauth]
Oct 14 22:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6178]: Disconnected from 64.119.29.140 port 34640 [preauth]
Oct 14 22:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2550]: pam_unix(cron:session): session closed for user root
Oct 14 22:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Invalid user juan from 107.175.189.123
Oct 14 22:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: input_userauth_request: invalid user juan [preauth]
Oct 14 22:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123
Oct 14 22:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Failed password for invalid user juan from 107.175.189.123 port 34758 ssh2
Oct 14 22:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Received disconnect from 107.175.189.123 port 34758:11: Bye Bye [preauth]
Oct 14 22:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Disconnected from 107.175.189.123 port 34758 [preauth]
Oct 14 22:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6001]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: Invalid user qclinux from 190.108.76.143
Oct 14 22:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: input_userauth_request: invalid user qclinux [preauth]
Oct 14 22:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 22:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: Failed password for invalid user qclinux from 190.108.76.143 port 25404 ssh2
Oct 14 22:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: Received disconnect from 190.108.76.143 port 25404:11: Bye Bye [preauth]
Oct 14 22:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: Disconnected from 190.108.76.143 port 25404 [preauth]
Oct 14 22:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: Invalid user ramesh from 42.49.216.35
Oct 14 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: input_userauth_request: invalid user ramesh [preauth]
Oct 14 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.49.216.35
Oct 14 22:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: Failed password for invalid user ramesh from 42.49.216.35 port 33533 ssh2
Oct 14 22:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: Received disconnect from 42.49.216.35 port 33533:11: Bye Bye [preauth]
Oct 14 22:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6460]: Disconnected from 42.49.216.35 port 33533 [preauth]
Oct 14 22:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4512]: pam_unix(cron:session): session closed for user root
Oct 14 22:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: Invalid user patrick from 202.125.94.71
Oct 14 22:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: input_userauth_request: invalid user patrick [preauth]
Oct 14 22:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71
Oct 14 22:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: Failed password for invalid user patrick from 202.125.94.71 port 58654 ssh2
Oct 14 22:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: Received disconnect from 202.125.94.71 port 58654:11: Bye Bye [preauth]
Oct 14 22:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: Disconnected from 202.125.94.71 port 58654 [preauth]
Oct 14 22:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6503]: Failed password for root from 85.214.60.241 port 37122 ssh2
Oct 14 22:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6503]: Connection closed by 85.214.60.241 port 37122 [preauth]
Oct 14 22:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: Invalid user teamspeak3 from 74.94.234.151
Oct 14 22:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: input_userauth_request: invalid user teamspeak3 [preauth]
Oct 14 22:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6533]: Failed password for root from 85.214.60.241 port 42292 ssh2
Oct 14 22:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: Failed password for invalid user teamspeak3 from 74.94.234.151 port 41390 ssh2
Oct 14 22:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: Received disconnect from 74.94.234.151 port 41390:11: Bye Bye [preauth]
Oct 14 22:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: Disconnected from 74.94.234.151 port 41390 [preauth]
Oct 14 22:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6533]: Connection closed by 85.214.60.241 port 42292 [preauth]
Oct 14 22:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23  user=root
Oct 14 22:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Invalid user admin from 2.57.121.25
Oct 14 22:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 22:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6582]: Failed password for root from 41.93.28.23 port 40854 ssh2
Oct 14 22:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Failed password for invalid user admin from 2.57.121.25 port 35119 ssh2
Oct 14 22:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6582]: Received disconnect from 41.93.28.23 port 40854:11: Bye Bye [preauth]
Oct 14 22:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6582]: Disconnected from 41.93.28.23 port 40854 [preauth]
Oct 14 22:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6581]: Failed password for root from 85.214.60.241 port 47282 ssh2
Oct 14 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6686]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6620]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6623]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6687]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6687]: pam_unix(cron:session): session closed for user root
Oct 14 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6607]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Failed password for invalid user admin from 2.57.121.25 port 35119 ssh2
Oct 14 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6581]: Connection closed by 85.214.60.241 port 47282 [preauth]
Oct 14 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6769]: Successful su for rubyman by root
Oct 14 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6769]: + ??? root:rubyman
Oct 14 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413872 of user rubyman.
Oct 14 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6769]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413872.
Oct 14 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Failed password for invalid user admin from 2.57.121.25 port 35119 ssh2
Oct 14 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Failed password for invalid user admin from 2.57.121.25 port 35119 ssh2
Oct 14 22:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: Failed password for root from 85.214.60.241 port 52884 ssh2
Oct 14 22:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6620]: pam_unix(cron:session): session closed for user root
Oct 14 22:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: Connection closed by 85.214.60.241 port 52884 [preauth]
Oct 14 22:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Failed password for invalid user admin from 2.57.121.25 port 35119 ssh2
Oct 14 22:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Received disconnect from 2.57.121.25 port 35119:11: Bye [preauth]
Oct 14 22:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Disconnected from 2.57.121.25 port 35119 [preauth]
Oct 14 22:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 22:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 22:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3015]: pam_unix(cron:session): session closed for user root
Oct 14 22:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: Failed password for root from 85.214.60.241 port 58262 ssh2
Oct 14 22:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6929]: Connection closed by 85.214.60.241 port 58262 [preauth]
Oct 14 22:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6609]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: Failed password for root from 85.214.60.241 port 35756 ssh2
Oct 14 22:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: Connection closed by 85.214.60.241 port 35756 [preauth]
Oct 14 22:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: Failed password for root from 85.214.60.241 port 41310 ssh2
Oct 14 22:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 22:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: Connection closed by 85.214.60.241 port 41310 [preauth]
Oct 14 22:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7090]: Failed password for root from 186.124.138.154 port 55452 ssh2
Oct 14 22:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7090]: Received disconnect from 186.124.138.154 port 55452:11: Bye Bye [preauth]
Oct 14 22:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7090]: Disconnected from 186.124.138.154 port 55452 [preauth]
Oct 14 22:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: Failed password for root from 85.214.60.241 port 46742 ssh2
Oct 14 22:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5513]: pam_unix(cron:session): session closed for user root
Oct 14 22:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: Invalid user sana from 64.119.29.140
Oct 14 22:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: input_userauth_request: invalid user sana [preauth]
Oct 14 22:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140
Oct 14 22:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7120]: Connection closed by 85.214.60.241 port 46742 [preauth]
Oct 14 22:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: Failed password for invalid user sana from 64.119.29.140 port 52304 ssh2
Oct 14 22:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: Received disconnect from 64.119.29.140 port 52304:11: Bye Bye [preauth]
Oct 14 22:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7215]: Disconnected from 64.119.29.140 port 52304 [preauth]
Oct 14 22:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: Failed password for root from 85.214.60.241 port 52404 ssh2
Oct 14 22:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7229]: Connection closed by 85.214.60.241 port 52404 [preauth]
Oct 14 22:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: Failed password for root from 85.214.60.241 port 57838 ssh2
Oct 14 22:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: Connection closed by 85.214.60.241 port 57838 [preauth]
Oct 14 22:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: Failed password for root from 85.214.60.241 port 35078 ssh2
Oct 14 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7298]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7299]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7295]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7295]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: Connection closed by 85.214.60.241 port 35078 [preauth]
Oct 14 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7396]: Successful su for rubyman by root
Oct 14 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7396]: + ??? root:rubyman
Oct 14 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413881 of user rubyman.
Oct 14 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7396]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413881.
Oct 14 22:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123  user=root
Oct 14 22:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Failed password for root from 107.175.189.123 port 43452 ssh2
Oct 14 22:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Received disconnect from 107.175.189.123 port 43452:11: Bye Bye [preauth]
Oct 14 22:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Disconnected from 107.175.189.123 port 43452 [preauth]
Oct 14 22:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: Failed password for root from 85.214.60.241 port 40750 ssh2
Oct 14 22:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: Connection closed by 85.214.60.241 port 40750 [preauth]
Oct 14 22:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3497]: pam_unix(cron:session): session closed for user root
Oct 14 22:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: Invalid user adminuser from 190.108.76.143
Oct 14 22:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: input_userauth_request: invalid user adminuser [preauth]
Oct 14 22:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 22:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: Failed password for invalid user adminuser from 190.108.76.143 port 25557 ssh2
Oct 14 22:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: Received disconnect from 190.108.76.143 port 25557:11: Bye Bye [preauth]
Oct 14 22:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7591]: Disconnected from 190.108.76.143 port 25557 [preauth]
Oct 14 22:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7561]: Failed password for root from 85.214.60.241 port 45980 ssh2
Oct 14 22:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7296]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7561]: Connection closed by 85.214.60.241 port 45980 [preauth]
Oct 14 22:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7633]: Failed password for root from 85.214.60.241 port 51230 ssh2
Oct 14 22:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7633]: Connection closed by 85.214.60.241 port 51230 [preauth]
Oct 14 22:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7651]: Invalid user git from 202.125.94.71
Oct 14 22:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7651]: input_userauth_request: invalid user git [preauth]
Oct 14 22:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7651]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71
Oct 14 22:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7651]: Failed password for invalid user git from 202.125.94.71 port 35300 ssh2
Oct 14 22:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7651]: Received disconnect from 202.125.94.71 port 35300:11: Bye Bye [preauth]
Oct 14 22:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7651]: Disconnected from 202.125.94.71 port 35300 [preauth]
Oct 14 22:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7649]: Failed password for root from 85.214.60.241 port 55996 ssh2
Oct 14 22:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7649]: Connection closed by 85.214.60.241 port 55996 [preauth]
Oct 14 22:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: Failed password for root from 85.214.60.241 port 33588 ssh2
Oct 14 22:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6003]: pam_unix(cron:session): session closed for user root
Oct 14 22:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: Connection closed by 85.214.60.241 port 33588 [preauth]
Oct 14 22:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: Invalid user sftpuser from 74.94.234.151
Oct 14 22:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: input_userauth_request: invalid user sftpuser [preauth]
Oct 14 22:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: Failed password for invalid user sftpuser from 74.94.234.151 port 45934 ssh2
Oct 14 22:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: Received disconnect from 74.94.234.151 port 45934:11: Bye Bye [preauth]
Oct 14 22:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: Disconnected from 74.94.234.151 port 45934 [preauth]
Oct 14 22:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: Failed password for root from 85.214.60.241 port 39036 ssh2
Oct 14 22:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: Connection closed by 85.214.60.241 port 39036 [preauth]
Oct 14 22:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7753]: Failed password for root from 85.214.60.241 port 44046 ssh2
Oct 14 22:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7753]: Connection closed by 85.214.60.241 port 44046 [preauth]
Oct 14 22:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
Oct 14 22:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: Failed password for root from 194.0.234.19 port 30864 ssh2
Oct 14 22:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7788]: Connection closed by 194.0.234.19 port 30864 [preauth]
Oct 14 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7787]: Failed password for root from 85.214.60.241 port 49926 ssh2
Oct 14 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7809]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7807]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7804]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7787]: Connection closed by 85.214.60.241 port 49926 [preauth]
Oct 14 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8316]: Successful su for rubyman by root
Oct 14 22:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8316]: + ??? root:rubyman
Oct 14 22:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413883 of user rubyman.
Oct 14 22:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8316]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413883.
Oct 14 22:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: Invalid user jarservice from 41.93.28.23
Oct 14 22:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: input_userauth_request: invalid user jarservice [preauth]
Oct 14 22:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 22:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: Failed password for invalid user jarservice from 41.93.28.23 port 44884 ssh2
Oct 14 22:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: Received disconnect from 41.93.28.23 port 44884:11: Bye Bye [preauth]
Oct 14 22:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7801]: Disconnected from 41.93.28.23 port 44884 [preauth]
Oct 14 22:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Failed password for root from 85.214.60.241 port 54948 ssh2
Oct 14 22:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Connection closed by 85.214.60.241 port 54948 [preauth]
Oct 14 22:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3995]: pam_unix(cron:session): session closed for user root
Oct 14 22:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8516]: Invalid user naim from 64.119.29.140
Oct 14 22:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8516]: input_userauth_request: invalid user naim [preauth]
Oct 14 22:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8516]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140
Oct 14 22:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8516]: Failed password for invalid user naim from 64.119.29.140 port 36234 ssh2
Oct 14 22:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8516]: Received disconnect from 64.119.29.140 port 36234:11: Bye Bye [preauth]
Oct 14 22:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8516]: Disconnected from 64.119.29.140 port 36234 [preauth]
Oct 14 22:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: Invalid user juan from 186.124.138.154
Oct 14 22:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: input_userauth_request: invalid user juan [preauth]
Oct 14 22:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 22:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8494]: Failed password for root from 85.214.60.241 port 59894 ssh2
Oct 14 22:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8494]: Connection closed by 85.214.60.241 port 59894 [preauth]
Oct 14 22:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7806]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: Failed password for invalid user juan from 186.124.138.154 port 54568 ssh2
Oct 14 22:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: Received disconnect from 186.124.138.154 port 54568:11: Bye Bye [preauth]
Oct 14 22:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8541]: Disconnected from 186.124.138.154 port 54568 [preauth]
Oct 14 22:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: Failed password for root from 85.214.60.241 port 38014 ssh2
Oct 14 22:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: Connection closed by 85.214.60.241 port 38014 [preauth]
Oct 14 22:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8600]: Connection closed by 63.149.121.82 port 51768 [preauth]
Oct 14 22:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: Failed password for root from 85.214.60.241 port 48400 ssh2
Oct 14 22:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: Connection closed by 85.214.60.241 port 48400 [preauth]
Oct 14 22:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8641]: Failed password for root from 85.214.60.241 port 38710 ssh2
Oct 14 22:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8641]: Connection closed by 85.214.60.241 port 38710 [preauth]
Oct 14 22:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6686]: pam_unix(cron:session): session closed for user root
Oct 14 22:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: Failed password for root from 85.214.60.241 port 58842 ssh2
Oct 14 22:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: Connection closed by 85.214.60.241 port 58842 [preauth]
Oct 14 22:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123  user=root
Oct 14 22:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: Failed password for root from 107.175.189.123 port 52144 ssh2
Oct 14 22:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: Received disconnect from 107.175.189.123 port 52144:11: Bye Bye [preauth]
Oct 14 22:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: Disconnected from 107.175.189.123 port 52144 [preauth]
Oct 14 22:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: Failed password for root from 85.214.60.241 port 43792 ssh2
Oct 14 22:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: Connection closed by 85.214.60.241 port 43792 [preauth]
Oct 14 22:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: Failed password for root from 85.214.60.241 port 56102 ssh2
Oct 14 22:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8730]: Connection closed by 85.214.60.241 port 56102 [preauth]
Oct 14 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8748]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8747]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8744]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8930]: Successful su for rubyman by root
Oct 14 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8930]: + ??? root:rubyman
Oct 14 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8930]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413886 of user rubyman.
Oct 14 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8930]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413886.
Oct 14 22:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: Invalid user sammy from 190.108.76.143
Oct 14 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: input_userauth_request: invalid user sammy [preauth]
Oct 14 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 22:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: Failed password for invalid user sammy from 190.108.76.143 port 33749 ssh2
Oct 14 22:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: Invalid user naim from 202.125.94.71
Oct 14 22:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: input_userauth_request: invalid user naim [preauth]
Oct 14 22:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71
Oct 14 22:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: Received disconnect from 190.108.76.143 port 33749:11: Bye Bye [preauth]
Oct 14 22:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8968]: Disconnected from 190.108.76.143 port 33749 [preauth]
Oct 14 22:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: Failed password for root from 85.214.60.241 port 37524 ssh2
Oct 14 22:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: Connection closed by 85.214.60.241 port 37524 [preauth]
Oct 14 22:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: Failed password for invalid user naim from 202.125.94.71 port 40138 ssh2
Oct 14 22:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: Received disconnect from 202.125.94.71 port 40138:11: Bye Bye [preauth]
Oct 14 22:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: Disconnected from 202.125.94.71 port 40138 [preauth]
Oct 14 22:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4511]: pam_unix(cron:session): session closed for user root
Oct 14 22:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.160.96  user=root
Oct 14 22:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9122]: Failed password for root from 94.177.160.96 port 54110 ssh2
Oct 14 22:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9122]: Connection closed by 94.177.160.96 port 54110 [preauth]
Oct 14 22:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9090]: Failed password for root from 85.214.60.241 port 47468 ssh2
Oct 14 22:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9090]: Connection closed by 85.214.60.241 port 47468 [preauth]
Oct 14 22:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8746]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: Failed password for root from 85.214.60.241 port 57866 ssh2
Oct 14 22:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9318]: Invalid user bot from 74.94.234.151
Oct 14 22:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9318]: input_userauth_request: invalid user bot [preauth]
Oct 14 22:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9318]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: Connection closed by 85.214.60.241 port 57866 [preauth]
Oct 14 22:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9318]: Failed password for invalid user bot from 74.94.234.151 port 50480 ssh2
Oct 14 22:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9318]: Received disconnect from 74.94.234.151 port 50480:11: Bye Bye [preauth]
Oct 14 22:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9318]: Disconnected from 74.94.234.151 port 50480 [preauth]
Oct 14 22:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9322]: Failed password for root from 85.214.60.241 port 39298 ssh2
Oct 14 22:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9322]: Connection closed by 85.214.60.241 port 39298 [preauth]
Oct 14 22:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: Failed password for root from 85.214.60.241 port 49112 ssh2
Oct 14 22:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: Connection closed by 85.214.60.241 port 49112 [preauth]
Oct 14 22:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7299]: pam_unix(cron:session): session closed for user root
Oct 14 22:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140  user=root
Oct 14 22:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: Failed password for root from 64.119.29.140 port 54884 ssh2
Oct 14 22:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: Received disconnect from 64.119.29.140 port 54884:11: Bye Bye [preauth]
Oct 14 22:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: Disconnected from 64.119.29.140 port 54884 [preauth]
Oct 14 22:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: Failed password for root from 85.214.60.241 port 58210 ssh2
Oct 14 22:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: Connection closed by 85.214.60.241 port 58210 [preauth]
Oct 14 22:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: Failed password for root from 85.214.60.241 port 38928 ssh2
Oct 14 22:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9419]: Connection closed by 85.214.60.241 port 38928 [preauth]
Oct 14 22:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: Invalid user sana from 186.124.138.154
Oct 14 22:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: input_userauth_request: invalid user sana [preauth]
Oct 14 22:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 22:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: Failed password for root from 85.214.60.241 port 49022 ssh2
Oct 14 22:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: Failed password for invalid user sana from 186.124.138.154 port 56152 ssh2
Oct 14 22:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: Received disconnect from 186.124.138.154 port 56152:11: Bye Bye [preauth]
Oct 14 22:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: Disconnected from 186.124.138.154 port 56152 [preauth]
Oct 14 22:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: Connection closed by 85.214.60.241 port 49022 [preauth]
Oct 14 22:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9497]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9494]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9490]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9573]: Successful su for rubyman by root
Oct 14 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9573]: + ??? root:rubyman
Oct 14 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413890 of user rubyman.
Oct 14 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9573]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413890.
Oct 14 22:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: Failed password for root from 85.214.60.241 port 58702 ssh2
Oct 14 22:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: Connection closed by 85.214.60.241 port 58702 [preauth]
Oct 14 22:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Invalid user lby from 41.93.28.23
Oct 14 22:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: input_userauth_request: invalid user lby [preauth]
Oct 14 22:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 22:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Failed password for invalid user lby from 41.93.28.23 port 51188 ssh2
Oct 14 22:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Received disconnect from 41.93.28.23 port 51188:11: Bye Bye [preauth]
Oct 14 22:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Disconnected from 41.93.28.23 port 51188 [preauth]
Oct 14 22:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5511]: pam_unix(cron:session): session closed for user root
Oct 14 22:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9763]: Failed password for root from 85.214.60.241 port 41028 ssh2
Oct 14 22:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9763]: Connection closed by 85.214.60.241 port 41028 [preauth]
Oct 14 22:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9492]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9935]: Failed password for root from 85.214.60.241 port 50014 ssh2
Oct 14 22:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9935]: Connection closed by 85.214.60.241 port 50014 [preauth]
Oct 14 22:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9987]: Invalid user cris from 107.175.189.123
Oct 14 22:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9987]: input_userauth_request: invalid user cris [preauth]
Oct 14 22:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9987]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123
Oct 14 22:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: Failed password for root from 85.214.60.241 port 33076 ssh2
Oct 14 22:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9987]: Failed password for invalid user cris from 107.175.189.123 port 60832 ssh2
Oct 14 22:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9987]: Received disconnect from 107.175.189.123 port 60832:11: Bye Bye [preauth]
Oct 14 22:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9987]: Disconnected from 107.175.189.123 port 60832 [preauth]
Oct 14 22:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: Connection closed by 85.214.60.241 port 33076 [preauth]
Oct 14 22:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Failed password for root from 85.214.60.241 port 45492 ssh2
Oct 14 22:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Connection closed by 85.214.60.241 port 45492 [preauth]
Oct 14 22:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7809]: pam_unix(cron:session): session closed for user root
Oct 14 22:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10024]: Failed password for root from 85.214.60.241 port 54720 ssh2
Oct 14 22:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10024]: Connection closed by 85.214.60.241 port 54720 [preauth]
Oct 14 22:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71  user=root
Oct 14 22:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10063]: Failed password for root from 202.125.94.71 port 44854 ssh2
Oct 14 22:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10063]: Received disconnect from 202.125.94.71 port 44854:11: Bye Bye [preauth]
Oct 14 22:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10063]: Disconnected from 202.125.94.71 port 44854 [preauth]
Oct 14 22:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: Failed password for root from 85.214.60.241 port 38408 ssh2
Oct 14 22:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: Connection closed by 85.214.60.241 port 38408 [preauth]
Oct 14 22:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Failed password for root from 85.214.60.241 port 53686 ssh2
Oct 14 22:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Connection closed by 85.214.60.241 port 53686 [preauth]
Oct 14 22:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151  user=root
Oct 14 22:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10140]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10141]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10143]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10144]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10144]: pam_unix(cron:session): session closed for user root
Oct 14 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10138]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: Failed password for root from 74.94.234.151 port 55030 ssh2
Oct 14 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: Received disconnect from 74.94.234.151 port 55030:11: Bye Bye [preauth]
Oct 14 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: Disconnected from 74.94.234.151 port 55030 [preauth]
Oct 14 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: Failed password for root from 85.214.60.241 port 38130 ssh2
Oct 14 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10232]: Successful su for rubyman by root
Oct 14 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10232]: + ??? root:rubyman
Oct 14 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413897 of user rubyman.
Oct 14 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10232]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413897.
Oct 14 22:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: Connection closed by 85.214.60.241 port 38130 [preauth]
Oct 14 22:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Invalid user prueba from 64.119.29.140
Oct 14 22:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: input_userauth_request: invalid user prueba [preauth]
Oct 14 22:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140
Oct 14 22:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10259]: Failed password for root from 85.214.60.241 port 47826 ssh2
Oct 14 22:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Failed password for invalid user prueba from 64.119.29.140 port 43888 ssh2
Oct 14 22:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Received disconnect from 64.119.29.140 port 43888:11: Bye Bye [preauth]
Oct 14 22:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Disconnected from 64.119.29.140 port 43888 [preauth]
Oct 14 22:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10140]: pam_unix(cron:session): session closed for user root
Oct 14 22:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10259]: Connection closed by 85.214.60.241 port 47826 [preauth]
Oct 14 22:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6002]: pam_unix(cron:session): session closed for user root
Oct 14 22:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10408]: Failed password for root from 85.214.60.241 port 56546 ssh2
Oct 14 22:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10408]: Connection closed by 85.214.60.241 port 56546 [preauth]
Oct 14 22:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10139]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10497]: Failed password for root from 85.214.60.241 port 37850 ssh2
Oct 14 22:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10497]: Connection closed by 85.214.60.241 port 37850 [preauth]
Oct 14 22:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: Failed password for root from 85.214.60.241 port 49770 ssh2
Oct 14 22:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: Connection closed by 85.214.60.241 port 49770 [preauth]
Oct 14 22:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10570]: Failed password for root from 85.214.60.241 port 59428 ssh2
Oct 14 22:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10570]: Connection closed by 85.214.60.241 port 59428 [preauth]
Oct 14 22:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8748]: pam_unix(cron:session): session closed for user root
Oct 14 22:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: Invalid user patrick from 186.124.138.154
Oct 14 22:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: input_userauth_request: invalid user patrick [preauth]
Oct 14 22:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 22:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: Failed password for invalid user patrick from 186.124.138.154 port 33080 ssh2
Oct 14 22:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: Received disconnect from 186.124.138.154 port 33080:11: Bye Bye [preauth]
Oct 14 22:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: Disconnected from 186.124.138.154 port 33080 [preauth]
Oct 14 22:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: Failed password for root from 85.214.60.241 port 37864 ssh2
Oct 14 22:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10589]: Connection closed by 85.214.60.241 port 37864 [preauth]
Oct 14 22:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: Failed password for root from 85.214.60.241 port 43214 ssh2
Oct 14 22:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10628]: Connection closed by 85.214.60.241 port 43214 [preauth]
Oct 14 22:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Failed password for root from 85.214.60.241 port 48134 ssh2
Oct 14 22:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Connection closed by 85.214.60.241 port 48134 [preauth]
Oct 14 22:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10693]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10692]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10690]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10784]: Successful su for rubyman by root
Oct 14 22:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10784]: + ??? root:rubyman
Oct 14 22:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413901 of user rubyman.
Oct 14 22:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10784]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413901.
Oct 14 22:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10685]: Failed password for root from 85.214.60.241 port 53718 ssh2
Oct 14 22:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10685]: Connection closed by 85.214.60.241 port 53718 [preauth]
Oct 14 22:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Invalid user dara from 107.175.189.123
Oct 14 22:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: input_userauth_request: invalid user dara [preauth]
Oct 14 22:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123
Oct 14 22:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Failed password for invalid user dara from 107.175.189.123 port 41292 ssh2
Oct 14 22:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Received disconnect from 107.175.189.123 port 41292:11: Bye Bye [preauth]
Oct 14 22:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Disconnected from 107.175.189.123 port 41292 [preauth]
Oct 14 22:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: Failed password for root from 85.214.60.241 port 59048 ssh2
Oct 14 22:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10860]: Connection closed by 85.214.60.241 port 59048 [preauth]
Oct 14 22:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6623]: pam_unix(cron:session): session closed for user root
Oct 14 22:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23  user=root
Oct 14 22:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10946]: Failed password for root from 41.93.28.23 port 52686 ssh2
Oct 14 22:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10946]: Received disconnect from 41.93.28.23 port 52686:11: Bye Bye [preauth]
Oct 14 22:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10946]: Disconnected from 41.93.28.23 port 52686 [preauth]
Oct 14 22:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10691]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: Invalid user simon from 202.125.94.71
Oct 14 22:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: input_userauth_request: invalid user simon [preauth]
Oct 14 22:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71
Oct 14 22:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Failed password for root from 85.214.60.241 port 35848 ssh2
Oct 14 22:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Connection closed by 85.214.60.241 port 35848 [preauth]
Oct 14 22:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: Failed password for invalid user simon from 202.125.94.71 port 49956 ssh2
Oct 14 22:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: Received disconnect from 202.125.94.71 port 49956:11: Bye Bye [preauth]
Oct 14 22:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11002]: Disconnected from 202.125.94.71 port 49956 [preauth]
Oct 14 22:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: Failed password for root from 85.214.60.241 port 41002 ssh2
Oct 14 22:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: Connection closed by 85.214.60.241 port 41002 [preauth]
Oct 14 22:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11048]: Failed password for root from 85.214.60.241 port 46622 ssh2
Oct 14 22:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11048]: Connection closed by 85.214.60.241 port 46622 [preauth]
Oct 14 22:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140  user=root
Oct 14 22:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: Failed password for root from 64.119.29.140 port 59082 ssh2
Oct 14 22:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: Received disconnect from 64.119.29.140 port 59082:11: Bye Bye [preauth]
Oct 14 22:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11078]: Disconnected from 64.119.29.140 port 59082 [preauth]
Oct 14 22:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9497]: pam_unix(cron:session): session closed for user root
Oct 14 22:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: Failed password for root from 85.214.60.241 port 51626 ssh2
Oct 14 22:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11075]: Connection closed by 85.214.60.241 port 51626 [preauth]
Oct 14 22:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11128]: Invalid user dspace from 74.94.234.151
Oct 14 22:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11128]: input_userauth_request: invalid user dspace [preauth]
Oct 14 22:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11128]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11128]: Failed password for invalid user dspace from 74.94.234.151 port 59572 ssh2
Oct 14 22:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11128]: Received disconnect from 74.94.234.151 port 59572:11: Bye Bye [preauth]
Oct 14 22:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11128]: Disconnected from 74.94.234.151 port 59572 [preauth]
Oct 14 22:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: Failed password for root from 85.214.60.241 port 57436 ssh2
Oct 14 22:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: Invalid user ts3 from 190.108.76.143
Oct 14 22:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: input_userauth_request: invalid user ts3 [preauth]
Oct 14 22:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.108.76.143
Oct 14 22:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: Connection closed by 85.214.60.241 port 57436 [preauth]
Oct 14 22:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: Failed password for invalid user ts3 from 190.108.76.143 port 29414 ssh2
Oct 14 22:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: Received disconnect from 190.108.76.143 port 29414:11: Bye Bye [preauth]
Oct 14 22:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11140]: Disconnected from 190.108.76.143 port 29414 [preauth]
Oct 14 22:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: Failed password for root from 85.214.60.241 port 34412 ssh2
Oct 14 22:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: Connection closed by 85.214.60.241 port 34412 [preauth]
Oct 14 22:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11189]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11191]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11183]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11183]: pam_unix(cron:session): session closed for user root
Oct 14 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11185]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Failed password for root from 85.214.60.241 port 40050 ssh2
Oct 14 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11270]: Successful su for rubyman by root
Oct 14 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11270]: + ??? root:rubyman
Oct 14 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413905 of user rubyman.
Oct 14 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11270]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413905.
Oct 14 22:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Connection closed by 85.214.60.241 port 40050 [preauth]
Oct 14 22:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Failed password for root from 85.214.60.241 port 45688 ssh2
Oct 14 22:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Connection closed by 85.214.60.241 port 45688 [preauth]
Oct 14 22:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7298]: pam_unix(cron:session): session closed for user root
Oct 14 22:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: Failed password for root from 85.214.60.241 port 50254 ssh2
Oct 14 22:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: Connection closed by 85.214.60.241 port 50254 [preauth]
Oct 14 22:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11187]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: Failed password for root from 85.214.60.241 port 55356 ssh2
Oct 14 22:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: Connection closed by 85.214.60.241 port 55356 [preauth]
Oct 14 22:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Invalid user git from 186.124.138.154
Oct 14 22:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: input_userauth_request: invalid user git [preauth]
Oct 14 22:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 22:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Failed password for invalid user git from 186.124.138.154 port 55712 ssh2
Oct 14 22:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Received disconnect from 186.124.138.154 port 55712:11: Bye Bye [preauth]
Oct 14 22:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Disconnected from 186.124.138.154 port 55712 [preauth]
Oct 14 22:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11533]: Failed password for root from 85.214.60.241 port 60866 ssh2
Oct 14 22:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11533]: Connection closed by 85.214.60.241 port 60866 [preauth]
Oct 14 22:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: Invalid user anonymous from 185.156.73.233
Oct 14 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: input_userauth_request: invalid user anonymous [preauth]
Oct 14 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: Failed none for invalid user anonymous from 185.156.73.233 port 44312 ssh2
Oct 14 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: Connection closed by 185.156.73.233 port 44312 [preauth]
Oct 14 22:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11567]: Failed password for root from 85.214.60.241 port 39526 ssh2
Oct 14 22:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11567]: Connection closed by 85.214.60.241 port 39526 [preauth]
Oct 14 22:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10143]: pam_unix(cron:session): session closed for user root
Oct 14 22:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: Failed password for root from 85.214.60.241 port 44980 ssh2
Oct 14 22:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: Connection closed by 85.214.60.241 port 44980 [preauth]
Oct 14 22:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11649]: Failed password for root from 85.214.60.241 port 49982 ssh2
Oct 14 22:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11649]: Connection closed by 85.214.60.241 port 49982 [preauth]
Oct 14 22:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123  user=root
Oct 14 22:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Failed password for root from 107.175.189.123 port 49984 ssh2
Oct 14 22:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Received disconnect from 107.175.189.123 port 49984:11: Bye Bye [preauth]
Oct 14 22:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Disconnected from 107.175.189.123 port 49984 [preauth]
Oct 14 22:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: Failed password for root from 85.214.60.241 port 55282 ssh2
Oct 14 22:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: Connection closed by 85.214.60.241 port 55282 [preauth]
Oct 14 22:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11794]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11793]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11790]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11874]: Successful su for rubyman by root
Oct 14 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11874]: + ??? root:rubyman
Oct 14 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11874]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413910 of user rubyman.
Oct 14 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11874]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413910.
Oct 14 22:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: Failed password for root from 85.214.60.241 port 60650 ssh2
Oct 14 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: Connection closed by 85.214.60.241 port 60650 [preauth]
Oct 14 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140  user=root
Oct 14 22:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: Failed password for root from 64.119.29.140 port 56966 ssh2
Oct 14 22:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: Received disconnect from 64.119.29.140 port 56966:11: Bye Bye [preauth]
Oct 14 22:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: Disconnected from 64.119.29.140 port 56966 [preauth]
Oct 14 22:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7807]: pam_unix(cron:session): session closed for user root
Oct 14 22:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11954]: Failed password for root from 85.214.60.241 port 38022 ssh2
Oct 14 22:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11954]: Connection closed by 85.214.60.241 port 38022 [preauth]
Oct 14 22:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11792]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12067]: Failed password for root from 85.214.60.241 port 43258 ssh2
Oct 14 22:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12067]: Connection closed by 85.214.60.241 port 43258 [preauth]
Oct 14 22:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: Invalid user prueba1 from 202.125.94.71
Oct 14 22:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: input_userauth_request: invalid user prueba1 [preauth]
Oct 14 22:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71
Oct 14 22:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: Failed password for invalid user prueba1 from 202.125.94.71 port 54812 ssh2
Oct 14 22:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: Received disconnect from 202.125.94.71 port 54812:11: Bye Bye [preauth]
Oct 14 22:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12127]: Disconnected from 202.125.94.71 port 54812 [preauth]
Oct 14 22:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Invalid user gts from 41.93.28.23
Oct 14 22:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: input_userauth_request: invalid user gts [preauth]
Oct 14 22:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 22:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12129]: Failed password for root from 85.214.60.241 port 49460 ssh2
Oct 14 22:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12129]: Connection closed by 85.214.60.241 port 49460 [preauth]
Oct 14 22:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Failed password for invalid user gts from 41.93.28.23 port 35978 ssh2
Oct 14 22:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Received disconnect from 41.93.28.23 port 35978:11: Bye Bye [preauth]
Oct 14 22:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Disconnected from 41.93.28.23 port 35978 [preauth]
Oct 14 22:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: Invalid user nagios from 74.94.234.151
Oct 14 22:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: input_userauth_request: invalid user nagios [preauth]
Oct 14 22:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: Failed password for invalid user nagios from 74.94.234.151 port 35880 ssh2
Oct 14 22:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: Received disconnect from 74.94.234.151 port 35880:11: Bye Bye [preauth]
Oct 14 22:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: Disconnected from 74.94.234.151 port 35880 [preauth]
Oct 14 22:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: Failed password for root from 85.214.60.241 port 54732 ssh2
Oct 14 22:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12148]: Connection closed by 85.214.60.241 port 54732 [preauth]
Oct 14 22:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: Failed password for root from 85.214.60.241 port 59602 ssh2
Oct 14 22:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: Connection closed by 85.214.60.241 port 59602 [preauth]
Oct 14 22:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10693]: pam_unix(cron:session): session closed for user root
Oct 14 22:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: Failed password for root from 85.214.60.241 port 36584 ssh2
Oct 14 22:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12212]: Connection closed by 85.214.60.241 port 36584 [preauth]
Oct 14 22:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: Failed password for root from 85.214.60.241 port 43444 ssh2
Oct 14 22:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: Connection closed by 85.214.60.241 port 43444 [preauth]
Oct 14 22:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: Failed password for root from 85.214.60.241 port 48112 ssh2
Oct 14 22:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: Connection closed by 85.214.60.241 port 48112 [preauth]
Oct 14 22:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12309]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12308]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12305]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12383]: Successful su for rubyman by root
Oct 14 22:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12383]: + ??? root:rubyman
Oct 14 22:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12383]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413916 of user rubyman.
Oct 14 22:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12383]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413916.
Oct 14 22:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12293]: Failed password for root from 85.214.60.241 port 53698 ssh2
Oct 14 22:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12293]: Connection closed by 85.214.60.241 port 53698 [preauth]
Oct 14 22:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 22:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8747]: pam_unix(cron:session): session closed for user root
Oct 14 22:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12496]: Failed password for root from 186.124.138.154 port 45570 ssh2
Oct 14 22:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12422]: Failed password for root from 85.214.60.241 port 58514 ssh2
Oct 14 22:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12496]: Received disconnect from 186.124.138.154 port 45570:11: Bye Bye [preauth]
Oct 14 22:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12496]: Disconnected from 186.124.138.154 port 45570 [preauth]
Oct 14 22:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12422]: Connection closed by 85.214.60.241 port 58514 [preauth]
Oct 14 22:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12585]: Failed password for root from 85.214.60.241 port 35152 ssh2
Oct 14 22:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12307]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12585]: Connection closed by 85.214.60.241 port 35152 [preauth]
Oct 14 22:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=root
Oct 14 22:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12647]: Failed password for root from 85.214.60.241 port 40518 ssh2
Oct 14 22:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12647]: Connection closed by 85.214.60.241 port 40518 [preauth]
Oct 14 22:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: Invalid user user from 85.214.60.241
Oct 14 22:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: input_userauth_request: invalid user user [preauth]
Oct 14 22:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: Failed password for invalid user user from 85.214.60.241 port 45998 ssh2
Oct 14 22:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: Connection closed by 85.214.60.241 port 45998 [preauth]
Oct 14 22:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12707]: Invalid user user from 107.175.189.123
Oct 14 22:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12707]: input_userauth_request: invalid user user [preauth]
Oct 14 22:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12707]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123
Oct 14 22:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12707]: Failed password for invalid user user from 107.175.189.123 port 58672 ssh2
Oct 14 22:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12707]: Received disconnect from 107.175.189.123 port 58672:11: Bye Bye [preauth]
Oct 14 22:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12707]: Disconnected from 107.175.189.123 port 58672 [preauth]
Oct 14 22:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: Invalid user user from 85.214.60.241
Oct 14 22:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: input_userauth_request: invalid user user [preauth]
Oct 14 22:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: Failed password for invalid user user from 85.214.60.241 port 51144 ssh2
Oct 14 22:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11191]: pam_unix(cron:session): session closed for user root
Oct 14 22:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12728]: Invalid user weblogic from 64.119.29.140
Oct 14 22:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12728]: input_userauth_request: invalid user weblogic [preauth]
Oct 14 22:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12728]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140
Oct 14 22:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12710]: Connection closed by 85.214.60.241 port 51144 [preauth]
Oct 14 22:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12728]: Failed password for invalid user weblogic from 64.119.29.140 port 57998 ssh2
Oct 14 22:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12728]: Received disconnect from 64.119.29.140 port 57998:11: Bye Bye [preauth]
Oct 14 22:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12728]: Disconnected from 64.119.29.140 port 57998 [preauth]
Oct 14 22:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Invalid user student4 from 42.49.216.35
Oct 14 22:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: input_userauth_request: invalid user student4 [preauth]
Oct 14 22:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.49.216.35
Oct 14 22:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12751]: Invalid user user from 85.214.60.241
Oct 14 22:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12751]: input_userauth_request: invalid user user [preauth]
Oct 14 22:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12751]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Failed password for invalid user student4 from 42.49.216.35 port 40090 ssh2
Oct 14 22:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Received disconnect from 42.49.216.35 port 40090:11: Bye Bye [preauth]
Oct 14 22:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Disconnected from 42.49.216.35 port 40090 [preauth]
Oct 14 22:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12751]: Failed password for invalid user user from 85.214.60.241 port 56706 ssh2
Oct 14 22:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12751]: Connection closed by 85.214.60.241 port 56706 [preauth]
Oct 14 22:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Invalid user user from 85.214.60.241
Oct 14 22:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: input_userauth_request: invalid user user [preauth]
Oct 14 22:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Failed password for invalid user user from 85.214.60.241 port 33216 ssh2
Oct 14 22:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Connection closed by 85.214.60.241 port 33216 [preauth]
Oct 14 22:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: Invalid user juan from 202.125.94.71
Oct 14 22:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: input_userauth_request: invalid user juan [preauth]
Oct 14 22:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71
Oct 14 22:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12800]: Invalid user user from 85.214.60.241
Oct 14 22:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12800]: input_userauth_request: invalid user user [preauth]
Oct 14 22:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12800]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: Failed password for invalid user juan from 202.125.94.71 port 59476 ssh2
Oct 14 22:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: Received disconnect from 202.125.94.71 port 59476:11: Bye Bye [preauth]
Oct 14 22:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: Disconnected from 202.125.94.71 port 59476 [preauth]
Oct 14 22:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12800]: Failed password for invalid user user from 85.214.60.241 port 38308 ssh2
Oct 14 22:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12800]: Connection closed by 85.214.60.241 port 38308 [preauth]
Oct 14 22:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12832]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12833]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12834]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12831]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12834]: pam_unix(cron:session): session closed for user root
Oct 14 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12829]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Invalid user user from 85.214.60.241
Oct 14 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: input_userauth_request: invalid user user [preauth]
Oct 14 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12935]: Successful su for rubyman by root
Oct 14 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12935]: + ??? root:rubyman
Oct 14 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413919 of user rubyman.
Oct 14 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12935]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413919.
Oct 14 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Failed password for invalid user user from 85.214.60.241 port 43268 ssh2
Oct 14 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Connection closed by 85.214.60.241 port 43268 [preauth]
Oct 14 22:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: Invalid user user from 85.214.60.241
Oct 14 22:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: input_userauth_request: invalid user user [preauth]
Oct 14 22:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12831]: pam_unix(cron:session): session closed for user root
Oct 14 22:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: Invalid user devuser from 74.94.234.151
Oct 14 22:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: input_userauth_request: invalid user devuser [preauth]
Oct 14 22:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: Failed password for invalid user devuser from 74.94.234.151 port 40428 ssh2
Oct 14 22:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9494]: pam_unix(cron:session): session closed for user root
Oct 14 22:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: Received disconnect from 74.94.234.151 port 40428:11: Bye Bye [preauth]
Oct 14 22:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13060]: Disconnected from 74.94.234.151 port 40428 [preauth]
Oct 14 22:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: Failed password for invalid user user from 85.214.60.241 port 48578 ssh2
Oct 14 22:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: Connection closed by 85.214.60.241 port 48578 [preauth]
Oct 14 22:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: Invalid user user from 85.214.60.241
Oct 14 22:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: input_userauth_request: invalid user user [preauth]
Oct 14 22:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: Failed password for invalid user user from 85.214.60.241 port 53502 ssh2
Oct 14 22:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: Connection closed by 85.214.60.241 port 53502 [preauth]
Oct 14 22:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12830]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Invalid user user from 85.214.60.241
Oct 14 22:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: input_userauth_request: invalid user user [preauth]
Oct 14 22:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Failed password for invalid user user from 85.214.60.241 port 58446 ssh2
Oct 14 22:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Connection closed by 85.214.60.241 port 58446 [preauth]
Oct 14 22:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: Invalid user user from 85.214.60.241
Oct 14 22:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: input_userauth_request: invalid user user [preauth]
Oct 14 22:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: Invalid user sebastien from 41.93.28.23
Oct 14 22:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: input_userauth_request: invalid user sebastien [preauth]
Oct 14 22:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 22:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: Failed password for invalid user sebastien from 41.93.28.23 port 60160 ssh2
Oct 14 22:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: Received disconnect from 41.93.28.23 port 60160:11: Bye Bye [preauth]
Oct 14 22:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13361]: Disconnected from 41.93.28.23 port 60160 [preauth]
Oct 14 22:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: Failed password for invalid user user from 85.214.60.241 port 34978 ssh2
Oct 14 22:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13357]: Connection closed by 85.214.60.241 port 34978 [preauth]
Oct 14 22:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: Invalid user user from 85.214.60.241
Oct 14 22:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: input_userauth_request: invalid user user [preauth]
Oct 14 22:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: Failed password for invalid user user from 85.214.60.241 port 40550 ssh2
Oct 14 22:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: Connection closed by 85.214.60.241 port 40550 [preauth]
Oct 14 22:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11794]: pam_unix(cron:session): session closed for user root
Oct 14 22:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: Invalid user user from 85.214.60.241
Oct 14 22:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: input_userauth_request: invalid user user [preauth]
Oct 14 22:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 14 22:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: Failed password for root from 62.60.131.157 port 62680 ssh2
Oct 14 22:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: Failed password for invalid user user from 85.214.60.241 port 45652 ssh2
Oct 14 22:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13413]: Connection closed by 85.214.60.241 port 45652 [preauth]
Oct 14 22:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: Failed password for root from 62.60.131.157 port 62680 ssh2
Oct 14 22:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: Invalid user user from 186.124.138.154
Oct 14 22:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: input_userauth_request: invalid user user [preauth]
Oct 14 22:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 22:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: Failed password for root from 62.60.131.157 port 62680 ssh2
Oct 14 22:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13450]: Invalid user user from 85.214.60.241
Oct 14 22:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13450]: input_userauth_request: invalid user user [preauth]
Oct 14 22:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13450]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: Failed password for invalid user user from 186.124.138.154 port 38302 ssh2
Oct 14 22:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: Received disconnect from 186.124.138.154 port 38302:11: Bye Bye [preauth]
Oct 14 22:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13461]: Disconnected from 186.124.138.154 port 38302 [preauth]
Oct 14 22:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: Failed password for root from 62.60.131.157 port 62680 ssh2
Oct 14 22:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13450]: Failed password for invalid user user from 85.214.60.241 port 50736 ssh2
Oct 14 22:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13450]: Connection closed by 85.214.60.241 port 50736 [preauth]
Oct 14 22:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: Failed password for root from 62.60.131.157 port 62680 ssh2
Oct 14 22:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: Received disconnect from 62.60.131.157 port 62680:11: Bye [preauth]
Oct 14 22:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: Disconnected from 62.60.131.157 port 62680 [preauth]
Oct 14 22:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 14 22:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 22:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13483]: Invalid user user from 85.214.60.241
Oct 14 22:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13483]: input_userauth_request: invalid user user [preauth]
Oct 14 22:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13483]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13483]: Failed password for invalid user user from 85.214.60.241 port 56552 ssh2
Oct 14 22:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13483]: Connection closed by 85.214.60.241 port 56552 [preauth]
Oct 14 22:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13495]: Invalid user user from 85.214.60.241
Oct 14 22:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13495]: input_userauth_request: invalid user user [preauth]
Oct 14 22:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13495]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13518]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13517]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13510]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13495]: Failed password for invalid user user from 85.214.60.241 port 49528 ssh2
Oct 14 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13594]: Successful su for rubyman by root
Oct 14 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13594]: + ??? root:rubyman
Oct 14 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413923 of user rubyman.
Oct 14 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13594]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413923.
Oct 14 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13495]: Connection closed by 85.214.60.241 port 49528 [preauth]
Oct 14 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140  user=root
Oct 14 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13619]: Invalid user user from 85.214.60.241
Oct 14 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13619]: input_userauth_request: invalid user user [preauth]
Oct 14 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: Invalid user rramirez from 107.175.189.123
Oct 14 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: input_userauth_request: invalid user rramirez [preauth]
Oct 14 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123
Oct 14 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13619]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13656]: Failed password for root from 64.119.29.140 port 52662 ssh2
Oct 14 22:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13656]: Received disconnect from 64.119.29.140 port 52662:11: Bye Bye [preauth]
Oct 14 22:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13656]: Disconnected from 64.119.29.140 port 52662 [preauth]
Oct 14 22:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: Failed password for invalid user rramirez from 107.175.189.123 port 39122 ssh2
Oct 14 22:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: Received disconnect from 107.175.189.123 port 39122:11: Bye Bye [preauth]
Oct 14 22:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13678]: Disconnected from 107.175.189.123 port 39122 [preauth]
Oct 14 22:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13619]: Failed password for invalid user user from 85.214.60.241 port 40712 ssh2
Oct 14 22:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13619]: Connection closed by 85.214.60.241 port 40712 [preauth]
Oct 14 22:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10141]: pam_unix(cron:session): session closed for user root
Oct 14 22:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13788]: Invalid user user from 85.214.60.241
Oct 14 22:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13788]: input_userauth_request: invalid user user [preauth]
Oct 14 22:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13788]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13788]: Failed password for invalid user user from 85.214.60.241 port 46700 ssh2
Oct 14 22:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13512]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13788]: Connection closed by 85.214.60.241 port 46700 [preauth]
Oct 14 22:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13872]: Invalid user user from 85.214.60.241
Oct 14 22:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13872]: input_userauth_request: invalid user user [preauth]
Oct 14 22:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13872]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13872]: Failed password for invalid user user from 85.214.60.241 port 52296 ssh2
Oct 14 22:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13872]: Connection closed by 85.214.60.241 port 52296 [preauth]
Oct 14 22:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13894]: Invalid user user from 85.214.60.241
Oct 14 22:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13894]: input_userauth_request: invalid user user [preauth]
Oct 14 22:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13894]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13894]: Failed password for invalid user user from 85.214.60.241 port 57392 ssh2
Oct 14 22:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13894]: Connection closed by 85.214.60.241 port 57392 [preauth]
Oct 14 22:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: Invalid user prueba from 202.125.94.71
Oct 14 22:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: input_userauth_request: invalid user prueba [preauth]
Oct 14 22:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71
Oct 14 22:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: Failed password for invalid user prueba from 202.125.94.71 port 36170 ssh2
Oct 14 22:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: Received disconnect from 202.125.94.71 port 36170:11: Bye Bye [preauth]
Oct 14 22:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13918]: Disconnected from 202.125.94.71 port 36170 [preauth]
Oct 14 22:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: Invalid user user from 85.214.60.241
Oct 14 22:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: input_userauth_request: invalid user user [preauth]
Oct 14 22:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: Failed password for invalid user user from 85.214.60.241 port 33912 ssh2
Oct 14 22:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: Connection closed by 85.214.60.241 port 33912 [preauth]
Oct 14 22:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12309]: pam_unix(cron:session): session closed for user root
Oct 14 22:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: Invalid user user from 85.214.60.241
Oct 14 22:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: input_userauth_request: invalid user user [preauth]
Oct 14 22:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: Failed password for invalid user user from 85.214.60.241 port 39970 ssh2
Oct 14 22:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: Connection closed by 85.214.60.241 port 39970 [preauth]
Oct 14 22:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13979]: Invalid user user from 85.214.60.241
Oct 14 22:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13979]: input_userauth_request: invalid user user [preauth]
Oct 14 22:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13979]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151  user=root
Oct 14 22:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13979]: Failed password for invalid user user from 85.214.60.241 port 46578 ssh2
Oct 14 22:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13979]: Connection closed by 85.214.60.241 port 46578 [preauth]
Oct 14 22:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Failed password for root from 74.94.234.151 port 44980 ssh2
Oct 14 22:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Received disconnect from 74.94.234.151 port 44980:11: Bye Bye [preauth]
Oct 14 22:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Disconnected from 74.94.234.151 port 44980 [preauth]
Oct 14 22:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: Invalid user user from 85.214.60.241
Oct 14 22:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: input_userauth_request: invalid user user [preauth]
Oct 14 22:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: Failed password for invalid user user from 85.214.60.241 port 51700 ssh2
Oct 14 22:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: Connection closed by 85.214.60.241 port 51700 [preauth]
Oct 14 22:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14122]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14123]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14120]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14017]: Invalid user user from 85.214.60.241
Oct 14 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14017]: input_userauth_request: invalid user user [preauth]
Oct 14 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14017]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14195]: Successful su for rubyman by root
Oct 14 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14195]: + ??? root:rubyman
Oct 14 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413927 of user rubyman.
Oct 14 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14195]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413927.
Oct 14 22:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14017]: Failed password for invalid user user from 85.214.60.241 port 56968 ssh2
Oct 14 22:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14017]: Connection closed by 85.214.60.241 port 56968 [preauth]
Oct 14 22:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Invalid user user from 85.214.60.241
Oct 14 22:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: input_userauth_request: invalid user user [preauth]
Oct 14 22:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10692]: pam_unix(cron:session): session closed for user root
Oct 14 22:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Failed password for invalid user user from 85.214.60.241 port 34032 ssh2
Oct 14 22:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Connection closed by 85.214.60.241 port 34032 [preauth]
Oct 14 22:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14384]: Invalid user user from 85.214.60.241
Oct 14 22:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14384]: input_userauth_request: invalid user user [preauth]
Oct 14 22:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14384]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14121]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14384]: Failed password for invalid user user from 85.214.60.241 port 39252 ssh2
Oct 14 22:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14384]: Connection closed by 85.214.60.241 port 39252 [preauth]
Oct 14 22:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: Invalid user user from 85.214.60.241
Oct 14 22:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: input_userauth_request: invalid user user [preauth]
Oct 14 22:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: Failed password for invalid user user from 85.214.60.241 port 44486 ssh2
Oct 14 22:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 22:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14427]: Connection closed by 85.214.60.241 port 44486 [preauth]
Oct 14 22:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: Invalid user tom from 41.93.28.23
Oct 14 22:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: input_userauth_request: invalid user tom [preauth]
Oct 14 22:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 22:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Failed password for root from 186.124.138.154 port 47030 ssh2
Oct 14 22:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Received disconnect from 186.124.138.154 port 47030:11: Bye Bye [preauth]
Oct 14 22:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Disconnected from 186.124.138.154 port 47030 [preauth]
Oct 14 22:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: Invalid user user from 85.214.60.241
Oct 14 22:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: input_userauth_request: invalid user user [preauth]
Oct 14 22:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: Failed password for invalid user tom from 41.93.28.23 port 38376 ssh2
Oct 14 22:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: Received disconnect from 41.93.28.23 port 38376:11: Bye Bye [preauth]
Oct 14 22:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: Disconnected from 41.93.28.23 port 38376 [preauth]
Oct 14 22:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: Failed password for invalid user user from 85.214.60.241 port 50074 ssh2
Oct 14 22:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: Connection closed by 85.214.60.241 port 50074 [preauth]
Oct 14 22:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: Invalid user alba from 64.119.29.140
Oct 14 22:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: input_userauth_request: invalid user alba [preauth]
Oct 14 22:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140
Oct 14 22:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: Invalid user user from 85.214.60.241
Oct 14 22:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: input_userauth_request: invalid user user [preauth]
Oct 14 22:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: Connection closed by 86.54.31.40 port 44254 [preauth]
Oct 14 22:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: Failed password for invalid user alba from 64.119.29.140 port 36266 ssh2
Oct 14 22:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: Received disconnect from 64.119.29.140 port 36266:11: Bye Bye [preauth]
Oct 14 22:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: Disconnected from 64.119.29.140 port 36266 [preauth]
Oct 14 22:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14525]: Connection closed by 86.54.31.40 port 44268 [preauth]
Oct 14 22:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12833]: pam_unix(cron:session): session closed for user root
Oct 14 22:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: Failed password for invalid user user from 85.214.60.241 port 55636 ssh2
Oct 14 22:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14488]: Connection closed by 85.214.60.241 port 55636 [preauth]
Oct 14 22:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123  user=root
Oct 14 22:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: Invalid user user from 85.214.60.241
Oct 14 22:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: input_userauth_request: invalid user user [preauth]
Oct 14 22:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Failed password for root from 107.175.189.123 port 47810 ssh2
Oct 14 22:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Received disconnect from 107.175.189.123 port 47810:11: Bye Bye [preauth]
Oct 14 22:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Disconnected from 107.175.189.123 port 47810 [preauth]
Oct 14 22:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: Failed password for invalid user user from 85.214.60.241 port 33004 ssh2
Oct 14 22:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14534]: Connection closed by 85.214.60.241 port 33004 [preauth]
Oct 14 22:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: Invalid user user from 85.214.60.241
Oct 14 22:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: input_userauth_request: invalid user user [preauth]
Oct 14 22:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: Failed password for invalid user user from 85.214.60.241 port 38534 ssh2
Oct 14 22:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: Connection closed by 85.214.60.241 port 38534 [preauth]
Oct 14 22:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14592]: Invalid user user from 85.214.60.241
Oct 14 22:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14592]: input_userauth_request: invalid user user [preauth]
Oct 14 22:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14592]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14608]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14607]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14604]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14673]: Successful su for rubyman by root
Oct 14 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14673]: + ??? root:rubyman
Oct 14 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413931 of user rubyman.
Oct 14 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14673]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413931.
Oct 14 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14592]: Failed password for invalid user user from 85.214.60.241 port 43914 ssh2
Oct 14 22:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14592]: Connection closed by 85.214.60.241 port 43914 [preauth]
Oct 14 22:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: Invalid user ubuntu from 202.125.94.71
Oct 14 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71
Oct 14 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14705]: Invalid user user from 85.214.60.241
Oct 14 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14705]: input_userauth_request: invalid user user [preauth]
Oct 14 22:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14705]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: Failed password for invalid user ubuntu from 202.125.94.71 port 40942 ssh2
Oct 14 22:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: Received disconnect from 202.125.94.71 port 40942:11: Bye Bye [preauth]
Oct 14 22:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: Disconnected from 202.125.94.71 port 40942 [preauth]
Oct 14 22:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14705]: Failed password for invalid user user from 85.214.60.241 port 48808 ssh2
Oct 14 22:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11189]: pam_unix(cron:session): session closed for user root
Oct 14 22:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14705]: Connection closed by 85.214.60.241 port 48808 [preauth]
Oct 14 22:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: Invalid user user from 85.214.60.241
Oct 14 22:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: input_userauth_request: invalid user user [preauth]
Oct 14 22:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14605]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: Failed password for invalid user user from 85.214.60.241 port 53756 ssh2
Oct 14 22:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14879]: Connection closed by 85.214.60.241 port 53756 [preauth]
Oct 14 22:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: Invalid user user from 85.214.60.241
Oct 14 22:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: input_userauth_request: invalid user user [preauth]
Oct 14 22:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: Failed password for invalid user user from 85.214.60.241 port 59514 ssh2
Oct 14 22:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14937]: Connection closed by 85.214.60.241 port 59514 [preauth]
Oct 14 22:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14954]: Invalid user user from 85.214.60.241
Oct 14 22:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14954]: input_userauth_request: invalid user user [preauth]
Oct 14 22:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14954]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14954]: Failed password for invalid user user from 85.214.60.241 port 36698 ssh2
Oct 14 22:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14954]: Connection closed by 85.214.60.241 port 36698 [preauth]
Oct 14 22:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14988]: Invalid user user from 85.214.60.241
Oct 14 22:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14988]: input_userauth_request: invalid user user [preauth]
Oct 14 22:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14988]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13518]: pam_unix(cron:session): session closed for user root
Oct 14 22:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14988]: Failed password for invalid user user from 85.214.60.241 port 41456 ssh2
Oct 14 22:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14988]: Connection closed by 85.214.60.241 port 41456 [preauth]
Oct 14 22:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: Invalid user user1 from 74.94.234.151
Oct 14 22:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: input_userauth_request: invalid user user1 [preauth]
Oct 14 22:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: Failed password for invalid user user1 from 74.94.234.151 port 49520 ssh2
Oct 14 22:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: Received disconnect from 74.94.234.151 port 49520:11: Bye Bye [preauth]
Oct 14 22:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15030]: Disconnected from 74.94.234.151 port 49520 [preauth]
Oct 14 22:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: Invalid user user from 85.214.60.241
Oct 14 22:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: input_userauth_request: invalid user user [preauth]
Oct 14 22:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: Failed password for invalid user user from 85.214.60.241 port 46636 ssh2
Oct 14 22:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15033]: Connection closed by 85.214.60.241 port 46636 [preauth]
Oct 14 22:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15149]: Invalid user user from 85.214.60.241
Oct 14 22:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15149]: input_userauth_request: invalid user user [preauth]
Oct 14 22:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15149]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15149]: Failed password for invalid user user from 85.214.60.241 port 51804 ssh2
Oct 14 22:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15149]: Connection closed by 85.214.60.241 port 51804 [preauth]
Oct 14 22:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15166]: Invalid user user from 85.214.60.241
Oct 14 22:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15166]: input_userauth_request: invalid user user [preauth]
Oct 14 22:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15166]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15181]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15182]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15179]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15166]: Failed password for invalid user user from 85.214.60.241 port 57250 ssh2
Oct 14 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15265]: Successful su for rubyman by root
Oct 14 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15265]: + ??? root:rubyman
Oct 14 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413935 of user rubyman.
Oct 14 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15265]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413935.
Oct 14 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15166]: Connection closed by 85.214.60.241 port 57250 [preauth]
Oct 14 22:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 14 22:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: Invalid user user from 85.214.60.241
Oct 14 22:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: input_userauth_request: invalid user user [preauth]
Oct 14 22:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: Failed password for root from 116.177.173.185 port 38312 ssh2
Oct 14 22:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: Connection closed by 116.177.173.185 port 38312 [preauth]
Oct 14 22:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: Failed password for invalid user user from 85.214.60.241 port 34766 ssh2
Oct 14 22:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Invalid user admin from 116.177.173.185
Oct 14 22:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11793]: pam_unix(cron:session): session closed for user root
Oct 14 22:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: Connection closed by 85.214.60.241 port 34766 [preauth]
Oct 14 22:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15456]: Invalid user patrick from 64.119.29.140
Oct 14 22:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15456]: input_userauth_request: invalid user patrick [preauth]
Oct 14 22:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15456]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140
Oct 14 22:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Failed password for invalid user admin from 116.177.173.185 port 40280 ssh2
Oct 14 22:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Connection closed by 116.177.173.185 port 40280 [preauth]
Oct 14 22:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15471]: Invalid user systems from 186.124.138.154
Oct 14 22:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15471]: input_userauth_request: invalid user systems [preauth]
Oct 14 22:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15471]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 22:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: Invalid user git from 116.177.173.185
Oct 14 22:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: input_userauth_request: invalid user git [preauth]
Oct 14 22:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15456]: Failed password for invalid user patrick from 64.119.29.140 port 50102 ssh2
Oct 14 22:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15456]: Received disconnect from 64.119.29.140 port 50102:11: Bye Bye [preauth]
Oct 14 22:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15456]: Disconnected from 64.119.29.140 port 50102 [preauth]
Oct 14 22:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: Invalid user user from 85.214.60.241
Oct 14 22:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: input_userauth_request: invalid user user [preauth]
Oct 14 22:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15471]: Failed password for invalid user systems from 186.124.138.154 port 54230 ssh2
Oct 14 22:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15471]: Received disconnect from 186.124.138.154 port 54230:11: Bye Bye [preauth]
Oct 14 22:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15471]: Disconnected from 186.124.138.154 port 54230 [preauth]
Oct 14 22:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: Failed password for invalid user git from 116.177.173.185 port 42172 ssh2
Oct 14 22:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15475]: Connection closed by 116.177.173.185 port 42172 [preauth]
Oct 14 22:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: Failed password for invalid user user from 85.214.60.241 port 39786 ssh2
Oct 14 22:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: Invalid user postgres from 116.177.173.185
Oct 14 22:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: input_userauth_request: invalid user postgres [preauth]
Oct 14 22:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: Connection closed by 85.214.60.241 port 39786 [preauth]
Oct 14 22:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15180]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: Failed password for invalid user postgres from 116.177.173.185 port 44392 ssh2
Oct 14 22:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: Connection closed by 116.177.173.185 port 44392 [preauth]
Oct 14 22:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: Invalid user deploy from 116.177.173.185
Oct 14 22:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: input_userauth_request: invalid user deploy [preauth]
Oct 14 22:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: Invalid user user from 85.214.60.241
Oct 14 22:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: input_userauth_request: invalid user user [preauth]
Oct 14 22:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: Failed password for invalid user deploy from 116.177.173.185 port 46256 ssh2
Oct 14 22:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: Connection closed by 116.177.173.185 port 46256 [preauth]
Oct 14 22:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: Invalid user ubuntu from 116.177.173.185
Oct 14 22:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Invalid user patrick from 107.175.189.123
Oct 14 22:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: input_userauth_request: invalid user patrick [preauth]
Oct 14 22:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123
Oct 14 22:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: Failed password for invalid user user from 85.214.60.241 port 44636 ssh2
Oct 14 22:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: Failed password for invalid user ubuntu from 116.177.173.185 port 48078 ssh2
Oct 14 22:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: Connection closed by 116.177.173.185 port 48078 [preauth]
Oct 14 22:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15500]: Connection closed by 85.214.60.241 port 44636 [preauth]
Oct 14 22:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 14 22:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Failed password for invalid user patrick from 107.175.189.123 port 56498 ssh2
Oct 14 22:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Received disconnect from 107.175.189.123 port 56498:11: Bye Bye [preauth]
Oct 14 22:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Disconnected from 107.175.189.123 port 56498 [preauth]
Oct 14 22:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: Failed password for root from 116.177.173.185 port 50152 ssh2
Oct 14 22:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: Invalid user user from 85.214.60.241
Oct 14 22:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: input_userauth_request: invalid user user [preauth]
Oct 14 22:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: Connection closed by 116.177.173.185 port 50152 [preauth]
Oct 14 22:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 14 22:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: Failed password for invalid user user from 85.214.60.241 port 50720 ssh2
Oct 14 22:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15567]: Failed password for root from 116.177.173.185 port 52132 ssh2
Oct 14 22:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15567]: Connection closed by 116.177.173.185 port 52132 [preauth]
Oct 14 22:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15551]: Connection closed by 85.214.60.241 port 50720 [preauth]
Oct 14 22:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 14 22:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Invalid user kyle from 41.93.28.23
Oct 14 22:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: input_userauth_request: invalid user kyle [preauth]
Oct 14 22:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 22:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15588]: Failed password for root from 116.177.173.185 port 53936 ssh2
Oct 14 22:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15588]: Connection closed by 116.177.173.185 port 53936 [preauth]
Oct 14 22:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Failed password for invalid user kyle from 41.93.28.23 port 56708 ssh2
Oct 14 22:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15590]: Invalid user user from 85.214.60.241
Oct 14 22:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15590]: input_userauth_request: invalid user user [preauth]
Oct 14 22:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Received disconnect from 41.93.28.23 port 56708:11: Bye Bye [preauth]
Oct 14 22:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Disconnected from 41.93.28.23 port 56708 [preauth]
Oct 14 22:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 14 22:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15590]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14123]: pam_unix(cron:session): session closed for user root
Oct 14 22:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Failed password for root from 116.177.173.185 port 55934 ssh2
Oct 14 22:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15590]: Failed password for invalid user user from 85.214.60.241 port 58798 ssh2
Oct 14 22:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Connection closed by 116.177.173.185 port 55934 [preauth]
Oct 14 22:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: Invalid user debian from 116.177.173.185
Oct 14 22:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15590]: Connection closed by 85.214.60.241 port 58798 [preauth]
Oct 14 22:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: Failed password for invalid user debian from 116.177.173.185 port 58226 ssh2
Oct 14 22:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15631]: Connection closed by 116.177.173.185 port 58226 [preauth]
Oct 14 22:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Invalid user postgres from 116.177.173.185
Oct 14 22:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: input_userauth_request: invalid user postgres [preauth]
Oct 14 22:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15635]: Invalid user user from 85.214.60.241
Oct 14 22:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15635]: input_userauth_request: invalid user user [preauth]
Oct 14 22:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Failed password for invalid user postgres from 116.177.173.185 port 60050 ssh2
Oct 14 22:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15635]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Connection closed by 116.177.173.185 port 60050 [preauth]
Oct 14 22:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: Invalid user esuser from 116.177.173.185
Oct 14 22:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: input_userauth_request: invalid user esuser [preauth]
Oct 14 22:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15635]: Failed password for invalid user user from 85.214.60.241 port 36080 ssh2
Oct 14 22:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15635]: Connection closed by 85.214.60.241 port 36080 [preauth]
Oct 14 22:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: Failed password for invalid user esuser from 116.177.173.185 port 33484 ssh2
Oct 14 22:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15655]: Connection closed by 116.177.173.185 port 33484 [preauth]
Oct 14 22:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: Invalid user test from 116.177.173.185
Oct 14 22:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: input_userauth_request: invalid user test [preauth]
Oct 14 22:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71  user=root
Oct 14 22:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: Invalid user user from 85.214.60.241
Oct 14 22:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: input_userauth_request: invalid user user [preauth]
Oct 14 22:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: Failed password for invalid user test from 116.177.173.185 port 35742 ssh2
Oct 14 22:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15682]: Connection closed by 116.177.173.185 port 35742 [preauth]
Oct 14 22:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: Failed password for root from 202.125.94.71 port 45702 ssh2
Oct 14 22:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: Received disconnect from 202.125.94.71 port 45702:11: Bye Bye [preauth]
Oct 14 22:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: Disconnected from 202.125.94.71 port 45702 [preauth]
Oct 14 22:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: Invalid user vpn from 116.177.173.185
Oct 14 22:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: input_userauth_request: invalid user vpn [preauth]
Oct 14 22:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: Failed password for invalid user user from 85.214.60.241 port 41716 ssh2
Oct 14 22:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: Connection closed by 85.214.60.241 port 41716 [preauth]
Oct 14 22:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: Failed password for invalid user vpn from 116.177.173.185 port 37702 ssh2
Oct 14 22:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: Connection closed by 116.177.173.185 port 37702 [preauth]
Oct 14 22:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 14 22:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: Invalid user user from 85.214.60.241
Oct 14 22:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: input_userauth_request: invalid user user [preauth]
Oct 14 22:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15702]: Failed password for root from 116.177.173.185 port 39790 ssh2
Oct 14 22:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15702]: Connection closed by 116.177.173.185 port 39790 [preauth]
Oct 14 22:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15717]: Invalid user admin from 116.177.173.185
Oct 14 22:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15717]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15717]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Invalid user admin from 185.156.73.233
Oct 14 22:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 14 22:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: Failed password for invalid user user from 85.214.60.241 port 48248 ssh2
Oct 14 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15717]: Failed password for invalid user admin from 116.177.173.185 port 41780 ssh2
Oct 14 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15701]: Connection closed by 85.214.60.241 port 48248 [preauth]
Oct 14 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15717]: Connection closed by 116.177.173.185 port 41780 [preauth]
Oct 14 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15735]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15733]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15734]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15728]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15729]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15731]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15735]: pam_unix(cron:session): session closed for user root
Oct 14 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15728]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Failed password for invalid user admin from 185.156.73.233 port 48510 ssh2
Oct 14 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Connection closed by 185.156.73.233 port 48510 [preauth]
Oct 14 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15723]: Invalid user devops from 116.177.173.185
Oct 14 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15723]: input_userauth_request: invalid user devops [preauth]
Oct 14 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15723]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15809]: Successful su for rubyman by root
Oct 14 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15809]: + ??? root:rubyman
Oct 14 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413942 of user rubyman.
Oct 14 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15809]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413942.
Oct 14 22:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15723]: Failed password for invalid user devops from 116.177.173.185 port 43874 ssh2
Oct 14 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15723]: Connection closed by 116.177.173.185 port 43874 [preauth]
Oct 14 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: Invalid user guest from 116.177.173.185
Oct 14 22:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: input_userauth_request: invalid user guest [preauth]
Oct 14 22:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: Invalid user user from 85.214.60.241
Oct 14 22:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: input_userauth_request: invalid user user [preauth]
Oct 14 22:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: Failed password for invalid user guest from 116.177.173.185 port 45642 ssh2
Oct 14 22:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: Connection closed by 116.177.173.185 port 45642 [preauth]
Oct 14 22:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: Failed password for invalid user user from 85.214.60.241 port 57344 ssh2
Oct 14 22:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: Invalid user ubuntu from 116.177.173.185
Oct 14 22:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: Connection closed by 85.214.60.241 port 57344 [preauth]
Oct 14 22:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15731]: pam_unix(cron:session): session closed for user root
Oct 14 22:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12308]: pam_unix(cron:session): session closed for user root
Oct 14 22:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: Failed password for invalid user ubuntu from 116.177.173.185 port 47612 ssh2
Oct 14 22:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15929]: Connection closed by 116.177.173.185 port 47612 [preauth]
Oct 14 22:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Invalid user ansible from 116.177.173.185
Oct 14 22:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: input_userauth_request: invalid user ansible [preauth]
Oct 14 22:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: Invalid user user from 85.214.60.241
Oct 14 22:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: input_userauth_request: invalid user user [preauth]
Oct 14 22:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Failed password for invalid user ansible from 116.177.173.185 port 49748 ssh2
Oct 14 22:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Connection closed by 116.177.173.185 port 49748 [preauth]
Oct 14 22:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: Failed password for invalid user user from 85.214.60.241 port 37554 ssh2
Oct 14 22:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: Invalid user deploy from 116.177.173.185
Oct 14 22:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: input_userauth_request: invalid user deploy [preauth]
Oct 14 22:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15959]: Connection closed by 85.214.60.241 port 37554 [preauth]
Oct 14 22:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: Failed password for invalid user deploy from 116.177.173.185 port 51570 ssh2
Oct 14 22:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: Connection closed by 116.177.173.185 port 51570 [preauth]
Oct 14 22:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: Invalid user vpn from 116.177.173.185
Oct 14 22:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: input_userauth_request: invalid user vpn [preauth]
Oct 14 22:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15729]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Invalid user user from 85.214.60.241
Oct 14 22:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: input_userauth_request: invalid user user [preauth]
Oct 14 22:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: Failed password for invalid user vpn from 116.177.173.185 port 53748 ssh2
Oct 14 22:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: Connection closed by 116.177.173.185 port 53748 [preauth]
Oct 14 22:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: Invalid user admin from 116.177.173.185
Oct 14 22:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Failed password for invalid user user from 85.214.60.241 port 42426 ssh2
Oct 14 22:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Connection closed by 85.214.60.241 port 42426 [preauth]
Oct 14 22:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: Failed password for invalid user admin from 116.177.173.185 port 55698 ssh2
Oct 14 22:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: Connection closed by 116.177.173.185 port 55698 [preauth]
Oct 14 22:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: Invalid user zjw from 116.177.173.185
Oct 14 22:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: input_userauth_request: invalid user zjw [preauth]
Oct 14 22:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: Failed password for invalid user zjw from 116.177.173.185 port 57942 ssh2
Oct 14 22:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: Connection closed by 116.177.173.185 port 57942 [preauth]
Oct 14 22:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: Invalid user user from 85.214.60.241
Oct 14 22:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: input_userauth_request: invalid user user [preauth]
Oct 14 22:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Invalid user oracle from 116.177.173.185
Oct 14 22:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: input_userauth_request: invalid user oracle [preauth]
Oct 14 22:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: Invalid user debian from 74.94.234.151
Oct 14 22:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: Failed password for invalid user user from 85.214.60.241 port 48040 ssh2
Oct 14 22:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Failed password for invalid user oracle from 116.177.173.185 port 59732 ssh2
Oct 14 22:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: Failed password for invalid user debian from 74.94.234.151 port 54066 ssh2
Oct 14 22:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16126]: Connection closed by 116.177.173.185 port 59732 [preauth]
Oct 14 22:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: Received disconnect from 74.94.234.151 port 54066:11: Bye Bye [preauth]
Oct 14 22:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16128]: Disconnected from 74.94.234.151 port 54066 [preauth]
Oct 14 22:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16109]: Connection closed by 85.214.60.241 port 48040 [preauth]
Oct 14 22:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16134]: Invalid user testuser from 116.177.173.185
Oct 14 22:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16134]: input_userauth_request: invalid user testuser [preauth]
Oct 14 22:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16134]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16134]: Failed password for invalid user testuser from 116.177.173.185 port 33672 ssh2
Oct 14 22:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16134]: Connection closed by 116.177.173.185 port 33672 [preauth]
Oct 14 22:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Invalid user user from 116.177.173.185
Oct 14 22:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: input_userauth_request: invalid user user [preauth]
Oct 14 22:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16149]: Invalid user user from 85.214.60.241
Oct 14 22:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16149]: input_userauth_request: invalid user user [preauth]
Oct 14 22:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16149]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Failed password for invalid user user from 116.177.173.185 port 35866 ssh2
Oct 14 22:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14608]: pam_unix(cron:session): session closed for user root
Oct 14 22:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Connection closed by 116.177.173.185 port 35866 [preauth]
Oct 14 22:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16149]: Failed password for invalid user user from 85.214.60.241 port 53652 ssh2
Oct 14 22:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: Invalid user testuser from 116.177.173.185
Oct 14 22:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: input_userauth_request: invalid user testuser [preauth]
Oct 14 22:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16149]: Connection closed by 85.214.60.241 port 53652 [preauth]
Oct 14 22:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: Failed password for invalid user testuser from 116.177.173.185 port 38054 ssh2
Oct 14 22:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16177]: Connection closed by 116.177.173.185 port 38054 [preauth]
Oct 14 22:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 14 22:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: Invalid user user from 85.214.60.241
Oct 14 22:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: input_userauth_request: invalid user user [preauth]
Oct 14 22:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140  user=root
Oct 14 22:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: Failed password for root from 64.119.29.140 port 60912 ssh2
Oct 14 22:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: Received disconnect from 64.119.29.140 port 60912:11: Bye Bye [preauth]
Oct 14 22:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16206]: Disconnected from 64.119.29.140 port 60912 [preauth]
Oct 14 22:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: Failed password for root from 116.177.173.185 port 39948 ssh2
Oct 14 22:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16194]: Connection closed by 116.177.173.185 port 39948 [preauth]
Oct 14 22:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: Failed password for invalid user user from 85.214.60.241 port 59200 ssh2
Oct 14 22:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: Invalid user vpnuser from 116.177.173.185
Oct 14 22:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: input_userauth_request: invalid user vpnuser [preauth]
Oct 14 22:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: Connection closed by 85.214.60.241 port 59200 [preauth]
Oct 14 22:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: Failed password for invalid user vpnuser from 116.177.173.185 port 42418 ssh2
Oct 14 22:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: Connection closed by 116.177.173.185 port 42418 [preauth]
Oct 14 22:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: Invalid user pi from 116.177.173.185
Oct 14 22:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: input_userauth_request: invalid user pi [preauth]
Oct 14 22:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: Failed password for invalid user pi from 116.177.173.185 port 44320 ssh2
Oct 14 22:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: Invalid user user from 85.214.60.241
Oct 14 22:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: input_userauth_request: invalid user user [preauth]
Oct 14 22:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16238]: Connection closed by 116.177.173.185 port 44320 [preauth]
Oct 14 22:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 14 22:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Invalid user morteza from 186.124.138.154
Oct 14 22:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: input_userauth_request: invalid user morteza [preauth]
Oct 14 22:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 22:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: Failed password for invalid user user from 85.214.60.241 port 36308 ssh2
Oct 14 22:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16250]: Failed password for root from 116.177.173.185 port 46102 ssh2
Oct 14 22:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16250]: Connection closed by 116.177.173.185 port 46102 [preauth]
Oct 14 22:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: Connection closed by 85.214.60.241 port 36308 [preauth]
Oct 14 22:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: Invalid user ftpuser from 116.177.173.185
Oct 14 22:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 22:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Failed password for invalid user morteza from 186.124.138.154 port 47644 ssh2
Oct 14 22:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Received disconnect from 186.124.138.154 port 47644:11: Bye Bye [preauth]
Oct 14 22:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Disconnected from 186.124.138.154 port 47644 [preauth]
Oct 14 22:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: Failed password for invalid user ftpuser from 116.177.173.185 port 48102 ssh2
Oct 14 22:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16260]: Invalid user user from 85.214.60.241
Oct 14 22:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16260]: input_userauth_request: invalid user user [preauth]
Oct 14 22:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16258]: Connection closed by 116.177.173.185 port 48102 [preauth]
Oct 14 22:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16260]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: Invalid user steam from 116.177.173.185
Oct 14 22:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: input_userauth_request: invalid user steam [preauth]
Oct 14 22:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: Invalid user simon from 107.175.189.123
Oct 14 22:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: input_userauth_request: invalid user simon [preauth]
Oct 14 22:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123
Oct 14 22:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16260]: Failed password for invalid user user from 85.214.60.241 port 41594 ssh2
Oct 14 22:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: Failed password for invalid user steam from 116.177.173.185 port 50122 ssh2
Oct 14 22:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16274]: Connection closed by 116.177.173.185 port 50122 [preauth]
Oct 14 22:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16285]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16286]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16283]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16260]: Connection closed by 85.214.60.241 port 41594 [preauth]
Oct 14 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16279]: Invalid user fa from 116.177.173.185
Oct 14 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16279]: input_userauth_request: invalid user fa [preauth]
Oct 14 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: Failed password for invalid user simon from 107.175.189.123 port 36958 ssh2
Oct 14 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16279]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: Received disconnect from 107.175.189.123 port 36958:11: Bye Bye [preauth]
Oct 14 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16276]: Disconnected from 107.175.189.123 port 36958 [preauth]
Oct 14 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16383]: Successful su for rubyman by root
Oct 14 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16383]: + ??? root:rubyman
Oct 14 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16383]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413946 of user rubyman.
Oct 14 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16383]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413946.
Oct 14 22:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16279]: Failed password for invalid user fa from 116.177.173.185 port 52270 ssh2
Oct 14 22:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16279]: Connection closed by 116.177.173.185 port 52270 [preauth]
Oct 14 22:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Invalid user user from 85.214.60.241
Oct 14 22:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: input_userauth_request: invalid user user [preauth]
Oct 14 22:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 14 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: Failed password for root from 116.177.173.185 port 53878 ssh2
Oct 14 22:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16406]: Connection closed by 116.177.173.185 port 53878 [preauth]
Oct 14 22:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: Invalid user test from 116.177.173.185
Oct 14 22:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: input_userauth_request: invalid user test [preauth]
Oct 14 22:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Failed password for invalid user user from 85.214.60.241 port 47086 ssh2
Oct 14 22:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Connection closed by 85.214.60.241 port 47086 [preauth]
Oct 14 22:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: Failed password for invalid user test from 116.177.173.185 port 55660 ssh2
Oct 14 22:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16467]: Connection closed by 116.177.173.185 port 55660 [preauth]
Oct 14 22:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: Invalid user devopsuser from 116.177.173.185
Oct 14 22:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: input_userauth_request: invalid user devopsuser [preauth]
Oct 14 22:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12832]: pam_unix(cron:session): session closed for user root
Oct 14 22:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: Invalid user user from 85.214.60.241
Oct 14 22:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: input_userauth_request: invalid user user [preauth]
Oct 14 22:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: Failed password for invalid user devopsuser from 116.177.173.185 port 57648 ssh2
Oct 14 22:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16550]: Connection closed by 116.177.173.185 port 57648 [preauth]
Oct 14 22:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: Failed password for invalid user user from 85.214.60.241 port 52862 ssh2
Oct 14 22:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 14 22:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: Connection closed by 85.214.60.241 port 52862 [preauth]
Oct 14 22:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: Failed password for root from 116.177.173.185 port 59768 ssh2
Oct 14 22:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: Connection closed by 116.177.173.185 port 59768 [preauth]
Oct 14 22:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16627]: Invalid user es from 116.177.173.185
Oct 14 22:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16627]: input_userauth_request: invalid user es [preauth]
Oct 14 22:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16627]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16284]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16627]: Failed password for invalid user es from 116.177.173.185 port 33590 ssh2
Oct 14 22:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16627]: Connection closed by 116.177.173.185 port 33590 [preauth]
Oct 14 22:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: Invalid user user from 85.214.60.241
Oct 14 22:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: input_userauth_request: invalid user user [preauth]
Oct 14 22:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 14 22:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: Failed password for invalid user user from 85.214.60.241 port 57856 ssh2
Oct 14 22:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: Connection closed by 85.214.60.241 port 57856 [preauth]
Oct 14 22:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: Failed password for root from 116.177.173.185 port 35266 ssh2
Oct 14 22:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: Connection closed by 116.177.173.185 port 35266 [preauth]
Oct 14 22:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: Invalid user minecraft from 116.177.173.185
Oct 14 22:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: input_userauth_request: invalid user minecraft [preauth]
Oct 14 22:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: Failed password for invalid user minecraft from 116.177.173.185 port 37340 ssh2
Oct 14 22:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: Invalid user user from 85.214.60.241
Oct 14 22:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: input_userauth_request: invalid user user [preauth]
Oct 14 22:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: Connection closed by 116.177.173.185 port 37340 [preauth]
Oct 14 22:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16666]: Invalid user ubuntu from 116.177.173.185
Oct 14 22:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16666]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16666]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71  user=root
Oct 14 22:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: Failed password for invalid user user from 85.214.60.241 port 34672 ssh2
Oct 14 22:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16666]: Failed password for invalid user ubuntu from 116.177.173.185 port 39192 ssh2
Oct 14 22:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16666]: Connection closed by 116.177.173.185 port 39192 [preauth]
Oct 14 22:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16654]: Connection closed by 85.214.60.241 port 34672 [preauth]
Oct 14 22:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: Invalid user guest from 116.177.173.185
Oct 14 22:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: input_userauth_request: invalid user guest [preauth]
Oct 14 22:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Failed password for root from 202.125.94.71 port 50512 ssh2
Oct 14 22:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Received disconnect from 202.125.94.71 port 50512:11: Bye Bye [preauth]
Oct 14 22:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Disconnected from 202.125.94.71 port 50512 [preauth]
Oct 14 22:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: Failed password for invalid user guest from 116.177.173.185 port 41068 ssh2
Oct 14 22:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16696]: Connection closed by 116.177.173.185 port 41068 [preauth]
Oct 14 22:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16699]: Invalid user user from 85.214.60.241
Oct 14 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16699]: input_userauth_request: invalid user user [preauth]
Oct 14 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 14 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23  user=root
Oct 14 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16699]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: Failed password for root from 116.177.173.185 port 42882 ssh2
Oct 14 22:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: Failed password for root from 41.93.28.23 port 40552 ssh2
Oct 14 22:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16705]: Connection closed by 116.177.173.185 port 42882 [preauth]
Oct 14 22:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16699]: Failed password for invalid user user from 85.214.60.241 port 39650 ssh2
Oct 14 22:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: Received disconnect from 41.93.28.23 port 40552:11: Bye Bye [preauth]
Oct 14 22:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16702]: Disconnected from 41.93.28.23 port 40552 [preauth]
Oct 14 22:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16699]: Connection closed by 85.214.60.241 port 39650 [preauth]
Oct 14 22:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16714]: Invalid user admin from 116.177.173.185
Oct 14 22:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16714]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16714]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15182]: pam_unix(cron:session): session closed for user root
Oct 14 22:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16714]: Failed password for invalid user admin from 116.177.173.185 port 45002 ssh2
Oct 14 22:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16714]: Connection closed by 116.177.173.185 port 45002 [preauth]
Oct 14 22:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: Invalid user kafka from 116.177.173.185
Oct 14 22:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: input_userauth_request: invalid user kafka [preauth]
Oct 14 22:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: Invalid user user from 85.214.60.241
Oct 14 22:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: input_userauth_request: invalid user user [preauth]
Oct 14 22:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: Failed password for invalid user kafka from 116.177.173.185 port 46862 ssh2
Oct 14 22:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: Connection closed by 116.177.173.185 port 46862 [preauth]
Oct 14 22:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Invalid user user from 116.177.173.185
Oct 14 22:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: input_userauth_request: invalid user user [preauth]
Oct 14 22:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: Failed password for invalid user user from 85.214.60.241 port 44886 ssh2
Oct 14 22:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185
Oct 14 22:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: Connection closed by 85.214.60.241 port 44886 [preauth]
Oct 14 22:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Failed password for invalid user user from 116.177.173.185 port 49066 ssh2
Oct 14 22:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Connection closed by 116.177.173.185 port 49066 [preauth]
Oct 14 22:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 14 22:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16771]: Invalid user user from 85.214.60.241
Oct 14 22:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16771]: input_userauth_request: invalid user user [preauth]
Oct 14 22:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: Failed password for root from 116.177.173.185 port 50758 ssh2
Oct 14 22:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: Connection closed by 116.177.173.185 port 50758 [preauth]
Oct 14 22:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16771]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 14 22:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16771]: Failed password for invalid user user from 85.214.60.241 port 50308 ssh2
Oct 14 22:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: Failed password for root from 116.177.173.185 port 52624 ssh2
Oct 14 22:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16771]: Connection closed by 85.214.60.241 port 50308 [preauth]
Oct 14 22:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: Connection closed by 116.177.173.185 port 52624 [preauth]
Oct 14 22:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.177.173.185  user=root
Oct 14 22:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: Failed password for root from 116.177.173.185 port 54478 ssh2
Oct 14 22:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: Connection closed by 116.177.173.185 port 54478 [preauth]
Oct 14 22:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Invalid user user from 85.214.60.241
Oct 14 22:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: input_userauth_request: invalid user user [preauth]
Oct 14 22:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Failed password for invalid user user from 85.214.60.241 port 55140 ssh2
Oct 14 22:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Connection closed by 85.214.60.241 port 55140 [preauth]
Oct 14 22:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16837]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16836]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16834]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16905]: Successful su for rubyman by root
Oct 14 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16905]: + ??? root:rubyman
Oct 14 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413949 of user rubyman.
Oct 14 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16905]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413949.
Oct 14 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: Invalid user user from 85.214.60.241
Oct 14 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: input_userauth_request: invalid user user [preauth]
Oct 14 22:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: Failed password for invalid user user from 85.214.60.241 port 34136 ssh2
Oct 14 22:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16830]: Connection closed by 85.214.60.241 port 34136 [preauth]
Oct 14 22:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: Invalid user ts3 from 74.94.234.151
Oct 14 22:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: input_userauth_request: invalid user ts3 [preauth]
Oct 14 22:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: Invalid user user from 85.214.60.241
Oct 14 22:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: input_userauth_request: invalid user user [preauth]
Oct 14 22:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13517]: pam_unix(cron:session): session closed for user root
Oct 14 22:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: Failed password for invalid user ts3 from 74.94.234.151 port 58608 ssh2
Oct 14 22:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: Received disconnect from 74.94.234.151 port 58608:11: Bye Bye [preauth]
Oct 14 22:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17024]: Disconnected from 74.94.234.151 port 58608 [preauth]
Oct 14 22:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: Failed password for invalid user user from 85.214.60.241 port 42888 ssh2
Oct 14 22:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140  user=root
Oct 14 22:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: Connection closed by 85.214.60.241 port 42888 [preauth]
Oct 14 22:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: Failed password for root from 64.119.29.140 port 41336 ssh2
Oct 14 22:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: Received disconnect from 64.119.29.140 port 41336:11: Bye Bye [preauth]
Oct 14 22:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: Disconnected from 64.119.29.140 port 41336 [preauth]
Oct 14 22:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: Invalid user user from 85.214.60.241
Oct 14 22:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: input_userauth_request: invalid user user [preauth]
Oct 14 22:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16835]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: Failed password for invalid user user from 85.214.60.241 port 51768 ssh2
Oct 14 22:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: Connection closed by 85.214.60.241 port 51768 [preauth]
Oct 14 22:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: Invalid user user from 85.214.60.241
Oct 14 22:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: input_userauth_request: invalid user user [preauth]
Oct 14 22:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: Failed password for invalid user user from 85.214.60.241 port 58932 ssh2
Oct 14 22:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: Connection closed by 85.214.60.241 port 58932 [preauth]
Oct 14 22:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Invalid user user from 85.214.60.241
Oct 14 22:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: input_userauth_request: invalid user user [preauth]
Oct 14 22:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Failed password for invalid user user from 85.214.60.241 port 35748 ssh2
Oct 14 22:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Connection closed by 85.214.60.241 port 35748 [preauth]
Oct 14 22:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 22:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17220]: Failed password for root from 186.124.138.154 port 40504 ssh2
Oct 14 22:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Invalid user user from 85.214.60.241
Oct 14 22:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: input_userauth_request: invalid user user [preauth]
Oct 14 22:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17220]: Received disconnect from 186.124.138.154 port 40504:11: Bye Bye [preauth]
Oct 14 22:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17220]: Disconnected from 186.124.138.154 port 40504 [preauth]
Oct 14 22:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123  user=root
Oct 14 22:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Failed password for invalid user user from 85.214.60.241 port 40696 ssh2
Oct 14 22:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Connection closed by 85.214.60.241 port 40696 [preauth]
Oct 14 22:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15734]: pam_unix(cron:session): session closed for user root
Oct 14 22:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: Failed password for root from 107.175.189.123 port 45640 ssh2
Oct 14 22:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: Received disconnect from 107.175.189.123 port 45640:11: Bye Bye [preauth]
Oct 14 22:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17253]: Disconnected from 107.175.189.123 port 45640 [preauth]
Oct 14 22:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: Invalid user user from 85.214.60.241
Oct 14 22:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: input_userauth_request: invalid user user [preauth]
Oct 14 22:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Invalid user user from 62.60.131.157
Oct 14 22:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: input_userauth_request: invalid user user [preauth]
Oct 14 22:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 22:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: Failed password for invalid user user from 85.214.60.241 port 47832 ssh2
Oct 14 22:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Failed password for invalid user user from 62.60.131.157 port 41497 ssh2
Oct 14 22:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: Connection closed by 85.214.60.241 port 47832 [preauth]
Oct 14 22:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Failed password for invalid user user from 62.60.131.157 port 41497 ssh2
Oct 14 22:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Invalid user user from 85.214.60.241
Oct 14 22:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: input_userauth_request: invalid user user [preauth]
Oct 14 22:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Failed password for invalid user user from 62.60.131.157 port 41497 ssh2
Oct 14 22:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Failed password for invalid user user from 62.60.131.157 port 41497 ssh2
Oct 14 22:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Failed password for invalid user user from 85.214.60.241 port 57694 ssh2
Oct 14 22:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17282]: Connection closed by 85.214.60.241 port 57694 [preauth]
Oct 14 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Failed password for invalid user user from 62.60.131.157 port 41497 ssh2
Oct 14 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Received disconnect from 62.60.131.157 port 41497:11: Bye [preauth]
Oct 14 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Disconnected from 62.60.131.157 port 41497 [preauth]
Oct 14 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 22:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Invalid user user from 85.214.60.241
Oct 14 22:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: input_userauth_request: invalid user user [preauth]
Oct 14 22:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Failed password for invalid user user from 85.214.60.241 port 41870 ssh2
Oct 14 22:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Connection closed by 85.214.60.241 port 41870 [preauth]
Oct 14 22:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17335]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17336]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17333]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17409]: Successful su for rubyman by root
Oct 14 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17409]: + ??? root:rubyman
Oct 14 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413954 of user rubyman.
Oct 14 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17409]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413954.
Oct 14 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17329]: Invalid user user from 85.214.60.241
Oct 14 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17329]: input_userauth_request: invalid user user [preauth]
Oct 14 22:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17329]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17329]: Failed password for invalid user user from 85.214.60.241 port 54544 ssh2
Oct 14 22:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17329]: Connection closed by 85.214.60.241 port 54544 [preauth]
Oct 14 22:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71  user=root
Oct 14 22:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Invalid user user from 85.214.60.241
Oct 14 22:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: input_userauth_request: invalid user user [preauth]
Oct 14 22:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14122]: pam_unix(cron:session): session closed for user root
Oct 14 22:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17509]: Failed password for root from 202.125.94.71 port 55350 ssh2
Oct 14 22:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17509]: Received disconnect from 202.125.94.71 port 55350:11: Bye Bye [preauth]
Oct 14 22:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17509]: Disconnected from 202.125.94.71 port 55350 [preauth]
Oct 14 22:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Failed password for invalid user user from 85.214.60.241 port 34150 ssh2
Oct 14 22:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Connection closed by 85.214.60.241 port 34150 [preauth]
Oct 14 22:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: Invalid user user from 85.214.60.241
Oct 14 22:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: input_userauth_request: invalid user user [preauth]
Oct 14 22:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17334]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: Failed password for invalid user user from 85.214.60.241 port 44898 ssh2
Oct 14 22:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: Connection closed by 85.214.60.241 port 44898 [preauth]
Oct 14 22:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17654]: Invalid user user from 85.214.60.241
Oct 14 22:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17654]: input_userauth_request: invalid user user [preauth]
Oct 14 22:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17654]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17654]: Failed password for invalid user user from 85.214.60.241 port 56622 ssh2
Oct 14 22:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17654]: Connection closed by 85.214.60.241 port 56622 [preauth]
Oct 14 22:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17683]: Invalid user user from 85.214.60.241
Oct 14 22:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17683]: input_userauth_request: invalid user user [preauth]
Oct 14 22:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17683]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17683]: Failed password for invalid user user from 85.214.60.241 port 38678 ssh2
Oct 14 22:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17683]: Connection closed by 85.214.60.241 port 38678 [preauth]
Oct 14 22:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: Invalid user user from 85.214.60.241
Oct 14 22:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: input_userauth_request: invalid user user [preauth]
Oct 14 22:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16286]: pam_unix(cron:session): session closed for user root
Oct 14 22:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: Failed password for invalid user user from 85.214.60.241 port 49732 ssh2
Oct 14 22:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: Connection closed by 85.214.60.241 port 49732 [preauth]
Oct 14 22:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: Invalid user teaspeak from 41.93.28.23
Oct 14 22:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: input_userauth_request: invalid user teaspeak [preauth]
Oct 14 22:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 22:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.119.29.140  user=root
Oct 14 22:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: Failed password for invalid user teaspeak from 41.93.28.23 port 48446 ssh2
Oct 14 22:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: Received disconnect from 41.93.28.23 port 48446:11: Bye Bye [preauth]
Oct 14 22:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: Disconnected from 41.93.28.23 port 48446 [preauth]
Oct 14 22:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17786]: Failed password for root from 64.119.29.140 port 50272 ssh2
Oct 14 22:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: Invalid user user from 85.214.60.241
Oct 14 22:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: input_userauth_request: invalid user user [preauth]
Oct 14 22:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17786]: Received disconnect from 64.119.29.140 port 50272:11: Bye Bye [preauth]
Oct 14 22:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17786]: Disconnected from 64.119.29.140 port 50272 [preauth]
Oct 14 22:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: Invalid user adminuser from 74.94.234.151
Oct 14 22:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: input_userauth_request: invalid user adminuser [preauth]
Oct 14 22:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: Failed password for invalid user user from 85.214.60.241 port 59986 ssh2
Oct 14 22:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17785]: Connection closed by 85.214.60.241 port 59986 [preauth]
Oct 14 22:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: Failed password for invalid user adminuser from 74.94.234.151 port 34918 ssh2
Oct 14 22:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: Received disconnect from 74.94.234.151 port 34918:11: Bye Bye [preauth]
Oct 14 22:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17837]: Disconnected from 74.94.234.151 port 34918 [preauth]
Oct 14 22:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: Invalid user user from 85.214.60.241
Oct 14 22:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: input_userauth_request: invalid user user [preauth]
Oct 14 22:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: Failed password for invalid user user from 85.214.60.241 port 43268 ssh2
Oct 14 22:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17866]: Connection closed by 85.214.60.241 port 43268 [preauth]
Oct 14 22:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: Invalid user user from 85.214.60.241
Oct 14 22:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: input_userauth_request: invalid user user [preauth]
Oct 14 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17901]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17900]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17897]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17976]: Successful su for rubyman by root
Oct 14 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17976]: + ??? root:rubyman
Oct 14 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413957 of user rubyman.
Oct 14 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17976]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413957.
Oct 14 22:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: Failed password for invalid user user from 85.214.60.241 port 52986 ssh2
Oct 14 22:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17887]: Connection closed by 85.214.60.241 port 52986 [preauth]
Oct 14 22:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14607]: pam_unix(cron:session): session closed for user root
Oct 14 22:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: Failed password for invalid user ubuntu from 85.214.60.241 port 60124 ssh2
Oct 14 22:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: Connection closed by 85.214.60.241 port 60124 [preauth]
Oct 14 22:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18298]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18298]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17898]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18298]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18432]: Invalid user cris from 186.124.138.154
Oct 14 22:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18432]: input_userauth_request: invalid user cris [preauth]
Oct 14 22:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18432]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154
Oct 14 22:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18298]: Failed password for invalid user ubuntu from 85.214.60.241 port 36666 ssh2
Oct 14 22:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18432]: Failed password for invalid user cris from 186.124.138.154 port 41062 ssh2
Oct 14 22:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18432]: Received disconnect from 186.124.138.154 port 41062:11: Bye Bye [preauth]
Oct 14 22:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18432]: Disconnected from 186.124.138.154 port 41062 [preauth]
Oct 14 22:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18298]: Connection closed by 85.214.60.241 port 36666 [preauth]
Oct 14 22:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18475]: Invalid user ubuntu from 107.175.189.123
Oct 14 22:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18475]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18475]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123
Oct 14 22:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: Failed password for invalid user ubuntu from 85.214.60.241 port 42196 ssh2
Oct 14 22:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: Connection closed by 85.214.60.241 port 42196 [preauth]
Oct 14 22:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18475]: Failed password for invalid user ubuntu from 107.175.189.123 port 54332 ssh2
Oct 14 22:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18475]: Received disconnect from 107.175.189.123 port 54332:11: Bye Bye [preauth]
Oct 14 22:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18475]: Disconnected from 107.175.189.123 port 54332 [preauth]
Oct 14 22:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: Failed password for invalid user ubuntu from 85.214.60.241 port 47216 ssh2
Oct 14 22:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: Connection closed by 85.214.60.241 port 47216 [preauth]
Oct 14 22:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16837]: pam_unix(cron:session): session closed for user root
Oct 14 22:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: Failed password for invalid user ubuntu from 85.214.60.241 port 57214 ssh2
Oct 14 22:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: Connection closed by 85.214.60.241 port 57214 [preauth]
Oct 14 22:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18568]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18568]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18568]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18568]: Failed password for invalid user ubuntu from 85.214.60.241 port 37672 ssh2
Oct 14 22:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18568]: Connection closed by 85.214.60.241 port 37672 [preauth]
Oct 14 22:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: Invalid user systems from 202.125.94.71
Oct 14 22:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: input_userauth_request: invalid user systems [preauth]
Oct 14 22:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71
Oct 14 22:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: Failed password for invalid user systems from 202.125.94.71 port 60092 ssh2
Oct 14 22:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: Received disconnect from 202.125.94.71 port 60092:11: Bye Bye [preauth]
Oct 14 22:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: Disconnected from 202.125.94.71 port 60092 [preauth]
Oct 14 22:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: Failed password for invalid user ubuntu from 85.214.60.241 port 44328 ssh2
Oct 14 22:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18599]: Connection closed by 85.214.60.241 port 44328 [preauth]
Oct 14 22:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18619]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18619]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18619]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18639]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18640]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18637]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18638]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18640]: pam_unix(cron:session): session closed for user root
Oct 14 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18634]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18619]: Failed password for invalid user ubuntu from 85.214.60.241 port 49194 ssh2
Oct 14 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18619]: Connection closed by 85.214.60.241 port 49194 [preauth]
Oct 14 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18730]: Successful su for rubyman by root
Oct 14 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18730]: + ??? root:rubyman
Oct 14 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413961 of user rubyman.
Oct 14 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18730]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413961.
Oct 14 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18725]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18725]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18725]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18725]: Failed password for invalid user ubuntu from 85.214.60.241 port 55042 ssh2
Oct 14 22:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18725]: Connection closed by 85.214.60.241 port 55042 [preauth]
Oct 14 22:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18637]: pam_unix(cron:session): session closed for user root
Oct 14 22:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15181]: pam_unix(cron:session): session closed for user root
Oct 14 22:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18875]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18875]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18875]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18875]: Failed password for invalid user ubuntu from 85.214.60.241 port 60306 ssh2
Oct 14 22:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18875]: Connection closed by 85.214.60.241 port 60306 [preauth]
Oct 14 22:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18636]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19100]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19100]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19100]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19100]: Failed password for invalid user ubuntu from 85.214.60.241 port 41038 ssh2
Oct 14 22:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19100]: Connection closed by 85.214.60.241 port 41038 [preauth]
Oct 14 22:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Invalid user client from 74.94.234.151
Oct 14 22:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: input_userauth_request: invalid user client [preauth]
Oct 14 22:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: Failed password for invalid user ubuntu from 85.214.60.241 port 48656 ssh2
Oct 14 22:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: Connection closed by 85.214.60.241 port 48656 [preauth]
Oct 14 22:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Failed password for invalid user client from 74.94.234.151 port 39458 ssh2
Oct 14 22:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Received disconnect from 74.94.234.151 port 39458:11: Bye Bye [preauth]
Oct 14 22:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Disconnected from 74.94.234.151 port 39458 [preauth]
Oct 14 22:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19189]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19189]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19189]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17336]: pam_unix(cron:session): session closed for user root
Oct 14 22:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19189]: Failed password for invalid user ubuntu from 85.214.60.241 port 54670 ssh2
Oct 14 22:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19189]: Connection closed by 85.214.60.241 port 54670 [preauth]
Oct 14 22:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: Failed password for invalid user ubuntu from 85.214.60.241 port 60352 ssh2
Oct 14 22:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19222]: Connection closed by 85.214.60.241 port 60352 [preauth]
Oct 14 22:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: Invalid user ronny from 41.93.28.23
Oct 14 22:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: input_userauth_request: invalid user ronny [preauth]
Oct 14 22:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 22:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: Failed password for invalid user ronny from 41.93.28.23 port 60062 ssh2
Oct 14 22:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19269]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19269]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: Received disconnect from 41.93.28.23 port 60062:11: Bye Bye [preauth]
Oct 14 22:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19259]: Disconnected from 41.93.28.23 port 60062 [preauth]
Oct 14 22:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19269]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19269]: Failed password for invalid user ubuntu from 85.214.60.241 port 37162 ssh2
Oct 14 22:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19269]: Connection closed by 85.214.60.241 port 37162 [preauth]
Oct 14 22:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 22:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19364]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19365]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19360]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: Failed password for root from 186.124.138.154 port 53256 ssh2
Oct 14 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: Failed password for invalid user ubuntu from 85.214.60.241 port 42554 ssh2
Oct 14 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: Received disconnect from 186.124.138.154 port 53256:11: Bye Bye [preauth]
Oct 14 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: Disconnected from 186.124.138.154 port 53256 [preauth]
Oct 14 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19587]: Successful su for rubyman by root
Oct 14 22:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19587]: + ??? root:rubyman
Oct 14 22:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: Connection closed by 85.214.60.241 port 42554 [preauth]
Oct 14 22:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413969 of user rubyman.
Oct 14 22:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19587]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413969.
Oct 14 22:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19612]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19612]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19612]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19612]: Failed password for invalid user ubuntu from 85.214.60.241 port 48622 ssh2
Oct 14 22:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19612]: Connection closed by 85.214.60.241 port 48622 [preauth]
Oct 14 22:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.189.123  user=root
Oct 14 22:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15733]: pam_unix(cron:session): session closed for user root
Oct 14 22:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19919]: Failed password for root from 107.175.189.123 port 34790 ssh2
Oct 14 22:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19919]: Received disconnect from 107.175.189.123 port 34790:11: Bye Bye [preauth]
Oct 14 22:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19919]: Disconnected from 107.175.189.123 port 34790 [preauth]
Oct 14 22:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: Failed password for invalid user ubuntu from 85.214.60.241 port 53258 ssh2
Oct 14 22:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19363]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19905]: Connection closed by 85.214.60.241 port 53258 [preauth]
Oct 14 22:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: Failed password for invalid user ubuntu from 85.214.60.241 port 58632 ssh2
Oct 14 22:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: Connection closed by 85.214.60.241 port 58632 [preauth]
Oct 14 22:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20023]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20023]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71  user=root
Oct 14 22:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20023]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20028]: Failed password for root from 202.125.94.71 port 36766 ssh2
Oct 14 22:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20028]: Received disconnect from 202.125.94.71 port 36766:11: Bye Bye [preauth]
Oct 14 22:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20028]: Disconnected from 202.125.94.71 port 36766 [preauth]
Oct 14 22:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20023]: Failed password for invalid user ubuntu from 85.214.60.241 port 35882 ssh2
Oct 14 22:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20023]: Connection closed by 85.214.60.241 port 35882 [preauth]
Oct 14 22:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17901]: pam_unix(cron:session): session closed for user root
Oct 14 22:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: Failed password for invalid user ubuntu from 85.214.60.241 port 41132 ssh2
Oct 14 22:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20065]: Connection closed by 85.214.60.241 port 41132 [preauth]
Oct 14 22:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20106]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20106]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20106]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20106]: Failed password for invalid user ubuntu from 85.214.60.241 port 48658 ssh2
Oct 14 22:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20106]: Connection closed by 85.214.60.241 port 48658 [preauth]
Oct 14 22:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: Failed password for invalid user ubuntu from 85.214.60.241 port 60350 ssh2
Oct 14 22:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20127]: Connection closed by 85.214.60.241 port 60350 [preauth]
Oct 14 22:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20180]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20183]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20177]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20282]: Successful su for rubyman by root
Oct 14 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20282]: + ??? root:rubyman
Oct 14 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413972 of user rubyman.
Oct 14 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20282]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413972.
Oct 14 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: Failed password for invalid user ubuntu from 85.214.60.241 port 40596 ssh2
Oct 14 22:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: Connection closed by 85.214.60.241 port 40596 [preauth]
Oct 14 22:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16285]: pam_unix(cron:session): session closed for user root
Oct 14 22:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: Failed password for invalid user ubuntu from 85.214.60.241 port 46216 ssh2
Oct 14 22:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20320]: Connection closed by 85.214.60.241 port 46216 [preauth]
Oct 14 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: Invalid user guest from 74.94.234.151
Oct 14 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: input_userauth_request: invalid user guest [preauth]
Oct 14 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20485]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20485]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: Failed password for invalid user guest from 74.94.234.151 port 43998 ssh2
Oct 14 22:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: Received disconnect from 74.94.234.151 port 43998:11: Bye Bye [preauth]
Oct 14 22:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: Disconnected from 74.94.234.151 port 43998 [preauth]
Oct 14 22:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20485]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20178]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20485]: Failed password for invalid user ubuntu from 85.214.60.241 port 51734 ssh2
Oct 14 22:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20485]: Connection closed by 85.214.60.241 port 51734 [preauth]
Oct 14 22:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: Failed password for invalid user ubuntu from 85.214.60.241 port 56954 ssh2
Oct 14 22:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: Connection closed by 85.214.60.241 port 56954 [preauth]
Oct 14 22:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: Failed password for invalid user ubuntu from 85.214.60.241 port 34056 ssh2
Oct 14 22:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: Connection closed by 85.214.60.241 port 34056 [preauth]
Oct 14 22:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: Failed password for invalid user ubuntu from 85.214.60.241 port 39206 ssh2
Oct 14 22:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: Connection closed by 85.214.60.241 port 39206 [preauth]
Oct 14 22:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18639]: pam_unix(cron:session): session closed for user root
Oct 14 22:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 22:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20628]: Failed password for root from 186.124.138.154 port 43746 ssh2
Oct 14 22:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20628]: Received disconnect from 186.124.138.154 port 43746:11: Bye Bye [preauth]
Oct 14 22:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20628]: Disconnected from 186.124.138.154 port 43746 [preauth]
Oct 14 22:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20625]: User mysql from 185.156.73.233 not allowed because not listed in AllowUsers
Oct 14 22:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20625]: input_userauth_request: invalid user mysql [preauth]
Oct 14 22:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20625]: Failed none for invalid user mysql from 185.156.73.233 port 28282 ssh2
Oct 14 22:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20625]: Connection closed by 185.156.73.233 port 28282 [preauth]
Oct 14 22:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: Failed password for invalid user ubuntu from 85.214.60.241 port 44144 ssh2
Oct 14 22:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20627]: Connection closed by 85.214.60.241 port 44144 [preauth]
Oct 14 22:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: Failed password for invalid user ubuntu from 85.214.60.241 port 49272 ssh2
Oct 14 22:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: Connection closed by 85.214.60.241 port 49272 [preauth]
Oct 14 22:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: Invalid user seafile from 41.93.28.23
Oct 14 22:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: input_userauth_request: invalid user seafile [preauth]
Oct 14 22:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 22:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: Failed password for invalid user seafile from 41.93.28.23 port 34816 ssh2
Oct 14 22:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: Received disconnect from 41.93.28.23 port 34816:11: Bye Bye [preauth]
Oct 14 22:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: Disconnected from 41.93.28.23 port 34816 [preauth]
Oct 14 22:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20712]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20713]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20708]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: Failed password for invalid user ubuntu from 85.214.60.241 port 54410 ssh2
Oct 14 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20786]: Successful su for rubyman by root
Oct 14 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20786]: + ??? root:rubyman
Oct 14 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20786]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413975 of user rubyman.
Oct 14 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20786]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413975.
Oct 14 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: Connection closed by 85.214.60.241 port 54410 [preauth]
Oct 14 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.125.94.71  user=root
Oct 14 22:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: Failed password for root from 202.125.94.71 port 41594 ssh2
Oct 14 22:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: Received disconnect from 202.125.94.71 port 41594:11: Bye Bye [preauth]
Oct 14 22:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20825]: Disconnected from 202.125.94.71 port 41594 [preauth]
Oct 14 22:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: Failed password for invalid user ubuntu from 85.214.60.241 port 60140 ssh2
Oct 14 22:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20810]: Connection closed by 85.214.60.241 port 60140 [preauth]
Oct 14 22:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16836]: pam_unix(cron:session): session closed for user root
Oct 14 22:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: Failed password for invalid user ubuntu from 85.214.60.241 port 36824 ssh2
Oct 14 22:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20710]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20974]: Connection closed by 85.214.60.241 port 36824 [preauth]
Oct 14 22:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: Failed password for invalid user ubuntu from 85.214.60.241 port 41994 ssh2
Oct 14 22:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21024]: Connection closed by 85.214.60.241 port 41994 [preauth]
Oct 14 22:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: Failed password for invalid user ubuntu from 85.214.60.241 port 51888 ssh2
Oct 14 22:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: Connection closed by 85.214.60.241 port 51888 [preauth]
Oct 14 22:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21078]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21078]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21078]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21078]: Failed password for invalid user ubuntu from 85.214.60.241 port 58658 ssh2
Oct 14 22:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19365]: pam_unix(cron:session): session closed for user root
Oct 14 22:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21078]: Connection closed by 85.214.60.241 port 58658 [preauth]
Oct 14 22:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Failed password for invalid user ubuntu from 85.214.60.241 port 35922 ssh2
Oct 14 22:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Connection closed by 85.214.60.241 port 35922 [preauth]
Oct 14 22:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: Failed password for invalid user ubuntu from 85.214.60.241 port 41116 ssh2
Oct 14 22:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: Connection closed by 85.214.60.241 port 41116 [preauth]
Oct 14 22:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: Invalid user sammy from 74.94.234.151
Oct 14 22:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: input_userauth_request: invalid user sammy [preauth]
Oct 14 22:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: Failed password for invalid user sammy from 74.94.234.151 port 48544 ssh2
Oct 14 22:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: Received disconnect from 74.94.234.151 port 48544:11: Bye Bye [preauth]
Oct 14 22:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: Disconnected from 74.94.234.151 port 48544 [preauth]
Oct 14 22:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21173]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21173]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21173]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21189]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21187]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21185]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21173]: Failed password for invalid user ubuntu from 85.214.60.241 port 46478 ssh2
Oct 14 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21252]: Successful su for rubyman by root
Oct 14 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21252]: + ??? root:rubyman
Oct 14 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413981 of user rubyman.
Oct 14 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21252]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413981.
Oct 14 22:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21173]: Connection closed by 85.214.60.241 port 46478 [preauth]
Oct 14 22:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21308]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21308]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21308]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21308]: Failed password for invalid user ubuntu from 85.214.60.241 port 52052 ssh2
Oct 14 22:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17335]: pam_unix(cron:session): session closed for user root
Oct 14 22:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21308]: Connection closed by 85.214.60.241 port 52052 [preauth]
Oct 14 22:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21186]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: Failed password for invalid user ubuntu from 85.214.60.241 port 56842 ssh2
Oct 14 22:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: Connection closed by 85.214.60.241 port 56842 [preauth]
Oct 14 22:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.138.154  user=root
Oct 14 22:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: Failed password for invalid user ubuntu from 85.214.60.241 port 35670 ssh2
Oct 14 22:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: Failed password for root from 186.124.138.154 port 58092 ssh2
Oct 14 22:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: Received disconnect from 186.124.138.154 port 58092:11: Bye Bye [preauth]
Oct 14 22:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: Disconnected from 186.124.138.154 port 58092 [preauth]
Oct 14 22:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21566]: Connection closed by 85.214.60.241 port 35670 [preauth]
Oct 14 22:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: Failed password for invalid user ubuntu from 85.214.60.241 port 40874 ssh2
Oct 14 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21588]: Connection closed by 85.214.60.241 port 40874 [preauth]
Oct 14 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20183]: pam_unix(cron:session): session closed for user root
Oct 14 22:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: Failed password for invalid user ubuntu from 85.214.60.241 port 46246 ssh2
Oct 14 22:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: Connection closed by 85.214.60.241 port 46246 [preauth]
Oct 14 22:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: Failed password for invalid user ubuntu from 85.214.60.241 port 51776 ssh2
Oct 14 22:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21669]: Connection closed by 85.214.60.241 port 51776 [preauth]
Oct 14 22:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21699]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21699]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21699]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21699]: Failed password for invalid user ubuntu from 85.214.60.241 port 33084 ssh2
Oct 14 22:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21699]: Connection closed by 85.214.60.241 port 33084 [preauth]
Oct 14 22:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21717]: Invalid user dominic from 41.93.28.23
Oct 14 22:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21717]: input_userauth_request: invalid user dominic [preauth]
Oct 14 22:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21717]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 22:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21717]: Failed password for invalid user dominic from 41.93.28.23 port 53270 ssh2
Oct 14 22:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21717]: Received disconnect from 41.93.28.23 port 53270:11: Bye Bye [preauth]
Oct 14 22:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21717]: Disconnected from 41.93.28.23 port 53270 [preauth]
Oct 14 22:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21730]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21729]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21731]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21728]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21731]: pam_unix(cron:session): session closed for user root
Oct 14 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21726]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: Failed password for invalid user ubuntu from 85.214.60.241 port 38020 ssh2
Oct 14 22:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21823]: Successful su for rubyman by root
Oct 14 22:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21823]: + ??? root:rubyman
Oct 14 22:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413985 of user rubyman.
Oct 14 22:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21823]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413985.
Oct 14 22:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21723]: Connection closed by 85.214.60.241 port 38020 [preauth]
Oct 14 22:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21728]: pam_unix(cron:session): session closed for user root
Oct 14 22:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17900]: pam_unix(cron:session): session closed for user root
Oct 14 22:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: Failed password for invalid user ubuntu from 85.214.60.241 port 43410 ssh2
Oct 14 22:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21852]: Connection closed by 85.214.60.241 port 43410 [preauth]
Oct 14 22:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: Failed password for invalid user ubuntu from 85.214.60.241 port 49066 ssh2
Oct 14 22:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21727]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22039]: Connection closed by 85.214.60.241 port 49066 [preauth]
Oct 14 22:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22108]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22108]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22108]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22108]: Failed password for invalid user ubuntu from 85.214.60.241 port 54492 ssh2
Oct 14 22:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22108]: Connection closed by 85.214.60.241 port 54492 [preauth]
Oct 14 22:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: Failed password for invalid user ubuntu from 85.214.60.241 port 59142 ssh2
Oct 14 22:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: Connection closed by 85.214.60.241 port 59142 [preauth]
Oct 14 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20713]: pam_unix(cron:session): session closed for user root
Oct 14 22:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: Invalid user sysadmin from 74.94.234.151
Oct 14 22:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: input_userauth_request: invalid user sysadmin [preauth]
Oct 14 22:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: Failed password for invalid user ubuntu from 85.214.60.241 port 36598 ssh2
Oct 14 22:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22160]: Connection closed by 85.214.60.241 port 36598 [preauth]
Oct 14 22:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: Failed password for invalid user sysadmin from 74.94.234.151 port 53086 ssh2
Oct 14 22:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: Received disconnect from 74.94.234.151 port 53086:11: Bye Bye [preauth]
Oct 14 22:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22209]: Disconnected from 74.94.234.151 port 53086 [preauth]
Oct 14 22:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22230]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22230]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22230]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22230]: Failed password for invalid user ubuntu from 85.214.60.241 port 41222 ssh2
Oct 14 22:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22230]: Connection closed by 85.214.60.241 port 41222 [preauth]
Oct 14 22:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: Failed password for invalid user ubuntu from 85.214.60.241 port 46296 ssh2
Oct 14 22:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: Connection closed by 85.214.60.241 port 46296 [preauth]
Oct 14 22:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22302]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22301]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22299]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: Failed password for invalid user ubuntu from 85.214.60.241 port 51666 ssh2
Oct 14 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22377]: Successful su for rubyman by root
Oct 14 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22377]: + ??? root:rubyman
Oct 14 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413991 of user rubyman.
Oct 14 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22377]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413991.
Oct 14 22:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: Connection closed by 85.214.60.241 port 51666 [preauth]
Oct 14 22:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18638]: pam_unix(cron:session): session closed for user root
Oct 14 22:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: Failed password for invalid user ubuntu from 85.214.60.241 port 57508 ssh2
Oct 14 22:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22437]: Connection closed by 85.214.60.241 port 57508 [preauth]
Oct 14 22:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22300]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: Failed password for invalid user ubuntu from 85.214.60.241 port 35346 ssh2
Oct 14 22:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22591]: Connection closed by 85.214.60.241 port 35346 [preauth]
Oct 14 22:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22652]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22652]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22652]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22652]: Failed password for invalid user ubuntu from 85.214.60.241 port 45848 ssh2
Oct 14 22:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22652]: Connection closed by 85.214.60.241 port 45848 [preauth]
Oct 14 22:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22670]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22670]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22670]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22670]: Failed password for invalid user ubuntu from 85.214.60.241 port 50770 ssh2
Oct 14 22:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22670]: Connection closed by 85.214.60.241 port 50770 [preauth]
Oct 14 22:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21189]: pam_unix(cron:session): session closed for user root
Oct 14 22:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22894]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22894]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22894]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22894]: Failed password for invalid user ubuntu from 85.214.60.241 port 55970 ssh2
Oct 14 22:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22894]: Connection closed by 85.214.60.241 port 55970 [preauth]
Oct 14 22:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: Failed password for invalid user ubuntu from 85.214.60.241 port 33336 ssh2
Oct 14 22:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22932]: Connection closed by 85.214.60.241 port 33336 [preauth]
Oct 14 22:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23093]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23093]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23093]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23093]: Failed password for invalid user ubuntu from 85.214.60.241 port 39082 ssh2
Oct 14 22:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23093]: Connection closed by 85.214.60.241 port 39082 [preauth]
Oct 14 22:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23130]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23129]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23127]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23230]: Successful su for rubyman by root
Oct 14 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23230]: + ??? root:rubyman
Oct 14 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413996 of user rubyman.
Oct 14 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23230]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413996.
Oct 14 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23119]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23119]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23119]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23257]: Invalid user docker from 41.93.28.23
Oct 14 22:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23257]: input_userauth_request: invalid user docker [preauth]
Oct 14 22:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23257]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 22:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23119]: Failed password for invalid user ubuntu from 85.214.60.241 port 43982 ssh2
Oct 14 22:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23257]: Failed password for invalid user docker from 41.93.28.23 port 47450 ssh2
Oct 14 22:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23119]: Connection closed by 85.214.60.241 port 43982 [preauth]
Oct 14 22:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23257]: Received disconnect from 41.93.28.23 port 47450:11: Bye Bye [preauth]
Oct 14 22:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23257]: Disconnected from 41.93.28.23 port 47450 [preauth]
Oct 14 22:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19364]: pam_unix(cron:session): session closed for user root
Oct 14 22:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23517]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23517]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23517]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23517]: Failed password for invalid user ubuntu from 85.214.60.241 port 49486 ssh2
Oct 14 22:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23517]: Connection closed by 85.214.60.241 port 49486 [preauth]
Oct 14 22:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23128]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23799]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23799]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23799]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23799]: Failed password for invalid user ubuntu from 85.214.60.241 port 55150 ssh2
Oct 14 22:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23799]: Connection closed by 85.214.60.241 port 55150 [preauth]
Oct 14 22:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: Invalid user botuser from 74.94.234.151
Oct 14 22:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: input_userauth_request: invalid user botuser [preauth]
Oct 14 22:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23845]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23845]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: Failed password for invalid user botuser from 74.94.234.151 port 57632 ssh2
Oct 14 22:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: Received disconnect from 74.94.234.151 port 57632:11: Bye Bye [preauth]
Oct 14 22:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: Disconnected from 74.94.234.151 port 57632 [preauth]
Oct 14 22:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23845]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23845]: Failed password for invalid user ubuntu from 85.214.60.241 port 32940 ssh2
Oct 14 22:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23845]: Connection closed by 85.214.60.241 port 32940 [preauth]
Oct 14 22:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23872]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23872]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23872]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23872]: Failed password for invalid user ubuntu from 85.214.60.241 port 41628 ssh2
Oct 14 22:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23872]: Connection closed by 85.214.60.241 port 41628 [preauth]
Oct 14 22:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21730]: pam_unix(cron:session): session closed for user root
Oct 14 22:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: Failed password for invalid user ubuntu from 85.214.60.241 port 47530 ssh2
Oct 14 22:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: Connection closed by 85.214.60.241 port 47530 [preauth]
Oct 14 22:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: Failed password for invalid user ubuntu from 85.214.60.241 port 52362 ssh2
Oct 14 22:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: Connection closed by 85.214.60.241 port 52362 [preauth]
Oct 14 22:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: Failed password for invalid user ubuntu from 85.214.60.241 port 57692 ssh2
Oct 14 22:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: Connection closed by 85.214.60.241 port 57692 [preauth]
Oct 14 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23996]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23994]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23992]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24082]: Successful su for rubyman by root
Oct 14 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24082]: + ??? root:rubyman
Oct 14 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 413997 of user rubyman.
Oct 14 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24082]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 413997.
Oct 14 22:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Failed password for invalid user ubuntu from 85.214.60.241 port 34816 ssh2
Oct 14 22:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Connection closed by 85.214.60.241 port 34816 [preauth]
Oct 14 22:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20180]: pam_unix(cron:session): session closed for user root
Oct 14 22:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: Failed password for invalid user ubuntu from 85.214.60.241 port 39696 ssh2
Oct 14 22:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23993]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: Connection closed by 85.214.60.241 port 39696 [preauth]
Oct 14 22:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24351]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24351]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24351]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24351]: Failed password for invalid user ubuntu from 85.214.60.241 port 45668 ssh2
Oct 14 22:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24351]: Connection closed by 85.214.60.241 port 45668 [preauth]
Oct 14 22:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: Failed password for invalid user ubuntu from 85.214.60.241 port 50860 ssh2
Oct 14 22:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24385]: Connection closed by 85.214.60.241 port 50860 [preauth]
Oct 14 22:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: Failed password for invalid user ubuntu from 85.214.60.241 port 56972 ssh2
Oct 14 22:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: Connection closed by 85.214.60.241 port 56972 [preauth]
Oct 14 22:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22302]: pam_unix(cron:session): session closed for user root
Oct 14 22:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24438]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24438]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24438]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24438]: Failed password for invalid user ubuntu from 85.214.60.241 port 34962 ssh2
Oct 14 22:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24438]: Connection closed by 85.214.60.241 port 34962 [preauth]
Oct 14 22:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: Failed password for invalid user ubuntu from 85.214.60.241 port 42142 ssh2
Oct 14 22:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: Connection closed by 85.214.60.241 port 42142 [preauth]
Oct 14 22:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: Failed password for invalid user ubuntu from 85.214.60.241 port 47546 ssh2
Oct 14 22:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: Connection closed by 85.214.60.241 port 47546 [preauth]
Oct 14 22:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24557]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24553]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24555]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24551]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24553]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24548]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24548]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24750]: Successful su for rubyman by root
Oct 14 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24750]: + ??? root:rubyman
Oct 14 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414001 of user rubyman.
Oct 14 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24750]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414001.
Oct 14 22:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24548]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24551]: pam_unix(cron:session): session closed for user root
Oct 14 22:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23  user=root
Oct 14 22:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: Invalid user erpnext from 74.94.234.151
Oct 14 22:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: input_userauth_request: invalid user erpnext [preauth]
Oct 14 22:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24548]: Failed password for invalid user ubuntu from 85.214.60.241 port 53616 ssh2
Oct 14 22:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: Failed password for root from 41.93.28.23 port 60094 ssh2
Oct 14 22:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24548]: Connection closed by 85.214.60.241 port 53616 [preauth]
Oct 14 22:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: Received disconnect from 41.93.28.23 port 60094:11: Bye Bye [preauth]
Oct 14 22:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: Disconnected from 41.93.28.23 port 60094 [preauth]
Oct 14 22:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: Failed password for invalid user erpnext from 74.94.234.151 port 33936 ssh2
Oct 14 22:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: Received disconnect from 74.94.234.151 port 33936:11: Bye Bye [preauth]
Oct 14 22:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: Disconnected from 74.94.234.151 port 33936 [preauth]
Oct 14 22:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20712]: pam_unix(cron:session): session closed for user root
Oct 14 22:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: Failed password for invalid user ubuntu from 85.214.60.241 port 60432 ssh2
Oct 14 22:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: Connection closed by 85.214.60.241 port 60432 [preauth]
Oct 14 22:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24554]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: Invalid user ubuntu from 85.214.60.241
Oct 14 22:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: Failed password for invalid user ubuntu from 85.214.60.241 port 41776 ssh2
Oct 14 22:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24968]: Connection closed by 85.214.60.241 port 41776 [preauth]
Oct 14 22:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: Invalid user debian from 85.214.60.241
Oct 14 22:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: Failed password for invalid user debian from 85.214.60.241 port 50818 ssh2
Oct 14 22:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: Connection closed by 85.214.60.241 port 50818 [preauth]
Oct 14 22:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: Invalid user debian from 85.214.60.241
Oct 14 22:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: Failed password for invalid user debian from 85.214.60.241 port 56080 ssh2
Oct 14 22:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: Connection closed by 85.214.60.241 port 56080 [preauth]
Oct 14 22:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23130]: pam_unix(cron:session): session closed for user root
Oct 14 22:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25071]: Invalid user debian from 85.214.60.241
Oct 14 22:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25071]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25071]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25071]: Failed password for invalid user debian from 85.214.60.241 port 33018 ssh2
Oct 14 22:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25071]: Connection closed by 85.214.60.241 port 33018 [preauth]
Oct 14 22:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: Invalid user debian from 85.214.60.241
Oct 14 22:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: Failed password for invalid user debian from 85.214.60.241 port 38114 ssh2
Oct 14 22:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: Connection closed by 85.214.60.241 port 38114 [preauth]
Oct 14 22:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: Invalid user debian from 85.214.60.241
Oct 14 22:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: Failed password for invalid user debian from 85.214.60.241 port 43314 ssh2
Oct 14 22:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: Connection closed by 85.214.60.241 port 43314 [preauth]
Oct 14 22:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25197]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25198]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25196]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25194]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25198]: pam_unix(cron:session): session closed for user root
Oct 14 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25192]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Invalid user debian from 85.214.60.241
Oct 14 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25349]: Successful su for rubyman by root
Oct 14 22:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25349]: + ??? root:rubyman
Oct 14 22:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414006 of user rubyman.
Oct 14 22:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25349]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414006.
Oct 14 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Failed password for invalid user debian from 85.214.60.241 port 48994 ssh2
Oct 14 22:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Connection closed by 85.214.60.241 port 48994 [preauth]
Oct 14 22:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25194]: pam_unix(cron:session): session closed for user root
Oct 14 22:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25599]: Invalid user debian from 85.214.60.241
Oct 14 22:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25599]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21187]: pam_unix(cron:session): session closed for user root
Oct 14 22:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25599]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25599]: Failed password for invalid user debian from 85.214.60.241 port 54142 ssh2
Oct 14 22:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25599]: Connection closed by 85.214.60.241 port 54142 [preauth]
Oct 14 22:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25730]: Invalid user debian from 85.214.60.241
Oct 14 22:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25730]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25193]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25730]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25730]: Failed password for invalid user debian from 85.214.60.241 port 34270 ssh2
Oct 14 22:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25730]: Connection closed by 85.214.60.241 port 34270 [preauth]
Oct 14 22:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: Invalid user debian from 85.214.60.241
Oct 14 22:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: Failed password for invalid user debian from 85.214.60.241 port 43330 ssh2
Oct 14 22:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: Connection closed by 85.214.60.241 port 43330 [preauth]
Oct 14 22:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: Invalid user debian from 85.214.60.241
Oct 14 22:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: Failed password for invalid user debian from 85.214.60.241 port 48904 ssh2
Oct 14 22:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: Connection closed by 85.214.60.241 port 48904 [preauth]
Oct 14 22:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23996]: pam_unix(cron:session): session closed for user root
Oct 14 22:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: Invalid user odoo17 from 74.94.234.151
Oct 14 22:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: input_userauth_request: invalid user odoo17 [preauth]
Oct 14 22:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: Failed password for invalid user odoo17 from 74.94.234.151 port 38482 ssh2
Oct 14 22:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: Received disconnect from 74.94.234.151 port 38482:11: Bye Bye [preauth]
Oct 14 22:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25955]: Disconnected from 74.94.234.151 port 38482 [preauth]
Oct 14 22:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: Invalid user debian from 85.214.60.241
Oct 14 22:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: Failed password for invalid user debian from 85.214.60.241 port 54214 ssh2
Oct 14 22:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: Connection closed by 85.214.60.241 port 54214 [preauth]
Oct 14 22:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: Invalid user debian from 85.214.60.241
Oct 14 22:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: Failed password for invalid user debian from 85.214.60.241 port 60952 ssh2
Oct 14 22:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: Connection closed by 85.214.60.241 port 60952 [preauth]
Oct 14 22:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: Invalid user debian from 85.214.60.241
Oct 14 22:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: Failed password for invalid user debian from 85.214.60.241 port 40192 ssh2
Oct 14 22:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26020]: Connection closed by 85.214.60.241 port 40192 [preauth]
Oct 14 22:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26046]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26047]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26044]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: Invalid user debian from 85.214.60.241
Oct 14 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26121]: Successful su for rubyman by root
Oct 14 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26121]: + ??? root:rubyman
Oct 14 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414013 of user rubyman.
Oct 14 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26121]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414013.
Oct 14 22:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: Failed password for invalid user debian from 85.214.60.241 port 45438 ssh2
Oct 14 22:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: Connection closed by 85.214.60.241 port 45438 [preauth]
Oct 14 22:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26232]: Invalid user w from 41.93.28.23
Oct 14 22:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26232]: input_userauth_request: invalid user w [preauth]
Oct 14 22:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26232]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 22:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26212]: Invalid user debian from 85.214.60.241
Oct 14 22:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26212]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26232]: Failed password for invalid user w from 41.93.28.23 port 43926 ssh2
Oct 14 22:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26232]: Received disconnect from 41.93.28.23 port 43926:11: Bye Bye [preauth]
Oct 14 22:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26232]: Disconnected from 41.93.28.23 port 43926 [preauth]
Oct 14 22:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26212]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21729]: pam_unix(cron:session): session closed for user root
Oct 14 22:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26212]: Failed password for invalid user debian from 85.214.60.241 port 50684 ssh2
Oct 14 22:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26212]: Connection closed by 85.214.60.241 port 50684 [preauth]
Oct 14 22:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26045]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: Invalid user debian from 85.214.60.241
Oct 14 22:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: Failed password for invalid user debian from 85.214.60.241 port 56230 ssh2
Oct 14 22:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: Connection closed by 85.214.60.241 port 56230 [preauth]
Oct 14 22:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: Invalid user debian from 85.214.60.241
Oct 14 22:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: Failed password for invalid user debian from 85.214.60.241 port 33370 ssh2
Oct 14 22:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: Connection closed by 85.214.60.241 port 33370 [preauth]
Oct 14 22:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26515]: Invalid user debian from 85.214.60.241
Oct 14 22:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26515]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26515]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26515]: Failed password for invalid user debian from 85.214.60.241 port 38368 ssh2
Oct 14 22:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26515]: Connection closed by 85.214.60.241 port 38368 [preauth]
Oct 14 22:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: Invalid user debian from 85.214.60.241
Oct 14 22:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24557]: pam_unix(cron:session): session closed for user root
Oct 14 22:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: Failed password for invalid user debian from 85.214.60.241 port 44246 ssh2
Oct 14 22:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: Connection closed by 85.214.60.241 port 44246 [preauth]
Oct 14 22:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26575]: Invalid user debian from 85.214.60.241
Oct 14 22:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26575]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26575]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26575]: Failed password for invalid user debian from 85.214.60.241 port 49624 ssh2
Oct 14 22:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26575]: Connection closed by 85.214.60.241 port 49624 [preauth]
Oct 14 22:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: Invalid user debian from 85.214.60.241
Oct 14 22:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: Failed password for invalid user debian from 85.214.60.241 port 55418 ssh2
Oct 14 22:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26603]: Connection closed by 85.214.60.241 port 55418 [preauth]
Oct 14 22:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: Invalid user admin from 80.94.95.115
Oct 14 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Oct 14 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26640]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26641]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26638]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26725]: Successful su for rubyman by root
Oct 14 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26725]: + ??? root:rubyman
Oct 14 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414019 of user rubyman.
Oct 14 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26725]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414019.
Oct 14 22:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: Invalid user debian from 85.214.60.241
Oct 14 22:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: Failed password for invalid user admin from 80.94.95.115 port 28342 ssh2
Oct 14 22:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: Connection closed by 80.94.95.115 port 28342 [preauth]
Oct 14 22:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: Failed password for invalid user debian from 85.214.60.241 port 32810 ssh2
Oct 14 22:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: Connection closed by 85.214.60.241 port 32810 [preauth]
Oct 14 22:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22301]: pam_unix(cron:session): session closed for user root
Oct 14 22:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: Invalid user newuser from 74.94.234.151
Oct 14 22:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: input_userauth_request: invalid user newuser [preauth]
Oct 14 22:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: Invalid user debian from 85.214.60.241
Oct 14 22:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: Failed password for invalid user newuser from 74.94.234.151 port 43028 ssh2
Oct 14 22:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: Received disconnect from 74.94.234.151 port 43028:11: Bye Bye [preauth]
Oct 14 22:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27013]: Disconnected from 74.94.234.151 port 43028 [preauth]
Oct 14 22:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: Failed password for invalid user debian from 85.214.60.241 port 38440 ssh2
Oct 14 22:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26877]: Connection closed by 85.214.60.241 port 38440 [preauth]
Oct 14 22:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26639]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: Invalid user debian from 85.214.60.241
Oct 14 22:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: Failed password for invalid user debian from 85.214.60.241 port 44036 ssh2
Oct 14 22:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: Connection closed by 85.214.60.241 port 44036 [preauth]
Oct 14 22:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27217]: Invalid user debian from 85.214.60.241
Oct 14 22:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27217]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27217]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27217]: Failed password for invalid user debian from 85.214.60.241 port 49610 ssh2
Oct 14 22:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27217]: Connection closed by 85.214.60.241 port 49610 [preauth]
Oct 14 22:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: Invalid user debian from 85.214.60.241
Oct 14 22:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: Failed password for invalid user debian from 85.214.60.241 port 55178 ssh2
Oct 14 22:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27241]: Connection closed by 85.214.60.241 port 55178 [preauth]
Oct 14 22:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25197]: pam_unix(cron:session): session closed for user root
Oct 14 22:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: Invalid user debian from 85.214.60.241
Oct 14 22:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: Failed password for invalid user debian from 85.214.60.241 port 60084 ssh2
Oct 14 22:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: Connection closed by 85.214.60.241 port 60084 [preauth]
Oct 14 22:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: Invalid user debian from 85.214.60.241
Oct 14 22:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: Failed password for invalid user debian from 85.214.60.241 port 37642 ssh2
Oct 14 22:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27298]: Connection closed by 85.214.60.241 port 37642 [preauth]
Oct 14 22:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: Invalid user debian from 85.214.60.241
Oct 14 22:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: Failed password for invalid user debian from 85.214.60.241 port 44670 ssh2
Oct 14 22:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27328]: Connection closed by 85.214.60.241 port 44670 [preauth]
Oct 14 22:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27360]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27364]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27361]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27359]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: Invalid user debian from 85.214.60.241
Oct 14 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27440]: Successful su for rubyman by root
Oct 14 22:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27440]: + ??? root:rubyman
Oct 14 22:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414020 of user rubyman.
Oct 14 22:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27440]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414020.
Oct 14 22:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: Failed password for invalid user debian from 85.214.60.241 port 50014 ssh2
Oct 14 22:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27341]: Connection closed by 85.214.60.241 port 50014 [preauth]
Oct 14 22:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23129]: pam_unix(cron:session): session closed for user root
Oct 14 22:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 14 22:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27690]: Invalid user debian from 85.214.60.241
Oct 14 22:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27690]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27690]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Failed password for root from 20.163.71.109 port 53980 ssh2
Oct 14 22:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Connection closed by 20.163.71.109 port 53980 [preauth]
Oct 14 22:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27690]: Failed password for invalid user debian from 85.214.60.241 port 55802 ssh2
Oct 14 22:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27690]: Connection closed by 85.214.60.241 port 55802 [preauth]
Oct 14 22:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23  user=root
Oct 14 22:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: Invalid user debian from 85.214.60.241
Oct 14 22:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27360]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27953]: Failed password for root from 41.93.28.23 port 51820 ssh2
Oct 14 22:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27953]: Received disconnect from 41.93.28.23 port 51820:11: Bye Bye [preauth]
Oct 14 22:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27953]: Disconnected from 41.93.28.23 port 51820 [preauth]
Oct 14 22:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: Failed password for invalid user debian from 85.214.60.241 port 32884 ssh2
Oct 14 22:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: Connection closed by 85.214.60.241 port 32884 [preauth]
Oct 14 22:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28004]: Invalid user debian from 85.214.60.241
Oct 14 22:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28004]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28004]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28004]: Failed password for invalid user debian from 85.214.60.241 port 38422 ssh2
Oct 14 22:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28004]: Connection closed by 85.214.60.241 port 38422 [preauth]
Oct 14 22:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: Invalid user debian from 85.214.60.241
Oct 14 22:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: Failed password for invalid user debian from 85.214.60.241 port 47178 ssh2
Oct 14 22:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: Connection closed by 85.214.60.241 port 47178 [preauth]
Oct 14 22:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26047]: pam_unix(cron:session): session closed for user root
Oct 14 22:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: Invalid user debian from 85.214.60.241
Oct 14 22:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: Failed password for invalid user debian from 85.214.60.241 port 52882 ssh2
Oct 14 22:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28056]: Connection closed by 85.214.60.241 port 52882 [preauth]
Oct 14 22:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: Invalid user debian from 85.214.60.241
Oct 14 22:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28118]: Invalid user runner from 74.94.234.151
Oct 14 22:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28118]: input_userauth_request: invalid user runner [preauth]
Oct 14 22:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28118]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: Failed password for invalid user debian from 85.214.60.241 port 59922 ssh2
Oct 14 22:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: Connection closed by 85.214.60.241 port 59922 [preauth]
Oct 14 22:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28118]: Failed password for invalid user runner from 74.94.234.151 port 47568 ssh2
Oct 14 22:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28118]: Received disconnect from 74.94.234.151 port 47568:11: Bye Bye [preauth]
Oct 14 22:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28118]: Disconnected from 74.94.234.151 port 47568 [preauth]
Oct 14 22:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: Invalid user debian from 85.214.60.241
Oct 14 22:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: Failed password for invalid user debian from 85.214.60.241 port 40014 ssh2
Oct 14 22:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: Connection closed by 85.214.60.241 port 40014 [preauth]
Oct 14 22:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28154]: Invalid user debian from 85.214.60.241
Oct 14 22:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28154]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28164]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28163]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28160]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28154]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28234]: Successful su for rubyman by root
Oct 14 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28234]: + ??? root:rubyman
Oct 14 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414024 of user rubyman.
Oct 14 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28234]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414024.
Oct 14 22:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28154]: Failed password for invalid user debian from 85.214.60.241 port 45148 ssh2
Oct 14 22:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28154]: Connection closed by 85.214.60.241 port 45148 [preauth]
Oct 14 22:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28315]: Invalid user debian from 85.214.60.241
Oct 14 22:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28315]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28315]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23994]: pam_unix(cron:session): session closed for user root
Oct 14 22:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28315]: Failed password for invalid user debian from 85.214.60.241 port 52634 ssh2
Oct 14 22:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28315]: Connection closed by 85.214.60.241 port 52634 [preauth]
Oct 14 22:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28607]: Invalid user debian from 85.214.60.241
Oct 14 22:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28607]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28161]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28607]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28607]: Failed password for invalid user debian from 85.214.60.241 port 33166 ssh2
Oct 14 22:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28607]: Connection closed by 85.214.60.241 port 33166 [preauth]
Oct 14 22:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: Invalid user debian from 85.214.60.241
Oct 14 22:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: Failed password for invalid user debian from 85.214.60.241 port 44192 ssh2
Oct 14 22:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28743]: Connection closed by 85.214.60.241 port 44192 [preauth]
Oct 14 22:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28755]: Invalid user debian from 85.214.60.241
Oct 14 22:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28755]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28755]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28755]: Failed password for invalid user debian from 85.214.60.241 port 55188 ssh2
Oct 14 22:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28755]: Connection closed by 85.214.60.241 port 55188 [preauth]
Oct 14 22:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26641]: pam_unix(cron:session): session closed for user root
Oct 14 22:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Invalid user debian from 85.214.60.241
Oct 14 22:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Failed password for invalid user debian from 85.214.60.241 port 37360 ssh2
Oct 14 22:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28784]: Connection closed by 85.214.60.241 port 37360 [preauth]
Oct 14 22:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28836]: Invalid user debian from 85.214.60.241
Oct 14 22:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28836]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: Invalid user admin from 2.57.121.112
Oct 14 22:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 22:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28836]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: Failed password for invalid user admin from 2.57.121.112 port 22490 ssh2
Oct 14 22:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28836]: Failed password for invalid user debian from 85.214.60.241 port 44436 ssh2
Oct 14 22:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28836]: Connection closed by 85.214.60.241 port 44436 [preauth]
Oct 14 22:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: Failed password for invalid user admin from 2.57.121.112 port 22490 ssh2
Oct 14 22:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: Invalid user debian from 85.214.60.241
Oct 14 22:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: Failed password for invalid user admin from 2.57.121.112 port 22490 ssh2
Oct 14 22:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: Failed password for invalid user admin from 2.57.121.112 port 22490 ssh2
Oct 14 22:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: Failed password for invalid user debian from 85.214.60.241 port 58544 ssh2
Oct 14 22:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: Connection closed by 85.214.60.241 port 58544 [preauth]
Oct 14 22:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: Failed password for invalid user admin from 2.57.121.112 port 22490 ssh2
Oct 14 22:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: Received disconnect from 2.57.121.112 port 22490:11: Bye [preauth]
Oct 14 22:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: Disconnected from 2.57.121.112 port 22490 [preauth]
Oct 14 22:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 22:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28919]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28921]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28918]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28920]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28921]: pam_unix(cron:session): session closed for user root
Oct 14 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28911]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: Invalid user debian from 85.214.60.241
Oct 14 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29093]: Successful su for rubyman by root
Oct 14 22:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29093]: + ??? root:rubyman
Oct 14 22:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414028 of user rubyman.
Oct 14 22:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29093]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414028.
Oct 14 22:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: Failed password for invalid user debian from 85.214.60.241 port 38828 ssh2
Oct 14 22:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: Connection closed by 85.214.60.241 port 38828 [preauth]
Oct 14 22:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28918]: pam_unix(cron:session): session closed for user root
Oct 14 22:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: Invalid user debian from 85.214.60.241
Oct 14 22:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24555]: pam_unix(cron:session): session closed for user root
Oct 14 22:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: Failed password for invalid user debian from 85.214.60.241 port 44986 ssh2
Oct 14 22:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29220]: Connection closed by 85.214.60.241 port 44986 [preauth]
Oct 14 22:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28912]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Invalid user debian from 85.214.60.241
Oct 14 22:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Failed password for invalid user debian from 85.214.60.241 port 50582 ssh2
Oct 14 22:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Connection closed by 85.214.60.241 port 50582 [preauth]
Oct 14 22:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29418]: Invalid user jerry from 41.93.28.23
Oct 14 22:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29418]: input_userauth_request: invalid user jerry [preauth]
Oct 14 22:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29418]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.28.23
Oct 14 22:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: Invalid user debian from 85.214.60.241
Oct 14 22:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29418]: Failed password for invalid user jerry from 41.93.28.23 port 51468 ssh2
Oct 14 22:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29418]: Received disconnect from 41.93.28.23 port 51468:11: Bye Bye [preauth]
Oct 14 22:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29418]: Disconnected from 41.93.28.23 port 51468 [preauth]
Oct 14 22:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29432]: Invalid user ubuntu from 74.94.234.151
Oct 14 22:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29432]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29432]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: Failed password for invalid user debian from 85.214.60.241 port 56526 ssh2
Oct 14 22:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29432]: Failed password for invalid user ubuntu from 74.94.234.151 port 52108 ssh2
Oct 14 22:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29432]: Received disconnect from 74.94.234.151 port 52108:11: Bye Bye [preauth]
Oct 14 22:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29432]: Disconnected from 74.94.234.151 port 52108 [preauth]
Oct 14 22:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29417]: Connection closed by 85.214.60.241 port 56526 [preauth]
Oct 14 22:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29437]: Invalid user debian from 85.214.60.241
Oct 14 22:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29437]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29437]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29437]: Failed password for invalid user debian from 85.214.60.241 port 33990 ssh2
Oct 14 22:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29437]: Connection closed by 85.214.60.241 port 33990 [preauth]
Oct 14 22:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27364]: pam_unix(cron:session): session closed for user root
Oct 14 22:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: Invalid user debian from 85.214.60.241
Oct 14 22:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 22:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mediusco@mediuscorp.com@198.199.94.12 rhost=::ffff:79.124.49.146
Oct 14 22:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: Failed password for invalid user debian from 85.214.60.241 port 39808 ssh2
Oct 14 22:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: Connection closed by 85.214.60.241 port 39808 [preauth]
Oct 14 22:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 22:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mediusco@mediuscorp.com rhost=::ffff:79.124.49.146
Oct 14 22:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: Invalid user debian from 85.214.60.241
Oct 14 22:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: Failed password for invalid user debian from 85.214.60.241 port 44772 ssh2
Oct 14 22:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: Connection closed by 85.214.60.241 port 44772 [preauth]
Oct 14 22:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29567]: Invalid user debian from 85.214.60.241
Oct 14 22:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29567]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29567]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29567]: Failed password for invalid user debian from 85.214.60.241 port 50864 ssh2
Oct 14 22:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29567]: Connection closed by 85.214.60.241 port 50864 [preauth]
Oct 14 22:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29599]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29598]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29594]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29679]: Successful su for rubyman by root
Oct 14 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29679]: + ??? root:rubyman
Oct 14 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414034 of user rubyman.
Oct 14 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29679]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414034.
Oct 14 22:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29579]: Invalid user debian from 85.214.60.241
Oct 14 22:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29579]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29579]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29579]: Failed password for invalid user debian from 85.214.60.241 port 56722 ssh2
Oct 14 22:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29579]: Connection closed by 85.214.60.241 port 56722 [preauth]
Oct 14 22:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25196]: pam_unix(cron:session): session closed for user root
Oct 14 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29840]: Invalid user debian from 85.214.60.241
Oct 14 22:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29840]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29840]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29840]: Failed password for invalid user debian from 85.214.60.241 port 34262 ssh2
Oct 14 22:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29840]: Connection closed by 85.214.60.241 port 34262 [preauth]
Oct 14 22:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29596]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: Invalid user debian from 85.214.60.241
Oct 14 22:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: Failed password for invalid user debian from 85.214.60.241 port 39174 ssh2
Oct 14 22:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: Connection closed by 85.214.60.241 port 39174 [preauth]
Oct 14 22:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: Invalid user debian from 85.214.60.241
Oct 14 22:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: Failed password for invalid user debian from 85.214.60.241 port 44112 ssh2
Oct 14 22:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29977]: Connection closed by 85.214.60.241 port 44112 [preauth]
Oct 14 22:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: Invalid user debian from 85.214.60.241
Oct 14 22:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: Failed password for invalid user debian from 85.214.60.241 port 49572 ssh2
Oct 14 22:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28164]: pam_unix(cron:session): session closed for user root
Oct 14 22:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: Connection closed by 85.214.60.241 port 49572 [preauth]
Oct 14 22:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: Invalid user debian from 85.214.60.241
Oct 14 22:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: Failed password for invalid user debian from 85.214.60.241 port 55832 ssh2
Oct 14 22:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: Connection closed by 85.214.60.241 port 55832 [preauth]
Oct 14 22:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: Invalid user debian from 85.214.60.241
Oct 14 22:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: Failed password for invalid user debian from 85.214.60.241 port 34570 ssh2
Oct 14 22:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: Connection closed by 85.214.60.241 port 34570 [preauth]
Oct 14 22:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: Invalid user debian from 85.214.60.241
Oct 14 22:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: Failed password for invalid user debian from 85.214.60.241 port 39782 ssh2
Oct 14 22:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30106]: Connection closed by 85.214.60.241 port 39782 [preauth]
Oct 14 22:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30129]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30132]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30127]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: Invalid user debian from 85.214.60.241
Oct 14 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30222]: Successful su for rubyman by root
Oct 14 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30222]: + ??? root:rubyman
Oct 14 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414040 of user rubyman.
Oct 14 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30222]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414040.
Oct 14 22:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: Invalid user sol from 74.94.234.151
Oct 14 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: input_userauth_request: invalid user sol [preauth]
Oct 14 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: Failed password for invalid user debian from 85.214.60.241 port 45348 ssh2
Oct 14 22:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: Connection closed by 85.214.60.241 port 45348 [preauth]
Oct 14 22:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: Failed password for invalid user sol from 74.94.234.151 port 56656 ssh2
Oct 14 22:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: Received disconnect from 74.94.234.151 port 56656:11: Bye Bye [preauth]
Oct 14 22:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30300]: Disconnected from 74.94.234.151 port 56656 [preauth]
Oct 14 22:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26046]: pam_unix(cron:session): session closed for user root
Oct 14 22:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30359]: Invalid user debian from 85.214.60.241
Oct 14 22:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30359]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30359]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30359]: Failed password for invalid user debian from 85.214.60.241 port 51022 ssh2
Oct 14 22:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30359]: Connection closed by 85.214.60.241 port 51022 [preauth]
Oct 14 22:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30128]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: Invalid user debian from 85.214.60.241
Oct 14 22:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: Failed password for invalid user debian from 85.214.60.241 port 56644 ssh2
Oct 14 22:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: Connection closed by 85.214.60.241 port 56644 [preauth]
Oct 14 22:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: Invalid user admindq from 2.57.122.26
Oct 14 22:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: input_userauth_request: invalid user admindq [preauth]
Oct 14 22:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26
Oct 14 22:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Invalid user debian from 85.214.60.241
Oct 14 22:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: Failed password for invalid user admindq from 2.57.122.26 port 36226 ssh2
Oct 14 22:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: Connection closed by 2.57.122.26 port 36226 [preauth]
Oct 14 22:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Failed password for invalid user debian from 85.214.60.241 port 33182 ssh2
Oct 14 22:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 14 22:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Connection closed by 85.214.60.241 port 33182 [preauth]
Oct 14 22:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30619]: Failed password for root from 164.68.105.9 port 46964 ssh2
Oct 14 22:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30619]: Connection closed by 164.68.105.9 port 46964 [preauth]
Oct 14 22:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30621]: Invalid user debian from 85.214.60.241
Oct 14 22:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30621]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30621]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30621]: Failed password for invalid user debian from 85.214.60.241 port 38180 ssh2
Oct 14 22:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30621]: Connection closed by 85.214.60.241 port 38180 [preauth]
Oct 14 22:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30665]: Invalid user debian from 85.214.60.241
Oct 14 22:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30665]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30665]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28920]: pam_unix(cron:session): session closed for user root
Oct 14 22:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30665]: Failed password for invalid user debian from 85.214.60.241 port 43680 ssh2
Oct 14 22:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30665]: Connection closed by 85.214.60.241 port 43680 [preauth]
Oct 14 22:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: Invalid user debian from 85.214.60.241
Oct 14 22:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: Failed password for invalid user debian from 85.214.60.241 port 49244 ssh2
Oct 14 22:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: Connection closed by 85.214.60.241 port 49244 [preauth]
Oct 14 22:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: Invalid user debian from 85.214.60.241
Oct 14 22:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: Failed password for invalid user debian from 85.214.60.241 port 54848 ssh2
Oct 14 22:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30728]: Connection closed by 85.214.60.241 port 54848 [preauth]
Oct 14 22:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30756]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30755]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30753]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: Invalid user debian from 85.214.60.241
Oct 14 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30825]: Successful su for rubyman by root
Oct 14 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30825]: + ??? root:rubyman
Oct 14 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414043 of user rubyman.
Oct 14 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30825]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414043.
Oct 14 22:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: Failed password for invalid user debian from 85.214.60.241 port 60352 ssh2
Oct 14 22:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: Connection closed by 85.214.60.241 port 60352 [preauth]
Oct 14 22:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: Invalid user debian from 85.214.60.241
Oct 14 22:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26640]: pam_unix(cron:session): session closed for user root
Oct 14 22:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: Failed password for invalid user debian from 85.214.60.241 port 40918 ssh2
Oct 14 22:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: Connection closed by 85.214.60.241 port 40918 [preauth]
Oct 14 22:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30754]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31050]: Invalid user debian from 85.214.60.241
Oct 14 22:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31050]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31050]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31050]: Failed password for invalid user debian from 85.214.60.241 port 46894 ssh2
Oct 14 22:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31050]: Connection closed by 85.214.60.241 port 46894 [preauth]
Oct 14 22:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: Invalid user debian from 85.214.60.241
Oct 14 22:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: Failed password for invalid user debian from 85.214.60.241 port 53640 ssh2
Oct 14 22:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: Connection closed by 85.214.60.241 port 53640 [preauth]
Oct 14 22:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: Invalid user debian from 85.214.60.241
Oct 14 22:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: Failed password for invalid user debian from 85.214.60.241 port 58822 ssh2
Oct 14 22:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31126]: Connection closed by 85.214.60.241 port 58822 [preauth]
Oct 14 22:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29599]: pam_unix(cron:session): session closed for user root
Oct 14 22:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31170]: Invalid user debian from 85.214.60.241
Oct 14 22:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31170]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31170]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31170]: Failed password for invalid user debian from 85.214.60.241 port 36510 ssh2
Oct 14 22:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31170]: Connection closed by 85.214.60.241 port 36510 [preauth]
Oct 14 22:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: Invalid user abc from 74.94.234.151
Oct 14 22:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: input_userauth_request: invalid user abc [preauth]
Oct 14 22:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.94.234.151
Oct 14 22:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: Invalid user debian from 85.214.60.241
Oct 14 22:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: Failed password for invalid user abc from 74.94.234.151 port 32966 ssh2
Oct 14 22:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: Received disconnect from 74.94.234.151 port 32966:11: Bye Bye [preauth]
Oct 14 22:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: Disconnected from 74.94.234.151 port 32966 [preauth]
Oct 14 22:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: Failed password for invalid user debian from 85.214.60.241 port 41916 ssh2
Oct 14 22:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31199]: Connection closed by 85.214.60.241 port 41916 [preauth]
Oct 14 22:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: Invalid user debian from 85.214.60.241
Oct 14 22:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: Failed password for invalid user debian from 85.214.60.241 port 47238 ssh2
Oct 14 22:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31228]: Connection closed by 85.214.60.241 port 47238 [preauth]
Oct 14 22:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31260]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31258]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31256]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: Invalid user debian from 85.214.60.241
Oct 14 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31329]: Successful su for rubyman by root
Oct 14 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31329]: + ??? root:rubyman
Oct 14 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414047 of user rubyman.
Oct 14 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31329]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414047.
Oct 14 22:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: Failed password for invalid user debian from 85.214.60.241 port 52672 ssh2
Oct 14 22:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31251]: Connection closed by 85.214.60.241 port 52672 [preauth]
Oct 14 22:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: Invalid user support from 185.156.73.233
Oct 14 22:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: input_userauth_request: invalid user support [preauth]
Oct 14 22:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 14 22:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: Failed password for invalid user support from 185.156.73.233 port 44876 ssh2
Oct 14 22:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: Connection closed by 185.156.73.233 port 44876 [preauth]
Oct 14 22:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31473]: Invalid user debian from 85.214.60.241
Oct 14 22:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31473]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27361]: pam_unix(cron:session): session closed for user root
Oct 14 22:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31473]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31473]: Failed password for invalid user debian from 85.214.60.241 port 58202 ssh2
Oct 14 22:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31473]: Connection closed by 85.214.60.241 port 58202 [preauth]
Oct 14 22:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31257]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31715]: Invalid user debian from 85.214.60.241
Oct 14 22:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31715]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31715]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31715]: Failed password for invalid user debian from 85.214.60.241 port 35438 ssh2
Oct 14 22:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31715]: Connection closed by 85.214.60.241 port 35438 [preauth]
Oct 14 22:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31759]: Invalid user debian from 85.214.60.241
Oct 14 22:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31759]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31759]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31759]: Failed password for invalid user debian from 85.214.60.241 port 41128 ssh2
Oct 14 22:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31759]: Connection closed by 85.214.60.241 port 41128 [preauth]
Oct 14 22:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: Invalid user debian from 85.214.60.241
Oct 14 22:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: Failed password for invalid user debian from 85.214.60.241 port 53244 ssh2
Oct 14 22:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: Connection closed by 85.214.60.241 port 53244 [preauth]
Oct 14 22:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30132]: pam_unix(cron:session): session closed for user root
Oct 14 22:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31821]: Invalid user admin from 85.214.60.241
Oct 14 22:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31821]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31821]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31821]: Failed password for invalid user admin from 85.214.60.241 port 36948 ssh2
Oct 14 22:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31821]: Connection closed by 85.214.60.241 port 36948 [preauth]
Oct 14 22:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: Invalid user admin from 85.214.60.241
Oct 14 22:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: Failed password for invalid user admin from 85.214.60.241 port 49976 ssh2
Oct 14 22:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: Connection closed by 85.214.60.241 port 49976 [preauth]
Oct 14 22:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: Invalid user admin from 85.214.60.241
Oct 14 22:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: Failed password for invalid user admin from 85.214.60.241 port 59246 ssh2
Oct 14 22:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: Connection closed by 85.214.60.241 port 59246 [preauth]
Oct 14 22:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31905]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31903]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31902]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31904]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31905]: pam_unix(cron:session): session closed for user root
Oct 14 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31900]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: Invalid user admin from 85.214.60.241
Oct 14 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31990]: Successful su for rubyman by root
Oct 14 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31990]: + ??? root:rubyman
Oct 14 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31990]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414050 of user rubyman.
Oct 14 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31990]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414050.
Oct 14 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: Failed password for invalid user admin from 85.214.60.241 port 36488 ssh2
Oct 14 22:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: Connection closed by 85.214.60.241 port 36488 [preauth]
Oct 14 22:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: Invalid user admin from 85.214.60.241
Oct 14 22:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31902]: pam_unix(cron:session): session closed for user root
Oct 14 22:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28163]: pam_unix(cron:session): session closed for user root
Oct 14 22:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: Failed password for invalid user admin from 85.214.60.241 port 41716 ssh2
Oct 14 22:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: Connection closed by 85.214.60.241 port 41716 [preauth]
Oct 14 22:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: Invalid user admin from 85.214.60.241
Oct 14 22:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31901]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: Failed password for invalid user admin from 85.214.60.241 port 47050 ssh2
Oct 14 22:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32298]: Connection closed by 85.214.60.241 port 47050 [preauth]
Oct 14 22:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32366]: Invalid user admin from 85.214.60.241
Oct 14 22:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32366]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32366]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32366]: Failed password for invalid user admin from 85.214.60.241 port 52880 ssh2
Oct 14 22:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32366]: Connection closed by 85.214.60.241 port 52880 [preauth]
Oct 14 22:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: Invalid user admin from 85.214.60.241
Oct 14 22:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: Failed password for invalid user admin from 85.214.60.241 port 34764 ssh2
Oct 14 22:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32378]: Connection closed by 85.214.60.241 port 34764 [preauth]
Oct 14 22:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Invalid user admin from 85.214.60.241
Oct 14 22:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30756]: pam_unix(cron:session): session closed for user root
Oct 14 22:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Failed password for invalid user admin from 85.214.60.241 port 49368 ssh2
Oct 14 22:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Connection closed by 85.214.60.241 port 49368 [preauth]
Oct 14 22:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: Invalid user admin from 85.214.60.241
Oct 14 22:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: Failed password for invalid user admin from 85.214.60.241 port 54716 ssh2
Oct 14 22:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32433]: Connection closed by 85.214.60.241 port 54716 [preauth]
Oct 14 22:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32461]: Invalid user admin from 85.214.60.241
Oct 14 22:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32461]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32461]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32461]: Failed password for invalid user admin from 85.214.60.241 port 59752 ssh2
Oct 14 22:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32461]: Connection closed by 85.214.60.241 port 59752 [preauth]
Oct 14 22:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32477]: Invalid user admin from 85.214.60.241
Oct 14 22:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32477]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32477]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32477]: Failed password for invalid user admin from 85.214.60.241 port 36854 ssh2
Oct 14 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32477]: Connection closed by 85.214.60.241 port 36854 [preauth]
Oct 14 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32496]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32495]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32492]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32571]: Successful su for rubyman by root
Oct 14 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32571]: + ??? root:rubyman
Oct 14 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414057 of user rubyman.
Oct 14 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32571]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414057.
Oct 14 22:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: Invalid user admin from 85.214.60.241
Oct 14 22:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: Failed password for invalid user admin from 85.214.60.241 port 42186 ssh2
Oct 14 22:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: Connection closed by 85.214.60.241 port 42186 [preauth]
Oct 14 22:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: Invalid user admin from 85.214.60.241
Oct 14 22:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28919]: pam_unix(cron:session): session closed for user root
Oct 14 22:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: Failed password for invalid user admin from 85.214.60.241 port 47444 ssh2
Oct 14 22:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32695]: Connection closed by 85.214.60.241 port 47444 [preauth]
Oct 14 22:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32493]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[336]: Invalid user admin from 85.214.60.241
Oct 14 22:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[336]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[336]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[336]: Failed password for invalid user admin from 85.214.60.241 port 52876 ssh2
Oct 14 22:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[336]: Connection closed by 85.214.60.241 port 52876 [preauth]
Oct 14 22:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Invalid user admin from 85.214.60.241
Oct 14 22:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Failed password for invalid user admin from 85.214.60.241 port 57608 ssh2
Oct 14 22:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[377]: Connection closed by 85.214.60.241 port 57608 [preauth]
Oct 14 22:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[391]: Invalid user ftpuser from 42.49.216.35
Oct 14 22:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[391]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 22:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[391]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.49.216.35
Oct 14 22:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[391]: Failed password for invalid user ftpuser from 42.49.216.35 port 59780 ssh2
Oct 14 22:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[391]: Received disconnect from 42.49.216.35 port 59780:11: Bye Bye [preauth]
Oct 14 22:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[391]: Disconnected from 42.49.216.35 port 59780 [preauth]
Oct 14 22:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Invalid user admin from 85.214.60.241
Oct 14 22:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Failed password for invalid user admin from 85.214.60.241 port 34172 ssh2
Oct 14 22:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Connection closed by 85.214.60.241 port 34172 [preauth]
Oct 14 22:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: Invalid user admin from 85.214.60.241
Oct 14 22:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31260]: pam_unix(cron:session): session closed for user root
Oct 14 22:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: Failed password for invalid user admin from 85.214.60.241 port 39054 ssh2
Oct 14 22:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: Connection closed by 85.214.60.241 port 39054 [preauth]
Oct 14 22:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: Invalid user admin from 85.214.60.241
Oct 14 22:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: Failed password for invalid user admin from 85.214.60.241 port 43862 ssh2
Oct 14 22:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[475]: Connection closed by 85.214.60.241 port 43862 [preauth]
Oct 14 22:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: Invalid user admin from 85.214.60.241
Oct 14 22:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: Failed password for invalid user admin from 85.214.60.241 port 48842 ssh2
Oct 14 22:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[487]: Connection closed by 85.214.60.241 port 48842 [preauth]
Oct 14 22:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: Invalid user admin from 85.214.60.241
Oct 14 22:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: Failed password for invalid user admin from 85.214.60.241 port 54256 ssh2
Oct 14 22:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: Connection closed by 85.214.60.241 port 54256 [preauth]
Oct 14 22:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[547]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[546]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[543]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[609]: Successful su for rubyman by root
Oct 14 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[609]: + ??? root:rubyman
Oct 14 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414060 of user rubyman.
Oct 14 22:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[609]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414060.
Oct 14 22:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[539]: Invalid user admin from 85.214.60.241
Oct 14 22:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[539]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[539]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[539]: Failed password for invalid user admin from 85.214.60.241 port 59576 ssh2
Oct 14 22:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[539]: Connection closed by 85.214.60.241 port 59576 [preauth]
Oct 14 22:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29598]: pam_unix(cron:session): session closed for user root
Oct 14 22:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: Invalid user admin from 85.214.60.241
Oct 14 22:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: Failed password for invalid user admin from 85.214.60.241 port 36422 ssh2
Oct 14 22:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: Connection closed by 85.214.60.241 port 36422 [preauth]
Oct 14 22:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[544]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Invalid user admin from 85.214.60.241
Oct 14 22:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Failed password for invalid user admin from 85.214.60.241 port 41826 ssh2
Oct 14 22:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[862]: Connection closed by 85.214.60.241 port 41826 [preauth]
Oct 14 22:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[930]: Invalid user admin from 85.214.60.241
Oct 14 22:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[930]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[930]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[930]: Failed password for invalid user admin from 85.214.60.241 port 47476 ssh2
Oct 14 22:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[930]: Connection closed by 85.214.60.241 port 47476 [preauth]
Oct 14 22:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: Invalid user admin from 85.214.60.241
Oct 14 22:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: Failed password for invalid user admin from 85.214.60.241 port 55948 ssh2
Oct 14 22:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[947]: Connection closed by 85.214.60.241 port 55948 [preauth]
Oct 14 22:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1014]: Invalid user admin from 85.214.60.241
Oct 14 22:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1014]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1014]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1014]: Failed password for invalid user admin from 85.214.60.241 port 44808 ssh2
Oct 14 22:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31904]: pam_unix(cron:session): session closed for user root
Oct 14 22:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1014]: Connection closed by 85.214.60.241 port 44808 [preauth]
Oct 14 22:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: Invalid user admin from 85.214.60.241
Oct 14 22:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: Failed password for invalid user admin from 85.214.60.241 port 52670 ssh2
Oct 14 22:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: Connection closed by 85.214.60.241 port 52670 [preauth]
Oct 14 22:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1096]: Invalid user admin from 85.214.60.241
Oct 14 22:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1096]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1096]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1096]: Failed password for invalid user admin from 85.214.60.241 port 58000 ssh2
Oct 14 22:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1096]: Connection closed by 85.214.60.241 port 58000 [preauth]
Oct 14 22:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: Invalid user admin from 85.214.60.241
Oct 14 22:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1129]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1130]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1127]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1197]: Successful su for rubyman by root
Oct 14 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1197]: + ??? root:rubyman
Oct 14 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414067 of user rubyman.
Oct 14 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1197]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414067.
Oct 14 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: Failed password for invalid user admin from 85.214.60.241 port 35422 ssh2
Oct 14 22:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: Connection closed by 85.214.60.241 port 35422 [preauth]
Oct 14 22:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1241]: Invalid user admin from 85.214.60.241
Oct 14 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1241]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1241]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30129]: pam_unix(cron:session): session closed for user root
Oct 14 22:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1241]: Failed password for invalid user admin from 85.214.60.241 port 41078 ssh2
Oct 14 22:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1241]: Connection closed by 85.214.60.241 port 41078 [preauth]
Oct 14 22:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1407]: Invalid user admin from 85.214.60.241
Oct 14 22:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1407]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1407]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1128]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1407]: Failed password for invalid user admin from 85.214.60.241 port 46566 ssh2
Oct 14 22:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1407]: Connection closed by 85.214.60.241 port 46566 [preauth]
Oct 14 22:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1487]: Invalid user admin from 85.214.60.241
Oct 14 22:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1487]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1487]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1487]: Failed password for invalid user admin from 85.214.60.241 port 33520 ssh2
Oct 14 22:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1487]: Connection closed by 85.214.60.241 port 33520 [preauth]
Oct 14 22:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1505]: Invalid user admin from 85.214.60.241
Oct 14 22:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1505]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1505]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1505]: Failed password for invalid user admin from 85.214.60.241 port 42334 ssh2
Oct 14 22:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1505]: Connection closed by 85.214.60.241 port 42334 [preauth]
Oct 14 22:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1533]: Invalid user admin from 85.214.60.241
Oct 14 22:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1533]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32496]: pam_unix(cron:session): session closed for user root
Oct 14 22:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1533]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1533]: Failed password for invalid user admin from 85.214.60.241 port 49272 ssh2
Oct 14 22:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1533]: Connection closed by 85.214.60.241 port 49272 [preauth]
Oct 14 22:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: Invalid user admin from 85.214.60.241
Oct 14 22:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: Failed password for invalid user admin from 85.214.60.241 port 54418 ssh2
Oct 14 22:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: Connection closed by 85.214.60.241 port 54418 [preauth]
Oct 14 22:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: Invalid user admin from 85.214.60.241
Oct 14 22:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: Failed password for invalid user admin from 85.214.60.241 port 59902 ssh2
Oct 14 22:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: Connection closed by 85.214.60.241 port 59902 [preauth]
Oct 14 22:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1646]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1645]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1639]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1624]: Invalid user admin from 85.214.60.241
Oct 14 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1624]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1624]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1732]: Successful su for rubyman by root
Oct 14 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1732]: + ??? root:rubyman
Oct 14 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414069 of user rubyman.
Oct 14 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1732]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414069.
Oct 14 22:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1624]: Failed password for invalid user admin from 85.214.60.241 port 37048 ssh2
Oct 14 22:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1624]: Connection closed by 85.214.60.241 port 37048 [preauth]
Oct 14 22:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Invalid user admin from 85.214.60.241
Oct 14 22:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30755]: pam_unix(cron:session): session closed for user root
Oct 14 22:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Failed password for invalid user admin from 85.214.60.241 port 42878 ssh2
Oct 14 22:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Connection closed by 85.214.60.241 port 42878 [preauth]
Oct 14 22:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1641]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: Invalid user admin from 85.214.60.241
Oct 14 22:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: Failed password for invalid user admin from 85.214.60.241 port 48418 ssh2
Oct 14 22:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2043]: Connection closed by 85.214.60.241 port 48418 [preauth]
Oct 14 22:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: Invalid user admin from 85.214.60.241
Oct 14 22:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: Failed password for invalid user admin from 85.214.60.241 port 54780 ssh2
Oct 14 22:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: Connection closed by 85.214.60.241 port 54780 [preauth]
Oct 14 22:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: Invalid user admin from 85.214.60.241
Oct 14 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: Failed password for invalid user admin from 85.214.60.241 port 35818 ssh2
Oct 14 22:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: Connection closed by 85.214.60.241 port 35818 [preauth]
Oct 14 22:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[547]: pam_unix(cron:session): session closed for user root
Oct 14 22:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: Invalid user admin from 85.214.60.241
Oct 14 22:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: Failed password for invalid user admin from 85.214.60.241 port 42574 ssh2
Oct 14 22:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2136]: Connection closed by 85.214.60.241 port 42574 [preauth]
Oct 14 22:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2189]: Invalid user admin from 85.214.60.241
Oct 14 22:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2189]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2189]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2189]: Failed password for invalid user admin from 85.214.60.241 port 49910 ssh2
Oct 14 22:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2189]: Connection closed by 85.214.60.241 port 49910 [preauth]
Oct 14 22:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: Invalid user admin from 85.214.60.241
Oct 14 22:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: Failed password for invalid user admin from 85.214.60.241 port 55634 ssh2
Oct 14 22:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: Connection closed by 85.214.60.241 port 55634 [preauth]
Oct 14 22:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2245]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2248]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2247]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2246]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2248]: pam_unix(cron:session): session closed for user root
Oct 14 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2242]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2231]: Invalid user admin from 85.214.60.241
Oct 14 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2231]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2316]: Successful su for rubyman by root
Oct 14 22:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2316]: + ??? root:rubyman
Oct 14 22:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414074 of user rubyman.
Oct 14 22:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2316]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414074.
Oct 14 22:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2231]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2231]: Failed password for invalid user admin from 85.214.60.241 port 60902 ssh2
Oct 14 22:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2231]: Connection closed by 85.214.60.241 port 60902 [preauth]
Oct 14 22:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2245]: pam_unix(cron:session): session closed for user root
Oct 14 22:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2410]: Invalid user admin from 85.214.60.241
Oct 14 22:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2410]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31258]: pam_unix(cron:session): session closed for user root
Oct 14 22:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2410]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2410]: Failed password for invalid user admin from 85.214.60.241 port 38468 ssh2
Oct 14 22:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2410]: Connection closed by 85.214.60.241 port 38468 [preauth]
Oct 14 22:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: Invalid user admin from 85.214.60.241
Oct 14 22:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2244]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: Failed password for invalid user admin from 85.214.60.241 port 48368 ssh2
Oct 14 22:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2561]: Connection closed by 85.214.60.241 port 48368 [preauth]
Oct 14 22:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83  user=root
Oct 14 22:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2602]: Invalid user admin from 85.214.60.241
Oct 14 22:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2602]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: Failed password for root from 165.154.205.83 port 17752 ssh2
Oct 14 22:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: Connection closed by 165.154.205.83 port 17752 [preauth]
Oct 14 22:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2602]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2618]: Invalid user admin from 165.154.205.83
Oct 14 22:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2618]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2618]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2602]: Failed password for invalid user admin from 85.214.60.241 port 55422 ssh2
Oct 14 22:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2602]: Connection closed by 85.214.60.241 port 55422 [preauth]
Oct 14 22:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2618]: Failed password for invalid user admin from 165.154.205.83 port 18104 ssh2
Oct 14 22:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2618]: Connection closed by 165.154.205.83 port 18104 [preauth]
Oct 14 22:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: Invalid user fa from 165.154.205.83
Oct 14 22:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: input_userauth_request: invalid user fa [preauth]
Oct 14 22:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2627]: Invalid user admin from 85.214.60.241
Oct 14 22:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2627]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: Failed password for invalid user fa from 165.154.205.83 port 18442 ssh2
Oct 14 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2627]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2631]: Connection closed by 165.154.205.83 port 18442 [preauth]
Oct 14 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2647]: Invalid user ftpuser from 165.154.205.83
Oct 14 22:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2647]: input_userauth_request: invalid user ftpuser [preauth]
Oct 14 22:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2647]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2627]: Failed password for invalid user admin from 85.214.60.241 port 35362 ssh2
Oct 14 22:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2627]: Connection closed by 85.214.60.241 port 35362 [preauth]
Oct 14 22:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2647]: Failed password for invalid user ftpuser from 165.154.205.83 port 18876 ssh2
Oct 14 22:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2647]: Connection closed by 165.154.205.83 port 18876 [preauth]
Oct 14 22:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1130]: pam_unix(cron:session): session closed for user root
Oct 14 22:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: Invalid user es from 165.154.205.83
Oct 14 22:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: input_userauth_request: invalid user es [preauth]
Oct 14 22:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2662]: Invalid user admin from 85.214.60.241
Oct 14 22:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2662]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: Failed password for invalid user es from 165.154.205.83 port 19268 ssh2
Oct 14 22:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: Connection closed by 165.154.205.83 port 19268 [preauth]
Oct 14 22:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2662]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83  user=root
Oct 14 22:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2662]: Failed password for invalid user admin from 85.214.60.241 port 43714 ssh2
Oct 14 22:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Failed password for root from 165.154.205.83 port 19632 ssh2
Oct 14 22:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2662]: Connection closed by 85.214.60.241 port 43714 [preauth]
Oct 14 22:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Connection closed by 165.154.205.83 port 19632 [preauth]
Oct 14 22:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83  user=root
Oct 14 22:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: Failed password for root from 165.154.205.83 port 19968 ssh2
Oct 14 22:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2700]: Invalid user admin from 85.214.60.241
Oct 14 22:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2700]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: Connection closed by 165.154.205.83 port 19968 [preauth]
Oct 14 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2700]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: Invalid user admin from 165.154.205.83
Oct 14 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2700]: Failed password for invalid user admin from 85.214.60.241 port 51006 ssh2
Oct 14 22:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: Failed password for invalid user admin from 165.154.205.83 port 20366 ssh2
Oct 14 22:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2725]: Connection closed by 165.154.205.83 port 20366 [preauth]
Oct 14 22:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2700]: Connection closed by 85.214.60.241 port 51006 [preauth]
Oct 14 22:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2732]: Invalid user vpn from 165.154.205.83
Oct 14 22:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2732]: input_userauth_request: invalid user vpn [preauth]
Oct 14 22:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2732]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2732]: Failed password for invalid user vpn from 165.154.205.83 port 20742 ssh2
Oct 14 22:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2732]: Connection closed by 165.154.205.83 port 20742 [preauth]
Oct 14 22:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: Invalid user admin from 85.214.60.241
Oct 14 22:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: Invalid user ubuntu from 165.154.205.83
Oct 14 22:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: Failed password for invalid user ubuntu from 165.154.205.83 port 21154 ssh2
Oct 14 22:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: Connection closed by 165.154.205.83 port 21154 [preauth]
Oct 14 22:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: Failed password for invalid user admin from 85.214.60.241 port 56528 ssh2
Oct 14 22:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: Connection closed by 85.214.60.241 port 56528 [preauth]
Oct 14 22:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2763]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2762]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2760]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83  user=root
Oct 14 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2838]: Successful su for rubyman by root
Oct 14 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2838]: + ??? root:rubyman
Oct 14 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2838]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414078 of user rubyman.
Oct 14 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2838]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414078.
Oct 14 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: Invalid user admin from 85.214.60.241
Oct 14 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: Failed password for root from 165.154.205.83 port 21558 ssh2
Oct 14 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: Connection closed by 165.154.205.83 port 21558 [preauth]
Oct 14 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83  user=root
Oct 14 22:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: Failed password for invalid user admin from 85.214.60.241 port 33864 ssh2
Oct 14 22:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: Failed password for root from 165.154.205.83 port 22166 ssh2
Oct 14 22:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: Connection closed by 165.154.205.83 port 22166 [preauth]
Oct 14 22:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: Connection closed by 85.214.60.241 port 33864 [preauth]
Oct 14 22:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2967]: Invalid user ubuntu from 165.154.205.83
Oct 14 22:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2967]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2967]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2967]: Failed password for invalid user ubuntu from 165.154.205.83 port 22770 ssh2
Oct 14 22:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2967]: Connection closed by 165.154.205.83 port 22770 [preauth]
Oct 14 22:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Invalid user admin from 85.214.60.241
Oct 14 22:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Invalid user testuser from 165.154.205.83
Oct 14 22:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: input_userauth_request: invalid user testuser [preauth]
Oct 14 22:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31903]: pam_unix(cron:session): session closed for user root
Oct 14 22:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Failed password for invalid user admin from 85.214.60.241 port 39310 ssh2
Oct 14 22:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Failed password for invalid user testuser from 165.154.205.83 port 23256 ssh2
Oct 14 22:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3042]: Connection closed by 165.154.205.83 port 23256 [preauth]
Oct 14 22:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Connection closed by 85.214.60.241 port 39310 [preauth]
Oct 14 22:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83  user=root
Oct 14 22:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2761]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: Failed password for root from 165.154.205.83 port 23668 ssh2
Oct 14 22:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3074]: Connection closed by 165.154.205.83 port 23668 [preauth]
Oct 14 22:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3094]: Invalid user devuser from 165.154.205.83
Oct 14 22:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3094]: input_userauth_request: invalid user devuser [preauth]
Oct 14 22:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3094]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: Invalid user admin from 85.214.60.241
Oct 14 22:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3094]: Failed password for invalid user devuser from 165.154.205.83 port 24156 ssh2
Oct 14 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3094]: Connection closed by 165.154.205.83 port 24156 [preauth]
Oct 14 22:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: Invalid user odoo18 from 165.154.205.83
Oct 14 22:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: input_userauth_request: invalid user odoo18 [preauth]
Oct 14 22:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: Failed password for invalid user admin from 85.214.60.241 port 44748 ssh2
Oct 14 22:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: Connection closed by 85.214.60.241 port 44748 [preauth]
Oct 14 22:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: Failed password for invalid user odoo18 from 165.154.205.83 port 24486 ssh2
Oct 14 22:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3117]: Connection closed by 165.154.205.83 port 24486 [preauth]
Oct 14 22:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: Invalid user git from 165.154.205.83
Oct 14 22:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: input_userauth_request: invalid user git [preauth]
Oct 14 22:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: Invalid user admin from 85.214.60.241
Oct 14 22:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: Failed password for invalid user git from 165.154.205.83 port 24912 ssh2
Oct 14 22:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: Connection closed by 165.154.205.83 port 24912 [preauth]
Oct 14 22:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83  user=root
Oct 14 22:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: Failed password for invalid user admin from 85.214.60.241 port 49964 ssh2
Oct 14 22:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: Invalid user admin from 185.156.73.233
Oct 14 22:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 14 22:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Failed password for root from 165.154.205.83 port 25352 ssh2
Oct 14 22:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Connection closed by 165.154.205.83 port 25352 [preauth]
Oct 14 22:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3119]: Connection closed by 85.214.60.241 port 49964 [preauth]
Oct 14 22:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: Invalid user dspace from 165.154.205.83
Oct 14 22:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: input_userauth_request: invalid user dspace [preauth]
Oct 14 22:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: Failed password for invalid user admin from 185.156.73.233 port 52310 ssh2
Oct 14 22:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: Connection closed by 185.156.73.233 port 52310 [preauth]
Oct 14 22:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: Failed password for invalid user dspace from 165.154.205.83 port 25842 ssh2
Oct 14 22:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: Connection closed by 165.154.205.83 port 25842 [preauth]
Oct 14 22:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: Invalid user jenkins from 165.154.205.83
Oct 14 22:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: input_userauth_request: invalid user jenkins [preauth]
Oct 14 22:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: Invalid user admin from 85.214.60.241
Oct 14 22:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: Failed password for invalid user jenkins from 165.154.205.83 port 26258 ssh2
Oct 14 22:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1646]: pam_unix(cron:session): session closed for user root
Oct 14 22:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: Connection closed by 165.154.205.83 port 26258 [preauth]
Oct 14 22:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: Invalid user pi from 165.154.205.83
Oct 14 22:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: input_userauth_request: invalid user pi [preauth]
Oct 14 22:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: Failed password for invalid user admin from 85.214.60.241 port 55356 ssh2
Oct 14 22:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: Failed password for invalid user pi from 165.154.205.83 port 26792 ssh2
Oct 14 22:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: Connection closed by 85.214.60.241 port 55356 [preauth]
Oct 14 22:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: Connection closed by 165.154.205.83 port 26792 [preauth]
Oct 14 22:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83  user=root
Oct 14 22:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3198]: Failed password for root from 165.154.205.83 port 27174 ssh2
Oct 14 22:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3198]: Connection closed by 165.154.205.83 port 27174 [preauth]
Oct 14 22:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: Invalid user vyos from 165.154.205.83
Oct 14 22:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: input_userauth_request: invalid user vyos [preauth]
Oct 14 22:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: Invalid user admin from 85.214.60.241
Oct 14 22:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: Failed password for invalid user vyos from 165.154.205.83 port 27608 ssh2
Oct 14 22:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3212]: Connection closed by 165.154.205.83 port 27608 [preauth]
Oct 14 22:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: Failed password for invalid user admin from 85.214.60.241 port 33084 ssh2
Oct 14 22:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3219]: User mysql from 165.154.205.83 not allowed because not listed in AllowUsers
Oct 14 22:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3219]: input_userauth_request: invalid user mysql [preauth]
Oct 14 22:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83  user=mysql
Oct 14 22:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: Connection closed by 85.214.60.241 port 33084 [preauth]
Oct 14 22:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3219]: Failed password for invalid user mysql from 165.154.205.83 port 28042 ssh2
Oct 14 22:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3219]: Connection closed by 165.154.205.83 port 28042 [preauth]
Oct 14 22:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: Invalid user vagrant from 165.154.205.83
Oct 14 22:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: input_userauth_request: invalid user vagrant [preauth]
Oct 14 22:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3237]: Invalid user admin from 85.214.60.241
Oct 14 22:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3237]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3237]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: Failed password for invalid user vagrant from 165.154.205.83 port 28566 ssh2
Oct 14 22:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3246]: Connection closed by 165.154.205.83 port 28566 [preauth]
Oct 14 22:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3237]: Failed password for invalid user admin from 85.214.60.241 port 38880 ssh2
Oct 14 22:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3259]: Invalid user user from 165.154.205.83
Oct 14 22:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3259]: input_userauth_request: invalid user user [preauth]
Oct 14 22:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3259]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3237]: Connection closed by 85.214.60.241 port 38880 [preauth]
Oct 14 22:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3259]: Failed password for invalid user user from 165.154.205.83 port 28936 ssh2
Oct 14 22:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3259]: Connection closed by 165.154.205.83 port 28936 [preauth]
Oct 14 22:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83  user=root
Oct 14 22:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: Invalid user admin from 85.214.60.241
Oct 14 22:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: Failed password for root from 165.154.205.83 port 29330 ssh2
Oct 14 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: Connection closed by 165.154.205.83 port 29330 [preauth]
Oct 14 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: Failed password for invalid user admin from 85.214.60.241 port 44404 ssh2
Oct 14 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3291]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3290]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83  user=root
Oct 14 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3263]: Connection closed by 85.214.60.241 port 44404 [preauth]
Oct 14 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3377]: Successful su for rubyman by root
Oct 14 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3377]: + ??? root:rubyman
Oct 14 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414082 of user rubyman.
Oct 14 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3377]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414082.
Oct 14 22:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: Failed password for root from 165.154.205.83 port 29824 ssh2
Oct 14 22:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: Connection closed by 165.154.205.83 port 29824 [preauth]
Oct 14 22:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 14 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: Invalid user ubuntu from 165.154.205.83
Oct 14 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3376]: Invalid user admin from 85.214.60.241
Oct 14 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3376]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: Failed password for root from 164.68.105.9 port 41768 ssh2
Oct 14 22:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3376]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3416]: Connection closed by 164.68.105.9 port 41768 [preauth]
Oct 14 22:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: Failed password for invalid user ubuntu from 165.154.205.83 port 30260 ssh2
Oct 14 22:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: Connection closed by 165.154.205.83 port 30260 [preauth]
Oct 14 22:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3376]: Failed password for invalid user admin from 85.214.60.241 port 52768 ssh2
Oct 14 22:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: Invalid user test from 165.154.205.83
Oct 14 22:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: input_userauth_request: invalid user test [preauth]
Oct 14 22:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3376]: Connection closed by 85.214.60.241 port 52768 [preauth]
Oct 14 22:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32495]: pam_unix(cron:session): session closed for user root
Oct 14 22:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: Failed password for invalid user test from 165.154.205.83 port 30778 ssh2
Oct 14 22:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: Connection closed by 165.154.205.83 port 30778 [preauth]
Oct 14 22:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3582]: Invalid user user from 165.154.205.83
Oct 14 22:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3582]: input_userauth_request: invalid user user [preauth]
Oct 14 22:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3582]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3571]: Invalid user admin from 85.214.60.241
Oct 14 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3571]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3582]: Failed password for invalid user user from 165.154.205.83 port 31184 ssh2
Oct 14 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3582]: Connection closed by 165.154.205.83 port 31184 [preauth]
Oct 14 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3571]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: Invalid user devopsuser from 165.154.205.83
Oct 14 22:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: input_userauth_request: invalid user devopsuser [preauth]
Oct 14 22:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3571]: Failed password for invalid user admin from 85.214.60.241 port 60728 ssh2
Oct 14 22:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3288]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: Failed password for invalid user devopsuser from 165.154.205.83 port 31534 ssh2
Oct 14 22:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: Connection closed by 165.154.205.83 port 31534 [preauth]
Oct 14 22:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3571]: Connection closed by 85.214.60.241 port 60728 [preauth]
Oct 14 22:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: Invalid user ansible from 165.154.205.83
Oct 14 22:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: input_userauth_request: invalid user ansible [preauth]
Oct 14 22:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: Failed password for invalid user ansible from 165.154.205.83 port 31940 ssh2
Oct 14 22:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: Connection closed by 165.154.205.83 port 31940 [preauth]
Oct 14 22:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3645]: Invalid user user from 165.154.205.83
Oct 14 22:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3645]: input_userauth_request: invalid user user [preauth]
Oct 14 22:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3645]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: Invalid user admin from 85.214.60.241
Oct 14 22:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3645]: Failed password for invalid user user from 165.154.205.83 port 32358 ssh2
Oct 14 22:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3645]: Connection closed by 165.154.205.83 port 32358 [preauth]
Oct 14 22:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: Failed password for invalid user admin from 85.214.60.241 port 41670 ssh2
Oct 14 22:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: Invalid user admin from 165.154.205.83
Oct 14 22:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3628]: Connection closed by 85.214.60.241 port 41670 [preauth]
Oct 14 22:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: Failed password for invalid user admin from 165.154.205.83 port 32812 ssh2
Oct 14 22:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: Connection closed by 165.154.205.83 port 32812 [preauth]
Oct 14 22:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: Invalid user oracle from 165.154.205.83
Oct 14 22:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: input_userauth_request: invalid user oracle [preauth]
Oct 14 22:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: Failed password for invalid user oracle from 165.154.205.83 port 33260 ssh2
Oct 14 22:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: Connection closed by 165.154.205.83 port 33260 [preauth]
Oct 14 22:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3659]: Invalid user admin from 85.214.60.241
Oct 14 22:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3659]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: Invalid user elastic from 165.154.205.83
Oct 14 22:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: input_userauth_request: invalid user elastic [preauth]
Oct 14 22:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3659]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3659]: Failed password for invalid user admin from 85.214.60.241 port 49086 ssh2
Oct 14 22:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: Failed password for invalid user elastic from 165.154.205.83 port 33706 ssh2
Oct 14 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3677]: Connection closed by 165.154.205.83 port 33706 [preauth]
Oct 14 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3659]: Connection closed by 85.214.60.241 port 49086 [preauth]
Oct 14 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: Invalid user admin from 165.154.205.83
Oct 14 22:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: Failed password for invalid user admin from 165.154.205.83 port 34210 ssh2
Oct 14 22:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: Connection closed by 165.154.205.83 port 34210 [preauth]
Oct 14 22:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83  user=root
Oct 14 22:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3693]: Invalid user admin from 85.214.60.241
Oct 14 22:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3693]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3693]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2247]: pam_unix(cron:session): session closed for user root
Oct 14 22:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: Failed password for root from 165.154.205.83 port 34640 ssh2
Oct 14 22:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: Connection closed by 165.154.205.83 port 34640 [preauth]
Oct 14 22:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3693]: Failed password for invalid user admin from 85.214.60.241 port 54398 ssh2
Oct 14 22:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: Invalid user ubuntu from 165.154.205.83
Oct 14 22:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 22:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3693]: Connection closed by 85.214.60.241 port 54398 [preauth]
Oct 14 22:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: Failed password for invalid user ubuntu from 165.154.205.83 port 35102 ssh2
Oct 14 22:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: Connection closed by 165.154.205.83 port 35102 [preauth]
Oct 14 22:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3754]: Invalid user postgres from 165.154.205.83
Oct 14 22:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3754]: input_userauth_request: invalid user postgres [preauth]
Oct 14 22:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3754]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: Invalid user admin from 85.214.60.241
Oct 14 22:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3754]: Failed password for invalid user postgres from 165.154.205.83 port 35618 ssh2
Oct 14 22:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3754]: Connection closed by 165.154.205.83 port 35618 [preauth]
Oct 14 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Invalid user pi from 165.154.205.83
Oct 14 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: input_userauth_request: invalid user pi [preauth]
Oct 14 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: Failed password for invalid user admin from 85.214.60.241 port 59672 ssh2
Oct 14 22:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Failed password for invalid user pi from 165.154.205.83 port 36066 ssh2
Oct 14 22:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Connection closed by 165.154.205.83 port 36066 [preauth]
Oct 14 22:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: Connection closed by 85.214.60.241 port 59672 [preauth]
Oct 14 22:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: Invalid user ubnt from 165.154.205.83
Oct 14 22:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: input_userauth_request: invalid user ubnt [preauth]
Oct 14 22:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: Failed password for invalid user ubnt from 165.154.205.83 port 36528 ssh2
Oct 14 22:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3786]: Connection closed by 165.154.205.83 port 36528 [preauth]
Oct 14 22:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: Invalid user admin from 85.214.60.241
Oct 14 22:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83  user=root
Oct 14 22:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: Failed password for invalid user admin from 85.214.60.241 port 37150 ssh2
Oct 14 22:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: Failed password for root from 165.154.205.83 port 37128 ssh2
Oct 14 22:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: Connection closed by 165.154.205.83 port 37128 [preauth]
Oct 14 22:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: Connection closed by 85.214.60.241 port 37150 [preauth]
Oct 14 22:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83  user=root
Oct 14 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3824]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3823]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3821]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3805]: Failed password for root from 165.154.205.83 port 37616 ssh2
Oct 14 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3805]: Connection closed by 165.154.205.83 port 37616 [preauth]
Oct 14 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3902]: Successful su for rubyman by root
Oct 14 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3902]: + ??? root:rubyman
Oct 14 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414086 of user rubyman.
Oct 14 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3902]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414086.
Oct 14 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83  user=root
Oct 14 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3807]: Invalid user admin from 85.214.60.241
Oct 14 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3807]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3807]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: Failed password for root from 165.154.205.83 port 38112 ssh2
Oct 14 22:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3893]: Connection closed by 165.154.205.83 port 38112 [preauth]
Oct 14 22:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3807]: Failed password for invalid user admin from 85.214.60.241 port 42308 ssh2
Oct 14 22:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3807]: Connection closed by 85.214.60.241 port 42308 [preauth]
Oct 14 22:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: Invalid user oracle from 165.154.205.83
Oct 14 22:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: input_userauth_request: invalid user oracle [preauth]
Oct 14 22:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: Failed password for invalid user oracle from 165.154.205.83 port 38560 ssh2
Oct 14 22:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3974]: Connection closed by 165.154.205.83 port 38560 [preauth]
Oct 14 22:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: Invalid user postgres from 165.154.205.83
Oct 14 22:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: input_userauth_request: invalid user postgres [preauth]
Oct 14 22:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: Invalid user admin from 85.214.60.241
Oct 14 22:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[546]: pam_unix(cron:session): session closed for user root
Oct 14 22:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: Failed password for invalid user postgres from 165.154.205.83 port 38932 ssh2
Oct 14 22:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: Connection closed by 165.154.205.83 port 38932 [preauth]
Oct 14 22:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83  user=root
Oct 14 22:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: Failed password for invalid user admin from 85.214.60.241 port 47402 ssh2
Oct 14 22:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: Connection closed by 85.214.60.241 port 47402 [preauth]
Oct 14 22:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Failed password for root from 165.154.205.83 port 39486 ssh2
Oct 14 22:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4098]: Connection closed by 165.154.205.83 port 39486 [preauth]
Oct 14 22:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: Invalid user debian from 165.154.205.83
Oct 14 22:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: input_userauth_request: invalid user debian [preauth]
Oct 14 22:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3822]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: Invalid user admin from 85.214.60.241
Oct 14 22:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: Failed password for invalid user debian from 165.154.205.83 port 40076 ssh2
Oct 14 22:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4130]: Connection closed by 165.154.205.83 port 40076 [preauth]
Oct 14 22:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: Invalid user deploy from 165.154.205.83
Oct 14 22:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: input_userauth_request: invalid user deploy [preauth]
Oct 14 22:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.205.83
Oct 14 22:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: Failed password for invalid user admin from 85.214.60.241 port 52664 ssh2
Oct 14 22:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: Failed password for invalid user deploy from 165.154.205.83 port 40644 ssh2
Oct 14 22:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: Connection closed by 165.154.205.83 port 40644 [preauth]
Oct 14 22:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: Connection closed by 85.214.60.241 port 52664 [preauth]
Oct 14 22:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4194]: Invalid user admin from 85.214.60.241
Oct 14 22:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4194]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4194]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4194]: Failed password for invalid user admin from 85.214.60.241 port 60178 ssh2
Oct 14 22:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4194]: Connection closed by 85.214.60.241 port 60178 [preauth]
Oct 14 22:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4243]: Invalid user admin from 85.214.60.241
Oct 14 22:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4243]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4243]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4243]: Failed password for invalid user admin from 85.214.60.241 port 38406 ssh2
Oct 14 22:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4243]: Connection closed by 85.214.60.241 port 38406 [preauth]
Oct 14 22:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2763]: pam_unix(cron:session): session closed for user root
Oct 14 22:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: Invalid user admin from 85.214.60.241
Oct 14 22:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: Failed password for invalid user admin from 85.214.60.241 port 43586 ssh2
Oct 14 22:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4267]: Connection closed by 85.214.60.241 port 43586 [preauth]
Oct 14 22:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4313]: Invalid user admin from 85.214.60.241
Oct 14 22:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4313]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4313]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4313]: Failed password for invalid user admin from 85.214.60.241 port 49300 ssh2
Oct 14 22:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4313]: Connection closed by 85.214.60.241 port 49300 [preauth]
Oct 14 22:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: Invalid user admin from 85.214.60.241
Oct 14 22:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: Failed password for invalid user admin from 85.214.60.241 port 54568 ssh2
Oct 14 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4364]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4362]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4363]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4361]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4361]: pam_unix(cron:session): session closed for user p13x
Oct 14 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4341]: Connection closed by 85.214.60.241 port 54568 [preauth]
Oct 14 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4441]: Successful su for rubyman by root
Oct 14 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4441]: + ??? root:rubyman
Oct 14 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414091 of user rubyman.
Oct 14 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4441]: pam_unix(su:session): session closed for user rubyman
Oct 14 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414091.
Oct 14 22:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: Invalid user admin from 85.214.60.241
Oct 14 22:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: Failed password for invalid user admin from 85.214.60.241 port 60040 ssh2
Oct 14 22:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4423]: Connection closed by 85.214.60.241 port 60040 [preauth]
Oct 14 22:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1129]: pam_unix(cron:session): session closed for user root
Oct 14 22:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: Invalid user admin from 85.214.60.241
Oct 14 22:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4362]: pam_unix(cron:session): session closed for user samftp
Oct 14 22:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: Failed password for invalid user admin from 85.214.60.241 port 37488 ssh2
Oct 14 22:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: Connection closed by 85.214.60.241 port 37488 [preauth]
Oct 14 22:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Invalid user admin from 85.214.60.241
Oct 14 22:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Failed password for invalid user admin from 85.214.60.241 port 51432 ssh2
Oct 14 22:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Connection closed by 85.214.60.241 port 51432 [preauth]
Oct 14 22:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4747]: Invalid user admin from 85.214.60.241
Oct 14 22:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4747]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4747]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4747]: Failed password for invalid user admin from 85.214.60.241 port 32770 ssh2
Oct 14 22:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4747]: Connection closed by 85.214.60.241 port 32770 [preauth]
Oct 14 22:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3291]: pam_unix(cron:session): session closed for user root
Oct 14 22:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: Invalid user admin from 85.214.60.241
Oct 14 22:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: Failed password for invalid user admin from 85.214.60.241 port 38084 ssh2
Oct 14 22:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: Connection closed by 85.214.60.241 port 38084 [preauth]
Oct 14 22:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4818]: Invalid user admin from 85.214.60.241
Oct 14 22:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4818]: input_userauth_request: invalid user admin [preauth]
Oct 14 22:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4818]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4818]: Failed password for invalid user admin from 85.214.60.241 port 46196 ssh2
Oct 14 22:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4818]: Connection closed by 85.214.60.241 port 46196 [preauth]
Oct 14 22:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 22:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: Invalid user pi from 85.214.60.241
Oct 14 22:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: input_userauth_request: invalid user pi [preauth]
Oct 14 22:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 22:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241
Oct 14 22:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: Failed password for invalid user pi from 85.214.60.241 port 55072 ssh2
Oct 14 23:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: Connection closed by 85.214.60.241 port 55072 [preauth]
Oct 14 23:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4881]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4893]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4880]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4891]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4913]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4920]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4879]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4881]: pam_unix(cron:session): session closed for user root
Oct 14 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4920]: pam_unix(cron:session): session closed for user root
Oct 14 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4879]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4866]: User ftp from 85.214.60.241 not allowed because not listed in AllowUsers
Oct 14 23:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4866]: input_userauth_request: invalid user ftp [preauth]
Oct 14 23:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.214.60.241  user=ftp
Oct 14 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[5497]: Successful su for rubyman by root
Oct 14 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[5497]: + ??? root:rubyman
Oct 14 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[5497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414099 of user rubyman.
Oct 14 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[5497]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414099.
Oct 14 23:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4866]: Failed password for invalid user ftp from 85.214.60.241 port 60662 ssh2
Oct 14 23:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4866]: Connection closed by 85.214.60.241 port 60662 [preauth]
Oct 14 23:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1645]: pam_unix(cron:session): session closed for user root
Oct 14 23:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4891]: pam_unix(cron:session): session closed for user root
Oct 14 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4880]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3824]: pam_unix(cron:session): session closed for user root
Oct 14 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5968]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5969]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5964]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6041]: Successful su for rubyman by root
Oct 14 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6041]: + ??? root:rubyman
Oct 14 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414102 of user rubyman.
Oct 14 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6041]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414102.
Oct 14 23:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2246]: pam_unix(cron:session): session closed for user root
Oct 14 23:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5966]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4364]: pam_unix(cron:session): session closed for user root
Oct 14 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6413]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: Successful su for rubyman by root
Oct 14 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: + ??? root:rubyman
Oct 14 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414105 of user rubyman.
Oct 14 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414105.
Oct 14 23:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2762]: pam_unix(cron:session): session closed for user root
Oct 14 23:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6412]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4913]: pam_unix(cron:session): session closed for user root
Oct 14 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6979]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6978]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6977]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6974]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7055]: Successful su for rubyman by root
Oct 14 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7055]: + ??? root:rubyman
Oct 14 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414110 of user rubyman.
Oct 14 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7055]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414110.
Oct 14 23:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: Invalid user ubuntu from 42.49.216.35
Oct 14 23:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 23:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.49.216.35
Oct 14 23:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3290]: pam_unix(cron:session): session closed for user root
Oct 14 23:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: Failed password for invalid user ubuntu from 42.49.216.35 port 38119 ssh2
Oct 14 23:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: Received disconnect from 42.49.216.35 port 38119:11: Bye Bye [preauth]
Oct 14 23:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: Disconnected from 42.49.216.35 port 38119 [preauth]
Oct 14 23:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6977]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5969]: pam_unix(cron:session): session closed for user root
Oct 14 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7530]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7531]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7527]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7609]: Successful su for rubyman by root
Oct 14 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7609]: + ??? root:rubyman
Oct 14 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414115 of user rubyman.
Oct 14 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7609]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414115.
Oct 14 23:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3823]: pam_unix(cron:session): session closed for user root
Oct 14 23:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7529]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session closed for user root
Oct 14 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8440]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8437]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8441]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8436]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8441]: pam_unix(cron:session): session closed for user root
Oct 14 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8432]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8516]: Successful su for rubyman by root
Oct 14 23:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8516]: + ??? root:rubyman
Oct 14 23:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414117 of user rubyman.
Oct 14 23:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8516]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414117.
Oct 14 23:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8436]: pam_unix(cron:session): session closed for user root
Oct 14 23:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4363]: pam_unix(cron:session): session closed for user root
Oct 14 23:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8433]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: Invalid user support from 80.94.95.115
Oct 14 23:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: input_userauth_request: invalid user support [preauth]
Oct 14 23:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Oct 14 23:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: Failed password for invalid user support from 80.94.95.115 port 25200 ssh2
Oct 14 23:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: Connection closed by 80.94.95.115 port 25200 [preauth]
Oct 14 23:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6979]: pam_unix(cron:session): session closed for user root
Oct 14 23:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9020]: Invalid user ubuntu from 117.50.226.213
Oct 14 23:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9020]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 23:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9020]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.226.213
Oct 14 23:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9020]: Failed password for invalid user ubuntu from 117.50.226.213 port 45684 ssh2
Oct 14 23:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9020]: Received disconnect from 117.50.226.213 port 45684:11:  [preauth]
Oct 14 23:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9020]: Disconnected from 117.50.226.213 port 45684 [preauth]
Oct 14 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9066]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9065]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9060]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9239]: Successful su for rubyman by root
Oct 14 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9239]: + ??? root:rubyman
Oct 14 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414125 of user rubyman.
Oct 14 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9239]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414125.
Oct 14 23:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4893]: pam_unix(cron:session): session closed for user root
Oct 14 23:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9064]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7531]: pam_unix(cron:session): session closed for user root
Oct 14 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9775]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9781]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9763]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9755]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9882]: Successful su for rubyman by root
Oct 14 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9882]: + ??? root:rubyman
Oct 14 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414127 of user rubyman.
Oct 14 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9882]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414127.
Oct 14 23:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5968]: pam_unix(cron:session): session closed for user root
Oct 14 23:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9763]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8440]: pam_unix(cron:session): session closed for user root
Oct 14 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10280]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10278]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10275]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10369]: Successful su for rubyman by root
Oct 14 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10369]: + ??? root:rubyman
Oct 14 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414132 of user rubyman.
Oct 14 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10369]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414132.
Oct 14 23:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6413]: pam_unix(cron:session): session closed for user root
Oct 14 23:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10577]: Connection closed by 172.236.228.38 port 41984 [preauth]
Oct 14 23:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10277]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10585]: Connection closed by 172.236.228.38 port 41998 [preauth]
Oct 14 23:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10599]: fatal: Unable to negotiate with 172.236.228.38 port 42012: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
Oct 14 23:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9066]: pam_unix(cron:session): session closed for user root
Oct 14 23:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Connection closed by 172.236.228.220 port 36930 [preauth]
Oct 14 23:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10770]: Connection closed by 172.236.228.220 port 36936 [preauth]
Oct 14 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10781]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10780]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10774]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10777]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10772]: fatal: Unable to negotiate with 172.236.228.220 port 36950: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
Oct 14 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10949]: Successful su for rubyman by root
Oct 14 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10949]: + ??? root:rubyman
Oct 14 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414135 of user rubyman.
Oct 14 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10949]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414135.
Oct 14 23:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10774]: pam_unix(cron:session): session closed for user root
Oct 14 23:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6978]: pam_unix(cron:session): session closed for user root
Oct 14 23:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10778]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9781]: pam_unix(cron:session): session closed for user root
Oct 14 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11345]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11343]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11342]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11344]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11345]: pam_unix(cron:session): session closed for user root
Oct 14 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11339]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11424]: Successful su for rubyman by root
Oct 14 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11424]: + ??? root:rubyman
Oct 14 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414145 of user rubyman.
Oct 14 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11424]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414145.
Oct 14 23:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11342]: pam_unix(cron:session): session closed for user root
Oct 14 23:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7530]: pam_unix(cron:session): session closed for user root
Oct 14 23:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11340]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10280]: pam_unix(cron:session): session closed for user root
Oct 14 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11950]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11951]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11948]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11948]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12022]: Successful su for rubyman by root
Oct 14 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12022]: + ??? root:rubyman
Oct 14 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414148 of user rubyman.
Oct 14 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12022]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414148.
Oct 14 23:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8437]: pam_unix(cron:session): session closed for user root
Oct 14 23:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11949]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10781]: pam_unix(cron:session): session closed for user root
Oct 14 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12439]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12438]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12436]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12520]: Successful su for rubyman by root
Oct 14 23:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12520]: + ??? root:rubyman
Oct 14 23:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414150 of user rubyman.
Oct 14 23:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12520]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414150.
Oct 14 23:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9065]: pam_unix(cron:session): session closed for user root
Oct 14 23:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12437]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11344]: pam_unix(cron:session): session closed for user root
Oct 14 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12933]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12935]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12925]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13019]: Successful su for rubyman by root
Oct 14 23:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13019]: + ??? root:rubyman
Oct 14 23:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414155 of user rubyman.
Oct 14 23:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13019]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414155.
Oct 14 23:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
Oct 14 23:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9775]: pam_unix(cron:session): session closed for user root
Oct 14 23:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Failed password for root from 80.94.95.116 port 28638 ssh2
Oct 14 23:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Connection closed by 80.94.95.116 port 28638 [preauth]
Oct 14 23:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12932]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11951]: pam_unix(cron:session): session closed for user root
Oct 14 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13536]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13537]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13535]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13534]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13607]: Successful su for rubyman by root
Oct 14 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13607]: + ??? root:rubyman
Oct 14 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414159 of user rubyman.
Oct 14 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13607]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414159.
Oct 14 23:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10278]: pam_unix(cron:session): session closed for user root
Oct 14 23:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13535]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12439]: pam_unix(cron:session): session closed for user root
Oct 14 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14014]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14016]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14013]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14015]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14016]: pam_unix(cron:session): session closed for user root
Oct 14 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14010]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14181]: Successful su for rubyman by root
Oct 14 23:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14181]: + ??? root:rubyman
Oct 14 23:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414166 of user rubyman.
Oct 14 23:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14181]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414166.
Oct 14 23:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14013]: pam_unix(cron:session): session closed for user root
Oct 14 23:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10780]: pam_unix(cron:session): session closed for user root
Oct 14 23:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14011]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12935]: pam_unix(cron:session): session closed for user root
Oct 14 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14581]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14580]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14578]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14662]: Successful su for rubyman by root
Oct 14 23:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14662]: + ??? root:rubyman
Oct 14 23:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414169 of user rubyman.
Oct 14 23:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14662]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414169.
Oct 14 23:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11343]: pam_unix(cron:session): session closed for user root
Oct 14 23:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14579]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13537]: pam_unix(cron:session): session closed for user root
Oct 14 23:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14967]: Did not receive identification string from 31.192.242.25
Oct 14 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15150]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15151]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15145]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15145]: pam_unix(cron:session): session closed for user root
Oct 14 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15148]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15220]: Successful su for rubyman by root
Oct 14 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15220]: + ??? root:rubyman
Oct 14 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414174 of user rubyman.
Oct 14 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15220]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414174.
Oct 14 23:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11950]: pam_unix(cron:session): session closed for user root
Oct 14 23:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15149]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14015]: pam_unix(cron:session): session closed for user root
Oct 14 23:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.196.23.222  user=root
Oct 14 23:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Failed password for root from 118.196.23.222 port 58700 ssh2
Oct 14 23:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Connection closed by 118.196.23.222 port 58700 [preauth]
Oct 14 23:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.196.23.222  user=root
Oct 14 23:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15588]: Failed password for root from 118.196.23.222 port 58714 ssh2
Oct 14 23:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15588]: Connection closed by 118.196.23.222 port 58714 [preauth]
Oct 14 23:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.196.23.222  user=root
Oct 14 23:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: Failed password for root from 118.196.23.222 port 59194 ssh2
Oct 14 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15617]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15618]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15615]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15691]: Successful su for rubyman by root
Oct 14 23:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15691]: + ??? root:rubyman
Oct 14 23:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414179 of user rubyman.
Oct 14 23:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15691]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414179.
Oct 14 23:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12438]: pam_unix(cron:session): session closed for user root
Oct 14 23:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15616]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14581]: pam_unix(cron:session): session closed for user root
Oct 14 23:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: Connection closed by 118.196.23.222 port 59194 [preauth]
Oct 14 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16074]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16073]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16071]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16144]: Successful su for rubyman by root
Oct 14 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16144]: + ??? root:rubyman
Oct 14 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16144]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414182 of user rubyman.
Oct 14 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16144]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414182.
Oct 14 23:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12933]: pam_unix(cron:session): session closed for user root
Oct 14 23:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16072]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15151]: pam_unix(cron:session): session closed for user root
Oct 14 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16542]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16538]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16540]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16541]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16542]: pam_unix(cron:session): session closed for user root
Oct 14 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16535]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16628]: Successful su for rubyman by root
Oct 14 23:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16628]: + ??? root:rubyman
Oct 14 23:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16628]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414185 of user rubyman.
Oct 14 23:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16628]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414185.
Oct 14 23:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16538]: pam_unix(cron:session): session closed for user root
Oct 14 23:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13536]: pam_unix(cron:session): session closed for user root
Oct 14 23:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16536]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15618]: pam_unix(cron:session): session closed for user root
Oct 14 23:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
Oct 14 23:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17003]: Failed password for root from 80.94.95.115 port 39116 ssh2
Oct 14 23:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17003]: Connection closed by 80.94.95.115 port 39116 [preauth]
Oct 14 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17027]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17025]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17023]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17119]: Successful su for rubyman by root
Oct 14 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17119]: + ??? root:rubyman
Oct 14 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414191 of user rubyman.
Oct 14 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17119]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414191.
Oct 14 23:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14014]: pam_unix(cron:session): session closed for user root
Oct 14 23:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17024]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16074]: pam_unix(cron:session): session closed for user root
Oct 14 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17499]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17498]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17565]: Successful su for rubyman by root
Oct 14 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17565]: + ??? root:rubyman
Oct 14 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414195 of user rubyman.
Oct 14 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17565]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414195.
Oct 14 23:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14580]: pam_unix(cron:session): session closed for user root
Oct 14 23:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17497]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16541]: pam_unix(cron:session): session closed for user root
Oct 14 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18055]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18054]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18051]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18050]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18050]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18244]: Successful su for rubyman by root
Oct 14 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18244]: + ??? root:rubyman
Oct 14 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414199 of user rubyman.
Oct 14 23:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18244]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414199.
Oct 14 23:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15150]: pam_unix(cron:session): session closed for user root
Oct 14 23:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18051]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17027]: pam_unix(cron:session): session closed for user root
Oct 14 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18761]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18762]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18758]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18840]: Successful su for rubyman by root
Oct 14 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18840]: + ??? root:rubyman
Oct 14 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414204 of user rubyman.
Oct 14 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18840]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414204.
Oct 14 23:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15617]: pam_unix(cron:session): session closed for user root
Oct 14 23:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18759]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17499]: pam_unix(cron:session): session closed for user root
Oct 14 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19563]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19561]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19565]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19562]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19565]: pam_unix(cron:session): session closed for user root
Oct 14 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19559]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[19743]: Successful su for rubyman by root
Oct 14 23:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[19743]: + ??? root:rubyman
Oct 14 23:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[19743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414207 of user rubyman.
Oct 14 23:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[19743]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414207.
Oct 14 23:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Invalid user admin from 2.57.121.25
Oct 14 23:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: input_userauth_request: invalid user admin [preauth]
Oct 14 23:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 23:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16073]: pam_unix(cron:session): session closed for user root
Oct 14 23:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Failed password for invalid user admin from 2.57.121.25 port 53300 ssh2
Oct 14 23:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19561]: pam_unix(cron:session): session closed for user root
Oct 14 23:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Failed password for invalid user admin from 2.57.121.25 port 53300 ssh2
Oct 14 23:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Failed password for invalid user admin from 2.57.121.25 port 53300 ssh2
Oct 14 23:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Failed password for invalid user admin from 2.57.121.25 port 53300 ssh2
Oct 14 23:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Failed password for invalid user admin from 2.57.121.25 port 53300 ssh2
Oct 14 23:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Received disconnect from 2.57.121.25 port 53300:11: Bye [preauth]
Oct 14 23:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Disconnected from 2.57.121.25 port 53300 [preauth]
Oct 14 23:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 14 23:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 23:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19560]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18055]: pam_unix(cron:session): session closed for user root
Oct 14 23:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: Invalid user  from 64.62.197.3
Oct 14 23:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: input_userauth_request: invalid user  [preauth]
Oct 14 23:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: Connection closed by 64.62.197.3 port 30339 [preauth]
Oct 14 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20251]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20250]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20245]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20330]: Successful su for rubyman by root
Oct 14 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20330]: + ??? root:rubyman
Oct 14 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414214 of user rubyman.
Oct 14 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20330]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414214.
Oct 14 23:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16540]: pam_unix(cron:session): session closed for user root
Oct 14 23:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20247]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18762]: pam_unix(cron:session): session closed for user root
Oct 14 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20733]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20732]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20730]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20804]: Successful su for rubyman by root
Oct 14 23:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20804]: + ??? root:rubyman
Oct 14 23:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20804]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414217 of user rubyman.
Oct 14 23:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20804]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414217.
Oct 14 23:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17025]: pam_unix(cron:session): session closed for user root
Oct 14 23:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20731]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 23:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=oms@omarabas.com@198.199.94.12 rhost=::ffff:79.124.49.146
Oct 14 23:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19563]: pam_unix(cron:session): session closed for user root
Oct 14 23:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 14 23:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=oms@omarabas.com rhost=::ffff:79.124.49.146
Oct 14 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21189]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21190]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21186]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21252]: Successful su for rubyman by root
Oct 14 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21252]: + ??? root:rubyman
Oct 14 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414222 of user rubyman.
Oct 14 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21252]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414222.
Oct 14 23:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21401]: Invalid user support from 78.128.112.74
Oct 14 23:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21401]: input_userauth_request: invalid user support [preauth]
Oct 14 23:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21401]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Oct 14 23:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17498]: pam_unix(cron:session): session closed for user root
Oct 14 23:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21401]: Failed password for invalid user support from 78.128.112.74 port 44376 ssh2
Oct 14 23:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21401]: Connection closed by 78.128.112.74 port 44376 [preauth]
Oct 14 23:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21187]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20251]: pam_unix(cron:session): session closed for user root
Oct 14 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21717]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21718]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21714]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21714]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21790]: Successful su for rubyman by root
Oct 14 23:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21790]: + ??? root:rubyman
Oct 14 23:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414225 of user rubyman.
Oct 14 23:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21790]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414225.
Oct 14 23:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18054]: pam_unix(cron:session): session closed for user root
Oct 14 23:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21716]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20733]: pam_unix(cron:session): session closed for user root
Oct 14 23:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: Invalid user it from 42.49.216.35
Oct 14 23:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: input_userauth_request: invalid user it [preauth]
Oct 14 23:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.49.216.35
Oct 14 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22227]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22230]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22226]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22224]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22230]: pam_unix(cron:session): session closed for user root
Oct 14 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22220]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: Failed password for invalid user it from 42.49.216.35 port 40412 ssh2
Oct 14 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: Received disconnect from 42.49.216.35 port 40412:11: Bye Bye [preauth]
Oct 14 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: Disconnected from 42.49.216.35 port 40412 [preauth]
Oct 14 23:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22312]: Successful su for rubyman by root
Oct 14 23:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22312]: + ??? root:rubyman
Oct 14 23:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22312]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414231 of user rubyman.
Oct 14 23:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22312]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414231.
Oct 14 23:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22224]: pam_unix(cron:session): session closed for user root
Oct 14 23:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18761]: pam_unix(cron:session): session closed for user root
Oct 14 23:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22222]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21190]: pam_unix(cron:session): session closed for user root
Oct 14 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22918]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22917]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22915]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23136]: Successful su for rubyman by root
Oct 14 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23136]: + ??? root:rubyman
Oct 14 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414238 of user rubyman.
Oct 14 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23136]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414238.
Oct 14 23:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19562]: pam_unix(cron:session): session closed for user root
Oct 14 23:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22916]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23778]: Invalid user user from 194.0.234.19
Oct 14 23:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23778]: input_userauth_request: invalid user user [preauth]
Oct 14 23:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23778]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Oct 14 23:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23778]: Failed password for invalid user user from 194.0.234.19 port 58208 ssh2
Oct 14 23:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23778]: Connection closed by 194.0.234.19 port 58208 [preauth]
Oct 14 23:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21718]: pam_unix(cron:session): session closed for user root
Oct 14 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23900]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23901]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23898]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23978]: Successful su for rubyman by root
Oct 14 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23978]: + ??? root:rubyman
Oct 14 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414240 of user rubyman.
Oct 14 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23978]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414240.
Oct 14 23:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20250]: pam_unix(cron:session): session closed for user root
Oct 14 23:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23899]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22227]: pam_unix(cron:session): session closed for user root
Oct 14 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24432]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24433]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24430]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24507]: Successful su for rubyman by root
Oct 14 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24507]: + ??? root:rubyman
Oct 14 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414245 of user rubyman.
Oct 14 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24507]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414245.
Oct 14 23:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20732]: pam_unix(cron:session): session closed for user root
Oct 14 23:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24431]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22918]: pam_unix(cron:session): session closed for user root
Oct 14 23:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.160.96  user=root
Oct 14 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24920]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24921]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24915]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: Failed password for root from 94.177.160.96 port 43986 ssh2
Oct 14 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24903]: Connection closed by 94.177.160.96 port 43986 [preauth]
Oct 14 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: Successful su for rubyman by root
Oct 14 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: + ??? root:rubyman
Oct 14 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414248 of user rubyman.
Oct 14 23:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414248.
Oct 14 23:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21189]: pam_unix(cron:session): session closed for user root
Oct 14 23:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24918]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23901]: pam_unix(cron:session): session closed for user root
Oct 14 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25648]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25647]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25645]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25646]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25648]: pam_unix(cron:session): session closed for user root
Oct 14 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25643]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25719]: Successful su for rubyman by root
Oct 14 23:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25719]: + ??? root:rubyman
Oct 14 23:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414254 of user rubyman.
Oct 14 23:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25719]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414254.
Oct 14 23:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25645]: pam_unix(cron:session): session closed for user root
Oct 14 23:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21717]: pam_unix(cron:session): session closed for user root
Oct 14 23:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25644]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26118]: Invalid user telecomadmin from 80.94.95.116
Oct 14 23:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26118]: input_userauth_request: invalid user telecomadmin [preauth]
Oct 14 23:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26118]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 14 23:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26118]: Failed password for invalid user telecomadmin from 80.94.95.116 port 47382 ssh2
Oct 14 23:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26118]: Connection closed by 80.94.95.116 port 47382 [preauth]
Oct 14 23:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24433]: pam_unix(cron:session): session closed for user root
Oct 14 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26244]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26242]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26240]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26332]: Successful su for rubyman by root
Oct 14 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26332]: + ??? root:rubyman
Oct 14 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414257 of user rubyman.
Oct 14 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26332]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414257.
Oct 14 23:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22226]: pam_unix(cron:session): session closed for user root
Oct 14 23:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26241]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24921]: pam_unix(cron:session): session closed for user root
Oct 14 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26873]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26872]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26870]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27006]: Successful su for rubyman by root
Oct 14 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27006]: + ??? root:rubyman
Oct 14 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27006]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414262 of user rubyman.
Oct 14 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27006]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414262.
Oct 14 23:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22917]: pam_unix(cron:session): session closed for user root
Oct 14 23:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26871]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25647]: pam_unix(cron:session): session closed for user root
Oct 14 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27684]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27683]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27681]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27890]: Successful su for rubyman by root
Oct 14 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27890]: + ??? root:rubyman
Oct 14 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27890]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414266 of user rubyman.
Oct 14 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27890]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414266.
Oct 14 23:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23900]: pam_unix(cron:session): session closed for user root
Oct 14 23:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27682]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26244]: pam_unix(cron:session): session closed for user root
Oct 14 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28288]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28289]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28283]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28285]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28706]: Successful su for rubyman by root
Oct 14 23:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28706]: + ??? root:rubyman
Oct 14 23:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414269 of user rubyman.
Oct 14 23:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28706]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414269.
Oct 14 23:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28283]: pam_unix(cron:session): session closed for user root
Oct 14 23:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24432]: pam_unix(cron:session): session closed for user root
Oct 14 23:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28287]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26873]: pam_unix(cron:session): session closed for user root
Oct 14 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29231]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29230]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29234]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29236]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29236]: pam_unix(cron:session): session closed for user root
Oct 14 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29228]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29337]: Successful su for rubyman by root
Oct 14 23:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29337]: + ??? root:rubyman
Oct 14 23:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414277 of user rubyman.
Oct 14 23:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29337]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414277.
Oct 14 23:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29230]: pam_unix(cron:session): session closed for user root
Oct 14 23:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24920]: pam_unix(cron:session): session closed for user root
Oct 14 23:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29229]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27684]: pam_unix(cron:session): session closed for user root
Oct 14 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29769]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29770]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29772]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29765]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29865]: Successful su for rubyman by root
Oct 14 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29865]: + ??? root:rubyman
Oct 14 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414280 of user rubyman.
Oct 14 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29865]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414280.
Oct 14 23:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25646]: pam_unix(cron:session): session closed for user root
Oct 14 23:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: Invalid user erp from 186.96.145.241
Oct 14 23:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: input_userauth_request: invalid user erp [preauth]
Oct 14 23:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 14 23:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29769]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: Failed password for invalid user erp from 186.96.145.241 port 52924 ssh2
Oct 14 23:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30110]: Connection closed by 186.96.145.241 port 52924 [preauth]
Oct 14 23:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 14 23:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: Failed password for root from 190.103.202.7 port 60686 ssh2
Oct 14 23:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: Connection closed by 190.103.202.7 port 60686 [preauth]
Oct 14 23:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28289]: pam_unix(cron:session): session closed for user root
Oct 14 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30308]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30309]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30306]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30397]: Successful su for rubyman by root
Oct 14 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30397]: + ??? root:rubyman
Oct 14 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414285 of user rubyman.
Oct 14 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30397]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414285.
Oct 14 23:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26242]: pam_unix(cron:session): session closed for user root
Oct 14 23:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30307]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30776]: Connection closed by 185.156.73.233 port 50180 [preauth]
Oct 14 23:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29234]: pam_unix(cron:session): session closed for user root
Oct 14 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30876]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30878]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30873]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30950]: Successful su for rubyman by root
Oct 14 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30950]: + ??? root:rubyman
Oct 14 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30950]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414290 of user rubyman.
Oct 14 23:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30950]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414290.
Oct 14 23:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26872]: pam_unix(cron:session): session closed for user root
Oct 14 23:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30875]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29772]: pam_unix(cron:session): session closed for user root
Oct 14 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31352]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31353]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31350]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31446]: Successful su for rubyman by root
Oct 14 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31446]: + ??? root:rubyman
Oct 14 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414294 of user rubyman.
Oct 14 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31446]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414294.
Oct 14 23:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27683]: pam_unix(cron:session): session closed for user root
Oct 14 23:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31351]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30309]: pam_unix(cron:session): session closed for user root
Oct 14 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31980]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31986]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31984]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31985]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31983]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31986]: pam_unix(cron:session): session closed for user root
Oct 14 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31979]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: Successful su for rubyman by root
Oct 14 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: + ??? root:rubyman
Oct 14 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414297 of user rubyman.
Oct 14 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414297.
Oct 14 23:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31983]: pam_unix(cron:session): session closed for user root
Oct 14 23:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28288]: pam_unix(cron:session): session closed for user root
Oct 14 23:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31980]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30878]: pam_unix(cron:session): session closed for user root
Oct 14 23:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: Invalid user exit from 42.49.216.35
Oct 14 23:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: input_userauth_request: invalid user exit [preauth]
Oct 14 23:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.49.216.35
Oct 14 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32559]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32558]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32556]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: Failed password for invalid user exit from 42.49.216.35 port 36140 ssh2
Oct 14 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: Received disconnect from 42.49.216.35 port 36140:11: Bye Bye [preauth]
Oct 14 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32544]: Disconnected from 42.49.216.35 port 36140 [preauth]
Oct 14 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32642]: Successful su for rubyman by root
Oct 14 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32642]: + ??? root:rubyman
Oct 14 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414302 of user rubyman.
Oct 14 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32642]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414302.
Oct 14 23:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29231]: pam_unix(cron:session): session closed for user root
Oct 14 23:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32557]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31353]: pam_unix(cron:session): session closed for user root
Oct 14 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[582]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[583]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[580]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[640]: Successful su for rubyman by root
Oct 14 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[640]: + ??? root:rubyman
Oct 14 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414307 of user rubyman.
Oct 14 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[640]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414307.
Oct 14 23:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29770]: pam_unix(cron:session): session closed for user root
Oct 14 23:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[581]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31985]: pam_unix(cron:session): session closed for user root
Oct 14 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1150]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1151]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1143]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1218]: Successful su for rubyman by root
Oct 14 23:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1218]: + ??? root:rubyman
Oct 14 23:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414311 of user rubyman.
Oct 14 23:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1218]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414311.
Oct 14 23:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30308]: pam_unix(cron:session): session closed for user root
Oct 14 23:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1144]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32559]: pam_unix(cron:session): session closed for user root
Oct 14 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1639]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1638]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1634]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1727]: Successful su for rubyman by root
Oct 14 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1727]: + ??? root:rubyman
Oct 14 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414314 of user rubyman.
Oct 14 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1727]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414314.
Oct 14 23:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30876]: pam_unix(cron:session): session closed for user root
Oct 14 23:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1635]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[583]: pam_unix(cron:session): session closed for user root
Oct 14 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2224]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2221]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2222]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2223]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2224]: pam_unix(cron:session): session closed for user root
Oct 14 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2219]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2295]: Successful su for rubyman by root
Oct 14 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2295]: + ??? root:rubyman
Oct 14 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414322 of user rubyman.
Oct 14 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2295]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414322.
Oct 14 23:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Invalid user test from 185.156.73.233
Oct 14 23:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: input_userauth_request: invalid user test [preauth]
Oct 14 23:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 14 23:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Failed password for invalid user test from 185.156.73.233 port 46682 ssh2
Oct 14 23:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Connection closed by 185.156.73.233 port 46682 [preauth]
Oct 14 23:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31352]: pam_unix(cron:session): session closed for user root
Oct 14 23:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2221]: pam_unix(cron:session): session closed for user root
Oct 14 23:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2220]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1151]: pam_unix(cron:session): session closed for user root
Oct 14 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2705]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2704]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2702]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2776]: Successful su for rubyman by root
Oct 14 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2776]: + ??? root:rubyman
Oct 14 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2776]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414327 of user rubyman.
Oct 14 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2776]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414327.
Oct 14 23:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31984]: pam_unix(cron:session): session closed for user root
Oct 14 23:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2703]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1639]: pam_unix(cron:session): session closed for user root
Oct 14 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3152]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3153]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3149]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3219]: Successful su for rubyman by root
Oct 14 23:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3219]: + ??? root:rubyman
Oct 14 23:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414328 of user rubyman.
Oct 14 23:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3219]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414328.
Oct 14 23:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32558]: pam_unix(cron:session): session closed for user root
Oct 14 23:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3151]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2223]: pam_unix(cron:session): session closed for user root
Oct 14 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3621]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3619]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3617]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3683]: Successful su for rubyman by root
Oct 14 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3683]: + ??? root:rubyman
Oct 14 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414333 of user rubyman.
Oct 14 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3683]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414333.
Oct 14 23:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[582]: pam_unix(cron:session): session closed for user root
Oct 14 23:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3618]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2705]: pam_unix(cron:session): session closed for user root
Oct 14 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4076]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4077]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4074]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4168]: Successful su for rubyman by root
Oct 14 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4168]: + ??? root:rubyman
Oct 14 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4168]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414336 of user rubyman.
Oct 14 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4168]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414336.
Oct 14 23:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1150]: pam_unix(cron:session): session closed for user root
Oct 14 23:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Invalid user user from 62.60.131.157
Oct 14 23:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: input_userauth_request: invalid user user [preauth]
Oct 14 23:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 23:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Failed password for invalid user user from 62.60.131.157 port 33615 ssh2
Oct 14 23:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Failed password for invalid user user from 62.60.131.157 port 33615 ssh2
Oct 14 23:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Failed password for invalid user user from 62.60.131.157 port 33615 ssh2
Oct 14 23:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4075]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Failed password for invalid user user from 62.60.131.157 port 33615 ssh2
Oct 14 23:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Failed password for invalid user user from 62.60.131.157 port 33615 ssh2
Oct 14 23:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Received disconnect from 62.60.131.157 port 33615:11: Bye [preauth]
Oct 14 23:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Disconnected from 62.60.131.157 port 33615 [preauth]
Oct 14 23:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 14 23:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 23:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3153]: pam_unix(cron:session): session closed for user root
Oct 14 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4587]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4584]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4588]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4586]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4588]: pam_unix(cron:session): session closed for user root
Oct 14 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4580]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4708]: Successful su for rubyman by root
Oct 14 23:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4708]: + ??? root:rubyman
Oct 14 23:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414340 of user rubyman.
Oct 14 23:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4708]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414340.
Oct 14 23:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4584]: pam_unix(cron:session): session closed for user root
Oct 14 23:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1638]: pam_unix(cron:session): session closed for user root
Oct 14 23:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4581]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3621]: pam_unix(cron:session): session closed for user root
Oct 14 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5604]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5603]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5601]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5685]: Successful su for rubyman by root
Oct 14 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5685]: + ??? root:rubyman
Oct 14 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5685]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414348 of user rubyman.
Oct 14 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5685]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414348.
Oct 14 23:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2222]: pam_unix(cron:session): session closed for user root
Oct 14 23:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5602]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4077]: pam_unix(cron:session): session closed for user root
Oct 14 23:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Invalid user ubuntu from 42.49.216.35
Oct 14 23:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: input_userauth_request: invalid user ubuntu [preauth]
Oct 14 23:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.49.216.35
Oct 14 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6090]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6089]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6087]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Failed password for invalid user ubuntu from 42.49.216.35 port 42708 ssh2
Oct 14 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Received disconnect from 42.49.216.35 port 42708:11: Bye Bye [preauth]
Oct 14 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Disconnected from 42.49.216.35 port 42708 [preauth]
Oct 14 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6168]: Successful su for rubyman by root
Oct 14 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6168]: + ??? root:rubyman
Oct 14 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6168]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414350 of user rubyman.
Oct 14 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6168]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414350.
Oct 14 23:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2704]: pam_unix(cron:session): session closed for user root
Oct 14 23:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6088]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Invalid user ubnt from 185.156.73.233
Oct 14 23:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: input_userauth_request: invalid user ubnt [preauth]
Oct 14 23:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 14 23:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Failed password for invalid user ubnt from 185.156.73.233 port 25972 ssh2
Oct 14 23:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Connection closed by 185.156.73.233 port 25972 [preauth]
Oct 14 23:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4587]: pam_unix(cron:session): session closed for user root
Oct 14 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6559]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6560]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6557]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6714]: Successful su for rubyman by root
Oct 14 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6714]: + ??? root:rubyman
Oct 14 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414355 of user rubyman.
Oct 14 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6714]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414355.
Oct 14 23:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3152]: pam_unix(cron:session): session closed for user root
Oct 14 23:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6558]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5604]: pam_unix(cron:session): session closed for user root
Oct 14 23:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: Invalid user cosfi119 from 2.57.122.26
Oct 14 23:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: input_userauth_request: invalid user cosfi119 [preauth]
Oct 14 23:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26
Oct 14 23:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: Failed password for invalid user cosfi119 from 2.57.122.26 port 53066 ssh2
Oct 14 23:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7045]: Connection closed by 2.57.122.26 port 53066 [preauth]
Oct 14 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7146]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7145]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 14 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 14 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 14 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7140]: pam_unix(cron:session): session closed for user p13x
Oct 14 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7266]: Successful su for rubyman by root
Oct 14 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7266]: + ??? root:rubyman
Oct 14 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 14 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414358 of user rubyman.
Oct 14 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7266]: pam_unix(su:session): session closed for user rubyman
Oct 14 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414358.
Oct 14 23:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3619]: pam_unix(cron:session): session closed for user root
Oct 14 23:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7144]: pam_unix(cron:session): session closed for user samftp
Oct 14 23:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 14 23:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: Invalid user admin from 2.57.121.112
Oct 14 23:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: input_userauth_request: invalid user admin [preauth]
Oct 14 23:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 23:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: Failed password for invalid user admin from 2.57.121.112 port 34495 ssh2
Oct 14 23:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: Failed password for invalid user admin from 2.57.121.112 port 34495 ssh2
Oct 14 23:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: Failed password for invalid user admin from 2.57.121.112 port 34495 ssh2
Oct 14 23:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: Failed password for invalid user admin from 2.57.121.112 port 34495 ssh2
Oct 14 23:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: pam_unix(sshd:auth): check pass; user unknown
Oct 14 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: Failed password for invalid user admin from 2.57.121.112 port 34495 ssh2
Oct 14 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: Received disconnect from 2.57.121.112 port 34495:11: Bye [preauth]
Oct 14 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: Disconnected from 2.57.121.112 port 34495 [preauth]
Oct 14 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 14 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 14 23:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6090]: pam_unix(cron:session): session closed for user root
Oct 15 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7665]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7663]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7662]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7664]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7661]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7665]: pam_unix(cron:session): session closed for user root
Oct 15 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7661]: pam_unix(cron:session): session closed for user root
Oct 15 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7657]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[7797]: Successful su for rubyman by root
Oct 15 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[7797]: + ??? root:rubyman
Oct 15 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[7797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414362 of user rubyman.
Oct 15 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[7797]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414362.
Oct 15 00:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4076]: pam_unix(cron:session): session closed for user root
Oct 15 00:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7662]: pam_unix(cron:session): session closed for user root
Oct 15 00:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7659]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6560]: pam_unix(cron:session): session closed for user root
Oct 15 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8691]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8692]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8690]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8686]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8686]: pam_unix(cron:session): session closed for user root
Oct 15 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8689]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8881]: Successful su for rubyman by root
Oct 15 00:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8881]: + ??? root:rubyman
Oct 15 00:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414369 of user rubyman.
Oct 15 00:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8881]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414369.
Oct 15 00:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4586]: pam_unix(cron:session): session closed for user root
Oct 15 00:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8690]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7146]: pam_unix(cron:session): session closed for user root
Oct 15 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9392]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9391]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9393]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9390]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9390]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9469]: Successful su for rubyman by root
Oct 15 00:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9469]: + ??? root:rubyman
Oct 15 00:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414374 of user rubyman.
Oct 15 00:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9469]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414374.
Oct 15 00:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5603]: pam_unix(cron:session): session closed for user root
Oct 15 00:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9391]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7664]: pam_unix(cron:session): session closed for user root
Oct 15 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10009]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10008]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10006]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10082]: Successful su for rubyman by root
Oct 15 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10082]: + ??? root:rubyman
Oct 15 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414378 of user rubyman.
Oct 15 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10082]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414378.
Oct 15 00:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6089]: pam_unix(cron:session): session closed for user root
Oct 15 00:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10007]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: Invalid user admin from 80.94.95.116
Oct 15 00:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: input_userauth_request: invalid user admin [preauth]
Oct 15 00:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 00:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: Failed password for invalid user admin from 80.94.95.116 port 33300 ssh2
Oct 15 00:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10401]: Connection closed by 80.94.95.116 port 33300 [preauth]
Oct 15 00:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Invalid user ubnt from 62.60.131.157
Oct 15 00:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: input_userauth_request: invalid user ubnt [preauth]
Oct 15 00:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 00:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Failed password for invalid user ubnt from 62.60.131.157 port 63255 ssh2
Oct 15 00:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8692]: pam_unix(cron:session): session closed for user root
Oct 15 00:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Failed password for invalid user ubnt from 62.60.131.157 port 63255 ssh2
Oct 15 00:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Failed password for invalid user ubnt from 62.60.131.157 port 63255 ssh2
Oct 15 00:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Failed password for invalid user ubnt from 62.60.131.157 port 63255 ssh2
Oct 15 00:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Failed password for invalid user ubnt from 62.60.131.157 port 63255 ssh2
Oct 15 00:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Received disconnect from 62.60.131.157 port 63255:11: Bye [preauth]
Oct 15 00:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Disconnected from 62.60.131.157 port 63255 [preauth]
Oct 15 00:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 00:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10502]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10503]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10499]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10572]: Successful su for rubyman by root
Oct 15 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10572]: + ??? root:rubyman
Oct 15 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414382 of user rubyman.
Oct 15 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10572]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414382.
Oct 15 00:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6559]: pam_unix(cron:session): session closed for user root
Oct 15 00:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10500]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9393]: pam_unix(cron:session): session closed for user root
Oct 15 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10977]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10976]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10973]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10975]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10977]: pam_unix(cron:session): session closed for user root
Oct 15 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10970]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11049]: Successful su for rubyman by root
Oct 15 00:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11049]: + ??? root:rubyman
Oct 15 00:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11049]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414388 of user rubyman.
Oct 15 00:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11049]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414388.
Oct 15 00:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10973]: pam_unix(cron:session): session closed for user root
Oct 15 00:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7145]: pam_unix(cron:session): session closed for user root
Oct 15 00:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10971]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: Invalid user ftpuser from 20.163.71.109
Oct 15 00:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 00:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: Failed password for invalid user ftpuser from 20.163.71.109 port 52744 ssh2
Oct 15 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: Received disconnect from 20.163.71.109 port 52744:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: Disconnected from 20.163.71.109 port 52744 [preauth]
Oct 15 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: Invalid user git from 20.163.71.109
Oct 15 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: input_userauth_request: invalid user git [preauth]
Oct 15 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: Failed password for invalid user git from 20.163.71.109 port 52756 ssh2
Oct 15 00:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: Received disconnect from 20.163.71.109 port 52756:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11361]: Disconnected from 20.163.71.109 port 52756 [preauth]
Oct 15 00:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: Invalid user oracle from 20.163.71.109
Oct 15 00:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: input_userauth_request: invalid user oracle [preauth]
Oct 15 00:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: Failed password for invalid user oracle from 20.163.71.109 port 52770 ssh2
Oct 15 00:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: Received disconnect from 20.163.71.109 port 52770:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: Disconnected from 20.163.71.109 port 52770 [preauth]
Oct 15 00:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10009]: pam_unix(cron:session): session closed for user root
Oct 15 00:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11395]: Failed password for root from 20.163.71.109 port 52772 ssh2
Oct 15 00:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11395]: Received disconnect from 20.163.71.109 port 52772:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11395]: Disconnected from 20.163.71.109 port 52772 [preauth]
Oct 15 00:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11416]: Invalid user ftpuser from 20.163.71.109
Oct 15 00:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11416]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 00:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11416]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11416]: Failed password for invalid user ftpuser from 20.163.71.109 port 56288 ssh2
Oct 15 00:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11416]: Received disconnect from 20.163.71.109 port 56288:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11416]: Disconnected from 20.163.71.109 port 56288 [preauth]
Oct 15 00:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: Failed password for root from 20.163.71.109 port 56290 ssh2
Oct 15 00:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: Received disconnect from 20.163.71.109 port 56290:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: Disconnected from 20.163.71.109 port 56290 [preauth]
Oct 15 00:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11433]: Invalid user oracle from 20.163.71.109
Oct 15 00:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11433]: input_userauth_request: invalid user oracle [preauth]
Oct 15 00:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11433]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11433]: Failed password for invalid user oracle from 20.163.71.109 port 56298 ssh2
Oct 15 00:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11433]: Received disconnect from 20.163.71.109 port 56298:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11433]: Disconnected from 20.163.71.109 port 56298 [preauth]
Oct 15 00:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: Invalid user test from 20.163.71.109
Oct 15 00:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: input_userauth_request: invalid user test [preauth]
Oct 15 00:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: Failed password for invalid user test from 20.163.71.109 port 56300 ssh2
Oct 15 00:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: Received disconnect from 20.163.71.109 port 56300:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: Disconnected from 20.163.71.109 port 56300 [preauth]
Oct 15 00:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: Invalid user ubuntu from 20.163.71.109
Oct 15 00:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 00:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: Failed password for invalid user ubuntu from 20.163.71.109 port 39180 ssh2
Oct 15 00:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: Received disconnect from 20.163.71.109 port 39180:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: Disconnected from 20.163.71.109 port 39180 [preauth]
Oct 15 00:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11467]: Invalid user centos from 20.163.71.109
Oct 15 00:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11467]: input_userauth_request: invalid user centos [preauth]
Oct 15 00:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11467]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11467]: Failed password for invalid user centos from 20.163.71.109 port 39188 ssh2
Oct 15 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11467]: Received disconnect from 20.163.71.109 port 39188:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11467]: Disconnected from 20.163.71.109 port 39188 [preauth]
Oct 15 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: Invalid user redis from 20.163.71.109
Oct 15 00:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: input_userauth_request: invalid user redis [preauth]
Oct 15 00:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: Failed password for invalid user redis from 20.163.71.109 port 39190 ssh2
Oct 15 00:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: Received disconnect from 20.163.71.109 port 39190:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11469]: Disconnected from 20.163.71.109 port 39190 [preauth]
Oct 15 00:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: User mysql from 20.163.71.109 not allowed because not listed in AllowUsers
Oct 15 00:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: input_userauth_request: invalid user mysql [preauth]
Oct 15 00:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=mysql
Oct 15 00:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: Failed password for invalid user mysql from 20.163.71.109 port 39202 ssh2
Oct 15 00:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: Received disconnect from 20.163.71.109 port 39202:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: Disconnected from 20.163.71.109 port 39202 [preauth]
Oct 15 00:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11486]: Invalid user admin from 20.163.71.109
Oct 15 00:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11486]: input_userauth_request: invalid user admin [preauth]
Oct 15 00:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11486]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11492]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11493]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11490]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11486]: Failed password for invalid user admin from 20.163.71.109 port 39206 ssh2
Oct 15 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11486]: Received disconnect from 20.163.71.109 port 39206:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11486]: Disconnected from 20.163.71.109 port 39206 [preauth]
Oct 15 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: Invalid user postgres from 20.163.71.109
Oct 15 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: input_userauth_request: invalid user postgres [preauth]
Oct 15 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11582]: Successful su for rubyman by root
Oct 15 00:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11582]: + ??? root:rubyman
Oct 15 00:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414393 of user rubyman.
Oct 15 00:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11582]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414393.
Oct 15 00:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: Failed password for invalid user postgres from 20.163.71.109 port 48042 ssh2
Oct 15 00:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: Received disconnect from 20.163.71.109 port 48042:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11563]: Disconnected from 20.163.71.109 port 48042 [preauth]
Oct 15 00:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: Invalid user hadoop from 20.163.71.109
Oct 15 00:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: input_userauth_request: invalid user hadoop [preauth]
Oct 15 00:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: Failed password for invalid user hadoop from 20.163.71.109 port 48054 ssh2
Oct 15 00:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: Received disconnect from 20.163.71.109 port 48054:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11637]: Disconnected from 20.163.71.109 port 48054 [preauth]
Oct 15 00:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: Invalid user test from 20.163.71.109
Oct 15 00:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: input_userauth_request: invalid user test [preauth]
Oct 15 00:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: Failed password for invalid user test from 20.163.71.109 port 48056 ssh2
Oct 15 00:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: Received disconnect from 20.163.71.109 port 48056:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: Disconnected from 20.163.71.109 port 48056 [preauth]
Oct 15 00:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: Failed password for root from 20.163.71.109 port 48060 ssh2
Oct 15 00:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: Received disconnect from 20.163.71.109 port 48060:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: Disconnected from 20.163.71.109 port 48060 [preauth]
Oct 15 00:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: Invalid user oracle from 20.163.71.109
Oct 15 00:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: input_userauth_request: invalid user oracle [preauth]
Oct 15 00:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: Failed password for invalid user oracle from 20.163.71.109 port 48066 ssh2
Oct 15 00:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: Received disconnect from 20.163.71.109 port 48066:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: Disconnected from 20.163.71.109 port 48066 [preauth]
Oct 15 00:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7663]: pam_unix(cron:session): session closed for user root
Oct 15 00:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11893]: Failed password for root from 20.163.71.109 port 37574 ssh2
Oct 15 00:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11893]: Received disconnect from 20.163.71.109 port 37574:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11893]: Disconnected from 20.163.71.109 port 37574 [preauth]
Oct 15 00:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Invalid user demo from 20.163.71.109
Oct 15 00:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: input_userauth_request: invalid user demo [preauth]
Oct 15 00:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11491]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Failed password for invalid user demo from 20.163.71.109 port 37578 ssh2
Oct 15 00:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Received disconnect from 20.163.71.109 port 37578:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Disconnected from 20.163.71.109 port 37578 [preauth]
Oct 15 00:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11941]: Invalid user testuser from 20.163.71.109
Oct 15 00:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11941]: input_userauth_request: invalid user testuser [preauth]
Oct 15 00:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11941]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11941]: Failed password for invalid user testuser from 20.163.71.109 port 37594 ssh2
Oct 15 00:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11941]: Received disconnect from 20.163.71.109 port 37594:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11941]: Disconnected from 20.163.71.109 port 37594 [preauth]
Oct 15 00:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: Invalid user redhat from 20.163.71.109
Oct 15 00:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: input_userauth_request: invalid user redhat [preauth]
Oct 15 00:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: Failed password for invalid user redhat from 20.163.71.109 port 37610 ssh2
Oct 15 00:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: Received disconnect from 20.163.71.109 port 37610:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: Disconnected from 20.163.71.109 port 37610 [preauth]
Oct 15 00:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: Invalid user minecraft from 20.163.71.109
Oct 15 00:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: input_userauth_request: invalid user minecraft [preauth]
Oct 15 00:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: Failed password for invalid user minecraft from 20.163.71.109 port 55314 ssh2
Oct 15 00:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: Received disconnect from 20.163.71.109 port 55314:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: Disconnected from 20.163.71.109 port 55314 [preauth]
Oct 15 00:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: Invalid user uftp from 20.163.71.109
Oct 15 00:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: input_userauth_request: invalid user uftp [preauth]
Oct 15 00:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: Failed password for invalid user uftp from 20.163.71.109 port 55330 ssh2
Oct 15 00:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: Received disconnect from 20.163.71.109 port 55330:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11973]: Disconnected from 20.163.71.109 port 55330 [preauth]
Oct 15 00:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: Invalid user postgres from 20.163.71.109
Oct 15 00:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: input_userauth_request: invalid user postgres [preauth]
Oct 15 00:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: Failed password for invalid user postgres from 20.163.71.109 port 55332 ssh2
Oct 15 00:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: Received disconnect from 20.163.71.109 port 55332:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: Disconnected from 20.163.71.109 port 55332 [preauth]
Oct 15 00:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: Invalid user jenkins from 20.163.71.109
Oct 15 00:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: input_userauth_request: invalid user jenkins [preauth]
Oct 15 00:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: Failed password for invalid user jenkins from 20.163.71.109 port 55348 ssh2
Oct 15 00:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: Received disconnect from 20.163.71.109 port 55348:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: Disconnected from 20.163.71.109 port 55348 [preauth]
Oct 15 00:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Invalid user ftpuser from 20.163.71.109
Oct 15 00:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 00:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Failed password for invalid user ftpuser from 20.163.71.109 port 39616 ssh2
Oct 15 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Received disconnect from 20.163.71.109 port 39616:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Disconnected from 20.163.71.109 port 39616 [preauth]
Oct 15 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Invalid user nagios from 20.163.71.109
Oct 15 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: input_userauth_request: invalid user nagios [preauth]
Oct 15 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Failed password for invalid user nagios from 20.163.71.109 port 39630 ssh2
Oct 15 00:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Received disconnect from 20.163.71.109 port 39630:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Disconnected from 20.163.71.109 port 39630 [preauth]
Oct 15 00:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Invalid user apps from 20.163.71.109
Oct 15 00:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: input_userauth_request: invalid user apps [preauth]
Oct 15 00:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Failed password for invalid user apps from 20.163.71.109 port 39634 ssh2
Oct 15 00:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Received disconnect from 20.163.71.109 port 39634:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Disconnected from 20.163.71.109 port 39634 [preauth]
Oct 15 00:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: User mysql from 20.163.71.109 not allowed because not listed in AllowUsers
Oct 15 00:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: input_userauth_request: invalid user mysql [preauth]
Oct 15 00:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=mysql
Oct 15 00:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10503]: pam_unix(cron:session): session closed for user root
Oct 15 00:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Failed password for invalid user mysql from 20.163.71.109 port 39640 ssh2
Oct 15 00:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Received disconnect from 20.163.71.109 port 39640:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Disconnected from 20.163.71.109 port 39640 [preauth]
Oct 15 00:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: Invalid user hadoop from 20.163.71.109
Oct 15 00:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: input_userauth_request: invalid user hadoop [preauth]
Oct 15 00:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: Failed password for invalid user hadoop from 20.163.71.109 port 53314 ssh2
Oct 15 00:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: Received disconnect from 20.163.71.109 port 53314:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: Disconnected from 20.163.71.109 port 53314 [preauth]
Oct 15 00:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Invalid user deployer from 20.163.71.109
Oct 15 00:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: input_userauth_request: invalid user deployer [preauth]
Oct 15 00:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Failed password for invalid user deployer from 20.163.71.109 port 53326 ssh2
Oct 15 00:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Received disconnect from 20.163.71.109 port 53326:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Disconnected from 20.163.71.109 port 53326 [preauth]
Oct 15 00:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: Invalid user uftp from 20.163.71.109
Oct 15 00:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: input_userauth_request: invalid user uftp [preauth]
Oct 15 00:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: Failed password for invalid user uftp from 20.163.71.109 port 53332 ssh2
Oct 15 00:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: Received disconnect from 20.163.71.109 port 53332:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: Disconnected from 20.163.71.109 port 53332 [preauth]
Oct 15 00:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: Invalid user git from 20.163.71.109
Oct 15 00:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: input_userauth_request: invalid user git [preauth]
Oct 15 00:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: Failed password for invalid user git from 20.163.71.109 port 53334 ssh2
Oct 15 00:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: Received disconnect from 20.163.71.109 port 53334:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12085]: Disconnected from 20.163.71.109 port 53334 [preauth]
Oct 15 00:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: Invalid user oracle from 20.163.71.109
Oct 15 00:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: input_userauth_request: invalid user oracle [preauth]
Oct 15 00:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: Failed password for invalid user oracle from 20.163.71.109 port 53336 ssh2
Oct 15 00:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: Received disconnect from 20.163.71.109 port 53336:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12090]: Disconnected from 20.163.71.109 port 53336 [preauth]
Oct 15 00:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: Invalid user deploy from 20.163.71.109
Oct 15 00:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: input_userauth_request: invalid user deploy [preauth]
Oct 15 00:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: Failed password for invalid user deploy from 20.163.71.109 port 36500 ssh2
Oct 15 00:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: Received disconnect from 20.163.71.109 port 36500:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: Disconnected from 20.163.71.109 port 36500 [preauth]
Oct 15 00:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12113]: Invalid user redis from 20.163.71.109
Oct 15 00:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12113]: input_userauth_request: invalid user redis [preauth]
Oct 15 00:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12113]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12113]: Failed password for invalid user redis from 20.163.71.109 port 36516 ssh2
Oct 15 00:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12113]: Received disconnect from 20.163.71.109 port 36516:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12113]: Disconnected from 20.163.71.109 port 36516 [preauth]
Oct 15 00:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: User mysql from 20.163.71.109 not allowed because not listed in AllowUsers
Oct 15 00:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: input_userauth_request: invalid user mysql [preauth]
Oct 15 00:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=mysql
Oct 15 00:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Failed password for invalid user mysql from 20.163.71.109 port 36530 ssh2
Oct 15 00:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Received disconnect from 20.163.71.109 port 36530:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Disconnected from 20.163.71.109 port 36530 [preauth]
Oct 15 00:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: Failed password for root from 20.163.71.109 port 36542 ssh2
Oct 15 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: Received disconnect from 20.163.71.109 port 36542:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: Disconnected from 20.163.71.109 port 36542 [preauth]
Oct 15 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12143]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12144]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12140]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: Invalid user apache from 20.163.71.109
Oct 15 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: input_userauth_request: invalid user apache [preauth]
Oct 15 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12228]: Successful su for rubyman by root
Oct 15 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12228]: + ??? root:rubyman
Oct 15 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12228]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414397 of user rubyman.
Oct 15 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12228]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414397.
Oct 15 00:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: Failed password for invalid user apache from 20.163.71.109 port 54046 ssh2
Oct 15 00:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: Received disconnect from 20.163.71.109 port 54046:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12134]: Disconnected from 20.163.71.109 port 54046 [preauth]
Oct 15 00:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12267]: Invalid user dev from 20.163.71.109
Oct 15 00:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12267]: input_userauth_request: invalid user dev [preauth]
Oct 15 00:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12267]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12267]: Failed password for invalid user dev from 20.163.71.109 port 54058 ssh2
Oct 15 00:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12267]: Received disconnect from 20.163.71.109 port 54058:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12267]: Disconnected from 20.163.71.109 port 54058 [preauth]
Oct 15 00:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: Invalid user dev from 20.163.71.109
Oct 15 00:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: input_userauth_request: invalid user dev [preauth]
Oct 15 00:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: Failed password for invalid user dev from 20.163.71.109 port 54074 ssh2
Oct 15 00:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: Received disconnect from 20.163.71.109 port 54074:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: Disconnected from 20.163.71.109 port 54074 [preauth]
Oct 15 00:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12372]: Invalid user ftpuser from 20.163.71.109
Oct 15 00:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12372]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 00:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12372]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 15 00:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8691]: pam_unix(cron:session): session closed for user root
Oct 15 00:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12372]: Failed password for invalid user ftpuser from 20.163.71.109 port 54082 ssh2
Oct 15 00:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12372]: Received disconnect from 20.163.71.109 port 54082:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12372]: Disconnected from 20.163.71.109 port 54082 [preauth]
Oct 15 00:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: Invalid user hadoop from 20.163.71.109
Oct 15 00:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: input_userauth_request: invalid user hadoop [preauth]
Oct 15 00:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12389]: Failed password for root from 164.68.105.9 port 49934 ssh2
Oct 15 00:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12389]: Connection closed by 164.68.105.9 port 49934 [preauth]
Oct 15 00:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: Failed password for invalid user hadoop from 20.163.71.109 port 54086 ssh2
Oct 15 00:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: Received disconnect from 20.163.71.109 port 54086:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12433]: Disconnected from 20.163.71.109 port 54086 [preauth]
Oct 15 00:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12457]: Invalid user oracle from 20.163.71.109
Oct 15 00:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12457]: input_userauth_request: invalid user oracle [preauth]
Oct 15 00:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12457]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12457]: Failed password for invalid user oracle from 20.163.71.109 port 43420 ssh2
Oct 15 00:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12457]: Received disconnect from 20.163.71.109 port 43420:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12457]: Disconnected from 20.163.71.109 port 43420 [preauth]
Oct 15 00:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12142]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12470]: Failed password for root from 20.163.71.109 port 43430 ssh2
Oct 15 00:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12470]: Received disconnect from 20.163.71.109 port 43430:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12470]: Disconnected from 20.163.71.109 port 43430 [preauth]
Oct 15 00:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12490]: Invalid user ts3 from 20.163.71.109
Oct 15 00:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12490]: input_userauth_request: invalid user ts3 [preauth]
Oct 15 00:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12490]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12490]: Failed password for invalid user ts3 from 20.163.71.109 port 43438 ssh2
Oct 15 00:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12490]: Received disconnect from 20.163.71.109 port 43438:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12490]: Disconnected from 20.163.71.109 port 43438 [preauth]
Oct 15 00:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: User mysql from 20.163.71.109 not allowed because not listed in AllowUsers
Oct 15 00:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: input_userauth_request: invalid user mysql [preauth]
Oct 15 00:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=mysql
Oct 15 00:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: Failed password for invalid user mysql from 20.163.71.109 port 43450 ssh2
Oct 15 00:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: Received disconnect from 20.163.71.109 port 43450:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: Disconnected from 20.163.71.109 port 43450 [preauth]
Oct 15 00:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: Invalid user teamspeak from 20.163.71.109
Oct 15 00:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: input_userauth_request: invalid user teamspeak [preauth]
Oct 15 00:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: Failed password for invalid user teamspeak from 20.163.71.109 port 52076 ssh2
Oct 15 00:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: Received disconnect from 20.163.71.109 port 52076:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: Disconnected from 20.163.71.109 port 52076 [preauth]
Oct 15 00:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: Invalid user oracle from 20.163.71.109
Oct 15 00:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: input_userauth_request: invalid user oracle [preauth]
Oct 15 00:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: Failed password for invalid user oracle from 20.163.71.109 port 52080 ssh2
Oct 15 00:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: Received disconnect from 20.163.71.109 port 52080:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: Disconnected from 20.163.71.109 port 52080 [preauth]
Oct 15 00:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12535]: Invalid user app from 20.163.71.109
Oct 15 00:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12535]: input_userauth_request: invalid user app [preauth]
Oct 15 00:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12535]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12535]: Failed password for invalid user app from 20.163.71.109 port 52096 ssh2
Oct 15 00:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12535]: Received disconnect from 20.163.71.109 port 52096:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12535]: Disconnected from 20.163.71.109 port 52096 [preauth]
Oct 15 00:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: Invalid user weblogic from 20.163.71.109
Oct 15 00:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: input_userauth_request: invalid user weblogic [preauth]
Oct 15 00:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: Failed password for invalid user weblogic from 20.163.71.109 port 52110 ssh2
Oct 15 00:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: Received disconnect from 20.163.71.109 port 52110:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: Disconnected from 20.163.71.109 port 52110 [preauth]
Oct 15 00:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: Invalid user data from 20.163.71.109
Oct 15 00:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: input_userauth_request: invalid user data [preauth]
Oct 15 00:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: Failed password for invalid user data from 20.163.71.109 port 52118 ssh2
Oct 15 00:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: Received disconnect from 20.163.71.109 port 52118:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: Disconnected from 20.163.71.109 port 52118 [preauth]
Oct 15 00:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: Failed password for root from 20.163.71.109 port 49942 ssh2
Oct 15 00:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: Received disconnect from 20.163.71.109 port 49942:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: Disconnected from 20.163.71.109 port 49942 [preauth]
Oct 15 00:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: Invalid user test from 20.163.71.109
Oct 15 00:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: input_userauth_request: invalid user test [preauth]
Oct 15 00:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: Failed password for invalid user test from 20.163.71.109 port 49950 ssh2
Oct 15 00:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: Received disconnect from 20.163.71.109 port 49950:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: Disconnected from 20.163.71.109 port 49950 [preauth]
Oct 15 00:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: Invalid user test from 20.163.71.109
Oct 15 00:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: input_userauth_request: invalid user test [preauth]
Oct 15 00:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: Failed password for invalid user test from 20.163.71.109 port 49962 ssh2
Oct 15 00:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: Received disconnect from 20.163.71.109 port 49962:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: Disconnected from 20.163.71.109 port 49962 [preauth]
Oct 15 00:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: Invalid user git from 20.163.71.109
Oct 15 00:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: input_userauth_request: invalid user git [preauth]
Oct 15 00:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: Failed password for invalid user git from 20.163.71.109 port 49978 ssh2
Oct 15 00:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: Received disconnect from 20.163.71.109 port 49978:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12601]: Disconnected from 20.163.71.109 port 49978 [preauth]
Oct 15 00:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10976]: pam_unix(cron:session): session closed for user root
Oct 15 00:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12618]: Invalid user xguest from 20.163.71.109
Oct 15 00:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12618]: input_userauth_request: invalid user xguest [preauth]
Oct 15 00:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12618]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12618]: Failed password for invalid user xguest from 20.163.71.109 port 49980 ssh2
Oct 15 00:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12618]: Received disconnect from 20.163.71.109 port 49980:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12618]: Disconnected from 20.163.71.109 port 49980 [preauth]
Oct 15 00:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Invalid user testuser from 20.163.71.109
Oct 15 00:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: input_userauth_request: invalid user testuser [preauth]
Oct 15 00:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Failed password for invalid user testuser from 20.163.71.109 port 53312 ssh2
Oct 15 00:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Received disconnect from 20.163.71.109 port 53312:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Disconnected from 20.163.71.109 port 53312 [preauth]
Oct 15 00:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Invalid user nginx from 20.163.71.109
Oct 15 00:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: input_userauth_request: invalid user nginx [preauth]
Oct 15 00:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Failed password for invalid user nginx from 20.163.71.109 port 53322 ssh2
Oct 15 00:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Received disconnect from 20.163.71.109 port 53322:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Disconnected from 20.163.71.109 port 53322 [preauth]
Oct 15 00:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12646]: Invalid user redis from 20.163.71.109
Oct 15 00:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12646]: input_userauth_request: invalid user redis [preauth]
Oct 15 00:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12646]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12646]: Failed password for invalid user redis from 20.163.71.109 port 53326 ssh2
Oct 15 00:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12646]: Received disconnect from 20.163.71.109 port 53326:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12646]: Disconnected from 20.163.71.109 port 53326 [preauth]
Oct 15 00:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: Invalid user postgres from 20.163.71.109
Oct 15 00:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: input_userauth_request: invalid user postgres [preauth]
Oct 15 00:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: Failed password for invalid user postgres from 20.163.71.109 port 53338 ssh2
Oct 15 00:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: Received disconnect from 20.163.71.109 port 53338:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: Disconnected from 20.163.71.109 port 53338 [preauth]
Oct 15 00:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: Invalid user git from 20.163.71.109
Oct 15 00:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: input_userauth_request: invalid user git [preauth]
Oct 15 00:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: Failed password for invalid user git from 20.163.71.109 port 47254 ssh2
Oct 15 00:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: Received disconnect from 20.163.71.109 port 47254:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: Disconnected from 20.163.71.109 port 47254 [preauth]
Oct 15 00:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: Invalid user ali from 20.163.71.109
Oct 15 00:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: input_userauth_request: invalid user ali [preauth]
Oct 15 00:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: Failed password for invalid user ali from 20.163.71.109 port 47262 ssh2
Oct 15 00:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: Received disconnect from 20.163.71.109 port 47262:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: Disconnected from 20.163.71.109 port 47262 [preauth]
Oct 15 00:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: Failed password for root from 20.163.71.109 port 47266 ssh2
Oct 15 00:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: Received disconnect from 20.163.71.109 port 47266:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: Disconnected from 20.163.71.109 port 47266 [preauth]
Oct 15 00:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Invalid user git from 20.163.71.109
Oct 15 00:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: input_userauth_request: invalid user git [preauth]
Oct 15 00:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Failed password for invalid user git from 20.163.71.109 port 47280 ssh2
Oct 15 00:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Received disconnect from 20.163.71.109 port 47280:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Disconnected from 20.163.71.109 port 47280 [preauth]
Oct 15 00:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: Invalid user redhat from 20.163.71.109
Oct 15 00:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: input_userauth_request: invalid user redhat [preauth]
Oct 15 00:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12720]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12721]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12718]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12717]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: Failed password for invalid user redhat from 20.163.71.109 port 47294 ssh2
Oct 15 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: Received disconnect from 20.163.71.109 port 47294:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12713]: Disconnected from 20.163.71.109 port 47294 [preauth]
Oct 15 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: Invalid user xguest from 20.163.71.109
Oct 15 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: input_userauth_request: invalid user xguest [preauth]
Oct 15 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12791]: Successful su for rubyman by root
Oct 15 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12791]: + ??? root:rubyman
Oct 15 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12791]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414403 of user rubyman.
Oct 15 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12791]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414403.
Oct 15 00:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: Failed password for invalid user xguest from 20.163.71.109 port 52808 ssh2
Oct 15 00:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: Received disconnect from 20.163.71.109 port 52808:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: Disconnected from 20.163.71.109 port 52808 [preauth]
Oct 15 00:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12848]: Failed password for root from 20.163.71.109 port 52810 ssh2
Oct 15 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12848]: Received disconnect from 20.163.71.109 port 52810:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12848]: Disconnected from 20.163.71.109 port 52810 [preauth]
Oct 15 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: Invalid user xguest from 20.163.71.109
Oct 15 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: input_userauth_request: invalid user xguest [preauth]
Oct 15 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: Failed password for invalid user xguest from 20.163.71.109 port 52816 ssh2
Oct 15 00:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: Received disconnect from 20.163.71.109 port 52816:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: Disconnected from 20.163.71.109 port 52816 [preauth]
Oct 15 00:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9392]: pam_unix(cron:session): session closed for user root
Oct 15 00:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12994]: Invalid user cacti from 20.163.71.109
Oct 15 00:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12994]: input_userauth_request: invalid user cacti [preauth]
Oct 15 00:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12994]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12994]: Failed password for invalid user cacti from 20.163.71.109 port 52830 ssh2
Oct 15 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12994]: Received disconnect from 20.163.71.109 port 52830:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12994]: Disconnected from 20.163.71.109 port 52830 [preauth]
Oct 15 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: Invalid user redis from 20.163.71.109
Oct 15 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: input_userauth_request: invalid user redis [preauth]
Oct 15 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: Failed password for invalid user redis from 20.163.71.109 port 51186 ssh2
Oct 15 00:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: Received disconnect from 20.163.71.109 port 51186:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: Disconnected from 20.163.71.109 port 51186 [preauth]
Oct 15 00:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: Invalid user dev from 20.163.71.109
Oct 15 00:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: input_userauth_request: invalid user dev [preauth]
Oct 15 00:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: Failed password for invalid user dev from 20.163.71.109 port 51202 ssh2
Oct 15 00:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: Received disconnect from 20.163.71.109 port 51202:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: Disconnected from 20.163.71.109 port 51202 [preauth]
Oct 15 00:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12718]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: Invalid user git from 20.163.71.109
Oct 15 00:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: input_userauth_request: invalid user git [preauth]
Oct 15 00:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: Failed password for invalid user git from 20.163.71.109 port 51214 ssh2
Oct 15 00:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: Received disconnect from 20.163.71.109 port 51214:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: Disconnected from 20.163.71.109 port 51214 [preauth]
Oct 15 00:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: Invalid user ftpuser from 20.163.71.109
Oct 15 00:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 00:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: Failed password for invalid user ftpuser from 20.163.71.109 port 51216 ssh2
Oct 15 00:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: Received disconnect from 20.163.71.109 port 51216:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: Disconnected from 20.163.71.109 port 51216 [preauth]
Oct 15 00:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13100]: Invalid user postgres from 20.163.71.109
Oct 15 00:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13100]: input_userauth_request: invalid user postgres [preauth]
Oct 15 00:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13100]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13100]: Failed password for invalid user postgres from 20.163.71.109 port 35878 ssh2
Oct 15 00:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13100]: Received disconnect from 20.163.71.109 port 35878:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13100]: Disconnected from 20.163.71.109 port 35878 [preauth]
Oct 15 00:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: Invalid user tomcat from 20.163.71.109
Oct 15 00:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: input_userauth_request: invalid user tomcat [preauth]
Oct 15 00:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: Failed password for invalid user tomcat from 20.163.71.109 port 35894 ssh2
Oct 15 00:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: Received disconnect from 20.163.71.109 port 35894:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: Disconnected from 20.163.71.109 port 35894 [preauth]
Oct 15 00:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: Invalid user deploy from 20.163.71.109
Oct 15 00:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: input_userauth_request: invalid user deploy [preauth]
Oct 15 00:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: Failed password for invalid user deploy from 20.163.71.109 port 35904 ssh2
Oct 15 00:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: Received disconnect from 20.163.71.109 port 35904:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: Disconnected from 20.163.71.109 port 35904 [preauth]
Oct 15 00:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: Invalid user guest from 20.163.71.109
Oct 15 00:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: input_userauth_request: invalid user guest [preauth]
Oct 15 00:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: Failed password for invalid user guest from 20.163.71.109 port 35920 ssh2
Oct 15 00:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: Received disconnect from 20.163.71.109 port 35920:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: Disconnected from 20.163.71.109 port 35920 [preauth]
Oct 15 00:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: Invalid user test from 20.163.71.109
Oct 15 00:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: input_userauth_request: invalid user test [preauth]
Oct 15 00:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: Failed password for invalid user test from 20.163.71.109 port 35926 ssh2
Oct 15 00:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: Received disconnect from 20.163.71.109 port 35926:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: Disconnected from 20.163.71.109 port 35926 [preauth]
Oct 15 00:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Invalid user kafaka from 20.163.71.109
Oct 15 00:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: input_userauth_request: invalid user kafaka [preauth]
Oct 15 00:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Failed password for invalid user kafaka from 20.163.71.109 port 35932 ssh2
Oct 15 00:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Received disconnect from 20.163.71.109 port 35932:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Disconnected from 20.163.71.109 port 35932 [preauth]
Oct 15 00:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Invalid user frappe from 20.163.71.109
Oct 15 00:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: input_userauth_request: invalid user frappe [preauth]
Oct 15 00:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Failed password for invalid user frappe from 20.163.71.109 port 43810 ssh2
Oct 15 00:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Received disconnect from 20.163.71.109 port 43810:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Disconnected from 20.163.71.109 port 43810 [preauth]
Oct 15 00:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: Invalid user ak from 20.163.71.109
Oct 15 00:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: input_userauth_request: invalid user ak [preauth]
Oct 15 00:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: Failed password for invalid user ak from 20.163.71.109 port 43820 ssh2
Oct 15 00:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: Received disconnect from 20.163.71.109 port 43820:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: Disconnected from 20.163.71.109 port 43820 [preauth]
Oct 15 00:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: Invalid user hadoop from 20.163.71.109
Oct 15 00:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: input_userauth_request: invalid user hadoop [preauth]
Oct 15 00:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: Failed password for invalid user hadoop from 20.163.71.109 port 43832 ssh2
Oct 15 00:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: Received disconnect from 20.163.71.109 port 43832:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: Disconnected from 20.163.71.109 port 43832 [preauth]
Oct 15 00:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: Invalid user uftp from 20.163.71.109
Oct 15 00:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: input_userauth_request: invalid user uftp [preauth]
Oct 15 00:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11493]: pam_unix(cron:session): session closed for user root
Oct 15 00:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: Failed password for invalid user uftp from 20.163.71.109 port 43844 ssh2
Oct 15 00:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: Received disconnect from 20.163.71.109 port 43844:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13176]: Disconnected from 20.163.71.109 port 43844 [preauth]
Oct 15 00:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Invalid user teamspeak3 from 20.163.71.109
Oct 15 00:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: input_userauth_request: invalid user teamspeak3 [preauth]
Oct 15 00:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Failed password for invalid user teamspeak3 from 20.163.71.109 port 43856 ssh2
Oct 15 00:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Received disconnect from 20.163.71.109 port 43856:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Disconnected from 20.163.71.109 port 43856 [preauth]
Oct 15 00:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: Invalid user uftp from 20.163.71.109
Oct 15 00:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: input_userauth_request: invalid user uftp [preauth]
Oct 15 00:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: Failed password for invalid user uftp from 20.163.71.109 port 34994 ssh2
Oct 15 00:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: Received disconnect from 20.163.71.109 port 34994:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: Disconnected from 20.163.71.109 port 34994 [preauth]
Oct 15 00:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Invalid user solr from 20.163.71.109
Oct 15 00:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: input_userauth_request: invalid user solr [preauth]
Oct 15 00:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Failed password for invalid user solr from 20.163.71.109 port 34998 ssh2
Oct 15 00:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Received disconnect from 20.163.71.109 port 34998:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Disconnected from 20.163.71.109 port 34998 [preauth]
Oct 15 00:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: Invalid user test from 20.163.71.109
Oct 15 00:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: input_userauth_request: invalid user test [preauth]
Oct 15 00:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: Failed password for invalid user test from 20.163.71.109 port 35000 ssh2
Oct 15 00:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: Received disconnect from 20.163.71.109 port 35000:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: Disconnected from 20.163.71.109 port 35000 [preauth]
Oct 15 00:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: Invalid user zabbix from 20.163.71.109
Oct 15 00:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: input_userauth_request: invalid user zabbix [preauth]
Oct 15 00:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: Failed password for invalid user zabbix from 20.163.71.109 port 35016 ssh2
Oct 15 00:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: Received disconnect from 20.163.71.109 port 35016:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13348]: Disconnected from 20.163.71.109 port 35016 [preauth]
Oct 15 00:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Invalid user dspace from 20.163.71.109
Oct 15 00:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: input_userauth_request: invalid user dspace [preauth]
Oct 15 00:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Failed password for invalid user dspace from 20.163.71.109 port 35028 ssh2
Oct 15 00:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Received disconnect from 20.163.71.109 port 35028:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Disconnected from 20.163.71.109 port 35028 [preauth]
Oct 15 00:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Invalid user ts from 20.163.71.109
Oct 15 00:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: input_userauth_request: invalid user ts [preauth]
Oct 15 00:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Failed password for invalid user ts from 20.163.71.109 port 34068 ssh2
Oct 15 00:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Received disconnect from 20.163.71.109 port 34068:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Disconnected from 20.163.71.109 port 34068 [preauth]
Oct 15 00:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: Failed password for root from 20.163.71.109 port 34074 ssh2
Oct 15 00:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: Received disconnect from 20.163.71.109 port 34074:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: Disconnected from 20.163.71.109 port 34074 [preauth]
Oct 15 00:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13377]: Invalid user kafka from 20.163.71.109
Oct 15 00:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13377]: input_userauth_request: invalid user kafka [preauth]
Oct 15 00:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13377]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13377]: Failed password for invalid user kafka from 20.163.71.109 port 34086 ssh2
Oct 15 00:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13377]: Received disconnect from 20.163.71.109 port 34086:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13377]: Disconnected from 20.163.71.109 port 34086 [preauth]
Oct 15 00:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: Invalid user second from 20.163.71.109
Oct 15 00:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: input_userauth_request: invalid user second [preauth]
Oct 15 00:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: Failed password for invalid user second from 20.163.71.109 port 34096 ssh2
Oct 15 00:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: Received disconnect from 20.163.71.109 port 34096:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: Disconnected from 20.163.71.109 port 34096 [preauth]
Oct 15 00:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: Invalid user ftpuser from 20.163.71.109
Oct 15 00:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 00:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13404]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13403]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13394]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13397]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: Failed password for invalid user ftpuser from 20.163.71.109 port 34106 ssh2
Oct 15 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: Received disconnect from 20.163.71.109 port 34106:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: Disconnected from 20.163.71.109 port 34106 [preauth]
Oct 15 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: Invalid user hadoop from 20.163.71.109
Oct 15 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: input_userauth_request: invalid user hadoop [preauth]
Oct 15 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13592]: Successful su for rubyman by root
Oct 15 00:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13592]: + ??? root:rubyman
Oct 15 00:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414405 of user rubyman.
Oct 15 00:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13592]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414405.
Oct 15 00:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13394]: pam_unix(cron:session): session closed for user root
Oct 15 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: Failed password for invalid user hadoop from 20.163.71.109 port 50798 ssh2
Oct 15 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: Received disconnect from 20.163.71.109 port 50798:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13486]: Disconnected from 20.163.71.109 port 50798 [preauth]
Oct 15 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Invalid user nexus from 20.163.71.109
Oct 15 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: input_userauth_request: invalid user nexus [preauth]
Oct 15 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Failed password for invalid user nexus from 20.163.71.109 port 50800 ssh2
Oct 15 00:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Received disconnect from 20.163.71.109 port 50800:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Disconnected from 20.163.71.109 port 50800 [preauth]
Oct 15 00:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13672]: Invalid user git from 20.163.71.109
Oct 15 00:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13672]: input_userauth_request: invalid user git [preauth]
Oct 15 00:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13672]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13672]: Failed password for invalid user git from 20.163.71.109 port 50802 ssh2
Oct 15 00:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13672]: Received disconnect from 20.163.71.109 port 50802:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13672]: Disconnected from 20.163.71.109 port 50802 [preauth]
Oct 15 00:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13731]: Invalid user kafka from 20.163.71.109
Oct 15 00:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13731]: input_userauth_request: invalid user kafka [preauth]
Oct 15 00:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13731]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10008]: pam_unix(cron:session): session closed for user root
Oct 15 00:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13731]: Failed password for invalid user kafka from 20.163.71.109 port 50812 ssh2
Oct 15 00:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13731]: Received disconnect from 20.163.71.109 port 50812:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13731]: Disconnected from 20.163.71.109 port 50812 [preauth]
Oct 15 00:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: Invalid user uftp from 20.163.71.109
Oct 15 00:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: input_userauth_request: invalid user uftp [preauth]
Oct 15 00:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: Failed password for invalid user uftp from 20.163.71.109 port 50828 ssh2
Oct 15 00:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: Received disconnect from 20.163.71.109 port 50828:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: Disconnected from 20.163.71.109 port 50828 [preauth]
Oct 15 00:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: Invalid user kafka from 20.163.71.109
Oct 15 00:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: input_userauth_request: invalid user kafka [preauth]
Oct 15 00:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: Failed password for invalid user kafka from 20.163.71.109 port 43168 ssh2
Oct 15 00:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: Received disconnect from 20.163.71.109 port 43168:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13822]: Disconnected from 20.163.71.109 port 43168 [preauth]
Oct 15 00:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13845]: Invalid user uftp from 20.163.71.109
Oct 15 00:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13845]: input_userauth_request: invalid user uftp [preauth]
Oct 15 00:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13845]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13845]: Failed password for invalid user uftp from 20.163.71.109 port 43184 ssh2
Oct 15 00:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13845]: Received disconnect from 20.163.71.109 port 43184:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13845]: Disconnected from 20.163.71.109 port 43184 [preauth]
Oct 15 00:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: Invalid user redmine from 20.163.71.109
Oct 15 00:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: input_userauth_request: invalid user redmine [preauth]
Oct 15 00:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13402]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: Failed password for invalid user redmine from 20.163.71.109 port 43190 ssh2
Oct 15 00:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: Received disconnect from 20.163.71.109 port 43190:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: Disconnected from 20.163.71.109 port 43190 [preauth]
Oct 15 00:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: User mysql from 20.163.71.109 not allowed because not listed in AllowUsers
Oct 15 00:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: input_userauth_request: invalid user mysql [preauth]
Oct 15 00:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=mysql
Oct 15 00:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Failed password for invalid user mysql from 20.163.71.109 port 43200 ssh2
Oct 15 00:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Received disconnect from 20.163.71.109 port 43200:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Disconnected from 20.163.71.109 port 43200 [preauth]
Oct 15 00:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13900]: Invalid user xguest from 20.163.71.109
Oct 15 00:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13900]: input_userauth_request: invalid user xguest [preauth]
Oct 15 00:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13900]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13900]: Failed password for invalid user xguest from 20.163.71.109 port 54824 ssh2
Oct 15 00:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13900]: Received disconnect from 20.163.71.109 port 54824:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13900]: Disconnected from 20.163.71.109 port 54824 [preauth]
Oct 15 00:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: Invalid user postgres from 20.163.71.109
Oct 15 00:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: input_userauth_request: invalid user postgres [preauth]
Oct 15 00:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: Failed password for invalid user postgres from 20.163.71.109 port 54828 ssh2
Oct 15 00:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: Received disconnect from 20.163.71.109 port 54828:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: Disconnected from 20.163.71.109 port 54828 [preauth]
Oct 15 00:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: Invalid user hadoop from 20.163.71.109
Oct 15 00:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: input_userauth_request: invalid user hadoop [preauth]
Oct 15 00:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: Failed password for invalid user hadoop from 20.163.71.109 port 54844 ssh2
Oct 15 00:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: Received disconnect from 20.163.71.109 port 54844:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: Disconnected from 20.163.71.109 port 54844 [preauth]
Oct 15 00:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: Invalid user kafka from 20.163.71.109
Oct 15 00:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: input_userauth_request: invalid user kafka [preauth]
Oct 15 00:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: Failed password for invalid user kafka from 20.163.71.109 port 54848 ssh2
Oct 15 00:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: Received disconnect from 20.163.71.109 port 54848:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: Disconnected from 20.163.71.109 port 54848 [preauth]
Oct 15 00:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: Invalid user postgres from 20.163.71.109
Oct 15 00:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: input_userauth_request: invalid user postgres [preauth]
Oct 15 00:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: Failed password for invalid user postgres from 20.163.71.109 port 54850 ssh2
Oct 15 00:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: Received disconnect from 20.163.71.109 port 54850:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13919]: Disconnected from 20.163.71.109 port 54850 [preauth]
Oct 15 00:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13940]: Invalid user redis from 20.163.71.109
Oct 15 00:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13940]: input_userauth_request: invalid user redis [preauth]
Oct 15 00:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13940]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13940]: Failed password for invalid user redis from 20.163.71.109 port 53054 ssh2
Oct 15 00:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13940]: Received disconnect from 20.163.71.109 port 53054:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13940]: Disconnected from 20.163.71.109 port 53054 [preauth]
Oct 15 00:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: Invalid user postgres from 20.163.71.109
Oct 15 00:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: input_userauth_request: invalid user postgres [preauth]
Oct 15 00:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: Failed password for invalid user postgres from 20.163.71.109 port 53068 ssh2
Oct 15 00:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: Received disconnect from 20.163.71.109 port 53068:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: Disconnected from 20.163.71.109 port 53068 [preauth]
Oct 15 00:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Invalid user test from 20.163.71.109
Oct 15 00:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: input_userauth_request: invalid user test [preauth]
Oct 15 00:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12144]: pam_unix(cron:session): session closed for user root
Oct 15 00:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Failed password for invalid user test from 20.163.71.109 port 53070 ssh2
Oct 15 00:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Received disconnect from 20.163.71.109 port 53070:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Disconnected from 20.163.71.109 port 53070 [preauth]
Oct 15 00:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: Failed password for root from 20.163.71.109 port 53074 ssh2
Oct 15 00:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: Received disconnect from 20.163.71.109 port 53074:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: Disconnected from 20.163.71.109 port 53074 [preauth]
Oct 15 00:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: User mysql from 20.163.71.109 not allowed because not listed in AllowUsers
Oct 15 00:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: input_userauth_request: invalid user mysql [preauth]
Oct 15 00:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=mysql
Oct 15 00:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: Failed password for invalid user mysql from 20.163.71.109 port 49206 ssh2
Oct 15 00:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: Received disconnect from 20.163.71.109 port 49206:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: Disconnected from 20.163.71.109 port 49206 [preauth]
Oct 15 00:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Invalid user xguest from 20.163.71.109
Oct 15 00:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: input_userauth_request: invalid user xguest [preauth]
Oct 15 00:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Failed password for invalid user xguest from 20.163.71.109 port 49218 ssh2
Oct 15 00:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Received disconnect from 20.163.71.109 port 49218:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Disconnected from 20.163.71.109 port 49218 [preauth]
Oct 15 00:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: Failed password for root from 20.163.71.109 port 49232 ssh2
Oct 15 00:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: Received disconnect from 20.163.71.109 port 49232:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14003]: Disconnected from 20.163.71.109 port 49232 [preauth]
Oct 15 00:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Invalid user xgues from 20.163.71.109
Oct 15 00:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: input_userauth_request: invalid user xgues [preauth]
Oct 15 00:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Failed password for invalid user xgues from 20.163.71.109 port 49236 ssh2
Oct 15 00:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Received disconnect from 20.163.71.109 port 49236:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14018]: Disconnected from 20.163.71.109 port 49236 [preauth]
Oct 15 00:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: Invalid user redis from 20.163.71.109
Oct 15 00:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: input_userauth_request: invalid user redis [preauth]
Oct 15 00:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: Failed password for invalid user redis from 20.163.71.109 port 49244 ssh2
Oct 15 00:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: Received disconnect from 20.163.71.109 port 49244:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14022]: Disconnected from 20.163.71.109 port 49244 [preauth]
Oct 15 00:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14122]: Invalid user www from 20.163.71.109
Oct 15 00:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14122]: input_userauth_request: invalid user www [preauth]
Oct 15 00:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14122]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14122]: Failed password for invalid user www from 20.163.71.109 port 53362 ssh2
Oct 15 00:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14122]: Received disconnect from 20.163.71.109 port 53362:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14122]: Disconnected from 20.163.71.109 port 53362 [preauth]
Oct 15 00:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: Failed password for root from 20.163.71.109 port 53368 ssh2
Oct 15 00:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: Received disconnect from 20.163.71.109 port 53368:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: Disconnected from 20.163.71.109 port 53368 [preauth]
Oct 15 00:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: Failed password for root from 20.163.71.109 port 53380 ssh2
Oct 15 00:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: Received disconnect from 20.163.71.109 port 53380:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14133]: Disconnected from 20.163.71.109 port 53380 [preauth]
Oct 15 00:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14139]: Failed password for root from 20.163.71.109 port 53390 ssh2
Oct 15 00:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14139]: Received disconnect from 20.163.71.109 port 53390:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14139]: Disconnected from 20.163.71.109 port 53390 [preauth]
Oct 15 00:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14164]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14161]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14162]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14165]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14165]: pam_unix(cron:session): session closed for user root
Oct 15 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14157]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: Failed password for root from 20.163.71.109 port 53396 ssh2
Oct 15 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: Received disconnect from 20.163.71.109 port 53396:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: Disconnected from 20.163.71.109 port 53396 [preauth]
Oct 15 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14246]: Successful su for rubyman by root
Oct 15 00:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14246]: + ??? root:rubyman
Oct 15 00:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14246]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414410 of user rubyman.
Oct 15 00:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14246]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414410.
Oct 15 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: Failed password for root from 20.163.71.109 port 58424 ssh2
Oct 15 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: Received disconnect from 20.163.71.109 port 58424:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: Disconnected from 20.163.71.109 port 58424 [preauth]
Oct 15 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14269]: Failed password for root from 20.163.71.109 port 58434 ssh2
Oct 15 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14269]: Received disconnect from 20.163.71.109 port 58434:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14269]: Disconnected from 20.163.71.109 port 58434 [preauth]
Oct 15 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Failed password for root from 20.163.71.109 port 58438 ssh2
Oct 15 00:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Received disconnect from 20.163.71.109 port 58438:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Disconnected from 20.163.71.109 port 58438 [preauth]
Oct 15 00:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14161]: pam_unix(cron:session): session closed for user root
Oct 15 00:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14363]: Failed password for root from 20.163.71.109 port 58442 ssh2
Oct 15 00:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14363]: Received disconnect from 20.163.71.109 port 58442:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14363]: Disconnected from 20.163.71.109 port 58442 [preauth]
Oct 15 00:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10502]: pam_unix(cron:session): session closed for user root
Oct 15 00:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: Failed password for root from 20.163.71.109 port 53004 ssh2
Oct 15 00:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: Received disconnect from 20.163.71.109 port 53004:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: Disconnected from 20.163.71.109 port 53004 [preauth]
Oct 15 00:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: Failed password for root from 20.163.71.109 port 53016 ssh2
Oct 15 00:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: Received disconnect from 20.163.71.109 port 53016:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: Disconnected from 20.163.71.109 port 53016 [preauth]
Oct 15 00:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14473]: Failed password for root from 20.163.71.109 port 53026 ssh2
Oct 15 00:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14473]: Received disconnect from 20.163.71.109 port 53026:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14473]: Disconnected from 20.163.71.109 port 53026 [preauth]
Oct 15 00:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14160]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: Failed password for root from 20.163.71.109 port 53036 ssh2
Oct 15 00:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: Received disconnect from 20.163.71.109 port 53036:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14495]: Disconnected from 20.163.71.109 port 53036 [preauth]
Oct 15 00:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Failed password for root from 20.163.71.109 port 53038 ssh2
Oct 15 00:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Received disconnect from 20.163.71.109 port 53038:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: Disconnected from 20.163.71.109 port 53038 [preauth]
Oct 15 00:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: Failed password for root from 20.163.71.109 port 45480 ssh2
Oct 15 00:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: Received disconnect from 20.163.71.109 port 45480:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: Disconnected from 20.163.71.109 port 45480 [preauth]
Oct 15 00:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: Failed password for root from 20.163.71.109 port 45496 ssh2
Oct 15 00:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: Received disconnect from 20.163.71.109 port 45496:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: Disconnected from 20.163.71.109 port 45496 [preauth]
Oct 15 00:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: Failed password for root from 20.163.71.109 port 45500 ssh2
Oct 15 00:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: Received disconnect from 20.163.71.109 port 45500:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14541]: Disconnected from 20.163.71.109 port 45500 [preauth]
Oct 15 00:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: Failed password for root from 20.163.71.109 port 45508 ssh2
Oct 15 00:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: Received disconnect from 20.163.71.109 port 45508:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14545]: Disconnected from 20.163.71.109 port 45508 [preauth]
Oct 15 00:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14559]: Failed password for root from 20.163.71.109 port 45524 ssh2
Oct 15 00:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14559]: Received disconnect from 20.163.71.109 port 45524:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14559]: Disconnected from 20.163.71.109 port 45524 [preauth]
Oct 15 00:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: Failed password for root from 20.163.71.109 port 55968 ssh2
Oct 15 00:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: Received disconnect from 20.163.71.109 port 55968:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: Disconnected from 20.163.71.109 port 55968 [preauth]
Oct 15 00:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: Failed password for root from 20.163.71.109 port 55984 ssh2
Oct 15 00:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: Received disconnect from 20.163.71.109 port 55984:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14582]: Disconnected from 20.163.71.109 port 55984 [preauth]
Oct 15 00:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12721]: pam_unix(cron:session): session closed for user root
Oct 15 00:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Failed password for root from 20.163.71.109 port 56000 ssh2
Oct 15 00:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Received disconnect from 20.163.71.109 port 56000:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Disconnected from 20.163.71.109 port 56000 [preauth]
Oct 15 00:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14614]: Failed password for root from 20.163.71.109 port 56002 ssh2
Oct 15 00:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14614]: Received disconnect from 20.163.71.109 port 56002:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14614]: Disconnected from 20.163.71.109 port 56002 [preauth]
Oct 15 00:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: Failed password for root from 20.163.71.109 port 35746 ssh2
Oct 15 00:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: Received disconnect from 20.163.71.109 port 35746:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: Disconnected from 20.163.71.109 port 35746 [preauth]
Oct 15 00:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14635]: Failed password for root from 20.163.71.109 port 35754 ssh2
Oct 15 00:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14635]: Received disconnect from 20.163.71.109 port 35754:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14635]: Disconnected from 20.163.71.109 port 35754 [preauth]
Oct 15 00:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14642]: Failed password for root from 20.163.71.109 port 35762 ssh2
Oct 15 00:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14642]: Received disconnect from 20.163.71.109 port 35762:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14642]: Disconnected from 20.163.71.109 port 35762 [preauth]
Oct 15 00:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Failed password for root from 20.163.71.109 port 35770 ssh2
Oct 15 00:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Received disconnect from 20.163.71.109 port 35770:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Disconnected from 20.163.71.109 port 35770 [preauth]
Oct 15 00:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: Failed password for root from 20.163.71.109 port 44010 ssh2
Oct 15 00:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: Received disconnect from 20.163.71.109 port 44010:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: Disconnected from 20.163.71.109 port 44010 [preauth]
Oct 15 00:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14676]: Failed password for root from 20.163.71.109 port 44014 ssh2
Oct 15 00:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14676]: Received disconnect from 20.163.71.109 port 44014:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14676]: Disconnected from 20.163.71.109 port 44014 [preauth]
Oct 15 00:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Failed password for root from 20.163.71.109 port 44022 ssh2
Oct 15 00:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Received disconnect from 20.163.71.109 port 44022:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Disconnected from 20.163.71.109 port 44022 [preauth]
Oct 15 00:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14680]: Failed password for root from 20.163.71.109 port 44036 ssh2
Oct 15 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14680]: Received disconnect from 20.163.71.109 port 44036:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14680]: Disconnected from 20.163.71.109 port 44036 [preauth]
Oct 15 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14697]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14699]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14695]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14781]: Successful su for rubyman by root
Oct 15 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14781]: + ??? root:rubyman
Oct 15 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414415 of user rubyman.
Oct 15 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14781]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414415.
Oct 15 00:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Failed password for root from 20.163.71.109 port 47914 ssh2
Oct 15 00:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Received disconnect from 20.163.71.109 port 47914:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14692]: Disconnected from 20.163.71.109 port 47914 [preauth]
Oct 15 00:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: Failed password for root from 20.163.71.109 port 47928 ssh2
Oct 15 00:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: Received disconnect from 20.163.71.109 port 47928:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: Disconnected from 20.163.71.109 port 47928 [preauth]
Oct 15 00:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14889]: Failed password for root from 20.163.71.109 port 47942 ssh2
Oct 15 00:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14889]: Received disconnect from 20.163.71.109 port 47942:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14889]: Disconnected from 20.163.71.109 port 47942 [preauth]
Oct 15 00:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14967]: Failed password for root from 20.163.71.109 port 47952 ssh2
Oct 15 00:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14967]: Received disconnect from 20.163.71.109 port 47952:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14967]: Disconnected from 20.163.71.109 port 47952 [preauth]
Oct 15 00:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10975]: pam_unix(cron:session): session closed for user root
Oct 15 00:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Failed password for root from 20.163.71.109 port 42846 ssh2
Oct 15 00:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Received disconnect from 20.163.71.109 port 42846:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14989]: Disconnected from 20.163.71.109 port 42846 [preauth]
Oct 15 00:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15009]: Failed password for root from 20.163.71.109 port 42850 ssh2
Oct 15 00:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15009]: Received disconnect from 20.163.71.109 port 42850:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15009]: Disconnected from 20.163.71.109 port 42850 [preauth]
Oct 15 00:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14899]: Connection closed by 194.164.107.4 port 50494 [preauth]
Oct 15 00:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14696]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: Failed password for root from 20.163.71.109 port 42852 ssh2
Oct 15 00:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: Received disconnect from 20.163.71.109 port 42852:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: Disconnected from 20.163.71.109 port 42852 [preauth]
Oct 15 00:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: Failed password for root from 20.163.71.109 port 42866 ssh2
Oct 15 00:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: Received disconnect from 20.163.71.109 port 42866:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: Disconnected from 20.163.71.109 port 42866 [preauth]
Oct 15 00:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: Failed password for root from 20.163.71.109 port 42870 ssh2
Oct 15 00:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: Received disconnect from 20.163.71.109 port 42870:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: Disconnected from 20.163.71.109 port 42870 [preauth]
Oct 15 00:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
Oct 15 00:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Failed password for root from 20.163.71.109 port 55592 ssh2
Oct 15 00:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Received disconnect from 20.163.71.109 port 55592:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Disconnected from 20.163.71.109 port 55592 [preauth]
Oct 15 00:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15165]: Failed password for root from 80.94.95.115 port 22890 ssh2
Oct 15 00:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15165]: Connection closed by 80.94.95.115 port 22890 [preauth]
Oct 15 00:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: Failed password for root from 20.163.71.109 port 55602 ssh2
Oct 15 00:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: Received disconnect from 20.163.71.109 port 55602:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: Disconnected from 20.163.71.109 port 55602 [preauth]
Oct 15 00:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: Failed password for root from 20.163.71.109 port 55610 ssh2
Oct 15 00:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: Received disconnect from 20.163.71.109 port 55610:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: Disconnected from 20.163.71.109 port 55610 [preauth]
Oct 15 00:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15198]: Failed password for root from 20.163.71.109 port 55624 ssh2
Oct 15 00:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15198]: Received disconnect from 20.163.71.109 port 55624:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15198]: Disconnected from 20.163.71.109 port 55624 [preauth]
Oct 15 00:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: Failed password for root from 20.163.71.109 port 47748 ssh2
Oct 15 00:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: Received disconnect from 20.163.71.109 port 47748:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: Disconnected from 20.163.71.109 port 47748 [preauth]
Oct 15 00:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: Failed password for root from 20.163.71.109 port 47760 ssh2
Oct 15 00:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: Received disconnect from 20.163.71.109 port 47760:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15217]: Disconnected from 20.163.71.109 port 47760 [preauth]
Oct 15 00:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: Failed password for root from 20.163.71.109 port 47772 ssh2
Oct 15 00:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: Received disconnect from 20.163.71.109 port 47772:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: Disconnected from 20.163.71.109 port 47772 [preauth]
Oct 15 00:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13404]: pam_unix(cron:session): session closed for user root
Oct 15 00:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: Failed password for root from 20.163.71.109 port 47782 ssh2
Oct 15 00:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: Received disconnect from 20.163.71.109 port 47782:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: Disconnected from 20.163.71.109 port 47782 [preauth]
Oct 15 00:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Failed password for root from 20.163.71.109 port 35156 ssh2
Oct 15 00:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Received disconnect from 20.163.71.109 port 35156:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Disconnected from 20.163.71.109 port 35156 [preauth]
Oct 15 00:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: Failed password for root from 20.163.71.109 port 35166 ssh2
Oct 15 00:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: Received disconnect from 20.163.71.109 port 35166:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: Disconnected from 20.163.71.109 port 35166 [preauth]
Oct 15 00:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15280]: Failed password for root from 20.163.71.109 port 35174 ssh2
Oct 15 00:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15280]: Received disconnect from 20.163.71.109 port 35174:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15280]: Disconnected from 20.163.71.109 port 35174 [preauth]
Oct 15 00:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: Failed password for root from 20.163.71.109 port 35184 ssh2
Oct 15 00:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: Received disconnect from 20.163.71.109 port 35184:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15294]: Disconnected from 20.163.71.109 port 35184 [preauth]
Oct 15 00:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15316]: Failed password for root from 20.163.71.109 port 35196 ssh2
Oct 15 00:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15316]: Received disconnect from 20.163.71.109 port 35196:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15316]: Disconnected from 20.163.71.109 port 35196 [preauth]
Oct 15 00:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: Failed password for root from 20.163.71.109 port 46650 ssh2
Oct 15 00:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: Received disconnect from 20.163.71.109 port 46650:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: Disconnected from 20.163.71.109 port 46650 [preauth]
Oct 15 00:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: Failed password for root from 20.163.71.109 port 46664 ssh2
Oct 15 00:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: Received disconnect from 20.163.71.109 port 46664:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: Disconnected from 20.163.71.109 port 46664 [preauth]
Oct 15 00:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: Failed password for root from 20.163.71.109 port 46676 ssh2
Oct 15 00:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: Received disconnect from 20.163.71.109 port 46676:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15340]: Disconnected from 20.163.71.109 port 46676 [preauth]
Oct 15 00:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15365]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15364]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15362]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15425]: Successful su for rubyman by root
Oct 15 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15425]: + ??? root:rubyman
Oct 15 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414419 of user rubyman.
Oct 15 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15425]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414419.
Oct 15 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: Failed password for root from 20.163.71.109 port 46686 ssh2
Oct 15 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: Received disconnect from 20.163.71.109 port 46686:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: Disconnected from 20.163.71.109 port 46686 [preauth]
Oct 15 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: Failed password for root from 20.163.71.109 port 56520 ssh2
Oct 15 00:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: Received disconnect from 20.163.71.109 port 56520:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15448]: Disconnected from 20.163.71.109 port 56520 [preauth]
Oct 15 00:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15495]: Failed password for root from 20.163.71.109 port 56524 ssh2
Oct 15 00:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15495]: Received disconnect from 20.163.71.109 port 56524:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15495]: Disconnected from 20.163.71.109 port 56524 [preauth]
Oct 15 00:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: Failed password for root from 20.163.71.109 port 56532 ssh2
Oct 15 00:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: Received disconnect from 20.163.71.109 port 56532:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: Disconnected from 20.163.71.109 port 56532 [preauth]
Oct 15 00:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11492]: pam_unix(cron:session): session closed for user root
Oct 15 00:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: Failed password for root from 20.163.71.109 port 56548 ssh2
Oct 15 00:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: Received disconnect from 20.163.71.109 port 56548:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: Disconnected from 20.163.71.109 port 56548 [preauth]
Oct 15 00:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15619]: Failed password for root from 20.163.71.109 port 40106 ssh2
Oct 15 00:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15619]: Received disconnect from 20.163.71.109 port 40106:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15619]: Disconnected from 20.163.71.109 port 40106 [preauth]
Oct 15 00:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: Failed password for root from 20.163.71.109 port 40110 ssh2
Oct 15 00:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: Received disconnect from 20.163.71.109 port 40110:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: Disconnected from 20.163.71.109 port 40110 [preauth]
Oct 15 00:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15363]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15656]: Failed password for root from 20.163.71.109 port 40122 ssh2
Oct 15 00:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15656]: Received disconnect from 20.163.71.109 port 40122:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15656]: Disconnected from 20.163.71.109 port 40122 [preauth]
Oct 15 00:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Failed password for root from 20.163.71.109 port 40136 ssh2
Oct 15 00:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Received disconnect from 20.163.71.109 port 40136:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15680]: Disconnected from 20.163.71.109 port 40136 [preauth]
Oct 15 00:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Failed password for root from 20.163.71.109 port 54096 ssh2
Oct 15 00:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Received disconnect from 20.163.71.109 port 54096:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Disconnected from 20.163.71.109 port 54096 [preauth]
Oct 15 00:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15696]: Failed password for root from 20.163.71.109 port 54100 ssh2
Oct 15 00:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15696]: Received disconnect from 20.163.71.109 port 54100:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15696]: Disconnected from 20.163.71.109 port 54100 [preauth]
Oct 15 00:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15700]: Failed password for root from 20.163.71.109 port 54106 ssh2
Oct 15 00:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15700]: Received disconnect from 20.163.71.109 port 54106:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15700]: Disconnected from 20.163.71.109 port 54106 [preauth]
Oct 15 00:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15713]: Failed password for root from 20.163.71.109 port 54112 ssh2
Oct 15 00:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15713]: Received disconnect from 20.163.71.109 port 54112:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15713]: Disconnected from 20.163.71.109 port 54112 [preauth]
Oct 15 00:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: Failed password for root from 20.163.71.109 port 54124 ssh2
Oct 15 00:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: Received disconnect from 20.163.71.109 port 54124:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: Disconnected from 20.163.71.109 port 54124 [preauth]
Oct 15 00:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: Failed password for root from 20.163.71.109 port 39380 ssh2
Oct 15 00:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: Received disconnect from 20.163.71.109 port 39380:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: Disconnected from 20.163.71.109 port 39380 [preauth]
Oct 15 00:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: Failed password for root from 20.163.71.109 port 39386 ssh2
Oct 15 00:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: Received disconnect from 20.163.71.109 port 39386:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: Disconnected from 20.163.71.109 port 39386 [preauth]
Oct 15 00:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: Failed password for root from 20.163.71.109 port 39388 ssh2
Oct 15 00:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: Received disconnect from 20.163.71.109 port 39388:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: Disconnected from 20.163.71.109 port 39388 [preauth]
Oct 15 00:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14164]: pam_unix(cron:session): session closed for user root
Oct 15 00:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: Failed password for root from 20.163.71.109 port 39398 ssh2
Oct 15 00:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: Received disconnect from 20.163.71.109 port 39398:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: Disconnected from 20.163.71.109 port 39398 [preauth]
Oct 15 00:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15786]: Failed password for root from 20.163.71.109 port 55486 ssh2
Oct 15 00:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15786]: Received disconnect from 20.163.71.109 port 55486:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15786]: Disconnected from 20.163.71.109 port 55486 [preauth]
Oct 15 00:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15788]: Failed password for root from 20.163.71.109 port 55502 ssh2
Oct 15 00:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15788]: Received disconnect from 20.163.71.109 port 55502:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15788]: Disconnected from 20.163.71.109 port 55502 [preauth]
Oct 15 00:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: Failed password for root from 20.163.71.109 port 55508 ssh2
Oct 15 00:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: Received disconnect from 20.163.71.109 port 55508:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: Disconnected from 20.163.71.109 port 55508 [preauth]
Oct 15 00:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15803]: Failed password for root from 20.163.71.109 port 55518 ssh2
Oct 15 00:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15803]: Received disconnect from 20.163.71.109 port 55518:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15803]: Disconnected from 20.163.71.109 port 55518 [preauth]
Oct 15 00:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Failed password for root from 20.163.71.109 port 55524 ssh2
Oct 15 00:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Received disconnect from 20.163.71.109 port 55524:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15819]: Disconnected from 20.163.71.109 port 55524 [preauth]
Oct 15 00:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Failed password for root from 20.163.71.109 port 42038 ssh2
Oct 15 00:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Received disconnect from 20.163.71.109 port 42038:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15835]: Disconnected from 20.163.71.109 port 42038 [preauth]
Oct 15 00:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15838]: Invalid user www from 42.49.216.35
Oct 15 00:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15838]: input_userauth_request: invalid user www [preauth]
Oct 15 00:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15838]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.49.216.35
Oct 15 00:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Failed password for root from 20.163.71.109 port 42048 ssh2
Oct 15 00:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Received disconnect from 20.163.71.109 port 42048:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Disconnected from 20.163.71.109 port 42048 [preauth]
Oct 15 00:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15838]: Failed password for invalid user www from 42.49.216.35 port 38438 ssh2
Oct 15 00:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15838]: Received disconnect from 42.49.216.35 port 38438:11: Bye Bye [preauth]
Oct 15 00:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15838]: Disconnected from 42.49.216.35 port 38438 [preauth]
Oct 15 00:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: Failed password for root from 20.163.71.109 port 42056 ssh2
Oct 15 00:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: Received disconnect from 20.163.71.109 port 42056:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: Disconnected from 20.163.71.109 port 42056 [preauth]
Oct 15 00:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: Failed password for root from 20.163.71.109 port 42070 ssh2
Oct 15 00:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: Received disconnect from 20.163.71.109 port 42070:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: Disconnected from 20.163.71.109 port 42070 [preauth]
Oct 15 00:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15872]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15873]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15868]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: Failed password for root from 20.163.71.109 port 42082 ssh2
Oct 15 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: Received disconnect from 20.163.71.109 port 42082:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15857]: Disconnected from 20.163.71.109 port 42082 [preauth]
Oct 15 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15938]: Successful su for rubyman by root
Oct 15 00:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15938]: + ??? root:rubyman
Oct 15 00:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414423 of user rubyman.
Oct 15 00:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15938]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414423.
Oct 15 00:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: Failed password for root from 20.163.71.109 port 50458 ssh2
Oct 15 00:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: Received disconnect from 20.163.71.109 port 50458:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: Disconnected from 20.163.71.109 port 50458 [preauth]
Oct 15 00:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Failed password for root from 20.163.71.109 port 50466 ssh2
Oct 15 00:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Received disconnect from 20.163.71.109 port 50466:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Disconnected from 20.163.71.109 port 50466 [preauth]
Oct 15 00:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: Failed password for root from 20.163.71.109 port 50468 ssh2
Oct 15 00:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: Received disconnect from 20.163.71.109 port 50468:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: Disconnected from 20.163.71.109 port 50468 [preauth]
Oct 15 00:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12143]: pam_unix(cron:session): session closed for user root
Oct 15 00:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16102]: Failed password for root from 20.163.71.109 port 50478 ssh2
Oct 15 00:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16102]: Received disconnect from 20.163.71.109 port 50478:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16102]: Disconnected from 20.163.71.109 port 50478 [preauth]
Oct 15 00:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: Failed password for root from 20.163.71.109 port 50480 ssh2
Oct 15 00:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: Received disconnect from 20.163.71.109 port 50480:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: Disconnected from 20.163.71.109 port 50480 [preauth]
Oct 15 00:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: Failed password for root from 20.163.71.109 port 53742 ssh2
Oct 15 00:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: Received disconnect from 20.163.71.109 port 53742:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: Disconnected from 20.163.71.109 port 53742 [preauth]
Oct 15 00:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15870]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Failed password for root from 20.163.71.109 port 53746 ssh2
Oct 15 00:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Received disconnect from 20.163.71.109 port 53746:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Disconnected from 20.163.71.109 port 53746 [preauth]
Oct 15 00:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Failed password for root from 20.163.71.109 port 53760 ssh2
Oct 15 00:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Received disconnect from 20.163.71.109 port 53760:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Disconnected from 20.163.71.109 port 53760 [preauth]
Oct 15 00:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16207]: Failed password for root from 20.163.71.109 port 53764 ssh2
Oct 15 00:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16207]: Received disconnect from 20.163.71.109 port 53764:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16207]: Disconnected from 20.163.71.109 port 53764 [preauth]
Oct 15 00:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16209]: Failed password for root from 20.163.71.109 port 48546 ssh2
Oct 15 00:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16209]: Received disconnect from 20.163.71.109 port 48546:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16209]: Disconnected from 20.163.71.109 port 48546 [preauth]
Oct 15 00:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16221]: Failed password for root from 20.163.71.109 port 48558 ssh2
Oct 15 00:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16221]: Received disconnect from 20.163.71.109 port 48558:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16221]: Disconnected from 20.163.71.109 port 48558 [preauth]
Oct 15 00:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: Failed password for root from 20.163.71.109 port 48572 ssh2
Oct 15 00:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: Received disconnect from 20.163.71.109 port 48572:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: Disconnected from 20.163.71.109 port 48572 [preauth]
Oct 15 00:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16245]: Failed password for root from 20.163.71.109 port 48584 ssh2
Oct 15 00:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16245]: Received disconnect from 20.163.71.109 port 48584:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16245]: Disconnected from 20.163.71.109 port 48584 [preauth]
Oct 15 00:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16257]: Failed password for root from 20.163.71.109 port 48592 ssh2
Oct 15 00:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16257]: Received disconnect from 20.163.71.109 port 48592:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16257]: Disconnected from 20.163.71.109 port 48592 [preauth]
Oct 15 00:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: Failed password for root from 20.163.71.109 port 33436 ssh2
Oct 15 00:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: Received disconnect from 20.163.71.109 port 33436:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: Disconnected from 20.163.71.109 port 33436 [preauth]
Oct 15 00:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: Failed password for root from 20.163.71.109 port 33450 ssh2
Oct 15 00:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: Received disconnect from 20.163.71.109 port 33450:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: Disconnected from 20.163.71.109 port 33450 [preauth]
Oct 15 00:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14699]: pam_unix(cron:session): session closed for user root
Oct 15 00:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Failed password for root from 20.163.71.109 port 33458 ssh2
Oct 15 00:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Received disconnect from 20.163.71.109 port 33458:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Disconnected from 20.163.71.109 port 33458 [preauth]
Oct 15 00:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: Failed password for root from 20.163.71.109 port 33460 ssh2
Oct 15 00:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: Received disconnect from 20.163.71.109 port 33460:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: Disconnected from 20.163.71.109 port 33460 [preauth]
Oct 15 00:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Failed password for root from 20.163.71.109 port 40046 ssh2
Oct 15 00:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Received disconnect from 20.163.71.109 port 40046:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Disconnected from 20.163.71.109 port 40046 [preauth]
Oct 15 00:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: Failed password for root from 20.163.71.109 port 40060 ssh2
Oct 15 00:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: Received disconnect from 20.163.71.109 port 40060:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16316]: Disconnected from 20.163.71.109 port 40060 [preauth]
Oct 15 00:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: Failed password for root from 20.163.71.109 port 40064 ssh2
Oct 15 00:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: Received disconnect from 20.163.71.109 port 40064:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16318]: Disconnected from 20.163.71.109 port 40064 [preauth]
Oct 15 00:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Failed password for root from 20.163.71.109 port 40068 ssh2
Oct 15 00:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Received disconnect from 20.163.71.109 port 40068:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16348]: Disconnected from 20.163.71.109 port 40068 [preauth]
Oct 15 00:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: Failed password for root from 20.163.71.109 port 40082 ssh2
Oct 15 00:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: Received disconnect from 20.163.71.109 port 40082:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: Disconnected from 20.163.71.109 port 40082 [preauth]
Oct 15 00:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16361]: Failed password for root from 20.163.71.109 port 52610 ssh2
Oct 15 00:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16361]: Received disconnect from 20.163.71.109 port 52610:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16361]: Disconnected from 20.163.71.109 port 52610 [preauth]
Oct 15 00:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16374]: Failed password for root from 20.163.71.109 port 52612 ssh2
Oct 15 00:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16374]: Received disconnect from 20.163.71.109 port 52612:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16374]: Disconnected from 20.163.71.109 port 52612 [preauth]
Oct 15 00:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: Failed password for root from 20.163.71.109 port 52626 ssh2
Oct 15 00:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: Received disconnect from 20.163.71.109 port 52626:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16376]: Disconnected from 20.163.71.109 port 52626 [preauth]
Oct 15 00:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: Failed password for root from 20.163.71.109 port 52632 ssh2
Oct 15 00:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: Received disconnect from 20.163.71.109 port 52632:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: Disconnected from 20.163.71.109 port 52632 [preauth]
Oct 15 00:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16398]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16397]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16395]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: Failed password for root from 20.163.71.109 port 52644 ssh2
Oct 15 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: Received disconnect from 20.163.71.109 port 52644:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16392]: Disconnected from 20.163.71.109 port 52644 [preauth]
Oct 15 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16468]: Successful su for rubyman by root
Oct 15 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16468]: + ??? root:rubyman
Oct 15 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414428 of user rubyman.
Oct 15 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16468]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414428.
Oct 15 00:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16455]: Failed password for root from 20.163.71.109 port 34264 ssh2
Oct 15 00:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16455]: Received disconnect from 20.163.71.109 port 34264:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16455]: Disconnected from 20.163.71.109 port 34264 [preauth]
Oct 15 00:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16509]: Failed password for root from 20.163.71.109 port 34280 ssh2
Oct 15 00:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16509]: Received disconnect from 20.163.71.109 port 34280:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16509]: Disconnected from 20.163.71.109 port 34280 [preauth]
Oct 15 00:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Failed password for root from 20.163.71.109 port 34282 ssh2
Oct 15 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Received disconnect from 20.163.71.109 port 34282:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Disconnected from 20.163.71.109 port 34282 [preauth]
Oct 15 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12720]: pam_unix(cron:session): session closed for user root
Oct 15 00:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: Failed password for root from 20.163.71.109 port 34286 ssh2
Oct 15 00:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: Received disconnect from 20.163.71.109 port 34286:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: Disconnected from 20.163.71.109 port 34286 [preauth]
Oct 15 00:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Failed password for root from 20.163.71.109 port 34302 ssh2
Oct 15 00:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Received disconnect from 20.163.71.109 port 34302:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Disconnected from 20.163.71.109 port 34302 [preauth]
Oct 15 00:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: Failed password for root from 20.163.71.109 port 51600 ssh2
Oct 15 00:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: Received disconnect from 20.163.71.109 port 51600:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: Disconnected from 20.163.71.109 port 51600 [preauth]
Oct 15 00:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16699]: Failed password for root from 20.163.71.109 port 51608 ssh2
Oct 15 00:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16699]: Received disconnect from 20.163.71.109 port 51608:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16699]: Disconnected from 20.163.71.109 port 51608 [preauth]
Oct 15 00:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16396]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16710]: Failed password for root from 20.163.71.109 port 51622 ssh2
Oct 15 00:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16710]: Received disconnect from 20.163.71.109 port 51622:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16710]: Disconnected from 20.163.71.109 port 51622 [preauth]
Oct 15 00:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16719]: Failed password for root from 20.163.71.109 port 51624 ssh2
Oct 15 00:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16719]: Received disconnect from 20.163.71.109 port 51624:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16719]: Disconnected from 20.163.71.109 port 51624 [preauth]
Oct 15 00:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: Failed password for root from 20.163.71.109 port 51630 ssh2
Oct 15 00:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: Received disconnect from 20.163.71.109 port 51630:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16749]: Disconnected from 20.163.71.109 port 51630 [preauth]
Oct 15 00:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: Failed password for root from 20.163.71.109 port 37486 ssh2
Oct 15 00:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: Received disconnect from 20.163.71.109 port 37486:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: Disconnected from 20.163.71.109 port 37486 [preauth]
Oct 15 00:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16755]: Failed password for root from 20.163.71.109 port 37488 ssh2
Oct 15 00:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16755]: Received disconnect from 20.163.71.109 port 37488:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16755]: Disconnected from 20.163.71.109 port 37488 [preauth]
Oct 15 00:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16775]: Failed password for root from 20.163.71.109 port 37500 ssh2
Oct 15 00:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16775]: Received disconnect from 20.163.71.109 port 37500:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16775]: Disconnected from 20.163.71.109 port 37500 [preauth]
Oct 15 00:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: Failed password for root from 20.163.71.109 port 37508 ssh2
Oct 15 00:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: Received disconnect from 20.163.71.109 port 37508:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16777]: Disconnected from 20.163.71.109 port 37508 [preauth]
Oct 15 00:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: Failed password for root from 20.163.71.109 port 37516 ssh2
Oct 15 00:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: Received disconnect from 20.163.71.109 port 37516:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: Disconnected from 20.163.71.109 port 37516 [preauth]
Oct 15 00:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16811]: Failed password for root from 20.163.71.109 port 37518 ssh2
Oct 15 00:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16811]: Received disconnect from 20.163.71.109 port 37518:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16811]: Disconnected from 20.163.71.109 port 37518 [preauth]
Oct 15 00:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16813]: Failed password for root from 20.163.71.109 port 58374 ssh2
Oct 15 00:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16813]: Received disconnect from 20.163.71.109 port 58374:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16813]: Disconnected from 20.163.71.109 port 58374 [preauth]
Oct 15 00:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15365]: pam_unix(cron:session): session closed for user root
Oct 15 00:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: Failed password for root from 20.163.71.109 port 58378 ssh2
Oct 15 00:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: Received disconnect from 20.163.71.109 port 58378:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16823]: Disconnected from 20.163.71.109 port 58378 [preauth]
Oct 15 00:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: Failed password for root from 20.163.71.109 port 58382 ssh2
Oct 15 00:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: Received disconnect from 20.163.71.109 port 58382:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: Disconnected from 20.163.71.109 port 58382 [preauth]
Oct 15 00:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16851]: Failed password for root from 20.163.71.109 port 58388 ssh2
Oct 15 00:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16851]: Received disconnect from 20.163.71.109 port 58388:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16851]: Disconnected from 20.163.71.109 port 58388 [preauth]
Oct 15 00:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16863]: Failed password for root from 20.163.71.109 port 52752 ssh2
Oct 15 00:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16863]: Received disconnect from 20.163.71.109 port 52752:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16863]: Disconnected from 20.163.71.109 port 52752 [preauth]
Oct 15 00:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16866]: Failed password for root from 20.163.71.109 port 52758 ssh2
Oct 15 00:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16866]: Received disconnect from 20.163.71.109 port 52758:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16866]: Disconnected from 20.163.71.109 port 52758 [preauth]
Oct 15 00:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16875]: Failed password for root from 20.163.71.109 port 52768 ssh2
Oct 15 00:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16875]: Received disconnect from 20.163.71.109 port 52768:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16875]: Disconnected from 20.163.71.109 port 52768 [preauth]
Oct 15 00:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Failed password for root from 20.163.71.109 port 52770 ssh2
Oct 15 00:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Received disconnect from 20.163.71.109 port 52770:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Disconnected from 20.163.71.109 port 52770 [preauth]
Oct 15 00:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16899]: Failed password for root from 20.163.71.109 port 49964 ssh2
Oct 15 00:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16899]: Received disconnect from 20.163.71.109 port 49964:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16899]: Disconnected from 20.163.71.109 port 49964 [preauth]
Oct 15 00:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: Failed password for root from 20.163.71.109 port 49966 ssh2
Oct 15 00:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: Received disconnect from 20.163.71.109 port 49966:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: Disconnected from 20.163.71.109 port 49966 [preauth]
Oct 15 00:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: Failed password for root from 20.163.71.109 port 49978 ssh2
Oct 15 00:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: Received disconnect from 20.163.71.109 port 49978:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: Disconnected from 20.163.71.109 port 49978 [preauth]
Oct 15 00:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Failed password for root from 20.163.71.109 port 49988 ssh2
Oct 15 00:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Received disconnect from 20.163.71.109 port 49988:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Disconnected from 20.163.71.109 port 49988 [preauth]
Oct 15 00:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16922]: Failed password for root from 20.163.71.109 port 49998 ssh2
Oct 15 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16922]: Received disconnect from 20.163.71.109 port 49998:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16922]: Disconnected from 20.163.71.109 port 49998 [preauth]
Oct 15 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16932]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16930]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16933]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16931]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16933]: pam_unix(cron:session): session closed for user root
Oct 15 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16928]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17015]: Successful su for rubyman by root
Oct 15 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17015]: + ??? root:rubyman
Oct 15 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17015]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414433 of user rubyman.
Oct 15 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17015]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414433.
Oct 15 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: Failed password for root from 20.163.71.109 port 58670 ssh2
Oct 15 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: Received disconnect from 20.163.71.109 port 58670:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: Disconnected from 20.163.71.109 port 58670 [preauth]
Oct 15 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17043]: Failed password for root from 20.163.71.109 port 58672 ssh2
Oct 15 00:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17043]: Received disconnect from 20.163.71.109 port 58672:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17043]: Disconnected from 20.163.71.109 port 58672 [preauth]
Oct 15 00:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: Failed password for root from 20.163.71.109 port 58688 ssh2
Oct 15 00:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: Received disconnect from 20.163.71.109 port 58688:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: Disconnected from 20.163.71.109 port 58688 [preauth]
Oct 15 00:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16930]: pam_unix(cron:session): session closed for user root
Oct 15 00:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17156]: Failed password for root from 20.163.71.109 port 58702 ssh2
Oct 15 00:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17156]: Received disconnect from 20.163.71.109 port 58702:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17156]: Disconnected from 20.163.71.109 port 58702 [preauth]
Oct 15 00:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13403]: pam_unix(cron:session): session closed for user root
Oct 15 00:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: Failed password for root from 20.163.71.109 port 58718 ssh2
Oct 15 00:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: Received disconnect from 20.163.71.109 port 58718:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: Disconnected from 20.163.71.109 port 58718 [preauth]
Oct 15 00:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: Failed password for root from 20.163.71.109 port 49940 ssh2
Oct 15 00:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: Received disconnect from 20.163.71.109 port 49940:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: Disconnected from 20.163.71.109 port 49940 [preauth]
Oct 15 00:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Failed password for root from 20.163.71.109 port 49954 ssh2
Oct 15 00:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Received disconnect from 20.163.71.109 port 49954:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Disconnected from 20.163.71.109 port 49954 [preauth]
Oct 15 00:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16929]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: Failed password for root from 20.163.71.109 port 49968 ssh2
Oct 15 00:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: Received disconnect from 20.163.71.109 port 49968:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: Disconnected from 20.163.71.109 port 49968 [preauth]
Oct 15 00:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Failed password for root from 20.163.71.109 port 49970 ssh2
Oct 15 00:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Received disconnect from 20.163.71.109 port 49970:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Disconnected from 20.163.71.109 port 49970 [preauth]
Oct 15 00:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17324]: Failed password for root from 20.163.71.109 port 49976 ssh2
Oct 15 00:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17324]: Received disconnect from 20.163.71.109 port 49976:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17324]: Disconnected from 20.163.71.109 port 49976 [preauth]
Oct 15 00:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Invalid user admin from 20.163.71.109
Oct 15 00:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: input_userauth_request: invalid user admin [preauth]
Oct 15 00:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Failed password for invalid user admin from 20.163.71.109 port 60086 ssh2
Oct 15 00:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Received disconnect from 20.163.71.109 port 60086:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17336]: Disconnected from 20.163.71.109 port 60086 [preauth]
Oct 15 00:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: Invalid user testaccount from 20.163.71.109
Oct 15 00:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: input_userauth_request: invalid user testaccount [preauth]
Oct 15 00:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: Failed password for invalid user testaccount from 20.163.71.109 port 60088 ssh2
Oct 15 00:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: Received disconnect from 20.163.71.109 port 60088:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: Disconnected from 20.163.71.109 port 60088 [preauth]
Oct 15 00:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: Invalid user marketing from 20.163.71.109
Oct 15 00:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: input_userauth_request: invalid user marketing [preauth]
Oct 15 00:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: Failed password for invalid user marketing from 20.163.71.109 port 60098 ssh2
Oct 15 00:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: Received disconnect from 20.163.71.109 port 60098:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17352]: Disconnected from 20.163.71.109 port 60098 [preauth]
Oct 15 00:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: Invalid user ubuntu from 20.163.71.109
Oct 15 00:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 00:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: Failed password for invalid user ubuntu from 20.163.71.109 port 60100 ssh2
Oct 15 00:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: Received disconnect from 20.163.71.109 port 60100:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: Disconnected from 20.163.71.109 port 60100 [preauth]
Oct 15 00:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17371]: Invalid user redhat from 20.163.71.109
Oct 15 00:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17371]: input_userauth_request: invalid user redhat [preauth]
Oct 15 00:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17371]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17371]: Failed password for invalid user redhat from 20.163.71.109 port 56794 ssh2
Oct 15 00:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17371]: Received disconnect from 20.163.71.109 port 56794:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17371]: Disconnected from 20.163.71.109 port 56794 [preauth]
Oct 15 00:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17387]: Invalid user mythtv from 20.163.71.109
Oct 15 00:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17387]: input_userauth_request: invalid user mythtv [preauth]
Oct 15 00:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17387]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17387]: Failed password for invalid user mythtv from 20.163.71.109 port 56806 ssh2
Oct 15 00:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17387]: Received disconnect from 20.163.71.109 port 56806:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17387]: Disconnected from 20.163.71.109 port 56806 [preauth]
Oct 15 00:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17390]: Invalid user mythtv from 20.163.71.109
Oct 15 00:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17390]: input_userauth_request: invalid user mythtv [preauth]
Oct 15 00:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17390]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17390]: Failed password for invalid user mythtv from 20.163.71.109 port 56818 ssh2
Oct 15 00:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17390]: Received disconnect from 20.163.71.109 port 56818:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17390]: Disconnected from 20.163.71.109 port 56818 [preauth]
Oct 15 00:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15873]: pam_unix(cron:session): session closed for user root
Oct 15 00:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: Invalid user mythtv from 20.163.71.109
Oct 15 00:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: input_userauth_request: invalid user mythtv [preauth]
Oct 15 00:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: Failed password for invalid user mythtv from 20.163.71.109 port 56824 ssh2
Oct 15 00:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: Received disconnect from 20.163.71.109 port 56824:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: Disconnected from 20.163.71.109 port 56824 [preauth]
Oct 15 00:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: Invalid user mythtv from 20.163.71.109
Oct 15 00:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: input_userauth_request: invalid user mythtv [preauth]
Oct 15 00:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: Failed password for invalid user mythtv from 20.163.71.109 port 56840 ssh2
Oct 15 00:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: Received disconnect from 20.163.71.109 port 56840:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: Disconnected from 20.163.71.109 port 56840 [preauth]
Oct 15 00:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: Invalid user mythtv from 20.163.71.109
Oct 15 00:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: input_userauth_request: invalid user mythtv [preauth]
Oct 15 00:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: Failed password for invalid user mythtv from 20.163.71.109 port 34890 ssh2
Oct 15 00:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: Received disconnect from 20.163.71.109 port 34890:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: Disconnected from 20.163.71.109 port 34890 [preauth]
Oct 15 00:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Invalid user mythtv from 20.163.71.109
Oct 15 00:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: input_userauth_request: invalid user mythtv [preauth]
Oct 15 00:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Failed password for invalid user mythtv from 20.163.71.109 port 34892 ssh2
Oct 15 00:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Received disconnect from 20.163.71.109 port 34892:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Disconnected from 20.163.71.109 port 34892 [preauth]
Oct 15 00:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17443]: Invalid user mythtv from 20.163.71.109
Oct 15 00:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17443]: input_userauth_request: invalid user mythtv [preauth]
Oct 15 00:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17443]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17443]: Failed password for invalid user mythtv from 20.163.71.109 port 34906 ssh2
Oct 15 00:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17443]: Received disconnect from 20.163.71.109 port 34906:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17443]: Disconnected from 20.163.71.109 port 34906 [preauth]
Oct 15 00:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: Invalid user mythtv from 20.163.71.109
Oct 15 00:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: input_userauth_request: invalid user mythtv [preauth]
Oct 15 00:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: Failed password for invalid user mythtv from 20.163.71.109 port 34922 ssh2
Oct 15 00:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: Received disconnect from 20.163.71.109 port 34922:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: Disconnected from 20.163.71.109 port 34922 [preauth]
Oct 15 00:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: Invalid user mythtv from 20.163.71.109
Oct 15 00:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: input_userauth_request: invalid user mythtv [preauth]
Oct 15 00:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: Failed password for invalid user mythtv from 20.163.71.109 port 34932 ssh2
Oct 15 00:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: Received disconnect from 20.163.71.109 port 34932:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17472]: Disconnected from 20.163.71.109 port 34932 [preauth]
Oct 15 00:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17477]: User ftp from 20.163.71.109 not allowed because not listed in AllowUsers
Oct 15 00:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17477]: input_userauth_request: invalid user ftp [preauth]
Oct 15 00:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=ftp
Oct 15 00:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17477]: Failed password for invalid user ftp from 20.163.71.109 port 44964 ssh2
Oct 15 00:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17477]: Received disconnect from 20.163.71.109 port 44964:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17477]: Disconnected from 20.163.71.109 port 44964 [preauth]
Oct 15 00:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: User ftp from 20.163.71.109 not allowed because not listed in AllowUsers
Oct 15 00:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: input_userauth_request: invalid user ftp [preauth]
Oct 15 00:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=ftp
Oct 15 00:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: Failed password for invalid user ftp from 20.163.71.109 port 44980 ssh2
Oct 15 00:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: Received disconnect from 20.163.71.109 port 44980:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: Disconnected from 20.163.71.109 port 44980 [preauth]
Oct 15 00:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: User ftp from 20.163.71.109 not allowed because not listed in AllowUsers
Oct 15 00:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: input_userauth_request: invalid user ftp [preauth]
Oct 15 00:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=ftp
Oct 15 00:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: Failed password for invalid user ftp from 20.163.71.109 port 44984 ssh2
Oct 15 00:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: Received disconnect from 20.163.71.109 port 44984:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: Disconnected from 20.163.71.109 port 44984 [preauth]
Oct 15 00:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: User ftp from 20.163.71.109 not allowed because not listed in AllowUsers
Oct 15 00:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: input_userauth_request: invalid user ftp [preauth]
Oct 15 00:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=ftp
Oct 15 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17498]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17497]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17494]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: Failed password for invalid user ftp from 20.163.71.109 port 44990 ssh2
Oct 15 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: Received disconnect from 20.163.71.109 port 44990:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17491]: Disconnected from 20.163.71.109 port 44990 [preauth]
Oct 15 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: User ftp from 20.163.71.109 not allowed because not listed in AllowUsers
Oct 15 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: input_userauth_request: invalid user ftp [preauth]
Oct 15 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=ftp
Oct 15 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17581]: Successful su for rubyman by root
Oct 15 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17581]: + ??? root:rubyman
Oct 15 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414438 of user rubyman.
Oct 15 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17581]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414438.
Oct 15 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: Failed password for invalid user ftp from 20.163.71.109 port 42808 ssh2
Oct 15 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: Received disconnect from 20.163.71.109 port 42808:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17574]: Disconnected from 20.163.71.109 port 42808 [preauth]
Oct 15 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: User ftp from 20.163.71.109 not allowed because not listed in AllowUsers
Oct 15 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: input_userauth_request: invalid user ftp [preauth]
Oct 15 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=ftp
Oct 15 00:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: Failed password for invalid user ftp from 20.163.71.109 port 42818 ssh2
Oct 15 00:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: Received disconnect from 20.163.71.109 port 42818:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: Disconnected from 20.163.71.109 port 42818 [preauth]
Oct 15 00:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: User ftp from 20.163.71.109 not allowed because not listed in AllowUsers
Oct 15 00:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: input_userauth_request: invalid user ftp [preauth]
Oct 15 00:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=ftp
Oct 15 00:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: Failed password for invalid user ftp from 20.163.71.109 port 42822 ssh2
Oct 15 00:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: Received disconnect from 20.163.71.109 port 42822:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: Disconnected from 20.163.71.109 port 42822 [preauth]
Oct 15 00:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: User ftp from 20.163.71.109 not allowed because not listed in AllowUsers
Oct 15 00:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: input_userauth_request: invalid user ftp [preauth]
Oct 15 00:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=ftp
Oct 15 00:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: Failed password for invalid user ftp from 20.163.71.109 port 42830 ssh2
Oct 15 00:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: Received disconnect from 20.163.71.109 port 42830:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: Disconnected from 20.163.71.109 port 42830 [preauth]
Oct 15 00:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: Invalid user nagios from 20.163.71.109
Oct 15 00:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: input_userauth_request: invalid user nagios [preauth]
Oct 15 00:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14162]: pam_unix(cron:session): session closed for user root
Oct 15 00:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: Failed password for invalid user nagios from 20.163.71.109 port 42844 ssh2
Oct 15 00:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: Received disconnect from 20.163.71.109 port 42844:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17862]: Disconnected from 20.163.71.109 port 42844 [preauth]
Oct 15 00:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: Invalid user nagios from 20.163.71.109
Oct 15 00:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: input_userauth_request: invalid user nagios [preauth]
Oct 15 00:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: Failed password for invalid user nagios from 20.163.71.109 port 58594 ssh2
Oct 15 00:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: Received disconnect from 20.163.71.109 port 58594:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17885]: Disconnected from 20.163.71.109 port 58594 [preauth]
Oct 15 00:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17893]: Invalid user nagios from 20.163.71.109
Oct 15 00:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17893]: input_userauth_request: invalid user nagios [preauth]
Oct 15 00:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17893]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17893]: Failed password for invalid user nagios from 20.163.71.109 port 58608 ssh2
Oct 15 00:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17893]: Received disconnect from 20.163.71.109 port 58608:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17893]: Disconnected from 20.163.71.109 port 58608 [preauth]
Oct 15 00:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Invalid user nagios from 20.163.71.109
Oct 15 00:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: input_userauth_request: invalid user nagios [preauth]
Oct 15 00:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Failed password for invalid user nagios from 20.163.71.109 port 58616 ssh2
Oct 15 00:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Received disconnect from 20.163.71.109 port 58616:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Disconnected from 20.163.71.109 port 58616 [preauth]
Oct 15 00:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: Invalid user nagios from 20.163.71.109
Oct 15 00:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: input_userauth_request: invalid user nagios [preauth]
Oct 15 00:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: Failed password for invalid user nagios from 20.163.71.109 port 58624 ssh2
Oct 15 00:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: Received disconnect from 20.163.71.109 port 58624:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: Disconnected from 20.163.71.109 port 58624 [preauth]
Oct 15 00:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Invalid user nagios from 20.163.71.109
Oct 15 00:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: input_userauth_request: invalid user nagios [preauth]
Oct 15 00:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Failed password for invalid user nagios from 20.163.71.109 port 55680 ssh2
Oct 15 00:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Received disconnect from 20.163.71.109 port 55680:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Disconnected from 20.163.71.109 port 55680 [preauth]
Oct 15 00:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: Invalid user nagios from 20.163.71.109
Oct 15 00:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: input_userauth_request: invalid user nagios [preauth]
Oct 15 00:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: Failed password for invalid user nagios from 20.163.71.109 port 55692 ssh2
Oct 15 00:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: Received disconnect from 20.163.71.109 port 55692:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: Disconnected from 20.163.71.109 port 55692 [preauth]
Oct 15 00:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17961]: Invalid user nagios from 20.163.71.109
Oct 15 00:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17961]: input_userauth_request: invalid user nagios [preauth]
Oct 15 00:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17961]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17961]: Failed password for invalid user nagios from 20.163.71.109 port 55708 ssh2
Oct 15 00:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17961]: Received disconnect from 20.163.71.109 port 55708:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17961]: Disconnected from 20.163.71.109 port 55708 [preauth]
Oct 15 00:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Invalid user agnes from 20.163.71.109
Oct 15 00:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: input_userauth_request: invalid user agnes [preauth]
Oct 15 00:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Failed password for invalid user agnes from 20.163.71.109 port 55712 ssh2
Oct 15 00:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Received disconnect from 20.163.71.109 port 55712:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Disconnected from 20.163.71.109 port 55712 [preauth]
Oct 15 00:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17994]: Invalid user agnes from 20.163.71.109
Oct 15 00:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17994]: input_userauth_request: invalid user agnes [preauth]
Oct 15 00:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17994]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17994]: Failed password for invalid user agnes from 20.163.71.109 port 55720 ssh2
Oct 15 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17994]: Received disconnect from 20.163.71.109 port 55720:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17994]: Disconnected from 20.163.71.109 port 55720 [preauth]
Oct 15 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: Invalid user simon from 20.163.71.109
Oct 15 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: input_userauth_request: invalid user simon [preauth]
Oct 15 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: Failed password for invalid user simon from 20.163.71.109 port 60964 ssh2
Oct 15 00:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: Received disconnect from 20.163.71.109 port 60964:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: Disconnected from 20.163.71.109 port 60964 [preauth]
Oct 15 00:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18003]: Invalid user server from 20.163.71.109
Oct 15 00:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18003]: input_userauth_request: invalid user server [preauth]
Oct 15 00:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18003]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18003]: Failed password for invalid user server from 20.163.71.109 port 60970 ssh2
Oct 15 00:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18003]: Received disconnect from 20.163.71.109 port 60970:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18003]: Disconnected from 20.163.71.109 port 60970 [preauth]
Oct 15 00:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18022]: Invalid user linux from 20.163.71.109
Oct 15 00:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18022]: input_userauth_request: invalid user linux [preauth]
Oct 15 00:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18022]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16398]: pam_unix(cron:session): session closed for user root
Oct 15 00:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18022]: Failed password for invalid user linux from 20.163.71.109 port 60976 ssh2
Oct 15 00:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18022]: Received disconnect from 20.163.71.109 port 60976:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18022]: Disconnected from 20.163.71.109 port 60976 [preauth]
Oct 15 00:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: Invalid user info from 20.163.71.109
Oct 15 00:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: input_userauth_request: invalid user info [preauth]
Oct 15 00:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: Failed password for invalid user info from 20.163.71.109 port 60980 ssh2
Oct 15 00:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: Received disconnect from 20.163.71.109 port 60980:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: Disconnected from 20.163.71.109 port 60980 [preauth]
Oct 15 00:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: User mail from 20.163.71.109 not allowed because not listed in AllowUsers
Oct 15 00:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: input_userauth_request: invalid user mail [preauth]
Oct 15 00:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=mail
Oct 15 00:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Failed password for invalid user mail from 20.163.71.109 port 44556 ssh2
Oct 15 00:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Received disconnect from 20.163.71.109 port 44556:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Disconnected from 20.163.71.109 port 44556 [preauth]
Oct 15 00:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: Invalid user operator from 20.163.71.109
Oct 15 00:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: input_userauth_request: invalid user operator [preauth]
Oct 15 00:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: Failed password for invalid user operator from 20.163.71.109 port 44570 ssh2
Oct 15 00:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: Received disconnect from 20.163.71.109 port 44570:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: Disconnected from 20.163.71.109 port 44570 [preauth]
Oct 15 00:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Invalid user webadmin from 20.163.71.109
Oct 15 00:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: input_userauth_request: invalid user webadmin [preauth]
Oct 15 00:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Failed password for invalid user webadmin from 20.163.71.109 port 44580 ssh2
Oct 15 00:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Received disconnect from 20.163.71.109 port 44580:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Disconnected from 20.163.71.109 port 44580 [preauth]
Oct 15 00:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: Invalid user trixbox1 from 20.163.71.109
Oct 15 00:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: input_userauth_request: invalid user trixbox1 [preauth]
Oct 15 00:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 00:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: Failed password for invalid user trixbox1 from 20.163.71.109 port 44586 ssh2
Oct 15 00:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: Received disconnect from 20.163.71.109 port 44586:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: Disconnected from 20.163.71.109 port 44586 [preauth]
Oct 15 00:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: Failed password for root from 20.163.71.109 port 44588 ssh2
Oct 15 00:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: Received disconnect from 20.163.71.109 port 44588:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: Disconnected from 20.163.71.109 port 44588 [preauth]
Oct 15 00:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18113]: Failed password for root from 20.163.71.109 port 37346 ssh2
Oct 15 00:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18113]: Received disconnect from 20.163.71.109 port 37346:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18113]: Disconnected from 20.163.71.109 port 37346 [preauth]
Oct 15 00:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18118]: Failed password for root from 20.163.71.109 port 37350 ssh2
Oct 15 00:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18118]: Received disconnect from 20.163.71.109 port 37350:11: Normal Shutdown, Thank you for playing [preauth]
Oct 15 00:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18118]: Disconnected from 20.163.71.109 port 37350 [preauth]
Oct 15 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18245]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18246]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18241]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18241]: pam_unix(cron:session): session closed for user root
Oct 15 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18243]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18385]: Successful su for rubyman by root
Oct 15 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18385]: + ??? root:rubyman
Oct 15 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414444 of user rubyman.
Oct 15 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18385]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414444.
Oct 15 00:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14697]: pam_unix(cron:session): session closed for user root
Oct 15 00:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18244]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16932]: pam_unix(cron:session): session closed for user root
Oct 15 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18844]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18842]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18841]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18840]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18840]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18918]: Successful su for rubyman by root
Oct 15 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18918]: + ??? root:rubyman
Oct 15 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414446 of user rubyman.
Oct 15 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18918]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414446.
Oct 15 00:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15364]: pam_unix(cron:session): session closed for user root
Oct 15 00:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
Oct 15 00:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19235]: Failed password for root from 80.94.95.115 port 23894 ssh2
Oct 15 00:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19235]: Connection closed by 80.94.95.115 port 23894 [preauth]
Oct 15 00:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18841]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17498]: pam_unix(cron:session): session closed for user root
Oct 15 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19732]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19741]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19702]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19839]: Successful su for rubyman by root
Oct 15 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19839]: + ??? root:rubyman
Oct 15 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414452 of user rubyman.
Oct 15 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19839]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414452.
Oct 15 00:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15872]: pam_unix(cron:session): session closed for user root
Oct 15 00:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19703]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18246]: pam_unix(cron:session): session closed for user root
Oct 15 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20304]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20301]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20302]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20303]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20304]: pam_unix(cron:session): session closed for user root
Oct 15 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20299]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20392]: Successful su for rubyman by root
Oct 15 00:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20392]: + ??? root:rubyman
Oct 15 00:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414457 of user rubyman.
Oct 15 00:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20392]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414457.
Oct 15 00:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20301]: pam_unix(cron:session): session closed for user root
Oct 15 00:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16397]: pam_unix(cron:session): session closed for user root
Oct 15 00:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20300]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18844]: pam_unix(cron:session): session closed for user root
Oct 15 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20810]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20809]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20807]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20808]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20807]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20885]: Successful su for rubyman by root
Oct 15 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20885]: + ??? root:rubyman
Oct 15 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414461 of user rubyman.
Oct 15 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20885]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414461.
Oct 15 00:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16931]: pam_unix(cron:session): session closed for user root
Oct 15 00:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20808]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19741]: pam_unix(cron:session): session closed for user root
Oct 15 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21257]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21258]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21255]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21397]: Successful su for rubyman by root
Oct 15 00:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21397]: + ??? root:rubyman
Oct 15 00:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414466 of user rubyman.
Oct 15 00:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21397]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414466.
Oct 15 00:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17497]: pam_unix(cron:session): session closed for user root
Oct 15 00:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21256]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20303]: pam_unix(cron:session): session closed for user root
Oct 15 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21784]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21785]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21782]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21878]: Successful su for rubyman by root
Oct 15 00:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21878]: + ??? root:rubyman
Oct 15 00:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21878]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414470 of user rubyman.
Oct 15 00:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21878]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414470.
Oct 15 00:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18245]: pam_unix(cron:session): session closed for user root
Oct 15 00:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21783]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20810]: pam_unix(cron:session): session closed for user root
Oct 15 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22293]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22294]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22291]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22360]: Successful su for rubyman by root
Oct 15 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22360]: + ??? root:rubyman
Oct 15 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414473 of user rubyman.
Oct 15 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22360]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414473.
Oct 15 00:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18842]: pam_unix(cron:session): session closed for user root
Oct 15 00:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22292]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21258]: pam_unix(cron:session): session closed for user root
Oct 15 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22957]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22954]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22955]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22956]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22957]: pam_unix(cron:session): session closed for user root
Oct 15 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22949]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23188]: Successful su for rubyman by root
Oct 15 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23188]: + ??? root:rubyman
Oct 15 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414476 of user rubyman.
Oct 15 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23188]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414476.
Oct 15 00:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22954]: pam_unix(cron:session): session closed for user root
Oct 15 00:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19732]: pam_unix(cron:session): session closed for user root
Oct 15 00:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22953]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21785]: pam_unix(cron:session): session closed for user root
Oct 15 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23958]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23959]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23955]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23955]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24044]: Successful su for rubyman by root
Oct 15 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24044]: + ??? root:rubyman
Oct 15 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24044]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414484 of user rubyman.
Oct 15 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24044]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414484.
Oct 15 00:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20302]: pam_unix(cron:session): session closed for user root
Oct 15 00:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23957]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22294]: pam_unix(cron:session): session closed for user root
Oct 15 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24494]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24493]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24491]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24578]: Successful su for rubyman by root
Oct 15 00:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24578]: + ??? root:rubyman
Oct 15 00:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414488 of user rubyman.
Oct 15 00:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24578]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414488.
Oct 15 00:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20809]: pam_unix(cron:session): session closed for user root
Oct 15 00:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24492]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22956]: pam_unix(cron:session): session closed for user root
Oct 15 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24974]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24975]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24970]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25052]: Successful su for rubyman by root
Oct 15 00:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25052]: + ??? root:rubyman
Oct 15 00:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414492 of user rubyman.
Oct 15 00:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25052]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414492.
Oct 15 00:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21257]: pam_unix(cron:session): session closed for user root
Oct 15 00:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24971]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: Invalid user admin from 194.0.234.19
Oct 15 00:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: input_userauth_request: invalid user admin [preauth]
Oct 15 00:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Oct 15 00:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: Failed password for invalid user admin from 194.0.234.19 port 53046 ssh2
Oct 15 00:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: Connection closed by 194.0.234.19 port 53046 [preauth]
Oct 15 00:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25601]: Invalid user linan from 164.68.105.9
Oct 15 00:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25601]: input_userauth_request: invalid user linan [preauth]
Oct 15 00:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25601]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 00:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23959]: pam_unix(cron:session): session closed for user root
Oct 15 00:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25601]: Failed password for invalid user linan from 164.68.105.9 port 43194 ssh2
Oct 15 00:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25601]: Connection closed by 164.68.105.9 port 43194 [preauth]
Oct 15 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25690]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25689]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25687]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25687]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25759]: Successful su for rubyman by root
Oct 15 00:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25759]: + ??? root:rubyman
Oct 15 00:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414495 of user rubyman.
Oct 15 00:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25759]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414495.
Oct 15 00:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21784]: pam_unix(cron:session): session closed for user root
Oct 15 00:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25688]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24494]: pam_unix(cron:session): session closed for user root
Oct 15 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26253]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26254]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26252]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26251]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26250]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26254]: pam_unix(cron:session): session closed for user root
Oct 15 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26248]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26343]: Successful su for rubyman by root
Oct 15 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26343]: + ??? root:rubyman
Oct 15 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414500 of user rubyman.
Oct 15 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26343]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414500.
Oct 15 00:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26251]: pam_unix(cron:session): session closed for user root
Oct 15 00:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22293]: pam_unix(cron:session): session closed for user root
Oct 15 00:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26250]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24975]: pam_unix(cron:session): session closed for user root
Oct 15 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26920]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26921]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26916]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27152]: Successful su for rubyman by root
Oct 15 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27152]: + ??? root:rubyman
Oct 15 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414505 of user rubyman.
Oct 15 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27152]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414505.
Oct 15 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.38.148.202  user=root
Oct 15 00:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Failed password for root from 89.38.148.202 port 48958 ssh2
Oct 15 00:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Connection closed by 89.38.148.202 port 48958 [preauth]
Oct 15 00:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22955]: pam_unix(cron:session): session closed for user root
Oct 15 00:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26919]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25690]: pam_unix(cron:session): session closed for user root
Oct 15 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27854]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27748]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27741]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27924]: Successful su for rubyman by root
Oct 15 00:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27924]: + ??? root:rubyman
Oct 15 00:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27924]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414509 of user rubyman.
Oct 15 00:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27924]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414509.
Oct 15 00:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23958]: pam_unix(cron:session): session closed for user root
Oct 15 00:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27742]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26253]: pam_unix(cron:session): session closed for user root
Oct 15 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28319]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28318]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28317]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28316]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28411]: Successful su for rubyman by root
Oct 15 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28411]: + ??? root:rubyman
Oct 15 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414512 of user rubyman.
Oct 15 00:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28411]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414512.
Oct 15 00:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24493]: pam_unix(cron:session): session closed for user root
Oct 15 00:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28317]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26921]: pam_unix(cron:session): session closed for user root
Oct 15 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29157]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29154]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29152]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29239]: Successful su for rubyman by root
Oct 15 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29239]: + ??? root:rubyman
Oct 15 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414516 of user rubyman.
Oct 15 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29239]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414516.
Oct 15 00:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24974]: pam_unix(cron:session): session closed for user root
Oct 15 00:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29153]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29515]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 135.119.104.245 port 52140
Oct 15 00:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: Connection closed by 135.119.104.245 port 52138 [preauth]
Oct 15 00:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27854]: pam_unix(cron:session): session closed for user root
Oct 15 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29661]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29662]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29665]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29664]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29665]: pam_unix(cron:session): session closed for user root
Oct 15 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29658]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29744]: Successful su for rubyman by root
Oct 15 00:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29744]: + ??? root:rubyman
Oct 15 00:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414520 of user rubyman.
Oct 15 00:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29744]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414520.
Oct 15 00:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29661]: pam_unix(cron:session): session closed for user root
Oct 15 00:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25689]: pam_unix(cron:session): session closed for user root
Oct 15 00:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29659]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: Invalid user admin from 194.0.234.93
Oct 15 00:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: input_userauth_request: invalid user admin [preauth]
Oct 15 00:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.93
Oct 15 00:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: Failed password for invalid user admin from 194.0.234.93 port 45838 ssh2
Oct 15 00:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30079]: Connection closed by 194.0.234.93 port 45838 [preauth]
Oct 15 00:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28319]: pam_unix(cron:session): session closed for user root
Oct 15 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30212]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30213]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30210]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30304]: Successful su for rubyman by root
Oct 15 00:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30304]: + ??? root:rubyman
Oct 15 00:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414528 of user rubyman.
Oct 15 00:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30304]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414528.
Oct 15 00:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26252]: pam_unix(cron:session): session closed for user root
Oct 15 00:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30211]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29157]: pam_unix(cron:session): session closed for user root
Oct 15 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30795]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30797]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30792]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30875]: Successful su for rubyman by root
Oct 15 00:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30875]: + ??? root:rubyman
Oct 15 00:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414532 of user rubyman.
Oct 15 00:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30875]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414532.
Oct 15 00:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26920]: pam_unix(cron:session): session closed for user root
Oct 15 00:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30793]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29664]: pam_unix(cron:session): session closed for user root
Oct 15 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31277]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31276]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31274]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31346]: Successful su for rubyman by root
Oct 15 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31346]: + ??? root:rubyman
Oct 15 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414535 of user rubyman.
Oct 15 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31346]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414535.
Oct 15 00:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27748]: pam_unix(cron:session): session closed for user root
Oct 15 00:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31275]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30213]: pam_unix(cron:session): session closed for user root
Oct 15 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31902]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31901]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31896]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31899]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32096]: Successful su for rubyman by root
Oct 15 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32096]: + ??? root:rubyman
Oct 15 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414539 of user rubyman.
Oct 15 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32096]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414539.
Oct 15 00:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31896]: pam_unix(cron:session): session closed for user root
Oct 15 00:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28318]: pam_unix(cron:session): session closed for user root
Oct 15 00:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31900]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30797]: pam_unix(cron:session): session closed for user root
Oct 15 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32545]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32544]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32540]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32543]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32541]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32542]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32545]: pam_unix(cron:session): session closed for user root
Oct 15 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32540]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32632]: Successful su for rubyman by root
Oct 15 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32632]: + ??? root:rubyman
Oct 15 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414545 of user rubyman.
Oct 15 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32632]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414545.
Oct 15 00:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: Invalid user admin from 2.57.121.25
Oct 15 00:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: input_userauth_request: invalid user admin [preauth]
Oct 15 00:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 00:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32542]: pam_unix(cron:session): session closed for user root
Oct 15 00:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: Failed password for invalid user admin from 2.57.121.25 port 62017 ssh2
Oct 15 00:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29154]: pam_unix(cron:session): session closed for user root
Oct 15 00:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: Failed password for invalid user admin from 2.57.121.25 port 62017 ssh2
Oct 15 00:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: Failed password for invalid user admin from 2.57.121.25 port 62017 ssh2
Oct 15 00:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: Failed password for invalid user admin from 2.57.121.25 port 62017 ssh2
Oct 15 00:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: Failed password for invalid user admin from 2.57.121.25 port 62017 ssh2
Oct 15 00:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: Received disconnect from 2.57.121.25 port 62017:11: Bye [preauth]
Oct 15 00:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: Disconnected from 2.57.121.25 port 62017 [preauth]
Oct 15 00:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 00:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 00:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32541]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31277]: pam_unix(cron:session): session closed for user root
Oct 15 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[593]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[594]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[591]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[668]: Successful su for rubyman by root
Oct 15 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[668]: + ??? root:rubyman
Oct 15 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414550 of user rubyman.
Oct 15 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[668]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414550.
Oct 15 00:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29662]: pam_unix(cron:session): session closed for user root
Oct 15 00:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[592]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 00:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1046]: Failed password for root from 20.163.71.109 port 43984 ssh2
Oct 15 00:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1046]: Connection closed by 20.163.71.109 port 43984 [preauth]
Oct 15 00:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31902]: pam_unix(cron:session): session closed for user root
Oct 15 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1165]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1166]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1163]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1245]: Successful su for rubyman by root
Oct 15 00:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1245]: + ??? root:rubyman
Oct 15 00:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414556 of user rubyman.
Oct 15 00:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1245]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414556.
Oct 15 00:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30212]: pam_unix(cron:session): session closed for user root
Oct 15 00:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1345]: Invalid user sshadmin from 80.94.95.116
Oct 15 00:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1345]: input_userauth_request: invalid user sshadmin [preauth]
Oct 15 00:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1345]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 00:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1345]: Failed password for invalid user sshadmin from 80.94.95.116 port 47050 ssh2
Oct 15 00:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1345]: Connection closed by 80.94.95.116 port 47050 [preauth]
Oct 15 00:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1164]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32544]: pam_unix(cron:session): session closed for user root
Oct 15 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1661]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1658]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1656]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1742]: Successful su for rubyman by root
Oct 15 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1742]: + ??? root:rubyman
Oct 15 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1742]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414557 of user rubyman.
Oct 15 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1742]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414557.
Oct 15 00:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30795]: pam_unix(cron:session): session closed for user root
Oct 15 00:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1657]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[594]: pam_unix(cron:session): session closed for user root
Oct 15 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2237]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2238]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2235]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2302]: Successful su for rubyman by root
Oct 15 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2302]: + ??? root:rubyman
Oct 15 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414561 of user rubyman.
Oct 15 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2302]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414561.
Oct 15 00:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31276]: pam_unix(cron:session): session closed for user root
Oct 15 00:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2236]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1166]: pam_unix(cron:session): session closed for user root
Oct 15 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2687]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2684]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2686]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2683]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2687]: pam_unix(cron:session): session closed for user root
Oct 15 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2681]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2757]: Successful su for rubyman by root
Oct 15 00:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2757]: + ??? root:rubyman
Oct 15 00:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414565 of user rubyman.
Oct 15 00:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2757]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414565.
Oct 15 00:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2683]: pam_unix(cron:session): session closed for user root
Oct 15 00:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31901]: pam_unix(cron:session): session closed for user root
Oct 15 00:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2682]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1661]: pam_unix(cron:session): session closed for user root
Oct 15 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3160]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3159]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3157]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3232]: Successful su for rubyman by root
Oct 15 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3232]: + ??? root:rubyman
Oct 15 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414572 of user rubyman.
Oct 15 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3232]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414572.
Oct 15 00:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32543]: pam_unix(cron:session): session closed for user root
Oct 15 00:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3158]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2238]: pam_unix(cron:session): session closed for user root
Oct 15 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3633]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3632]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3630]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3697]: Successful su for rubyman by root
Oct 15 00:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3697]: + ??? root:rubyman
Oct 15 00:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414575 of user rubyman.
Oct 15 00:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3697]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414575.
Oct 15 00:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[593]: pam_unix(cron:session): session closed for user root
Oct 15 00:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3631]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2686]: pam_unix(cron:session): session closed for user root
Oct 15 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4089]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4090]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4087]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4184]: Successful su for rubyman by root
Oct 15 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4184]: + ??? root:rubyman
Oct 15 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414579 of user rubyman.
Oct 15 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4184]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414579.
Oct 15 00:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1165]: pam_unix(cron:session): session closed for user root
Oct 15 00:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4088]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3160]: pam_unix(cron:session): session closed for user root
Oct 15 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4625]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4624]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4617]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4711]: Successful su for rubyman by root
Oct 15 00:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4711]: + ??? root:rubyman
Oct 15 00:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414583 of user rubyman.
Oct 15 00:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4711]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414583.
Oct 15 00:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1658]: pam_unix(cron:session): session closed for user root
Oct 15 00:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4619]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3633]: pam_unix(cron:session): session closed for user root
Oct 15 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5582]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5581]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5583]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5585]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5585]: pam_unix(cron:session): session closed for user root
Oct 15 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5579]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5663]: Successful su for rubyman by root
Oct 15 00:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5663]: + ??? root:rubyman
Oct 15 00:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414590 of user rubyman.
Oct 15 00:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5663]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414590.
Oct 15 00:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5581]: pam_unix(cron:session): session closed for user root
Oct 15 00:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2237]: pam_unix(cron:session): session closed for user root
Oct 15 00:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5580]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4090]: pam_unix(cron:session): session closed for user root
Oct 15 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6093]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6091]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6089]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6176]: Successful su for rubyman by root
Oct 15 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6176]: + ??? root:rubyman
Oct 15 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414593 of user rubyman.
Oct 15 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6176]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414593.
Oct 15 00:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2684]: pam_unix(cron:session): session closed for user root
Oct 15 00:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6090]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4625]: pam_unix(cron:session): session closed for user root
Oct 15 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6559]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6558]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6556]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6713]: Successful su for rubyman by root
Oct 15 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6713]: + ??? root:rubyman
Oct 15 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414597 of user rubyman.
Oct 15 00:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6713]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414597.
Oct 15 00:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3159]: pam_unix(cron:session): session closed for user root
Oct 15 00:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6557]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5583]: pam_unix(cron:session): session closed for user root
Oct 15 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7139]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7136]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7137]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7132]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7262]: Successful su for rubyman by root
Oct 15 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7262]: + ??? root:rubyman
Oct 15 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414602 of user rubyman.
Oct 15 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7262]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414602.
Oct 15 00:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3632]: pam_unix(cron:session): session closed for user root
Oct 15 00:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7136]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6093]: pam_unix(cron:session): session closed for user root
Oct 15 00:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: Connection closed by 149.100.11.243 port 58702 [preauth]
Oct 15 00:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7620]: Invalid user username from 194.0.234.19
Oct 15 00:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7620]: input_userauth_request: invalid user username [preauth]
Oct 15 00:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7620]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Oct 15 00:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7620]: Failed password for invalid user username from 194.0.234.19 port 23272 ssh2
Oct 15 00:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7620]: Connection closed by 194.0.234.19 port 23272 [preauth]
Oct 15 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7659]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7657]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7654]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7740]: Successful su for rubyman by root
Oct 15 00:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7740]: + ??? root:rubyman
Oct 15 00:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414606 of user rubyman.
Oct 15 00:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7740]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414606.
Oct 15 00:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4089]: pam_unix(cron:session): session closed for user root
Oct 15 00:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7655]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6559]: pam_unix(cron:session): session closed for user root
Oct 15 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8564]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8560]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8563]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8559]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8564]: pam_unix(cron:session): session closed for user root
Oct 15 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8557]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8656]: Successful su for rubyman by root
Oct 15 00:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8656]: + ??? root:rubyman
Oct 15 00:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414613 of user rubyman.
Oct 15 00:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8656]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414613.
Oct 15 00:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8559]: pam_unix(cron:session): session closed for user root
Oct 15 00:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4624]: pam_unix(cron:session): session closed for user root
Oct 15 00:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8558]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7139]: pam_unix(cron:session): session closed for user root
Oct 15 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9290]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9289]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9286]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9375]: Successful su for rubyman by root
Oct 15 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9375]: + ??? root:rubyman
Oct 15 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414616 of user rubyman.
Oct 15 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9375]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414616.
Oct 15 00:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5582]: pam_unix(cron:session): session closed for user root
Oct 15 00:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9287]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7659]: pam_unix(cron:session): session closed for user root
Oct 15 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9933]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9934]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9929]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9929]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10004]: Successful su for rubyman by root
Oct 15 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10004]: + ??? root:rubyman
Oct 15 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414621 of user rubyman.
Oct 15 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10004]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414621.
Oct 15 00:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6091]: pam_unix(cron:session): session closed for user root
Oct 15 00:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9931]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8563]: pam_unix(cron:session): session closed for user root
Oct 15 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10411]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10413]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10409]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10482]: Successful su for rubyman by root
Oct 15 00:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10482]: + ??? root:rubyman
Oct 15 00:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414624 of user rubyman.
Oct 15 00:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10482]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414624.
Oct 15 00:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6558]: pam_unix(cron:session): session closed for user root
Oct 15 00:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10410]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9290]: pam_unix(cron:session): session closed for user root
Oct 15 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10884]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10883]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10881]: pam_unix(cron:session): session closed for user p13x
Oct 15 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10949]: Successful su for rubyman by root
Oct 15 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10949]: + ??? root:rubyman
Oct 15 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414628 of user rubyman.
Oct 15 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10949]: pam_unix(su:session): session closed for user rubyman
Oct 15 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414628.
Oct 15 00:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7137]: pam_unix(cron:session): session closed for user root
Oct 15 00:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10882]: pam_unix(cron:session): session closed for user samftp
Oct 15 00:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11191]: Invalid user guest from 80.94.95.116
Oct 15 00:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11191]: input_userauth_request: invalid user guest [preauth]
Oct 15 00:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11191]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 00:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11191]: Failed password for invalid user guest from 80.94.95.116 port 43776 ssh2
Oct 15 00:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11191]: Connection closed by 80.94.95.116 port 43776 [preauth]
Oct 15 00:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9934]: pam_unix(cron:session): session closed for user root
Oct 15 00:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 00:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: Invalid user linan from 164.68.105.9
Oct 15 00:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: input_userauth_request: invalid user linan [preauth]
Oct 15 00:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 00:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 00:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: Failed password for invalid user linan from 164.68.105.9 port 45856 ssh2
Oct 15 00:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11329]: Connection closed by 164.68.105.9 port 45856 [preauth]
Oct 15 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11348]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11344]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11345]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11343]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11350]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11349]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11344]: pam_unix(cron:session): session closed for user root
Oct 15 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11350]: pam_unix(cron:session): session closed for user root
Oct 15 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11342]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11461]: Successful su for rubyman by root
Oct 15 01:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11461]: + ??? root:rubyman
Oct 15 01:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414631 of user rubyman.
Oct 15 01:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11461]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414631.
Oct 15 01:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11345]: pam_unix(cron:session): session closed for user root
Oct 15 01:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7657]: pam_unix(cron:session): session closed for user root
Oct 15 01:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11343]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.226.213  user=root
Oct 15 01:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11841]: Failed password for root from 117.50.226.213 port 36202 ssh2
Oct 15 01:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11841]: Received disconnect from 117.50.226.213 port 36202:11:  [preauth]
Oct 15 01:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11841]: Disconnected from 117.50.226.213 port 36202 [preauth]
Oct 15 01:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10413]: pam_unix(cron:session): session closed for user root
Oct 15 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12017]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12019]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12014]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12103]: Successful su for rubyman by root
Oct 15 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12103]: + ??? root:rubyman
Oct 15 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414638 of user rubyman.
Oct 15 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12103]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414638.
Oct 15 01:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8560]: pam_unix(cron:session): session closed for user root
Oct 15 01:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12015]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10884]: pam_unix(cron:session): session closed for user root
Oct 15 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12527]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12525]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12526]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12524]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12524]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12589]: Successful su for rubyman by root
Oct 15 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12589]: + ??? root:rubyman
Oct 15 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414643 of user rubyman.
Oct 15 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12589]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414643.
Oct 15 01:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9289]: pam_unix(cron:session): session closed for user root
Oct 15 01:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12525]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11349]: pam_unix(cron:session): session closed for user root
Oct 15 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13024]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13026]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13023]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13022]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13103]: Successful su for rubyman by root
Oct 15 01:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13103]: + ??? root:rubyman
Oct 15 01:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414647 of user rubyman.
Oct 15 01:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13103]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414647.
Oct 15 01:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9933]: pam_unix(cron:session): session closed for user root
Oct 15 01:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13023]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12019]: pam_unix(cron:session): session closed for user root
Oct 15 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13615]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13616]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13613]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13678]: Successful su for rubyman by root
Oct 15 01:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13678]: + ??? root:rubyman
Oct 15 01:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414651 of user rubyman.
Oct 15 01:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13678]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414651.
Oct 15 01:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10411]: pam_unix(cron:session): session closed for user root
Oct 15 01:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13614]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12527]: pam_unix(cron:session): session closed for user root
Oct 15 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14182]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14181]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14183]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14184]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14184]: pam_unix(cron:session): session closed for user root
Oct 15 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14179]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14263]: Successful su for rubyman by root
Oct 15 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14263]: + ??? root:rubyman
Oct 15 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414658 of user rubyman.
Oct 15 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14263]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414658.
Oct 15 01:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14181]: pam_unix(cron:session): session closed for user root
Oct 15 01:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10883]: pam_unix(cron:session): session closed for user root
Oct 15 01:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14180]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13026]: pam_unix(cron:session): session closed for user root
Oct 15 01:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: Invalid user guest from 194.0.234.19
Oct 15 01:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: input_userauth_request: invalid user guest [preauth]
Oct 15 01:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Oct 15 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14659]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14658]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14652]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: Failed password for invalid user guest from 194.0.234.19 port 50332 ssh2
Oct 15 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: Connection closed by 194.0.234.19 port 50332 [preauth]
Oct 15 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14730]: Successful su for rubyman by root
Oct 15 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14730]: + ??? root:rubyman
Oct 15 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414660 of user rubyman.
Oct 15 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14730]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414660.
Oct 15 01:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11348]: pam_unix(cron:session): session closed for user root
Oct 15 01:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14653]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: Invalid user  from 196.251.73.199
Oct 15 01:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: input_userauth_request: invalid user  [preauth]
Oct 15 01:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: Connection closed by 196.251.73.199 port 39322 [preauth]
Oct 15 01:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13616]: pam_unix(cron:session): session closed for user root
Oct 15 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15229]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15230]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15226]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15315]: Successful su for rubyman by root
Oct 15 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15315]: + ??? root:rubyman
Oct 15 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414665 of user rubyman.
Oct 15 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15315]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414665.
Oct 15 01:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12017]: pam_unix(cron:session): session closed for user root
Oct 15 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15227]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14183]: pam_unix(cron:session): session closed for user root
Oct 15 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15694]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15692]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15690]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15764]: Successful su for rubyman by root
Oct 15 01:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15764]: + ??? root:rubyman
Oct 15 01:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414668 of user rubyman.
Oct 15 01:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15764]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414668.
Oct 15 01:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12526]: pam_unix(cron:session): session closed for user root
Oct 15 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15691]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14659]: pam_unix(cron:session): session closed for user root
Oct 15 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16142]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16143]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16137]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16139]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16320]: Successful su for rubyman by root
Oct 15 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16320]: + ??? root:rubyman
Oct 15 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414675 of user rubyman.
Oct 15 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16320]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414675.
Oct 15 01:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16137]: pam_unix(cron:session): session closed for user root
Oct 15 01:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13024]: pam_unix(cron:session): session closed for user root
Oct 15 01:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16141]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: Invalid user admin from 185.156.73.233
Oct 15 01:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: input_userauth_request: invalid user admin [preauth]
Oct 15 01:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 01:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15230]: pam_unix(cron:session): session closed for user root
Oct 15 01:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: Failed password for invalid user admin from 185.156.73.233 port 23988 ssh2
Oct 15 01:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16625]: Connection closed by 185.156.73.233 port 23988 [preauth]
Oct 15 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16712]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16711]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16714]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16709]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16713]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16714]: pam_unix(cron:session): session closed for user root
Oct 15 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16709]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16803]: Successful su for rubyman by root
Oct 15 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16803]: + ??? root:rubyman
Oct 15 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414681 of user rubyman.
Oct 15 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16803]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414681.
Oct 15 01:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16711]: pam_unix(cron:session): session closed for user root
Oct 15 01:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13615]: pam_unix(cron:session): session closed for user root
Oct 15 01:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16710]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15694]: pam_unix(cron:session): session closed for user root
Oct 15 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17212]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17211]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17209]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17302]: Successful su for rubyman by root
Oct 15 01:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17302]: + ??? root:rubyman
Oct 15 01:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414686 of user rubyman.
Oct 15 01:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17302]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414686.
Oct 15 01:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14182]: pam_unix(cron:session): session closed for user root
Oct 15 01:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17210]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16143]: pam_unix(cron:session): session closed for user root
Oct 15 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17704]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17703]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17697]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17827]: Successful su for rubyman by root
Oct 15 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17827]: + ??? root:rubyman
Oct 15 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414689 of user rubyman.
Oct 15 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17827]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414689.
Oct 15 01:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14658]: pam_unix(cron:session): session closed for user root
Oct 15 01:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17702]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16713]: pam_unix(cron:session): session closed for user root
Oct 15 01:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: Invalid user antonio from 2.57.122.26
Oct 15 01:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: input_userauth_request: invalid user antonio [preauth]
Oct 15 01:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26
Oct 15 01:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: Failed password for invalid user antonio from 2.57.122.26 port 39178 ssh2
Oct 15 01:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: Connection closed by 2.57.122.26 port 39178 [preauth]
Oct 15 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18468]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18469]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18464]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18547]: Successful su for rubyman by root
Oct 15 01:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18547]: + ??? root:rubyman
Oct 15 01:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414694 of user rubyman.
Oct 15 01:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18547]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414694.
Oct 15 01:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15229]: pam_unix(cron:session): session closed for user root
Oct 15 01:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18465]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: Invalid user admin from 2.57.121.112
Oct 15 01:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: input_userauth_request: invalid user admin [preauth]
Oct 15 01:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 01:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: Failed password for invalid user admin from 2.57.121.112 port 46493 ssh2
Oct 15 01:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: Failed password for invalid user admin from 2.57.121.112 port 46493 ssh2
Oct 15 01:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: Failed password for invalid user admin from 2.57.121.112 port 46493 ssh2
Oct 15 01:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: Failed password for invalid user admin from 2.57.121.112 port 46493 ssh2
Oct 15 01:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: Failed password for invalid user admin from 2.57.121.112 port 46493 ssh2
Oct 15 01:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: Received disconnect from 2.57.121.112 port 46493:11: Bye [preauth]
Oct 15 01:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: Disconnected from 2.57.121.112 port 46493 [preauth]
Oct 15 01:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 01:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 01:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17212]: pam_unix(cron:session): session closed for user root
Oct 15 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19068]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19067]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19058]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19058]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19140]: Successful su for rubyman by root
Oct 15 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19140]: + ??? root:rubyman
Oct 15 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414695 of user rubyman.
Oct 15 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19140]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414695.
Oct 15 01:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15692]: pam_unix(cron:session): session closed for user root
Oct 15 01:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19066]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17704]: pam_unix(cron:session): session closed for user root
Oct 15 01:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: Bad protocol version identification '\026\003\001\002' from 164.52.24.187 port 45767
Oct 15 01:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Bad protocol version identification 'GET / HTTP/1.1' from 164.52.24.187 port 52775
Oct 15 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19894]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19893]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19896]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19890]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19891]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19896]: pam_unix(cron:session): session closed for user root
Oct 15 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19885]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19981]: Successful su for rubyman by root
Oct 15 01:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19981]: + ??? root:rubyman
Oct 15 01:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414699 of user rubyman.
Oct 15 01:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19981]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414699.
Oct 15 01:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19891]: pam_unix(cron:session): session closed for user root
Oct 15 01:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20190]: Connection closed by 164.52.24.187 port 55014 [preauth]
Oct 15 01:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16142]: pam_unix(cron:session): session closed for user root
Oct 15 01:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19890]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20313]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1536
Oct 15 01:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20335]: fatal: mm_answer_moduli: bad parameters: 2048 2048 512
Oct 15 01:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18469]: pam_unix(cron:session): session closed for user root
Oct 15 01:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20407]: fatal: mm_answer_moduli: bad parameters: 2048 2048 768
Oct 15 01:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20444]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1024
Oct 15 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: fatal: mm_answer_moduli: bad parameters: 2048 2048 1536
Oct 15 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20473]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20474]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20471]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20555]: Successful su for rubyman by root
Oct 15 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20555]: + ??? root:rubyman
Oct 15 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414705 of user rubyman.
Oct 15 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20555]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414705.
Oct 15 01:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16712]: pam_unix(cron:session): session closed for user root
Oct 15 01:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20758]: Connection closed by 164.52.24.187 port 34702 [preauth]
Oct 15 01:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20472]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19068]: pam_unix(cron:session): session closed for user root
Oct 15 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20936]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20935]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20931]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20931]: pam_unix(cron:session): session closed for user root
Oct 15 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20933]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21013]: Successful su for rubyman by root
Oct 15 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21013]: + ??? root:rubyman
Oct 15 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414711 of user rubyman.
Oct 15 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21013]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414711.
Oct 15 01:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17211]: pam_unix(cron:session): session closed for user root
Oct 15 01:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20934]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19894]: pam_unix(cron:session): session closed for user root
Oct 15 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21455]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21454]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21448]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21527]: Successful su for rubyman by root
Oct 15 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21527]: + ??? root:rubyman
Oct 15 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414714 of user rubyman.
Oct 15 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21527]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414714.
Oct 15 01:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17703]: pam_unix(cron:session): session closed for user root
Oct 15 01:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21452]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20474]: pam_unix(cron:session): session closed for user root
Oct 15 01:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21842]: Invalid user 12345 from 80.94.95.116
Oct 15 01:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21842]: input_userauth_request: invalid user 12345 [preauth]
Oct 15 01:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21842]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 01:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21842]: Failed password for invalid user 12345 from 80.94.95.116 port 16826 ssh2
Oct 15 01:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21842]: Connection closed by 80.94.95.116 port 16826 [preauth]
Oct 15 01:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: Invalid user user from 62.60.131.157
Oct 15 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: input_userauth_request: invalid user user [preauth]
Oct 15 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21927]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21926]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21924]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: Failed password for invalid user user from 62.60.131.157 port 46274 ssh2
Oct 15 01:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21995]: Successful su for rubyman by root
Oct 15 01:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21995]: + ??? root:rubyman
Oct 15 01:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414719 of user rubyman.
Oct 15 01:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21995]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414719.
Oct 15 01:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: Failed password for invalid user user from 62.60.131.157 port 46274 ssh2
Oct 15 01:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: Failed password for invalid user user from 62.60.131.157 port 46274 ssh2
Oct 15 01:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18468]: pam_unix(cron:session): session closed for user root
Oct 15 01:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: Failed password for invalid user user from 62.60.131.157 port 46274 ssh2
Oct 15 01:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: Failed password for invalid user user from 62.60.131.157 port 46274 ssh2
Oct 15 01:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: Received disconnect from 62.60.131.157 port 46274:11: Bye [preauth]
Oct 15 01:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: Disconnected from 62.60.131.157 port 46274 [preauth]
Oct 15 01:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 01:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21921]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 01:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21925]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20936]: pam_unix(cron:session): session closed for user root
Oct 15 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22419]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22424]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22433]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22426]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22433]: pam_unix(cron:session): session closed for user root
Oct 15 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22417]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22501]: Successful su for rubyman by root
Oct 15 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22501]: + ??? root:rubyman
Oct 15 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414722 of user rubyman.
Oct 15 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22501]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414722.
Oct 15 01:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22419]: pam_unix(cron:session): session closed for user root
Oct 15 01:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19067]: pam_unix(cron:session): session closed for user root
Oct 15 01:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22418]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23130]: Did not receive identification string from 196.251.114.29
Oct 15 01:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21455]: pam_unix(cron:session): session closed for user root
Oct 15 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23295]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23294]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23290]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23510]: Successful su for rubyman by root
Oct 15 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23510]: + ??? root:rubyman
Oct 15 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23510]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414728 of user rubyman.
Oct 15 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23510]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414728.
Oct 15 01:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19893]: pam_unix(cron:session): session closed for user root
Oct 15 01:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23293]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21927]: pam_unix(cron:session): session closed for user root
Oct 15 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24131]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24127]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24212]: Successful su for rubyman by root
Oct 15 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24212]: + ??? root:rubyman
Oct 15 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414733 of user rubyman.
Oct 15 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24212]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414733.
Oct 15 01:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20473]: pam_unix(cron:session): session closed for user root
Oct 15 01:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24128]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22426]: pam_unix(cron:session): session closed for user root
Oct 15 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24635]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24634]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24632]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24723]: Successful su for rubyman by root
Oct 15 01:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24723]: + ??? root:rubyman
Oct 15 01:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414737 of user rubyman.
Oct 15 01:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24723]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414737.
Oct 15 01:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20935]: pam_unix(cron:session): session closed for user root
Oct 15 01:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24633]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23295]: pam_unix(cron:session): session closed for user root
Oct 15 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25132]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25131]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25127]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25224]: Successful su for rubyman by root
Oct 15 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25224]: + ??? root:rubyman
Oct 15 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414741 of user rubyman.
Oct 15 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25224]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414741.
Oct 15 01:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21454]: pam_unix(cron:session): session closed for user root
Oct 15 01:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25632]: Invalid user support from 78.128.112.74
Oct 15 01:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25632]: input_userauth_request: invalid user support [preauth]
Oct 15 01:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25632]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Oct 15 01:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25632]: Failed password for invalid user support from 78.128.112.74 port 34098 ssh2
Oct 15 01:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25632]: Connection closed by 78.128.112.74 port 34098 [preauth]
Oct 15 01:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25128]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24131]: pam_unix(cron:session): session closed for user root
Oct 15 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25920]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25922]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25923]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25919]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25923]: pam_unix(cron:session): session closed for user root
Oct 15 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25916]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26022]: Successful su for rubyman by root
Oct 15 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26022]: + ??? root:rubyman
Oct 15 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414748 of user rubyman.
Oct 15 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26022]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414748.
Oct 15 01:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25919]: pam_unix(cron:session): session closed for user root
Oct 15 01:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21926]: pam_unix(cron:session): session closed for user root
Oct 15 01:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25918]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24635]: pam_unix(cron:session): session closed for user root
Oct 15 01:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: Invalid user erpnext from 117.252.95.54
Oct 15 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: input_userauth_request: invalid user erpnext [preauth]
Oct 15 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 01:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: Failed password for invalid user erpnext from 117.252.95.54 port 45639 ssh2
Oct 15 01:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: Received disconnect from 117.252.95.54 port 45639:11: Bye Bye [preauth]
Oct 15 01:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: Disconnected from 117.252.95.54 port 45639 [preauth]
Oct 15 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26539]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26540]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26536]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26613]: Successful su for rubyman by root
Oct 15 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26613]: + ??? root:rubyman
Oct 15 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414752 of user rubyman.
Oct 15 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26613]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414752.
Oct 15 01:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22424]: pam_unix(cron:session): session closed for user root
Oct 15 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26537]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: Connection closed by 52.91.217.114 port 12208 [preauth]
Oct 15 01:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25132]: pam_unix(cron:session): session closed for user root
Oct 15 01:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
Oct 15 01:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27181]: Failed password for root from 80.94.95.116 port 18952 ssh2
Oct 15 01:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27181]: Connection closed by 80.94.95.116 port 18952 [preauth]
Oct 15 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27248]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27247]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27244]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27314]: Successful su for rubyman by root
Oct 15 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27314]: + ??? root:rubyman
Oct 15 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27314]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414754 of user rubyman.
Oct 15 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27314]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414754.
Oct 15 01:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23294]: pam_unix(cron:session): session closed for user root
Oct 15 01:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27245]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25922]: pam_unix(cron:session): session closed for user root
Oct 15 01:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: Invalid user client from 117.252.95.54
Oct 15 01:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: input_userauth_request: invalid user client [preauth]
Oct 15 01:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28013]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28012]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28009]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: Failed password for invalid user client from 117.252.95.54 port 61549 ssh2
Oct 15 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: Received disconnect from 117.252.95.54 port 61549:11: Bye Bye [preauth]
Oct 15 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: Disconnected from 117.252.95.54 port 61549 [preauth]
Oct 15 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28091]: Successful su for rubyman by root
Oct 15 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28091]: + ??? root:rubyman
Oct 15 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414759 of user rubyman.
Oct 15 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28091]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414759.
Oct 15 01:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session closed for user root
Oct 15 01:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28011]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26540]: pam_unix(cron:session): session closed for user root
Oct 15 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28729]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28726]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28724]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28724]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28798]: Successful su for rubyman by root
Oct 15 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28798]: + ??? root:rubyman
Oct 15 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414762 of user rubyman.
Oct 15 01:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28798]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414762.
Oct 15 01:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24634]: pam_unix(cron:session): session closed for user root
Oct 15 01:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28725]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27248]: pam_unix(cron:session): session closed for user root
Oct 15 01:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29277]: Invalid user ts3 from 117.252.95.54
Oct 15 01:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29277]: input_userauth_request: invalid user ts3 [preauth]
Oct 15 01:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29277]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 01:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29277]: Failed password for invalid user ts3 from 117.252.95.54 port 57482 ssh2
Oct 15 01:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29277]: Received disconnect from 117.252.95.54 port 57482:11: Bye Bye [preauth]
Oct 15 01:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29277]: Disconnected from 117.252.95.54 port 57482 [preauth]
Oct 15 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29339]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29345]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29341]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29344]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29345]: pam_unix(cron:session): session closed for user root
Oct 15 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29337]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29423]: Successful su for rubyman by root
Oct 15 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29423]: + ??? root:rubyman
Oct 15 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414769 of user rubyman.
Oct 15 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29423]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414769.
Oct 15 01:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25131]: pam_unix(cron:session): session closed for user root
Oct 15 01:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29339]: pam_unix(cron:session): session closed for user root
Oct 15 01:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29338]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28013]: pam_unix(cron:session): session closed for user root
Oct 15 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29872]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29873]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29868]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29961]: Successful su for rubyman by root
Oct 15 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29961]: + ??? root:rubyman
Oct 15 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414772 of user rubyman.
Oct 15 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29961]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414772.
Oct 15 01:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25920]: pam_unix(cron:session): session closed for user root
Oct 15 01:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29870]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30245]: User ftp from 117.252.95.54 not allowed because not listed in AllowUsers
Oct 15 01:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30245]: input_userauth_request: invalid user ftp [preauth]
Oct 15 01:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54  user=ftp
Oct 15 01:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30245]: Failed password for invalid user ftp from 117.252.95.54 port 15939 ssh2
Oct 15 01:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30245]: Received disconnect from 117.252.95.54 port 15939:11: Bye Bye [preauth]
Oct 15 01:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30245]: Disconnected from 117.252.95.54 port 15939 [preauth]
Oct 15 01:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28729]: pam_unix(cron:session): session closed for user root
Oct 15 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30406]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30410]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30403]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30573]: Successful su for rubyman by root
Oct 15 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30573]: + ??? root:rubyman
Oct 15 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414778 of user rubyman.
Oct 15 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30573]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414778.
Oct 15 01:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26539]: pam_unix(cron:session): session closed for user root
Oct 15 01:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30405]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29344]: pam_unix(cron:session): session closed for user root
Oct 15 01:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: Invalid user sammy from 117.252.95.54
Oct 15 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: input_userauth_request: invalid user sammy [preauth]
Oct 15 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30966]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30965]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30962]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30961]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31050]: Successful su for rubyman by root
Oct 15 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31050]: + ??? root:rubyman
Oct 15 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414780 of user rubyman.
Oct 15 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31050]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414780.
Oct 15 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: Failed password for invalid user sammy from 117.252.95.54 port 2808 ssh2
Oct 15 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: Received disconnect from 117.252.95.54 port 2808:11: Bye Bye [preauth]
Oct 15 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30943]: Disconnected from 117.252.95.54 port 2808 [preauth]
Oct 15 01:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27247]: pam_unix(cron:session): session closed for user root
Oct 15 01:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30962]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29873]: pam_unix(cron:session): session closed for user root
Oct 15 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31462]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31461]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31459]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31678]: Successful su for rubyman by root
Oct 15 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31678]: + ??? root:rubyman
Oct 15 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414784 of user rubyman.
Oct 15 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31678]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414784.
Oct 15 01:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28012]: pam_unix(cron:session): session closed for user root
Oct 15 01:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31460]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31967]: Invalid user hath from 190.103.202.7
Oct 15 01:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31967]: input_userauth_request: invalid user hath [preauth]
Oct 15 01:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31967]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 15 01:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31967]: Failed password for invalid user hath from 190.103.202.7 port 35726 ssh2
Oct 15 01:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31967]: Connection closed by 190.103.202.7 port 35726 [preauth]
Oct 15 01:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30410]: pam_unix(cron:session): session closed for user root
Oct 15 01:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: Invalid user admin from 80.94.95.116
Oct 15 01:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: input_userauth_request: invalid user admin [preauth]
Oct 15 01:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 01:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32000]: Invalid user dev from 117.252.95.54
Oct 15 01:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32000]: input_userauth_request: invalid user dev [preauth]
Oct 15 01:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32000]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 01:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: Failed password for invalid user admin from 80.94.95.116 port 59874 ssh2
Oct 15 01:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: Connection closed by 80.94.95.116 port 59874 [preauth]
Oct 15 01:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32000]: Failed password for invalid user dev from 117.252.95.54 port 43869 ssh2
Oct 15 01:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32000]: Received disconnect from 117.252.95.54 port 43869:11: Bye Bye [preauth]
Oct 15 01:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32000]: Disconnected from 117.252.95.54 port 43869 [preauth]
Oct 15 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32078]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32077]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32076]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32082]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32082]: pam_unix(cron:session): session closed for user root
Oct 15 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32074]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32238]: Successful su for rubyman by root
Oct 15 01:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32238]: + ??? root:rubyman
Oct 15 01:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414789 of user rubyman.
Oct 15 01:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32238]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414789.
Oct 15 01:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32076]: pam_unix(cron:session): session closed for user root
Oct 15 01:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28726]: pam_unix(cron:session): session closed for user root
Oct 15 01:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32075]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30966]: pam_unix(cron:session): session closed for user root
Oct 15 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32639]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32640]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32636]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32718]: Successful su for rubyman by root
Oct 15 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32718]: + ??? root:rubyman
Oct 15 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32718]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414796 of user rubyman.
Oct 15 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32718]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414796.
Oct 15 01:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29341]: pam_unix(cron:session): session closed for user root
Oct 15 01:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32637]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[527]: Invalid user abc from 117.252.95.54
Oct 15 01:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[527]: input_userauth_request: invalid user abc [preauth]
Oct 15 01:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[527]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 01:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[527]: Failed password for invalid user abc from 117.252.95.54 port 56440 ssh2
Oct 15 01:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[527]: Received disconnect from 117.252.95.54 port 56440:11: Bye Bye [preauth]
Oct 15 01:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[527]: Disconnected from 117.252.95.54 port 56440 [preauth]
Oct 15 01:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31462]: pam_unix(cron:session): session closed for user root
Oct 15 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[651]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[652]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[649]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[723]: Successful su for rubyman by root
Oct 15 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[723]: + ??? root:rubyman
Oct 15 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414798 of user rubyman.
Oct 15 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[723]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414798.
Oct 15 01:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29872]: pam_unix(cron:session): session closed for user root
Oct 15 01:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[650]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32078]: pam_unix(cron:session): session closed for user root
Oct 15 01:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: Invalid user a from 117.252.95.54
Oct 15 01:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: input_userauth_request: invalid user a [preauth]
Oct 15 01:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1225]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1227]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1223]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: Failed password for invalid user a from 117.252.95.54 port 53633 ssh2
Oct 15 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: Received disconnect from 117.252.95.54 port 53633:11: Bye Bye [preauth]
Oct 15 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1207]: Disconnected from 117.252.95.54 port 53633 [preauth]
Oct 15 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1299]: Successful su for rubyman by root
Oct 15 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1299]: + ??? root:rubyman
Oct 15 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414804 of user rubyman.
Oct 15 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1299]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414804.
Oct 15 01:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30406]: pam_unix(cron:session): session closed for user root
Oct 15 01:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1224]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32640]: pam_unix(cron:session): session closed for user root
Oct 15 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1732]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1734]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1731]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1733]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1729]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1731]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2019]: Successful su for rubyman by root
Oct 15 01:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2019]: + ??? root:rubyman
Oct 15 01:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414808 of user rubyman.
Oct 15 01:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2019]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414808.
Oct 15 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1729]: pam_unix(cron:session): session closed for user root
Oct 15 01:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30965]: pam_unix(cron:session): session closed for user root
Oct 15 01:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1732]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Invalid user devuser from 117.252.95.54
Oct 15 01:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: input_userauth_request: invalid user devuser [preauth]
Oct 15 01:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 01:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[652]: pam_unix(cron:session): session closed for user root
Oct 15 01:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Failed password for invalid user devuser from 117.252.95.54 port 49279 ssh2
Oct 15 01:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Received disconnect from 117.252.95.54 port 49279:11: Bye Bye [preauth]
Oct 15 01:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Disconnected from 117.252.95.54 port 49279 [preauth]
Oct 15 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2389]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2388]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2385]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2387]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2389]: pam_unix(cron:session): session closed for user root
Oct 15 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2383]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2486]: Successful su for rubyman by root
Oct 15 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2486]: + ??? root:rubyman
Oct 15 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414813 of user rubyman.
Oct 15 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2486]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414813.
Oct 15 01:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2385]: pam_unix(cron:session): session closed for user root
Oct 15 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31461]: pam_unix(cron:session): session closed for user root
Oct 15 01:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2384]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1227]: pam_unix(cron:session): session closed for user root
Oct 15 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2872]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2967]: Successful su for rubyman by root
Oct 15 01:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2967]: + ??? root:rubyman
Oct 15 01:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414820 of user rubyman.
Oct 15 01:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2967]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414820.
Oct 15 01:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32077]: pam_unix(cron:session): session closed for user root
Oct 15 01:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: User uucp from 62.60.131.157 not allowed because not listed in AllowUsers
Oct 15 01:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: input_userauth_request: invalid user uucp [preauth]
Oct 15 01:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=uucp
Oct 15 01:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Failed password for invalid user uucp from 62.60.131.157 port 61795 ssh2
Oct 15 01:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Failed password for invalid user uucp from 62.60.131.157 port 61795 ssh2
Oct 15 01:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Invalid user sysadmin from 117.252.95.54
Oct 15 01:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: input_userauth_request: invalid user sysadmin [preauth]
Oct 15 01:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 01:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Failed password for invalid user uucp from 62.60.131.157 port 61795 ssh2
Oct 15 01:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Failed password for invalid user sysadmin from 117.252.95.54 port 57151 ssh2
Oct 15 01:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Received disconnect from 117.252.95.54 port 57151:11: Bye Bye [preauth]
Oct 15 01:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Disconnected from 117.252.95.54 port 57151 [preauth]
Oct 15 01:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Failed password for invalid user uucp from 62.60.131.157 port 61795 ssh2
Oct 15 01:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Failed password for invalid user uucp from 62.60.131.157 port 61795 ssh2
Oct 15 01:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Received disconnect from 62.60.131.157 port 61795:11: Bye [preauth]
Oct 15 01:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Disconnected from 62.60.131.157 port 61795 [preauth]
Oct 15 01:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=uucp
Oct 15 01:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 01:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1734]: pam_unix(cron:session): session closed for user root
Oct 15 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3352]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3351]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3350]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3349]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3422]: Successful su for rubyman by root
Oct 15 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3422]: + ??? root:rubyman
Oct 15 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414821 of user rubyman.
Oct 15 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3422]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414821.
Oct 15 01:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32639]: pam_unix(cron:session): session closed for user root
Oct 15 01:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3350]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2388]: pam_unix(cron:session): session closed for user root
Oct 15 01:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3789]: Invalid user dspace from 117.252.95.54
Oct 15 01:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3789]: input_userauth_request: invalid user dspace [preauth]
Oct 15 01:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3789]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3807]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3806]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3804]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3789]: Failed password for invalid user dspace from 117.252.95.54 port 25997 ssh2
Oct 15 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3789]: Received disconnect from 117.252.95.54 port 25997:11: Bye Bye [preauth]
Oct 15 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3789]: Disconnected from 117.252.95.54 port 25997 [preauth]
Oct 15 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3885]: Successful su for rubyman by root
Oct 15 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3885]: + ??? root:rubyman
Oct 15 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414825 of user rubyman.
Oct 15 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3885]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414825.
Oct 15 01:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[651]: pam_unix(cron:session): session closed for user root
Oct 15 01:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3805]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2872]: pam_unix(cron:session): session closed for user root
Oct 15 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4316]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4317]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4314]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4383]: Successful su for rubyman by root
Oct 15 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4383]: + ??? root:rubyman
Oct 15 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4383]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414829 of user rubyman.
Oct 15 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4383]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414829.
Oct 15 01:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1225]: pam_unix(cron:session): session closed for user root
Oct 15 01:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4315]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4693]: User sshd from 194.0.234.19 not allowed because not listed in AllowUsers
Oct 15 01:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4693]: input_userauth_request: invalid user sshd [preauth]
Oct 15 01:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=sshd
Oct 15 01:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4693]: Failed password for invalid user sshd from 194.0.234.19 port 23868 ssh2
Oct 15 01:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4693]: Connection closed by 194.0.234.19 port 23868 [preauth]
Oct 15 01:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: Invalid user botuser from 117.252.95.54
Oct 15 01:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: input_userauth_request: invalid user botuser [preauth]
Oct 15 01:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 01:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3352]: pam_unix(cron:session): session closed for user root
Oct 15 01:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: Failed password for invalid user botuser from 117.252.95.54 port 34117 ssh2
Oct 15 01:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: Received disconnect from 117.252.95.54 port 34117:11: Bye Bye [preauth]
Oct 15 01:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: Disconnected from 117.252.95.54 port 34117 [preauth]
Oct 15 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4811]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4808]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4810]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4807]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4811]: pam_unix(cron:session): session closed for user root
Oct 15 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4804]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4934]: Successful su for rubyman by root
Oct 15 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4934]: + ??? root:rubyman
Oct 15 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414835 of user rubyman.
Oct 15 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4934]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414835.
Oct 15 01:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4807]: pam_unix(cron:session): session closed for user root
Oct 15 01:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1733]: pam_unix(cron:session): session closed for user root
Oct 15 01:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4806]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3807]: pam_unix(cron:session): session closed for user root
Oct 15 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5809]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5810]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5808]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5807]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5807]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5897]: Successful su for rubyman by root
Oct 15 01:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5897]: + ??? root:rubyman
Oct 15 01:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414841 of user rubyman.
Oct 15 01:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5897]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414841.
Oct 15 01:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2387]: pam_unix(cron:session): session closed for user root
Oct 15 01:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Invalid user runner from 117.252.95.54
Oct 15 01:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: input_userauth_request: invalid user runner [preauth]
Oct 15 01:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 01:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5808]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Failed password for invalid user runner from 117.252.95.54 port 1243 ssh2
Oct 15 01:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Received disconnect from 117.252.95.54 port 1243:11: Bye Bye [preauth]
Oct 15 01:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Disconnected from 117.252.95.54 port 1243 [preauth]
Oct 15 01:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4317]: pam_unix(cron:session): session closed for user root
Oct 15 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6282]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6283]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6280]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6280]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6355]: Successful su for rubyman by root
Oct 15 01:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6355]: + ??? root:rubyman
Oct 15 01:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6355]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414844 of user rubyman.
Oct 15 01:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6355]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414844.
Oct 15 01:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session closed for user root
Oct 15 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.205.25  user=root
Oct 15 01:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6539]: Failed password for root from 80.211.205.25 port 36254 ssh2
Oct 15 01:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6539]: Connection closed by 80.211.205.25 port 36254 [preauth]
Oct 15 01:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6281]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4810]: pam_unix(cron:session): session closed for user root
Oct 15 01:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54  user=root
Oct 15 01:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: Failed password for root from 117.252.95.54 port 54474 ssh2
Oct 15 01:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: Received disconnect from 117.252.95.54 port 54474:11: Bye Bye [preauth]
Oct 15 01:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: Disconnected from 117.252.95.54 port 54474 [preauth]
Oct 15 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6837]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6836]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6834]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6917]: Successful su for rubyman by root
Oct 15 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6917]: + ??? root:rubyman
Oct 15 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414849 of user rubyman.
Oct 15 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6917]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414849.
Oct 15 01:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3351]: pam_unix(cron:session): session closed for user root
Oct 15 01:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6835]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
Oct 15 01:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: Invalid user hath from 190.103.202.7
Oct 15 01:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: input_userauth_request: invalid user hath [preauth]
Oct 15 01:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 15 01:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7247]: Failed password for root from 80.94.95.116 port 19654 ssh2
Oct 15 01:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7247]: Connection closed by 80.94.95.116 port 19654 [preauth]
Oct 15 01:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: Failed password for invalid user hath from 190.103.202.7 port 37820 ssh2
Oct 15 01:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: Connection closed by 190.103.202.7 port 37820 [preauth]
Oct 15 01:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5810]: pam_unix(cron:session): session closed for user root
Oct 15 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7410]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7411]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7406]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7481]: Successful su for rubyman by root
Oct 15 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7481]: + ??? root:rubyman
Oct 15 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414851 of user rubyman.
Oct 15 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7481]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414851.
Oct 15 01:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3806]: pam_unix(cron:session): session closed for user root
Oct 15 01:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7407]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54  user=root
Oct 15 01:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7770]: Failed password for root from 117.252.95.54 port 28029 ssh2
Oct 15 01:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7770]: Received disconnect from 117.252.95.54 port 28029:11: Bye Bye [preauth]
Oct 15 01:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7770]: Disconnected from 117.252.95.54 port 28029 [preauth]
Oct 15 01:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6283]: pam_unix(cron:session): session closed for user root
Oct 15 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7862]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8001]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8004]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8003]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8004]: pam_unix(cron:session): session closed for user root
Oct 15 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7860]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8390]: Successful su for rubyman by root
Oct 15 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8390]: + ??? root:rubyman
Oct 15 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414856 of user rubyman.
Oct 15 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8390]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414856.
Oct 15 01:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7862]: pam_unix(cron:session): session closed for user root
Oct 15 01:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4316]: pam_unix(cron:session): session closed for user root
Oct 15 01:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7861]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6837]: pam_unix(cron:session): session closed for user root
Oct 15 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8914]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8913]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8911]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8999]: Successful su for rubyman by root
Oct 15 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8999]: + ??? root:rubyman
Oct 15 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414862 of user rubyman.
Oct 15 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8999]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414862.
Oct 15 01:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9119]: Invalid user odoo17 from 117.252.95.54
Oct 15 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9119]: input_userauth_request: invalid user odoo17 [preauth]
Oct 15 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9119]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 01:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9119]: Failed password for invalid user odoo17 from 117.252.95.54 port 56331 ssh2
Oct 15 01:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9119]: Received disconnect from 117.252.95.54 port 56331:11: Bye Bye [preauth]
Oct 15 01:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9119]: Disconnected from 117.252.95.54 port 56331 [preauth]
Oct 15 01:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4808]: pam_unix(cron:session): session closed for user root
Oct 15 01:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8912]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7411]: pam_unix(cron:session): session closed for user root
Oct 15 01:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Bad protocol version identification '' from 3.143.33.63 port 38412
Oct 15 01:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9456]: Bad protocol version identification 'GET / HTTP/1.1' from 3.143.33.63 port 37638
Oct 15 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9524]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9523]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9522]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9521]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9521]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9600]: Successful su for rubyman by root
Oct 15 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9600]: + ??? root:rubyman
Oct 15 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414865 of user rubyman.
Oct 15 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9600]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414865.
Oct 15 01:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5809]: pam_unix(cron:session): session closed for user root
Oct 15 01:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9522]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8003]: pam_unix(cron:session): session closed for user root
Oct 15 01:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10097]: Invalid user nagios from 117.252.95.54
Oct 15 01:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10097]: input_userauth_request: invalid user nagios [preauth]
Oct 15 01:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10097]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 01:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10097]: Failed password for invalid user nagios from 117.252.95.54 port 21004 ssh2
Oct 15 01:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10097]: Received disconnect from 117.252.95.54 port 21004:11: Bye Bye [preauth]
Oct 15 01:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10097]: Disconnected from 117.252.95.54 port 21004 [preauth]
Oct 15 01:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: Bad protocol version identification 'GET / HTTP/1.1' from 3.143.33.63 port 51630
Oct 15 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10132]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10133]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10137]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10131]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10131]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10218]: Successful su for rubyman by root
Oct 15 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10218]: + ??? root:rubyman
Oct 15 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414869 of user rubyman.
Oct 15 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10218]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414869.
Oct 15 01:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6282]: pam_unix(cron:session): session closed for user root
Oct 15 01:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10132]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8914]: pam_unix(cron:session): session closed for user root
Oct 15 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10626]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10620]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10618]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10699]: Successful su for rubyman by root
Oct 15 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10699]: + ??? root:rubyman
Oct 15 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414875 of user rubyman.
Oct 15 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10699]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414875.
Oct 15 01:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6836]: pam_unix(cron:session): session closed for user root
Oct 15 01:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: Bad protocol version identification '\026\003\001' from 3.143.33.63 port 37092
Oct 15 01:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10619]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Invalid user teamspeak3 from 117.252.95.54
Oct 15 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: input_userauth_request: invalid user teamspeak3 [preauth]
Oct 15 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 01:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Failed password for invalid user teamspeak3 from 117.252.95.54 port 24505 ssh2
Oct 15 01:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Received disconnect from 117.252.95.54 port 24505:11: Bye Bye [preauth]
Oct 15 01:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10984]: Disconnected from 117.252.95.54 port 24505 [preauth]
Oct 15 01:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9524]: pam_unix(cron:session): session closed for user root
Oct 15 01:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: Invalid user admin from 2.57.121.25
Oct 15 01:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: input_userauth_request: invalid user admin [preauth]
Oct 15 01:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 01:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: Failed password for invalid user admin from 2.57.121.25 port 19156 ssh2
Oct 15 01:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: Failed password for invalid user admin from 2.57.121.25 port 19156 ssh2
Oct 15 01:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: Failed password for invalid user admin from 2.57.121.25 port 19156 ssh2
Oct 15 01:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: Failed password for invalid user admin from 2.57.121.25 port 19156 ssh2
Oct 15 01:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: Failed password for invalid user admin from 2.57.121.25 port 19156 ssh2
Oct 15 01:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: Received disconnect from 2.57.121.25 port 19156:11: Bye [preauth]
Oct 15 01:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: Disconnected from 2.57.121.25 port 19156 [preauth]
Oct 15 01:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 01:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11083]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11087]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11084]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11082]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11087]: pam_unix(cron:session): session closed for user root
Oct 15 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11080]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11166]: Successful su for rubyman by root
Oct 15 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11166]: + ??? root:rubyman
Oct 15 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414879 of user rubyman.
Oct 15 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11166]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414879.
Oct 15 01:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11082]: pam_unix(cron:session): session closed for user root
Oct 15 01:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7410]: pam_unix(cron:session): session closed for user root
Oct 15 01:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11081]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10137]: pam_unix(cron:session): session closed for user root
Oct 15 01:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: Connection closed by 3.143.33.63 port 40262 [preauth]
Oct 15 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11591]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11592]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11585]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11765]: Successful su for rubyman by root
Oct 15 01:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11765]: + ??? root:rubyman
Oct 15 01:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414885 of user rubyman.
Oct 15 01:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11765]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414885.
Oct 15 01:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11898]: User sshd from 80.94.95.116 not allowed because not listed in AllowUsers
Oct 15 01:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11898]: input_userauth_request: invalid user sshd [preauth]
Oct 15 01:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=sshd
Oct 15 01:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11898]: Failed password for invalid user sshd from 80.94.95.116 port 46984 ssh2
Oct 15 01:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: Invalid user sammy from 117.252.95.54
Oct 15 01:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: input_userauth_request: invalid user sammy [preauth]
Oct 15 01:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 01:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8001]: pam_unix(cron:session): session closed for user root
Oct 15 01:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11898]: Connection closed by 80.94.95.116 port 46984 [preauth]
Oct 15 01:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: Failed password for invalid user sammy from 117.252.95.54 port 45868 ssh2
Oct 15 01:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: Received disconnect from 117.252.95.54 port 45868:11: Bye Bye [preauth]
Oct 15 01:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11955]: Disconnected from 117.252.95.54 port 45868 [preauth]
Oct 15 01:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11590]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10626]: pam_unix(cron:session): session closed for user root
Oct 15 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12164]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12162]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12163]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12161]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12161]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12255]: Successful su for rubyman by root
Oct 15 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12255]: + ??? root:rubyman
Oct 15 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414887 of user rubyman.
Oct 15 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12255]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414887.
Oct 15 01:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12377]: Bad protocol version identification '\026\003\001' from 3.143.33.63 port 48758
Oct 15 01:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8913]: pam_unix(cron:session): session closed for user root
Oct 15 01:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12162]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11084]: pam_unix(cron:session): session closed for user root
Oct 15 01:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: Invalid user azureuser from 117.252.95.54
Oct 15 01:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: input_userauth_request: invalid user azureuser [preauth]
Oct 15 01:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 01:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: Failed password for invalid user azureuser from 117.252.95.54 port 39587 ssh2
Oct 15 01:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: Received disconnect from 117.252.95.54 port 39587:11: Bye Bye [preauth]
Oct 15 01:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12619]: Disconnected from 117.252.95.54 port 39587 [preauth]
Oct 15 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12670]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12669]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12666]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12739]: Successful su for rubyman by root
Oct 15 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12739]: + ??? root:rubyman
Oct 15 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414891 of user rubyman.
Oct 15 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12739]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414891.
Oct 15 01:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9523]: pam_unix(cron:session): session closed for user root
Oct 15 01:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12667]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11592]: pam_unix(cron:session): session closed for user root
Oct 15 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13160]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13159]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13156]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13156]: pam_unix(cron:session): session closed for user p13x
Oct 15 01:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13348]: Successful su for rubyman by root
Oct 15 01:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13348]: + ??? root:rubyman
Oct 15 01:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 01:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414895 of user rubyman.
Oct 15 01:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13348]: pam_unix(su:session): session closed for user rubyman
Oct 15 01:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414895.
Oct 15 01:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10133]: pam_unix(cron:session): session closed for user root
Oct 15 01:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13158]: pam_unix(cron:session): session closed for user samftp
Oct 15 01:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 01:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13638]: Invalid user ubuntu from 117.252.95.54
Oct 15 01:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13638]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 01:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13638]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 01:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 01:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13638]: Failed password for invalid user ubuntu from 117.252.95.54 port 36505 ssh2
Oct 15 01:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13638]: Received disconnect from 117.252.95.54 port 36505:11: Bye Bye [preauth]
Oct 15 01:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13638]: Disconnected from 117.252.95.54 port 36505 [preauth]
Oct 15 01:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12164]: pam_unix(cron:session): session closed for user root
Oct 15 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13760]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13761]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13756]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13755]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13754]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13761]: pam_unix(cron:session): session closed for user root
Oct 15 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13754]: pam_unix(cron:session): session closed for user root
Oct 15 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13750]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13903]: Successful su for rubyman by root
Oct 15 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13903]: + ??? root:rubyman
Oct 15 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414899 of user rubyman.
Oct 15 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13903]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414899.
Oct 15 02:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13755]: pam_unix(cron:session): session closed for user root
Oct 15 02:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10620]: pam_unix(cron:session): session closed for user root
Oct 15 02:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.160.96  user=root
Oct 15 02:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: Failed password for root from 94.177.160.96 port 56228 ssh2
Oct 15 02:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: Connection closed by 94.177.160.96 port 56228 [preauth]
Oct 15 02:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12670]: pam_unix(cron:session): session closed for user root
Oct 15 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14412]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14413]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14409]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14497]: Successful su for rubyman by root
Oct 15 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14497]: + ??? root:rubyman
Oct 15 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414906 of user rubyman.
Oct 15 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14497]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414906.
Oct 15 02:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: Invalid user user1 from 117.252.95.54
Oct 15 02:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: input_userauth_request: invalid user user1 [preauth]
Oct 15 02:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 02:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11083]: pam_unix(cron:session): session closed for user root
Oct 15 02:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: Failed password for invalid user user1 from 117.252.95.54 port 31715 ssh2
Oct 15 02:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: Received disconnect from 117.252.95.54 port 31715:11: Bye Bye [preauth]
Oct 15 02:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: Disconnected from 117.252.95.54 port 31715 [preauth]
Oct 15 02:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14411]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13160]: pam_unix(cron:session): session closed for user root
Oct 15 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14890]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14889]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14887]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14887]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14966]: Successful su for rubyman by root
Oct 15 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14966]: + ??? root:rubyman
Oct 15 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414911 of user rubyman.
Oct 15 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14966]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414911.
Oct 15 02:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11591]: pam_unix(cron:session): session closed for user root
Oct 15 02:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14888]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13760]: pam_unix(cron:session): session closed for user root
Oct 15 02:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Invalid user adminuser from 117.252.95.54
Oct 15 02:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: input_userauth_request: invalid user adminuser [preauth]
Oct 15 02:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 02:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15414]: Did not receive identification string from 180.93.136.118
Oct 15 02:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.93.136.118  user=root
Oct 15 02:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Failed password for invalid user adminuser from 117.252.95.54 port 64699 ssh2
Oct 15 02:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Received disconnect from 117.252.95.54 port 64699:11: Bye Bye [preauth]
Oct 15 02:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Disconnected from 117.252.95.54 port 64699 [preauth]
Oct 15 02:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: Failed password for root from 180.93.136.118 port 55612 ssh2
Oct 15 02:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: Connection closed by 180.93.136.118 port 55612 [preauth]
Oct 15 02:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.93.136.118  user=root
Oct 15 02:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Failed password for root from 180.93.136.118 port 60506 ssh2
Oct 15 02:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Connection closed by 180.93.136.118 port 60506 [preauth]
Oct 15 02:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15453]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15455]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15451]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15523]: Successful su for rubyman by root
Oct 15 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15523]: + ??? root:rubyman
Oct 15 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414915 of user rubyman.
Oct 15 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15523]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414915.
Oct 15 02:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12163]: pam_unix(cron:session): session closed for user root
Oct 15 02:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15452]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 15 02:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15786]: Failed password for root from 190.103.202.7 port 47412 ssh2
Oct 15 02:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15786]: Connection closed by 190.103.202.7 port 47412 [preauth]
Oct 15 02:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14413]: pam_unix(cron:session): session closed for user root
Oct 15 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15907]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15908]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15906]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15904]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15971]: Successful su for rubyman by root
Oct 15 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15971]: + ??? root:rubyman
Oct 15 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414918 of user rubyman.
Oct 15 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15971]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414918.
Oct 15 02:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12669]: pam_unix(cron:session): session closed for user root
Oct 15 02:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15906]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: Invalid user sol from 117.252.95.54
Oct 15 02:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: input_userauth_request: invalid user sol [preauth]
Oct 15 02:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 02:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: Failed password for invalid user sol from 117.252.95.54 port 61014 ssh2
Oct 15 02:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: Received disconnect from 117.252.95.54 port 61014:11: Bye Bye [preauth]
Oct 15 02:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: Disconnected from 117.252.95.54 port 61014 [preauth]
Oct 15 02:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14890]: pam_unix(cron:session): session closed for user root
Oct 15 02:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 15 02:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: Failed password for root from 185.156.73.233 port 35638 ssh2
Oct 15 02:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: Connection closed by 185.156.73.233 port 35638 [preauth]
Oct 15 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16372]: Did not receive identification string from 8.220.203.115
Oct 15 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16376]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16377]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16379]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16378]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16379]: pam_unix(cron:session): session closed for user root
Oct 15 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16374]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16456]: Successful su for rubyman by root
Oct 15 02:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16456]: + ??? root:rubyman
Oct 15 02:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414926 of user rubyman.
Oct 15 02:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16456]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414926.
Oct 15 02:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16376]: pam_unix(cron:session): session closed for user root
Oct 15 02:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13159]: pam_unix(cron:session): session closed for user root
Oct 15 02:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16375]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15455]: pam_unix(cron:session): session closed for user root
Oct 15 02:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16875]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16874]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16871]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Invalid user vishal from 117.252.95.54
Oct 15 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: input_userauth_request: invalid user vishal [preauth]
Oct 15 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16944]: Successful su for rubyman by root
Oct 15 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16944]: + ??? root:rubyman
Oct 15 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414929 of user rubyman.
Oct 15 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16944]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414929.
Oct 15 02:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Failed password for invalid user vishal from 117.252.95.54 port 35503 ssh2
Oct 15 02:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Received disconnect from 117.252.95.54 port 35503:11: Bye Bye [preauth]
Oct 15 02:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Disconnected from 117.252.95.54 port 35503 [preauth]
Oct 15 02:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13756]: pam_unix(cron:session): session closed for user root
Oct 15 02:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16872]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15908]: pam_unix(cron:session): session closed for user root
Oct 15 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17349]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17350]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17347]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17420]: Successful su for rubyman by root
Oct 15 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17420]: + ??? root:rubyman
Oct 15 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414933 of user rubyman.
Oct 15 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17420]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414933.
Oct 15 02:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14412]: pam_unix(cron:session): session closed for user root
Oct 15 02:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17348]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16378]: pam_unix(cron:session): session closed for user root
Oct 15 02:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Invalid user guest from 117.252.95.54
Oct 15 02:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: input_userauth_request: invalid user guest [preauth]
Oct 15 02:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 02:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Failed password for invalid user guest from 117.252.95.54 port 62647 ssh2
Oct 15 02:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Received disconnect from 117.252.95.54 port 62647:11: Bye Bye [preauth]
Oct 15 02:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17770]: Disconnected from 117.252.95.54 port 62647 [preauth]
Oct 15 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17888]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17886]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17887]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17885]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17963]: Successful su for rubyman by root
Oct 15 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17963]: + ??? root:rubyman
Oct 15 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17963]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414936 of user rubyman.
Oct 15 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17963]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414936.
Oct 15 02:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14889]: pam_unix(cron:session): session closed for user root
Oct 15 02:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17886]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16875]: pam_unix(cron:session): session closed for user root
Oct 15 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18587]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18586]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18580]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18582]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18779]: Successful su for rubyman by root
Oct 15 02:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18779]: + ??? root:rubyman
Oct 15 02:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414940 of user rubyman.
Oct 15 02:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18779]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414940.
Oct 15 02:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18580]: pam_unix(cron:session): session closed for user root
Oct 15 02:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15453]: pam_unix(cron:session): session closed for user root
Oct 15 02:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Invalid user newuser from 117.252.95.54
Oct 15 02:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: input_userauth_request: invalid user newuser [preauth]
Oct 15 02:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 02:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Failed password for invalid user newuser from 117.252.95.54 port 60540 ssh2
Oct 15 02:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Received disconnect from 117.252.95.54 port 60540:11: Bye Bye [preauth]
Oct 15 02:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Disconnected from 117.252.95.54 port 60540 [preauth]
Oct 15 02:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18583]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17350]: pam_unix(cron:session): session closed for user root
Oct 15 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19365]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19368]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19364]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19360]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19363]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19368]: pam_unix(cron:session): session closed for user root
Oct 15 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19359]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19587]: Successful su for rubyman by root
Oct 15 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19587]: + ??? root:rubyman
Oct 15 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414946 of user rubyman.
Oct 15 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19587]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414946.
Oct 15 02:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19363]: pam_unix(cron:session): session closed for user root
Oct 15 02:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15907]: pam_unix(cron:session): session closed for user root
Oct 15 02:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19360]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17888]: pam_unix(cron:session): session closed for user root
Oct 15 02:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: Invalid user debian from 117.252.95.54
Oct 15 02:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: input_userauth_request: invalid user debian [preauth]
Oct 15 02:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 02:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: Failed password for invalid user debian from 117.252.95.54 port 16898 ssh2
Oct 15 02:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: Received disconnect from 117.252.95.54 port 16898:11: Bye Bye [preauth]
Oct 15 02:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: Disconnected from 117.252.95.54 port 16898 [preauth]
Oct 15 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20177]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20174]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20176]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20173]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20296]: Successful su for rubyman by root
Oct 15 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20296]: + ??? root:rubyman
Oct 15 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414951 of user rubyman.
Oct 15 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20296]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414951.
Oct 15 02:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16377]: pam_unix(cron:session): session closed for user root
Oct 15 02:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20174]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18587]: pam_unix(cron:session): session closed for user root
Oct 15 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20681]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20685]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20680]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20677]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20756]: Successful su for rubyman by root
Oct 15 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20756]: + ??? root:rubyman
Oct 15 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414956 of user rubyman.
Oct 15 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20756]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414956.
Oct 15 02:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16874]: pam_unix(cron:session): session closed for user root
Oct 15 02:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20680]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: Invalid user admin from 185.156.73.233
Oct 15 02:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: input_userauth_request: invalid user admin [preauth]
Oct 15 02:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 02:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: Failed password for invalid user admin from 185.156.73.233 port 23492 ssh2
Oct 15 02:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: Connection closed by 185.156.73.233 port 23492 [preauth]
Oct 15 02:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: Invalid user sol from 117.252.95.54
Oct 15 02:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: input_userauth_request: invalid user sol [preauth]
Oct 15 02:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 02:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19365]: pam_unix(cron:session): session closed for user root
Oct 15 02:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: Failed password for invalid user sol from 117.252.95.54 port 1935 ssh2
Oct 15 02:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: Received disconnect from 117.252.95.54 port 1935:11: Bye Bye [preauth]
Oct 15 02:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21065]: Disconnected from 117.252.95.54 port 1935 [preauth]
Oct 15 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21147]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21148]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21144]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21211]: Successful su for rubyman by root
Oct 15 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21211]: + ??? root:rubyman
Oct 15 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414959 of user rubyman.
Oct 15 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21211]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414959.
Oct 15 02:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17349]: pam_unix(cron:session): session closed for user root
Oct 15 02:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21145]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20177]: pam_unix(cron:session): session closed for user root
Oct 15 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21668]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21667]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21664]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21737]: Successful su for rubyman by root
Oct 15 02:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21737]: + ??? root:rubyman
Oct 15 02:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414964 of user rubyman.
Oct 15 02:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21737]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414964.
Oct 15 02:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17887]: pam_unix(cron:session): session closed for user root
Oct 15 02:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21665]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54  user=root
Oct 15 02:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21993]: Failed password for root from 117.252.95.54 port 15893 ssh2
Oct 15 02:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21993]: Received disconnect from 117.252.95.54 port 15893:11: Bye Bye [preauth]
Oct 15 02:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21993]: Disconnected from 117.252.95.54 port 15893 [preauth]
Oct 15 02:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20685]: pam_unix(cron:session): session closed for user root
Oct 15 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22138]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22134]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22135]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22141]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22139]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22141]: pam_unix(cron:session): session closed for user root
Oct 15 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22129]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22249]: Successful su for rubyman by root
Oct 15 02:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22249]: + ??? root:rubyman
Oct 15 02:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414968 of user rubyman.
Oct 15 02:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22249]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414968.
Oct 15 02:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22135]: pam_unix(cron:session): session closed for user root
Oct 15 02:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18586]: pam_unix(cron:session): session closed for user root
Oct 15 02:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22134]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21148]: pam_unix(cron:session): session closed for user root
Oct 15 02:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22685]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22686]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22680]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22662]: Invalid user teamspeak from 117.252.95.54
Oct 15 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22662]: input_userauth_request: invalid user teamspeak [preauth]
Oct 15 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22662]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 02:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22947]: Successful su for rubyman by root
Oct 15 02:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22947]: + ??? root:rubyman
Oct 15 02:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22947]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414976 of user rubyman.
Oct 15 02:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22947]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414976.
Oct 15 02:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22662]: Failed password for invalid user teamspeak from 117.252.95.54 port 47072 ssh2
Oct 15 02:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22662]: Received disconnect from 117.252.95.54 port 47072:11: Bye Bye [preauth]
Oct 15 02:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22662]: Disconnected from 117.252.95.54 port 47072 [preauth]
Oct 15 02:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19364]: pam_unix(cron:session): session closed for user root
Oct 15 02:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22681]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21668]: pam_unix(cron:session): session closed for user root
Oct 15 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23847]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23846]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23840]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23840]: pam_unix(cron:session): session closed for user root
Oct 15 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23842]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23916]: Successful su for rubyman by root
Oct 15 02:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23916]: + ??? root:rubyman
Oct 15 02:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23916]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414978 of user rubyman.
Oct 15 02:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23916]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414978.
Oct 15 02:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20176]: pam_unix(cron:session): session closed for user root
Oct 15 02:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23845]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: Invalid user noemie from 2.57.122.26
Oct 15 02:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: input_userauth_request: invalid user noemie [preauth]
Oct 15 02:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26
Oct 15 02:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: Failed password for invalid user noemie from 2.57.122.26 port 47196 ssh2
Oct 15 02:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: Connection closed by 2.57.122.26 port 47196 [preauth]
Oct 15 02:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: Invalid user sftpuser from 117.252.95.54
Oct 15 02:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: input_userauth_request: invalid user sftpuser [preauth]
Oct 15 02:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 02:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22139]: pam_unix(cron:session): session closed for user root
Oct 15 02:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: Failed password for invalid user sftpuser from 117.252.95.54 port 64523 ssh2
Oct 15 02:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: Received disconnect from 117.252.95.54 port 64523:11: Bye Bye [preauth]
Oct 15 02:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: Disconnected from 117.252.95.54 port 64523 [preauth]
Oct 15 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24376]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24374]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24371]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24451]: Successful su for rubyman by root
Oct 15 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24451]: + ??? root:rubyman
Oct 15 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414983 of user rubyman.
Oct 15 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24451]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414983.
Oct 15 02:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20681]: pam_unix(cron:session): session closed for user root
Oct 15 02:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24373]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22686]: pam_unix(cron:session): session closed for user root
Oct 15 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24865]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24867]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24863]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24933]: Successful su for rubyman by root
Oct 15 02:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24933]: + ??? root:rubyman
Oct 15 02:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414987 of user rubyman.
Oct 15 02:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24933]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414987.
Oct 15 02:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21147]: pam_unix(cron:session): session closed for user root
Oct 15 02:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24864]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: Invalid user bot from 117.252.95.54
Oct 15 02:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: input_userauth_request: invalid user bot [preauth]
Oct 15 02:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 02:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: Failed password for invalid user bot from 117.252.95.54 port 62223 ssh2
Oct 15 02:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: Received disconnect from 117.252.95.54 port 62223:11: Bye Bye [preauth]
Oct 15 02:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: Disconnected from 117.252.95.54 port 62223 [preauth]
Oct 15 02:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23847]: pam_unix(cron:session): session closed for user root
Oct 15 02:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 15 02:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: Failed password for root from 185.156.73.233 port 56504 ssh2
Oct 15 02:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: Connection closed by 185.156.73.233 port 56504 [preauth]
Oct 15 02:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25572]: Invalid user erp from 186.96.145.241
Oct 15 02:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25572]: input_userauth_request: invalid user erp [preauth]
Oct 15 02:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25572]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 15 02:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25572]: Failed password for invalid user erp from 186.96.145.241 port 36652 ssh2
Oct 15 02:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25572]: Connection closed by 186.96.145.241 port 36652 [preauth]
Oct 15 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25597]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25596]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25598]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session closed for user root
Oct 15 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25594]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25669]: Successful su for rubyman by root
Oct 15 02:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25669]: + ??? root:rubyman
Oct 15 02:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414994 of user rubyman.
Oct 15 02:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25669]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414994.
Oct 15 02:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25596]: pam_unix(cron:session): session closed for user root
Oct 15 02:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21667]: pam_unix(cron:session): session closed for user root
Oct 15 02:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25595]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24376]: pam_unix(cron:session): session closed for user root
Oct 15 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26187]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26186]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26183]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26271]: Successful su for rubyman by root
Oct 15 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26271]: + ??? root:rubyman
Oct 15 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 414997 of user rubyman.
Oct 15 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26271]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 414997.
Oct 15 02:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22138]: pam_unix(cron:session): session closed for user root
Oct 15 02:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26185]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24867]: pam_unix(cron:session): session closed for user root
Oct 15 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26790]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26789]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26787]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26894]: Successful su for rubyman by root
Oct 15 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26894]: + ??? root:rubyman
Oct 15 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26894]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415000 of user rubyman.
Oct 15 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26894]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415000.
Oct 15 02:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22685]: pam_unix(cron:session): session closed for user root
Oct 15 02:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26788]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25598]: pam_unix(cron:session): session closed for user root
Oct 15 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27457]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27456]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27454]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27712]: Successful su for rubyman by root
Oct 15 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27712]: + ??? root:rubyman
Oct 15 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415004 of user rubyman.
Oct 15 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27712]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415004.
Oct 15 02:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23846]: pam_unix(cron:session): session closed for user root
Oct 15 02:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27455]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26187]: pam_unix(cron:session): session closed for user root
Oct 15 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28228]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28227]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28224]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28318]: Successful su for rubyman by root
Oct 15 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28318]: + ??? root:rubyman
Oct 15 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28318]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415010 of user rubyman.
Oct 15 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28318]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415010.
Oct 15 02:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24374]: pam_unix(cron:session): session closed for user root
Oct 15 02:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28226]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26790]: pam_unix(cron:session): session closed for user root
Oct 15 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29074]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29075]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29077]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29076]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29077]: pam_unix(cron:session): session closed for user root
Oct 15 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29072]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29160]: Successful su for rubyman by root
Oct 15 02:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29160]: + ??? root:rubyman
Oct 15 02:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29160]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415017 of user rubyman.
Oct 15 02:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29160]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415017.
Oct 15 02:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29074]: pam_unix(cron:session): session closed for user root
Oct 15 02:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24865]: pam_unix(cron:session): session closed for user root
Oct 15 02:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: Received disconnect from 193.46.255.217 port 18836:11:  [preauth]
Oct 15 02:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: Disconnected from 193.46.255.217 port 18836 [preauth]
Oct 15 02:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29073]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27457]: pam_unix(cron:session): session closed for user root
Oct 15 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29611]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29610]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29608]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29691]: Successful su for rubyman by root
Oct 15 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29691]: + ??? root:rubyman
Oct 15 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415021 of user rubyman.
Oct 15 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29691]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415021.
Oct 15 02:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25597]: pam_unix(cron:session): session closed for user root
Oct 15 02:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29609]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28228]: pam_unix(cron:session): session closed for user root
Oct 15 02:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Invalid user ubnt from 185.156.73.233
Oct 15 02:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: input_userauth_request: invalid user ubnt [preauth]
Oct 15 02:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 02:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Failed password for invalid user ubnt from 185.156.73.233 port 17984 ssh2
Oct 15 02:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Connection closed by 185.156.73.233 port 17984 [preauth]
Oct 15 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30127]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30128]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30126]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30125]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30125]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30212]: Successful su for rubyman by root
Oct 15 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30212]: + ??? root:rubyman
Oct 15 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415025 of user rubyman.
Oct 15 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30212]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415025.
Oct 15 02:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26186]: pam_unix(cron:session): session closed for user root
Oct 15 02:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Invalid user admin from 2.57.121.112
Oct 15 02:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: input_userauth_request: invalid user admin [preauth]
Oct 15 02:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 02:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Failed password for invalid user admin from 2.57.121.112 port 48739 ssh2
Oct 15 02:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30126]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Failed password for invalid user admin from 2.57.121.112 port 48739 ssh2
Oct 15 02:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Failed password for invalid user admin from 2.57.121.112 port 48739 ssh2
Oct 15 02:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Failed password for invalid user admin from 2.57.121.112 port 48739 ssh2
Oct 15 02:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Failed password for invalid user admin from 2.57.121.112 port 48739 ssh2
Oct 15 02:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Received disconnect from 2.57.121.112 port 48739:11: Bye [preauth]
Oct 15 02:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: Disconnected from 2.57.121.112 port 48739 [preauth]
Oct 15 02:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 02:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30470]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 02:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29076]: pam_unix(cron:session): session closed for user root
Oct 15 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30725]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30727]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30722]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30799]: Successful su for rubyman by root
Oct 15 02:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30799]: + ??? root:rubyman
Oct 15 02:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415027 of user rubyman.
Oct 15 02:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30799]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415027.
Oct 15 02:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26789]: pam_unix(cron:session): session closed for user root
Oct 15 02:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30723]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29611]: pam_unix(cron:session): session closed for user root
Oct 15 02:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31170]: Did not receive identification string from 122.55.187.170
Oct 15 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31205]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31206]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31202]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31274]: Successful su for rubyman by root
Oct 15 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31274]: + ??? root:rubyman
Oct 15 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415031 of user rubyman.
Oct 15 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31274]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415031.
Oct 15 02:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27456]: pam_unix(cron:session): session closed for user root
Oct 15 02:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31203]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30128]: pam_unix(cron:session): session closed for user root
Oct 15 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31830]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31829]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31827]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31828]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31830]: pam_unix(cron:session): session closed for user root
Oct 15 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31825]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31904]: Successful su for rubyman by root
Oct 15 02:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31904]: + ??? root:rubyman
Oct 15 02:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415035 of user rubyman.
Oct 15 02:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31904]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415035.
Oct 15 02:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31827]: pam_unix(cron:session): session closed for user root
Oct 15 02:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28227]: pam_unix(cron:session): session closed for user root
Oct 15 02:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31826]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30727]: pam_unix(cron:session): session closed for user root
Oct 15 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32403]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32401]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32398]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32479]: Successful su for rubyman by root
Oct 15 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32479]: + ??? root:rubyman
Oct 15 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415040 of user rubyman.
Oct 15 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32479]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415040.
Oct 15 02:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29075]: pam_unix(cron:session): session closed for user root
Oct 15 02:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32400]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31206]: pam_unix(cron:session): session closed for user root
Oct 15 02:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[409]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[411]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[406]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[490]: Successful su for rubyman by root
Oct 15 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[490]: + ??? root:rubyman
Oct 15 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415045 of user rubyman.
Oct 15 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[490]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415045.
Oct 15 02:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29610]: pam_unix(cron:session): session closed for user root
Oct 15 02:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: Did not receive identification string from 120.27.154.152
Oct 15 02:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[407]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31829]: pam_unix(cron:session): session closed for user root
Oct 15 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[930]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[932]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[931]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[926]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[926]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1053]: Successful su for rubyman by root
Oct 15 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1053]: + ??? root:rubyman
Oct 15 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1053]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415048 of user rubyman.
Oct 15 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1053]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415048.
Oct 15 02:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30127]: pam_unix(cron:session): session closed for user root
Oct 15 02:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[930]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32403]: pam_unix(cron:session): session closed for user root
Oct 15 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1471]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1472]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1469]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1470]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1469]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1543]: Successful su for rubyman by root
Oct 15 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1543]: + ??? root:rubyman
Oct 15 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415054 of user rubyman.
Oct 15 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1543]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415054.
Oct 15 02:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30725]: pam_unix(cron:session): session closed for user root
Oct 15 02:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1470]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1813]: Invalid user ubnt from 185.156.73.233
Oct 15 02:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1813]: input_userauth_request: invalid user ubnt [preauth]
Oct 15 02:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1813]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 02:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1813]: Failed password for invalid user ubnt from 185.156.73.233 port 20216 ssh2
Oct 15 02:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1813]: Connection closed by 185.156.73.233 port 20216 [preauth]
Oct 15 02:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[411]: pam_unix(cron:session): session closed for user root
Oct 15 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2055]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2053]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2052]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2054]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2055]: pam_unix(cron:session): session closed for user root
Oct 15 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2048]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2128]: Successful su for rubyman by root
Oct 15 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2128]: + ??? root:rubyman
Oct 15 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415059 of user rubyman.
Oct 15 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2128]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415059.
Oct 15 02:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2052]: pam_unix(cron:session): session closed for user root
Oct 15 02:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31205]: pam_unix(cron:session): session closed for user root
Oct 15 02:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2050]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: Did not receive identification string from 120.27.154.152
Oct 15 02:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[932]: pam_unix(cron:session): session closed for user root
Oct 15 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2549]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2550]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2547]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2624]: Successful su for rubyman by root
Oct 15 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2624]: + ??? root:rubyman
Oct 15 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415062 of user rubyman.
Oct 15 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2624]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415062.
Oct 15 02:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31828]: pam_unix(cron:session): session closed for user root
Oct 15 02:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2548]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 15 02:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: Failed password for root from 190.103.202.7 port 55838 ssh2
Oct 15 02:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: Connection closed by 190.103.202.7 port 55838 [preauth]
Oct 15 02:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1472]: pam_unix(cron:session): session closed for user root
Oct 15 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2998]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2999]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2995]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3076]: Successful su for rubyman by root
Oct 15 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3076]: + ??? root:rubyman
Oct 15 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415067 of user rubyman.
Oct 15 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3076]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415067.
Oct 15 02:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32401]: pam_unix(cron:session): session closed for user root
Oct 15 02:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2996]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2054]: pam_unix(cron:session): session closed for user root
Oct 15 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3456]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3455]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3453]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: Successful su for rubyman by root
Oct 15 02:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: + ??? root:rubyman
Oct 15 02:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415072 of user rubyman.
Oct 15 02:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415072.
Oct 15 02:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[409]: pam_unix(cron:session): session closed for user root
Oct 15 02:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3454]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3652]: Invalid user NL5xUDpV2xRa from 31.192.242.25
Oct 15 02:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3652]: input_userauth_request: invalid user NL5xUDpV2xRa [preauth]
Oct 15 02:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3652]: fatal: ssh_packet_get_string: incomplete message [preauth]
Oct 15 02:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2550]: pam_unix(cron:session): session closed for user root
Oct 15 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3915]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3916]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3911]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3913]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4087]: Successful su for rubyman by root
Oct 15 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4087]: + ??? root:rubyman
Oct 15 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4087]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415074 of user rubyman.
Oct 15 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4087]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415074.
Oct 15 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Invalid user darian from 20.163.71.109
Oct 15 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: input_userauth_request: invalid user darian [preauth]
Oct 15 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 02:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3911]: pam_unix(cron:session): session closed for user root
Oct 15 02:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Failed password for invalid user darian from 20.163.71.109 port 58052 ssh2
Oct 15 02:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Connection closed by 20.163.71.109 port 58052 [preauth]
Oct 15 02:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[931]: pam_unix(cron:session): session closed for user root
Oct 15 02:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3914]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2999]: pam_unix(cron:session): session closed for user root
Oct 15 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4516]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4514]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4518]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4519]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4519]: pam_unix(cron:session): session closed for user root
Oct 15 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4511]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4649]: Successful su for rubyman by root
Oct 15 02:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4649]: + ??? root:rubyman
Oct 15 02:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415082 of user rubyman.
Oct 15 02:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4649]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415082.
Oct 15 02:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4514]: pam_unix(cron:session): session closed for user root
Oct 15 02:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1471]: pam_unix(cron:session): session closed for user root
Oct 15 02:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4512]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3456]: pam_unix(cron:session): session closed for user root
Oct 15 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5551]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5552]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5547]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5630]: Successful su for rubyman by root
Oct 15 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5630]: + ??? root:rubyman
Oct 15 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5630]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415086 of user rubyman.
Oct 15 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5630]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415086.
Oct 15 02:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2053]: pam_unix(cron:session): session closed for user root
Oct 15 02:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5549]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3916]: pam_unix(cron:session): session closed for user root
Oct 15 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6033]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6032]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6029]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6103]: Successful su for rubyman by root
Oct 15 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6103]: + ??? root:rubyman
Oct 15 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415090 of user rubyman.
Oct 15 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6103]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415090.
Oct 15 02:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2549]: pam_unix(cron:session): session closed for user root
Oct 15 02:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6031]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4518]: pam_unix(cron:session): session closed for user root
Oct 15 02:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: Invalid user user from 80.94.95.116
Oct 15 02:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: input_userauth_request: invalid user user [preauth]
Oct 15 02:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6468]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6469]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6466]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: Failed password for invalid user user from 80.94.95.116 port 31770 ssh2
Oct 15 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: Connection closed by 80.94.95.116 port 31770 [preauth]
Oct 15 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6562]: Successful su for rubyman by root
Oct 15 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6562]: + ??? root:rubyman
Oct 15 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415093 of user rubyman.
Oct 15 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6562]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415093.
Oct 15 02:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2998]: pam_unix(cron:session): session closed for user root
Oct 15 02:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6467]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: Invalid user user from 62.60.131.157
Oct 15 02:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: input_userauth_request: invalid user user [preauth]
Oct 15 02:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: Failed password for invalid user user from 62.60.131.157 port 58612 ssh2
Oct 15 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: Failed password for invalid user user from 62.60.131.157 port 58612 ssh2
Oct 15 02:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: Failed password for invalid user user from 62.60.131.157 port 58612 ssh2
Oct 15 02:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5552]: pam_unix(cron:session): session closed for user root
Oct 15 02:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: Failed password for invalid user user from 62.60.131.157 port 58612 ssh2
Oct 15 02:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: Failed password for invalid user user from 62.60.131.157 port 58612 ssh2
Oct 15 02:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: Received disconnect from 62.60.131.157 port 58612:11: Bye [preauth]
Oct 15 02:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: Disconnected from 62.60.131.157 port 58612 [preauth]
Oct 15 02:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 02:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6920]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7041]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7040]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7036]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7148]: Successful su for rubyman by root
Oct 15 02:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7148]: + ??? root:rubyman
Oct 15 02:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415098 of user rubyman.
Oct 15 02:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7148]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415098.
Oct 15 02:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3455]: pam_unix(cron:session): session closed for user root
Oct 15 02:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7038]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6033]: pam_unix(cron:session): session closed for user root
Oct 15 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7587]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7588]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7590]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7589]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7590]: pam_unix(cron:session): session closed for user root
Oct 15 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7585]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7669]: Successful su for rubyman by root
Oct 15 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7669]: + ??? root:rubyman
Oct 15 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415101 of user rubyman.
Oct 15 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7669]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415101.
Oct 15 02:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7587]: pam_unix(cron:session): session closed for user root
Oct 15 02:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3915]: pam_unix(cron:session): session closed for user root
Oct 15 02:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7586]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6469]: pam_unix(cron:session): session closed for user root
Oct 15 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8533]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8534]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8531]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8621]: Successful su for rubyman by root
Oct 15 02:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8621]: + ??? root:rubyman
Oct 15 02:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415108 of user rubyman.
Oct 15 02:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8621]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415108.
Oct 15 02:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4516]: pam_unix(cron:session): session closed for user root
Oct 15 02:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8532]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7041]: pam_unix(cron:session): session closed for user root
Oct 15 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9122]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9120]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9118]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9298]: Successful su for rubyman by root
Oct 15 02:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9298]: + ??? root:rubyman
Oct 15 02:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415114 of user rubyman.
Oct 15 02:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9298]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415114.
Oct 15 02:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5551]: pam_unix(cron:session): session closed for user root
Oct 15 02:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9119]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7589]: pam_unix(cron:session): session closed for user root
Oct 15 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9851]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9852]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9845]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9928]: Successful su for rubyman by root
Oct 15 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9928]: + ??? root:rubyman
Oct 15 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415115 of user rubyman.
Oct 15 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9928]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415115.
Oct 15 02:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6032]: pam_unix(cron:session): session closed for user root
Oct 15 02:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9850]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8534]: pam_unix(cron:session): session closed for user root
Oct 15 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10343]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10340]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10338]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10416]: Successful su for rubyman by root
Oct 15 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10416]: + ??? root:rubyman
Oct 15 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415119 of user rubyman.
Oct 15 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10416]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415119.
Oct 15 02:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6468]: pam_unix(cron:session): session closed for user root
Oct 15 02:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10339]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9122]: pam_unix(cron:session): session closed for user root
Oct 15 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10820]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10818]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10822]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10817]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10822]: pam_unix(cron:session): session closed for user root
Oct 15 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10815]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10898]: Successful su for rubyman by root
Oct 15 02:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10898]: + ??? root:rubyman
Oct 15 02:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415123 of user rubyman.
Oct 15 02:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10898]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415123.
Oct 15 02:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10817]: pam_unix(cron:session): session closed for user root
Oct 15 02:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7040]: pam_unix(cron:session): session closed for user root
Oct 15 02:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10816]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9852]: pam_unix(cron:session): session closed for user root
Oct 15 02:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: Invalid user teste from 80.94.95.116
Oct 15 02:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: input_userauth_request: invalid user teste [preauth]
Oct 15 02:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 02:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: Failed password for invalid user teste from 80.94.95.116 port 16480 ssh2
Oct 15 02:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11208]: Connection closed by 80.94.95.116 port 16480 [preauth]
Oct 15 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11309]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11308]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11305]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11386]: Successful su for rubyman by root
Oct 15 02:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11386]: + ??? root:rubyman
Oct 15 02:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415131 of user rubyman.
Oct 15 02:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11386]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415131.
Oct 15 02:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7588]: pam_unix(cron:session): session closed for user root
Oct 15 02:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11306]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10343]: pam_unix(cron:session): session closed for user root
Oct 15 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11887]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11885]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11883]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11954]: Successful su for rubyman by root
Oct 15 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11954]: + ??? root:rubyman
Oct 15 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11954]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415133 of user rubyman.
Oct 15 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11954]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415133.
Oct 15 02:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: Did not receive identification string from 202.189.4.9
Oct 15 02:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8533]: pam_unix(cron:session): session closed for user root
Oct 15 02:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11884]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10820]: pam_unix(cron:session): session closed for user root
Oct 15 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12363]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12362]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12354]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12434]: Successful su for rubyman by root
Oct 15 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12434]: + ??? root:rubyman
Oct 15 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415137 of user rubyman.
Oct 15 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12434]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415137.
Oct 15 02:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9120]: pam_unix(cron:session): session closed for user root
Oct 15 02:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12355]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11309]: pam_unix(cron:session): session closed for user root
Oct 15 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12838]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12837]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12835]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12939]: Successful su for rubyman by root
Oct 15 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12939]: + ??? root:rubyman
Oct 15 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415142 of user rubyman.
Oct 15 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12939]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415142.
Oct 15 02:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9851]: pam_unix(cron:session): session closed for user root
Oct 15 02:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12836]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: Did not receive identification string from 196.219.119.229
Oct 15 02:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11887]: pam_unix(cron:session): session closed for user root
Oct 15 02:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 15 02:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: Failed password for root from 190.103.202.7 port 57412 ssh2
Oct 15 02:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: Connection closed by 190.103.202.7 port 57412 [preauth]
Oct 15 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13459]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13461]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13462]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13458]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13462]: pam_unix(cron:session): session closed for user root
Oct 15 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13456]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13542]: Successful su for rubyman by root
Oct 15 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13542]: + ??? root:rubyman
Oct 15 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415150 of user rubyman.
Oct 15 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13542]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415150.
Oct 15 02:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13458]: pam_unix(cron:session): session closed for user root
Oct 15 02:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10340]: pam_unix(cron:session): session closed for user root
Oct 15 02:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13457]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12363]: pam_unix(cron:session): session closed for user root
Oct 15 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13983]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13985]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13981]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14146]: Successful su for rubyman by root
Oct 15 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14146]: + ??? root:rubyman
Oct 15 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415153 of user rubyman.
Oct 15 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14146]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415153.
Oct 15 02:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10818]: pam_unix(cron:session): session closed for user root
Oct 15 02:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13982]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12838]: pam_unix(cron:session): session closed for user root
Oct 15 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14523]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14524]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14521]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14522]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14521]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14596]: Successful su for rubyman by root
Oct 15 02:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14596]: + ??? root:rubyman
Oct 15 02:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14596]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415157 of user rubyman.
Oct 15 02:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14596]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415157.
Oct 15 02:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11308]: pam_unix(cron:session): session closed for user root
Oct 15 02:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14522]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13461]: pam_unix(cron:session): session closed for user root
Oct 15 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14990]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14991]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14988]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15155]: Successful su for rubyman by root
Oct 15 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15155]: + ??? root:rubyman
Oct 15 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415159 of user rubyman.
Oct 15 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15155]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415159.
Oct 15 02:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 02:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11885]: pam_unix(cron:session): session closed for user root
Oct 15 02:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: Invalid user teste from 185.156.73.233
Oct 15 02:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: input_userauth_request: invalid user teste [preauth]
Oct 15 02:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 02:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 02:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: Failed password for invalid user teste from 185.156.73.233 port 36114 ssh2
Oct 15 02:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15298]: Connection closed by 185.156.73.233 port 36114 [preauth]
Oct 15 02:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14989]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13985]: pam_unix(cron:session): session closed for user root
Oct 15 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15532]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15531]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15529]: pam_unix(cron:session): session closed for user p13x
Oct 15 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: Successful su for rubyman by root
Oct 15 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: + ??? root:rubyman
Oct 15 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415164 of user rubyman.
Oct 15 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15606]: pam_unix(su:session): session closed for user rubyman
Oct 15 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415164.
Oct 15 02:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12362]: pam_unix(cron:session): session closed for user root
Oct 15 02:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15530]: pam_unix(cron:session): session closed for user samftp
Oct 15 02:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14524]: pam_unix(cron:session): session closed for user root
Oct 15 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15992]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15998]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15997]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15996]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15995]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15998]: pam_unix(cron:session): session closed for user root
Oct 15 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15992]: pam_unix(cron:session): session closed for user root
Oct 15 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15988]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16112]: Successful su for rubyman by root
Oct 15 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16112]: + ??? root:rubyman
Oct 15 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415171 of user rubyman.
Oct 15 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16112]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415171.
Oct 15 03:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12837]: pam_unix(cron:session): session closed for user root
Oct 15 03:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15995]: pam_unix(cron:session): session closed for user root
Oct 15 03:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15990]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14991]: pam_unix(cron:session): session closed for user root
Oct 15 03:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: Did not receive identification string from 83.226.97.41
Oct 15 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16569]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16568]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16565]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16650]: Successful su for rubyman by root
Oct 15 03:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16650]: + ??? root:rubyman
Oct 15 03:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415174 of user rubyman.
Oct 15 03:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16650]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415174.
Oct 15 03:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13459]: pam_unix(cron:session): session closed for user root
Oct 15 03:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16567]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15532]: pam_unix(cron:session): session closed for user root
Oct 15 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17033]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17032]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17029]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17118]: Successful su for rubyman by root
Oct 15 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17118]: + ??? root:rubyman
Oct 15 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17118]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415180 of user rubyman.
Oct 15 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17118]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415180.
Oct 15 03:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13983]: pam_unix(cron:session): session closed for user root
Oct 15 03:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17030]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15997]: pam_unix(cron:session): session closed for user root
Oct 15 03:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: Invalid user admin from 185.156.73.233
Oct 15 03:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: input_userauth_request: invalid user admin [preauth]
Oct 15 03:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: Failed none for invalid user admin from 185.156.73.233 port 15992 ssh2
Oct 15 03:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: Connection closed by 185.156.73.233 port 15992 [preauth]
Oct 15 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17490]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17491]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17488]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17565]: Successful su for rubyman by root
Oct 15 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17565]: + ??? root:rubyman
Oct 15 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415183 of user rubyman.
Oct 15 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17565]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415183.
Oct 15 03:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14523]: pam_unix(cron:session): session closed for user root
Oct 15 03:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17489]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16569]: pam_unix(cron:session): session closed for user root
Oct 15 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18043]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18041]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18039]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18236]: Successful su for rubyman by root
Oct 15 03:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18236]: + ??? root:rubyman
Oct 15 03:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18236]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415189 of user rubyman.
Oct 15 03:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18236]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415189.
Oct 15 03:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14990]: pam_unix(cron:session): session closed for user root
Oct 15 03:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18571]: Received disconnect from 80.94.93.176 port 63006:11:  [preauth]
Oct 15 03:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18571]: Disconnected from 80.94.93.176 port 63006 [preauth]
Oct 15 03:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18040]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17033]: pam_unix(cron:session): session closed for user root
Oct 15 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18746]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18747]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18744]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18745]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18747]: pam_unix(cron:session): session closed for user root
Oct 15 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18740]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18840]: Successful su for rubyman by root
Oct 15 03:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18840]: + ??? root:rubyman
Oct 15 03:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415191 of user rubyman.
Oct 15 03:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18840]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415191.
Oct 15 03:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18744]: pam_unix(cron:session): session closed for user root
Oct 15 03:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15531]: pam_unix(cron:session): session closed for user root
Oct 15 03:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18741]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17491]: pam_unix(cron:session): session closed for user root
Oct 15 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19584]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19583]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19581]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19761]: Successful su for rubyman by root
Oct 15 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19761]: + ??? root:rubyman
Oct 15 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415196 of user rubyman.
Oct 15 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19761]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415196.
Oct 15 03:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.160.96  user=root
Oct 15 03:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: Failed password for root from 94.177.160.96 port 44876 ssh2
Oct 15 03:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: Connection closed by 94.177.160.96 port 44876 [preauth]
Oct 15 03:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15996]: pam_unix(cron:session): session closed for user root
Oct 15 03:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19582]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18043]: pam_unix(cron:session): session closed for user root
Oct 15 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20259]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20262]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20253]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20253]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20330]: Successful su for rubyman by root
Oct 15 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20330]: + ??? root:rubyman
Oct 15 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415202 of user rubyman.
Oct 15 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20330]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415202.
Oct 15 03:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16568]: pam_unix(cron:session): session closed for user root
Oct 15 03:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20255]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18746]: pam_unix(cron:session): session closed for user root
Oct 15 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20733]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20732]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20731]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20734]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20731]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20805]: Successful su for rubyman by root
Oct 15 03:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20805]: + ??? root:rubyman
Oct 15 03:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415204 of user rubyman.
Oct 15 03:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20805]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415204.
Oct 15 03:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17032]: pam_unix(cron:session): session closed for user root
Oct 15 03:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20732]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19584]: pam_unix(cron:session): session closed for user root
Oct 15 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21178]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21177]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21173]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21175]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21408]: Successful su for rubyman by root
Oct 15 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21408]: + ??? root:rubyman
Oct 15 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415208 of user rubyman.
Oct 15 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21408]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415208.
Oct 15 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21173]: pam_unix(cron:session): session closed for user root
Oct 15 03:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17490]: pam_unix(cron:session): session closed for user root
Oct 15 03:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21176]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: Invalid user proxyuser from 203.215.177.203
Oct 15 03:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: input_userauth_request: invalid user proxyuser [preauth]
Oct 15 03:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: Failed password for invalid user proxyuser from 203.215.177.203 port 12036 ssh2
Oct 15 03:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: Received disconnect from 203.215.177.203 port 12036:11: Bye Bye [preauth]
Oct 15 03:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: Disconnected from 203.215.177.203 port 12036 [preauth]
Oct 15 03:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20262]: pam_unix(cron:session): session closed for user root
Oct 15 03:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21757]: Invalid user config from 185.156.73.233
Oct 15 03:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21757]: input_userauth_request: invalid user config [preauth]
Oct 15 03:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21757]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 03:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21757]: Failed password for invalid user config from 185.156.73.233 port 50200 ssh2
Oct 15 03:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21757]: Connection closed by 185.156.73.233 port 50200 [preauth]
Oct 15 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21820]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21821]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21817]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21818]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21821]: pam_unix(cron:session): session closed for user root
Oct 15 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21815]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21909]: Successful su for rubyman by root
Oct 15 03:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21909]: + ??? root:rubyman
Oct 15 03:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415213 of user rubyman.
Oct 15 03:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21909]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415213.
Oct 15 03:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21817]: pam_unix(cron:session): session closed for user root
Oct 15 03:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18041]: pam_unix(cron:session): session closed for user root
Oct 15 03:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21816]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20734]: pam_unix(cron:session): session closed for user root
Oct 15 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22353]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22352]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22349]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22440]: Successful su for rubyman by root
Oct 15 03:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22440]: + ??? root:rubyman
Oct 15 03:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415219 of user rubyman.
Oct 15 03:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22440]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415219.
Oct 15 03:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.160.96  user=root
Oct 15 03:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: Failed password for root from 94.177.160.96 port 50376 ssh2
Oct 15 03:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: Connection closed by 94.177.160.96 port 50376 [preauth]
Oct 15 03:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18745]: pam_unix(cron:session): session closed for user root
Oct 15 03:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22351]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21178]: pam_unix(cron:session): session closed for user root
Oct 15 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23174]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23168]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23166]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23260]: Successful su for rubyman by root
Oct 15 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23260]: + ??? root:rubyman
Oct 15 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415223 of user rubyman.
Oct 15 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23260]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415223.
Oct 15 03:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19583]: pam_unix(cron:session): session closed for user root
Oct 15 03:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: Invalid user ts3 from 203.215.177.203
Oct 15 03:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: input_userauth_request: invalid user ts3 [preauth]
Oct 15 03:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23167]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: Failed password for invalid user ts3 from 203.215.177.203 port 57498 ssh2
Oct 15 03:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: Received disconnect from 203.215.177.203 port 57498:11: Bye Bye [preauth]
Oct 15 03:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: Disconnected from 203.215.177.203 port 57498 [preauth]
Oct 15 03:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21820]: pam_unix(cron:session): session closed for user root
Oct 15 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23994]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23993]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23991]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24086]: Successful su for rubyman by root
Oct 15 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24086]: + ??? root:rubyman
Oct 15 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24086]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415229 of user rubyman.
Oct 15 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24086]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415229.
Oct 15 03:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20259]: pam_unix(cron:session): session closed for user root
Oct 15 03:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23992]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22353]: pam_unix(cron:session): session closed for user root
Oct 15 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24521]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24527]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24519]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24607]: Successful su for rubyman by root
Oct 15 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24607]: + ??? root:rubyman
Oct 15 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415231 of user rubyman.
Oct 15 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24607]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415231.
Oct 15 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: Invalid user adminuser from 203.215.177.203
Oct 15 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: input_userauth_request: invalid user adminuser [preauth]
Oct 15 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: Failed password for invalid user adminuser from 203.215.177.203 port 2866 ssh2
Oct 15 03:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: Received disconnect from 203.215.177.203 port 2866:11: Bye Bye [preauth]
Oct 15 03:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24608]: Disconnected from 203.215.177.203 port 2866 [preauth]
Oct 15 03:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20733]: pam_unix(cron:session): session closed for user root
Oct 15 03:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24520]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23174]: pam_unix(cron:session): session closed for user root
Oct 15 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25012]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25015]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25014]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session closed for user root
Oct 15 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25010]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25110]: Successful su for rubyman by root
Oct 15 03:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25110]: + ??? root:rubyman
Oct 15 03:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415238 of user rubyman.
Oct 15 03:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25110]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415238.
Oct 15 03:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25012]: pam_unix(cron:session): session closed for user root
Oct 15 03:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21177]: pam_unix(cron:session): session closed for user root
Oct 15 03:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25011]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23994]: pam_unix(cron:session): session closed for user root
Oct 15 03:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Invalid user frappe from 203.215.177.203
Oct 15 03:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: input_userauth_request: invalid user frappe [preauth]
Oct 15 03:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Failed password for invalid user frappe from 203.215.177.203 port 31870 ssh2
Oct 15 03:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Received disconnect from 203.215.177.203 port 31870:11: Bye Bye [preauth]
Oct 15 03:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Disconnected from 203.215.177.203 port 31870 [preauth]
Oct 15 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25753]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25755]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25751]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25938]: Successful su for rubyman by root
Oct 15 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25938]: + ??? root:rubyman
Oct 15 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415241 of user rubyman.
Oct 15 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25938]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415241.
Oct 15 03:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21818]: pam_unix(cron:session): session closed for user root
Oct 15 03:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25752]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24527]: pam_unix(cron:session): session closed for user root
Oct 15 03:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26305]: Invalid user anonymous from 185.156.73.233
Oct 15 03:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26305]: input_userauth_request: invalid user anonymous [preauth]
Oct 15 03:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26305]: Failed none for invalid user anonymous from 185.156.73.233 port 46844 ssh2
Oct 15 03:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26305]: Connection closed by 185.156.73.233 port 46844 [preauth]
Oct 15 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26348]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26349]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26346]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26342]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26342]: pam_unix(cron:session): session closed for user root
Oct 15 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26345]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26514]: Successful su for rubyman by root
Oct 15 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26514]: + ??? root:rubyman
Oct 15 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415246 of user rubyman.
Oct 15 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26514]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415246.
Oct 15 03:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22352]: pam_unix(cron:session): session closed for user root
Oct 15 03:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26346]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: Invalid user myuser from 203.215.177.203
Oct 15 03:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: input_userauth_request: invalid user myuser [preauth]
Oct 15 03:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: Failed password for invalid user myuser from 203.215.177.203 port 13144 ssh2
Oct 15 03:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: Received disconnect from 203.215.177.203 port 13144:11: Bye Bye [preauth]
Oct 15 03:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: Disconnected from 203.215.177.203 port 13144 [preauth]
Oct 15 03:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25015]: pam_unix(cron:session): session closed for user root
Oct 15 03:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 15 03:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26948]: Failed password for root from 62.60.131.157 port 63164 ssh2
Oct 15 03:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26948]: message repeated 4 times: [ Failed password for root from 62.60.131.157 port 63164 ssh2]
Oct 15 03:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26948]: Received disconnect from 62.60.131.157 port 63164:11: Bye [preauth]
Oct 15 03:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26948]: Disconnected from 62.60.131.157 port 63164 [preauth]
Oct 15 03:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26948]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157  user=root
Oct 15 03:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26948]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27130]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27129]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27127]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27221]: Successful su for rubyman by root
Oct 15 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27221]: + ??? root:rubyman
Oct 15 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415250 of user rubyman.
Oct 15 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27221]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415250.
Oct 15 03:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23168]: pam_unix(cron:session): session closed for user root
Oct 15 03:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27128]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27401]: Connection closed by 167.94.138.193 port 56624 [preauth]
Oct 15 03:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25755]: pam_unix(cron:session): session closed for user root
Oct 15 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27903]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27904]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27901]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27984]: Successful su for rubyman by root
Oct 15 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27984]: + ??? root:rubyman
Oct 15 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415256 of user rubyman.
Oct 15 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27984]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415256.
Oct 15 03:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23993]: pam_unix(cron:session): session closed for user root
Oct 15 03:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27902]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Invalid user user from 203.215.177.203
Oct 15 03:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: input_userauth_request: invalid user user [preauth]
Oct 15 03:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Failed password for invalid user user from 203.215.177.203 port 20964 ssh2
Oct 15 03:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Received disconnect from 203.215.177.203 port 20964:11: Bye Bye [preauth]
Oct 15 03:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Disconnected from 203.215.177.203 port 20964 [preauth]
Oct 15 03:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26349]: pam_unix(cron:session): session closed for user root
Oct 15 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28388]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28390]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28391]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28392]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28392]: pam_unix(cron:session): session closed for user root
Oct 15 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28385]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28701]: Successful su for rubyman by root
Oct 15 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28701]: + ??? root:rubyman
Oct 15 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415263 of user rubyman.
Oct 15 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28701]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415263.
Oct 15 03:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28388]: pam_unix(cron:session): session closed for user root
Oct 15 03:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24521]: pam_unix(cron:session): session closed for user root
Oct 15 03:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28386]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29131]: Invalid user support from 78.128.112.74
Oct 15 03:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29131]: input_userauth_request: invalid user support [preauth]
Oct 15 03:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29131]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Oct 15 03:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29131]: Failed password for invalid user support from 78.128.112.74 port 33900 ssh2
Oct 15 03:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29131]: Connection closed by 78.128.112.74 port 33900 [preauth]
Oct 15 03:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27130]: pam_unix(cron:session): session closed for user root
Oct 15 03:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: Invalid user ubuntu from 203.215.177.203
Oct 15 03:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 03:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: Failed password for invalid user ubuntu from 203.215.177.203 port 3244 ssh2
Oct 15 03:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: Received disconnect from 203.215.177.203 port 3244:11: Bye Bye [preauth]
Oct 15 03:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: Disconnected from 203.215.177.203 port 3244 [preauth]
Oct 15 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29268]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29271]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29264]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29363]: Successful su for rubyman by root
Oct 15 03:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29363]: + ??? root:rubyman
Oct 15 03:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29363]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415266 of user rubyman.
Oct 15 03:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29363]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415266.
Oct 15 03:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25014]: pam_unix(cron:session): session closed for user root
Oct 15 03:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29267]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27904]: pam_unix(cron:session): session closed for user root
Oct 15 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29764]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29763]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29760]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29842]: Successful su for rubyman by root
Oct 15 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29842]: + ??? root:rubyman
Oct 15 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415268 of user rubyman.
Oct 15 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29842]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415268.
Oct 15 03:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25753]: pam_unix(cron:session): session closed for user root
Oct 15 03:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29761]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28391]: pam_unix(cron:session): session closed for user root
Oct 15 03:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: Invalid user dspace from 203.215.177.203
Oct 15 03:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: input_userauth_request: invalid user dspace [preauth]
Oct 15 03:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: Failed password for invalid user dspace from 203.215.177.203 port 8688 ssh2
Oct 15 03:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: Received disconnect from 203.215.177.203 port 8688:11: Bye Bye [preauth]
Oct 15 03:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: Disconnected from 203.215.177.203 port 8688 [preauth]
Oct 15 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30290]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30291]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30289]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30288]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30288]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30382]: Successful su for rubyman by root
Oct 15 03:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30382]: + ??? root:rubyman
Oct 15 03:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415274 of user rubyman.
Oct 15 03:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30382]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415274.
Oct 15 03:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26348]: pam_unix(cron:session): session closed for user root
Oct 15 03:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30289]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29271]: pam_unix(cron:session): session closed for user root
Oct 15 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30854]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30855]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30853]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30850]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30927]: Successful su for rubyman by root
Oct 15 03:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30927]: + ??? root:rubyman
Oct 15 03:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415278 of user rubyman.
Oct 15 03:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30927]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415278.
Oct 15 03:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27129]: pam_unix(cron:session): session closed for user root
Oct 15 03:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 15 03:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31147]: Failed password for root from 185.156.73.233 port 15186 ssh2
Oct 15 03:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31147]: Connection closed by 185.156.73.233 port 15186 [preauth]
Oct 15 03:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30853]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: Invalid user killian from 2.57.122.26
Oct 15 03:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: input_userauth_request: invalid user killian [preauth]
Oct 15 03:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26
Oct 15 03:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31208]: Invalid user app from 203.215.177.203
Oct 15 03:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31208]: input_userauth_request: invalid user app [preauth]
Oct 15 03:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31208]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: Failed password for invalid user killian from 2.57.122.26 port 40556 ssh2
Oct 15 03:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: Connection closed by 2.57.122.26 port 40556 [preauth]
Oct 15 03:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31208]: Failed password for invalid user app from 203.215.177.203 port 30306 ssh2
Oct 15 03:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31208]: Received disconnect from 203.215.177.203 port 30306:11: Bye Bye [preauth]
Oct 15 03:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31208]: Disconnected from 203.215.177.203 port 30306 [preauth]
Oct 15 03:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29764]: pam_unix(cron:session): session closed for user root
Oct 15 03:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115  user=root
Oct 15 03:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: Failed password for root from 8.220.203.115 port 59928 ssh2
Oct 15 03:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31269]: Connection closed by 8.220.203.115 port 59928 [preauth]
Oct 15 03:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: Invalid user admin from 8.220.203.115
Oct 15 03:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: input_userauth_request: invalid user admin [preauth]
Oct 15 03:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: Failed password for invalid user admin from 8.220.203.115 port 43768 ssh2
Oct 15 03:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: Connection closed by 8.220.203.115 port 43768 [preauth]
Oct 15 03:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31296]: Invalid user vyos from 8.220.203.115
Oct 15 03:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31296]: input_userauth_request: invalid user vyos [preauth]
Oct 15 03:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31296]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31296]: Failed password for invalid user vyos from 8.220.203.115 port 57712 ssh2
Oct 15 03:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31296]: Connection closed by 8.220.203.115 port 57712 [preauth]
Oct 15 03:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: Invalid user elastic from 8.220.203.115
Oct 15 03:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: input_userauth_request: invalid user elastic [preauth]
Oct 15 03:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: Failed password for invalid user elastic from 8.220.203.115 port 47052 ssh2
Oct 15 03:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31299]: Connection closed by 8.220.203.115 port 47052 [preauth]
Oct 15 03:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115  user=root
Oct 15 03:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31324]: Failed password for root from 8.220.203.115 port 38410 ssh2
Oct 15 03:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31324]: Connection closed by 8.220.203.115 port 38410 [preauth]
Oct 15 03:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: Invalid user ubuntu from 8.220.203.115
Oct 15 03:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 03:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: Connection reset by 205.210.31.64 port 63728 [preauth]
Oct 15 03:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: Failed password for invalid user ubuntu from 8.220.203.115 port 56974 ssh2
Oct 15 03:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: Connection closed by 8.220.203.115 port 56974 [preauth]
Oct 15 03:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: Invalid user test from 8.220.203.115
Oct 15 03:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: input_userauth_request: invalid user test [preauth]
Oct 15 03:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: Failed password for invalid user test from 8.220.203.115 port 44912 ssh2
Oct 15 03:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: Connection closed by 8.220.203.115 port 44912 [preauth]
Oct 15 03:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115  user=root
Oct 15 03:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31349]: Failed password for root from 8.220.203.115 port 59134 ssh2
Oct 15 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31349]: Connection closed by 8.220.203.115 port 59134 [preauth]
Oct 15 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31368]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31365]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31364]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31367]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31366]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31363]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31368]: pam_unix(cron:session): session closed for user root
Oct 15 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31363]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: Invalid user moxa from 8.220.203.115
Oct 15 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: input_userauth_request: invalid user moxa [preauth]
Oct 15 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31501]: Successful su for rubyman by root
Oct 15 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31501]: + ??? root:rubyman
Oct 15 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: Failed password for invalid user moxa from 8.220.203.115 port 44160 ssh2
Oct 15 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415283 of user rubyman.
Oct 15 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31501]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415283.
Oct 15 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: Connection closed by 8.220.203.115 port 44160 [preauth]
Oct 15 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: Invalid user deployer from 8.220.203.115
Oct 15 03:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: input_userauth_request: invalid user deployer [preauth]
Oct 15 03:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: Failed password for invalid user deployer from 8.220.203.115 port 56862 ssh2
Oct 15 03:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: Connection closed by 8.220.203.115 port 56862 [preauth]
Oct 15 03:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115  user=root
Oct 15 03:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31365]: pam_unix(cron:session): session closed for user root
Oct 15 03:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: Failed password for root from 8.220.203.115 port 42200 ssh2
Oct 15 03:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27903]: pam_unix(cron:session): session closed for user root
Oct 15 03:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: Connection closed by 8.220.203.115 port 42200 [preauth]
Oct 15 03:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31807]: Invalid user admin from 8.220.203.115
Oct 15 03:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31807]: input_userauth_request: invalid user admin [preauth]
Oct 15 03:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31807]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31807]: Failed password for invalid user admin from 8.220.203.115 port 54168 ssh2
Oct 15 03:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31807]: Connection closed by 8.220.203.115 port 54168 [preauth]
Oct 15 03:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: Invalid user ubuntu from 8.220.203.115
Oct 15 03:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 03:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: Failed password for invalid user ubuntu from 8.220.203.115 port 37044 ssh2
Oct 15 03:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31841]: Connection closed by 8.220.203.115 port 37044 [preauth]
Oct 15 03:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: User mysql from 8.220.203.115 not allowed because not listed in AllowUsers
Oct 15 03:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: input_userauth_request: invalid user mysql [preauth]
Oct 15 03:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115  user=mysql
Oct 15 03:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31364]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: Failed password for invalid user mysql from 8.220.203.115 port 52002 ssh2
Oct 15 03:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: Connection closed by 8.220.203.115 port 52002 [preauth]
Oct 15 03:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: Invalid user admin from 8.220.203.115
Oct 15 03:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: input_userauth_request: invalid user admin [preauth]
Oct 15 03:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: Failed password for invalid user admin from 8.220.203.115 port 43640 ssh2
Oct 15 03:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31895]: Connection closed by 8.220.203.115 port 43640 [preauth]
Oct 15 03:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31911]: Invalid user vpnssh from 8.220.203.115
Oct 15 03:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31911]: input_userauth_request: invalid user vpnssh [preauth]
Oct 15 03:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31911]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31911]: Failed password for invalid user vpnssh from 8.220.203.115 port 33470 ssh2
Oct 15 03:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31911]: Connection closed by 8.220.203.115 port 33470 [preauth]
Oct 15 03:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31913]: Invalid user user from 8.220.203.115
Oct 15 03:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31913]: input_userauth_request: invalid user user [preauth]
Oct 15 03:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31913]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31913]: Failed password for invalid user user from 8.220.203.115 port 50060 ssh2
Oct 15 03:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31913]: Connection closed by 8.220.203.115 port 50060 [preauth]
Oct 15 03:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: Invalid user vpn from 8.220.203.115
Oct 15 03:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: input_userauth_request: invalid user vpn [preauth]
Oct 15 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: Failed password for invalid user vpn from 8.220.203.115 port 35528 ssh2
Oct 15 03:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31951]: Connection closed by 8.220.203.115 port 35528 [preauth]
Oct 15 03:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31954]: Invalid user ts3 from 8.220.203.115
Oct 15 03:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31954]: input_userauth_request: invalid user ts3 [preauth]
Oct 15 03:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31954]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31954]: Failed password for invalid user ts3 from 8.220.203.115 port 49066 ssh2
Oct 15 03:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31954]: Connection closed by 8.220.203.115 port 49066 [preauth]
Oct 15 03:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30291]: pam_unix(cron:session): session closed for user root
Oct 15 03:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115  user=root
Oct 15 03:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: Failed password for root from 8.220.203.115 port 36738 ssh2
Oct 15 03:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: Connection closed by 8.220.203.115 port 36738 [preauth]
Oct 15 03:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31995]: Invalid user vagrant from 8.220.203.115
Oct 15 03:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31995]: input_userauth_request: invalid user vagrant [preauth]
Oct 15 03:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31995]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31995]: Failed password for invalid user vagrant from 8.220.203.115 port 53424 ssh2
Oct 15 03:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31995]: Connection closed by 8.220.203.115 port 53424 [preauth]
Oct 15 03:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32006]: Invalid user ubnt from 8.220.203.115
Oct 15 03:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32006]: input_userauth_request: invalid user ubnt [preauth]
Oct 15 03:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32006]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32006]: Failed password for invalid user ubnt from 8.220.203.115 port 46454 ssh2
Oct 15 03:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32006]: Connection closed by 8.220.203.115 port 46454 [preauth]
Oct 15 03:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: Invalid user postgres from 8.220.203.115
Oct 15 03:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: input_userauth_request: invalid user postgres [preauth]
Oct 15 03:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: Failed password for invalid user postgres from 8.220.203.115 port 36542 ssh2
Oct 15 03:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32016]: Connection closed by 8.220.203.115 port 36542 [preauth]
Oct 15 03:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Invalid user ubuntu from 8.220.203.115
Oct 15 03:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 03:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Failed password for invalid user ubuntu from 8.220.203.115 port 54074 ssh2
Oct 15 03:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Connection closed by 8.220.203.115 port 54074 [preauth]
Oct 15 03:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32043]: Invalid user postgres from 8.220.203.115
Oct 15 03:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32043]: input_userauth_request: invalid user postgres [preauth]
Oct 15 03:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32043]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32043]: Failed password for invalid user postgres from 8.220.203.115 port 41782 ssh2
Oct 15 03:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32043]: Connection closed by 8.220.203.115 port 41782 [preauth]
Oct 15 03:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: Invalid user testuser from 8.220.203.115
Oct 15 03:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: input_userauth_request: invalid user testuser [preauth]
Oct 15 03:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: Failed password for invalid user testuser from 8.220.203.115 port 56888 ssh2
Oct 15 03:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32062]: Connection closed by 8.220.203.115 port 56888 [preauth]
Oct 15 03:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Invalid user debian from 8.220.203.115
Oct 15 03:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: input_userauth_request: invalid user debian [preauth]
Oct 15 03:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32082]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32078]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32076]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Failed password for invalid user debian from 8.220.203.115 port 41238 ssh2
Oct 15 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Connection closed by 8.220.203.115 port 41238 [preauth]
Oct 15 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32239]: Successful su for rubyman by root
Oct 15 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32239]: + ??? root:rubyman
Oct 15 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415287 of user rubyman.
Oct 15 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32239]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415287.
Oct 15 03:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115  user=root
Oct 15 03:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: Failed password for root from 8.220.203.115 port 53614 ssh2
Oct 15 03:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: Connection closed by 8.220.203.115 port 53614 [preauth]
Oct 15 03:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32362]: Invalid user django from 203.215.177.203
Oct 15 03:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32362]: input_userauth_request: invalid user django [preauth]
Oct 15 03:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32362]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Invalid user orangepi from 8.220.203.115
Oct 15 03:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: input_userauth_request: invalid user orangepi [preauth]
Oct 15 03:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28390]: pam_unix(cron:session): session closed for user root
Oct 15 03:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32362]: Failed password for invalid user django from 203.215.177.203 port 41744 ssh2
Oct 15 03:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32362]: Received disconnect from 203.215.177.203 port 41744:11: Bye Bye [preauth]
Oct 15 03:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32362]: Disconnected from 203.215.177.203 port 41744 [preauth]
Oct 15 03:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Failed password for invalid user orangepi from 8.220.203.115 port 52832 ssh2
Oct 15 03:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Connection closed by 8.220.203.115 port 52832 [preauth]
Oct 15 03:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: Invalid user odroid from 8.220.203.115
Oct 15 03:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: input_userauth_request: invalid user odroid [preauth]
Oct 15 03:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32077]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: Failed password for invalid user odroid from 8.220.203.115 port 44680 ssh2
Oct 15 03:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: Connection closed by 8.220.203.115 port 44680 [preauth]
Oct 15 03:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115  user=root
Oct 15 03:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: Failed password for root from 8.220.203.115 port 36660 ssh2
Oct 15 03:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: Connection closed by 8.220.203.115 port 36660 [preauth]
Oct 15 03:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: Invalid user kali from 8.220.203.115
Oct 15 03:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: input_userauth_request: invalid user kali [preauth]
Oct 15 03:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: Failed password for invalid user kali from 8.220.203.115 port 51972 ssh2
Oct 15 03:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: Connection closed by 8.220.203.115 port 51972 [preauth]
Oct 15 03:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115  user=root
Oct 15 03:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: Failed password for root from 8.220.203.115 port 38404 ssh2
Oct 15 03:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: Connection closed by 8.220.203.115 port 38404 [preauth]
Oct 15 03:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32514]: Invalid user zjw from 8.220.203.115
Oct 15 03:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32514]: input_userauth_request: invalid user zjw [preauth]
Oct 15 03:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32514]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32514]: Failed password for invalid user zjw from 8.220.203.115 port 59724 ssh2
Oct 15 03:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32514]: Connection closed by 8.220.203.115 port 59724 [preauth]
Oct 15 03:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Invalid user guest from 8.220.203.115
Oct 15 03:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: input_userauth_request: invalid user guest [preauth]
Oct 15 03:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Failed password for invalid user guest from 8.220.203.115 port 48752 ssh2
Oct 15 03:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Connection closed by 8.220.203.115 port 48752 [preauth]
Oct 15 03:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32545]: Invalid user pi from 8.220.203.115
Oct 15 03:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32545]: input_userauth_request: invalid user pi [preauth]
Oct 15 03:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32545]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32545]: Failed password for invalid user pi from 8.220.203.115 port 35124 ssh2
Oct 15 03:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32545]: Connection closed by 8.220.203.115 port 35124 [preauth]
Oct 15 03:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32549]: Invalid user nanopi from 8.220.203.115
Oct 15 03:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32549]: input_userauth_request: invalid user nanopi [preauth]
Oct 15 03:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32549]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32549]: Failed password for invalid user nanopi from 8.220.203.115 port 50652 ssh2
Oct 15 03:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32549]: Connection closed by 8.220.203.115 port 50652 [preauth]
Oct 15 03:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30855]: pam_unix(cron:session): session closed for user root
Oct 15 03:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: Invalid user devuser from 8.220.203.115
Oct 15 03:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: input_userauth_request: invalid user devuser [preauth]
Oct 15 03:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: Failed password for invalid user devuser from 8.220.203.115 port 37672 ssh2
Oct 15 03:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: Connection closed by 8.220.203.115 port 37672 [preauth]
Oct 15 03:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: Invalid user git from 8.220.203.115
Oct 15 03:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: input_userauth_request: invalid user git [preauth]
Oct 15 03:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: Failed password for invalid user git from 8.220.203.115 port 51912 ssh2
Oct 15 03:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32583]: Connection closed by 8.220.203.115 port 51912 [preauth]
Oct 15 03:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: Invalid user openhabian from 8.220.203.115
Oct 15 03:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: input_userauth_request: invalid user openhabian [preauth]
Oct 15 03:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: Failed password for invalid user openhabian from 8.220.203.115 port 43466 ssh2
Oct 15 03:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32596]: Connection closed by 8.220.203.115 port 43466 [preauth]
Oct 15 03:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32609]: Invalid user odoo18 from 8.220.203.115
Oct 15 03:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32609]: input_userauth_request: invalid user odoo18 [preauth]
Oct 15 03:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32609]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32609]: Failed password for invalid user odoo18 from 8.220.203.115 port 33790 ssh2
Oct 15 03:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32609]: Connection closed by 8.220.203.115 port 33790 [preauth]
Oct 15 03:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32635]: Invalid user admin from 8.220.203.115
Oct 15 03:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32635]: input_userauth_request: invalid user admin [preauth]
Oct 15 03:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32635]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32635]: Failed password for invalid user admin from 8.220.203.115 port 49054 ssh2
Oct 15 03:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32635]: Connection closed by 8.220.203.115 port 49054 [preauth]
Oct 15 03:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115  user=root
Oct 15 03:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32637]: Failed password for root from 8.220.203.115 port 40694 ssh2
Oct 15 03:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32637]: Connection closed by 8.220.203.115 port 40694 [preauth]
Oct 15 03:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32648]: Invalid user devops from 8.220.203.115
Oct 15 03:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32648]: input_userauth_request: invalid user devops [preauth]
Oct 15 03:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32648]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32648]: Failed password for invalid user devops from 8.220.203.115 port 59182 ssh2
Oct 15 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32657]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32656]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32648]: Connection closed by 8.220.203.115 port 59182 [preauth]
Oct 15 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32654]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32716]: Invalid user ubuntu from 8.220.203.115
Oct 15 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32716]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32716]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32746]: Successful su for rubyman by root
Oct 15 03:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32746]: + ??? root:rubyman
Oct 15 03:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415291 of user rubyman.
Oct 15 03:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32746]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415291.
Oct 15 03:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32716]: Failed password for invalid user ubuntu from 8.220.203.115 port 52710 ssh2
Oct 15 03:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32716]: Connection closed by 8.220.203.115 port 52710 [preauth]
Oct 15 03:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: Invalid user es from 8.220.203.115
Oct 15 03:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: input_userauth_request: invalid user es [preauth]
Oct 15 03:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: Failed password for invalid user es from 8.220.203.115 port 36892 ssh2
Oct 15 03:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: Connection closed by 8.220.203.115 port 36892 [preauth]
Oct 15 03:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: Invalid user hadoop from 8.220.203.115
Oct 15 03:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: input_userauth_request: invalid user hadoop [preauth]
Oct 15 03:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29268]: pam_unix(cron:session): session closed for user root
Oct 15 03:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: Failed password for invalid user hadoop from 8.220.203.115 port 57394 ssh2
Oct 15 03:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[431]: Connection closed by 8.220.203.115 port 57394 [preauth]
Oct 15 03:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[488]: Invalid user esuser from 8.220.203.115
Oct 15 03:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[488]: input_userauth_request: invalid user esuser [preauth]
Oct 15 03:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[488]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[488]: Failed password for invalid user esuser from 8.220.203.115 port 41760 ssh2
Oct 15 03:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[488]: Connection closed by 8.220.203.115 port 41760 [preauth]
Oct 15 03:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115  user=root
Oct 15 03:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32655]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[508]: Failed password for root from 8.220.203.115 port 60842 ssh2
Oct 15 03:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[508]: Connection closed by 8.220.203.115 port 60842 [preauth]
Oct 15 03:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Invalid user ubuntu from 8.220.203.115
Oct 15 03:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 03:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Failed password for invalid user ubuntu from 8.220.203.115 port 48726 ssh2
Oct 15 03:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Connection closed by 8.220.203.115 port 48726 [preauth]
Oct 15 03:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: Invalid user craft from 8.220.203.115
Oct 15 03:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: input_userauth_request: invalid user craft [preauth]
Oct 15 03:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: Failed password for invalid user craft from 8.220.203.115 port 34712 ssh2
Oct 15 03:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: Connection closed by 8.220.203.115 port 34712 [preauth]
Oct 15 03:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: Invalid user postgres from 8.220.203.115
Oct 15 03:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: input_userauth_request: invalid user postgres [preauth]
Oct 15 03:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.220.203.115
Oct 15 03:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: Failed password for invalid user postgres from 8.220.203.115 port 55180 ssh2
Oct 15 03:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[567]: Connection closed by 8.220.203.115 port 55180 [preauth]
Oct 15 03:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31367]: pam_unix(cron:session): session closed for user root
Oct 15 03:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[653]: Invalid user nagios from 203.215.177.203
Oct 15 03:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[653]: input_userauth_request: invalid user nagios [preauth]
Oct 15 03:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[653]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[653]: Failed password for invalid user nagios from 203.215.177.203 port 3452 ssh2
Oct 15 03:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[653]: Received disconnect from 203.215.177.203 port 3452:11: Bye Bye [preauth]
Oct 15 03:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[653]: Disconnected from 203.215.177.203 port 3452 [preauth]
Oct 15 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[684]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[683]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[681]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[756]: Successful su for rubyman by root
Oct 15 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[756]: + ??? root:rubyman
Oct 15 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415294 of user rubyman.
Oct 15 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[756]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415294.
Oct 15 03:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29763]: pam_unix(cron:session): session closed for user root
Oct 15 03:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[682]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32082]: pam_unix(cron:session): session closed for user root
Oct 15 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1257]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1260]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1255]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1328]: Successful su for rubyman by root
Oct 15 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1328]: + ??? root:rubyman
Oct 15 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415299 of user rubyman.
Oct 15 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1328]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415299.
Oct 15 03:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30290]: pam_unix(cron:session): session closed for user root
Oct 15 03:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1256]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203  user=root
Oct 15 03:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: Failed password for root from 203.215.177.203 port 52264 ssh2
Oct 15 03:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: Received disconnect from 203.215.177.203 port 52264:11: Bye Bye [preauth]
Oct 15 03:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: Disconnected from 203.215.177.203 port 52264 [preauth]
Oct 15 03:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32657]: pam_unix(cron:session): session closed for user root
Oct 15 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1770]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1771]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1772]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1769]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1772]: pam_unix(cron:session): session closed for user root
Oct 15 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1765]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1846]: Successful su for rubyman by root
Oct 15 03:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1846]: + ??? root:rubyman
Oct 15 03:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1846]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415305 of user rubyman.
Oct 15 03:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1846]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415305.
Oct 15 03:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1769]: pam_unix(cron:session): session closed for user root
Oct 15 03:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30854]: pam_unix(cron:session): session closed for user root
Oct 15 03:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1768]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[684]: pam_unix(cron:session): session closed for user root
Oct 15 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2350]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2349]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2347]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2422]: Successful su for rubyman by root
Oct 15 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2422]: + ??? root:rubyman
Oct 15 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415308 of user rubyman.
Oct 15 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2422]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415308.
Oct 15 03:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31366]: pam_unix(cron:session): session closed for user root
Oct 15 03:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: Invalid user dockeruser from 203.215.177.203
Oct 15 03:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: input_userauth_request: invalid user dockeruser [preauth]
Oct 15 03:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: Failed password for invalid user dockeruser from 203.215.177.203 port 1562 ssh2
Oct 15 03:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: Received disconnect from 203.215.177.203 port 1562:11: Bye Bye [preauth]
Oct 15 03:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2640]: Disconnected from 203.215.177.203 port 1562 [preauth]
Oct 15 03:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2348]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1260]: pam_unix(cron:session): session closed for user root
Oct 15 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2808]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2807]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2804]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2878]: Successful su for rubyman by root
Oct 15 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2878]: + ??? root:rubyman
Oct 15 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2878]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415313 of user rubyman.
Oct 15 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2878]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415313.
Oct 15 03:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: Invalid user operator from 185.156.73.233
Oct 15 03:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: input_userauth_request: invalid user operator [preauth]
Oct 15 03:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 03:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32078]: pam_unix(cron:session): session closed for user root
Oct 15 03:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: Failed password for invalid user operator from 185.156.73.233 port 41636 ssh2
Oct 15 03:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: Connection closed by 185.156.73.233 port 41636 [preauth]
Oct 15 03:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2806]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1771]: pam_unix(cron:session): session closed for user root
Oct 15 03:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3232]: Invalid user ubuntu from 203.215.177.203
Oct 15 03:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3232]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 03:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3232]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3232]: Failed password for invalid user ubuntu from 203.215.177.203 port 64872 ssh2
Oct 15 03:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3232]: Received disconnect from 203.215.177.203 port 64872:11: Bye Bye [preauth]
Oct 15 03:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3232]: Disconnected from 203.215.177.203 port 64872 [preauth]
Oct 15 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3255]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3251]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3254]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3251]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3350]: Successful su for rubyman by root
Oct 15 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3350]: + ??? root:rubyman
Oct 15 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415317 of user rubyman.
Oct 15 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3350]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415317.
Oct 15 03:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32656]: pam_unix(cron:session): session closed for user root
Oct 15 03:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3253]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2350]: pam_unix(cron:session): session closed for user root
Oct 15 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3714]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3716]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3712]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3794]: Successful su for rubyman by root
Oct 15 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3794]: + ??? root:rubyman
Oct 15 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415321 of user rubyman.
Oct 15 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3794]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415321.
Oct 15 03:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[683]: pam_unix(cron:session): session closed for user root
Oct 15 03:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: Invalid user ubuntu from 164.68.105.9
Oct 15 03:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 03:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 03:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: Failed password for invalid user ubuntu from 164.68.105.9 port 37678 ssh2
Oct 15 03:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: Connection closed by 164.68.105.9 port 37678 [preauth]
Oct 15 03:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3713]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: Invalid user amir from 203.215.177.203
Oct 15 03:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: input_userauth_request: invalid user amir [preauth]
Oct 15 03:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: Failed password for invalid user amir from 203.215.177.203 port 54498 ssh2
Oct 15 03:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: Received disconnect from 203.215.177.203 port 54498:11: Bye Bye [preauth]
Oct 15 03:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4078]: Disconnected from 203.215.177.203 port 54498 [preauth]
Oct 15 03:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2808]: pam_unix(cron:session): session closed for user root
Oct 15 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4227]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4226]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4218]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4222]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4227]: pam_unix(cron:session): session closed for user root
Oct 15 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4210]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4320]: Successful su for rubyman by root
Oct 15 03:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4320]: + ??? root:rubyman
Oct 15 03:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415325 of user rubyman.
Oct 15 03:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4320]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415325.
Oct 15 03:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4218]: pam_unix(cron:session): session closed for user root
Oct 15 03:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1257]: pam_unix(cron:session): session closed for user root
Oct 15 03:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4211]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: Invalid user a from 83.226.97.41
Oct 15 03:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: input_userauth_request: invalid user a [preauth]
Oct 15 03:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3255]: pam_unix(cron:session): session closed for user root
Oct 15 03:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41
Oct 15 03:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: Failed password for invalid user a from 83.226.97.41 port 35086 ssh2
Oct 15 03:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: Connection closed by 83.226.97.41 port 35086 [preauth]
Oct 15 03:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: Invalid user nil from 83.226.97.41
Oct 15 03:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: input_userauth_request: invalid user nil [preauth]
Oct 15 03:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: Failed none for invalid user nil from 83.226.97.41 port 40822 ssh2
Oct 15 03:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: Connection closed by 83.226.97.41 port 40822 [preauth]
Oct 15 03:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4769]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4770]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4767]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4856]: Successful su for rubyman by root
Oct 15 03:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4856]: + ??? root:rubyman
Oct 15 03:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415332 of user rubyman.
Oct 15 03:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4856]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415332.
Oct 15 03:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: Invalid user teamspeak from 203.215.177.203
Oct 15 03:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: input_userauth_request: invalid user teamspeak [preauth]
Oct 15 03:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1770]: pam_unix(cron:session): session closed for user root
Oct 15 03:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: Failed password for invalid user teamspeak from 203.215.177.203 port 51156 ssh2
Oct 15 03:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: Received disconnect from 203.215.177.203 port 51156:11: Bye Bye [preauth]
Oct 15 03:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5504]: Disconnected from 203.215.177.203 port 51156 [preauth]
Oct 15 03:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: Invalid user admin from 83.226.97.41
Oct 15 03:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: input_userauth_request: invalid user admin [preauth]
Oct 15 03:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4768]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41
Oct 15 03:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: Failed password for invalid user admin from 83.226.97.41 port 45532 ssh2
Oct 15 03:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: Connection closed by 83.226.97.41 port 45532 [preauth]
Oct 15 03:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3716]: pam_unix(cron:session): session closed for user root
Oct 15 03:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41  user=root
Oct 15 03:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: Failed password for root from 83.226.97.41 port 51616 ssh2
Oct 15 03:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: Connection closed by 83.226.97.41 port 51616 [preauth]
Oct 15 03:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5686]: Invalid user orangepi from 83.226.97.41
Oct 15 03:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5686]: input_userauth_request: invalid user orangepi [preauth]
Oct 15 03:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5686]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41
Oct 15 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5744]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5743]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5740]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5686]: Failed password for invalid user orangepi from 83.226.97.41 port 56616 ssh2
Oct 15 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5820]: Successful su for rubyman by root
Oct 15 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5820]: + ??? root:rubyman
Oct 15 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415335 of user rubyman.
Oct 15 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5820]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415335.
Oct 15 03:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5686]: Connection closed by 83.226.97.41 port 56616 [preauth]
Oct 15 03:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2349]: pam_unix(cron:session): session closed for user root
Oct 15 03:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5742]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Invalid user support from 83.226.97.41
Oct 15 03:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: input_userauth_request: invalid user support [preauth]
Oct 15 03:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41
Oct 15 03:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Failed password for invalid user support from 83.226.97.41 port 34710 ssh2
Oct 15 03:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Connection closed by 83.226.97.41 port 34710 [preauth]
Oct 15 03:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4226]: pam_unix(cron:session): session closed for user root
Oct 15 03:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: Invalid user ubnt from 83.226.97.41
Oct 15 03:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: input_userauth_request: invalid user ubnt [preauth]
Oct 15 03:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41
Oct 15 03:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: Failed password for invalid user ubnt from 83.226.97.41 port 40268 ssh2
Oct 15 03:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6108]: Connection closed by 83.226.97.41 port 40268 [preauth]
Oct 15 03:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: Invalid user nagios from 203.215.177.203
Oct 15 03:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: input_userauth_request: invalid user nagios [preauth]
Oct 15 03:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: Failed password for invalid user nagios from 203.215.177.203 port 26406 ssh2
Oct 15 03:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: Received disconnect from 203.215.177.203 port 26406:11: Bye Bye [preauth]
Oct 15 03:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: Disconnected from 203.215.177.203 port 26406 [preauth]
Oct 15 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6222]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6221]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6219]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: Invalid user user from 83.226.97.41
Oct 15 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: input_userauth_request: invalid user user [preauth]
Oct 15 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41
Oct 15 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6289]: Successful su for rubyman by root
Oct 15 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6289]: + ??? root:rubyman
Oct 15 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6289]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415339 of user rubyman.
Oct 15 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6289]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415339.
Oct 15 03:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: Failed password for invalid user user from 83.226.97.41 port 45676 ssh2
Oct 15 03:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: Connection closed by 83.226.97.41 port 45676 [preauth]
Oct 15 03:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2807]: pam_unix(cron:session): session closed for user root
Oct 15 03:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6220]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Connection closed by 83.226.97.41 port 50174 [preauth]
Oct 15 03:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41  user=root
Oct 15 03:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4770]: pam_unix(cron:session): session closed for user root
Oct 15 03:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6560]: Failed password for root from 83.226.97.41 port 54412 ssh2
Oct 15 03:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6560]: Connection closed by 83.226.97.41 port 54412 [preauth]
Oct 15 03:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: Invalid user admin from 83.226.97.41
Oct 15 03:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: input_userauth_request: invalid user admin [preauth]
Oct 15 03:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41
Oct 15 03:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: Failed password for invalid user admin from 83.226.97.41 port 59344 ssh2
Oct 15 03:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: Connection closed by 83.226.97.41 port 59344 [preauth]
Oct 15 03:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6774]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6775]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6770]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6772]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6953]: Successful su for rubyman by root
Oct 15 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6953]: + ??? root:rubyman
Oct 15 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415343 of user rubyman.
Oct 15 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6953]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415343.
Oct 15 03:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6770]: pam_unix(cron:session): session closed for user root
Oct 15 03:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3254]: pam_unix(cron:session): session closed for user root
Oct 15 03:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: Invalid user admin from 2.57.121.25
Oct 15 03:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: input_userauth_request: invalid user admin [preauth]
Oct 15 03:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 03:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6773]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6769]: Invalid user admin from 83.226.97.41
Oct 15 03:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6769]: input_userauth_request: invalid user admin [preauth]
Oct 15 03:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6769]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41
Oct 15 03:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: Failed password for invalid user admin from 2.57.121.25 port 32113 ssh2
Oct 15 03:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6769]: Failed password for invalid user admin from 83.226.97.41 port 35946 ssh2
Oct 15 03:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: Failed password for invalid user admin from 2.57.121.25 port 32113 ssh2
Oct 15 03:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6769]: Connection closed by 83.226.97.41 port 35946 [preauth]
Oct 15 03:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: Failed password for invalid user admin from 2.57.121.25 port 32113 ssh2
Oct 15 03:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: Failed password for invalid user admin from 2.57.121.25 port 32113 ssh2
Oct 15 03:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: Failed password for invalid user admin from 2.57.121.25 port 32113 ssh2
Oct 15 03:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: Received disconnect from 2.57.121.25 port 32113:11: Bye [preauth]
Oct 15 03:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: Disconnected from 2.57.121.25 port 32113 [preauth]
Oct 15 03:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 03:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7262]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 03:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7340]: Invalid user minecraft from 203.215.177.203
Oct 15 03:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7340]: input_userauth_request: invalid user minecraft [preauth]
Oct 15 03:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7340]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7340]: Failed password for invalid user minecraft from 203.215.177.203 port 8736 ssh2
Oct 15 03:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7340]: Received disconnect from 203.215.177.203 port 8736:11: Bye Bye [preauth]
Oct 15 03:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7340]: Disconnected from 203.215.177.203 port 8736 [preauth]
Oct 15 03:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5744]: pam_unix(cron:session): session closed for user root
Oct 15 03:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: Invalid user pi from 83.226.97.41
Oct 15 03:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: input_userauth_request: invalid user pi [preauth]
Oct 15 03:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41
Oct 15 03:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: Failed password for invalid user pi from 83.226.97.41 port 41776 ssh2
Oct 15 03:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7303]: Connection closed by 83.226.97.41 port 41776 [preauth]
Oct 15 03:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7458]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7462]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7457]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7459]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7462]: pam_unix(cron:session): session closed for user root
Oct 15 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7455]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7534]: Successful su for rubyman by root
Oct 15 03:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7534]: + ??? root:rubyman
Oct 15 03:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415351 of user rubyman.
Oct 15 03:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7534]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415351.
Oct 15 03:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: Invalid user debian from 83.226.97.41
Oct 15 03:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: input_userauth_request: invalid user debian [preauth]
Oct 15 03:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41
Oct 15 03:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: Failed password for invalid user debian from 83.226.97.41 port 47864 ssh2
Oct 15 03:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7457]: pam_unix(cron:session): session closed for user root
Oct 15 03:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: Connection closed by 83.226.97.41 port 47864 [preauth]
Oct 15 03:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3714]: pam_unix(cron:session): session closed for user root
Oct 15 03:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7456]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7707]: Invalid user pi from 83.226.97.41
Oct 15 03:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7707]: input_userauth_request: invalid user pi [preauth]
Oct 15 03:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7707]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41
Oct 15 03:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7707]: Failed password for invalid user pi from 83.226.97.41 port 53664 ssh2
Oct 15 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7707]: Connection closed by 83.226.97.41 port 53664 [preauth]
Oct 15 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: Invalid user admin from 80.94.95.115
Oct 15 03:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: input_userauth_request: invalid user admin [preauth]
Oct 15 03:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Oct 15 03:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: Failed password for invalid user admin from 80.94.95.115 port 24598 ssh2
Oct 15 03:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: Connection closed by 80.94.95.115 port 24598 [preauth]
Oct 15 03:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6222]: pam_unix(cron:session): session closed for user root
Oct 15 03:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: Invalid user localadmin from 83.226.97.41
Oct 15 03:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: input_userauth_request: invalid user localadmin [preauth]
Oct 15 03:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41
Oct 15 03:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: Failed password for invalid user localadmin from 83.226.97.41 port 59506 ssh2
Oct 15 03:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: Connection closed by 83.226.97.41 port 59506 [preauth]
Oct 15 03:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8397]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8395]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8396]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8394]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8394]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8478]: Successful su for rubyman by root
Oct 15 03:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8478]: + ??? root:rubyman
Oct 15 03:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415354 of user rubyman.
Oct 15 03:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8478]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415354.
Oct 15 03:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41  user=root
Oct 15 03:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4222]: pam_unix(cron:session): session closed for user root
Oct 15 03:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: Failed password for root from 83.226.97.41 port 36356 ssh2
Oct 15 03:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: Connection closed by 83.226.97.41 port 36356 [preauth]
Oct 15 03:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8395]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: Invalid user ftptest from 203.215.177.203
Oct 15 03:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: input_userauth_request: invalid user ftptest [preauth]
Oct 15 03:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: Failed password for invalid user ftptest from 203.215.177.203 port 42922 ssh2
Oct 15 03:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: Received disconnect from 203.215.177.203 port 42922:11: Bye Bye [preauth]
Oct 15 03:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8701]: Disconnected from 203.215.177.203 port 42922 [preauth]
Oct 15 03:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8695]: Invalid user ubuntu from 83.226.97.41
Oct 15 03:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8695]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 03:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8695]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41
Oct 15 03:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8695]: Failed password for invalid user ubuntu from 83.226.97.41 port 41516 ssh2
Oct 15 03:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8695]: Connection closed by 83.226.97.41 port 41516 [preauth]
Oct 15 03:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6775]: pam_unix(cron:session): session closed for user root
Oct 15 03:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: Invalid user pi from 83.226.97.41
Oct 15 03:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: input_userauth_request: invalid user pi [preauth]
Oct 15 03:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41
Oct 15 03:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: Failed password for invalid user pi from 83.226.97.41 port 46824 ssh2
Oct 15 03:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8889]: Connection closed by 83.226.97.41 port 46824 [preauth]
Oct 15 03:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8999]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9000]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8997]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9072]: Successful su for rubyman by root
Oct 15 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9072]: + ??? root:rubyman
Oct 15 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415357 of user rubyman.
Oct 15 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9072]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415357.
Oct 15 03:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4769]: pam_unix(cron:session): session closed for user root
Oct 15 03:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8983]: Invalid user test from 83.226.97.41
Oct 15 03:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8983]: input_userauth_request: invalid user test [preauth]
Oct 15 03:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8983]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41
Oct 15 03:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8983]: Failed password for invalid user test from 83.226.97.41 port 52568 ssh2
Oct 15 03:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8998]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8983]: Connection closed by 83.226.97.41 port 52568 [preauth]
Oct 15 03:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41  user=root
Oct 15 03:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: Failed password for root from 83.226.97.41 port 57616 ssh2
Oct 15 03:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: Connection closed by 83.226.97.41 port 57616 [preauth]
Oct 15 03:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7459]: pam_unix(cron:session): session closed for user root
Oct 15 03:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41  user=root
Oct 15 03:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9534]: Failed password for root from 83.226.97.41 port 34936 ssh2
Oct 15 03:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9534]: Connection closed by 83.226.97.41 port 34936 [preauth]
Oct 15 03:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Invalid user nodeuser from 203.215.177.203
Oct 15 03:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: input_userauth_request: invalid user nodeuser [preauth]
Oct 15 03:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9630]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9628]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9623]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9818]: Successful su for rubyman by root
Oct 15 03:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9818]: + ??? root:rubyman
Oct 15 03:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9818]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415361 of user rubyman.
Oct 15 03:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9818]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415361.
Oct 15 03:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Failed password for invalid user nodeuser from 203.215.177.203 port 13180 ssh2
Oct 15 03:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Received disconnect from 203.215.177.203 port 13180:11: Bye Bye [preauth]
Oct 15 03:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Disconnected from 203.215.177.203 port 13180 [preauth]
Oct 15 03:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5743]: pam_unix(cron:session): session closed for user root
Oct 15 03:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: Invalid user admin from 83.226.97.41
Oct 15 03:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: input_userauth_request: invalid user admin [preauth]
Oct 15 03:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41
Oct 15 03:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: Failed password for invalid user admin from 83.226.97.41 port 39862 ssh2
Oct 15 03:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9596]: Connection closed by 83.226.97.41 port 39862 [preauth]
Oct 15 03:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9624]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10067]: Invalid user guest from 83.226.97.41
Oct 15 03:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10067]: input_userauth_request: invalid user guest [preauth]
Oct 15 03:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10067]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.226.97.41
Oct 15 03:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10067]: Failed password for invalid user guest from 83.226.97.41 port 44784 ssh2
Oct 15 03:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10067]: Connection closed by 83.226.97.41 port 44784 [preauth]
Oct 15 03:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8397]: pam_unix(cron:session): session closed for user root
Oct 15 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10224]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10226]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10221]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10300]: Successful su for rubyman by root
Oct 15 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10300]: + ??? root:rubyman
Oct 15 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415365 of user rubyman.
Oct 15 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10300]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415365.
Oct 15 03:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6221]: pam_unix(cron:session): session closed for user root
Oct 15 03:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10223]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 15 03:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:71.6.199.23
Oct 15 03:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9000]: pam_unix(cron:session): session closed for user root
Oct 15 03:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: Invalid user ahmed from 203.215.177.203
Oct 15 03:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: input_userauth_request: invalid user ahmed [preauth]
Oct 15 03:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: Failed password for invalid user ahmed from 203.215.177.203 port 58636 ssh2
Oct 15 03:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: Received disconnect from 203.215.177.203 port 58636:11: Bye Bye [preauth]
Oct 15 03:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10655]: Disconnected from 203.215.177.203 port 58636 [preauth]
Oct 15 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10726]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10722]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10718]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10721]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10720]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10725]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10726]: pam_unix(cron:session): session closed for user root
Oct 15 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10718]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10799]: Successful su for rubyman by root
Oct 15 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10799]: + ??? root:rubyman
Oct 15 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415369 of user rubyman.
Oct 15 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10799]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415369.
Oct 15 03:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10721]: pam_unix(cron:session): session closed for user root
Oct 15 03:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6774]: pam_unix(cron:session): session closed for user root
Oct 15 03:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10720]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9630]: pam_unix(cron:session): session closed for user root
Oct 15 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11197]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11198]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11195]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11294]: Successful su for rubyman by root
Oct 15 03:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11294]: + ??? root:rubyman
Oct 15 03:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11294]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415377 of user rubyman.
Oct 15 03:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11294]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415377.
Oct 15 03:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7458]: pam_unix(cron:session): session closed for user root
Oct 15 03:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11196]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11506]: Invalid user a from 203.215.177.203
Oct 15 03:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11506]: input_userauth_request: invalid user a [preauth]
Oct 15 03:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11506]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11506]: Failed password for invalid user a from 203.215.177.203 port 17280 ssh2
Oct 15 03:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11506]: Received disconnect from 203.215.177.203 port 17280:11: Bye Bye [preauth]
Oct 15 03:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11506]: Disconnected from 203.215.177.203 port 17280 [preauth]
Oct 15 03:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10226]: pam_unix(cron:session): session closed for user root
Oct 15 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11780]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11778]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11776]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11857]: Successful su for rubyman by root
Oct 15 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11857]: + ??? root:rubyman
Oct 15 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415379 of user rubyman.
Oct 15 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11857]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415379.
Oct 15 03:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11962]: Did not receive identification string from 87.236.176.32
Oct 15 03:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: Connection closed by 87.236.176.32 port 53413 [preauth]
Oct 15 03:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8396]: pam_unix(cron:session): session closed for user root
Oct 15 03:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11777]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10725]: pam_unix(cron:session): session closed for user root
Oct 15 03:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: Invalid user ec2-user from 203.215.177.203
Oct 15 03:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: input_userauth_request: invalid user ec2-user [preauth]
Oct 15 03:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12269]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12268]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12266]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: Failed password for invalid user ec2-user from 203.215.177.203 port 36672 ssh2
Oct 15 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: Received disconnect from 203.215.177.203 port 36672:11: Bye Bye [preauth]
Oct 15 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: Disconnected from 203.215.177.203 port 36672 [preauth]
Oct 15 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12336]: Successful su for rubyman by root
Oct 15 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12336]: + ??? root:rubyman
Oct 15 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12336]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415383 of user rubyman.
Oct 15 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12336]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415383.
Oct 15 03:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8999]: pam_unix(cron:session): session closed for user root
Oct 15 03:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12267]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11198]: pam_unix(cron:session): session closed for user root
Oct 15 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12747]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12748]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12745]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12823]: Successful su for rubyman by root
Oct 15 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12823]: + ??? root:rubyman
Oct 15 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415387 of user rubyman.
Oct 15 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12823]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415387.
Oct 15 03:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9628]: pam_unix(cron:session): session closed for user root
Oct 15 03:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12746]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11780]: pam_unix(cron:session): session closed for user root
Oct 15 03:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: Invalid user prueba from 80.94.95.116
Oct 15 03:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: input_userauth_request: invalid user prueba [preauth]
Oct 15 03:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 03:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: Invalid user teamspeak3 from 203.215.177.203
Oct 15 03:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: input_userauth_request: invalid user teamspeak3 [preauth]
Oct 15 03:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: Failed password for invalid user prueba from 80.94.95.116 port 50970 ssh2
Oct 15 03:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13151]: Connection closed by 80.94.95.116 port 50970 [preauth]
Oct 15 03:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: Failed password for invalid user teamspeak3 from 203.215.177.203 port 28424 ssh2
Oct 15 03:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: Received disconnect from 203.215.177.203 port 28424:11: Bye Bye [preauth]
Oct 15 03:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: Disconnected from 203.215.177.203 port 28424 [preauth]
Oct 15 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13361]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13363]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13360]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13359]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13357]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13363]: pam_unix(cron:session): session closed for user root
Oct 15 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13356]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13445]: Successful su for rubyman by root
Oct 15 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13445]: + ??? root:rubyman
Oct 15 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415391 of user rubyman.
Oct 15 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13445]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415391.
Oct 15 03:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13359]: pam_unix(cron:session): session closed for user root
Oct 15 03:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10224]: pam_unix(cron:session): session closed for user root
Oct 15 03:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13357]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12269]: pam_unix(cron:session): session closed for user root
Oct 15 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13899]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13898]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13896]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13973]: Successful su for rubyman by root
Oct 15 03:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13973]: + ??? root:rubyman
Oct 15 03:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415398 of user rubyman.
Oct 15 03:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13973]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415398.
Oct 15 03:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10722]: pam_unix(cron:session): session closed for user root
Oct 15 03:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13897]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: Invalid user adminuser from 203.215.177.203
Oct 15 03:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: input_userauth_request: invalid user adminuser [preauth]
Oct 15 03:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: Failed password for invalid user adminuser from 203.215.177.203 port 4152 ssh2
Oct 15 03:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: Received disconnect from 203.215.177.203 port 4152:11: Bye Bye [preauth]
Oct 15 03:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14293]: Disconnected from 203.215.177.203 port 4152 [preauth]
Oct 15 03:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12748]: pam_unix(cron:session): session closed for user root
Oct 15 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14420]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14417]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14418]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14416]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14416]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14497]: Successful su for rubyman by root
Oct 15 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14497]: + ??? root:rubyman
Oct 15 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415402 of user rubyman.
Oct 15 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14497]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415402.
Oct 15 03:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11197]: pam_unix(cron:session): session closed for user root
Oct 15 03:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14417]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13361]: pam_unix(cron:session): session closed for user root
Oct 15 03:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203  user=root
Oct 15 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14891]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14890]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14888]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: Failed password for root from 203.215.177.203 port 53592 ssh2
Oct 15 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14967]: Successful su for rubyman by root
Oct 15 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14967]: + ??? root:rubyman
Oct 15 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415405 of user rubyman.
Oct 15 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14967]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415405.
Oct 15 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: Received disconnect from 203.215.177.203 port 53592:11: Bye Bye [preauth]
Oct 15 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: Disconnected from 203.215.177.203 port 53592 [preauth]
Oct 15 03:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11778]: pam_unix(cron:session): session closed for user root
Oct 15 03:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14889]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13899]: pam_unix(cron:session): session closed for user root
Oct 15 03:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15430]: Invalid user ubuntu from 164.68.105.9
Oct 15 03:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15430]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 03:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15430]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 03:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15430]: Failed password for invalid user ubuntu from 164.68.105.9 port 54614 ssh2
Oct 15 03:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15430]: Connection closed by 164.68.105.9 port 54614 [preauth]
Oct 15 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15445]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15446]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15447]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15444]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15444]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15515]: Successful su for rubyman by root
Oct 15 03:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15515]: + ??? root:rubyman
Oct 15 03:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415410 of user rubyman.
Oct 15 03:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15515]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415410.
Oct 15 03:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12268]: pam_unix(cron:session): session closed for user root
Oct 15 03:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15445]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14420]: pam_unix(cron:session): session closed for user root
Oct 15 03:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Invalid user sftpuser from 203.215.177.203
Oct 15 03:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: input_userauth_request: invalid user sftpuser [preauth]
Oct 15 03:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Failed password for invalid user sftpuser from 203.215.177.203 port 56580 ssh2
Oct 15 03:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Received disconnect from 203.215.177.203 port 56580:11: Bye Bye [preauth]
Oct 15 03:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Disconnected from 203.215.177.203 port 56580 [preauth]
Oct 15 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15901]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15903]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15902]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15900]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15903]: pam_unix(cron:session): session closed for user root
Oct 15 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15898]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15972]: Successful su for rubyman by root
Oct 15 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15972]: + ??? root:rubyman
Oct 15 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415415 of user rubyman.
Oct 15 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15972]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415415.
Oct 15 03:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15900]: pam_unix(cron:session): session closed for user root
Oct 15 03:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12747]: pam_unix(cron:session): session closed for user root
Oct 15 03:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15899]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14891]: pam_unix(cron:session): session closed for user root
Oct 15 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16393]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16392]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16391]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16390]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16390]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16473]: Successful su for rubyman by root
Oct 15 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16473]: + ??? root:rubyman
Oct 15 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415419 of user rubyman.
Oct 15 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16473]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415419.
Oct 15 03:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13360]: pam_unix(cron:session): session closed for user root
Oct 15 03:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16391]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Invalid user web from 203.215.177.203
Oct 15 03:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: input_userauth_request: invalid user web [preauth]
Oct 15 03:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Failed password for invalid user web from 203.215.177.203 port 45506 ssh2
Oct 15 03:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Received disconnect from 203.215.177.203 port 45506:11: Bye Bye [preauth]
Oct 15 03:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Disconnected from 203.215.177.203 port 45506 [preauth]
Oct 15 03:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15447]: pam_unix(cron:session): session closed for user root
Oct 15 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16868]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16866]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16863]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16930]: Successful su for rubyman by root
Oct 15 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16930]: + ??? root:rubyman
Oct 15 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16930]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415423 of user rubyman.
Oct 15 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16930]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415423.
Oct 15 03:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13898]: pam_unix(cron:session): session closed for user root
Oct 15 03:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16864]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: Invalid user RPM from 185.156.73.233
Oct 15 03:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: input_userauth_request: invalid user RPM [preauth]
Oct 15 03:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 03:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: Failed password for invalid user RPM from 185.156.73.233 port 16652 ssh2
Oct 15 03:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17199]: Connection closed by 185.156.73.233 port 16652 [preauth]
Oct 15 03:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15902]: pam_unix(cron:session): session closed for user root
Oct 15 03:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: Invalid user julie from 188.37.131.134
Oct 15 03:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: input_userauth_request: invalid user julie [preauth]
Oct 15 03:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 03:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: Failed password for invalid user julie from 188.37.131.134 port 41476 ssh2
Oct 15 03:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: Received disconnect from 188.37.131.134 port 41476:11: Bye Bye [preauth]
Oct 15 03:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: Disconnected from 188.37.131.134 port 41476 [preauth]
Oct 15 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17336]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17335]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17333]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17409]: Successful su for rubyman by root
Oct 15 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17409]: + ??? root:rubyman
Oct 15 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415428 of user rubyman.
Oct 15 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17409]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415428.
Oct 15 03:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203  user=root
Oct 15 03:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14418]: pam_unix(cron:session): session closed for user root
Oct 15 03:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17482]: Failed password for root from 203.215.177.203 port 48724 ssh2
Oct 15 03:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17482]: Received disconnect from 203.215.177.203 port 48724:11: Bye Bye [preauth]
Oct 15 03:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17482]: Disconnected from 203.215.177.203 port 48724 [preauth]
Oct 15 03:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17334]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16393]: pam_unix(cron:session): session closed for user root
Oct 15 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17869]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17868]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17866]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17866]: pam_unix(cron:session): session closed for user p13x
Oct 15 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: Successful su for rubyman by root
Oct 15 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: + ??? root:rubyman
Oct 15 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415431 of user rubyman.
Oct 15 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: pam_unix(su:session): session closed for user rubyman
Oct 15 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415431.
Oct 15 03:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14890]: pam_unix(cron:session): session closed for user root
Oct 15 03:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17867]: pam_unix(cron:session): session closed for user samftp
Oct 15 03:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16868]: pam_unix(cron:session): session closed for user root
Oct 15 03:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 03:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: Invalid user debian from 203.215.177.203
Oct 15 03:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: input_userauth_request: invalid user debian [preauth]
Oct 15 03:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 03:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 03:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: Failed password for invalid user debian from 203.215.177.203 port 14756 ssh2
Oct 15 03:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: Received disconnect from 203.215.177.203 port 14756:11: Bye Bye [preauth]
Oct 15 03:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: Disconnected from 203.215.177.203 port 14756 [preauth]
Oct 15 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18580]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18579]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18577]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18582]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18581]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18576]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18577]: pam_unix(cron:session): session closed for user root
Oct 15 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18575]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18582]: pam_unix(cron:session): session closed for user root
Oct 15 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18575]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18709]: Successful su for rubyman by root
Oct 15 04:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18709]: + ??? root:rubyman
Oct 15 04:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415436 of user rubyman.
Oct 15 04:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18709]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415436.
Oct 15 04:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18579]: pam_unix(cron:session): session closed for user root
Oct 15 04:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15446]: pam_unix(cron:session): session closed for user root
Oct 15 04:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18576]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17336]: pam_unix(cron:session): session closed for user root
Oct 15 04:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: Invalid user abc1 from 116.193.191.90
Oct 15 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: input_userauth_request: invalid user abc1 [preauth]
Oct 15 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: Failed password for invalid user abc1 from 116.193.191.90 port 53992 ssh2
Oct 15 04:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: Received disconnect from 116.193.191.90 port 53992:11: Bye Bye [preauth]
Oct 15 04:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19290]: Disconnected from 116.193.191.90 port 53992 [preauth]
Oct 15 04:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: Invalid user stack from 188.37.131.134
Oct 15 04:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: input_userauth_request: invalid user stack [preauth]
Oct 15 04:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: Failed password for invalid user stack from 188.37.131.134 port 34964 ssh2
Oct 15 04:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: Received disconnect from 188.37.131.134 port 34964:11: Bye Bye [preauth]
Oct 15 04:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: Disconnected from 188.37.131.134 port 34964 [preauth]
Oct 15 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19359]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19353]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19351]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19582]: Successful su for rubyman by root
Oct 15 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19582]: + ??? root:rubyman
Oct 15 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415442 of user rubyman.
Oct 15 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19582]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415442.
Oct 15 04:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15901]: pam_unix(cron:session): session closed for user root
Oct 15 04:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19352]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: Invalid user administrator from 203.215.177.203
Oct 15 04:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: input_userauth_request: invalid user administrator [preauth]
Oct 15 04:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 04:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: Failed password for invalid user administrator from 203.215.177.203 port 18190 ssh2
Oct 15 04:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: Received disconnect from 203.215.177.203 port 18190:11: Bye Bye [preauth]
Oct 15 04:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: Disconnected from 203.215.177.203 port 18190 [preauth]
Oct 15 04:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17869]: pam_unix(cron:session): session closed for user root
Oct 15 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20148]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20149]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20146]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20247]: Successful su for rubyman by root
Oct 15 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20247]: + ??? root:rubyman
Oct 15 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415448 of user rubyman.
Oct 15 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20247]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415448.
Oct 15 04:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16392]: pam_unix(cron:session): session closed for user root
Oct 15 04:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20147]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134  user=root
Oct 15 04:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: Failed password for root from 188.37.131.134 port 33132 ssh2
Oct 15 04:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: Received disconnect from 188.37.131.134 port 33132:11: Bye Bye [preauth]
Oct 15 04:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: Disconnected from 188.37.131.134 port 33132 [preauth]
Oct 15 04:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18581]: pam_unix(cron:session): session closed for user root
Oct 15 04:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90  user=root
Oct 15 04:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20618]: Failed password for root from 116.193.191.90 port 56184 ssh2
Oct 15 04:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20618]: Received disconnect from 116.193.191.90 port 56184:11: Bye Bye [preauth]
Oct 15 04:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20618]: Disconnected from 116.193.191.90 port 56184 [preauth]
Oct 15 04:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20650]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20649]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20645]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: Invalid user deploy from 203.215.177.203
Oct 15 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: input_userauth_request: invalid user deploy [preauth]
Oct 15 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 04:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20731]: Successful su for rubyman by root
Oct 15 04:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20731]: + ??? root:rubyman
Oct 15 04:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20731]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415450 of user rubyman.
Oct 15 04:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20731]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415450.
Oct 15 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: Failed password for invalid user deploy from 203.215.177.203 port 41166 ssh2
Oct 15 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: Received disconnect from 203.215.177.203 port 41166:11: Bye Bye [preauth]
Oct 15 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: Disconnected from 203.215.177.203 port 41166 [preauth]
Oct 15 04:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16866]: pam_unix(cron:session): session closed for user root
Oct 15 04:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20647]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.136.112.238  user=root
Oct 15 04:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: Failed password for root from 223.136.112.238 port 36998 ssh2
Oct 15 04:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: Received disconnect from 223.136.112.238 port 36998:11: Bye Bye [preauth]
Oct 15 04:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: Disconnected from 223.136.112.238 port 36998 [preauth]
Oct 15 04:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19359]: pam_unix(cron:session): session closed for user root
Oct 15 04:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21104]: Invalid user jordi from 188.37.131.134
Oct 15 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21104]: input_userauth_request: invalid user jordi [preauth]
Oct 15 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21104]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21109]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21110]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21178]: Successful su for rubyman by root
Oct 15 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21178]: + ??? root:rubyman
Oct 15 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21178]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415454 of user rubyman.
Oct 15 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21178]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415454.
Oct 15 04:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21104]: Failed password for invalid user jordi from 188.37.131.134 port 49232 ssh2
Oct 15 04:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21104]: Received disconnect from 188.37.131.134 port 49232:11: Bye Bye [preauth]
Oct 15 04:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21104]: Disconnected from 188.37.131.134 port 49232 [preauth]
Oct 15 04:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17335]: pam_unix(cron:session): session closed for user root
Oct 15 04:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21108]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: Invalid user vpnuser1 from 116.193.191.90
Oct 15 04:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: input_userauth_request: invalid user vpnuser1 [preauth]
Oct 15 04:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: Failed password for invalid user vpnuser1 from 116.193.191.90 port 48472 ssh2
Oct 15 04:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: Received disconnect from 116.193.191.90 port 48472:11: Bye Bye [preauth]
Oct 15 04:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21497]: Disconnected from 116.193.191.90 port 48472 [preauth]
Oct 15 04:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: Invalid user git from 203.215.177.203
Oct 15 04:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: input_userauth_request: invalid user git [preauth]
Oct 15 04:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.215.177.203
Oct 15 04:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: Failed password for invalid user git from 203.215.177.203 port 13416 ssh2
Oct 15 04:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: Received disconnect from 203.215.177.203 port 13416:11: Bye Bye [preauth]
Oct 15 04:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21533]: Disconnected from 203.215.177.203 port 13416 [preauth]
Oct 15 04:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20149]: pam_unix(cron:session): session closed for user root
Oct 15 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21636]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21633]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21634]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21635]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21631]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21636]: pam_unix(cron:session): session closed for user root
Oct 15 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21631]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21717]: Successful su for rubyman by root
Oct 15 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21717]: + ??? root:rubyman
Oct 15 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415458 of user rubyman.
Oct 15 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21717]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415458.
Oct 15 04:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21633]: pam_unix(cron:session): session closed for user root
Oct 15 04:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17868]: pam_unix(cron:session): session closed for user root
Oct 15 04:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21632]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134  user=root
Oct 15 04:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: Failed password for root from 188.37.131.134 port 46820 ssh2
Oct 15 04:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: Received disconnect from 188.37.131.134 port 46820:11: Bye Bye [preauth]
Oct 15 04:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22012]: Disconnected from 188.37.131.134 port 46820 [preauth]
Oct 15 04:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20650]: pam_unix(cron:session): session closed for user root
Oct 15 04:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22124]: Invalid user artin from 116.193.191.90
Oct 15 04:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22124]: input_userauth_request: invalid user artin [preauth]
Oct 15 04:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22124]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22124]: Failed password for invalid user artin from 116.193.191.90 port 38582 ssh2
Oct 15 04:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22124]: Received disconnect from 116.193.191.90 port 38582:11: Bye Bye [preauth]
Oct 15 04:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22124]: Disconnected from 116.193.191.90 port 38582 [preauth]
Oct 15 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22148]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22149]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22144]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22268]: Successful su for rubyman by root
Oct 15 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22268]: + ??? root:rubyman
Oct 15 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415464 of user rubyman.
Oct 15 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22268]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415464.
Oct 15 04:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18580]: pam_unix(cron:session): session closed for user root
Oct 15 04:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22147]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21110]: pam_unix(cron:session): session closed for user root
Oct 15 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22659]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22655]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22653]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22917]: Successful su for rubyman by root
Oct 15 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22917]: + ??? root:rubyman
Oct 15 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415468 of user rubyman.
Oct 15 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22917]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415468.
Oct 15 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22944]: Invalid user pippo from 188.37.131.134
Oct 15 04:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22944]: input_userauth_request: invalid user pippo [preauth]
Oct 15 04:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22944]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22944]: Failed password for invalid user pippo from 188.37.131.134 port 42848 ssh2
Oct 15 04:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22944]: Received disconnect from 188.37.131.134 port 42848:11: Bye Bye [preauth]
Oct 15 04:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22944]: Disconnected from 188.37.131.134 port 42848 [preauth]
Oct 15 04:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19353]: pam_unix(cron:session): session closed for user root
Oct 15 04:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22654]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Invalid user igor from 116.193.191.90
Oct 15 04:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: input_userauth_request: invalid user igor [preauth]
Oct 15 04:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: User nobody from 185.156.73.233 not allowed because not listed in AllowUsers
Oct 15 04:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: input_userauth_request: invalid user nobody [preauth]
Oct 15 04:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: Failed none for invalid user nobody from 185.156.73.233 port 18322 ssh2
Oct 15 04:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23462]: Connection closed by 185.156.73.233 port 18322 [preauth]
Oct 15 04:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Failed password for invalid user igor from 116.193.191.90 port 38900 ssh2
Oct 15 04:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Received disconnect from 116.193.191.90 port 38900:11: Bye Bye [preauth]
Oct 15 04:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Disconnected from 116.193.191.90 port 38900 [preauth]
Oct 15 04:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21635]: pam_unix(cron:session): session closed for user root
Oct 15 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23832]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23835]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23829]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23898]: Successful su for rubyman by root
Oct 15 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23898]: + ??? root:rubyman
Oct 15 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415473 of user rubyman.
Oct 15 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23898]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415473.
Oct 15 04:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20148]: pam_unix(cron:session): session closed for user root
Oct 15 04:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23830]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22149]: pam_unix(cron:session): session closed for user root
Oct 15 04:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134  user=root
Oct 15 04:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24280]: Failed password for root from 188.37.131.134 port 58172 ssh2
Oct 15 04:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24280]: Received disconnect from 188.37.131.134 port 58172:11: Bye Bye [preauth]
Oct 15 04:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24280]: Disconnected from 188.37.131.134 port 58172 [preauth]
Oct 15 04:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: Invalid user test from 116.193.191.90
Oct 15 04:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: input_userauth_request: invalid user test [preauth]
Oct 15 04:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: Invalid user user from 62.60.131.157
Oct 15 04:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: input_userauth_request: invalid user user [preauth]
Oct 15 04:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 04:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: Failed password for invalid user test from 116.193.191.90 port 36514 ssh2
Oct 15 04:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: Received disconnect from 116.193.191.90 port 36514:11: Bye Bye [preauth]
Oct 15 04:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: Disconnected from 116.193.191.90 port 36514 [preauth]
Oct 15 04:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: Failed password for invalid user user from 62.60.131.157 port 40486 ssh2
Oct 15 04:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: Failed password for invalid user user from 62.60.131.157 port 40486 ssh2
Oct 15 04:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24351]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24350]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24358]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24344]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24348]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: Failed password for invalid user user from 62.60.131.157 port 40486 ssh2
Oct 15 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24558]: Successful su for rubyman by root
Oct 15 04:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24558]: + ??? root:rubyman
Oct 15 04:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415479 of user rubyman.
Oct 15 04:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24558]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415479.
Oct 15 04:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: Failed password for invalid user user from 62.60.131.157 port 40486 ssh2
Oct 15 04:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24344]: pam_unix(cron:session): session closed for user root
Oct 15 04:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: Failed password for invalid user user from 62.60.131.157 port 40486 ssh2
Oct 15 04:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: Received disconnect from 62.60.131.157 port 40486:11: Bye [preauth]
Oct 15 04:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: Disconnected from 62.60.131.157 port 40486 [preauth]
Oct 15 04:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 04:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24322]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 04:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20649]: pam_unix(cron:session): session closed for user root
Oct 15 04:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24350]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22659]: pam_unix(cron:session): session closed for user root
Oct 15 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24951]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24952]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24946]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24947]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24952]: pam_unix(cron:session): session closed for user root
Oct 15 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24944]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25043]: Successful su for rubyman by root
Oct 15 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25043]: + ??? root:rubyman
Oct 15 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415481 of user rubyman.
Oct 15 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25043]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415481.
Oct 15 04:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24946]: pam_unix(cron:session): session closed for user root
Oct 15 04:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21109]: pam_unix(cron:session): session closed for user root
Oct 15 04:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25550]: Invalid user dan from 188.37.131.134
Oct 15 04:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25550]: input_userauth_request: invalid user dan [preauth]
Oct 15 04:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25550]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24945]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25550]: Failed password for invalid user dan from 188.37.131.134 port 59128 ssh2
Oct 15 04:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25550]: Received disconnect from 188.37.131.134 port 59128:11: Bye Bye [preauth]
Oct 15 04:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25550]: Disconnected from 188.37.131.134 port 59128 [preauth]
Oct 15 04:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25598]: Invalid user pixel from 116.193.191.90
Oct 15 04:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25598]: input_userauth_request: invalid user pixel [preauth]
Oct 15 04:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25598]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25598]: Failed password for invalid user pixel from 116.193.191.90 port 41530 ssh2
Oct 15 04:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25598]: Received disconnect from 116.193.191.90 port 41530:11: Bye Bye [preauth]
Oct 15 04:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25598]: Disconnected from 116.193.191.90 port 41530 [preauth]
Oct 15 04:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: Invalid user admin from 2.57.121.112
Oct 15 04:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: input_userauth_request: invalid user admin [preauth]
Oct 15 04:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 04:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23835]: pam_unix(cron:session): session closed for user root
Oct 15 04:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: Failed password for invalid user admin from 2.57.121.112 port 18593 ssh2
Oct 15 04:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: Failed password for invalid user admin from 2.57.121.112 port 18593 ssh2
Oct 15 04:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: Failed password for invalid user admin from 2.57.121.112 port 18593 ssh2
Oct 15 04:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: Failed password for invalid user admin from 2.57.121.112 port 18593 ssh2
Oct 15 04:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: Failed password for invalid user admin from 2.57.121.112 port 18593 ssh2
Oct 15 04:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: Received disconnect from 2.57.121.112 port 18593:11: Bye [preauth]
Oct 15 04:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: Disconnected from 2.57.121.112 port 18593 [preauth]
Oct 15 04:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 04:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25716]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25717]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25713]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25892]: Successful su for rubyman by root
Oct 15 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25892]: + ??? root:rubyman
Oct 15 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415488 of user rubyman.
Oct 15 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25892]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415488.
Oct 15 04:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21634]: pam_unix(cron:session): session closed for user root
Oct 15 04:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25714]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24358]: pam_unix(cron:session): session closed for user root
Oct 15 04:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26272]: Invalid user pixel from 188.37.131.134
Oct 15 04:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26272]: input_userauth_request: invalid user pixel [preauth]
Oct 15 04:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26272]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26272]: Failed password for invalid user pixel from 188.37.131.134 port 37906 ssh2
Oct 15 04:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26272]: Received disconnect from 188.37.131.134 port 37906:11: Bye Bye [preauth]
Oct 15 04:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26272]: Disconnected from 188.37.131.134 port 37906 [preauth]
Oct 15 04:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: Invalid user jordi from 116.193.191.90
Oct 15 04:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: input_userauth_request: invalid user jordi [preauth]
Oct 15 04:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: Failed password for invalid user jordi from 116.193.191.90 port 57936 ssh2
Oct 15 04:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: Received disconnect from 116.193.191.90 port 57936:11: Bye Bye [preauth]
Oct 15 04:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: Disconnected from 116.193.191.90 port 57936 [preauth]
Oct 15 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26290]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26292]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26291]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26289]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26289]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26376]: Successful su for rubyman by root
Oct 15 04:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26376]: + ??? root:rubyman
Oct 15 04:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415491 of user rubyman.
Oct 15 04:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26376]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415491.
Oct 15 04:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22148]: pam_unix(cron:session): session closed for user root
Oct 15 04:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26290]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24951]: pam_unix(cron:session): session closed for user root
Oct 15 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26944]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26928]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26924]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27149]: Successful su for rubyman by root
Oct 15 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27149]: + ??? root:rubyman
Oct 15 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415495 of user rubyman.
Oct 15 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27149]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415495.
Oct 15 04:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22655]: pam_unix(cron:session): session closed for user root
Oct 15 04:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: Invalid user victor from 116.193.191.90
Oct 15 04:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: input_userauth_request: invalid user victor [preauth]
Oct 15 04:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: Failed password for invalid user victor from 116.193.191.90 port 44516 ssh2
Oct 15 04:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: Received disconnect from 116.193.191.90 port 44516:11: Bye Bye [preauth]
Oct 15 04:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: Disconnected from 116.193.191.90 port 44516 [preauth]
Oct 15 04:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27466]: Invalid user m1 from 188.37.131.134
Oct 15 04:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27466]: input_userauth_request: invalid user m1 [preauth]
Oct 15 04:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27466]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27466]: Failed password for invalid user m1 from 188.37.131.134 port 48828 ssh2
Oct 15 04:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27466]: Received disconnect from 188.37.131.134 port 48828:11: Bye Bye [preauth]
Oct 15 04:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27466]: Disconnected from 188.37.131.134 port 48828 [preauth]
Oct 15 04:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25717]: pam_unix(cron:session): session closed for user root
Oct 15 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27738]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27732]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27925]: Successful su for rubyman by root
Oct 15 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27925]: + ??? root:rubyman
Oct 15 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27925]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415499 of user rubyman.
Oct 15 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27925]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415499.
Oct 15 04:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23832]: pam_unix(cron:session): session closed for user root
Oct 15 04:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27733]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26292]: pam_unix(cron:session): session closed for user root
Oct 15 04:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: User mysql from 80.94.95.116 not allowed because not listed in AllowUsers
Oct 15 04:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: input_userauth_request: invalid user mysql [preauth]
Oct 15 04:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: Failed none for invalid user mysql from 80.94.95.116 port 30702 ssh2
Oct 15 04:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: Connection closed by 80.94.95.116 port 30702 [preauth]
Oct 15 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28323]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28324]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28333]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28329]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28333]: pam_unix(cron:session): session closed for user root
Oct 15 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28321]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28418]: Successful su for rubyman by root
Oct 15 04:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28418]: + ??? root:rubyman
Oct 15 04:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415507 of user rubyman.
Oct 15 04:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28418]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415507.
Oct 15 04:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28323]: pam_unix(cron:session): session closed for user root
Oct 15 04:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24351]: pam_unix(cron:session): session closed for user root
Oct 15 04:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: Invalid user igor from 188.37.131.134
Oct 15 04:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: input_userauth_request: invalid user igor [preauth]
Oct 15 04:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90  user=root
Oct 15 04:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: Failed password for invalid user igor from 188.37.131.134 port 34584 ssh2
Oct 15 04:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: Received disconnect from 188.37.131.134 port 34584:11: Bye Bye [preauth]
Oct 15 04:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28920]: Disconnected from 188.37.131.134 port 34584 [preauth]
Oct 15 04:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28322]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: Failed password for root from 116.193.191.90 port 57956 ssh2
Oct 15 04:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: Received disconnect from 116.193.191.90 port 57956:11: Bye Bye [preauth]
Oct 15 04:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: Disconnected from 116.193.191.90 port 57956 [preauth]
Oct 15 04:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26944]: pam_unix(cron:session): session closed for user root
Oct 15 04:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: Invalid user selenium from 223.136.112.238
Oct 15 04:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: input_userauth_request: invalid user selenium [preauth]
Oct 15 04:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.136.112.238
Oct 15 04:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: Failed password for invalid user selenium from 223.136.112.238 port 35780 ssh2
Oct 15 04:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: Received disconnect from 223.136.112.238 port 35780:11: Bye Bye [preauth]
Oct 15 04:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29107]: Disconnected from 223.136.112.238 port 35780 [preauth]
Oct 15 04:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 15 04:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: Failed password for root from 190.103.202.7 port 55394 ssh2
Oct 15 04:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: Connection closed by 190.103.202.7 port 55394 [preauth]
Oct 15 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29209]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29208]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29206]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29308]: Successful su for rubyman by root
Oct 15 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29308]: + ??? root:rubyman
Oct 15 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29308]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415509 of user rubyman.
Oct 15 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29308]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415509.
Oct 15 04:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24947]: pam_unix(cron:session): session closed for user root
Oct 15 04:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29207]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27738]: pam_unix(cron:session): session closed for user root
Oct 15 04:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: Invalid user test from 116.193.191.90
Oct 15 04:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: input_userauth_request: invalid user test [preauth]
Oct 15 04:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: Failed password for invalid user test from 116.193.191.90 port 58124 ssh2
Oct 15 04:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: Received disconnect from 116.193.191.90 port 58124:11: Bye Bye [preauth]
Oct 15 04:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: Disconnected from 116.193.191.90 port 58124 [preauth]
Oct 15 04:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: Invalid user gts from 188.37.131.134
Oct 15 04:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: input_userauth_request: invalid user gts [preauth]
Oct 15 04:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: Failed password for invalid user gts from 188.37.131.134 port 33264 ssh2
Oct 15 04:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: Received disconnect from 188.37.131.134 port 33264:11: Bye Bye [preauth]
Oct 15 04:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: Disconnected from 188.37.131.134 port 33264 [preauth]
Oct 15 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29718]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29719]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29713]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29713]: pam_unix(cron:session): session closed for user root
Oct 15 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29716]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29797]: Successful su for rubyman by root
Oct 15 04:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29797]: + ??? root:rubyman
Oct 15 04:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415514 of user rubyman.
Oct 15 04:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29797]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415514.
Oct 15 04:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25716]: pam_unix(cron:session): session closed for user root
Oct 15 04:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29717]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28329]: pam_unix(cron:session): session closed for user root
Oct 15 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30240]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30238]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30236]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30335]: Successful su for rubyman by root
Oct 15 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30335]: + ??? root:rubyman
Oct 15 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30335]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415519 of user rubyman.
Oct 15 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30335]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415519.
Oct 15 04:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26291]: pam_unix(cron:session): session closed for user root
Oct 15 04:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30237]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Invalid user gts from 116.193.191.90
Oct 15 04:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: input_userauth_request: invalid user gts [preauth]
Oct 15 04:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Failed password for invalid user gts from 116.193.191.90 port 44646 ssh2
Oct 15 04:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Received disconnect from 116.193.191.90 port 44646:11: Bye Bye [preauth]
Oct 15 04:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Disconnected from 116.193.191.90 port 44646 [preauth]
Oct 15 04:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: Invalid user pzuser from 188.37.131.134
Oct 15 04:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: input_userauth_request: invalid user pzuser [preauth]
Oct 15 04:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29209]: pam_unix(cron:session): session closed for user root
Oct 15 04:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: Failed password for invalid user pzuser from 188.37.131.134 port 50136 ssh2
Oct 15 04:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: Received disconnect from 188.37.131.134 port 50136:11: Bye Bye [preauth]
Oct 15 04:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30738]: Disconnected from 188.37.131.134 port 50136 [preauth]
Oct 15 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30816]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30815]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30813]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30899]: Successful su for rubyman by root
Oct 15 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30899]: + ??? root:rubyman
Oct 15 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415523 of user rubyman.
Oct 15 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30899]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415523.
Oct 15 04:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30895]: Failed password for root from 20.163.71.109 port 53366 ssh2
Oct 15 04:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30895]: Connection closed by 20.163.71.109 port 53366 [preauth]
Oct 15 04:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26928]: pam_unix(cron:session): session closed for user root
Oct 15 04:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30814]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29719]: pam_unix(cron:session): session closed for user root
Oct 15 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31302]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31301]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31304]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31306]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31306]: pam_unix(cron:session): session closed for user root
Oct 15 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31299]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31296]: Invalid user stack from 116.193.191.90
Oct 15 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31296]: input_userauth_request: invalid user stack [preauth]
Oct 15 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31296]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31381]: Successful su for rubyman by root
Oct 15 04:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31381]: + ??? root:rubyman
Oct 15 04:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415528 of user rubyman.
Oct 15 04:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31381]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415528.
Oct 15 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31296]: Failed password for invalid user stack from 116.193.191.90 port 39356 ssh2
Oct 15 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31296]: Received disconnect from 116.193.191.90 port 39356:11: Bye Bye [preauth]
Oct 15 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31296]: Disconnected from 116.193.191.90 port 39356 [preauth]
Oct 15 04:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31301]: pam_unix(cron:session): session closed for user root
Oct 15 04:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session closed for user root
Oct 15 04:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: Invalid user thiru from 188.37.131.134
Oct 15 04:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: input_userauth_request: invalid user thiru [preauth]
Oct 15 04:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: Failed password for invalid user thiru from 188.37.131.134 port 34054 ssh2
Oct 15 04:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: Received disconnect from 188.37.131.134 port 34054:11: Bye Bye [preauth]
Oct 15 04:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: Disconnected from 188.37.131.134 port 34054 [preauth]
Oct 15 04:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31300]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30240]: pam_unix(cron:session): session closed for user root
Oct 15 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31965]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31964]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31962]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32045]: Successful su for rubyman by root
Oct 15 04:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32045]: + ??? root:rubyman
Oct 15 04:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32045]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415532 of user rubyman.
Oct 15 04:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32045]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415532.
Oct 15 04:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28324]: pam_unix(cron:session): session closed for user root
Oct 15 04:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31963]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: Invalid user dante from 116.193.191.90
Oct 15 04:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: input_userauth_request: invalid user dante [preauth]
Oct 15 04:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: Failed password for invalid user dante from 116.193.191.90 port 57668 ssh2
Oct 15 04:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: Received disconnect from 116.193.191.90 port 57668:11: Bye Bye [preauth]
Oct 15 04:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32407]: Disconnected from 116.193.191.90 port 57668 [preauth]
Oct 15 04:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
Oct 15 04:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30816]: pam_unix(cron:session): session closed for user root
Oct 15 04:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: Failed password for root from 80.94.95.115 port 62582 ssh2
Oct 15 04:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: Connection closed by 80.94.95.115 port 62582 [preauth]
Oct 15 04:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134  user=root
Oct 15 04:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32481]: Failed password for root from 188.37.131.134 port 58344 ssh2
Oct 15 04:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32481]: Received disconnect from 188.37.131.134 port 58344:11: Bye Bye [preauth]
Oct 15 04:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32481]: Disconnected from 188.37.131.134 port 58344 [preauth]
Oct 15 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32514]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32515]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32512]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32579]: Successful su for rubyman by root
Oct 15 04:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32579]: + ??? root:rubyman
Oct 15 04:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32579]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415539 of user rubyman.
Oct 15 04:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32579]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415539.
Oct 15 04:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29208]: pam_unix(cron:session): session closed for user root
Oct 15 04:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32513]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31304]: pam_unix(cron:session): session closed for user root
Oct 15 04:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Invalid user ts3user from 116.193.191.90
Oct 15 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: input_userauth_request: invalid user ts3user [preauth]
Oct 15 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[523]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[522]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[520]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Failed password for invalid user ts3user from 116.193.191.90 port 47786 ssh2
Oct 15 04:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Received disconnect from 116.193.191.90 port 47786:11: Bye Bye [preauth]
Oct 15 04:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Disconnected from 116.193.191.90 port 47786 [preauth]
Oct 15 04:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[590]: Successful su for rubyman by root
Oct 15 04:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[590]: + ??? root:rubyman
Oct 15 04:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415540 of user rubyman.
Oct 15 04:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[590]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415540.
Oct 15 04:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29718]: pam_unix(cron:session): session closed for user root
Oct 15 04:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[521]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: User mysql from 188.37.131.134 not allowed because not listed in AllowUsers
Oct 15 04:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: input_userauth_request: invalid user mysql [preauth]
Oct 15 04:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134  user=mysql
Oct 15 04:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: Failed password for invalid user mysql from 188.37.131.134 port 51770 ssh2
Oct 15 04:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: Received disconnect from 188.37.131.134 port 51770:11: Bye Bye [preauth]
Oct 15 04:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[905]: Disconnected from 188.37.131.134 port 51770 [preauth]
Oct 15 04:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31965]: pam_unix(cron:session): session closed for user root
Oct 15 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1081]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1079]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1082]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1078]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1161]: Successful su for rubyman by root
Oct 15 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1161]: + ??? root:rubyman
Oct 15 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415544 of user rubyman.
Oct 15 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1161]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415544.
Oct 15 04:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30238]: pam_unix(cron:session): session closed for user root
Oct 15 04:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1079]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: Invalid user dan from 116.193.191.90
Oct 15 04:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: input_userauth_request: invalid user dan [preauth]
Oct 15 04:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: Failed password for invalid user dan from 116.193.191.90 port 34840 ssh2
Oct 15 04:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: Received disconnect from 116.193.191.90 port 34840:11: Bye Bye [preauth]
Oct 15 04:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: Disconnected from 116.193.191.90 port 34840 [preauth]
Oct 15 04:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32515]: pam_unix(cron:session): session closed for user root
Oct 15 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1572]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1574]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1571]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1573]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1574]: pam_unix(cron:session): session closed for user root
Oct 15 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1569]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1656]: Successful su for rubyman by root
Oct 15 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1656]: + ??? root:rubyman
Oct 15 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415553 of user rubyman.
Oct 15 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1656]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415553.
Oct 15 04:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134  user=root
Oct 15 04:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1687]: Failed password for root from 188.37.131.134 port 56236 ssh2
Oct 15 04:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1687]: Received disconnect from 188.37.131.134 port 56236:11: Bye Bye [preauth]
Oct 15 04:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1687]: Disconnected from 188.37.131.134 port 56236 [preauth]
Oct 15 04:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1571]: pam_unix(cron:session): session closed for user root
Oct 15 04:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30815]: pam_unix(cron:session): session closed for user root
Oct 15 04:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1570]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[523]: pam_unix(cron:session): session closed for user root
Oct 15 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2186]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2189]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2183]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2263]: Successful su for rubyman by root
Oct 15 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2263]: + ??? root:rubyman
Oct 15 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415554 of user rubyman.
Oct 15 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2263]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415554.
Oct 15 04:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: Invalid user thiru from 116.193.191.90
Oct 15 04:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: input_userauth_request: invalid user thiru [preauth]
Oct 15 04:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: Failed password for invalid user thiru from 116.193.191.90 port 38904 ssh2
Oct 15 04:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: Received disconnect from 116.193.191.90 port 38904:11: Bye Bye [preauth]
Oct 15 04:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2336]: Disconnected from 116.193.191.90 port 38904 [preauth]
Oct 15 04:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31302]: pam_unix(cron:session): session closed for user root
Oct 15 04:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2184]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1082]: pam_unix(cron:session): session closed for user root
Oct 15 04:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134  user=root
Oct 15 04:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Failed password for root from 188.37.131.134 port 59576 ssh2
Oct 15 04:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Received disconnect from 188.37.131.134 port 59576:11: Bye Bye [preauth]
Oct 15 04:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Disconnected from 188.37.131.134 port 59576 [preauth]
Oct 15 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2648]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2649]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2646]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2714]: Successful su for rubyman by root
Oct 15 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2714]: + ??? root:rubyman
Oct 15 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415559 of user rubyman.
Oct 15 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2714]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415559.
Oct 15 04:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31964]: pam_unix(cron:session): session closed for user root
Oct 15 04:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2647]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: Invalid user edith from 116.193.191.90
Oct 15 04:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: input_userauth_request: invalid user edith [preauth]
Oct 15 04:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: Failed password for invalid user edith from 116.193.191.90 port 41304 ssh2
Oct 15 04:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: Received disconnect from 116.193.191.90 port 41304:11: Bye Bye [preauth]
Oct 15 04:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: Disconnected from 116.193.191.90 port 41304 [preauth]
Oct 15 04:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1573]: pam_unix(cron:session): session closed for user root
Oct 15 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3094]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3093]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3091]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3159]: Successful su for rubyman by root
Oct 15 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3159]: + ??? root:rubyman
Oct 15 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415562 of user rubyman.
Oct 15 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3159]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415562.
Oct 15 04:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32514]: pam_unix(cron:session): session closed for user root
Oct 15 04:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3092]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: Invalid user vpnuser1 from 188.37.131.134
Oct 15 04:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: input_userauth_request: invalid user vpnuser1 [preauth]
Oct 15 04:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: Failed password for invalid user vpnuser1 from 188.37.131.134 port 38274 ssh2
Oct 15 04:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: Received disconnect from 188.37.131.134 port 38274:11: Bye Bye [preauth]
Oct 15 04:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3458]: Disconnected from 188.37.131.134 port 38274 [preauth]
Oct 15 04:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2189]: pam_unix(cron:session): session closed for user root
Oct 15 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3560]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3558]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3555]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3623]: Successful su for rubyman by root
Oct 15 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3623]: + ??? root:rubyman
Oct 15 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415567 of user rubyman.
Oct 15 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3623]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415567.
Oct 15 04:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: Invalid user xiaobai from 190.103.202.7
Oct 15 04:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: input_userauth_request: invalid user xiaobai [preauth]
Oct 15 04:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 15 04:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: Failed password for invalid user xiaobai from 190.103.202.7 port 54752 ssh2
Oct 15 04:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3732]: Connection closed by 190.103.202.7 port 54752 [preauth]
Oct 15 04:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[522]: pam_unix(cron:session): session closed for user root
Oct 15 04:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Invalid user julie from 116.193.191.90
Oct 15 04:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: input_userauth_request: invalid user julie [preauth]
Oct 15 04:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Failed password for invalid user julie from 116.193.191.90 port 50168 ssh2
Oct 15 04:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Received disconnect from 116.193.191.90 port 50168:11: Bye Bye [preauth]
Oct 15 04:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Disconnected from 116.193.191.90 port 50168 [preauth]
Oct 15 04:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3556]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3890]: Invalid user squid from 80.94.95.116
Oct 15 04:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3890]: input_userauth_request: invalid user squid [preauth]
Oct 15 04:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3890]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 04:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 15 04:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:45.79.150.184
Oct 15 04:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3890]: Failed password for invalid user squid from 80.94.95.116 port 34700 ssh2
Oct 15 04:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3890]: Connection closed by 80.94.95.116 port 34700 [preauth]
Oct 15 04:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2649]: pam_unix(cron:session): session closed for user root
Oct 15 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4026]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4030]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4027]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4025]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4030]: pam_unix(cron:session): session closed for user root
Oct 15 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4023]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4104]: Successful su for rubyman by root
Oct 15 04:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4104]: + ??? root:rubyman
Oct 15 04:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415573 of user rubyman.
Oct 15 04:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4104]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415573.
Oct 15 04:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4025]: pam_unix(cron:session): session closed for user root
Oct 15 04:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1081]: pam_unix(cron:session): session closed for user root
Oct 15 04:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: Invalid user artin from 188.37.131.134
Oct 15 04:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: input_userauth_request: invalid user artin [preauth]
Oct 15 04:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: Failed password for invalid user artin from 188.37.131.134 port 38804 ssh2
Oct 15 04:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: Received disconnect from 188.37.131.134 port 38804:11: Bye Bye [preauth]
Oct 15 04:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4372]: Disconnected from 188.37.131.134 port 38804 [preauth]
Oct 15 04:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4024]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3094]: pam_unix(cron:session): session closed for user root
Oct 15 04:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90  user=root
Oct 15 04:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Failed password for root from 116.193.191.90 port 38470 ssh2
Oct 15 04:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Received disconnect from 116.193.191.90 port 38470:11: Bye Bye [preauth]
Oct 15 04:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4507]: Disconnected from 116.193.191.90 port 38470 [preauth]
Oct 15 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4572]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4566]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4564]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4688]: Successful su for rubyman by root
Oct 15 04:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4688]: + ??? root:rubyman
Oct 15 04:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415579 of user rubyman.
Oct 15 04:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4688]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415579.
Oct 15 04:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1572]: pam_unix(cron:session): session closed for user root
Oct 15 04:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4565]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3560]: pam_unix(cron:session): session closed for user root
Oct 15 04:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: Invalid user test from 188.37.131.134
Oct 15 04:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: input_userauth_request: invalid user test [preauth]
Oct 15 04:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: Failed password for invalid user test from 188.37.131.134 port 50382 ssh2
Oct 15 04:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: Received disconnect from 188.37.131.134 port 50382:11: Bye Bye [preauth]
Oct 15 04:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5551]: Disconnected from 188.37.131.134 port 50382 [preauth]
Oct 15 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5570]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5569]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5567]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5642]: Successful su for rubyman by root
Oct 15 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5642]: + ??? root:rubyman
Oct 15 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415581 of user rubyman.
Oct 15 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5642]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415581.
Oct 15 04:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2186]: pam_unix(cron:session): session closed for user root
Oct 15 04:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5568]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5984]: Invalid user wx from 116.193.191.90
Oct 15 04:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5984]: input_userauth_request: invalid user wx [preauth]
Oct 15 04:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5984]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4027]: pam_unix(cron:session): session closed for user root
Oct 15 04:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5984]: Failed password for invalid user wx from 116.193.191.90 port 48754 ssh2
Oct 15 04:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5984]: Received disconnect from 116.193.191.90 port 48754:11: Bye Bye [preauth]
Oct 15 04:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5984]: Disconnected from 116.193.191.90 port 48754 [preauth]
Oct 15 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6049]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6047]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6045]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6116]: Successful su for rubyman by root
Oct 15 04:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6116]: + ??? root:rubyman
Oct 15 04:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415585 of user rubyman.
Oct 15 04:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6116]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415585.
Oct 15 04:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2648]: pam_unix(cron:session): session closed for user root
Oct 15 04:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6046]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4572]: pam_unix(cron:session): session closed for user root
Oct 15 04:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Invalid user selenium from 188.37.131.134
Oct 15 04:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: input_userauth_request: invalid user selenium [preauth]
Oct 15 04:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Failed password for invalid user selenium from 188.37.131.134 port 48510 ssh2
Oct 15 04:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Received disconnect from 188.37.131.134 port 48510:11: Bye Bye [preauth]
Oct 15 04:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Disconnected from 188.37.131.134 port 48510 [preauth]
Oct 15 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6485]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6488]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6482]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6577]: Successful su for rubyman by root
Oct 15 04:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6577]: + ??? root:rubyman
Oct 15 04:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415589 of user rubyman.
Oct 15 04:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6577]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415589.
Oct 15 04:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: Invalid user joy from 2.57.122.26
Oct 15 04:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: input_userauth_request: invalid user joy [preauth]
Oct 15 04:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26
Oct 15 04:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: Failed password for invalid user joy from 2.57.122.26 port 50068 ssh2
Oct 15 04:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: Connection closed by 2.57.122.26 port 50068 [preauth]
Oct 15 04:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3093]: pam_unix(cron:session): session closed for user root
Oct 15 04:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90  user=root
Oct 15 04:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: Failed password for root from 116.193.191.90 port 34822 ssh2
Oct 15 04:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: Received disconnect from 116.193.191.90 port 34822:11: Bye Bye [preauth]
Oct 15 04:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: Disconnected from 116.193.191.90 port 34822 [preauth]
Oct 15 04:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6484]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5570]: pam_unix(cron:session): session closed for user root
Oct 15 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7061]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7060]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7062]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7056]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7055]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7054]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7062]: pam_unix(cron:session): session closed for user root
Oct 15 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7054]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7226]: Successful su for rubyman by root
Oct 15 04:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7226]: + ??? root:rubyman
Oct 15 04:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415592 of user rubyman.
Oct 15 04:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7226]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415592.
Oct 15 04:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7056]: pam_unix(cron:session): session closed for user root
Oct 15 04:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3558]: pam_unix(cron:session): session closed for user root
Oct 15 04:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: Invalid user reda from 188.37.131.134
Oct 15 04:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: input_userauth_request: invalid user reda [preauth]
Oct 15 04:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: Failed password for invalid user reda from 188.37.131.134 port 53836 ssh2
Oct 15 04:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: Received disconnect from 188.37.131.134 port 53836:11: Bye Bye [preauth]
Oct 15 04:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7465]: Disconnected from 188.37.131.134 port 53836 [preauth]
Oct 15 04:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7055]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6049]: pam_unix(cron:session): session closed for user root
Oct 15 04:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7585]: Invalid user pippo from 116.193.191.90
Oct 15 04:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7585]: input_userauth_request: invalid user pippo [preauth]
Oct 15 04:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7585]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7585]: Failed password for invalid user pippo from 116.193.191.90 port 57914 ssh2
Oct 15 04:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7585]: Received disconnect from 116.193.191.90 port 57914:11: Bye Bye [preauth]
Oct 15 04:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7585]: Disconnected from 116.193.191.90 port 57914 [preauth]
Oct 15 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7648]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7649]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7646]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7737]: Successful su for rubyman by root
Oct 15 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7737]: + ??? root:rubyman
Oct 15 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415601 of user rubyman.
Oct 15 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7737]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415601.
Oct 15 04:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4026]: pam_unix(cron:session): session closed for user root
Oct 15 04:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7647]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8448]: Invalid user pixel from 223.136.112.238
Oct 15 04:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8448]: input_userauth_request: invalid user pixel [preauth]
Oct 15 04:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8448]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.136.112.238
Oct 15 04:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 15 04:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=abaramo@omarabas.com@198.199.94.12 rhost=::ffff:79.124.49.146
Oct 15 04:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8448]: Failed password for invalid user pixel from 223.136.112.238 port 36928 ssh2
Oct 15 04:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8448]: Received disconnect from 223.136.112.238 port 36928:11: Bye Bye [preauth]
Oct 15 04:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8448]: Disconnected from 223.136.112.238 port 36928 [preauth]
Oct 15 04:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 15 04:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=abaramo@omarabas.com rhost=::ffff:79.124.49.146
Oct 15 04:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8487]: Invalid user arkserver from 164.68.105.9
Oct 15 04:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8487]: input_userauth_request: invalid user arkserver [preauth]
Oct 15 04:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8487]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 04:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8487]: Failed password for invalid user arkserver from 164.68.105.9 port 44054 ssh2
Oct 15 04:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8487]: Connection closed by 164.68.105.9 port 44054 [preauth]
Oct 15 04:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6488]: pam_unix(cron:session): session closed for user root
Oct 15 04:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: Invalid user test from 188.37.131.134
Oct 15 04:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: input_userauth_request: invalid user test [preauth]
Oct 15 04:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: Failed password for invalid user test from 188.37.131.134 port 53536 ssh2
Oct 15 04:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: Received disconnect from 188.37.131.134 port 53536:11: Bye Bye [preauth]
Oct 15 04:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8556]: Disconnected from 188.37.131.134 port 53536 [preauth]
Oct 15 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8598]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8599]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8592]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8670]: Successful su for rubyman by root
Oct 15 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8670]: + ??? root:rubyman
Oct 15 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415604 of user rubyman.
Oct 15 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8670]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415604.
Oct 15 04:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4566]: pam_unix(cron:session): session closed for user root
Oct 15 04:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: Invalid user m1 from 116.193.191.90
Oct 15 04:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: input_userauth_request: invalid user m1 [preauth]
Oct 15 04:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: Failed password for invalid user m1 from 116.193.191.90 port 51762 ssh2
Oct 15 04:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: Received disconnect from 116.193.191.90 port 51762:11: Bye Bye [preauth]
Oct 15 04:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: Disconnected from 116.193.191.90 port 51762 [preauth]
Oct 15 04:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8593]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7061]: pam_unix(cron:session): session closed for user root
Oct 15 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9284]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9285]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9279]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9364]: Successful su for rubyman by root
Oct 15 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9364]: + ??? root:rubyman
Oct 15 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9364]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415607 of user rubyman.
Oct 15 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9364]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415607.
Oct 15 04:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5569]: pam_unix(cron:session): session closed for user root
Oct 15 04:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9282]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Invalid user ts3user from 188.37.131.134
Oct 15 04:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: input_userauth_request: invalid user ts3user [preauth]
Oct 15 04:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Failed password for invalid user ts3user from 188.37.131.134 port 44826 ssh2
Oct 15 04:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Received disconnect from 188.37.131.134 port 44826:11: Bye Bye [preauth]
Oct 15 04:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9719]: Disconnected from 188.37.131.134 port 44826 [preauth]
Oct 15 04:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7649]: pam_unix(cron:session): session closed for user root
Oct 15 04:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9899]: Invalid user selenium from 116.193.191.90
Oct 15 04:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9899]: input_userauth_request: invalid user selenium [preauth]
Oct 15 04:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9899]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9899]: Failed password for invalid user selenium from 116.193.191.90 port 37734 ssh2
Oct 15 04:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9899]: Received disconnect from 116.193.191.90 port 37734:11: Bye Bye [preauth]
Oct 15 04:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9899]: Disconnected from 116.193.191.90 port 37734 [preauth]
Oct 15 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9919]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9918]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9914]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9916]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10100]: Successful su for rubyman by root
Oct 15 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10100]: + ??? root:rubyman
Oct 15 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10100]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415613 of user rubyman.
Oct 15 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10100]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415613.
Oct 15 04:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9914]: pam_unix(cron:session): session closed for user root
Oct 15 04:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6047]: pam_unix(cron:session): session closed for user root
Oct 15 04:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9917]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8599]: pam_unix(cron:session): session closed for user root
Oct 15 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10524]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10521]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10522]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10520]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10524]: pam_unix(cron:session): session closed for user root
Oct 15 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10518]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10606]: Successful su for rubyman by root
Oct 15 04:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10606]: + ??? root:rubyman
Oct 15 04:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415618 of user rubyman.
Oct 15 04:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10606]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415618.
Oct 15 04:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: Invalid user admin from 194.0.234.19
Oct 15 04:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: input_userauth_request: invalid user admin [preauth]
Oct 15 04:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Oct 15 04:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134  user=root
Oct 15 04:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: Failed password for invalid user admin from 194.0.234.19 port 55488 ssh2
Oct 15 04:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10605]: Connection closed by 194.0.234.19 port 55488 [preauth]
Oct 15 04:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: Failed password for root from 188.37.131.134 port 49804 ssh2
Oct 15 04:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: Received disconnect from 188.37.131.134 port 49804:11: Bye Bye [preauth]
Oct 15 04:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: Disconnected from 188.37.131.134 port 49804 [preauth]
Oct 15 04:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10520]: pam_unix(cron:session): session closed for user root
Oct 15 04:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6485]: pam_unix(cron:session): session closed for user root
Oct 15 04:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10519]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90  user=root
Oct 15 04:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: Failed password for root from 116.193.191.90 port 51086 ssh2
Oct 15 04:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: Received disconnect from 116.193.191.90 port 51086:11: Bye Bye [preauth]
Oct 15 04:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10907]: Disconnected from 116.193.191.90 port 51086 [preauth]
Oct 15 04:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9285]: pam_unix(cron:session): session closed for user root
Oct 15 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11025]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11026]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11023]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11103]: Successful su for rubyman by root
Oct 15 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11103]: + ??? root:rubyman
Oct 15 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415623 of user rubyman.
Oct 15 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11103]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415623.
Oct 15 04:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7060]: pam_unix(cron:session): session closed for user root
Oct 15 04:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11024]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9919]: pam_unix(cron:session): session closed for user root
Oct 15 04:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11442]: Invalid user wx from 188.37.131.134
Oct 15 04:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11442]: input_userauth_request: invalid user wx [preauth]
Oct 15 04:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11442]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11442]: Failed password for invalid user wx from 188.37.131.134 port 54594 ssh2
Oct 15 04:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11442]: Received disconnect from 188.37.131.134 port 54594:11: Bye Bye [preauth]
Oct 15 04:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11442]: Disconnected from 188.37.131.134 port 54594 [preauth]
Oct 15 04:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11483]: Invalid user pzuser from 116.193.191.90
Oct 15 04:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11483]: input_userauth_request: invalid user pzuser [preauth]
Oct 15 04:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11483]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11483]: Failed password for invalid user pzuser from 116.193.191.90 port 59838 ssh2
Oct 15 04:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11483]: Received disconnect from 116.193.191.90 port 59838:11: Bye Bye [preauth]
Oct 15 04:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11483]: Disconnected from 116.193.191.90 port 59838 [preauth]
Oct 15 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11498]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11499]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11496]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11572]: Successful su for rubyman by root
Oct 15 04:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11572]: + ??? root:rubyman
Oct 15 04:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415627 of user rubyman.
Oct 15 04:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11572]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415627.
Oct 15 04:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7648]: pam_unix(cron:session): session closed for user root
Oct 15 04:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11497]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10522]: pam_unix(cron:session): session closed for user root
Oct 15 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12058]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12059]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12055]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12143]: Successful su for rubyman by root
Oct 15 04:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12143]: + ??? root:rubyman
Oct 15 04:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415630 of user rubyman.
Oct 15 04:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12143]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415630.
Oct 15 04:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8598]: pam_unix(cron:session): session closed for user root
Oct 15 04:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12056]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: Invalid user edith from 188.37.131.134
Oct 15 04:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: input_userauth_request: invalid user edith [preauth]
Oct 15 04:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: Failed password for invalid user edith from 188.37.131.134 port 37218 ssh2
Oct 15 04:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: Received disconnect from 188.37.131.134 port 37218:11: Bye Bye [preauth]
Oct 15 04:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: Disconnected from 188.37.131.134 port 37218 [preauth]
Oct 15 04:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90  user=root
Oct 15 04:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: Failed password for root from 116.193.191.90 port 46638 ssh2
Oct 15 04:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: Received disconnect from 116.193.191.90 port 46638:11: Bye Bye [preauth]
Oct 15 04:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: Disconnected from 116.193.191.90 port 46638 [preauth]
Oct 15 04:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11026]: pam_unix(cron:session): session closed for user root
Oct 15 04:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: Did not receive identification string from 202.184.120.116
Oct 15 04:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.184.120.116  user=root
Oct 15 04:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12527]: Failed password for root from 202.184.120.116 port 49283 ssh2
Oct 15 04:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12527]: Connection closed by 202.184.120.116 port 49283 [preauth]
Oct 15 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12559]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12558]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12556]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12645]: Successful su for rubyman by root
Oct 15 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12645]: + ??? root:rubyman
Oct 15 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415633 of user rubyman.
Oct 15 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12645]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415633.
Oct 15 04:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.184.120.116  user=root
Oct 15 04:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9284]: pam_unix(cron:session): session closed for user root
Oct 15 04:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Failed password for root from 202.184.120.116 port 58987 ssh2
Oct 15 04:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Connection closed by 202.184.120.116 port 58987 [preauth]
Oct 15 04:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12557]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.184.120.116  user=root
Oct 15 04:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12865]: Failed password for root from 202.184.120.116 port 14108 ssh2
Oct 15 04:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12865]: Connection closed by 202.184.120.116 port 14108 [preauth]
Oct 15 04:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.184.120.116  user=root
Oct 15 04:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: Failed password for root from 202.184.120.116 port 16134 ssh2
Oct 15 04:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: Connection closed by 202.184.120.116 port 16134 [preauth]
Oct 15 04:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11499]: pam_unix(cron:session): session closed for user root
Oct 15 04:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.184.120.116  user=root
Oct 15 04:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: Failed password for root from 202.184.120.116 port 4118 ssh2
Oct 15 04:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: Connection closed by 202.184.120.116 port 4118 [preauth]
Oct 15 04:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.184.120.116  user=root
Oct 15 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13081]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13083]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13082]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13080]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13079]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13083]: pam_unix(cron:session): session closed for user root
Oct 15 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13078]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13159]: Successful su for rubyman by root
Oct 15 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13159]: + ??? root:rubyman
Oct 15 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415639 of user rubyman.
Oct 15 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13159]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415639.
Oct 15 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: Failed password for root from 202.184.120.116 port 19974 ssh2
Oct 15 04:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: Connection closed by 202.184.120.116 port 19974 [preauth]
Oct 15 04:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Invalid user dante from 188.37.131.134
Oct 15 04:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: input_userauth_request: invalid user dante [preauth]
Oct 15 04:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13384]: Invalid user admin from 185.156.73.233
Oct 15 04:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13384]: input_userauth_request: invalid user admin [preauth]
Oct 15 04:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Failed password for invalid user dante from 188.37.131.134 port 50850 ssh2
Oct 15 04:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13080]: pam_unix(cron:session): session closed for user root
Oct 15 04:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13397]: User mysql from 116.193.191.90 not allowed because not listed in AllowUsers
Oct 15 04:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13397]: input_userauth_request: invalid user mysql [preauth]
Oct 15 04:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90  user=mysql
Oct 15 04:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Received disconnect from 188.37.131.134 port 50850:11: Bye Bye [preauth]
Oct 15 04:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Disconnected from 188.37.131.134 port 50850 [preauth]
Oct 15 04:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13384]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 04:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13397]: Failed password for invalid user mysql from 116.193.191.90 port 56468 ssh2
Oct 15 04:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13397]: Received disconnect from 116.193.191.90 port 56468:11: Bye Bye [preauth]
Oct 15 04:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13397]: Disconnected from 116.193.191.90 port 56468 [preauth]
Oct 15 04:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9918]: pam_unix(cron:session): session closed for user root
Oct 15 04:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13384]: Failed password for invalid user admin from 185.156.73.233 port 29322 ssh2
Oct 15 04:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13384]: Connection closed by 185.156.73.233 port 29322 [preauth]
Oct 15 04:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.184.120.116  user=root
Oct 15 04:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13420]: Failed password for root from 202.184.120.116 port 15459 ssh2
Oct 15 04:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13420]: Connection reset by 202.184.120.116 port 15459 [preauth]
Oct 15 04:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13079]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12059]: pam_unix(cron:session): session closed for user root
Oct 15 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13699]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13697]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13695]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13801]: Successful su for rubyman by root
Oct 15 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13801]: + ??? root:rubyman
Oct 15 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13801]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415644 of user rubyman.
Oct 15 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13801]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415644.
Oct 15 04:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10521]: pam_unix(cron:session): session closed for user root
Oct 15 04:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13696]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12559]: pam_unix(cron:session): session closed for user root
Oct 15 04:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90  user=root
Oct 15 04:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Invalid user abc1 from 188.37.131.134
Oct 15 04:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: input_userauth_request: invalid user abc1 [preauth]
Oct 15 04:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: Failed password for root from 116.193.191.90 port 56296 ssh2
Oct 15 04:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: Received disconnect from 116.193.191.90 port 56296:11: Bye Bye [preauth]
Oct 15 04:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: Disconnected from 116.193.191.90 port 56296 [preauth]
Oct 15 04:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Failed password for invalid user abc1 from 188.37.131.134 port 42258 ssh2
Oct 15 04:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Received disconnect from 188.37.131.134 port 42258:11: Bye Bye [preauth]
Oct 15 04:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Disconnected from 188.37.131.134 port 42258 [preauth]
Oct 15 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14283]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14285]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14281]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14348]: Successful su for rubyman by root
Oct 15 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14348]: + ??? root:rubyman
Oct 15 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415647 of user rubyman.
Oct 15 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14348]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415647.
Oct 15 04:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11025]: pam_unix(cron:session): session closed for user root
Oct 15 04:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14282]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13082]: pam_unix(cron:session): session closed for user root
Oct 15 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14722]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14723]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14719]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14719]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14806]: Successful su for rubyman by root
Oct 15 04:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14806]: + ??? root:rubyman
Oct 15 04:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415653 of user rubyman.
Oct 15 04:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14806]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415653.
Oct 15 04:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11498]: pam_unix(cron:session): session closed for user root
Oct 15 04:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14721]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: Invalid user reda from 116.193.191.90
Oct 15 04:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: input_userauth_request: invalid user reda [preauth]
Oct 15 04:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: Failed password for invalid user reda from 116.193.191.90 port 49624 ssh2
Oct 15 04:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: Received disconnect from 116.193.191.90 port 49624:11: Bye Bye [preauth]
Oct 15 04:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15155]: Disconnected from 116.193.191.90 port 49624 [preauth]
Oct 15 04:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134  user=root
Oct 15 04:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: Failed password for root from 188.37.131.134 port 46506 ssh2
Oct 15 04:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: Received disconnect from 188.37.131.134 port 46506:11: Bye Bye [preauth]
Oct 15 04:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15167]: Disconnected from 188.37.131.134 port 46506 [preauth]
Oct 15 04:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13699]: pam_unix(cron:session): session closed for user root
Oct 15 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15299]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15301]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15297]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15297]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15381]: Successful su for rubyman by root
Oct 15 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15381]: + ??? root:rubyman
Oct 15 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415657 of user rubyman.
Oct 15 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15381]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415657.
Oct 15 04:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12058]: pam_unix(cron:session): session closed for user root
Oct 15 04:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15298]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14285]: pam_unix(cron:session): session closed for user root
Oct 15 04:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: Invalid user user from 116.193.191.90
Oct 15 04:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: input_userauth_request: invalid user user [preauth]
Oct 15 04:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
Oct 15 04:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: Failed password for invalid user user from 116.193.191.90 port 45162 ssh2
Oct 15 04:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: Received disconnect from 116.193.191.90 port 45162:11: Bye Bye [preauth]
Oct 15 04:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: Disconnected from 116.193.191.90 port 45162 [preauth]
Oct 15 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15758]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15756]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15759]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15757]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15759]: pam_unix(cron:session): session closed for user root
Oct 15 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15752]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15835]: Successful su for rubyman by root
Oct 15 04:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15835]: + ??? root:rubyman
Oct 15 04:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15835]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415660 of user rubyman.
Oct 15 04:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15835]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415660.
Oct 15 04:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15756]: pam_unix(cron:session): session closed for user root
Oct 15 04:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12558]: pam_unix(cron:session): session closed for user root
Oct 15 04:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: Invalid user victor from 188.37.131.134
Oct 15 04:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: input_userauth_request: invalid user victor [preauth]
Oct 15 04:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: Failed password for invalid user victor from 188.37.131.134 port 42824 ssh2
Oct 15 04:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: Received disconnect from 188.37.131.134 port 42824:11: Bye Bye [preauth]
Oct 15 04:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: Disconnected from 188.37.131.134 port 42824 [preauth]
Oct 15 04:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15755]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14723]: pam_unix(cron:session): session closed for user root
Oct 15 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16245]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16246]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16243]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16340]: Successful su for rubyman by root
Oct 15 04:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16340]: + ??? root:rubyman
Oct 15 04:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415667 of user rubyman.
Oct 15 04:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16340]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415667.
Oct 15 04:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13081]: pam_unix(cron:session): session closed for user root
Oct 15 04:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16244]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90  user=root
Oct 15 04:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: Failed password for root from 116.193.191.90 port 43522 ssh2
Oct 15 04:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: Received disconnect from 116.193.191.90 port 43522:11: Bye Bye [preauth]
Oct 15 04:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16612]: Disconnected from 116.193.191.90 port 43522 [preauth]
Oct 15 04:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15301]: pam_unix(cron:session): session closed for user root
Oct 15 04:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Invalid user user from 188.37.131.134
Oct 15 04:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: input_userauth_request: invalid user user [preauth]
Oct 15 04:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.37.131.134
Oct 15 04:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Failed password for invalid user user from 188.37.131.134 port 38834 ssh2
Oct 15 04:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Received disconnect from 188.37.131.134 port 38834:11: Bye Bye [preauth]
Oct 15 04:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Disconnected from 188.37.131.134 port 38834 [preauth]
Oct 15 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16725]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16726]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16723]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16810]: Successful su for rubyman by root
Oct 15 04:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16810]: + ??? root:rubyman
Oct 15 04:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16810]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415670 of user rubyman.
Oct 15 04:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16810]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415670.
Oct 15 04:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13697]: pam_unix(cron:session): session closed for user root
Oct 15 04:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16724]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 15 04:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: Failed password for root from 185.156.73.233 port 45682 ssh2
Oct 15 04:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: Connection closed by 185.156.73.233 port 45682 [preauth]
Oct 15 04:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15758]: pam_unix(cron:session): session closed for user root
Oct 15 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17194]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17193]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17191]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17269]: Successful su for rubyman by root
Oct 15 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17269]: + ??? root:rubyman
Oct 15 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415673 of user rubyman.
Oct 15 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17269]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415673.
Oct 15 04:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14283]: pam_unix(cron:session): session closed for user root
Oct 15 04:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17192]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16246]: pam_unix(cron:session): session closed for user root
Oct 15 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17645]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17643]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17646]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17642]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17642]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: Successful su for rubyman by root
Oct 15 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: + ??? root:rubyman
Oct 15 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415678 of user rubyman.
Oct 15 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17748]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415678.
Oct 15 04:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14722]: pam_unix(cron:session): session closed for user root
Oct 15 04:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17643]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16726]: pam_unix(cron:session): session closed for user root
Oct 15 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18314]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18315]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18385]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18313]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18385]: pam_unix(cron:session): session closed for user root
Oct 15 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18310]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18507]: Successful su for rubyman by root
Oct 15 04:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18507]: + ??? root:rubyman
Oct 15 04:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415685 of user rubyman.
Oct 15 04:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18507]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415685.
Oct 15 04:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18313]: pam_unix(cron:session): session closed for user root
Oct 15 04:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15299]: pam_unix(cron:session): session closed for user root
Oct 15 04:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18311]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17194]: pam_unix(cron:session): session closed for user root
Oct 15 04:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18894]: Invalid user zhihong from 62.60.131.157
Oct 15 04:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18894]: input_userauth_request: invalid user zhihong [preauth]
Oct 15 04:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18894]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 04:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18894]: Failed password for invalid user zhihong from 62.60.131.157 port 61778 ssh2
Oct 15 04:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18894]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18894]: Failed password for invalid user zhihong from 62.60.131.157 port 61778 ssh2
Oct 15 04:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18894]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18894]: Failed password for invalid user zhihong from 62.60.131.157 port 61778 ssh2
Oct 15 04:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18894]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18894]: Failed password for invalid user zhihong from 62.60.131.157 port 61778 ssh2
Oct 15 04:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18894]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18894]: Failed password for invalid user zhihong from 62.60.131.157 port 61778 ssh2
Oct 15 04:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18894]: Received disconnect from 62.60.131.157 port 61778:11: Bye [preauth]
Oct 15 04:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18894]: Disconnected from 62.60.131.157 port 61778 [preauth]
Oct 15 04:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18894]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 04:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18894]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19019]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19020]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19015]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19141]: Successful su for rubyman by root
Oct 15 04:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19141]: + ??? root:rubyman
Oct 15 04:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415690 of user rubyman.
Oct 15 04:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19141]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415690.
Oct 15 04:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15757]: pam_unix(cron:session): session closed for user root
Oct 15 04:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19018]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17646]: pam_unix(cron:session): session closed for user root
Oct 15 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19891]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19884]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19890]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19884]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19970]: Successful su for rubyman by root
Oct 15 04:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19970]: + ??? root:rubyman
Oct 15 04:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415691 of user rubyman.
Oct 15 04:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19970]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415691.
Oct 15 04:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16245]: pam_unix(cron:session): session closed for user root
Oct 15 04:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19885]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18315]: pam_unix(cron:session): session closed for user root
Oct 15 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20412]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20413]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20409]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20483]: Successful su for rubyman by root
Oct 15 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20483]: + ??? root:rubyman
Oct 15 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20483]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415697 of user rubyman.
Oct 15 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20483]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415697.
Oct 15 04:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16725]: pam_unix(cron:session): session closed for user root
Oct 15 04:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20410]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: Invalid user ubuntu from 186.96.145.241
Oct 15 04:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 04:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 15 04:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: Failed password for invalid user ubuntu from 186.96.145.241 port 48648 ssh2
Oct 15 04:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20755]: Connection closed by 186.96.145.241 port 48648 [preauth]
Oct 15 04:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19020]: pam_unix(cron:session): session closed for user root
Oct 15 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20881]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20880]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20877]: pam_unix(cron:session): session closed for user p13x
Oct 15 04:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20948]: Successful su for rubyman by root
Oct 15 04:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20948]: + ??? root:rubyman
Oct 15 04:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 04:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415699 of user rubyman.
Oct 15 04:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20948]: pam_unix(su:session): session closed for user rubyman
Oct 15 04:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415699.
Oct 15 04:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17193]: pam_unix(cron:session): session closed for user root
Oct 15 04:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20879]: pam_unix(cron:session): session closed for user samftp
Oct 15 04:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19891]: pam_unix(cron:session): session closed for user root
Oct 15 04:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 04:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: Invalid user admin from 185.156.73.233
Oct 15 04:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: input_userauth_request: invalid user admin [preauth]
Oct 15 04:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 04:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 04:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: Failed password for invalid user admin from 185.156.73.233 port 18542 ssh2
Oct 15 04:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21288]: Connection closed by 185.156.73.233 port 18542 [preauth]
Oct 15 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21386]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21388]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21390]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21387]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21389]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21390]: pam_unix(cron:session): session closed for user root
Oct 15 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21386]: pam_unix(cron:session): session closed for user root
Oct 15 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21377]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21511]: Successful su for rubyman by root
Oct 15 05:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21511]: + ??? root:rubyman
Oct 15 05:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415706 of user rubyman.
Oct 15 05:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21511]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415706.
Oct 15 05:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17645]: pam_unix(cron:session): session closed for user root
Oct 15 05:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21387]: pam_unix(cron:session): session closed for user root
Oct 15 05:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21385]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20413]: pam_unix(cron:session): session closed for user root
Oct 15 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21966]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21967]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21963]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22055]: Successful su for rubyman by root
Oct 15 05:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22055]: + ??? root:rubyman
Oct 15 05:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415712 of user rubyman.
Oct 15 05:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22055]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415712.
Oct 15 05:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18314]: pam_unix(cron:session): session closed for user root
Oct 15 05:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21964]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20881]: pam_unix(cron:session): session closed for user root
Oct 15 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22466]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22465]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22462]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22462]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22527]: Successful su for rubyman by root
Oct 15 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22527]: + ??? root:rubyman
Oct 15 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415714 of user rubyman.
Oct 15 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22527]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415714.
Oct 15 05:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19019]: pam_unix(cron:session): session closed for user root
Oct 15 05:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22464]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21389]: pam_unix(cron:session): session closed for user root
Oct 15 05:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23274]: Invalid user admin from 185.156.73.233
Oct 15 05:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23274]: input_userauth_request: invalid user admin [preauth]
Oct 15 05:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23274]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 05:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23274]: Failed password for invalid user admin from 185.156.73.233 port 18606 ssh2
Oct 15 05:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23274]: Connection closed by 185.156.73.233 port 18606 [preauth]
Oct 15 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23306]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23305]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23302]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23508]: Successful su for rubyman by root
Oct 15 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23508]: + ??? root:rubyman
Oct 15 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415718 of user rubyman.
Oct 15 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23508]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415718.
Oct 15 05:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19890]: pam_unix(cron:session): session closed for user root
Oct 15 05:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23304]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21967]: pam_unix(cron:session): session closed for user root
Oct 15 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24137]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24135]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24218]: Successful su for rubyman by root
Oct 15 05:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24218]: + ??? root:rubyman
Oct 15 05:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415723 of user rubyman.
Oct 15 05:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24218]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415723.
Oct 15 05:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20412]: pam_unix(cron:session): session closed for user root
Oct 15 05:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24133]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22466]: pam_unix(cron:session): session closed for user root
Oct 15 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24645]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24644]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24642]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24643]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24645]: pam_unix(cron:session): session closed for user root
Oct 15 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24639]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24740]: Successful su for rubyman by root
Oct 15 05:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24740]: + ??? root:rubyman
Oct 15 05:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415728 of user rubyman.
Oct 15 05:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24740]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415728.
Oct 15 05:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24642]: pam_unix(cron:session): session closed for user root
Oct 15 05:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20880]: pam_unix(cron:session): session closed for user root
Oct 15 05:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24641]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23306]: pam_unix(cron:session): session closed for user root
Oct 15 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25183]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25181]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25179]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25298]: Successful su for rubyman by root
Oct 15 05:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25298]: + ??? root:rubyman
Oct 15 05:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415734 of user rubyman.
Oct 15 05:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25298]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415734.
Oct 15 05:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21388]: pam_unix(cron:session): session closed for user root
Oct 15 05:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25180]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24137]: pam_unix(cron:session): session closed for user root
Oct 15 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25971]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25969]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25966]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26047]: Successful su for rubyman by root
Oct 15 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26047]: + ??? root:rubyman
Oct 15 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26047]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415736 of user rubyman.
Oct 15 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26047]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415736.
Oct 15 05:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21966]: pam_unix(cron:session): session closed for user root
Oct 15 05:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25968]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24644]: pam_unix(cron:session): session closed for user root
Oct 15 05:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26519]: Connection closed by 172.236.228.222 port 49446 [preauth]
Oct 15 05:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26524]: Connection closed by 172.236.228.222 port 49454 [preauth]
Oct 15 05:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: fatal: Unable to negotiate with 172.236.228.222 port 49470: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
Oct 15 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26541]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26544]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26543]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26541]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26611]: Successful su for rubyman by root
Oct 15 05:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26611]: + ??? root:rubyman
Oct 15 05:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26611]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415740 of user rubyman.
Oct 15 05:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26611]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415740.
Oct 15 05:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22465]: pam_unix(cron:session): session closed for user root
Oct 15 05:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26542]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25183]: pam_unix(cron:session): session closed for user root
Oct 15 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27239]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27240]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27235]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27237]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27420]: Successful su for rubyman by root
Oct 15 05:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27420]: + ??? root:rubyman
Oct 15 05:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415746 of user rubyman.
Oct 15 05:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27420]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415746.
Oct 15 05:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27235]: pam_unix(cron:session): session closed for user root
Oct 15 05:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23305]: pam_unix(cron:session): session closed for user root
Oct 15 05:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27238]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25971]: pam_unix(cron:session): session closed for user root
Oct 15 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28117]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28116]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28111]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28118]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28118]: pam_unix(cron:session): session closed for user root
Oct 15 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28109]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28209]: Successful su for rubyman by root
Oct 15 05:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28209]: + ??? root:rubyman
Oct 15 05:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415749 of user rubyman.
Oct 15 05:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28209]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415749.
Oct 15 05:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28111]: pam_unix(cron:session): session closed for user root
Oct 15 05:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24135]: pam_unix(cron:session): session closed for user root
Oct 15 05:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 15 05:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mtifil10@198.199.94.12 rhost=::ffff:45.142.193.185
Oct 15 05:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 15 05:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mtifil10 rhost=::ffff:45.142.193.185
Oct 15 05:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28110]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26544]: pam_unix(cron:session): session closed for user root
Oct 15 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28888]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28889]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28886]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29079]: Successful su for rubyman by root
Oct 15 05:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29079]: + ??? root:rubyman
Oct 15 05:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415755 of user rubyman.
Oct 15 05:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29079]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415755.
Oct 15 05:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24643]: pam_unix(cron:session): session closed for user root
Oct 15 05:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28887]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27240]: pam_unix(cron:session): session closed for user root
Oct 15 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29504]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29505]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29506]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29501]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29501]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29575]: Successful su for rubyman by root
Oct 15 05:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29575]: + ??? root:rubyman
Oct 15 05:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415759 of user rubyman.
Oct 15 05:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29575]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415759.
Oct 15 05:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25181]: pam_unix(cron:session): session closed for user root
Oct 15 05:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29504]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28117]: pam_unix(cron:session): session closed for user root
Oct 15 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29991]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29990]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29988]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30071]: Successful su for rubyman by root
Oct 15 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30071]: + ??? root:rubyman
Oct 15 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415763 of user rubyman.
Oct 15 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30071]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415763.
Oct 15 05:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25969]: pam_unix(cron:session): session closed for user root
Oct 15 05:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: Invalid user 1234 from 194.0.234.19
Oct 15 05:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: input_userauth_request: invalid user 1234 [preauth]
Oct 15 05:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Oct 15 05:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29989]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: Failed password for invalid user 1234 from 194.0.234.19 port 46478 ssh2
Oct 15 05:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30311]: Connection closed by 194.0.234.19 port 46478 [preauth]
Oct 15 05:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28889]: pam_unix(cron:session): session closed for user root
Oct 15 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30608]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30611]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30607]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30601]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30683]: Successful su for rubyman by root
Oct 15 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30683]: + ??? root:rubyman
Oct 15 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415769 of user rubyman.
Oct 15 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30683]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415769.
Oct 15 05:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26543]: pam_unix(cron:session): session closed for user root
Oct 15 05:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30607]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29506]: pam_unix(cron:session): session closed for user root
Oct 15 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31080]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31077]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31078]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31071]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31069]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31068]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31080]: pam_unix(cron:session): session closed for user root
Oct 15 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31068]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31171]: Successful su for rubyman by root
Oct 15 05:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31171]: + ??? root:rubyman
Oct 15 05:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31171]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415774 of user rubyman.
Oct 15 05:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31171]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415774.
Oct 15 05:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31071]: pam_unix(cron:session): session closed for user root
Oct 15 05:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27239]: pam_unix(cron:session): session closed for user root
Oct 15 05:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31069]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29991]: pam_unix(cron:session): session closed for user root
Oct 15 05:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31743]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31742]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31739]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31820]: Successful su for rubyman by root
Oct 15 05:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31820]: + ??? root:rubyman
Oct 15 05:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415777 of user rubyman.
Oct 15 05:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31820]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415777.
Oct 15 05:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: Invalid user support from 78.128.112.74
Oct 15 05:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: input_userauth_request: invalid user support [preauth]
Oct 15 05:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Oct 15 05:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: Failed password for invalid user support from 78.128.112.74 port 49788 ssh2
Oct 15 05:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: Connection closed by 78.128.112.74 port 49788 [preauth]
Oct 15 05:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28116]: pam_unix(cron:session): session closed for user root
Oct 15 05:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31741]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30611]: pam_unix(cron:session): session closed for user root
Oct 15 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32290]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32289]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32285]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32285]: pam_unix(cron:session): session closed for user root
Oct 15 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32287]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32374]: Successful su for rubyman by root
Oct 15 05:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32374]: + ??? root:rubyman
Oct 15 05:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415782 of user rubyman.
Oct 15 05:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32374]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415782.
Oct 15 05:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28888]: pam_unix(cron:session): session closed for user root
Oct 15 05:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32288]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31078]: pam_unix(cron:session): session closed for user root
Oct 15 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32753]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32754]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32751]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[356]: Successful su for rubyman by root
Oct 15 05:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[356]: + ??? root:rubyman
Oct 15 05:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415786 of user rubyman.
Oct 15 05:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[356]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415786.
Oct 15 05:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29505]: pam_unix(cron:session): session closed for user root
Oct 15 05:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32752]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31743]: pam_unix(cron:session): session closed for user root
Oct 15 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[742]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[739]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[736]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[852]: Successful su for rubyman by root
Oct 15 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[852]: + ??? root:rubyman
Oct 15 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415790 of user rubyman.
Oct 15 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[852]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415790.
Oct 15 05:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29990]: pam_unix(cron:session): session closed for user root
Oct 15 05:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[738]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: Invalid user ubnt from 80.94.95.116
Oct 15 05:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: input_userauth_request: invalid user ubnt [preauth]
Oct 15 05:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 05:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: Failed password for invalid user ubnt from 80.94.95.116 port 44484 ssh2
Oct 15 05:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: Connection closed by 80.94.95.116 port 44484 [preauth]
Oct 15 05:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32290]: pam_unix(cron:session): session closed for user root
Oct 15 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1317]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1321]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1319]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1320]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1321]: pam_unix(cron:session): session closed for user root
Oct 15 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1313]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: Successful su for rubyman by root
Oct 15 05:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: + ??? root:rubyman
Oct 15 05:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415798 of user rubyman.
Oct 15 05:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415798.
Oct 15 05:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1317]: pam_unix(cron:session): session closed for user root
Oct 15 05:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30608]: pam_unix(cron:session): session closed for user root
Oct 15 05:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1315]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32754]: pam_unix(cron:session): session closed for user root
Oct 15 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1849]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1850]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1847]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2041]: Successful su for rubyman by root
Oct 15 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2041]: + ??? root:rubyman
Oct 15 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415800 of user rubyman.
Oct 15 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2041]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415800.
Oct 15 05:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31077]: pam_unix(cron:session): session closed for user root
Oct 15 05:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1848]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[742]: pam_unix(cron:session): session closed for user root
Oct 15 05:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163  user=root
Oct 15 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2409]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2408]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2405]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2503]: Successful su for rubyman by root
Oct 15 05:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2503]: + ??? root:rubyman
Oct 15 05:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415804 of user rubyman.
Oct 15 05:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2503]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415804.
Oct 15 05:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: Failed password for root from 106.107.241.163 port 42864 ssh2
Oct 15 05:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: message repeated 2 times: [ Failed password for root from 106.107.241.163 port 42864 ssh2]
Oct 15 05:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31742]: pam_unix(cron:session): session closed for user root
Oct 15 05:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: Failed password for root from 106.107.241.163 port 42864 ssh2
Oct 15 05:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: message repeated 2 times: [ Failed password for root from 106.107.241.163 port 42864 ssh2]
Oct 15 05:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: error: maximum authentication attempts exceeded for root from 106.107.241.163 port 42864 ssh2 [preauth]
Oct 15 05:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163  user=root
Oct 15 05:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2402]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163  user=root
Oct 15 05:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: Failed password for root from 106.107.241.163 port 56116 ssh2
Oct 15 05:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2407]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: Failed password for root from 106.107.241.163 port 56116 ssh2
Oct 15 05:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: message repeated 4 times: [ Failed password for root from 106.107.241.163 port 56116 ssh2]
Oct 15 05:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: error: maximum authentication attempts exceeded for root from 106.107.241.163 port 56116 ssh2 [preauth]
Oct 15 05:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163  user=root
Oct 15 05:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163  user=root
Oct 15 05:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: Failed password for root from 106.107.241.163 port 14804 ssh2
Oct 15 05:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: message repeated 4 times: [ Failed password for root from 106.107.241.163 port 14804 ssh2]
Oct 15 05:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1320]: pam_unix(cron:session): session closed for user root
Oct 15 05:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: Failed password for root from 106.107.241.163 port 14804 ssh2
Oct 15 05:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: error: maximum authentication attempts exceeded for root from 106.107.241.163 port 14804 ssh2 [preauth]
Oct 15 05:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163  user=root
Oct 15 05:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163  user=root
Oct 15 05:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2818]: Failed password for root from 106.107.241.163 port 50312 ssh2
Oct 15 05:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2818]: Received disconnect from 106.107.241.163 port 50312:11: disconnected by user [preauth]
Oct 15 05:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2818]: Disconnected from 106.107.241.163 port 50312 [preauth]
Oct 15 05:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: Invalid user admin from 106.107.241.163
Oct 15 05:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: input_userauth_request: invalid user admin [preauth]
Oct 15 05:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: Failed password for invalid user admin from 106.107.241.163 port 50322 ssh2
Oct 15 05:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: Failed password for invalid user admin from 106.107.241.163 port 50322 ssh2
Oct 15 05:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: Failed password for invalid user admin from 106.107.241.163 port 50322 ssh2
Oct 15 05:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: Failed password for invalid user admin from 106.107.241.163 port 50322 ssh2
Oct 15 05:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: Failed password for invalid user admin from 106.107.241.163 port 50322 ssh2
Oct 15 05:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2872]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: Failed password for invalid user admin from 106.107.241.163 port 50322 ssh2
Oct 15 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: error: maximum authentication attempts exceeded for invalid user admin from 106.107.241.163 port 50322 ssh2 [preauth]
Oct 15 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2821]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2956]: Successful su for rubyman by root
Oct 15 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2956]: + ??? root:rubyman
Oct 15 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2956]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415808 of user rubyman.
Oct 15 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2956]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415808.
Oct 15 05:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Invalid user admin from 106.107.241.163
Oct 15 05:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: input_userauth_request: invalid user admin [preauth]
Oct 15 05:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Failed password for invalid user admin from 106.107.241.163 port 40124 ssh2
Oct 15 05:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Failed password for invalid user admin from 106.107.241.163 port 40124 ssh2
Oct 15 05:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Failed password for invalid user admin from 106.107.241.163 port 40124 ssh2
Oct 15 05:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32289]: pam_unix(cron:session): session closed for user root
Oct 15 05:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Failed password for invalid user admin from 106.107.241.163 port 40124 ssh2
Oct 15 05:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Failed password for invalid user admin from 106.107.241.163 port 40124 ssh2
Oct 15 05:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Failed password for invalid user admin from 106.107.241.163 port 40124 ssh2
Oct 15 05:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: error: maximum authentication attempts exceeded for invalid user admin from 106.107.241.163 port 40124 ssh2 [preauth]
Oct 15 05:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: Invalid user admin from 106.107.241.163
Oct 15 05:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: input_userauth_request: invalid user admin [preauth]
Oct 15 05:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: Failed password for invalid user admin from 106.107.241.163 port 30852 ssh2
Oct 15 05:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: Failed password for invalid user admin from 106.107.241.163 port 30852 ssh2
Oct 15 05:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: Failed password for invalid user admin from 106.107.241.163 port 30852 ssh2
Oct 15 05:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: Failed password for invalid user admin from 106.107.241.163 port 30852 ssh2
Oct 15 05:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: Received disconnect from 106.107.241.163 port 30852:11: disconnected by user [preauth]
Oct 15 05:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: Disconnected from 106.107.241.163 port 30852 [preauth]
Oct 15 05:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: PAM service(sshd) ignoring max retries; 4 > 3
Oct 15 05:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: Invalid user oracle from 106.107.241.163
Oct 15 05:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: input_userauth_request: invalid user oracle [preauth]
Oct 15 05:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: Failed password for invalid user oracle from 106.107.241.163 port 38058 ssh2
Oct 15 05:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: Failed password for invalid user oracle from 106.107.241.163 port 38058 ssh2
Oct 15 05:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: Failed password for invalid user oracle from 106.107.241.163 port 38058 ssh2
Oct 15 05:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: Failed password for invalid user oracle from 106.107.241.163 port 38058 ssh2
Oct 15 05:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1850]: pam_unix(cron:session): session closed for user root
Oct 15 05:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: Failed password for invalid user oracle from 106.107.241.163 port 38058 ssh2
Oct 15 05:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: Failed password for invalid user oracle from 106.107.241.163 port 38058 ssh2
Oct 15 05:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: error: maximum authentication attempts exceeded for invalid user oracle from 106.107.241.163 port 38058 ssh2 [preauth]
Oct 15 05:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3204]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Invalid user oracle from 106.107.241.163
Oct 15 05:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: input_userauth_request: invalid user oracle [preauth]
Oct 15 05:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Failed password for invalid user oracle from 106.107.241.163 port 22242 ssh2
Oct 15 05:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Failed password for invalid user oracle from 106.107.241.163 port 22242 ssh2
Oct 15 05:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Failed password for invalid user oracle from 106.107.241.163 port 22242 ssh2
Oct 15 05:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Failed password for invalid user oracle from 106.107.241.163 port 22242 ssh2
Oct 15 05:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Failed password for invalid user oracle from 106.107.241.163 port 22242 ssh2
Oct 15 05:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Failed password for invalid user oracle from 106.107.241.163 port 22242 ssh2
Oct 15 05:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: error: maximum authentication attempts exceeded for invalid user oracle from 106.107.241.163 port 22242 ssh2 [preauth]
Oct 15 05:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: Invalid user oracle from 106.107.241.163
Oct 15 05:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: input_userauth_request: invalid user oracle [preauth]
Oct 15 05:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: Failed password for invalid user oracle from 106.107.241.163 port 26052 ssh2
Oct 15 05:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3343]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3345]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3339]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3424]: Successful su for rubyman by root
Oct 15 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3424]: + ??? root:rubyman
Oct 15 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: Failed password for invalid user oracle from 106.107.241.163 port 26052 ssh2
Oct 15 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415813 of user rubyman.
Oct 15 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3424]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415813.
Oct 15 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: Received disconnect from 106.107.241.163 port 26052:11: disconnected by user [preauth]
Oct 15 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: Disconnected from 106.107.241.163 port 26052 [preauth]
Oct 15 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3328]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: Invalid user usuario from 106.107.241.163
Oct 15 05:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: input_userauth_request: invalid user usuario [preauth]
Oct 15 05:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: Failed password for invalid user usuario from 106.107.241.163 port 10378 ssh2
Oct 15 05:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: Failed password for invalid user usuario from 106.107.241.163 port 10378 ssh2
Oct 15 05:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: Failed password for invalid user usuario from 106.107.241.163 port 10378 ssh2
Oct 15 05:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32753]: pam_unix(cron:session): session closed for user root
Oct 15 05:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: Failed password for invalid user usuario from 106.107.241.163 port 10378 ssh2
Oct 15 05:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: Failed password for invalid user usuario from 106.107.241.163 port 10378 ssh2
Oct 15 05:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: Failed password for invalid user usuario from 106.107.241.163 port 10378 ssh2
Oct 15 05:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: error: maximum authentication attempts exceeded for invalid user usuario from 106.107.241.163 port 10378 ssh2 [preauth]
Oct 15 05:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3340]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: Invalid user usuario from 106.107.241.163
Oct 15 05:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: input_userauth_request: invalid user usuario [preauth]
Oct 15 05:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: Failed password for invalid user usuario from 106.107.241.163 port 34606 ssh2
Oct 15 05:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: Failed password for invalid user usuario from 106.107.241.163 port 34606 ssh2
Oct 15 05:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: Failed password for invalid user usuario from 106.107.241.163 port 34606 ssh2
Oct 15 05:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: Failed password for invalid user usuario from 106.107.241.163 port 34606 ssh2
Oct 15 05:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: Failed password for invalid user usuario from 106.107.241.163 port 34606 ssh2
Oct 15 05:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: Failed password for invalid user usuario from 106.107.241.163 port 34606 ssh2
Oct 15 05:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: error: maximum authentication attempts exceeded for invalid user usuario from 106.107.241.163 port 34606 ssh2 [preauth]
Oct 15 05:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3633]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Invalid user usuario from 106.107.241.163
Oct 15 05:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: input_userauth_request: invalid user usuario [preauth]
Oct 15 05:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Failed password for invalid user usuario from 106.107.241.163 port 61290 ssh2
Oct 15 05:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Failed password for invalid user usuario from 106.107.241.163 port 61290 ssh2
Oct 15 05:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Received disconnect from 106.107.241.163 port 61290:11: disconnected by user [preauth]
Oct 15 05:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: Disconnected from 106.107.241.163 port 61290 [preauth]
Oct 15 05:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3699]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: Invalid user test from 106.107.241.163
Oct 15 05:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: input_userauth_request: invalid user test [preauth]
Oct 15 05:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2409]: pam_unix(cron:session): session closed for user root
Oct 15 05:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: Failed password for invalid user test from 106.107.241.163 port 61302 ssh2
Oct 15 05:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: Failed password for invalid user test from 106.107.241.163 port 61302 ssh2
Oct 15 05:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: Failed password for invalid user test from 106.107.241.163 port 61302 ssh2
Oct 15 05:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: Failed password for invalid user test from 106.107.241.163 port 61302 ssh2
Oct 15 05:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: Failed password for invalid user test from 106.107.241.163 port 61302 ssh2
Oct 15 05:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: Failed password for invalid user test from 106.107.241.163 port 61302 ssh2
Oct 15 05:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: error: maximum authentication attempts exceeded for invalid user test from 106.107.241.163 port 61302 ssh2 [preauth]
Oct 15 05:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: Invalid user test from 106.107.241.163
Oct 15 05:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: input_userauth_request: invalid user test [preauth]
Oct 15 05:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: Failed password for invalid user test from 106.107.241.163 port 20976 ssh2
Oct 15 05:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: Failed password for invalid user test from 106.107.241.163 port 20976 ssh2
Oct 15 05:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: Failed password for invalid user test from 106.107.241.163 port 20976 ssh2
Oct 15 05:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: Failed password for invalid user test from 106.107.241.163 port 20976 ssh2
Oct 15 05:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3812]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3809]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3814]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3810]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3808]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3807]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3814]: pam_unix(cron:session): session closed for user root
Oct 15 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3807]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: Failed password for invalid user test from 106.107.241.163 port 20976 ssh2
Oct 15 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3895]: Successful su for rubyman by root
Oct 15 05:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3895]: + ??? root:rubyman
Oct 15 05:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415816 of user rubyman.
Oct 15 05:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3895]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415816.
Oct 15 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: Failed password for invalid user test from 106.107.241.163 port 20976 ssh2
Oct 15 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: error: maximum authentication attempts exceeded for invalid user test from 106.107.241.163 port 20976 ssh2 [preauth]
Oct 15 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3782]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: Invalid user test from 106.107.241.163
Oct 15 05:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: input_userauth_request: invalid user test [preauth]
Oct 15 05:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: Failed password for invalid user test from 106.107.241.163 port 23196 ssh2
Oct 15 05:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3809]: pam_unix(cron:session): session closed for user root
Oct 15 05:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[739]: pam_unix(cron:session): session closed for user root
Oct 15 05:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: Failed password for invalid user test from 106.107.241.163 port 23196 ssh2
Oct 15 05:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: Received disconnect from 106.107.241.163 port 23196:11: disconnected by user [preauth]
Oct 15 05:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: Disconnected from 106.107.241.163 port 23196 [preauth]
Oct 15 05:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: Invalid user user from 106.107.241.163
Oct 15 05:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: input_userauth_request: invalid user user [preauth]
Oct 15 05:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: Failed password for invalid user user from 106.107.241.163 port 6424 ssh2
Oct 15 05:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: Failed password for invalid user user from 106.107.241.163 port 6424 ssh2
Oct 15 05:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: Failed password for invalid user user from 106.107.241.163 port 6424 ssh2
Oct 15 05:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: Failed password for invalid user user from 106.107.241.163 port 6424 ssh2
Oct 15 05:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3808]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: Failed password for invalid user user from 106.107.241.163 port 6424 ssh2
Oct 15 05:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: Failed password for invalid user user from 106.107.241.163 port 6424 ssh2
Oct 15 05:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: error: maximum authentication attempts exceeded for invalid user user from 106.107.241.163 port 6424 ssh2 [preauth]
Oct 15 05:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4099]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: Invalid user user from 106.107.241.163
Oct 15 05:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: input_userauth_request: invalid user user [preauth]
Oct 15 05:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: Failed password for invalid user user from 106.107.241.163 port 1264 ssh2
Oct 15 05:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: Failed password for invalid user user from 106.107.241.163 port 1264 ssh2
Oct 15 05:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: Failed password for invalid user user from 106.107.241.163 port 1264 ssh2
Oct 15 05:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: Failed password for invalid user user from 106.107.241.163 port 1264 ssh2
Oct 15 05:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: Failed password for invalid user user from 106.107.241.163 port 1264 ssh2
Oct 15 05:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2872]: pam_unix(cron:session): session closed for user root
Oct 15 05:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: Failed password for invalid user user from 106.107.241.163 port 1264 ssh2
Oct 15 05:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: error: maximum authentication attempts exceeded for invalid user user from 106.107.241.163 port 1264 ssh2 [preauth]
Oct 15 05:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: Invalid user user from 106.107.241.163
Oct 15 05:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: input_userauth_request: invalid user user [preauth]
Oct 15 05:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4295]: Invalid user peuser from 164.68.105.9
Oct 15 05:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4295]: input_userauth_request: invalid user peuser [preauth]
Oct 15 05:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4295]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 05:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: Failed password for invalid user user from 106.107.241.163 port 25806 ssh2
Oct 15 05:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4295]: Failed password for invalid user peuser from 164.68.105.9 port 56632 ssh2
Oct 15 05:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4295]: Connection closed by 164.68.105.9 port 56632 [preauth]
Oct 15 05:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: Failed password for invalid user user from 106.107.241.163 port 25806 ssh2
Oct 15 05:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: Failed password for invalid user user from 106.107.241.163 port 25806 ssh2
Oct 15 05:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: Failed password for invalid user user from 106.107.241.163 port 25806 ssh2
Oct 15 05:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: Received disconnect from 106.107.241.163 port 25806:11: disconnected by user [preauth]
Oct 15 05:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: Disconnected from 106.107.241.163 port 25806 [preauth]
Oct 15 05:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: PAM service(sshd) ignoring max retries; 4 > 3
Oct 15 05:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: Invalid user ftpuser from 106.107.241.163
Oct 15 05:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 05:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: Failed password for invalid user ftpuser from 106.107.241.163 port 25814 ssh2
Oct 15 05:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: Failed password for invalid user ftpuser from 106.107.241.163 port 25814 ssh2
Oct 15 05:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: Failed password for invalid user ftpuser from 106.107.241.163 port 25814 ssh2
Oct 15 05:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: Failed password for invalid user ftpuser from 106.107.241.163 port 25814 ssh2
Oct 15 05:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: Failed password for invalid user ftpuser from 106.107.241.163 port 25814 ssh2
Oct 15 05:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: Failed password for invalid user ftpuser from 106.107.241.163 port 25814 ssh2
Oct 15 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: error: maximum authentication attempts exceeded for invalid user ftpuser from 106.107.241.163 port 25814 ssh2 [preauth]
Oct 15 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4329]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4363]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4364]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4362]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4361]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4361]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: Invalid user ftpuser from 106.107.241.163
Oct 15 05:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 05:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4444]: Successful su for rubyman by root
Oct 15 05:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4444]: + ??? root:rubyman
Oct 15 05:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415824 of user rubyman.
Oct 15 05:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4444]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415824.
Oct 15 05:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: Failed password for invalid user ftpuser from 106.107.241.163 port 38426 ssh2
Oct 15 05:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: Failed password for invalid user ftpuser from 106.107.241.163 port 38426 ssh2
Oct 15 05:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: Failed password for invalid user ftpuser from 106.107.241.163 port 38426 ssh2
Oct 15 05:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: Failed password for invalid user ftpuser from 106.107.241.163 port 38426 ssh2
Oct 15 05:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1319]: pam_unix(cron:session): session closed for user root
Oct 15 05:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: Failed password for invalid user ftpuser from 106.107.241.163 port 38426 ssh2
Oct 15 05:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: Failed password for invalid user ftpuser from 106.107.241.163 port 38426 ssh2
Oct 15 05:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: error: maximum authentication attempts exceeded for invalid user ftpuser from 106.107.241.163 port 38426 ssh2 [preauth]
Oct 15 05:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4356]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: Invalid user ftpuser from 106.107.241.163
Oct 15 05:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 05:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: Failed password for invalid user ftpuser from 106.107.241.163 port 57646 ssh2
Oct 15 05:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4362]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: Failed password for invalid user ftpuser from 106.107.241.163 port 57646 ssh2
Oct 15 05:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: Failed password for invalid user ftpuser from 106.107.241.163 port 57646 ssh2
Oct 15 05:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: Failed password for invalid user ftpuser from 106.107.241.163 port 57646 ssh2
Oct 15 05:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: Received disconnect from 106.107.241.163 port 57646:11: disconnected by user [preauth]
Oct 15 05:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: Disconnected from 106.107.241.163 port 57646 [preauth]
Oct 15 05:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: PAM service(sshd) ignoring max retries; 4 > 3
Oct 15 05:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: Invalid user test1 from 106.107.241.163
Oct 15 05:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: input_userauth_request: invalid user test1 [preauth]
Oct 15 05:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: Failed password for invalid user test1 from 106.107.241.163 port 3028 ssh2
Oct 15 05:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: Failed password for invalid user test1 from 106.107.241.163 port 3028 ssh2
Oct 15 05:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: Failed password for invalid user test1 from 106.107.241.163 port 3028 ssh2
Oct 15 05:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: Failed password for invalid user test1 from 106.107.241.163 port 3028 ssh2
Oct 15 05:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: Invalid user peuser from 164.68.105.9
Oct 15 05:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: input_userauth_request: invalid user peuser [preauth]
Oct 15 05:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 05:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: Failed password for invalid user test1 from 106.107.241.163 port 3028 ssh2
Oct 15 05:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: Failed password for invalid user peuser from 164.68.105.9 port 58606 ssh2
Oct 15 05:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4779]: Connection closed by 164.68.105.9 port 58606 [preauth]
Oct 15 05:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: Failed password for invalid user test1 from 106.107.241.163 port 3028 ssh2
Oct 15 05:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: error: maximum authentication attempts exceeded for invalid user test1 from 106.107.241.163 port 3028 ssh2 [preauth]
Oct 15 05:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3345]: pam_unix(cron:session): session closed for user root
Oct 15 05:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: Invalid user test1 from 106.107.241.163
Oct 15 05:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: input_userauth_request: invalid user test1 [preauth]
Oct 15 05:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: Failed password for invalid user test1 from 106.107.241.163 port 6742 ssh2
Oct 15 05:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: Failed password for invalid user test1 from 106.107.241.163 port 6742 ssh2
Oct 15 05:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: Failed password for invalid user test1 from 106.107.241.163 port 6742 ssh2
Oct 15 05:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: Failed password for invalid user test1 from 106.107.241.163 port 6742 ssh2
Oct 15 05:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: Failed password for invalid user test1 from 106.107.241.163 port 6742 ssh2
Oct 15 05:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: Failed password for invalid user test1 from 106.107.241.163 port 6742 ssh2
Oct 15 05:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: error: maximum authentication attempts exceeded for invalid user test1 from 106.107.241.163 port 6742 ssh2 [preauth]
Oct 15 05:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4803]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: Invalid user test1 from 106.107.241.163
Oct 15 05:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: input_userauth_request: invalid user test1 [preauth]
Oct 15 05:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: Failed password for invalid user test1 from 106.107.241.163 port 63812 ssh2
Oct 15 05:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: Failed password for invalid user test1 from 106.107.241.163 port 63812 ssh2
Oct 15 05:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: Received disconnect from 106.107.241.163 port 63812:11: disconnected by user [preauth]
Oct 15 05:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: Disconnected from 106.107.241.163 port 63812 [preauth]
Oct 15 05:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: Invalid user test2 from 106.107.241.163
Oct 15 05:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: input_userauth_request: invalid user test2 [preauth]
Oct 15 05:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: Failed password for invalid user test2 from 106.107.241.163 port 63822 ssh2
Oct 15 05:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4874]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4873]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4871]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: Failed password for invalid user test2 from 106.107.241.163 port 63822 ssh2
Oct 15 05:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: Failed password for invalid user test2 from 106.107.241.163 port 63822 ssh2
Oct 15 05:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5162]: Successful su for rubyman by root
Oct 15 05:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5162]: + ??? root:rubyman
Oct 15 05:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415828 of user rubyman.
Oct 15 05:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5162]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415828.
Oct 15 05:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: Failed password for invalid user test2 from 106.107.241.163 port 63822 ssh2
Oct 15 05:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: Failed password for invalid user test2 from 106.107.241.163 port 63822 ssh2
Oct 15 05:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: Failed password for invalid user test2 from 106.107.241.163 port 63822 ssh2
Oct 15 05:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: error: maximum authentication attempts exceeded for invalid user test2 from 106.107.241.163 port 63822 ssh2 [preauth]
Oct 15 05:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4864]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1849]: pam_unix(cron:session): session closed for user root
Oct 15 05:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Invalid user test2 from 106.107.241.163
Oct 15 05:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: input_userauth_request: invalid user test2 [preauth]
Oct 15 05:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Failed password for invalid user test2 from 106.107.241.163 port 20186 ssh2
Oct 15 05:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Failed password for invalid user test2 from 106.107.241.163 port 20186 ssh2
Oct 15 05:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Failed password for invalid user test2 from 106.107.241.163 port 20186 ssh2
Oct 15 05:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Failed password for invalid user test2 from 106.107.241.163 port 20186 ssh2
Oct 15 05:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Failed password for invalid user test2 from 106.107.241.163 port 20186 ssh2
Oct 15 05:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4872]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Failed password for invalid user test2 from 106.107.241.163 port 20186 ssh2
Oct 15 05:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: error: maximum authentication attempts exceeded for invalid user test2 from 106.107.241.163 port 20186 ssh2 [preauth]
Oct 15 05:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: Invalid user test2 from 106.107.241.163
Oct 15 05:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: input_userauth_request: invalid user test2 [preauth]
Oct 15 05:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: Failed password for invalid user test2 from 106.107.241.163 port 9782 ssh2
Oct 15 05:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: Failed password for invalid user test2 from 106.107.241.163 port 9782 ssh2
Oct 15 05:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: Received disconnect from 106.107.241.163 port 9782:11: disconnected by user [preauth]
Oct 15 05:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: Disconnected from 106.107.241.163 port 9782 [preauth]
Oct 15 05:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5700]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: Invalid user ubuntu from 106.107.241.163
Oct 15 05:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 05:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: Failed password for invalid user ubuntu from 106.107.241.163 port 9794 ssh2
Oct 15 05:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: Failed password for invalid user ubuntu from 106.107.241.163 port 9794 ssh2
Oct 15 05:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: Failed password for invalid user ubuntu from 106.107.241.163 port 9794 ssh2
Oct 15 05:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: Failed password for invalid user ubuntu from 106.107.241.163 port 9794 ssh2
Oct 15 05:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: Failed password for invalid user ubuntu from 106.107.241.163 port 9794 ssh2
Oct 15 05:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3812]: pam_unix(cron:session): session closed for user root
Oct 15 05:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: Failed password for invalid user ubuntu from 106.107.241.163 port 9794 ssh2
Oct 15 05:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: error: maximum authentication attempts exceeded for invalid user ubuntu from 106.107.241.163 port 9794 ssh2 [preauth]
Oct 15 05:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: Invalid user ubuntu from 106.107.241.163
Oct 15 05:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 05:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: Failed password for invalid user ubuntu from 106.107.241.163 port 8116 ssh2
Oct 15 05:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: Failed password for invalid user ubuntu from 106.107.241.163 port 8116 ssh2
Oct 15 05:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: Failed password for invalid user ubuntu from 106.107.241.163 port 8116 ssh2
Oct 15 05:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: Failed password for invalid user ubuntu from 106.107.241.163 port 8116 ssh2
Oct 15 05:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: Failed password for invalid user ubuntu from 106.107.241.163 port 8116 ssh2
Oct 15 05:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: Failed password for invalid user ubuntu from 106.107.241.163 port 8116 ssh2
Oct 15 05:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: error: maximum authentication attempts exceeded for invalid user ubuntu from 106.107.241.163 port 8116 ssh2 [preauth]
Oct 15 05:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: Disconnecting: Too many authentication failures [preauth]
Oct 15 05:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: PAM service(sshd) ignoring max retries; 6 > 3
Oct 15 05:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: Invalid user ubuntu from 106.107.241.163
Oct 15 05:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 05:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: Failed password for invalid user ubuntu from 106.107.241.163 port 1736 ssh2
Oct 15 05:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5849]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5848]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5841]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: Failed password for invalid user ubuntu from 106.107.241.163 port 1736 ssh2
Oct 15 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5929]: Successful su for rubyman by root
Oct 15 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5929]: + ??? root:rubyman
Oct 15 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415830 of user rubyman.
Oct 15 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5929]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415830.
Oct 15 05:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: Failed password for invalid user ubuntu from 106.107.241.163 port 1736 ssh2
Oct 15 05:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: Failed password for invalid user ubuntu from 106.107.241.163 port 1736 ssh2
Oct 15 05:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: Received disconnect from 106.107.241.163 port 1736:11: disconnected by user [preauth]
Oct 15 05:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: Disconnected from 106.107.241.163 port 1736 [preauth]
Oct 15 05:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5830]: PAM service(sshd) ignoring max retries; 4 > 3
Oct 15 05:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: Invalid user pi from 106.107.241.163
Oct 15 05:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: input_userauth_request: invalid user pi [preauth]
Oct 15 05:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: Failed password for invalid user pi from 106.107.241.163 port 24910 ssh2
Oct 15 05:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2408]: pam_unix(cron:session): session closed for user root
Oct 15 05:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: Failed password for invalid user pi from 106.107.241.163 port 24910 ssh2
Oct 15 05:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: Failed password for invalid user pi from 106.107.241.163 port 24910 ssh2
Oct 15 05:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5843]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: Failed password for invalid user pi from 106.107.241.163 port 24910 ssh2
Oct 15 05:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: Received disconnect from 106.107.241.163 port 24910:11: disconnected by user [preauth]
Oct 15 05:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: Disconnected from 106.107.241.163 port 24910 [preauth]
Oct 15 05:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: PAM service(sshd) ignoring max retries; 4 > 3
Oct 15 05:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: Invalid user baikal from 106.107.241.163
Oct 15 05:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: input_userauth_request: invalid user baikal [preauth]
Oct 15 05:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.107.241.163
Oct 15 05:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: Failed password for invalid user baikal from 106.107.241.163 port 16986 ssh2
Oct 15 05:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: Received disconnect from 106.107.241.163 port 16986:11: disconnected by user [preauth]
Oct 15 05:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: Disconnected from 106.107.241.163 port 16986 [preauth]
Oct 15 05:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4364]: pam_unix(cron:session): session closed for user root
Oct 15 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6303]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6304]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6301]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6373]: Successful su for rubyman by root
Oct 15 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6373]: + ??? root:rubyman
Oct 15 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415834 of user rubyman.
Oct 15 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6373]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415834.
Oct 15 05:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session closed for user root
Oct 15 05:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6302]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: Invalid user test from 194.0.234.19
Oct 15 05:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: input_userauth_request: invalid user test [preauth]
Oct 15 05:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Oct 15 05:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: Failed password for invalid user test from 194.0.234.19 port 18356 ssh2
Oct 15 05:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: Connection closed by 194.0.234.19 port 18356 [preauth]
Oct 15 05:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4874]: pam_unix(cron:session): session closed for user root
Oct 15 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6866]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6862]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6867]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6865]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6867]: pam_unix(cron:session): session closed for user root
Oct 15 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6854]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6945]: Successful su for rubyman by root
Oct 15 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6945]: + ??? root:rubyman
Oct 15 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415838 of user rubyman.
Oct 15 05:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6945]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415838.
Oct 15 05:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6862]: pam_unix(cron:session): session closed for user root
Oct 15 05:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3343]: pam_unix(cron:session): session closed for user root
Oct 15 05:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6860]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5849]: pam_unix(cron:session): session closed for user root
Oct 15 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7464]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7459]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7462]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7458]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7537]: Successful su for rubyman by root
Oct 15 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7537]: + ??? root:rubyman
Oct 15 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7537]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415845 of user rubyman.
Oct 15 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7537]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415845.
Oct 15 05:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3810]: pam_unix(cron:session): session closed for user root
Oct 15 05:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7459]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6304]: pam_unix(cron:session): session closed for user root
Oct 15 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8354]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8355]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8349]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8436]: Successful su for rubyman by root
Oct 15 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8436]: + ??? root:rubyman
Oct 15 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415849 of user rubyman.
Oct 15 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8436]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415849.
Oct 15 05:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4363]: pam_unix(cron:session): session closed for user root
Oct 15 05:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8351]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6866]: pam_unix(cron:session): session closed for user root
Oct 15 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8940]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8941]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8938]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9020]: Successful su for rubyman by root
Oct 15 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9020]: + ??? root:rubyman
Oct 15 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9020]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415854 of user rubyman.
Oct 15 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9020]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415854.
Oct 15 05:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4873]: pam_unix(cron:session): session closed for user root
Oct 15 05:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8939]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7464]: pam_unix(cron:session): session closed for user root
Oct 15 05:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: Invalid user user from 62.60.131.157
Oct 15 05:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: input_userauth_request: invalid user user [preauth]
Oct 15 05:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 05:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: Failed password for invalid user user from 62.60.131.157 port 15277 ssh2
Oct 15 05:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: Failed password for invalid user user from 62.60.131.157 port 15277 ssh2
Oct 15 05:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9550]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9549]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9546]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: Failed password for invalid user user from 62.60.131.157 port 15277 ssh2
Oct 15 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9638]: Successful su for rubyman by root
Oct 15 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9638]: + ??? root:rubyman
Oct 15 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9638]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415856 of user rubyman.
Oct 15 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9638]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415856.
Oct 15 05:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: Failed password for invalid user user from 62.60.131.157 port 15277 ssh2
Oct 15 05:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: Failed password for invalid user user from 62.60.131.157 port 15277 ssh2
Oct 15 05:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: Received disconnect from 62.60.131.157 port 15277:11: Bye [preauth]
Oct 15 05:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: Disconnected from 62.60.131.157 port 15277 [preauth]
Oct 15 05:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 05:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 05:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5848]: pam_unix(cron:session): session closed for user root
Oct 15 05:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9548]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: Invalid user postgres from 185.156.73.233
Oct 15 05:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: input_userauth_request: invalid user postgres [preauth]
Oct 15 05:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 05:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: Failed password for invalid user postgres from 185.156.73.233 port 35940 ssh2
Oct 15 05:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: Connection closed by 185.156.73.233 port 35940 [preauth]
Oct 15 05:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8355]: pam_unix(cron:session): session closed for user root
Oct 15 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10163]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10165]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10161]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10162]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10165]: pam_unix(cron:session): session closed for user root
Oct 15 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10157]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10251]: Successful su for rubyman by root
Oct 15 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10251]: + ??? root:rubyman
Oct 15 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10251]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415862 of user rubyman.
Oct 15 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10251]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415862.
Oct 15 05:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10161]: pam_unix(cron:session): session closed for user root
Oct 15 05:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6303]: pam_unix(cron:session): session closed for user root
Oct 15 05:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10158]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8941]: pam_unix(cron:session): session closed for user root
Oct 15 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10683]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10684]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10681]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10772]: Successful su for rubyman by root
Oct 15 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10772]: + ??? root:rubyman
Oct 15 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415867 of user rubyman.
Oct 15 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10772]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415867.
Oct 15 05:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6865]: pam_unix(cron:session): session closed for user root
Oct 15 05:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10682]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11049]: Invalid user pos from 20.163.71.109
Oct 15 05:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11049]: input_userauth_request: invalid user pos [preauth]
Oct 15 05:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11049]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 05:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11049]: Failed password for invalid user pos from 20.163.71.109 port 58254 ssh2
Oct 15 05:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11049]: Connection closed by 20.163.71.109 port 58254 [preauth]
Oct 15 05:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9550]: pam_unix(cron:session): session closed for user root
Oct 15 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11148]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11147]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11143]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11215]: Successful su for rubyman by root
Oct 15 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11215]: + ??? root:rubyman
Oct 15 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415871 of user rubyman.
Oct 15 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11215]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415871.
Oct 15 05:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7462]: pam_unix(cron:session): session closed for user root
Oct 15 05:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11145]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10163]: pam_unix(cron:session): session closed for user root
Oct 15 05:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: Invalid user admin from 2.57.121.25
Oct 15 05:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: input_userauth_request: invalid user admin [preauth]
Oct 15 05:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 05:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: Failed password for invalid user admin from 2.57.121.25 port 54039 ssh2
Oct 15 05:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: Failed password for invalid user admin from 2.57.121.25 port 54039 ssh2
Oct 15 05:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: Failed password for invalid user admin from 2.57.121.25 port 54039 ssh2
Oct 15 05:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: Failed password for invalid user admin from 2.57.121.25 port 54039 ssh2
Oct 15 05:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: Failed password for invalid user admin from 2.57.121.25 port 54039 ssh2
Oct 15 05:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: Received disconnect from 2.57.121.25 port 54039:11: Bye [preauth]
Oct 15 05:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: Disconnected from 2.57.121.25 port 54039 [preauth]
Oct 15 05:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 05:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11552]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11622]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11624]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11625]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11615]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11788]: Successful su for rubyman by root
Oct 15 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11788]: + ??? root:rubyman
Oct 15 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415874 of user rubyman.
Oct 15 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11788]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415874.
Oct 15 05:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8354]: pam_unix(cron:session): session closed for user root
Oct 15 05:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11622]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10684]: pam_unix(cron:session): session closed for user root
Oct 15 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12193]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12194]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12188]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12190]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12379]: Successful su for rubyman by root
Oct 15 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12379]: + ??? root:rubyman
Oct 15 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415880 of user rubyman.
Oct 15 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12379]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415880.
Oct 15 05:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12188]: pam_unix(cron:session): session closed for user root
Oct 15 05:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8940]: pam_unix(cron:session): session closed for user root
Oct 15 05:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12192]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11148]: pam_unix(cron:session): session closed for user root
Oct 15 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12800]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12798]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12797]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12799]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12800]: pam_unix(cron:session): session closed for user root
Oct 15 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12795]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12888]: Successful su for rubyman by root
Oct 15 05:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12888]: + ??? root:rubyman
Oct 15 05:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415883 of user rubyman.
Oct 15 05:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12888]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415883.
Oct 15 05:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12797]: pam_unix(cron:session): session closed for user root
Oct 15 05:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9549]: pam_unix(cron:session): session closed for user root
Oct 15 05:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12796]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11625]: pam_unix(cron:session): session closed for user root
Oct 15 05:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Oct 15 05:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: Failed password for root from 134.199.225.42 port 51556 ssh2
Oct 15 05:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: Received disconnect from 134.199.225.42 port 51556:11: Bye Bye [preauth]
Oct 15 05:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13422]: Disconnected from 134.199.225.42 port 51556 [preauth]
Oct 15 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13444]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13445]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13441]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13538]: Successful su for rubyman by root
Oct 15 05:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13538]: + ??? root:rubyman
Oct 15 05:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415890 of user rubyman.
Oct 15 05:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13538]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415890.
Oct 15 05:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10162]: pam_unix(cron:session): session closed for user root
Oct 15 05:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13443]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13857]: Invalid user admin from 185.156.73.233
Oct 15 05:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13857]: input_userauth_request: invalid user admin [preauth]
Oct 15 05:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13857]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 05:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12194]: pam_unix(cron:session): session closed for user root
Oct 15 05:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13857]: Failed password for invalid user admin from 185.156.73.233 port 18784 ssh2
Oct 15 05:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13857]: Connection closed by 185.156.73.233 port 18784 [preauth]
Oct 15 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13949]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13947]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13944]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14009]: Successful su for rubyman by root
Oct 15 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14009]: + ??? root:rubyman
Oct 15 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415893 of user rubyman.
Oct 15 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14009]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415893.
Oct 15 05:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10683]: pam_unix(cron:session): session closed for user root
Oct 15 05:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13945]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 15 05:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Failed password for root from 190.103.202.7 port 34176 ssh2
Oct 15 05:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Connection closed by 190.103.202.7 port 34176 [preauth]
Oct 15 05:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12799]: pam_unix(cron:session): session closed for user root
Oct 15 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14474]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14473]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14471]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14546]: Successful su for rubyman by root
Oct 15 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14546]: + ??? root:rubyman
Oct 15 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415899 of user rubyman.
Oct 15 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14546]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415899.
Oct 15 05:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11147]: pam_unix(cron:session): session closed for user root
Oct 15 05:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14472]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195  user=root
Oct 15 05:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14802]: Failed password for root from 103.100.209.195 port 57000 ssh2
Oct 15 05:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14802]: Received disconnect from 103.100.209.195 port 57000:11: Bye Bye [preauth]
Oct 15 05:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14802]: Disconnected from 103.100.209.195 port 57000 [preauth]
Oct 15 05:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Oct 15 05:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: Failed password for root from 134.199.225.42 port 57768 ssh2
Oct 15 05:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: Received disconnect from 134.199.225.42 port 57768:11: Bye Bye [preauth]
Oct 15 05:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: Disconnected from 134.199.225.42 port 57768 [preauth]
Oct 15 05:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13445]: pam_unix(cron:session): session closed for user root
Oct 15 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14950]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14944]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14949]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14943]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14943]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15023]: Successful su for rubyman by root
Oct 15 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15023]: + ??? root:rubyman
Oct 15 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415901 of user rubyman.
Oct 15 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15023]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415901.
Oct 15 05:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11624]: pam_unix(cron:session): session closed for user root
Oct 15 05:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14944]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13949]: pam_unix(cron:session): session closed for user root
Oct 15 05:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137  user=root
Oct 15 05:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: Failed password for root from 198.12.77.137 port 60420 ssh2
Oct 15 05:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: Received disconnect from 198.12.77.137 port 60420:11: Bye Bye [preauth]
Oct 15 05:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15460]: Disconnected from 198.12.77.137 port 60420 [preauth]
Oct 15 05:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15492]: Invalid user operation from 134.199.225.42
Oct 15 05:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15492]: input_userauth_request: invalid user operation [preauth]
Oct 15 05:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15492]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 05:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15492]: Failed password for invalid user operation from 134.199.225.42 port 44194 ssh2
Oct 15 05:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15492]: Received disconnect from 134.199.225.42 port 44194:11: Bye Bye [preauth]
Oct 15 05:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15492]: Disconnected from 134.199.225.42 port 44194 [preauth]
Oct 15 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15509]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15507]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15505]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15506]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15504]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15503]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15509]: pam_unix(cron:session): session closed for user root
Oct 15 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15503]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15588]: Successful su for rubyman by root
Oct 15 05:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15588]: + ??? root:rubyman
Oct 15 05:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415906 of user rubyman.
Oct 15 05:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15588]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415906.
Oct 15 05:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15505]: pam_unix(cron:session): session closed for user root
Oct 15 05:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12193]: pam_unix(cron:session): session closed for user root
Oct 15 05:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15504]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14474]: pam_unix(cron:session): session closed for user root
Oct 15 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15995]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15996]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15990]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16076]: Successful su for rubyman by root
Oct 15 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16076]: + ??? root:rubyman
Oct 15 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415911 of user rubyman.
Oct 15 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16076]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415911.
Oct 15 05:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12798]: pam_unix(cron:session): session closed for user root
Oct 15 05:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15992]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Oct 15 05:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16331]: Failed password for root from 134.199.225.42 port 41848 ssh2
Oct 15 05:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16331]: Received disconnect from 134.199.225.42 port 41848:11: Bye Bye [preauth]
Oct 15 05:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16331]: Disconnected from 134.199.225.42 port 41848 [preauth]
Oct 15 05:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: Invalid user milad from 103.100.209.195
Oct 15 05:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: input_userauth_request: invalid user milad [preauth]
Oct 15 05:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195
Oct 15 05:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: Failed password for invalid user milad from 103.100.209.195 port 55698 ssh2
Oct 15 05:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: Received disconnect from 103.100.209.195 port 55698:11: Bye Bye [preauth]
Oct 15 05:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16363]: Disconnected from 103.100.209.195 port 55698 [preauth]
Oct 15 05:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14950]: pam_unix(cron:session): session closed for user root
Oct 15 05:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Invalid user site from 198.12.77.137
Oct 15 05:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: input_userauth_request: invalid user site [preauth]
Oct 15 05:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 05:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Failed password for invalid user site from 198.12.77.137 port 44074 ssh2
Oct 15 05:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Received disconnect from 198.12.77.137 port 44074:11: Bye Bye [preauth]
Oct 15 05:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Disconnected from 198.12.77.137 port 44074 [preauth]
Oct 15 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16470]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16472]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16468]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16547]: Successful su for rubyman by root
Oct 15 05:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16547]: + ??? root:rubyman
Oct 15 05:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415918 of user rubyman.
Oct 15 05:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16547]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415918.
Oct 15 05:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13444]: pam_unix(cron:session): session closed for user root
Oct 15 05:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16739]: Invalid user bryan from 2.57.122.26
Oct 15 05:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16739]: input_userauth_request: invalid user bryan [preauth]
Oct 15 05:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16739]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26
Oct 15 05:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16739]: Failed password for invalid user bryan from 2.57.122.26 port 51826 ssh2
Oct 15 05:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16739]: Connection closed by 2.57.122.26 port 51826 [preauth]
Oct 15 05:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16469]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15507]: pam_unix(cron:session): session closed for user root
Oct 15 05:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Oct 15 05:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Failed password for root from 134.199.225.42 port 45576 ssh2
Oct 15 05:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Received disconnect from 134.199.225.42 port 45576:11: Bye Bye [preauth]
Oct 15 05:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Disconnected from 134.199.225.42 port 45576 [preauth]
Oct 15 05:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137  user=root
Oct 15 05:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16925]: Failed password for root from 198.12.77.137 port 39316 ssh2
Oct 15 05:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16925]: Received disconnect from 198.12.77.137 port 39316:11: Bye Bye [preauth]
Oct 15 05:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16925]: Disconnected from 198.12.77.137 port 39316 [preauth]
Oct 15 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16939]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16940]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16936]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16936]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17013]: Successful su for rubyman by root
Oct 15 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17013]: + ??? root:rubyman
Oct 15 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415919 of user rubyman.
Oct 15 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17013]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415919.
Oct 15 05:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13947]: pam_unix(cron:session): session closed for user root
Oct 15 05:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: Invalid user dietpi from 103.100.209.195
Oct 15 05:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: input_userauth_request: invalid user dietpi [preauth]
Oct 15 05:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195
Oct 15 05:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: Failed password for invalid user dietpi from 103.100.209.195 port 45576 ssh2
Oct 15 05:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: Received disconnect from 103.100.209.195 port 45576:11: Bye Bye [preauth]
Oct 15 05:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17222]: Disconnected from 103.100.209.195 port 45576 [preauth]
Oct 15 05:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16938]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Invalid user arkserver from 188.18.49.50
Oct 15 05:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: input_userauth_request: invalid user arkserver [preauth]
Oct 15 05:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50
Oct 15 05:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Failed password for invalid user arkserver from 188.18.49.50 port 56440 ssh2
Oct 15 05:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Received disconnect from 188.18.49.50 port 56440:11: Bye Bye [preauth]
Oct 15 05:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Disconnected from 188.18.49.50 port 56440 [preauth]
Oct 15 05:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15996]: pam_unix(cron:session): session closed for user root
Oct 15 05:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 15 05:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17397]: Failed password for root from 185.156.73.233 port 51378 ssh2
Oct 15 05:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17397]: Connection closed by 185.156.73.233 port 51378 [preauth]
Oct 15 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17423]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17422]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17420]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17486]: Successful su for rubyman by root
Oct 15 05:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17486]: + ??? root:rubyman
Oct 15 05:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415924 of user rubyman.
Oct 15 05:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17486]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415924.
Oct 15 05:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14473]: pam_unix(cron:session): session closed for user root
Oct 15 05:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17421]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137  user=root
Oct 15 05:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17769]: Failed password for root from 198.12.77.137 port 58886 ssh2
Oct 15 05:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17769]: Received disconnect from 198.12.77.137 port 58886:11: Bye Bye [preauth]
Oct 15 05:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17769]: Disconnected from 198.12.77.137 port 58886 [preauth]
Oct 15 05:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: Invalid user manu from 134.199.225.42
Oct 15 05:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: input_userauth_request: invalid user manu [preauth]
Oct 15 05:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 05:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: Failed password for invalid user manu from 134.199.225.42 port 52132 ssh2
Oct 15 05:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: Received disconnect from 134.199.225.42 port 52132:11: Bye Bye [preauth]
Oct 15 05:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17806]: Disconnected from 134.199.225.42 port 52132 [preauth]
Oct 15 05:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16472]: pam_unix(cron:session): session closed for user root
Oct 15 05:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195  user=root
Oct 15 05:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: Failed password for root from 103.100.209.195 port 35451 ssh2
Oct 15 05:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: Received disconnect from 103.100.209.195 port 35451:11: Bye Bye [preauth]
Oct 15 05:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: Disconnected from 103.100.209.195 port 35451 [preauth]
Oct 15 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17964]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17963]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17961]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17965]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17965]: pam_unix(cron:session): session closed for user root
Oct 15 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17958]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18059]: Successful su for rubyman by root
Oct 15 05:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18059]: + ??? root:rubyman
Oct 15 05:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415927 of user rubyman.
Oct 15 05:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18059]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415927.
Oct 15 05:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17961]: pam_unix(cron:session): session closed for user root
Oct 15 05:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14949]: pam_unix(cron:session): session closed for user root
Oct 15 05:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17959]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137  user=root
Oct 15 05:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16940]: pam_unix(cron:session): session closed for user root
Oct 15 05:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: Failed password for root from 198.12.77.137 port 46758 ssh2
Oct 15 05:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: Received disconnect from 198.12.77.137 port 46758:11: Bye Bye [preauth]
Oct 15 05:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: Disconnected from 198.12.77.137 port 46758 [preauth]
Oct 15 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18715]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18716]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18713]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18796]: Successful su for rubyman by root
Oct 15 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18796]: + ??? root:rubyman
Oct 15 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415936 of user rubyman.
Oct 15 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18796]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415936.
Oct 15 05:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Oct 15 05:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18824]: Failed password for root from 134.199.225.42 port 52796 ssh2
Oct 15 05:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18824]: Received disconnect from 134.199.225.42 port 52796:11: Bye Bye [preauth]
Oct 15 05:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18824]: Disconnected from 134.199.225.42 port 52796 [preauth]
Oct 15 05:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15506]: pam_unix(cron:session): session closed for user root
Oct 15 05:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18714]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17423]: pam_unix(cron:session): session closed for user root
Oct 15 05:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: Invalid user ubuntu from 103.100.209.195
Oct 15 05:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 05:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195
Oct 15 05:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: Failed password for invalid user ubuntu from 103.100.209.195 port 53559 ssh2
Oct 15 05:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: Received disconnect from 103.100.209.195 port 53559:11: Bye Bye [preauth]
Oct 15 05:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19258]: Disconnected from 103.100.209.195 port 53559 [preauth]
Oct 15 05:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137  user=root
Oct 15 05:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: Failed password for root from 198.12.77.137 port 37236 ssh2
Oct 15 05:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: Received disconnect from 198.12.77.137 port 37236:11: Bye Bye [preauth]
Oct 15 05:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: Disconnected from 198.12.77.137 port 37236 [preauth]
Oct 15 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19439]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19438]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19436]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19610]: Successful su for rubyman by root
Oct 15 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19610]: + ??? root:rubyman
Oct 15 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415937 of user rubyman.
Oct 15 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19610]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415937.
Oct 15 05:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15995]: pam_unix(cron:session): session closed for user root
Oct 15 05:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19437]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Oct 15 05:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20076]: Failed password for root from 134.199.225.42 port 41058 ssh2
Oct 15 05:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20076]: Received disconnect from 134.199.225.42 port 41058:11: Bye Bye [preauth]
Oct 15 05:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20076]: Disconnected from 134.199.225.42 port 41058 [preauth]
Oct 15 05:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17964]: pam_unix(cron:session): session closed for user root
Oct 15 05:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: Invalid user anas from 198.12.77.137
Oct 15 05:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: input_userauth_request: invalid user anas [preauth]
Oct 15 05:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20176]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20177]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20174]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20173]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: Failed password for invalid user anas from 198.12.77.137 port 33396 ssh2
Oct 15 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: Received disconnect from 198.12.77.137 port 33396:11: Bye Bye [preauth]
Oct 15 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: Disconnected from 198.12.77.137 port 33396 [preauth]
Oct 15 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20277]: Successful su for rubyman by root
Oct 15 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20277]: + ??? root:rubyman
Oct 15 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415941 of user rubyman.
Oct 15 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20277]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415941.
Oct 15 05:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16470]: pam_unix(cron:session): session closed for user root
Oct 15 05:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20174]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195  user=root
Oct 15 05:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: Failed password for root from 103.100.209.195 port 43440 ssh2
Oct 15 05:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: Received disconnect from 103.100.209.195 port 43440:11: Bye Bye [preauth]
Oct 15 05:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: Disconnected from 103.100.209.195 port 43440 [preauth]
Oct 15 05:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18716]: pam_unix(cron:session): session closed for user root
Oct 15 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20673]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20672]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20749]: Successful su for rubyman by root
Oct 15 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20749]: + ??? root:rubyman
Oct 15 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415946 of user rubyman.
Oct 15 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20749]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415946.
Oct 15 05:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16939]: pam_unix(cron:session): session closed for user root
Oct 15 05:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137  user=root
Oct 15 05:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20949]: Failed password for root from 198.12.77.137 port 51506 ssh2
Oct 15 05:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20949]: Received disconnect from 198.12.77.137 port 51506:11: Bye Bye [preauth]
Oct 15 05:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20949]: Disconnected from 198.12.77.137 port 51506 [preauth]
Oct 15 05:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Invalid user hugo from 134.199.225.42
Oct 15 05:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: input_userauth_request: invalid user hugo [preauth]
Oct 15 05:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 05:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20671]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Failed password for invalid user hugo from 134.199.225.42 port 56436 ssh2
Oct 15 05:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Received disconnect from 134.199.225.42 port 56436:11: Bye Bye [preauth]
Oct 15 05:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Disconnected from 134.199.225.42 port 56436 [preauth]
Oct 15 05:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19439]: pam_unix(cron:session): session closed for user root
Oct 15 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21132]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21136]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21131]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21133]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21136]: pam_unix(cron:session): session closed for user root
Oct 15 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21129]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 15 05:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21214]: Successful su for rubyman by root
Oct 15 05:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21214]: + ??? root:rubyman
Oct 15 05:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415949 of user rubyman.
Oct 15 05:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21214]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415949.
Oct 15 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21198]: Failed password for root from 190.103.202.7 port 55118 ssh2
Oct 15 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21198]: Connection closed by 190.103.202.7 port 55118 [preauth]
Oct 15 05:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21131]: pam_unix(cron:session): session closed for user root
Oct 15 05:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17422]: pam_unix(cron:session): session closed for user root
Oct 15 05:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: Invalid user nishant from 103.100.209.195
Oct 15 05:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: input_userauth_request: invalid user nishant [preauth]
Oct 15 05:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195
Oct 15 05:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21130]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: Failed password for invalid user nishant from 103.100.209.195 port 33319 ssh2
Oct 15 05:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: Received disconnect from 103.100.209.195 port 33319:11: Bye Bye [preauth]
Oct 15 05:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21510]: Disconnected from 103.100.209.195 port 33319 [preauth]
Oct 15 05:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137  user=root
Oct 15 05:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21579]: Failed password for root from 198.12.77.137 port 60932 ssh2
Oct 15 05:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21579]: Received disconnect from 198.12.77.137 port 60932:11: Bye Bye [preauth]
Oct 15 05:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21579]: Disconnected from 198.12.77.137 port 60932 [preauth]
Oct 15 05:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20177]: pam_unix(cron:session): session closed for user root
Oct 15 05:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Oct 15 05:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21683]: Failed password for root from 134.199.225.42 port 36120 ssh2
Oct 15 05:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21683]: Received disconnect from 134.199.225.42 port 36120:11: Bye Bye [preauth]
Oct 15 05:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21683]: Disconnected from 134.199.225.42 port 36120 [preauth]
Oct 15 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21702]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21701]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21699]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21699]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21782]: Successful su for rubyman by root
Oct 15 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21782]: + ??? root:rubyman
Oct 15 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415956 of user rubyman.
Oct 15 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21782]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415956.
Oct 15 05:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17963]: pam_unix(cron:session): session closed for user root
Oct 15 05:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: Invalid user vpn from 185.156.73.233
Oct 15 05:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: input_userauth_request: invalid user vpn [preauth]
Oct 15 05:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 05:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21700]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: Failed password for invalid user vpn from 185.156.73.233 port 39146 ssh2
Oct 15 05:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21992]: Connection closed by 185.156.73.233 port 39146 [preauth]
Oct 15 05:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20673]: pam_unix(cron:session): session closed for user root
Oct 15 05:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: Invalid user nishant from 188.18.49.50
Oct 15 05:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: input_userauth_request: invalid user nishant [preauth]
Oct 15 05:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50
Oct 15 05:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: Failed password for invalid user nishant from 188.18.49.50 port 45006 ssh2
Oct 15 05:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: Received disconnect from 188.18.49.50 port 45006:11: Bye Bye [preauth]
Oct 15 05:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22087]: Disconnected from 188.18.49.50 port 45006 [preauth]
Oct 15 05:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: Invalid user cisco from 198.12.77.137
Oct 15 05:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: input_userauth_request: invalid user cisco [preauth]
Oct 15 05:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 05:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: Failed password for invalid user cisco from 198.12.77.137 port 57096 ssh2
Oct 15 05:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: Received disconnect from 198.12.77.137 port 57096:11: Bye Bye [preauth]
Oct 15 05:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: Disconnected from 198.12.77.137 port 57096 [preauth]
Oct 15 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22222]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22220]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22218]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22298]: Successful su for rubyman by root
Oct 15 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22298]: + ??? root:rubyman
Oct 15 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415960 of user rubyman.
Oct 15 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22298]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415960.
Oct 15 05:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195  user=root
Oct 15 05:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18715]: pam_unix(cron:session): session closed for user root
Oct 15 05:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22408]: Failed password for root from 103.100.209.195 port 51429 ssh2
Oct 15 05:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22408]: Received disconnect from 103.100.209.195 port 51429:11: Bye Bye [preauth]
Oct 15 05:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22408]: Disconnected from 103.100.209.195 port 51429 [preauth]
Oct 15 05:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22219]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Oct 15 05:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21133]: pam_unix(cron:session): session closed for user root
Oct 15 05:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: Failed password for root from 134.199.225.42 port 53516 ssh2
Oct 15 05:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: Received disconnect from 134.199.225.42 port 53516:11: Bye Bye [preauth]
Oct 15 05:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22616]: Disconnected from 134.199.225.42 port 53516 [preauth]
Oct 15 05:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: Invalid user roots from 198.12.77.137
Oct 15 05:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: input_userauth_request: invalid user roots [preauth]
Oct 15 05:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 05:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22888]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22886]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22718]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22718]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23095]: Successful su for rubyman by root
Oct 15 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23095]: + ??? root:rubyman
Oct 15 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415964 of user rubyman.
Oct 15 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23095]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415964.
Oct 15 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: Failed password for invalid user roots from 198.12.77.137 port 43908 ssh2
Oct 15 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: Received disconnect from 198.12.77.137 port 43908:11: Bye Bye [preauth]
Oct 15 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22709]: Disconnected from 198.12.77.137 port 43908 [preauth]
Oct 15 05:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19438]: pam_unix(cron:session): session closed for user root
Oct 15 05:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22885]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21702]: pam_unix(cron:session): session closed for user root
Oct 15 05:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195  user=root
Oct 15 05:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23855]: Failed password for root from 103.100.209.195 port 41308 ssh2
Oct 15 05:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23855]: Received disconnect from 103.100.209.195 port 41308:11: Bye Bye [preauth]
Oct 15 05:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23855]: Disconnected from 103.100.209.195 port 41308 [preauth]
Oct 15 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23870]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23871]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23868]: pam_unix(cron:session): session closed for user p13x
Oct 15 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23943]: Successful su for rubyman by root
Oct 15 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23943]: + ??? root:rubyman
Oct 15 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415969 of user rubyman.
Oct 15 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23943]: pam_unix(su:session): session closed for user rubyman
Oct 15 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415969.
Oct 15 05:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20176]: pam_unix(cron:session): session closed for user root
Oct 15 05:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137  user=root
Oct 15 05:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: Failed password for root from 198.12.77.137 port 52112 ssh2
Oct 15 05:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: Received disconnect from 198.12.77.137 port 52112:11: Bye Bye [preauth]
Oct 15 05:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: Disconnected from 198.12.77.137 port 52112 [preauth]
Oct 15 05:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23869]: pam_unix(cron:session): session closed for user samftp
Oct 15 05:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 05:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Oct 15 05:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24226]: Failed password for root from 134.199.225.42 port 35138 ssh2
Oct 15 05:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24226]: Received disconnect from 134.199.225.42 port 35138:11: Bye Bye [preauth]
Oct 15 05:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24226]: Disconnected from 134.199.225.42 port 35138 [preauth]
Oct 15 05:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22222]: pam_unix(cron:session): session closed for user root
Oct 15 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24393]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24395]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24398]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24400]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24396]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24400]: pam_unix(cron:session): session closed for user root
Oct 15 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24393]: pam_unix(cron:session): session closed for user root
Oct 15 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24391]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: Invalid user euser from 164.68.105.9
Oct 15 06:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: input_userauth_request: invalid user euser [preauth]
Oct 15 06:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[24541]: Successful su for rubyman by root
Oct 15 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[24541]: + ??? root:rubyman
Oct 15 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[24541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415974 of user rubyman.
Oct 15 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[24541]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415974.
Oct 15 06:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: Failed password for invalid user euser from 164.68.105.9 port 55958 ssh2
Oct 15 06:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24498]: Connection closed by 164.68.105.9 port 55958 [preauth]
Oct 15 06:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20672]: pam_unix(cron:session): session closed for user root
Oct 15 06:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24395]: pam_unix(cron:session): session closed for user root
Oct 15 06:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24392]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: Invalid user fs from 198.12.77.137
Oct 15 06:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: input_userauth_request: invalid user fs [preauth]
Oct 15 06:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: Failed password for invalid user fs from 198.12.77.137 port 56816 ssh2
Oct 15 06:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: Received disconnect from 198.12.77.137 port 56816:11: Bye Bye [preauth]
Oct 15 06:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: Disconnected from 198.12.77.137 port 56816 [preauth]
Oct 15 06:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22888]: pam_unix(cron:session): session closed for user root
Oct 15 06:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195  user=root
Oct 15 06:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: Failed password for root from 103.100.209.195 port 59417 ssh2
Oct 15 06:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: Received disconnect from 103.100.209.195 port 59417:11: Bye Bye [preauth]
Oct 15 06:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: Disconnected from 103.100.209.195 port 59417 [preauth]
Oct 15 06:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25009]: Invalid user pam from 134.199.225.42
Oct 15 06:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25009]: input_userauth_request: invalid user pam [preauth]
Oct 15 06:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25009]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25023]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25014]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25009]: Failed password for invalid user pam from 134.199.225.42 port 51118 ssh2
Oct 15 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25009]: Received disconnect from 134.199.225.42 port 51118:11: Bye Bye [preauth]
Oct 15 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25009]: Disconnected from 134.199.225.42 port 51118 [preauth]
Oct 15 06:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: Successful su for rubyman by root
Oct 15 06:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: + ??? root:rubyman
Oct 15 06:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415980 of user rubyman.
Oct 15 06:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415980.
Oct 15 06:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21132]: pam_unix(cron:session): session closed for user root
Oct 15 06:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25015]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23871]: pam_unix(cron:session): session closed for user root
Oct 15 06:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: Invalid user gavin from 198.12.77.137
Oct 15 06:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: input_userauth_request: invalid user gavin [preauth]
Oct 15 06:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: Failed password for invalid user gavin from 198.12.77.137 port 47274 ssh2
Oct 15 06:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: Received disconnect from 198.12.77.137 port 47274:11: Bye Bye [preauth]
Oct 15 06:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: Disconnected from 198.12.77.137 port 47274 [preauth]
Oct 15 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25738]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25739]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25734]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25906]: Successful su for rubyman by root
Oct 15 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25906]: + ??? root:rubyman
Oct 15 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415982 of user rubyman.
Oct 15 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25906]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415982.
Oct 15 06:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21701]: pam_unix(cron:session): session closed for user root
Oct 15 06:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25736]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50  user=root
Oct 15 06:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: Failed password for root from 188.18.49.50 port 48197 ssh2
Oct 15 06:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: Received disconnect from 188.18.49.50 port 48197:11: Bye Bye [preauth]
Oct 15 06:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26138]: Disconnected from 188.18.49.50 port 48197 [preauth]
Oct 15 06:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24398]: pam_unix(cron:session): session closed for user root
Oct 15 06:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Oct 15 06:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26263]: Failed password for root from 134.199.225.42 port 38496 ssh2
Oct 15 06:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26263]: Received disconnect from 134.199.225.42 port 38496:11: Bye Bye [preauth]
Oct 15 06:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26263]: Disconnected from 134.199.225.42 port 38496 [preauth]
Oct 15 06:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195  user=root
Oct 15 06:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26292]: Failed password for root from 103.100.209.195 port 49300 ssh2
Oct 15 06:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26292]: Received disconnect from 103.100.209.195 port 49300:11: Bye Bye [preauth]
Oct 15 06:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26292]: Disconnected from 103.100.209.195 port 49300 [preauth]
Oct 15 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26323]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26321]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26319]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26402]: Successful su for rubyman by root
Oct 15 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26402]: + ??? root:rubyman
Oct 15 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415988 of user rubyman.
Oct 15 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26402]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415988.
Oct 15 06:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22220]: pam_unix(cron:session): session closed for user root
Oct 15 06:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26691]: Invalid user kartika from 198.12.77.137
Oct 15 06:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26691]: input_userauth_request: invalid user kartika [preauth]
Oct 15 06:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26691]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26691]: Failed password for invalid user kartika from 198.12.77.137 port 55838 ssh2
Oct 15 06:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26691]: Received disconnect from 198.12.77.137 port 55838:11: Bye Bye [preauth]
Oct 15 06:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26691]: Disconnected from 198.12.77.137 port 55838 [preauth]
Oct 15 06:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26320]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: Invalid user ubuntu from 80.94.95.115
Oct 15 06:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 06:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Oct 15 06:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: Failed password for invalid user ubuntu from 80.94.95.115 port 51616 ssh2
Oct 15 06:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26788]: Connection closed by 80.94.95.115 port 51616 [preauth]
Oct 15 06:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25023]: pam_unix(cron:session): session closed for user root
Oct 15 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26997]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26984]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27005]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26984]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27194]: Successful su for rubyman by root
Oct 15 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27194]: + ??? root:rubyman
Oct 15 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415992 of user rubyman.
Oct 15 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27194]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415992.
Oct 15 06:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22886]: pam_unix(cron:session): session closed for user root
Oct 15 06:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 06:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26990]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27411]: Failed password for root from 20.163.71.109 port 33336 ssh2
Oct 15 06:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27411]: Connection closed by 20.163.71.109 port 33336 [preauth]
Oct 15 06:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27462]: Invalid user pang from 134.199.225.42
Oct 15 06:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27462]: input_userauth_request: invalid user pang [preauth]
Oct 15 06:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27462]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 06:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27462]: Failed password for invalid user pang from 134.199.225.42 port 42320 ssh2
Oct 15 06:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27462]: Received disconnect from 134.199.225.42 port 42320:11: Bye Bye [preauth]
Oct 15 06:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27462]: Disconnected from 134.199.225.42 port 42320 [preauth]
Oct 15 06:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: Invalid user mani from 198.12.77.137
Oct 15 06:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: input_userauth_request: invalid user mani [preauth]
Oct 15 06:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: Failed password for invalid user mani from 198.12.77.137 port 54624 ssh2
Oct 15 06:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: Received disconnect from 198.12.77.137 port 54624:11: Bye Bye [preauth]
Oct 15 06:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: Disconnected from 198.12.77.137 port 54624 [preauth]
Oct 15 06:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25739]: pam_unix(cron:session): session closed for user root
Oct 15 06:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: Invalid user liz from 103.100.209.195
Oct 15 06:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: input_userauth_request: invalid user liz [preauth]
Oct 15 06:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195
Oct 15 06:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: Failed password for invalid user liz from 103.100.209.195 port 39185 ssh2
Oct 15 06:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: Received disconnect from 103.100.209.195 port 39185:11: Bye Bye [preauth]
Oct 15 06:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27712]: Disconnected from 103.100.209.195 port 39185 [preauth]
Oct 15 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27893]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27890]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27892]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27891]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27893]: pam_unix(cron:session): session closed for user root
Oct 15 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27888]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27982]: Successful su for rubyman by root
Oct 15 06:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27982]: + ??? root:rubyman
Oct 15 06:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 415996 of user rubyman.
Oct 15 06:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27982]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 415996.
Oct 15 06:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27890]: pam_unix(cron:session): session closed for user root
Oct 15 06:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23870]: pam_unix(cron:session): session closed for user root
Oct 15 06:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27889]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: Invalid user yoga from 198.12.77.137
Oct 15 06:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: input_userauth_request: invalid user yoga [preauth]
Oct 15 06:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26323]: pam_unix(cron:session): session closed for user root
Oct 15 06:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: Failed password for invalid user yoga from 198.12.77.137 port 46614 ssh2
Oct 15 06:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: Received disconnect from 198.12.77.137 port 46614:11: Bye Bye [preauth]
Oct 15 06:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: Disconnected from 198.12.77.137 port 46614 [preauth]
Oct 15 06:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Oct 15 06:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28399]: Failed password for root from 134.199.225.42 port 56730 ssh2
Oct 15 06:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28399]: Received disconnect from 134.199.225.42 port 56730:11: Bye Bye [preauth]
Oct 15 06:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28399]: Disconnected from 134.199.225.42 port 56730 [preauth]
Oct 15 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28417]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28418]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28415]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28735]: Successful su for rubyman by root
Oct 15 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28735]: + ??? root:rubyman
Oct 15 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416000 of user rubyman.
Oct 15 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28735]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416000.
Oct 15 06:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24396]: pam_unix(cron:session): session closed for user root
Oct 15 06:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28416]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27005]: pam_unix(cron:session): session closed for user root
Oct 15 06:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Invalid user usuario from 103.100.209.195
Oct 15 06:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: input_userauth_request: invalid user usuario [preauth]
Oct 15 06:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195
Oct 15 06:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Failed password for invalid user usuario from 103.100.209.195 port 57299 ssh2
Oct 15 06:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Received disconnect from 103.100.209.195 port 57299:11: Bye Bye [preauth]
Oct 15 06:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Disconnected from 103.100.209.195 port 57299 [preauth]
Oct 15 06:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29236]: Invalid user test1 from 198.12.77.137
Oct 15 06:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29236]: input_userauth_request: invalid user test1 [preauth]
Oct 15 06:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29236]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29236]: Failed password for invalid user test1 from 198.12.77.137 port 50266 ssh2
Oct 15 06:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29236]: Received disconnect from 198.12.77.137 port 50266:11: Bye Bye [preauth]
Oct 15 06:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29236]: Disconnected from 198.12.77.137 port 50266 [preauth]
Oct 15 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29264]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29263]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29260]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29351]: Successful su for rubyman by root
Oct 15 06:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29351]: + ??? root:rubyman
Oct 15 06:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416004 of user rubyman.
Oct 15 06:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29351]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416004.
Oct 15 06:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session closed for user root
Oct 15 06:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29261]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: Invalid user naim from 134.199.225.42
Oct 15 06:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: input_userauth_request: invalid user naim [preauth]
Oct 15 06:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 06:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: Failed password for invalid user naim from 134.199.225.42 port 33268 ssh2
Oct 15 06:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: Received disconnect from 134.199.225.42 port 33268:11: Bye Bye [preauth]
Oct 15 06:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29662]: Disconnected from 134.199.225.42 port 33268 [preauth]
Oct 15 06:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27892]: pam_unix(cron:session): session closed for user root
Oct 15 06:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: Invalid user ubuntu from 188.18.49.50
Oct 15 06:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 06:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50
Oct 15 06:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: Failed password for invalid user ubuntu from 188.18.49.50 port 49852 ssh2
Oct 15 06:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: Received disconnect from 188.18.49.50 port 49852:11: Bye Bye [preauth]
Oct 15 06:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: Disconnected from 188.18.49.50 port 49852 [preauth]
Oct 15 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29765]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29769]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29763]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29845]: Successful su for rubyman by root
Oct 15 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29845]: + ??? root:rubyman
Oct 15 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416010 of user rubyman.
Oct 15 06:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29845]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416010.
Oct 15 06:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25738]: pam_unix(cron:session): session closed for user root
Oct 15 06:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: Invalid user loc from 198.12.77.137
Oct 15 06:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: input_userauth_request: invalid user loc [preauth]
Oct 15 06:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: Failed password for invalid user loc from 198.12.77.137 port 37468 ssh2
Oct 15 06:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: Received disconnect from 198.12.77.137 port 37468:11: Bye Bye [preauth]
Oct 15 06:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30043]: Disconnected from 198.12.77.137 port 37468 [preauth]
Oct 15 06:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29764]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: Invalid user sina from 103.100.209.195
Oct 15 06:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: input_userauth_request: invalid user sina [preauth]
Oct 15 06:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195
Oct 15 06:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: Failed password for invalid user sina from 103.100.209.195 port 47183 ssh2
Oct 15 06:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: Received disconnect from 103.100.209.195 port 47183:11: Bye Bye [preauth]
Oct 15 06:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: Disconnected from 103.100.209.195 port 47183 [preauth]
Oct 15 06:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28418]: pam_unix(cron:session): session closed for user root
Oct 15 06:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 15 06:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Failed password for root from 190.103.202.7 port 55864 ssh2
Oct 15 06:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Connection closed by 190.103.202.7 port 55864 [preauth]
Oct 15 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30291]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30295]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30290]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30289]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30286]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30289]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30584]: Successful su for rubyman by root
Oct 15 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30584]: + ??? root:rubyman
Oct 15 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30584]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416014 of user rubyman.
Oct 15 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30584]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416014.
Oct 15 06:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30286]: pam_unix(cron:session): session closed for user root
Oct 15 06:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26321]: pam_unix(cron:session): session closed for user root
Oct 15 06:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Oct 15 06:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: Failed password for root from 134.199.225.42 port 42488 ssh2
Oct 15 06:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: Received disconnect from 134.199.225.42 port 42488:11: Bye Bye [preauth]
Oct 15 06:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: Disconnected from 134.199.225.42 port 42488 [preauth]
Oct 15 06:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30290]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Invalid user admin from 2.57.121.112
Oct 15 06:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: input_userauth_request: invalid user admin [preauth]
Oct 15 06:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 06:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Failed password for invalid user admin from 2.57.121.112 port 51490 ssh2
Oct 15 06:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Failed password for invalid user admin from 2.57.121.112 port 51490 ssh2
Oct 15 06:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Failed password for invalid user admin from 2.57.121.112 port 51490 ssh2
Oct 15 06:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Failed password for invalid user admin from 2.57.121.112 port 51490 ssh2
Oct 15 06:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Failed password for invalid user admin from 2.57.121.112 port 51490 ssh2
Oct 15 06:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: Invalid user tester from 198.12.77.137
Oct 15 06:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: input_userauth_request: invalid user tester [preauth]
Oct 15 06:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Received disconnect from 2.57.121.112 port 51490:11: Bye [preauth]
Oct 15 06:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Disconnected from 2.57.121.112 port 51490 [preauth]
Oct 15 06:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 06:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 06:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: Failed password for invalid user tester from 198.12.77.137 port 44062 ssh2
Oct 15 06:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: Received disconnect from 198.12.77.137 port 44062:11: Bye Bye [preauth]
Oct 15 06:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: Disconnected from 198.12.77.137 port 44062 [preauth]
Oct 15 06:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29264]: pam_unix(cron:session): session closed for user root
Oct 15 06:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30936]: Did not receive identification string from 159.65.53.56
Oct 15 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30992]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30990]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30983]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30991]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30980]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30992]: pam_unix(cron:session): session closed for user root
Oct 15 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30980]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31088]: Successful su for rubyman by root
Oct 15 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31088]: + ??? root:rubyman
Oct 15 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416021 of user rubyman.
Oct 15 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31088]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416021.
Oct 15 06:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30983]: pam_unix(cron:session): session closed for user root
Oct 15 06:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26997]: pam_unix(cron:session): session closed for user root
Oct 15 06:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 06:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: Failed password for root from 20.163.71.109 port 57892 ssh2
Oct 15 06:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: Connection closed by 20.163.71.109 port 57892 [preauth]
Oct 15 06:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30982]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195  user=root
Oct 15 06:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: Failed password for root from 103.100.209.195 port 37063 ssh2
Oct 15 06:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: Received disconnect from 103.100.209.195 port 37063:11: Bye Bye [preauth]
Oct 15 06:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31336]: Disconnected from 103.100.209.195 port 37063 [preauth]
Oct 15 06:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29769]: pam_unix(cron:session): session closed for user root
Oct 15 06:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: Invalid user monitor from 198.12.77.137
Oct 15 06:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: input_userauth_request: invalid user monitor [preauth]
Oct 15 06:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: Failed password for invalid user monitor from 198.12.77.137 port 44786 ssh2
Oct 15 06:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: Received disconnect from 198.12.77.137 port 44786:11: Bye Bye [preauth]
Oct 15 06:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: Disconnected from 198.12.77.137 port 44786 [preauth]
Oct 15 06:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: Invalid user emeline from 134.199.225.42
Oct 15 06:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: input_userauth_request: invalid user emeline [preauth]
Oct 15 06:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 06:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: Failed password for invalid user emeline from 134.199.225.42 port 57886 ssh2
Oct 15 06:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: Received disconnect from 134.199.225.42 port 57886:11: Bye Bye [preauth]
Oct 15 06:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: Disconnected from 134.199.225.42 port 57886 [preauth]
Oct 15 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31680]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31681]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31678]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31679]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31678]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31758]: Successful su for rubyman by root
Oct 15 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31758]: + ??? root:rubyman
Oct 15 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416023 of user rubyman.
Oct 15 06:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31758]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416023.
Oct 15 06:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27891]: pam_unix(cron:session): session closed for user root
Oct 15 06:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31679]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30295]: pam_unix(cron:session): session closed for user root
Oct 15 06:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: Invalid user 1 from 80.94.95.116
Oct 15 06:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: input_userauth_request: invalid user 1 [preauth]
Oct 15 06:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 06:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: Failed password for invalid user 1 from 80.94.95.116 port 19312 ssh2
Oct 15 06:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: Connection closed by 80.94.95.116 port 19312 [preauth]
Oct 15 06:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32229]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32230]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32227]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: Invalid user gits from 198.12.77.137
Oct 15 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: input_userauth_request: invalid user gits [preauth]
Oct 15 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32305]: Successful su for rubyman by root
Oct 15 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32305]: + ??? root:rubyman
Oct 15 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416028 of user rubyman.
Oct 15 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32305]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416028.
Oct 15 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: Failed password for invalid user gits from 198.12.77.137 port 52882 ssh2
Oct 15 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: Received disconnect from 198.12.77.137 port 52882:11: Bye Bye [preauth]
Oct 15 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: Disconnected from 198.12.77.137 port 52882 [preauth]
Oct 15 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195  user=root
Oct 15 06:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: Failed password for root from 103.100.209.195 port 55175 ssh2
Oct 15 06:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: Received disconnect from 103.100.209.195 port 55175:11: Bye Bye [preauth]
Oct 15 06:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: Disconnected from 103.100.209.195 port 55175 [preauth]
Oct 15 06:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28417]: pam_unix(cron:session): session closed for user root
Oct 15 06:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32228]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Oct 15 06:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: Failed password for root from 134.199.225.42 port 56060 ssh2
Oct 15 06:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: Received disconnect from 134.199.225.42 port 56060:11: Bye Bye [preauth]
Oct 15 06:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: Disconnected from 134.199.225.42 port 56060 [preauth]
Oct 15 06:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30991]: pam_unix(cron:session): session closed for user root
Oct 15 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32687]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32690]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32685]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32766]: Successful su for rubyman by root
Oct 15 06:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32766]: + ??? root:rubyman
Oct 15 06:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416031 of user rubyman.
Oct 15 06:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32766]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416031.
Oct 15 06:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29263]: pam_unix(cron:session): session closed for user root
Oct 15 06:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32686]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: Invalid user shumaila from 198.12.77.137
Oct 15 06:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: input_userauth_request: invalid user shumaila [preauth]
Oct 15 06:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: Invalid user gavin from 188.18.49.50
Oct 15 06:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: input_userauth_request: invalid user gavin [preauth]
Oct 15 06:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50
Oct 15 06:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: Failed password for invalid user shumaila from 198.12.77.137 port 37446 ssh2
Oct 15 06:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: Received disconnect from 198.12.77.137 port 37446:11: Bye Bye [preauth]
Oct 15 06:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[573]: Disconnected from 198.12.77.137 port 37446 [preauth]
Oct 15 06:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: Failed password for invalid user gavin from 188.18.49.50 port 50073 ssh2
Oct 15 06:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: Received disconnect from 188.18.49.50 port 50073:11: Bye Bye [preauth]
Oct 15 06:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: Disconnected from 188.18.49.50 port 50073 [preauth]
Oct 15 06:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31681]: pam_unix(cron:session): session closed for user root
Oct 15 06:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[682]: Invalid user mehedi from 103.100.209.195
Oct 15 06:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[682]: input_userauth_request: invalid user mehedi [preauth]
Oct 15 06:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[682]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195
Oct 15 06:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[682]: Failed password for invalid user mehedi from 103.100.209.195 port 45051 ssh2
Oct 15 06:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[682]: Received disconnect from 103.100.209.195 port 45051:11: Bye Bye [preauth]
Oct 15 06:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[682]: Disconnected from 103.100.209.195 port 45051 [preauth]
Oct 15 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[701]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[700]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[698]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[778]: Successful su for rubyman by root
Oct 15 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[778]: + ??? root:rubyman
Oct 15 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416035 of user rubyman.
Oct 15 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[778]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416035.
Oct 15 06:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29765]: pam_unix(cron:session): session closed for user root
Oct 15 06:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1076]: Invalid user zhouxin from 134.199.225.42
Oct 15 06:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1076]: input_userauth_request: invalid user zhouxin [preauth]
Oct 15 06:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1076]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 06:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1076]: Failed password for invalid user zhouxin from 134.199.225.42 port 46096 ssh2
Oct 15 06:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1076]: Received disconnect from 134.199.225.42 port 46096:11: Bye Bye [preauth]
Oct 15 06:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1076]: Disconnected from 134.199.225.42 port 46096 [preauth]
Oct 15 06:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[699]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32230]: pam_unix(cron:session): session closed for user root
Oct 15 06:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: Invalid user pula from 198.12.77.137
Oct 15 06:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: input_userauth_request: invalid user pula [preauth]
Oct 15 06:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: Failed password for invalid user pula from 198.12.77.137 port 34176 ssh2
Oct 15 06:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: Received disconnect from 198.12.77.137 port 34176:11: Bye Bye [preauth]
Oct 15 06:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: Disconnected from 198.12.77.137 port 34176 [preauth]
Oct 15 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1283]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1279]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1282]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1281]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1283]: pam_unix(cron:session): session closed for user root
Oct 15 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1276]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1366]: Successful su for rubyman by root
Oct 15 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1366]: + ??? root:rubyman
Oct 15 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416042 of user rubyman.
Oct 15 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1366]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416042.
Oct 15 06:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1279]: pam_unix(cron:session): session closed for user root
Oct 15 06:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30291]: pam_unix(cron:session): session closed for user root
Oct 15 06:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1277]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: Bad protocol version identification '\026\003\001' from 195.178.110.15 port 56622
Oct 15 06:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1680]: Bad protocol version identification 'GET / HTTP/1.1' from 195.178.110.15 port 53142
Oct 15 06:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1711]: Invalid user justin from 159.65.53.56
Oct 15 06:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1711]: input_userauth_request: invalid user justin [preauth]
Oct 15 06:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1711]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.53.56
Oct 15 06:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1711]: Failed password for invalid user justin from 159.65.53.56 port 56338 ssh2
Oct 15 06:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1711]: Connection closed by 159.65.53.56 port 56338 [preauth]
Oct 15 06:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32690]: pam_unix(cron:session): session closed for user root
Oct 15 06:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: Invalid user sk from 103.100.209.195
Oct 15 06:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: input_userauth_request: invalid user sk [preauth]
Oct 15 06:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195
Oct 15 06:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: Failed password for invalid user sk from 103.100.209.195 port 34927 ssh2
Oct 15 06:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: Received disconnect from 103.100.209.195 port 34927:11: Bye Bye [preauth]
Oct 15 06:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1778]: Disconnected from 103.100.209.195 port 34927 [preauth]
Oct 15 06:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1809]: Invalid user lee from 134.199.225.42
Oct 15 06:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1809]: input_userauth_request: invalid user lee [preauth]
Oct 15 06:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1809]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 06:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1809]: Failed password for invalid user lee from 134.199.225.42 port 57344 ssh2
Oct 15 06:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1809]: Received disconnect from 134.199.225.42 port 57344:11: Bye Bye [preauth]
Oct 15 06:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1809]: Disconnected from 134.199.225.42 port 57344 [preauth]
Oct 15 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1826]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1827]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1823]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Invalid user suporte from 198.12.77.137
Oct 15 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: input_userauth_request: invalid user suporte [preauth]
Oct 15 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2016]: Successful su for rubyman by root
Oct 15 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2016]: + ??? root:rubyman
Oct 15 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416048 of user rubyman.
Oct 15 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2016]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416048.
Oct 15 06:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Failed password for invalid user suporte from 198.12.77.137 port 55442 ssh2
Oct 15 06:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Received disconnect from 198.12.77.137 port 55442:11: Bye Bye [preauth]
Oct 15 06:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Disconnected from 198.12.77.137 port 55442 [preauth]
Oct 15 06:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30990]: pam_unix(cron:session): session closed for user root
Oct 15 06:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1825]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[701]: pam_unix(cron:session): session closed for user root
Oct 15 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2384]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2383]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2378]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2378]: pam_unix(cron:session): session closed for user root
Oct 15 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2380]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2468]: Successful su for rubyman by root
Oct 15 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2468]: + ??? root:rubyman
Oct 15 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416049 of user rubyman.
Oct 15 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2468]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416049.
Oct 15 06:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31680]: pam_unix(cron:session): session closed for user root
Oct 15 06:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137  user=root
Oct 15 06:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2675]: Failed password for root from 198.12.77.137 port 42176 ssh2
Oct 15 06:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2675]: Received disconnect from 198.12.77.137 port 42176:11: Bye Bye [preauth]
Oct 15 06:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2675]: Disconnected from 198.12.77.137 port 42176 [preauth]
Oct 15 06:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2382]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2739]: Invalid user testuser from 134.199.225.42
Oct 15 06:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2739]: input_userauth_request: invalid user testuser [preauth]
Oct 15 06:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2739]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 06:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2739]: Failed password for invalid user testuser from 134.199.225.42 port 36476 ssh2
Oct 15 06:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2739]: Received disconnect from 134.199.225.42 port 36476:11: Bye Bye [preauth]
Oct 15 06:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2739]: Disconnected from 134.199.225.42 port 36476 [preauth]
Oct 15 06:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195  user=root
Oct 15 06:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1282]: pam_unix(cron:session): session closed for user root
Oct 15 06:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: Failed password for root from 103.100.209.195 port 53041 ssh2
Oct 15 06:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: Received disconnect from 103.100.209.195 port 53041:11: Bye Bye [preauth]
Oct 15 06:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: Disconnected from 103.100.209.195 port 53041 [preauth]
Oct 15 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2845]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2846]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2843]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2925]: Successful su for rubyman by root
Oct 15 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2925]: + ??? root:rubyman
Oct 15 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2925]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416056 of user rubyman.
Oct 15 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2925]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416056.
Oct 15 06:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32229]: pam_unix(cron:session): session closed for user root
Oct 15 06:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2844]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3158]: Invalid user system from 185.156.73.233
Oct 15 06:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3158]: input_userauth_request: invalid user system [preauth]
Oct 15 06:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3158]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 06:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3158]: Failed password for invalid user system from 185.156.73.233 port 53184 ssh2
Oct 15 06:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3158]: Connection closed by 185.156.73.233 port 53184 [preauth]
Oct 15 06:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137  user=root
Oct 15 06:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3179]: Failed password for root from 198.12.77.137 port 58216 ssh2
Oct 15 06:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3179]: Received disconnect from 198.12.77.137 port 58216:11: Bye Bye [preauth]
Oct 15 06:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3179]: Disconnected from 198.12.77.137 port 58216 [preauth]
Oct 15 06:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1827]: pam_unix(cron:session): session closed for user root
Oct 15 06:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: Invalid user mariadb from 188.18.49.50
Oct 15 06:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: input_userauth_request: invalid user mariadb [preauth]
Oct 15 06:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50
Oct 15 06:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: Failed password for invalid user mariadb from 188.18.49.50 port 47513 ssh2
Oct 15 06:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: Received disconnect from 188.18.49.50 port 47513:11: Bye Bye [preauth]
Oct 15 06:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3239]: Disconnected from 188.18.49.50 port 47513 [preauth]
Oct 15 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3314]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3316]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3311]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3391]: Successful su for rubyman by root
Oct 15 06:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3391]: + ??? root:rubyman
Oct 15 06:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416059 of user rubyman.
Oct 15 06:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3391]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416059.
Oct 15 06:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32687]: pam_unix(cron:session): session closed for user root
Oct 15 06:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: Invalid user pzuser from 134.199.225.42
Oct 15 06:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: input_userauth_request: invalid user pzuser [preauth]
Oct 15 06:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 06:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: Failed password for invalid user pzuser from 134.199.225.42 port 56210 ssh2
Oct 15 06:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: Received disconnect from 134.199.225.42 port 56210:11: Bye Bye [preauth]
Oct 15 06:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3581]: Disconnected from 134.199.225.42 port 56210 [preauth]
Oct 15 06:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3313]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3667]: Invalid user geo from 103.100.209.195
Oct 15 06:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3667]: input_userauth_request: invalid user geo [preauth]
Oct 15 06:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3667]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195
Oct 15 06:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3667]: Failed password for invalid user geo from 103.100.209.195 port 42917 ssh2
Oct 15 06:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3667]: Received disconnect from 103.100.209.195 port 42917:11: Bye Bye [preauth]
Oct 15 06:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3667]: Disconnected from 103.100.209.195 port 42917 [preauth]
Oct 15 06:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2384]: pam_unix(cron:session): session closed for user root
Oct 15 06:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: Invalid user odin from 198.12.77.137
Oct 15 06:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: input_userauth_request: invalid user odin [preauth]
Oct 15 06:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: Failed password for invalid user odin from 198.12.77.137 port 55950 ssh2
Oct 15 06:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: Received disconnect from 198.12.77.137 port 55950:11: Bye Bye [preauth]
Oct 15 06:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3711]: Disconnected from 198.12.77.137 port 55950 [preauth]
Oct 15 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3782]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3784]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3786]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3785]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3786]: pam_unix(cron:session): session closed for user root
Oct 15 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3779]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3866]: Successful su for rubyman by root
Oct 15 06:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3866]: + ??? root:rubyman
Oct 15 06:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416062 of user rubyman.
Oct 15 06:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3866]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416062.
Oct 15 06:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3782]: pam_unix(cron:session): session closed for user root
Oct 15 06:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[700]: pam_unix(cron:session): session closed for user root
Oct 15 06:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3780]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2846]: pam_unix(cron:session): session closed for user root
Oct 15 06:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: Invalid user grace from 134.199.225.42
Oct 15 06:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: input_userauth_request: invalid user grace [preauth]
Oct 15 06:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 06:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: Failed password for invalid user grace from 134.199.225.42 port 42378 ssh2
Oct 15 06:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: Received disconnect from 134.199.225.42 port 42378:11: Bye Bye [preauth]
Oct 15 06:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4296]: Disconnected from 134.199.225.42 port 42378 [preauth]
Oct 15 06:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4320]: Invalid user mehrdad from 198.12.77.137
Oct 15 06:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4320]: input_userauth_request: invalid user mehrdad [preauth]
Oct 15 06:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4320]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4320]: Failed password for invalid user mehrdad from 198.12.77.137 port 59762 ssh2
Oct 15 06:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4320]: Received disconnect from 198.12.77.137 port 59762:11: Bye Bye [preauth]
Oct 15 06:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4320]: Disconnected from 198.12.77.137 port 59762 [preauth]
Oct 15 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4329]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4330]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4325]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4403]: Successful su for rubyman by root
Oct 15 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4403]: + ??? root:rubyman
Oct 15 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416070 of user rubyman.
Oct 15 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4403]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416070.
Oct 15 06:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1281]: pam_unix(cron:session): session closed for user root
Oct 15 06:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4326]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4727]: Invalid user arkserver from 103.100.209.195
Oct 15 06:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4727]: input_userauth_request: invalid user arkserver [preauth]
Oct 15 06:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4727]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195
Oct 15 06:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4727]: Failed password for invalid user arkserver from 103.100.209.195 port 32797 ssh2
Oct 15 06:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4727]: Received disconnect from 103.100.209.195 port 32797:11: Bye Bye [preauth]
Oct 15 06:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4727]: Disconnected from 103.100.209.195 port 32797 [preauth]
Oct 15 06:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3316]: pam_unix(cron:session): session closed for user root
Oct 15 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4834]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4831]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4958]: Successful su for rubyman by root
Oct 15 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4958]: + ??? root:rubyman
Oct 15 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416072 of user rubyman.
Oct 15 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4958]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416072.
Oct 15 06:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1826]: pam_unix(cron:session): session closed for user root
Oct 15 06:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: Invalid user pfd from 159.65.53.56
Oct 15 06:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: input_userauth_request: invalid user pfd [preauth]
Oct 15 06:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.53.56
Oct 15 06:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: Failed password for invalid user pfd from 159.65.53.56 port 47408 ssh2
Oct 15 06:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: Connection closed by 159.65.53.56 port 47408 [preauth]
Oct 15 06:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5617]: Invalid user braga from 198.12.77.137
Oct 15 06:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5617]: input_userauth_request: invalid user braga [preauth]
Oct 15 06:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5617]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4832]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5617]: Failed password for invalid user braga from 198.12.77.137 port 60584 ssh2
Oct 15 06:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5617]: Received disconnect from 198.12.77.137 port 60584:11: Bye Bye [preauth]
Oct 15 06:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5617]: Disconnected from 198.12.77.137 port 60584 [preauth]
Oct 15 06:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Oct 15 06:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: Failed password for root from 134.199.225.42 port 38126 ssh2
Oct 15 06:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: Received disconnect from 134.199.225.42 port 38126:11: Bye Bye [preauth]
Oct 15 06:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5698]: Disconnected from 134.199.225.42 port 38126 [preauth]
Oct 15 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3785]: pam_unix(cron:session): session closed for user root
Oct 15 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5803]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5807]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5801]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5882]: Successful su for rubyman by root
Oct 15 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5882]: + ??? root:rubyman
Oct 15 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416077 of user rubyman.
Oct 15 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5882]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416077.
Oct 15 06:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2383]: pam_unix(cron:session): session closed for user root
Oct 15 06:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5802]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195  user=root
Oct 15 06:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: Failed password for root from 103.100.209.195 port 50908 ssh2
Oct 15 06:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: Received disconnect from 103.100.209.195 port 50908:11: Bye Bye [preauth]
Oct 15 06:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: Disconnected from 103.100.209.195 port 50908 [preauth]
Oct 15 06:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: Invalid user dd from 198.12.77.137
Oct 15 06:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: input_userauth_request: invalid user dd [preauth]
Oct 15 06:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: Failed password for invalid user dd from 198.12.77.137 port 46266 ssh2
Oct 15 06:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: Received disconnect from 198.12.77.137 port 46266:11: Bye Bye [preauth]
Oct 15 06:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: Disconnected from 198.12.77.137 port 46266 [preauth]
Oct 15 06:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4330]: pam_unix(cron:session): session closed for user root
Oct 15 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6270]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6269]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6267]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6341]: Successful su for rubyman by root
Oct 15 06:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6341]: + ??? root:rubyman
Oct 15 06:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6341]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416081 of user rubyman.
Oct 15 06:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6341]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416081.
Oct 15 06:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50  user=root
Oct 15 06:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: Failed password for root from 188.18.49.50 port 45299 ssh2
Oct 15 06:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: Received disconnect from 188.18.49.50 port 45299:11: Bye Bye [preauth]
Oct 15 06:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: Disconnected from 188.18.49.50 port 45299 [preauth]
Oct 15 06:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2845]: pam_unix(cron:session): session closed for user root
Oct 15 06:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: Invalid user ftpuser from 134.199.225.42
Oct 15 06:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 06:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 06:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6268]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: Failed password for invalid user ftpuser from 134.199.225.42 port 47856 ssh2
Oct 15 06:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: Received disconnect from 134.199.225.42 port 47856:11: Bye Bye [preauth]
Oct 15 06:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6573]: Disconnected from 134.199.225.42 port 47856 [preauth]
Oct 15 06:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session closed for user root
Oct 15 06:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: Invalid user fox from 198.12.77.137
Oct 15 06:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: input_userauth_request: invalid user fox [preauth]
Oct 15 06:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: Failed password for invalid user fox from 198.12.77.137 port 34116 ssh2
Oct 15 06:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: Received disconnect from 198.12.77.137 port 34116:11: Bye Bye [preauth]
Oct 15 06:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6770]: Disconnected from 198.12.77.137 port 34116 [preauth]
Oct 15 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6824]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6815]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6822]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6823]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6819]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6824]: pam_unix(cron:session): session closed for user root
Oct 15 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6817]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6931]: Successful su for rubyman by root
Oct 15 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6931]: + ??? root:rubyman
Oct 15 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416084 of user rubyman.
Oct 15 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6931]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416084.
Oct 15 06:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7062]: Invalid user auser from 103.100.209.195
Oct 15 06:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7062]: input_userauth_request: invalid user auser [preauth]
Oct 15 06:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7062]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195
Oct 15 06:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6819]: pam_unix(cron:session): session closed for user root
Oct 15 06:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3314]: pam_unix(cron:session): session closed for user root
Oct 15 06:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7062]: Failed password for invalid user auser from 103.100.209.195 port 40786 ssh2
Oct 15 06:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7062]: Received disconnect from 103.100.209.195 port 40786:11: Bye Bye [preauth]
Oct 15 06:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7062]: Disconnected from 103.100.209.195 port 40786 [preauth]
Oct 15 06:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6818]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5807]: pam_unix(cron:session): session closed for user root
Oct 15 06:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6815]: pam_unix(cron:session): session closed for user root
Oct 15 06:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42  user=root
Oct 15 06:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7638]: Failed password for root from 134.199.225.42 port 33654 ssh2
Oct 15 06:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7638]: Received disconnect from 134.199.225.42 port 33654:11: Bye Bye [preauth]
Oct 15 06:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7638]: Disconnected from 134.199.225.42 port 33654 [preauth]
Oct 15 06:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137  user=root
Oct 15 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7654]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7655]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7652]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7649]: Failed password for root from 198.12.77.137 port 51102 ssh2
Oct 15 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7649]: Received disconnect from 198.12.77.137 port 51102:11: Bye Bye [preauth]
Oct 15 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7649]: Disconnected from 198.12.77.137 port 51102 [preauth]
Oct 15 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7749]: Successful su for rubyman by root
Oct 15 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7749]: + ??? root:rubyman
Oct 15 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416091 of user rubyman.
Oct 15 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7749]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416091.
Oct 15 06:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3784]: pam_unix(cron:session): session closed for user root
Oct 15 06:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7653]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6270]: pam_unix(cron:session): session closed for user root
Oct 15 06:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8573]: Invalid user ftpuser from 103.100.209.195
Oct 15 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8573]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8573]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195
Oct 15 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8581]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8584]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8579]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8657]: Successful su for rubyman by root
Oct 15 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8657]: + ??? root:rubyman
Oct 15 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416095 of user rubyman.
Oct 15 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8657]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416095.
Oct 15 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8573]: Failed password for invalid user ftpuser from 103.100.209.195 port 58900 ssh2
Oct 15 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8573]: Received disconnect from 103.100.209.195 port 58900:11: Bye Bye [preauth]
Oct 15 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8573]: Disconnected from 103.100.209.195 port 58900 [preauth]
Oct 15 06:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4329]: pam_unix(cron:session): session closed for user root
Oct 15 06:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8580]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: Invalid user ftpuser from 198.12.77.137
Oct 15 06:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 06:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.12.77.137
Oct 15 06:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: Failed password for invalid user ftpuser from 198.12.77.137 port 52956 ssh2
Oct 15 06:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: Received disconnect from 198.12.77.137 port 52956:11: Bye Bye [preauth]
Oct 15 06:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: Disconnected from 198.12.77.137 port 52956 [preauth]
Oct 15 06:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: Invalid user db2inst1 from 134.199.225.42
Oct 15 06:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: input_userauth_request: invalid user db2inst1 [preauth]
Oct 15 06:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 06:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: Failed password for invalid user db2inst1 from 134.199.225.42 port 41836 ssh2
Oct 15 06:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: Received disconnect from 134.199.225.42 port 41836:11: Bye Bye [preauth]
Oct 15 06:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9064]: Disconnected from 134.199.225.42 port 41836 [preauth]
Oct 15 06:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6823]: pam_unix(cron:session): session closed for user root
Oct 15 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9261]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9260]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9258]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9352]: Successful su for rubyman by root
Oct 15 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9352]: + ??? root:rubyman
Oct 15 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416099 of user rubyman.
Oct 15 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9352]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416099.
Oct 15 06:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4834]: pam_unix(cron:session): session closed for user root
Oct 15 06:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9259]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: Invalid user pi from 194.0.234.19
Oct 15 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: input_userauth_request: invalid user pi [preauth]
Oct 15 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Oct 15 06:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: Failed password for invalid user pi from 194.0.234.19 port 46988 ssh2
Oct 15 06:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: Connection closed by 194.0.234.19 port 46988 [preauth]
Oct 15 06:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7655]: pam_unix(cron:session): session closed for user root
Oct 15 06:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: Invalid user leontyev from 159.65.53.56
Oct 15 06:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: input_userauth_request: invalid user leontyev [preauth]
Oct 15 06:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.53.56
Oct 15 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: Failed password for invalid user leontyev from 159.65.53.56 port 36760 ssh2
Oct 15 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: Connection closed by 159.65.53.56 port 36760 [preauth]
Oct 15 06:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: Invalid user santhosh from 103.100.209.195
Oct 15 06:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: input_userauth_request: invalid user santhosh [preauth]
Oct 15 06:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195
Oct 15 06:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: Failed password for invalid user santhosh from 103.100.209.195 port 48784 ssh2
Oct 15 06:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: Received disconnect from 103.100.209.195 port 48784:11: Bye Bye [preauth]
Oct 15 06:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: Disconnected from 103.100.209.195 port 48784 [preauth]
Oct 15 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9906]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9911]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9904]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9981]: Successful su for rubyman by root
Oct 15 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9981]: + ??? root:rubyman
Oct 15 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416103 of user rubyman.
Oct 15 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9981]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416103.
Oct 15 06:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: Invalid user jayesh from 134.199.225.42
Oct 15 06:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: input_userauth_request: invalid user jayesh [preauth]
Oct 15 06:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 06:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5803]: pam_unix(cron:session): session closed for user root
Oct 15 06:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: Failed password for invalid user jayesh from 134.199.225.42 port 36116 ssh2
Oct 15 06:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: Received disconnect from 134.199.225.42 port 36116:11: Bye Bye [preauth]
Oct 15 06:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10101]: Disconnected from 134.199.225.42 port 36116 [preauth]
Oct 15 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9905]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50  user=root
Oct 15 06:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10253]: Failed password for root from 188.18.49.50 port 42249 ssh2
Oct 15 06:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10253]: Received disconnect from 188.18.49.50 port 42249:11: Bye Bye [preauth]
Oct 15 06:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10253]: Disconnected from 188.18.49.50 port 42249 [preauth]
Oct 15 06:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8584]: pam_unix(cron:session): session closed for user root
Oct 15 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10400]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10405]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10401]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10404]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10405]: pam_unix(cron:session): session closed for user root
Oct 15 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10397]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[10482]: Successful su for rubyman by root
Oct 15 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[10482]: + ??? root:rubyman
Oct 15 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[10482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416107 of user rubyman.
Oct 15 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[10482]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416107.
Oct 15 06:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6269]: pam_unix(cron:session): session closed for user root
Oct 15 06:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10400]: pam_unix(cron:session): session closed for user root
Oct 15 06:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10398]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9261]: pam_unix(cron:session): session closed for user root
Oct 15 06:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: Invalid user gavin from 103.100.209.195
Oct 15 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: input_userauth_request: invalid user gavin [preauth]
Oct 15 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195
Oct 15 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10859]: Invalid user taufik from 134.199.225.42
Oct 15 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10859]: input_userauth_request: invalid user taufik [preauth]
Oct 15 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10859]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: Failed password for invalid user gavin from 103.100.209.195 port 38662 ssh2
Oct 15 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: Received disconnect from 103.100.209.195 port 38662:11: Bye Bye [preauth]
Oct 15 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: Disconnected from 103.100.209.195 port 38662 [preauth]
Oct 15 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10859]: Failed password for invalid user taufik from 134.199.225.42 port 36240 ssh2
Oct 15 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10859]: Received disconnect from 134.199.225.42 port 36240:11: Bye Bye [preauth]
Oct 15 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10859]: Disconnected from 134.199.225.42 port 36240 [preauth]
Oct 15 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10908]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10909]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10906]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10983]: Successful su for rubyman by root
Oct 15 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10983]: + ??? root:rubyman
Oct 15 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416115 of user rubyman.
Oct 15 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10983]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416115.
Oct 15 06:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6822]: pam_unix(cron:session): session closed for user root
Oct 15 06:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10907]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9911]: pam_unix(cron:session): session closed for user root
Oct 15 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11361]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11362]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11360]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11359]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11433]: Successful su for rubyman by root
Oct 15 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11433]: + ??? root:rubyman
Oct 15 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416119 of user rubyman.
Oct 15 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11433]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416119.
Oct 15 06:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7654]: pam_unix(cron:session): session closed for user root
Oct 15 06:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11360]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11795]: Invalid user raccmcserver from 134.199.225.42
Oct 15 06:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11795]: input_userauth_request: invalid user raccmcserver [preauth]
Oct 15 06:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11795]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 06:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11795]: Failed password for invalid user raccmcserver from 134.199.225.42 port 55368 ssh2
Oct 15 06:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11795]: Received disconnect from 134.199.225.42 port 55368:11: Bye Bye [preauth]
Oct 15 06:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11795]: Disconnected from 134.199.225.42 port 55368 [preauth]
Oct 15 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195  user=root
Oct 15 06:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11871]: Failed password for root from 103.100.209.195 port 56776 ssh2
Oct 15 06:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10404]: pam_unix(cron:session): session closed for user root
Oct 15 06:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11871]: Received disconnect from 103.100.209.195 port 56776:11: Bye Bye [preauth]
Oct 15 06:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11871]: Disconnected from 103.100.209.195 port 56776 [preauth]
Oct 15 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11939]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11937]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11935]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12002]: Successful su for rubyman by root
Oct 15 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12002]: + ??? root:rubyman
Oct 15 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416121 of user rubyman.
Oct 15 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12002]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416121.
Oct 15 06:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8581]: pam_unix(cron:session): session closed for user root
Oct 15 06:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11936]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10909]: pam_unix(cron:session): session closed for user root
Oct 15 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12407]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12405]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12403]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12485]: Successful su for rubyman by root
Oct 15 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12485]: + ??? root:rubyman
Oct 15 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416125 of user rubyman.
Oct 15 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12485]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416125.
Oct 15 06:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12654]: Invalid user joanne from 134.199.225.42
Oct 15 06:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12654]: input_userauth_request: invalid user joanne [preauth]
Oct 15 06:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12654]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 06:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12654]: Failed password for invalid user joanne from 134.199.225.42 port 59946 ssh2
Oct 15 06:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12654]: Received disconnect from 134.199.225.42 port 59946:11: Bye Bye [preauth]
Oct 15 06:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12654]: Disconnected from 134.199.225.42 port 59946 [preauth]
Oct 15 06:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9260]: pam_unix(cron:session): session closed for user root
Oct 15 06:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12404]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Invalid user ubuntu from 103.100.209.195
Oct 15 06:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 06:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195
Oct 15 06:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11362]: pam_unix(cron:session): session closed for user root
Oct 15 06:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Failed password for invalid user ubuntu from 103.100.209.195 port 46659 ssh2
Oct 15 06:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Received disconnect from 103.100.209.195 port 46659:11: Bye Bye [preauth]
Oct 15 06:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Disconnected from 103.100.209.195 port 46659 [preauth]
Oct 15 06:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: Invalid user milad from 188.18.49.50
Oct 15 06:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: input_userauth_request: invalid user milad [preauth]
Oct 15 06:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50
Oct 15 06:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: Failed password for invalid user milad from 188.18.49.50 port 42136 ssh2
Oct 15 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: Received disconnect from 188.18.49.50 port 42136:11: Bye Bye [preauth]
Oct 15 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12883]: Disconnected from 188.18.49.50 port 42136 [preauth]
Oct 15 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12915]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12911]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12914]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12912]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12915]: pam_unix(cron:session): session closed for user root
Oct 15 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12908]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13010]: Successful su for rubyman by root
Oct 15 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13010]: + ??? root:rubyman
Oct 15 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416134 of user rubyman.
Oct 15 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13010]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416134.
Oct 15 06:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12911]: pam_unix(cron:session): session closed for user root
Oct 15 06:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9906]: pam_unix(cron:session): session closed for user root
Oct 15 06:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12909]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11939]: pam_unix(cron:session): session closed for user root
Oct 15 06:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: Invalid user steven from 134.199.225.42
Oct 15 06:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: input_userauth_request: invalid user steven [preauth]
Oct 15 06:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.225.42
Oct 15 06:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: Failed password for invalid user steven from 134.199.225.42 port 45168 ssh2
Oct 15 06:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: Received disconnect from 134.199.225.42 port 45168:11: Bye Bye [preauth]
Oct 15 06:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: Disconnected from 134.199.225.42 port 45168 [preauth]
Oct 15 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13553]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13551]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13549]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13626]: Successful su for rubyman by root
Oct 15 06:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13626]: + ??? root:rubyman
Oct 15 06:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416136 of user rubyman.
Oct 15 06:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13626]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416136.
Oct 15 06:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10401]: pam_unix(cron:session): session closed for user root
Oct 15 06:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: Invalid user user from 80.94.95.116
Oct 15 06:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: input_userauth_request: invalid user user [preauth]
Oct 15 06:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 06:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13550]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: Failed password for invalid user user from 80.94.95.116 port 28418 ssh2
Oct 15 06:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: Connection closed by 80.94.95.116 port 28418 [preauth]
Oct 15 06:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195  user=root
Oct 15 06:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Failed password for root from 103.100.209.195 port 36538 ssh2
Oct 15 06:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Received disconnect from 103.100.209.195 port 36538:11: Bye Bye [preauth]
Oct 15 06:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Disconnected from 103.100.209.195 port 36538 [preauth]
Oct 15 06:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12407]: pam_unix(cron:session): session closed for user root
Oct 15 06:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Invalid user admin from 62.60.131.157
Oct 15 06:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: input_userauth_request: invalid user admin [preauth]
Oct 15 06:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 06:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Failed password for invalid user admin from 62.60.131.157 port 61994 ssh2
Oct 15 06:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Failed password for invalid user admin from 62.60.131.157 port 61994 ssh2
Oct 15 06:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Failed password for invalid user admin from 62.60.131.157 port 61994 ssh2
Oct 15 06:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Failed password for invalid user admin from 62.60.131.157 port 61994 ssh2
Oct 15 06:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14134]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14135]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14131]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Failed password for invalid user admin from 62.60.131.157 port 61994 ssh2
Oct 15 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14131]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Received disconnect from 62.60.131.157 port 61994:11: Bye [preauth]
Oct 15 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Disconnected from 62.60.131.157 port 61994 [preauth]
Oct 15 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14207]: Successful su for rubyman by root
Oct 15 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14207]: + ??? root:rubyman
Oct 15 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416141 of user rubyman.
Oct 15 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14207]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416141.
Oct 15 06:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10908]: pam_unix(cron:session): session closed for user root
Oct 15 06:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14133]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12914]: pam_unix(cron:session): session closed for user root
Oct 15 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14577]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14578]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: Successful su for rubyman by root
Oct 15 06:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: + ??? root:rubyman
Oct 15 06:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416145 of user rubyman.
Oct 15 06:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14645]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416145.
Oct 15 06:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11361]: pam_unix(cron:session): session closed for user root
Oct 15 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14573]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Invalid user mariadb from 103.100.209.195
Oct 15 06:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: input_userauth_request: invalid user mariadb [preauth]
Oct 15 06:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195
Oct 15 06:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Failed password for invalid user mariadb from 103.100.209.195 port 54648 ssh2
Oct 15 06:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Received disconnect from 103.100.209.195 port 54648:11: Bye Bye [preauth]
Oct 15 06:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Disconnected from 103.100.209.195 port 54648 [preauth]
Oct 15 06:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13553]: pam_unix(cron:session): session closed for user root
Oct 15 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15043]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15142]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15039]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15041]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15324]: Successful su for rubyman by root
Oct 15 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15324]: + ??? root:rubyman
Oct 15 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416149 of user rubyman.
Oct 15 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15324]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416149.
Oct 15 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15039]: pam_unix(cron:session): session closed for user root
Oct 15 06:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11937]: pam_unix(cron:session): session closed for user root
Oct 15 06:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15042]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14135]: pam_unix(cron:session): session closed for user root
Oct 15 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15705]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15704]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15702]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15706]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15700]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15706]: pam_unix(cron:session): session closed for user root
Oct 15 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15700]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15783]: Successful su for rubyman by root
Oct 15 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15783]: + ??? root:rubyman
Oct 15 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416153 of user rubyman.
Oct 15 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15783]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416153.
Oct 15 06:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195  user=root
Oct 15 06:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: Failed password for root from 103.100.209.195 port 44525 ssh2
Oct 15 06:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: Received disconnect from 103.100.209.195 port 44525:11: Bye Bye [preauth]
Oct 15 06:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15781]: Disconnected from 103.100.209.195 port 44525 [preauth]
Oct 15 06:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15702]: pam_unix(cron:session): session closed for user root
Oct 15 06:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12405]: pam_unix(cron:session): session closed for user root
Oct 15 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15701]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50  user=root
Oct 15 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16064]: Failed password for root from 188.18.49.50 port 42576 ssh2
Oct 15 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16064]: Received disconnect from 188.18.49.50 port 42576:11: Bye Bye [preauth]
Oct 15 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16064]: Disconnected from 188.18.49.50 port 42576 [preauth]
Oct 15 06:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14578]: pam_unix(cron:session): session closed for user root
Oct 15 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16184]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16183]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16181]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16266]: Successful su for rubyman by root
Oct 15 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16266]: + ??? root:rubyman
Oct 15 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416159 of user rubyman.
Oct 15 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16266]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416159.
Oct 15 06:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12912]: pam_unix(cron:session): session closed for user root
Oct 15 06:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16182]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15142]: pam_unix(cron:session): session closed for user root
Oct 15 06:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: Invalid user testusr from 103.100.209.195
Oct 15 06:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: input_userauth_request: invalid user testusr [preauth]
Oct 15 06:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195
Oct 15 06:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: Failed password for invalid user testusr from 103.100.209.195 port 34398 ssh2
Oct 15 06:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: Received disconnect from 103.100.209.195 port 34398:11: Bye Bye [preauth]
Oct 15 06:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: Disconnected from 103.100.209.195 port 34398 [preauth]
Oct 15 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16659]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16660]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16657]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16725]: Successful su for rubyman by root
Oct 15 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16725]: + ??? root:rubyman
Oct 15 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416163 of user rubyman.
Oct 15 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16725]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416163.
Oct 15 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13551]: pam_unix(cron:session): session closed for user root
Oct 15 06:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16658]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15705]: pam_unix(cron:session): session closed for user root
Oct 15 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17119]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17120]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17112]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17198]: Successful su for rubyman by root
Oct 15 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17198]: + ??? root:rubyman
Oct 15 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416166 of user rubyman.
Oct 15 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17198]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416166.
Oct 15 06:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14134]: pam_unix(cron:session): session closed for user root
Oct 15 06:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195  user=root
Oct 15 06:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17118]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: Failed password for root from 103.100.209.195 port 52507 ssh2
Oct 15 06:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: Received disconnect from 103.100.209.195 port 52507:11: Bye Bye [preauth]
Oct 15 06:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: Disconnected from 103.100.209.195 port 52507 [preauth]
Oct 15 06:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16184]: pam_unix(cron:session): session closed for user root
Oct 15 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17567]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17568]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17565]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17643]: Successful su for rubyman by root
Oct 15 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17643]: + ??? root:rubyman
Oct 15 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416170 of user rubyman.
Oct 15 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17643]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416170.
Oct 15 06:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14577]: pam_unix(cron:session): session closed for user root
Oct 15 06:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17566]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
Oct 15 06:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Failed password for root from 80.94.95.115 port 44286 ssh2
Oct 15 06:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17946]: Connection closed by 80.94.95.115 port 44286 [preauth]
Oct 15 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16660]: pam_unix(cron:session): session closed for user root
Oct 15 06:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.100.209.195  user=root
Oct 15 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18252]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18251]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18254]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18250]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18254]: pam_unix(cron:session): session closed for user root
Oct 15 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18248]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Failed password for root from 103.100.209.195 port 42382 ssh2
Oct 15 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Received disconnect from 103.100.209.195 port 42382:11: Bye Bye [preauth]
Oct 15 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Disconnected from 103.100.209.195 port 42382 [preauth]
Oct 15 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18437]: Successful su for rubyman by root
Oct 15 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18437]: + ??? root:rubyman
Oct 15 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18437]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416177 of user rubyman.
Oct 15 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18437]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416177.
Oct 15 06:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18250]: pam_unix(cron:session): session closed for user root
Oct 15 06:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15043]: pam_unix(cron:session): session closed for user root
Oct 15 06:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18249]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17120]: pam_unix(cron:session): session closed for user root
Oct 15 06:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50  user=root
Oct 15 06:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18859]: Failed password for root from 188.18.49.50 port 40754 ssh2
Oct 15 06:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18859]: Received disconnect from 188.18.49.50 port 40754:11: Bye Bye [preauth]
Oct 15 06:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18859]: Disconnected from 188.18.49.50 port 40754 [preauth]
Oct 15 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18883]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18880]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18877]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19082]: Successful su for rubyman by root
Oct 15 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19082]: + ??? root:rubyman
Oct 15 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416181 of user rubyman.
Oct 15 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19082]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416181.
Oct 15 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15704]: pam_unix(cron:session): session closed for user root
Oct 15 06:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18878]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17568]: pam_unix(cron:session): session closed for user root
Oct 15 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19794]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19795]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19791]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19896]: Successful su for rubyman by root
Oct 15 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19896]: + ??? root:rubyman
Oct 15 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416184 of user rubyman.
Oct 15 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19896]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416184.
Oct 15 06:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16183]: pam_unix(cron:session): session closed for user root
Oct 15 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19792]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18252]: pam_unix(cron:session): session closed for user root
Oct 15 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20347]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20343]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20342]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20425]: Successful su for rubyman by root
Oct 15 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20425]: + ??? root:rubyman
Oct 15 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416190 of user rubyman.
Oct 15 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20425]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416190.
Oct 15 06:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16659]: pam_unix(cron:session): session closed for user root
Oct 15 06:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20343]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18883]: pam_unix(cron:session): session closed for user root
Oct 15 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20825]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20826]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20822]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20892]: Successful su for rubyman by root
Oct 15 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20892]: + ??? root:rubyman
Oct 15 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416194 of user rubyman.
Oct 15 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20892]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416194.
Oct 15 06:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17119]: pam_unix(cron:session): session closed for user root
Oct 15 06:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19795]: pam_unix(cron:session): session closed for user root
Oct 15 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21264]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21267]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21266]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21263]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21267]: pam_unix(cron:session): session closed for user root
Oct 15 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21260]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21412]: Successful su for rubyman by root
Oct 15 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21412]: + ??? root:rubyman
Oct 15 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416199 of user rubyman.
Oct 15 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21412]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416199.
Oct 15 06:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21263]: pam_unix(cron:session): session closed for user root
Oct 15 06:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17567]: pam_unix(cron:session): session closed for user root
Oct 15 06:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21262]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20347]: pam_unix(cron:session): session closed for user root
Oct 15 06:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: Invalid user sophia from 164.68.105.9
Oct 15 06:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: input_userauth_request: invalid user sophia [preauth]
Oct 15 06:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 06:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: Failed password for invalid user sophia from 164.68.105.9 port 52560 ssh2
Oct 15 06:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21817]: Connection closed by 164.68.105.9 port 52560 [preauth]
Oct 15 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21834]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21833]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21829]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21921]: Successful su for rubyman by root
Oct 15 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21921]: + ??? root:rubyman
Oct 15 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416202 of user rubyman.
Oct 15 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21921]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416202.
Oct 15 06:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18251]: pam_unix(cron:session): session closed for user root
Oct 15 06:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21830]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22210]: Invalid user geo from 188.18.49.50
Oct 15 06:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22210]: input_userauth_request: invalid user geo [preauth]
Oct 15 06:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22210]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50
Oct 15 06:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22210]: Failed password for invalid user geo from 188.18.49.50 port 40695 ssh2
Oct 15 06:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22210]: Received disconnect from 188.18.49.50 port 40695:11: Bye Bye [preauth]
Oct 15 06:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22210]: Disconnected from 188.18.49.50 port 40695 [preauth]
Oct 15 06:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20826]: pam_unix(cron:session): session closed for user root
Oct 15 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22352]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22353]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22349]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22416]: Successful su for rubyman by root
Oct 15 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22416]: + ??? root:rubyman
Oct 15 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416206 of user rubyman.
Oct 15 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22416]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416206.
Oct 15 06:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18880]: pam_unix(cron:session): session closed for user root
Oct 15 06:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22351]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Invalid user user1 from 80.94.95.115
Oct 15 06:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: input_userauth_request: invalid user user1 [preauth]
Oct 15 06:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Oct 15 06:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Failed password for invalid user user1 from 80.94.95.115 port 39936 ssh2
Oct 15 06:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Connection closed by 80.94.95.115 port 39936 [preauth]
Oct 15 06:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21266]: pam_unix(cron:session): session closed for user root
Oct 15 06:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22947]: Received disconnect from 62.60.131.157 port 62557:11: Bye [preauth]
Oct 15 06:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22947]: Disconnected from 62.60.131.157 port 62557 [preauth]
Oct 15 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23165]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23164]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23162]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23161]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23161]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23256]: Successful su for rubyman by root
Oct 15 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23256]: + ??? root:rubyman
Oct 15 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416211 of user rubyman.
Oct 15 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23256]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416211.
Oct 15 06:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19794]: pam_unix(cron:session): session closed for user root
Oct 15 06:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23162]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.232.91  user=root
Oct 15 06:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23851]: Failed password for root from 178.128.232.91 port 37398 ssh2
Oct 15 06:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23851]: Connection closed by 178.128.232.91 port 37398 [preauth]
Oct 15 06:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21834]: pam_unix(cron:session): session closed for user root
Oct 15 06:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139  user=root
Oct 15 06:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: Failed password for root from 202.143.111.139 port 51927 ssh2
Oct 15 06:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: Received disconnect from 202.143.111.139 port 51927:11: Bye Bye [preauth]
Oct 15 06:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23934]: Disconnected from 202.143.111.139 port 51927 [preauth]
Oct 15 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24004]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24005]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24001]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24085]: Successful su for rubyman by root
Oct 15 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24085]: + ??? root:rubyman
Oct 15 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416216 of user rubyman.
Oct 15 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24085]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416216.
Oct 15 06:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session closed for user root
Oct 15 06:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24003]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22353]: pam_unix(cron:session): session closed for user root
Oct 15 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24527]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24521]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24528]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24520]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24528]: pam_unix(cron:session): session closed for user root
Oct 15 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24518]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24621]: Successful su for rubyman by root
Oct 15 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24621]: + ??? root:rubyman
Oct 15 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416219 of user rubyman.
Oct 15 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24621]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416219.
Oct 15 06:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24520]: pam_unix(cron:session): session closed for user root
Oct 15 06:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20825]: pam_unix(cron:session): session closed for user root
Oct 15 06:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: Invalid user ftpuser from 103.20.223.95
Oct 15 06:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 06:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 06:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: Failed password for invalid user ftpuser from 103.20.223.95 port 36972 ssh2
Oct 15 06:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: Received disconnect from 103.20.223.95 port 36972:11: Bye Bye [preauth]
Oct 15 06:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: Disconnected from 103.20.223.95 port 36972 [preauth]
Oct 15 06:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24519]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23165]: pam_unix(cron:session): session closed for user root
Oct 15 06:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.232.91  user=root
Oct 15 06:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: Failed password for root from 178.128.232.91 port 38628 ssh2
Oct 15 06:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: Connection closed by 178.128.232.91 port 38628 [preauth]
Oct 15 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: Invalid user pi from 178.128.232.91
Oct 15 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: input_userauth_request: invalid user pi [preauth]
Oct 15 06:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.232.91
Oct 15 06:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25049]: Did not receive identification string from 178.128.232.91
Oct 15 06:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25047]: Connection reset by 178.128.232.91 port 56436 [preauth]
Oct 15 06:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25034]: Connection reset by 178.128.232.91 port 50500 [preauth]
Oct 15 06:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: Failed password for invalid user pi from 178.128.232.91 port 44564 ssh2
Oct 15 06:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25032]: Connection closed by 178.128.232.91 port 44564 [preauth]
Oct 15 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25064]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25063]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25061]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25170]: Successful su for rubyman by root
Oct 15 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25170]: + ??? root:rubyman
Oct 15 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416224 of user rubyman.
Oct 15 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25170]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416224.
Oct 15 06:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21264]: pam_unix(cron:session): session closed for user root
Oct 15 06:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25062]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24005]: pam_unix(cron:session): session closed for user root
Oct 15 06:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Invalid user suraj from 103.200.25.159
Oct 15 06:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: input_userauth_request: invalid user suraj [preauth]
Oct 15 06:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 06:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Failed password for invalid user suraj from 103.200.25.159 port 50632 ssh2
Oct 15 06:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Received disconnect from 103.200.25.159 port 50632:11: Bye Bye [preauth]
Oct 15 06:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Disconnected from 103.200.25.159 port 50632 [preauth]
Oct 15 06:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: Invalid user ubuntu from 188.18.49.50
Oct 15 06:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 06:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50
Oct 15 06:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: Failed password for invalid user ubuntu from 188.18.49.50 port 41726 ssh2
Oct 15 06:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: Received disconnect from 188.18.49.50 port 41726:11: Bye Bye [preauth]
Oct 15 06:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: Disconnected from 188.18.49.50 port 41726 [preauth]
Oct 15 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25789]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25788]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25786]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25960]: Successful su for rubyman by root
Oct 15 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25960]: + ??? root:rubyman
Oct 15 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416228 of user rubyman.
Oct 15 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25960]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416228.
Oct 15 06:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21833]: pam_unix(cron:session): session closed for user root
Oct 15 06:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Invalid user wyang from 20.163.71.109
Oct 15 06:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: input_userauth_request: invalid user wyang [preauth]
Oct 15 06:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 06:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Failed password for invalid user wyang from 20.163.71.109 port 49080 ssh2
Oct 15 06:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Connection closed by 20.163.71.109 port 49080 [preauth]
Oct 15 06:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25787]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: Invalid user sgd from 202.143.111.139
Oct 15 06:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: input_userauth_request: invalid user sgd [preauth]
Oct 15 06:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 06:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: Failed password for invalid user sgd from 202.143.111.139 port 20130 ssh2
Oct 15 06:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: Received disconnect from 202.143.111.139 port 20130:11: Bye Bye [preauth]
Oct 15 06:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: Disconnected from 202.143.111.139 port 20130 [preauth]
Oct 15 06:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24527]: pam_unix(cron:session): session closed for user root
Oct 15 06:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95  user=root
Oct 15 06:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: Failed password for root from 103.20.223.95 port 59008 ssh2
Oct 15 06:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: Received disconnect from 103.20.223.95 port 59008:11: Bye Bye [preauth]
Oct 15 06:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26317]: Disconnected from 103.20.223.95 port 59008 [preauth]
Oct 15 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26375]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26374]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26376]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26371]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26537]: Successful su for rubyman by root
Oct 15 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26537]: + ??? root:rubyman
Oct 15 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26537]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416234 of user rubyman.
Oct 15 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26537]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416234.
Oct 15 06:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22352]: pam_unix(cron:session): session closed for user root
Oct 15 06:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26374]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: Invalid user ubuntu from 14.225.220.107
Oct 15 06:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 06:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 06:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: Failed password for invalid user ubuntu from 14.225.220.107 port 52620 ssh2
Oct 15 06:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: Received disconnect from 14.225.220.107 port 52620:11: Bye Bye [preauth]
Oct 15 06:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: Disconnected from 14.225.220.107 port 52620 [preauth]
Oct 15 06:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: Invalid user user from 62.60.131.157
Oct 15 06:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: input_userauth_request: invalid user user [preauth]
Oct 15 06:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 06:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: Failed password for invalid user user from 62.60.131.157 port 59323 ssh2
Oct 15 06:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: Failed password for invalid user user from 62.60.131.157 port 59323 ssh2
Oct 15 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: Failed password for invalid user user from 62.60.131.157 port 59323 ssh2
Oct 15 06:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: Failed password for invalid user user from 62.60.131.157 port 59323 ssh2
Oct 15 06:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25064]: pam_unix(cron:session): session closed for user root
Oct 15 06:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: Failed password for invalid user user from 62.60.131.157 port 59323 ssh2
Oct 15 06:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: Received disconnect from 62.60.131.157 port 59323:11: Bye [preauth]
Oct 15 06:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: Disconnected from 62.60.131.157 port 59323 [preauth]
Oct 15 06:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 06:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26890]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27188]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27189]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27180]: pam_unix(cron:session): session closed for user p13x
Oct 15 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27256]: Successful su for rubyman by root
Oct 15 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27256]: + ??? root:rubyman
Oct 15 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416236 of user rubyman.
Oct 15 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27256]: pam_unix(su:session): session closed for user rubyman
Oct 15 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416236.
Oct 15 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: Invalid user bobi from 103.200.25.159
Oct 15 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: input_userauth_request: invalid user bobi [preauth]
Oct 15 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: Invalid user robot from 202.143.111.139
Oct 15 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: input_userauth_request: invalid user robot [preauth]
Oct 15 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: Failed password for invalid user bobi from 103.200.25.159 port 57004 ssh2
Oct 15 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: Received disconnect from 103.200.25.159 port 57004:11: Bye Bye [preauth]
Oct 15 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27244]: Disconnected from 103.200.25.159 port 57004 [preauth]
Oct 15 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: Failed password for invalid user robot from 202.143.111.139 port 62608 ssh2
Oct 15 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: Received disconnect from 202.143.111.139 port 62608:11: Bye Bye [preauth]
Oct 15 06:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: Disconnected from 202.143.111.139 port 62608 [preauth]
Oct 15 06:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23164]: pam_unix(cron:session): session closed for user root
Oct 15 06:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27181]: pam_unix(cron:session): session closed for user samftp
Oct 15 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: Invalid user josh from 103.140.73.162
Oct 15 06:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: input_userauth_request: invalid user josh [preauth]
Oct 15 06:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 06:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: Failed password for invalid user josh from 103.140.73.162 port 53286 ssh2
Oct 15 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: Received disconnect from 103.140.73.162 port 53286:11: Bye Bye [preauth]
Oct 15 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27705]: Disconnected from 103.140.73.162 port 53286 [preauth]
Oct 15 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25789]: pam_unix(cron:session): session closed for user root
Oct 15 06:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: Invalid user ludmila from 103.20.223.95
Oct 15 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: input_userauth_request: invalid user ludmila [preauth]
Oct 15 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 06:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: Failed password for invalid user ludmila from 103.20.223.95 port 54190 ssh2
Oct 15 06:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: Received disconnect from 103.20.223.95 port 54190:11: Bye Bye [preauth]
Oct 15 06:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: Disconnected from 103.20.223.95 port 54190 [preauth]
Oct 15 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27970]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27965]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27967]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27966]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27968]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27965]: pam_unix(cron:session): session closed for user root
Oct 15 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27970]: pam_unix(cron:session): session closed for user root
Oct 15 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27963]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28094]: Successful su for rubyman by root
Oct 15 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28094]: + ??? root:rubyman
Oct 15 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28094]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416240 of user rubyman.
Oct 15 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[28094]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416240.
Oct 15 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24004]: pam_unix(cron:session): session closed for user root
Oct 15 07:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27966]: pam_unix(cron:session): session closed for user root
Oct 15 07:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27964]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26376]: pam_unix(cron:session): session closed for user root
Oct 15 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: Invalid user temp from 202.143.111.139
Oct 15 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: input_userauth_request: invalid user temp [preauth]
Oct 15 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: Failed password for invalid user temp from 202.143.111.139 port 50595 ssh2
Oct 15 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: Received disconnect from 202.143.111.139 port 50595:11: Bye Bye [preauth]
Oct 15 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28763]: Disconnected from 202.143.111.139 port 50595 [preauth]
Oct 15 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28799]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28798]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28795]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28896]: Successful su for rubyman by root
Oct 15 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28896]: + ??? root:rubyman
Oct 15 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416247 of user rubyman.
Oct 15 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28896]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416247.
Oct 15 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: Invalid user test from 103.200.25.159
Oct 15 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: input_userauth_request: invalid user test [preauth]
Oct 15 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 07:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: Failed password for invalid user test from 103.200.25.159 port 55404 ssh2
Oct 15 07:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: Received disconnect from 103.200.25.159 port 55404:11: Bye Bye [preauth]
Oct 15 07:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: Disconnected from 103.200.25.159 port 55404 [preauth]
Oct 15 07:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24521]: pam_unix(cron:session): session closed for user root
Oct 15 07:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28797]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95  user=root
Oct 15 07:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27189]: pam_unix(cron:session): session closed for user root
Oct 15 07:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: Failed password for root from 103.20.223.95 port 33682 ssh2
Oct 15 07:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: Received disconnect from 103.20.223.95 port 33682:11: Bye Bye [preauth]
Oct 15 07:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29320]: Disconnected from 103.20.223.95 port 33682 [preauth]
Oct 15 07:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: Invalid user rocky from 89.218.69.66
Oct 15 07:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: input_userauth_request: invalid user rocky [preauth]
Oct 15 07:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: Failed password for invalid user rocky from 89.218.69.66 port 3963 ssh2
Oct 15 07:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29411]: Invalid user ftpuser from 14.225.220.107
Oct 15 07:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29411]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 07:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29411]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: Received disconnect from 89.218.69.66 port 3963:11: Bye Bye [preauth]
Oct 15 07:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29409]: Disconnected from 89.218.69.66 port 3963 [preauth]
Oct 15 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29427]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29431]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29425]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29411]: Failed password for invalid user ftpuser from 14.225.220.107 port 44872 ssh2
Oct 15 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29411]: Received disconnect from 14.225.220.107 port 44872:11: Bye Bye [preauth]
Oct 15 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29411]: Disconnected from 14.225.220.107 port 44872 [preauth]
Oct 15 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29512]: Successful su for rubyman by root
Oct 15 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29512]: + ??? root:rubyman
Oct 15 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416254 of user rubyman.
Oct 15 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29512]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416254.
Oct 15 07:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25063]: pam_unix(cron:session): session closed for user root
Oct 15 07:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29426]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50  user=root
Oct 15 07:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139  user=root
Oct 15 07:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: Failed password for root from 188.18.49.50 port 40591 ssh2
Oct 15 07:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: Failed password for root from 202.143.111.139 port 38345 ssh2
Oct 15 07:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: Received disconnect from 188.18.49.50 port 40591:11: Bye Bye [preauth]
Oct 15 07:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: Disconnected from 188.18.49.50 port 40591 [preauth]
Oct 15 07:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: Received disconnect from 202.143.111.139 port 38345:11: Bye Bye [preauth]
Oct 15 07:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: Disconnected from 202.143.111.139 port 38345 [preauth]
Oct 15 07:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29813]: Did not receive identification string from 47.243.137.6
Oct 15 07:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: Invalid user ibrahim from 103.140.73.162
Oct 15 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: input_userauth_request: invalid user ibrahim [preauth]
Oct 15 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: Failed password for invalid user ibrahim from 103.140.73.162 port 35072 ssh2
Oct 15 07:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: Received disconnect from 103.140.73.162 port 35072:11: Bye Bye [preauth]
Oct 15 07:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: Disconnected from 103.140.73.162 port 35072 [preauth]
Oct 15 07:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27968]: pam_unix(cron:session): session closed for user root
Oct 15 07:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159  user=root
Oct 15 07:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29917]: Failed password for root from 103.200.25.159 port 41396 ssh2
Oct 15 07:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29917]: Received disconnect from 103.200.25.159 port 41396:11: Bye Bye [preauth]
Oct 15 07:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29917]: Disconnected from 103.200.25.159 port 41396 [preauth]
Oct 15 07:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
Oct 15 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29955]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29952]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29950]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30027]: Successful su for rubyman by root
Oct 15 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30027]: + ??? root:rubyman
Oct 15 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416255 of user rubyman.
Oct 15 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30027]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416255.
Oct 15 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: Failed password for root from 194.0.234.19 port 42178 ssh2
Oct 15 07:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: Connection closed by 194.0.234.19 port 42178 [preauth]
Oct 15 07:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25788]: pam_unix(cron:session): session closed for user root
Oct 15 07:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29951]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Invalid user admin from 2.57.121.25
Oct 15 07:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: input_userauth_request: invalid user admin [preauth]
Oct 15 07:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 07:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Failed password for invalid user admin from 2.57.121.25 port 49705 ssh2
Oct 15 07:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: Invalid user test from 103.20.223.95
Oct 15 07:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: input_userauth_request: invalid user test [preauth]
Oct 15 07:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Failed password for invalid user admin from 2.57.121.25 port 49705 ssh2
Oct 15 07:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: Failed password for invalid user test from 103.20.223.95 port 37322 ssh2
Oct 15 07:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: Received disconnect from 103.20.223.95 port 37322:11: Bye Bye [preauth]
Oct 15 07:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30337]: Disconnected from 103.20.223.95 port 37322 [preauth]
Oct 15 07:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Failed password for invalid user admin from 2.57.121.25 port 49705 ssh2
Oct 15 07:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Failed password for invalid user admin from 2.57.121.25 port 49705 ssh2
Oct 15 07:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Failed password for invalid user admin from 2.57.121.25 port 49705 ssh2
Oct 15 07:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Received disconnect from 2.57.121.25 port 49705:11: Bye [preauth]
Oct 15 07:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: Disconnected from 2.57.121.25 port 49705 [preauth]
Oct 15 07:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 07:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30309]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 07:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: Invalid user solutec from 89.218.69.66
Oct 15 07:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: input_userauth_request: invalid user solutec [preauth]
Oct 15 07:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: Failed password for invalid user solutec from 89.218.69.66 port 51601 ssh2
Oct 15 07:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: Received disconnect from 89.218.69.66 port 51601:11: Bye Bye [preauth]
Oct 15 07:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: Disconnected from 89.218.69.66 port 51601 [preauth]
Oct 15 07:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28799]: pam_unix(cron:session): session closed for user root
Oct 15 07:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: Invalid user ctarazona from 14.225.220.107
Oct 15 07:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: input_userauth_request: invalid user ctarazona [preauth]
Oct 15 07:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: Failed password for invalid user ctarazona from 14.225.220.107 port 42270 ssh2
Oct 15 07:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: Received disconnect from 14.225.220.107 port 42270:11: Bye Bye [preauth]
Oct 15 07:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: Disconnected from 14.225.220.107 port 42270 [preauth]
Oct 15 07:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30434]: Invalid user gabriela from 2.57.122.26
Oct 15 07:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30434]: input_userauth_request: invalid user gabriela [preauth]
Oct 15 07:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30434]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26
Oct 15 07:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30434]: Failed password for invalid user gabriela from 2.57.122.26 port 53802 ssh2
Oct 15 07:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30434]: Connection closed by 2.57.122.26 port 53802 [preauth]
Oct 15 07:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30536]: Invalid user tu from 202.143.111.139
Oct 15 07:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30536]: input_userauth_request: invalid user tu [preauth]
Oct 15 07:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30536]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30536]: Failed password for invalid user tu from 202.143.111.139 port 62378 ssh2
Oct 15 07:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30536]: Received disconnect from 202.143.111.139 port 62378:11: Bye Bye [preauth]
Oct 15 07:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30536]: Disconnected from 202.143.111.139 port 62378 [preauth]
Oct 15 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30569]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30567]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30565]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30659]: Successful su for rubyman by root
Oct 15 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30659]: + ??? root:rubyman
Oct 15 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30659]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416260 of user rubyman.
Oct 15 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30659]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416260.
Oct 15 07:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26375]: pam_unix(cron:session): session closed for user root
Oct 15 07:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Invalid user ander from 103.140.73.162
Oct 15 07:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: input_userauth_request: invalid user ander [preauth]
Oct 15 07:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Failed password for invalid user ander from 103.140.73.162 port 52992 ssh2
Oct 15 07:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Received disconnect from 103.140.73.162 port 52992:11: Bye Bye [preauth]
Oct 15 07:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Disconnected from 103.140.73.162 port 52992 [preauth]
Oct 15 07:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30566]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29431]: pam_unix(cron:session): session closed for user root
Oct 15 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30973]: Invalid user ts3 from 103.200.25.159
Oct 15 07:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30973]: input_userauth_request: invalid user ts3 [preauth]
Oct 15 07:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30973]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 07:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30973]: Failed password for invalid user ts3 from 103.200.25.159 port 45484 ssh2
Oct 15 07:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30973]: Received disconnect from 103.200.25.159 port 45484:11: Bye Bye [preauth]
Oct 15 07:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30973]: Disconnected from 103.200.25.159 port 45484 [preauth]
Oct 15 07:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: Did not receive identification string from 67.170.193.165
Oct 15 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31066]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31064]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31061]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31065]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31058]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31066]: pam_unix(cron:session): session closed for user root
Oct 15 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31058]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31156]: Successful su for rubyman by root
Oct 15 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31156]: + ??? root:rubyman
Oct 15 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31156]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416264 of user rubyman.
Oct 15 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31156]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416264.
Oct 15 07:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31186]: Invalid user adrien from 89.218.69.66
Oct 15 07:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31186]: input_userauth_request: invalid user adrien [preauth]
Oct 15 07:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31186]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31186]: Failed password for invalid user adrien from 89.218.69.66 port 42928 ssh2
Oct 15 07:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31186]: Received disconnect from 89.218.69.66 port 42928:11: Bye Bye [preauth]
Oct 15 07:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31186]: Disconnected from 89.218.69.66 port 42928 [preauth]
Oct 15 07:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31061]: pam_unix(cron:session): session closed for user root
Oct 15 07:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: Invalid user tw from 103.20.223.95
Oct 15 07:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: input_userauth_request: invalid user tw [preauth]
Oct 15 07:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27188]: pam_unix(cron:session): session closed for user root
Oct 15 07:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: Failed password for invalid user tw from 103.20.223.95 port 59210 ssh2
Oct 15 07:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: Received disconnect from 103.20.223.95 port 59210:11: Bye Bye [preauth]
Oct 15 07:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31276]: Disconnected from 103.20.223.95 port 59210 [preauth]
Oct 15 07:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31060]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: Invalid user git from 14.225.220.107
Oct 15 07:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: input_userauth_request: invalid user git [preauth]
Oct 15 07:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: Failed password for invalid user git from 14.225.220.107 port 47656 ssh2
Oct 15 07:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: Received disconnect from 14.225.220.107 port 47656:11: Bye Bye [preauth]
Oct 15 07:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: Disconnected from 14.225.220.107 port 47656 [preauth]
Oct 15 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: Invalid user client from 202.143.111.139
Oct 15 07:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: input_userauth_request: invalid user client [preauth]
Oct 15 07:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: Failed password for invalid user client from 202.143.111.139 port 30419 ssh2
Oct 15 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: Received disconnect from 202.143.111.139 port 30419:11: Bye Bye [preauth]
Oct 15 07:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31514]: Disconnected from 202.143.111.139 port 30419 [preauth]
Oct 15 07:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29955]: pam_unix(cron:session): session closed for user root
Oct 15 07:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Invalid user rubel from 103.140.73.162
Oct 15 07:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: input_userauth_request: invalid user rubel [preauth]
Oct 15 07:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Failed password for invalid user rubel from 103.140.73.162 port 52158 ssh2
Oct 15 07:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Received disconnect from 103.140.73.162 port 52158:11: Bye Bye [preauth]
Oct 15 07:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Disconnected from 103.140.73.162 port 52158 [preauth]
Oct 15 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31748]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31747]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31743]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31823]: Successful su for rubyman by root
Oct 15 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31823]: + ??? root:rubyman
Oct 15 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416270 of user rubyman.
Oct 15 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31823]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416270.
Oct 15 07:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27967]: pam_unix(cron:session): session closed for user root
Oct 15 07:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31744]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159  user=root
Oct 15 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: Invalid user kuba from 89.218.69.66
Oct 15 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: input_userauth_request: invalid user kuba [preauth]
Oct 15 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: Failed password for root from 103.200.25.159 port 38268 ssh2
Oct 15 07:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: Received disconnect from 103.200.25.159 port 38268:11: Bye Bye [preauth]
Oct 15 07:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: Disconnected from 103.200.25.159 port 38268 [preauth]
Oct 15 07:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: Failed password for invalid user kuba from 89.218.69.66 port 26873 ssh2
Oct 15 07:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: Received disconnect from 89.218.69.66 port 26873:11: Bye Bye [preauth]
Oct 15 07:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32204]: Disconnected from 89.218.69.66 port 26873 [preauth]
Oct 15 07:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30569]: pam_unix(cron:session): session closed for user root
Oct 15 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32305]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32304]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32302]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32380]: Successful su for rubyman by root
Oct 15 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32380]: + ??? root:rubyman
Oct 15 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416273 of user rubyman.
Oct 15 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32380]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416273.
Oct 15 07:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95  user=root
Oct 15 07:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32368]: Failed password for root from 103.20.223.95 port 48018 ssh2
Oct 15 07:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32368]: Received disconnect from 103.20.223.95 port 48018:11: Bye Bye [preauth]
Oct 15 07:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32368]: Disconnected from 103.20.223.95 port 48018 [preauth]
Oct 15 07:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32496]: Invalid user admin from 202.143.111.139
Oct 15 07:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32496]: input_userauth_request: invalid user admin [preauth]
Oct 15 07:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32496]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28798]: pam_unix(cron:session): session closed for user root
Oct 15 07:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32496]: Failed password for invalid user admin from 202.143.111.139 port 62076 ssh2
Oct 15 07:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32496]: Received disconnect from 202.143.111.139 port 62076:11: Bye Bye [preauth]
Oct 15 07:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32496]: Disconnected from 202.143.111.139 port 62076 [preauth]
Oct 15 07:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32585]: Did not receive identification string from 67.170.193.165
Oct 15 07:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: Invalid user ibrahim from 14.225.220.107
Oct 15 07:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: input_userauth_request: invalid user ibrahim [preauth]
Oct 15 07:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32303]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: Failed password for invalid user ibrahim from 14.225.220.107 port 58020 ssh2
Oct 15 07:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: Received disconnect from 14.225.220.107 port 58020:11: Bye Bye [preauth]
Oct 15 07:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32586]: Disconnected from 14.225.220.107 port 58020 [preauth]
Oct 15 07:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Invalid user team2 from 103.140.73.162
Oct 15 07:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: input_userauth_request: invalid user team2 [preauth]
Oct 15 07:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Failed password for invalid user team2 from 103.140.73.162 port 41178 ssh2
Oct 15 07:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Received disconnect from 103.140.73.162 port 41178:11: Bye Bye [preauth]
Oct 15 07:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32605]: Disconnected from 103.140.73.162 port 41178 [preauth]
Oct 15 07:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50  user=root
Oct 15 07:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32629]: Failed password for root from 188.18.49.50 port 47570 ssh2
Oct 15 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32629]: Received disconnect from 188.18.49.50 port 47570:11: Bye Bye [preauth]
Oct 15 07:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32629]: Disconnected from 188.18.49.50 port 47570 [preauth]
Oct 15 07:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31065]: pam_unix(cron:session): session closed for user root
Oct 15 07:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66  user=root
Oct 15 07:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: Failed password for root from 89.218.69.66 port 6154 ssh2
Oct 15 07:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: Received disconnect from 89.218.69.66 port 6154:11: Bye Bye [preauth]
Oct 15 07:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[307]: Disconnected from 89.218.69.66 port 6154 [preauth]
Oct 15 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[323]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[324]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[321]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[392]: Successful su for rubyman by root
Oct 15 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[392]: + ??? root:rubyman
Oct 15 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416280 of user rubyman.
Oct 15 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[392]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416280.
Oct 15 07:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29427]: pam_unix(cron:session): session closed for user root
Oct 15 07:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[322]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[630]: Invalid user botuser from 103.200.25.159
Oct 15 07:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[630]: input_userauth_request: invalid user botuser [preauth]
Oct 15 07:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[630]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 07:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[630]: Failed password for invalid user botuser from 103.200.25.159 port 38512 ssh2
Oct 15 07:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[630]: Received disconnect from 103.200.25.159 port 38512:11: Bye Bye [preauth]
Oct 15 07:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[630]: Disconnected from 103.200.25.159 port 38512 [preauth]
Oct 15 07:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 15 07:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: Failed password for root from 185.156.73.233 port 51158 ssh2
Oct 15 07:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: Connection closed by 185.156.73.233 port 51158 [preauth]
Oct 15 07:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31748]: pam_unix(cron:session): session closed for user root
Oct 15 07:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: Invalid user itadmin from 103.140.73.162
Oct 15 07:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: input_userauth_request: invalid user itadmin [preauth]
Oct 15 07:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139  user=root
Oct 15 07:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: Failed password for invalid user itadmin from 103.140.73.162 port 52980 ssh2
Oct 15 07:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: Failed password for root from 202.143.111.139 port 40577 ssh2
Oct 15 07:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: Received disconnect from 103.140.73.162 port 52980:11: Bye Bye [preauth]
Oct 15 07:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[731]: Disconnected from 103.140.73.162 port 52980 [preauth]
Oct 15 07:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: Received disconnect from 202.143.111.139 port 40577:11: Bye Bye [preauth]
Oct 15 07:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[734]: Disconnected from 202.143.111.139 port 40577 [preauth]
Oct 15 07:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: Invalid user botuser from 103.20.223.95
Oct 15 07:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: input_userauth_request: invalid user botuser [preauth]
Oct 15 07:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: Failed password for invalid user botuser from 103.20.223.95 port 59422 ssh2
Oct 15 07:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: Received disconnect from 103.20.223.95 port 59422:11: Bye Bye [preauth]
Oct 15 07:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[799]: Disconnected from 103.20.223.95 port 59422 [preauth]
Oct 15 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[823]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[821]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[814]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[816]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1097]: Successful su for rubyman by root
Oct 15 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1097]: + ??? root:rubyman
Oct 15 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416281 of user rubyman.
Oct 15 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1097]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416281.
Oct 15 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: Invalid user team2 from 14.225.220.107
Oct 15 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: input_userauth_request: invalid user team2 [preauth]
Oct 15 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[814]: pam_unix(cron:session): session closed for user root
Oct 15 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: Failed password for invalid user team2 from 14.225.220.107 port 33244 ssh2
Oct 15 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: Received disconnect from 14.225.220.107 port 33244:11: Bye Bye [preauth]
Oct 15 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: Disconnected from 14.225.220.107 port 33244 [preauth]
Oct 15 07:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29952]: pam_unix(cron:session): session closed for user root
Oct 15 07:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[817]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66  user=root
Oct 15 07:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1332]: Failed password for root from 89.218.69.66 port 36942 ssh2
Oct 15 07:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1332]: Received disconnect from 89.218.69.66 port 36942:11: Bye Bye [preauth]
Oct 15 07:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1332]: Disconnected from 89.218.69.66 port 36942 [preauth]
Oct 15 07:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32305]: pam_unix(cron:session): session closed for user root
Oct 15 07:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: Did not receive identification string from 67.170.193.165
Oct 15 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1518]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1517]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1519]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1516]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1519]: pam_unix(cron:session): session closed for user root
Oct 15 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1514]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159  user=root
Oct 15 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[1601]: Successful su for rubyman by root
Oct 15 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[1601]: + ??? root:rubyman
Oct 15 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[1601]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416289 of user rubyman.
Oct 15 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[1601]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416289.
Oct 15 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1587]: Failed password for root from 103.200.25.159 port 47938 ssh2
Oct 15 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1587]: Received disconnect from 103.200.25.159 port 47938:11: Bye Bye [preauth]
Oct 15 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1587]: Disconnected from 103.200.25.159 port 47938 [preauth]
Oct 15 07:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: Invalid user gh from 103.140.73.162
Oct 15 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: input_userauth_request: invalid user gh [preauth]
Oct 15 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1516]: pam_unix(cron:session): session closed for user root
Oct 15 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30567]: pam_unix(cron:session): session closed for user root
Oct 15 07:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: Failed password for invalid user gh from 103.140.73.162 port 46392 ssh2
Oct 15 07:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: Received disconnect from 103.140.73.162 port 46392:11: Bye Bye [preauth]
Oct 15 07:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1757]: Disconnected from 103.140.73.162 port 46392 [preauth]
Oct 15 07:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1849]: Invalid user chris from 202.143.111.139
Oct 15 07:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1849]: input_userauth_request: invalid user chris [preauth]
Oct 15 07:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1849]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1849]: Failed password for invalid user chris from 202.143.111.139 port 48855 ssh2
Oct 15 07:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1849]: Received disconnect from 202.143.111.139 port 48855:11: Bye Bye [preauth]
Oct 15 07:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1849]: Disconnected from 202.143.111.139 port 48855 [preauth]
Oct 15 07:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1515]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[324]: pam_unix(cron:session): session closed for user root
Oct 15 07:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2091]: Invalid user gh from 89.218.69.66
Oct 15 07:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2091]: input_userauth_request: invalid user gh [preauth]
Oct 15 07:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2091]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2101]: Did not receive identification string from 67.170.193.165
Oct 15 07:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2091]: Failed password for invalid user gh from 89.218.69.66 port 59355 ssh2
Oct 15 07:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2091]: Received disconnect from 89.218.69.66 port 59355:11: Bye Bye [preauth]
Oct 15 07:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2091]: Disconnected from 89.218.69.66 port 59355 [preauth]
Oct 15 07:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: Did not receive identification string from 67.170.193.165
Oct 15 07:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107  user=root
Oct 15 07:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2123]: Failed password for root from 14.225.220.107 port 32866 ssh2
Oct 15 07:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2123]: Received disconnect from 14.225.220.107 port 32866:11: Bye Bye [preauth]
Oct 15 07:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2123]: Disconnected from 14.225.220.107 port 32866 [preauth]
Oct 15 07:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: Invalid user dns from 103.20.223.95
Oct 15 07:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: input_userauth_request: invalid user dns [preauth]
Oct 15 07:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: Failed password for invalid user dns from 103.20.223.95 port 59548 ssh2
Oct 15 07:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: Received disconnect from 103.20.223.95 port 59548:11: Bye Bye [preauth]
Oct 15 07:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: Disconnected from 103.20.223.95 port 59548 [preauth]
Oct 15 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2175]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2174]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2172]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2252]: Successful su for rubyman by root
Oct 15 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2252]: + ??? root:rubyman
Oct 15 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416293 of user rubyman.
Oct 15 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2252]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416293.
Oct 15 07:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31064]: pam_unix(cron:session): session closed for user root
Oct 15 07:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2173]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[823]: pam_unix(cron:session): session closed for user root
Oct 15 07:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Invalid user sharan from 103.140.73.162
Oct 15 07:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: input_userauth_request: invalid user sharan [preauth]
Oct 15 07:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Failed password for invalid user sharan from 103.140.73.162 port 45994 ssh2
Oct 15 07:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Received disconnect from 103.140.73.162 port 45994:11: Bye Bye [preauth]
Oct 15 07:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Disconnected from 103.140.73.162 port 45994 [preauth]
Oct 15 07:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: Invalid user user from 202.143.111.139
Oct 15 07:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: input_userauth_request: invalid user user [preauth]
Oct 15 07:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: Failed password for invalid user user from 202.143.111.139 port 36679 ssh2
Oct 15 07:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: Received disconnect from 202.143.111.139 port 36679:11: Bye Bye [preauth]
Oct 15 07:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: Disconnected from 202.143.111.139 port 36679 [preauth]
Oct 15 07:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: Invalid user hugo from 103.200.25.159
Oct 15 07:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: input_userauth_request: invalid user hugo [preauth]
Oct 15 07:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: Failed password for invalid user hugo from 103.200.25.159 port 42268 ssh2
Oct 15 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2638]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2640]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2639]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2636]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: Received disconnect from 103.200.25.159 port 42268:11: Bye Bye [preauth]
Oct 15 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: Disconnected from 103.200.25.159 port 42268 [preauth]
Oct 15 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2705]: Successful su for rubyman by root
Oct 15 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2705]: + ??? root:rubyman
Oct 15 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416298 of user rubyman.
Oct 15 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2705]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416298.
Oct 15 07:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31747]: pam_unix(cron:session): session closed for user root
Oct 15 07:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: Invalid user royal from 89.218.69.66
Oct 15 07:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: input_userauth_request: invalid user royal [preauth]
Oct 15 07:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: Failed password for invalid user royal from 89.218.69.66 port 16721 ssh2
Oct 15 07:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: Received disconnect from 89.218.69.66 port 16721:11: Bye Bye [preauth]
Oct 15 07:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: Disconnected from 89.218.69.66 port 16721 [preauth]
Oct 15 07:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2638]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: Invalid user santhosh from 188.18.49.50
Oct 15 07:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: input_userauth_request: invalid user santhosh [preauth]
Oct 15 07:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50
Oct 15 07:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: Failed password for invalid user santhosh from 188.18.49.50 port 41143 ssh2
Oct 15 07:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: Received disconnect from 188.18.49.50 port 41143:11: Bye Bye [preauth]
Oct 15 07:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2965]: Disconnected from 188.18.49.50 port 41143 [preauth]
Oct 15 07:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3004]: Invalid user wyang from 20.163.71.109
Oct 15 07:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3004]: input_userauth_request: invalid user wyang [preauth]
Oct 15 07:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3004]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 07:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3004]: Failed password for invalid user wyang from 20.163.71.109 port 33900 ssh2
Oct 15 07:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3004]: Connection closed by 20.163.71.109 port 33900 [preauth]
Oct 15 07:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: Invalid user infoserve from 14.225.220.107
Oct 15 07:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: input_userauth_request: invalid user infoserve [preauth]
Oct 15 07:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1518]: pam_unix(cron:session): session closed for user root
Oct 15 07:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3046]: Did not receive identification string from 67.170.193.165
Oct 15 07:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3047]: Did not receive identification string from 67.170.193.165
Oct 15 07:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: Failed password for invalid user infoserve from 14.225.220.107 port 35822 ssh2
Oct 15 07:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: Received disconnect from 14.225.220.107 port 35822:11: Bye Bye [preauth]
Oct 15 07:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3036]: Disconnected from 14.225.220.107 port 35822 [preauth]
Oct 15 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3094]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3093]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3091]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3163]: Successful su for rubyman by root
Oct 15 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3163]: + ??? root:rubyman
Oct 15 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416300 of user rubyman.
Oct 15 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3163]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416300.
Oct 15 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95  user=root
Oct 15 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: Failed password for root from 103.20.223.95 port 58986 ssh2
Oct 15 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: Received disconnect from 103.20.223.95 port 58986:11: Bye Bye [preauth]
Oct 15 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: Disconnected from 103.20.223.95 port 58986 [preauth]
Oct 15 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: Invalid user support from 78.128.112.74
Oct 15 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: input_userauth_request: invalid user support [preauth]
Oct 15 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Oct 15 07:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: Failed password for invalid user support from 78.128.112.74 port 39920 ssh2
Oct 15 07:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3229]: Connection closed by 78.128.112.74 port 39920 [preauth]
Oct 15 07:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32304]: pam_unix(cron:session): session closed for user root
Oct 15 07:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: Invalid user royal from 103.140.73.162
Oct 15 07:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: input_userauth_request: invalid user royal [preauth]
Oct 15 07:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3092]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: Failed password for invalid user royal from 103.140.73.162 port 60136 ssh2
Oct 15 07:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: Received disconnect from 103.140.73.162 port 60136:11: Bye Bye [preauth]
Oct 15 07:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3382]: Disconnected from 103.140.73.162 port 60136 [preauth]
Oct 15 07:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: Did not receive identification string from 67.170.193.165
Oct 15 07:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3449]: Did not receive identification string from 67.170.193.165
Oct 15 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: Invalid user hardy from 202.143.111.139
Oct 15 07:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: input_userauth_request: invalid user hardy [preauth]
Oct 15 07:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: Failed password for invalid user hardy from 202.143.111.139 port 51656 ssh2
Oct 15 07:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: Received disconnect from 202.143.111.139 port 51656:11: Bye Bye [preauth]
Oct 15 07:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: Disconnected from 202.143.111.139 port 51656 [preauth]
Oct 15 07:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2175]: pam_unix(cron:session): session closed for user root
Oct 15 07:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: User mysql from 89.218.69.66 not allowed because not listed in AllowUsers
Oct 15 07:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: input_userauth_request: invalid user mysql [preauth]
Oct 15 07:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66  user=mysql
Oct 15 07:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: Failed password for invalid user mysql from 89.218.69.66 port 32899 ssh2
Oct 15 07:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: Received disconnect from 89.218.69.66 port 32899:11: Bye Bye [preauth]
Oct 15 07:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3515]: Disconnected from 89.218.69.66 port 32899 [preauth]
Oct 15 07:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3567]: Invalid user sns from 103.200.25.159
Oct 15 07:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3567]: input_userauth_request: invalid user sns [preauth]
Oct 15 07:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3567]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 07:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3567]: Failed password for invalid user sns from 103.200.25.159 port 51134 ssh2
Oct 15 07:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3567]: Received disconnect from 103.200.25.159 port 51134:11: Bye Bye [preauth]
Oct 15 07:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3567]: Disconnected from 103.200.25.159 port 51134 [preauth]
Oct 15 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3591]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3589]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3586]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3650]: Successful su for rubyman by root
Oct 15 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3650]: + ??? root:rubyman
Oct 15 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416305 of user rubyman.
Oct 15 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3650]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416305.
Oct 15 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[323]: pam_unix(cron:session): session closed for user root
Oct 15 07:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3587]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: Invalid user adrien from 14.225.220.107
Oct 15 07:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: input_userauth_request: invalid user adrien [preauth]
Oct 15 07:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: Failed password for invalid user adrien from 14.225.220.107 port 43254 ssh2
Oct 15 07:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: Received disconnect from 14.225.220.107 port 43254:11: Bye Bye [preauth]
Oct 15 07:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3945]: Disconnected from 14.225.220.107 port 43254 [preauth]
Oct 15 07:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2640]: pam_unix(cron:session): session closed for user root
Oct 15 07:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162  user=root
Oct 15 07:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Failed password for root from 103.140.73.162 port 56730 ssh2
Oct 15 07:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Received disconnect from 103.140.73.162 port 56730:11: Bye Bye [preauth]
Oct 15 07:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Disconnected from 103.140.73.162 port 56730 [preauth]
Oct 15 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4052]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4051]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4049]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4048]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4052]: pam_unix(cron:session): session closed for user root
Oct 15 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4044]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4131]: Successful su for rubyman by root
Oct 15 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4131]: + ??? root:rubyman
Oct 15 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416310 of user rubyman.
Oct 15 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4131]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416310.
Oct 15 07:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: Invalid user scpuser from 103.20.223.95
Oct 15 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: input_userauth_request: invalid user scpuser [preauth]
Oct 15 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: Failed password for invalid user scpuser from 103.20.223.95 port 33110 ssh2
Oct 15 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: Received disconnect from 103.20.223.95 port 33110:11: Bye Bye [preauth]
Oct 15 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: Disconnected from 103.20.223.95 port 33110 [preauth]
Oct 15 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4048]: pam_unix(cron:session): session closed for user root
Oct 15 07:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[821]: pam_unix(cron:session): session closed for user root
Oct 15 07:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139  user=root
Oct 15 07:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66  user=root
Oct 15 07:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: Failed password for root from 89.218.69.66 port 9518 ssh2
Oct 15 07:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: Received disconnect from 89.218.69.66 port 9518:11: Bye Bye [preauth]
Oct 15 07:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4378]: Disconnected from 89.218.69.66 port 9518 [preauth]
Oct 15 07:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4376]: Failed password for root from 202.143.111.139 port 9626 ssh2
Oct 15 07:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4376]: Received disconnect from 202.143.111.139 port 9626:11: Bye Bye [preauth]
Oct 15 07:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4376]: Disconnected from 202.143.111.139 port 9626 [preauth]
Oct 15 07:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4045]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3094]: pam_unix(cron:session): session closed for user root
Oct 15 07:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159  user=root
Oct 15 07:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4544]: Failed password for root from 103.200.25.159 port 60048 ssh2
Oct 15 07:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4544]: Received disconnect from 103.200.25.159 port 60048:11: Bye Bye [preauth]
Oct 15 07:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4544]: Disconnected from 103.200.25.159 port 60048 [preauth]
Oct 15 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4625]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4627]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4619]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4721]: Successful su for rubyman by root
Oct 15 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4721]: + ??? root:rubyman
Oct 15 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416314 of user rubyman.
Oct 15 07:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4721]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416314.
Oct 15 07:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1517]: pam_unix(cron:session): session closed for user root
Oct 15 07:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: Invalid user sophia from 164.68.105.9
Oct 15 07:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: input_userauth_request: invalid user sophia [preauth]
Oct 15 07:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 07:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4624]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: Failed password for invalid user sophia from 164.68.105.9 port 48832 ssh2
Oct 15 07:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5097]: Connection closed by 164.68.105.9 port 48832 [preauth]
Oct 15 07:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5213]: Invalid user pablo from 103.140.73.162
Oct 15 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5213]: input_userauth_request: invalid user pablo [preauth]
Oct 15 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5213]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5213]: Failed password for invalid user pablo from 103.140.73.162 port 36258 ssh2
Oct 15 07:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5213]: Received disconnect from 103.140.73.162 port 36258:11: Bye Bye [preauth]
Oct 15 07:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5213]: Disconnected from 103.140.73.162 port 36258 [preauth]
Oct 15 07:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Invalid user kuba from 14.225.220.107
Oct 15 07:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: input_userauth_request: invalid user kuba [preauth]
Oct 15 07:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Failed password for invalid user kuba from 14.225.220.107 port 48118 ssh2
Oct 15 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Received disconnect from 14.225.220.107 port 48118:11: Bye Bye [preauth]
Oct 15 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Disconnected from 14.225.220.107 port 48118 [preauth]
Oct 15 07:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3591]: pam_unix(cron:session): session closed for user root
Oct 15 07:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: Invalid user yhx from 89.218.69.66
Oct 15 07:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: input_userauth_request: invalid user yhx [preauth]
Oct 15 07:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: Failed password for invalid user yhx from 89.218.69.66 port 60514 ssh2
Oct 15 07:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: Received disconnect from 89.218.69.66 port 60514:11: Bye Bye [preauth]
Oct 15 07:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5552]: Disconnected from 89.218.69.66 port 60514 [preauth]
Oct 15 07:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: Invalid user usuario2 from 202.143.111.139
Oct 15 07:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: input_userauth_request: invalid user usuario2 [preauth]
Oct 15 07:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: Failed password for invalid user usuario2 from 202.143.111.139 port 11596 ssh2
Oct 15 07:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: Received disconnect from 202.143.111.139 port 11596:11: Bye Bye [preauth]
Oct 15 07:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: Disconnected from 202.143.111.139 port 11596 [preauth]
Oct 15 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5606]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5605]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5601]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5601]: pam_unix(cron:session): session closed for user root
Oct 15 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5603]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5686]: Successful su for rubyman by root
Oct 15 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5686]: + ??? root:rubyman
Oct 15 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416319 of user rubyman.
Oct 15 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5686]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416319.
Oct 15 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Invalid user qihang from 103.20.223.95
Oct 15 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: input_userauth_request: invalid user qihang [preauth]
Oct 15 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Failed password for invalid user qihang from 103.20.223.95 port 37226 ssh2
Oct 15 07:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Received disconnect from 103.20.223.95 port 37226:11: Bye Bye [preauth]
Oct 15 07:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Disconnected from 103.20.223.95 port 37226 [preauth]
Oct 15 07:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2174]: pam_unix(cron:session): session closed for user root
Oct 15 07:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5604]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5983]: Did not receive identification string from 67.170.193.165
Oct 15 07:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: Invalid user dns from 103.200.25.159
Oct 15 07:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: input_userauth_request: invalid user dns [preauth]
Oct 15 07:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 07:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: Failed password for invalid user dns from 103.200.25.159 port 55190 ssh2
Oct 15 07:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: Received disconnect from 103.200.25.159 port 55190:11: Bye Bye [preauth]
Oct 15 07:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6006]: Disconnected from 103.200.25.159 port 55190 [preauth]
Oct 15 07:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4051]: pam_unix(cron:session): session closed for user root
Oct 15 07:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162  user=root
Oct 15 07:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: Failed password for root from 103.140.73.162 port 52162 ssh2
Oct 15 07:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: Received disconnect from 103.140.73.162 port 52162:11: Bye Bye [preauth]
Oct 15 07:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6087]: Disconnected from 103.140.73.162 port 52162 [preauth]
Oct 15 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6105]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6104]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6099]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6179]: Successful su for rubyman by root
Oct 15 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6179]: + ??? root:rubyman
Oct 15 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416323 of user rubyman.
Oct 15 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6179]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416323.
Oct 15 07:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2639]: pam_unix(cron:session): session closed for user root
Oct 15 07:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: Invalid user ftpuser from 89.218.69.66
Oct 15 07:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 07:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: Failed password for invalid user ftpuser from 89.218.69.66 port 1492 ssh2
Oct 15 07:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: Received disconnect from 89.218.69.66 port 1492:11: Bye Bye [preauth]
Oct 15 07:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: Disconnected from 89.218.69.66 port 1492 [preauth]
Oct 15 07:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6103]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: Invalid user gh from 14.225.220.107
Oct 15 07:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: input_userauth_request: invalid user gh [preauth]
Oct 15 07:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: Failed password for invalid user gh from 14.225.220.107 port 52188 ssh2
Oct 15 07:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: Received disconnect from 14.225.220.107 port 52188:11: Bye Bye [preauth]
Oct 15 07:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: Disconnected from 14.225.220.107 port 52188 [preauth]
Oct 15 07:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: Invalid user ftpuser from 202.143.111.139
Oct 15 07:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 07:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: Failed password for invalid user ftpuser from 202.143.111.139 port 64931 ssh2
Oct 15 07:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: Received disconnect from 202.143.111.139 port 64931:11: Bye Bye [preauth]
Oct 15 07:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6436]: Disconnected from 202.143.111.139 port 64931 [preauth]
Oct 15 07:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4627]: pam_unix(cron:session): session closed for user root
Oct 15 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6582]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6583]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6578]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6736]: Successful su for rubyman by root
Oct 15 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6736]: + ??? root:rubyman
Oct 15 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416330 of user rubyman.
Oct 15 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6736]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416330.
Oct 15 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: Invalid user laravel from 103.20.223.95
Oct 15 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: input_userauth_request: invalid user laravel [preauth]
Oct 15 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: Failed password for invalid user laravel from 103.20.223.95 port 50868 ssh2
Oct 15 07:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: Received disconnect from 103.20.223.95 port 50868:11: Bye Bye [preauth]
Oct 15 07:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: Disconnected from 103.20.223.95 port 50868 [preauth]
Oct 15 07:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3093]: pam_unix(cron:session): session closed for user root
Oct 15 07:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
Oct 15 07:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Failed password for root from 194.0.234.19 port 49600 ssh2
Oct 15 07:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Connection closed by 194.0.234.19 port 49600 [preauth]
Oct 15 07:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6581]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Invalid user mongo from 103.200.25.159
Oct 15 07:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: input_userauth_request: invalid user mongo [preauth]
Oct 15 07:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 07:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Failed password for invalid user mongo from 103.200.25.159 port 56274 ssh2
Oct 15 07:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Received disconnect from 103.200.25.159 port 56274:11: Bye Bye [preauth]
Oct 15 07:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6993]: Disconnected from 103.200.25.159 port 56274 [preauth]
Oct 15 07:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7028]: Invalid user yhx from 103.140.73.162
Oct 15 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7028]: input_userauth_request: invalid user yhx [preauth]
Oct 15 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7028]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7028]: Failed password for invalid user yhx from 103.140.73.162 port 56730 ssh2
Oct 15 07:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7028]: Received disconnect from 103.140.73.162 port 56730:11: Bye Bye [preauth]
Oct 15 07:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7028]: Disconnected from 103.140.73.162 port 56730 [preauth]
Oct 15 07:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5606]: pam_unix(cron:session): session closed for user root
Oct 15 07:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7081]: Invalid user team2 from 89.218.69.66
Oct 15 07:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7081]: input_userauth_request: invalid user team2 [preauth]
Oct 15 07:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7081]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7081]: Failed password for invalid user team2 from 89.218.69.66 port 47227 ssh2
Oct 15 07:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7081]: Received disconnect from 89.218.69.66 port 47227:11: Bye Bye [preauth]
Oct 15 07:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7081]: Disconnected from 89.218.69.66 port 47227 [preauth]
Oct 15 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7226]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7224]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7229]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7225]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7229]: pam_unix(cron:session): session closed for user root
Oct 15 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7222]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7214]: Invalid user steam from 202.143.111.139
Oct 15 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7214]: input_userauth_request: invalid user steam [preauth]
Oct 15 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7214]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7302]: Successful su for rubyman by root
Oct 15 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7302]: + ??? root:rubyman
Oct 15 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416331 of user rubyman.
Oct 15 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7302]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416331.
Oct 15 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7214]: Failed password for invalid user steam from 202.143.111.139 port 9254 ssh2
Oct 15 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7214]: Received disconnect from 202.143.111.139 port 9254:11: Bye Bye [preauth]
Oct 15 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7214]: Disconnected from 202.143.111.139 port 9254 [preauth]
Oct 15 07:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7224]: pam_unix(cron:session): session closed for user root
Oct 15 07:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3589]: pam_unix(cron:session): session closed for user root
Oct 15 07:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107  user=root
Oct 15 07:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: Failed password for root from 14.225.220.107 port 33268 ssh2
Oct 15 07:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: Received disconnect from 14.225.220.107 port 33268:11: Bye Bye [preauth]
Oct 15 07:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7538]: Disconnected from 14.225.220.107 port 33268 [preauth]
Oct 15 07:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7223]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6105]: pam_unix(cron:session): session closed for user root
Oct 15 07:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: Invalid user student from 103.20.223.95
Oct 15 07:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: input_userauth_request: invalid user student [preauth]
Oct 15 07:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: Failed password for invalid user student from 103.20.223.95 port 49316 ssh2
Oct 15 07:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: Received disconnect from 103.20.223.95 port 49316:11: Bye Bye [preauth]
Oct 15 07:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: Disconnected from 103.20.223.95 port 49316 [preauth]
Oct 15 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7733]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7734]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7731]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7732]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7731]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7818]: Successful su for rubyman by root
Oct 15 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7818]: + ??? root:rubyman
Oct 15 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7818]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416340 of user rubyman.
Oct 15 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7818]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416340.
Oct 15 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: Invalid user git from 103.140.73.162
Oct 15 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: input_userauth_request: invalid user git [preauth]
Oct 15 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Invalid user sharan from 89.218.69.66
Oct 15 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: input_userauth_request: invalid user sharan [preauth]
Oct 15 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: Failed password for invalid user git from 103.140.73.162 port 53092 ssh2
Oct 15 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: Received disconnect from 103.140.73.162 port 53092:11: Bye Bye [preauth]
Oct 15 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7804]: Disconnected from 103.140.73.162 port 53092 [preauth]
Oct 15 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Failed password for invalid user sharan from 89.218.69.66 port 29554 ssh2
Oct 15 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Received disconnect from 89.218.69.66 port 29554:11: Bye Bye [preauth]
Oct 15 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Disconnected from 89.218.69.66 port 29554 [preauth]
Oct 15 07:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4049]: pam_unix(cron:session): session closed for user root
Oct 15 07:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159  user=root
Oct 15 07:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: Failed password for root from 103.200.25.159 port 59298 ssh2
Oct 15 07:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: Received disconnect from 103.200.25.159 port 59298:11: Bye Bye [preauth]
Oct 15 07:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: Disconnected from 103.200.25.159 port 59298 [preauth]
Oct 15 07:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7732]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: Invalid user papa from 202.143.111.139
Oct 15 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: input_userauth_request: invalid user papa [preauth]
Oct 15 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: Failed password for invalid user papa from 202.143.111.139 port 3228 ssh2
Oct 15 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: Received disconnect from 202.143.111.139 port 3228:11: Bye Bye [preauth]
Oct 15 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: Disconnected from 202.143.111.139 port 3228 [preauth]
Oct 15 07:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6583]: pam_unix(cron:session): session closed for user root
Oct 15 07:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Did not receive identification string from 67.170.193.165
Oct 15 07:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: Invalid user roman from 14.225.220.107
Oct 15 07:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: input_userauth_request: invalid user roman [preauth]
Oct 15 07:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: Failed password for invalid user roman from 14.225.220.107 port 42110 ssh2
Oct 15 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: Received disconnect from 14.225.220.107 port 42110:11: Bye Bye [preauth]
Oct 15 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8654]: Disconnected from 14.225.220.107 port 42110 [preauth]
Oct 15 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8671]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8673]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8670]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8669]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8669]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8741]: Successful su for rubyman by root
Oct 15 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8741]: + ??? root:rubyman
Oct 15 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8741]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416343 of user rubyman.
Oct 15 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8741]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416343.
Oct 15 07:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4625]: pam_unix(cron:session): session closed for user root
Oct 15 07:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8670]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50  user=root
Oct 15 07:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9075]: Failed password for root from 188.18.49.50 port 44832 ssh2
Oct 15 07:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9075]: Received disconnect from 188.18.49.50 port 44832:11: Bye Bye [preauth]
Oct 15 07:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9075]: Disconnected from 188.18.49.50 port 44832 [preauth]
Oct 15 07:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: Invalid user infoserve from 103.140.73.162
Oct 15 07:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: input_userauth_request: invalid user infoserve [preauth]
Oct 15 07:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: Invalid user ibrahim from 89.218.69.66
Oct 15 07:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: input_userauth_request: invalid user ibrahim [preauth]
Oct 15 07:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: Failed password for invalid user infoserve from 103.140.73.162 port 40554 ssh2
Oct 15 07:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: Received disconnect from 103.140.73.162 port 40554:11: Bye Bye [preauth]
Oct 15 07:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9131]: Disconnected from 103.140.73.162 port 40554 [preauth]
Oct 15 07:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: Failed password for invalid user ibrahim from 89.218.69.66 port 60126 ssh2
Oct 15 07:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: Received disconnect from 89.218.69.66 port 60126:11: Bye Bye [preauth]
Oct 15 07:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9236]: Disconnected from 89.218.69.66 port 60126 [preauth]
Oct 15 07:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7226]: pam_unix(cron:session): session closed for user root
Oct 15 07:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: Invalid user anon from 103.20.223.95
Oct 15 07:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: input_userauth_request: invalid user anon [preauth]
Oct 15 07:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: Failed password for invalid user anon from 103.20.223.95 port 36466 ssh2
Oct 15 07:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: Received disconnect from 103.20.223.95 port 36466:11: Bye Bye [preauth]
Oct 15 07:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9345]: Disconnected from 103.20.223.95 port 36466 [preauth]
Oct 15 07:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: Invalid user debian from 103.200.25.159
Oct 15 07:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: input_userauth_request: invalid user debian [preauth]
Oct 15 07:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 07:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: Failed password for invalid user debian from 103.200.25.159 port 55622 ssh2
Oct 15 07:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: Received disconnect from 103.200.25.159 port 55622:11: Bye Bye [preauth]
Oct 15 07:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9362]: Disconnected from 103.200.25.159 port 55622 [preauth]
Oct 15 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9367]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9368]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9365]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9461]: Successful su for rubyman by root
Oct 15 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9461]: + ??? root:rubyman
Oct 15 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416345 of user rubyman.
Oct 15 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9461]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416345.
Oct 15 07:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9434]: Invalid user serge from 202.143.111.139
Oct 15 07:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9434]: input_userauth_request: invalid user serge [preauth]
Oct 15 07:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9434]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9434]: Failed password for invalid user serge from 202.143.111.139 port 39501 ssh2
Oct 15 07:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9434]: Received disconnect from 202.143.111.139 port 39501:11: Bye Bye [preauth]
Oct 15 07:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9434]: Disconnected from 202.143.111.139 port 39501 [preauth]
Oct 15 07:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5605]: pam_unix(cron:session): session closed for user root
Oct 15 07:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9366]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7734]: pam_unix(cron:session): session closed for user root
Oct 15 07:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: Invalid user yhx from 14.225.220.107
Oct 15 07:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: input_userauth_request: invalid user yhx [preauth]
Oct 15 07:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: Failed password for invalid user yhx from 14.225.220.107 port 50232 ssh2
Oct 15 07:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: Received disconnect from 14.225.220.107 port 50232:11: Bye Bye [preauth]
Oct 15 07:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: Disconnected from 14.225.220.107 port 50232 [preauth]
Oct 15 07:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9976]: Invalid user user from 80.94.95.115
Oct 15 07:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9976]: input_userauth_request: invalid user user [preauth]
Oct 15 07:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9976]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Oct 15 07:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: Invalid user infoserve from 89.218.69.66
Oct 15 07:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: input_userauth_request: invalid user infoserve [preauth]
Oct 15 07:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9976]: Failed password for invalid user user from 80.94.95.115 port 51638 ssh2
Oct 15 07:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9976]: Connection closed by 80.94.95.115 port 51638 [preauth]
Oct 15 07:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: Failed password for invalid user infoserve from 89.218.69.66 port 37115 ssh2
Oct 15 07:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: Received disconnect from 89.218.69.66 port 37115:11: Bye Bye [preauth]
Oct 15 07:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: Disconnected from 89.218.69.66 port 37115 [preauth]
Oct 15 07:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: Invalid user ftpuser from 103.140.73.162
Oct 15 07:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 07:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10013]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10009]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10007]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: Failed password for invalid user ftpuser from 103.140.73.162 port 46542 ssh2
Oct 15 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: Received disconnect from 103.140.73.162 port 46542:11: Bye Bye [preauth]
Oct 15 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: Disconnected from 103.140.73.162 port 46542 [preauth]
Oct 15 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10082]: Successful su for rubyman by root
Oct 15 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10082]: + ??? root:rubyman
Oct 15 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416350 of user rubyman.
Oct 15 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10082]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416350.
Oct 15 07:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6104]: pam_unix(cron:session): session closed for user root
Oct 15 07:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10008]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8673]: pam_unix(cron:session): session closed for user root
Oct 15 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10431]: Invalid user meysam from 202.143.111.139
Oct 15 07:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10431]: input_userauth_request: invalid user meysam [preauth]
Oct 15 07:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10431]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10431]: Failed password for invalid user meysam from 202.143.111.139 port 31241 ssh2
Oct 15 07:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10431]: Received disconnect from 202.143.111.139 port 31241:11: Bye Bye [preauth]
Oct 15 07:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10431]: Disconnected from 202.143.111.139 port 31241 [preauth]
Oct 15 07:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10464]: Invalid user gc from 103.200.25.159
Oct 15 07:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10464]: input_userauth_request: invalid user gc [preauth]
Oct 15 07:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10464]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 07:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95  user=root
Oct 15 07:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10464]: Failed password for invalid user gc from 103.200.25.159 port 43916 ssh2
Oct 15 07:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10464]: Received disconnect from 103.200.25.159 port 43916:11: Bye Bye [preauth]
Oct 15 07:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10464]: Disconnected from 103.200.25.159 port 43916 [preauth]
Oct 15 07:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: Failed password for root from 103.20.223.95 port 46702 ssh2
Oct 15 07:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: Received disconnect from 103.20.223.95 port 46702:11: Bye Bye [preauth]
Oct 15 07:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: Disconnected from 103.20.223.95 port 46702 [preauth]
Oct 15 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10510]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10508]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10507]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10511]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10511]: pam_unix(cron:session): session closed for user root
Oct 15 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10505]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10589]: Successful su for rubyman by root
Oct 15 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10589]: + ??? root:rubyman
Oct 15 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416355 of user rubyman.
Oct 15 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10589]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416355.
Oct 15 07:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10507]: pam_unix(cron:session): session closed for user root
Oct 15 07:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6582]: pam_unix(cron:session): session closed for user root
Oct 15 07:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10506]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66  user=root
Oct 15 07:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10886]: Failed password for root from 89.218.69.66 port 27427 ssh2
Oct 15 07:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10886]: Received disconnect from 89.218.69.66 port 27427:11: Bye Bye [preauth]
Oct 15 07:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10886]: Disconnected from 89.218.69.66 port 27427 [preauth]
Oct 15 07:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: Invalid user ubuntu from 103.140.73.162
Oct 15 07:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 07:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: Failed password for invalid user ubuntu from 103.140.73.162 port 53532 ssh2
Oct 15 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: Received disconnect from 103.140.73.162 port 53532:11: Bye Bye [preauth]
Oct 15 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: Disconnected from 103.140.73.162 port 53532 [preauth]
Oct 15 07:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: Invalid user sharan from 14.225.220.107
Oct 15 07:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: input_userauth_request: invalid user sharan [preauth]
Oct 15 07:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9368]: pam_unix(cron:session): session closed for user root
Oct 15 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: Failed password for invalid user sharan from 14.225.220.107 port 33050 ssh2
Oct 15 07:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: Received disconnect from 14.225.220.107 port 33050:11: Bye Bye [preauth]
Oct 15 07:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10923]: Disconnected from 14.225.220.107 port 33050 [preauth]
Oct 15 07:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: Did not receive identification string from 67.170.193.165
Oct 15 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11015]: Bad protocol version identification '\003' from 138.197.27.1 port 61848
Oct 15 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11020]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11021]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11017]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11096]: Successful su for rubyman by root
Oct 15 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11096]: + ??? root:rubyman
Oct 15 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416359 of user rubyman.
Oct 15 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11096]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416359.
Oct 15 07:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7225]: pam_unix(cron:session): session closed for user root
Oct 15 07:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11018]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: Invalid user eprints from 202.143.111.139
Oct 15 07:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: input_userauth_request: invalid user eprints [preauth]
Oct 15 07:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: Failed password for invalid user eprints from 202.143.111.139 port 39711 ssh2
Oct 15 07:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: Received disconnect from 202.143.111.139 port 39711:11: Bye Bye [preauth]
Oct 15 07:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11342]: Disconnected from 202.143.111.139 port 39711 [preauth]
Oct 15 07:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11365]: Did not receive identification string from 67.170.193.165
Oct 15 07:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Did not receive identification string from 67.170.193.165
Oct 15 07:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10013]: pam_unix(cron:session): session closed for user root
Oct 15 07:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159  user=root
Oct 15 07:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: Failed password for root from 103.200.25.159 port 54108 ssh2
Oct 15 07:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: Received disconnect from 103.200.25.159 port 54108:11: Bye Bye [preauth]
Oct 15 07:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11437]: Disconnected from 103.200.25.159 port 54108 [preauth]
Oct 15 07:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95  user=root
Oct 15 07:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: Invalid user rubel from 89.218.69.66
Oct 15 07:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: input_userauth_request: invalid user rubel [preauth]
Oct 15 07:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: Failed password for root from 103.20.223.95 port 41816 ssh2
Oct 15 07:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: Received disconnect from 103.20.223.95 port 41816:11: Bye Bye [preauth]
Oct 15 07:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: Disconnected from 103.20.223.95 port 41816 [preauth]
Oct 15 07:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: Failed password for invalid user rubel from 89.218.69.66 port 11252 ssh2
Oct 15 07:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: Received disconnect from 89.218.69.66 port 11252:11: Bye Bye [preauth]
Oct 15 07:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11485]: Disconnected from 89.218.69.66 port 11252 [preauth]
Oct 15 07:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162  user=root
Oct 15 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11522]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11521]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11519]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: Failed password for root from 103.140.73.162 port 51752 ssh2
Oct 15 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: Received disconnect from 103.140.73.162 port 51752:11: Bye Bye [preauth]
Oct 15 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11504]: Disconnected from 103.140.73.162 port 51752 [preauth]
Oct 15 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11597]: Successful su for rubyman by root
Oct 15 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11597]: + ??? root:rubyman
Oct 15 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416364 of user rubyman.
Oct 15 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11597]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416364.
Oct 15 07:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7733]: pam_unix(cron:session): session closed for user root
Oct 15 07:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11520]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: Invalid user itadmin from 14.225.220.107
Oct 15 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: input_userauth_request: invalid user itadmin [preauth]
Oct 15 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: Invalid user sk from 188.18.49.50
Oct 15 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: input_userauth_request: invalid user sk [preauth]
Oct 15 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50
Oct 15 07:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: Failed password for invalid user itadmin from 14.225.220.107 port 48374 ssh2
Oct 15 07:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: Received disconnect from 14.225.220.107 port 48374:11: Bye Bye [preauth]
Oct 15 07:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: Disconnected from 14.225.220.107 port 48374 [preauth]
Oct 15 07:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: Failed password for invalid user sk from 188.18.49.50 port 54295 ssh2
Oct 15 07:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: Received disconnect from 188.18.49.50 port 54295:11: Bye Bye [preauth]
Oct 15 07:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: Disconnected from 188.18.49.50 port 54295 [preauth]
Oct 15 07:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10510]: pam_unix(cron:session): session closed for user root
Oct 15 07:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: Invalid user wms from 202.143.111.139
Oct 15 07:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: input_userauth_request: invalid user wms [preauth]
Oct 15 07:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: Failed password for invalid user wms from 202.143.111.139 port 36046 ssh2
Oct 15 07:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: Received disconnect from 202.143.111.139 port 36046:11: Bye Bye [preauth]
Oct 15 07:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: Disconnected from 202.143.111.139 port 36046 [preauth]
Oct 15 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12098]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12099]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12096]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12177]: Successful su for rubyman by root
Oct 15 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12177]: + ??? root:rubyman
Oct 15 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416369 of user rubyman.
Oct 15 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12177]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416369.
Oct 15 07:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8671]: pam_unix(cron:session): session closed for user root
Oct 15 07:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12097]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: Invalid user terrariaserver from 89.218.69.66
Oct 15 07:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: input_userauth_request: invalid user terrariaserver [preauth]
Oct 15 07:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: Failed password for invalid user terrariaserver from 89.218.69.66 port 50199 ssh2
Oct 15 07:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: Received disconnect from 89.218.69.66 port 50199:11: Bye Bye [preauth]
Oct 15 07:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: Disconnected from 89.218.69.66 port 50199 [preauth]
Oct 15 07:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: User mysql from 103.140.73.162 not allowed because not listed in AllowUsers
Oct 15 07:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: input_userauth_request: invalid user mysql [preauth]
Oct 15 07:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162  user=mysql
Oct 15 07:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: Failed password for invalid user mysql from 103.140.73.162 port 46438 ssh2
Oct 15 07:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: Received disconnect from 103.140.73.162 port 46438:11: Bye Bye [preauth]
Oct 15 07:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12456]: Disconnected from 103.140.73.162 port 46438 [preauth]
Oct 15 07:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159  user=root
Oct 15 07:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12490]: Failed password for root from 103.200.25.159 port 35874 ssh2
Oct 15 07:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12490]: Received disconnect from 103.200.25.159 port 35874:11: Bye Bye [preauth]
Oct 15 07:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12490]: Disconnected from 103.200.25.159 port 35874 [preauth]
Oct 15 07:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11021]: pam_unix(cron:session): session closed for user root
Oct 15 07:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: Invalid user bobi from 103.20.223.95
Oct 15 07:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: input_userauth_request: invalid user bobi [preauth]
Oct 15 07:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: Failed password for invalid user bobi from 103.20.223.95 port 43252 ssh2
Oct 15 07:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: Received disconnect from 103.20.223.95 port 43252:11: Bye Bye [preauth]
Oct 15 07:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: Disconnected from 103.20.223.95 port 43252 [preauth]
Oct 15 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12589]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12588]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12585]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12683]: Successful su for rubyman by root
Oct 15 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12683]: + ??? root:rubyman
Oct 15 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416373 of user rubyman.
Oct 15 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12683]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416373.
Oct 15 07:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9367]: pam_unix(cron:session): session closed for user root
Oct 15 07:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12586]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107  user=root
Oct 15 07:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: Failed password for root from 14.225.220.107 port 58550 ssh2
Oct 15 07:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: Received disconnect from 14.225.220.107 port 58550:11: Bye Bye [preauth]
Oct 15 07:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: Disconnected from 14.225.220.107 port 58550 [preauth]
Oct 15 07:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Invalid user pop from 202.143.111.139
Oct 15 07:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: input_userauth_request: invalid user pop [preauth]
Oct 15 07:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Failed password for invalid user pop from 202.143.111.139 port 27020 ssh2
Oct 15 07:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Received disconnect from 202.143.111.139 port 27020:11: Bye Bye [preauth]
Oct 15 07:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Disconnected from 202.143.111.139 port 27020 [preauth]
Oct 15 07:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11522]: pam_unix(cron:session): session closed for user root
Oct 15 07:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13090]: Invalid user josh from 89.218.69.66
Oct 15 07:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13090]: input_userauth_request: invalid user josh [preauth]
Oct 15 07:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13090]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13090]: Failed password for invalid user josh from 89.218.69.66 port 11017 ssh2
Oct 15 07:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13090]: Received disconnect from 89.218.69.66 port 11017:11: Bye Bye [preauth]
Oct 15 07:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13090]: Disconnected from 89.218.69.66 port 11017 [preauth]
Oct 15 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13116]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13114]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13115]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13113]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13116]: pam_unix(cron:session): session closed for user root
Oct 15 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13110]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13185]: Successful su for rubyman by root
Oct 15 07:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13185]: + ??? root:rubyman
Oct 15 07:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416380 of user rubyman.
Oct 15 07:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13185]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416380.
Oct 15 07:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13113]: pam_unix(cron:session): session closed for user root
Oct 15 07:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10009]: pam_unix(cron:session): session closed for user root
Oct 15 07:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Invalid user ctarazona from 103.140.73.162
Oct 15 07:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: input_userauth_request: invalid user ctarazona [preauth]
Oct 15 07:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Failed password for invalid user ctarazona from 103.140.73.162 port 58922 ssh2
Oct 15 07:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Received disconnect from 103.140.73.162 port 58922:11: Bye Bye [preauth]
Oct 15 07:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13507]: Disconnected from 103.140.73.162 port 58922 [preauth]
Oct 15 07:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13112]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Invalid user laravel from 103.200.25.159
Oct 15 07:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: input_userauth_request: invalid user laravel [preauth]
Oct 15 07:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 07:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Failed password for invalid user laravel from 103.200.25.159 port 50918 ssh2
Oct 15 07:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Received disconnect from 103.200.25.159 port 50918:11: Bye Bye [preauth]
Oct 15 07:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Disconnected from 103.200.25.159 port 50918 [preauth]
Oct 15 07:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12099]: pam_unix(cron:session): session closed for user root
Oct 15 07:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: Invalid user hugo from 103.20.223.95
Oct 15 07:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: input_userauth_request: invalid user hugo [preauth]
Oct 15 07:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13732]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13733]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13730]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: Failed password for invalid user hugo from 103.20.223.95 port 54006 ssh2
Oct 15 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: Received disconnect from 103.20.223.95 port 54006:11: Bye Bye [preauth]
Oct 15 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: Disconnected from 103.20.223.95 port 54006 [preauth]
Oct 15 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13843]: Successful su for rubyman by root
Oct 15 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13843]: + ??? root:rubyman
Oct 15 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13843]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416383 of user rubyman.
Oct 15 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13843]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416383.
Oct 15 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: Invalid user garrysmod from 202.143.111.139
Oct 15 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: input_userauth_request: invalid user garrysmod [preauth]
Oct 15 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: Failed password for invalid user garrysmod from 202.143.111.139 port 46088 ssh2
Oct 15 07:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: Received disconnect from 202.143.111.139 port 46088:11: Bye Bye [preauth]
Oct 15 07:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13922]: Disconnected from 202.143.111.139 port 46088 [preauth]
Oct 15 07:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10508]: pam_unix(cron:session): session closed for user root
Oct 15 07:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13731]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107  user=root
Oct 15 07:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14180]: Failed password for root from 14.225.220.107 port 57194 ssh2
Oct 15 07:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14180]: Received disconnect from 14.225.220.107 port 57194:11: Bye Bye [preauth]
Oct 15 07:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14180]: Disconnected from 14.225.220.107 port 57194 [preauth]
Oct 15 07:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66  user=root
Oct 15 07:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Failed password for root from 89.218.69.66 port 17043 ssh2
Oct 15 07:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Received disconnect from 89.218.69.66 port 17043:11: Bye Bye [preauth]
Oct 15 07:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Disconnected from 89.218.69.66 port 17043 [preauth]
Oct 15 07:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
Oct 15 07:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12589]: pam_unix(cron:session): session closed for user root
Oct 15 07:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: Failed password for root from 80.94.95.115 port 30748 ssh2
Oct 15 07:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14235]: Connection closed by 80.94.95.115 port 30748 [preauth]
Oct 15 07:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: Invalid user atl from 103.140.73.162
Oct 15 07:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: input_userauth_request: invalid user atl [preauth]
Oct 15 07:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: Failed password for invalid user atl from 103.140.73.162 port 32916 ssh2
Oct 15 07:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: Received disconnect from 103.140.73.162 port 32916:11: Bye Bye [preauth]
Oct 15 07:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14283]: Disconnected from 103.140.73.162 port 32916 [preauth]
Oct 15 07:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 15 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14304]: Failed password for root from 190.103.202.7 port 60688 ssh2
Oct 15 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14304]: Connection closed by 190.103.202.7 port 60688 [preauth]
Oct 15 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14317]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14318]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14315]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14383]: Successful su for rubyman by root
Oct 15 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14383]: + ??? root:rubyman
Oct 15 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14383]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416386 of user rubyman.
Oct 15 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14383]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416386.
Oct 15 07:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11020]: pam_unix(cron:session): session closed for user root
Oct 15 07:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14316]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: Invalid user ftpuser from 103.200.25.159
Oct 15 07:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 07:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 07:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: Failed password for invalid user ftpuser from 103.200.25.159 port 46272 ssh2
Oct 15 07:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: Received disconnect from 103.200.25.159 port 46272:11: Bye Bye [preauth]
Oct 15 07:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14638]: Disconnected from 103.200.25.159 port 46272 [preauth]
Oct 15 07:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50  user=root
Oct 15 07:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13115]: pam_unix(cron:session): session closed for user root
Oct 15 07:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139  user=root
Oct 15 07:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: Failed password for root from 188.18.49.50 port 57305 ssh2
Oct 15 07:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: Received disconnect from 188.18.49.50 port 57305:11: Bye Bye [preauth]
Oct 15 07:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: Disconnected from 188.18.49.50 port 57305 [preauth]
Oct 15 07:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: Failed password for root from 202.143.111.139 port 19488 ssh2
Oct 15 07:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: Received disconnect from 202.143.111.139 port 19488:11: Bye Bye [preauth]
Oct 15 07:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: Disconnected from 202.143.111.139 port 19488 [preauth]
Oct 15 07:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14757]: Invalid user ander from 89.218.69.66
Oct 15 07:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14757]: input_userauth_request: invalid user ander [preauth]
Oct 15 07:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14757]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14757]: Failed password for invalid user ander from 89.218.69.66 port 20287 ssh2
Oct 15 07:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14757]: Received disconnect from 89.218.69.66 port 20287:11: Bye Bye [preauth]
Oct 15 07:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14757]: Disconnected from 89.218.69.66 port 20287 [preauth]
Oct 15 07:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14771]: Invalid user ts3 from 103.20.223.95
Oct 15 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14771]: input_userauth_request: invalid user ts3 [preauth]
Oct 15 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14771]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14784]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14781]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14778]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14879]: Successful su for rubyman by root
Oct 15 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14879]: + ??? root:rubyman
Oct 15 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416390 of user rubyman.
Oct 15 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14879]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416390.
Oct 15 07:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14771]: Failed password for invalid user ts3 from 103.20.223.95 port 39378 ssh2
Oct 15 07:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14771]: Received disconnect from 103.20.223.95 port 39378:11: Bye Bye [preauth]
Oct 15 07:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14771]: Disconnected from 103.20.223.95 port 39378 [preauth]
Oct 15 07:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11521]: pam_unix(cron:session): session closed for user root
Oct 15 07:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14779]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162  user=root
Oct 15 07:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107  user=root
Oct 15 07:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: Failed password for root from 103.140.73.162 port 55508 ssh2
Oct 15 07:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: Received disconnect from 103.140.73.162 port 55508:11: Bye Bye [preauth]
Oct 15 07:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: Disconnected from 103.140.73.162 port 55508 [preauth]
Oct 15 07:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: Failed password for root from 14.225.220.107 port 34810 ssh2
Oct 15 07:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: Received disconnect from 14.225.220.107 port 34810:11: Bye Bye [preauth]
Oct 15 07:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15230]: Disconnected from 14.225.220.107 port 34810 [preauth]
Oct 15 07:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13733]: pam_unix(cron:session): session closed for user root
Oct 15 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15383]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15382]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15380]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15444]: Successful su for rubyman by root
Oct 15 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15444]: + ??? root:rubyman
Oct 15 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416395 of user rubyman.
Oct 15 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15444]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416395.
Oct 15 07:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12098]: pam_unix(cron:session): session closed for user root
Oct 15 07:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15381]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139  user=root
Oct 15 07:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: Failed password for root from 202.143.111.139 port 36994 ssh2
Oct 15 07:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: Received disconnect from 202.143.111.139 port 36994:11: Bye Bye [preauth]
Oct 15 07:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: Disconnected from 202.143.111.139 port 36994 [preauth]
Oct 15 07:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: Invalid user atl from 89.218.69.66
Oct 15 07:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: input_userauth_request: invalid user atl [preauth]
Oct 15 07:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: Failed password for invalid user atl from 89.218.69.66 port 15466 ssh2
Oct 15 07:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: Received disconnect from 89.218.69.66 port 15466:11: Bye Bye [preauth]
Oct 15 07:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15688]: Disconnected from 89.218.69.66 port 15466 [preauth]
Oct 15 07:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Did not receive identification string from 67.170.193.165
Oct 15 07:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14318]: pam_unix(cron:session): session closed for user root
Oct 15 07:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159  user=root
Oct 15 07:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15787]: Failed password for root from 103.200.25.159 port 51102 ssh2
Oct 15 07:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15787]: Received disconnect from 103.200.25.159 port 51102:11: Bye Bye [preauth]
Oct 15 07:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15787]: Disconnected from 103.200.25.159 port 51102 [preauth]
Oct 15 07:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15823]: Invalid user rocky from 103.140.73.162
Oct 15 07:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15823]: input_userauth_request: invalid user rocky [preauth]
Oct 15 07:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15823]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Invalid user admin from 2.57.121.112
Oct 15 07:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: input_userauth_request: invalid user admin [preauth]
Oct 15 07:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 07:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: Invalid user suraj from 103.20.223.95
Oct 15 07:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: input_userauth_request: invalid user suraj [preauth]
Oct 15 07:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15823]: Failed password for invalid user rocky from 103.140.73.162 port 49362 ssh2
Oct 15 07:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Failed password for invalid user admin from 2.57.121.112 port 8059 ssh2
Oct 15 07:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15823]: Received disconnect from 103.140.73.162 port 49362:11: Bye Bye [preauth]
Oct 15 07:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15823]: Disconnected from 103.140.73.162 port 49362 [preauth]
Oct 15 07:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: Failed password for invalid user suraj from 103.20.223.95 port 33530 ssh2
Oct 15 07:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: Received disconnect from 103.20.223.95 port 33530:11: Bye Bye [preauth]
Oct 15 07:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: Disconnected from 103.20.223.95 port 33530 [preauth]
Oct 15 07:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Failed password for invalid user admin from 2.57.121.112 port 8059 ssh2
Oct 15 07:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15844]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15845]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15846]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15847]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15847]: pam_unix(cron:session): session closed for user root
Oct 15 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15842]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Failed password for invalid user admin from 2.57.121.112 port 8059 ssh2
Oct 15 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15922]: Successful su for rubyman by root
Oct 15 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15922]: + ??? root:rubyman
Oct 15 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416401 of user rubyman.
Oct 15 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15922]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416401.
Oct 15 07:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Failed password for invalid user admin from 2.57.121.112 port 8059 ssh2
Oct 15 07:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Failed password for invalid user admin from 2.57.121.112 port 8059 ssh2
Oct 15 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Received disconnect from 2.57.121.112 port 8059:11: Bye [preauth]
Oct 15 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Disconnected from 2.57.121.112 port 8059 [preauth]
Oct 15 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 07:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15844]: pam_unix(cron:session): session closed for user root
Oct 15 07:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12588]: pam_unix(cron:session): session closed for user root
Oct 15 07:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15843]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: Invalid user pablo from 14.225.220.107
Oct 15 07:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: input_userauth_request: invalid user pablo [preauth]
Oct 15 07:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: Failed password for invalid user pablo from 14.225.220.107 port 49766 ssh2
Oct 15 07:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: Received disconnect from 14.225.220.107 port 49766:11: Bye Bye [preauth]
Oct 15 07:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16200]: Disconnected from 14.225.220.107 port 49766 [preauth]
Oct 15 07:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14784]: pam_unix(cron:session): session closed for user root
Oct 15 07:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: Invalid user ubuntu from 89.218.69.66
Oct 15 07:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 07:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: Failed password for invalid user ubuntu from 89.218.69.66 port 8428 ssh2
Oct 15 07:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: Received disconnect from 89.218.69.66 port 8428:11: Bye Bye [preauth]
Oct 15 07:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16287]: Disconnected from 89.218.69.66 port 8428 [preauth]
Oct 15 07:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139  user=root
Oct 15 07:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Failed password for root from 202.143.111.139 port 61135 ssh2
Oct 15 07:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Received disconnect from 202.143.111.139 port 61135:11: Bye Bye [preauth]
Oct 15 07:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16314]: Disconnected from 202.143.111.139 port 61135 [preauth]
Oct 15 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16349]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16350]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16347]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16427]: Successful su for rubyman by root
Oct 15 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16427]: + ??? root:rubyman
Oct 15 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416405 of user rubyman.
Oct 15 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16427]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416405.
Oct 15 07:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13114]: pam_unix(cron:session): session closed for user root
Oct 15 07:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16348]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Invalid user roman from 103.140.73.162
Oct 15 07:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: input_userauth_request: invalid user roman [preauth]
Oct 15 07:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Failed password for invalid user roman from 103.140.73.162 port 40730 ssh2
Oct 15 07:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Received disconnect from 103.140.73.162 port 40730:11: Bye Bye [preauth]
Oct 15 07:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Disconnected from 103.140.73.162 port 40730 [preauth]
Oct 15 07:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15383]: pam_unix(cron:session): session closed for user root
Oct 15 07:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159  user=root
Oct 15 07:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: Failed password for root from 103.200.25.159 port 50986 ssh2
Oct 15 07:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: Received disconnect from 103.200.25.159 port 50986:11: Bye Bye [preauth]
Oct 15 07:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: Disconnected from 103.200.25.159 port 50986 [preauth]
Oct 15 07:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16813]: Invalid user gc from 103.20.223.95
Oct 15 07:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16813]: input_userauth_request: invalid user gc [preauth]
Oct 15 07:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16813]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16813]: Failed password for invalid user gc from 103.20.223.95 port 36598 ssh2
Oct 15 07:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16813]: Received disconnect from 103.20.223.95 port 36598:11: Bye Bye [preauth]
Oct 15 07:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16813]: Disconnected from 103.20.223.95 port 36598 [preauth]
Oct 15 07:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: Invalid user ubuntu from 186.96.145.241
Oct 15 07:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 07:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 15 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: Failed password for invalid user ubuntu from 186.96.145.241 port 60738 ssh2
Oct 15 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: Connection closed by 186.96.145.241 port 60738 [preauth]
Oct 15 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16840]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16839]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16837]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16908]: Successful su for rubyman by root
Oct 15 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16908]: + ??? root:rubyman
Oct 15 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416409 of user rubyman.
Oct 15 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16908]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416409.
Oct 15 07:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13732]: pam_unix(cron:session): session closed for user root
Oct 15 07:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: Invalid user roman from 89.218.69.66
Oct 15 07:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: input_userauth_request: invalid user roman [preauth]
Oct 15 07:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16838]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107  user=root
Oct 15 07:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: Failed password for invalid user roman from 89.218.69.66 port 21553 ssh2
Oct 15 07:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: Received disconnect from 89.218.69.66 port 21553:11: Bye Bye [preauth]
Oct 15 07:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: Disconnected from 89.218.69.66 port 21553 [preauth]
Oct 15 07:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: Failed password for root from 14.225.220.107 port 36354 ssh2
Oct 15 07:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: Received disconnect from 14.225.220.107 port 36354:11: Bye Bye [preauth]
Oct 15 07:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: Disconnected from 14.225.220.107 port 36354 [preauth]
Oct 15 07:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15846]: pam_unix(cron:session): session closed for user root
Oct 15 07:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 15 07:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: Failed password for root from 164.68.105.9 port 58392 ssh2
Oct 15 07:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: Connection closed by 164.68.105.9 port 58392 [preauth]
Oct 15 07:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: Invalid user sahar from 202.143.111.139
Oct 15 07:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: input_userauth_request: invalid user sahar [preauth]
Oct 15 07:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: Failed password for invalid user sahar from 202.143.111.139 port 11175 ssh2
Oct 15 07:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: Received disconnect from 202.143.111.139 port 11175:11: Bye Bye [preauth]
Oct 15 07:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: Disconnected from 202.143.111.139 port 11175 [preauth]
Oct 15 07:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162  user=root
Oct 15 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17317]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17316]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17314]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17303]: Failed password for root from 103.140.73.162 port 34400 ssh2
Oct 15 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17303]: Received disconnect from 103.140.73.162 port 34400:11: Bye Bye [preauth]
Oct 15 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17303]: Disconnected from 103.140.73.162 port 34400 [preauth]
Oct 15 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17390]: Successful su for rubyman by root
Oct 15 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17390]: + ??? root:rubyman
Oct 15 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416411 of user rubyman.
Oct 15 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17390]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416411.
Oct 15 07:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14317]: pam_unix(cron:session): session closed for user root
Oct 15 07:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159  user=root
Oct 15 07:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: Failed password for root from 103.200.25.159 port 36612 ssh2
Oct 15 07:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: Received disconnect from 103.200.25.159 port 36612:11: Bye Bye [preauth]
Oct 15 07:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: Disconnected from 103.200.25.159 port 36612 [preauth]
Oct 15 07:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16350]: pam_unix(cron:session): session closed for user root
Oct 15 07:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66  user=root
Oct 15 07:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17740]: Failed password for root from 89.218.69.66 port 3636 ssh2
Oct 15 07:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17740]: Received disconnect from 89.218.69.66 port 3636:11: Bye Bye [preauth]
Oct 15 07:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17740]: Disconnected from 89.218.69.66 port 3636 [preauth]
Oct 15 07:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: Invalid user mongo from 103.20.223.95
Oct 15 07:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: input_userauth_request: invalid user mongo [preauth]
Oct 15 07:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: Failed password for invalid user mongo from 103.20.223.95 port 36144 ssh2
Oct 15 07:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: Received disconnect from 103.20.223.95 port 36144:11: Bye Bye [preauth]
Oct 15 07:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: Disconnected from 103.20.223.95 port 36144 [preauth]
Oct 15 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17852]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17850]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17837]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17839]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18045]: Successful su for rubyman by root
Oct 15 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18045]: + ??? root:rubyman
Oct 15 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18045]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416417 of user rubyman.
Oct 15 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18045]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416417.
Oct 15 07:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17837]: pam_unix(cron:session): session closed for user root
Oct 15 07:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14781]: pam_unix(cron:session): session closed for user root
Oct 15 07:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17848]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: Invalid user terrariaserver from 14.225.220.107
Oct 15 07:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: input_userauth_request: invalid user terrariaserver [preauth]
Oct 15 07:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: Failed password for invalid user terrariaserver from 14.225.220.107 port 51950 ssh2
Oct 15 07:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: Received disconnect from 14.225.220.107 port 51950:11: Bye Bye [preauth]
Oct 15 07:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: Disconnected from 14.225.220.107 port 51950 [preauth]
Oct 15 07:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162  user=root
Oct 15 07:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: Failed password for root from 103.140.73.162 port 50234 ssh2
Oct 15 07:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: Received disconnect from 103.140.73.162 port 50234:11: Bye Bye [preauth]
Oct 15 07:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18575]: Disconnected from 103.140.73.162 port 50234 [preauth]
Oct 15 07:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16840]: pam_unix(cron:session): session closed for user root
Oct 15 07:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: Invalid user charan from 202.143.111.139
Oct 15 07:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: input_userauth_request: invalid user charan [preauth]
Oct 15 07:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: Failed password for invalid user charan from 202.143.111.139 port 38018 ssh2
Oct 15 07:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: Received disconnect from 202.143.111.139 port 38018:11: Bye Bye [preauth]
Oct 15 07:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: Disconnected from 202.143.111.139 port 38018 [preauth]
Oct 15 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18683]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18686]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18682]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18684]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18686]: pam_unix(cron:session): session closed for user root
Oct 15 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18680]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18765]: Successful su for rubyman by root
Oct 15 07:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18765]: + ??? root:rubyman
Oct 15 07:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416425 of user rubyman.
Oct 15 07:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18765]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416425.
Oct 15 07:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18682]: pam_unix(cron:session): session closed for user root
Oct 15 07:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15382]: pam_unix(cron:session): session closed for user root
Oct 15 07:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18931]: Invalid user pablo from 89.218.69.66
Oct 15 07:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18931]: input_userauth_request: invalid user pablo [preauth]
Oct 15 07:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18931]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18931]: Failed password for invalid user pablo from 89.218.69.66 port 35676 ssh2
Oct 15 07:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18931]: Received disconnect from 89.218.69.66 port 35676:11: Bye Bye [preauth]
Oct 15 07:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18931]: Disconnected from 89.218.69.66 port 35676 [preauth]
Oct 15 07:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: Invalid user sosemaloku from 103.200.25.159
Oct 15 07:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: input_userauth_request: invalid user sosemaloku [preauth]
Oct 15 07:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 07:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18681]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: Failed password for invalid user sosemaloku from 103.200.25.159 port 48294 ssh2
Oct 15 07:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: Received disconnect from 103.200.25.159 port 48294:11: Bye Bye [preauth]
Oct 15 07:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: Disconnected from 103.200.25.159 port 48294 [preauth]
Oct 15 07:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17317]: pam_unix(cron:session): session closed for user root
Oct 15 07:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95  user=root
Oct 15 07:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19310]: Failed password for root from 103.20.223.95 port 57544 ssh2
Oct 15 07:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19310]: Received disconnect from 103.20.223.95 port 57544:11: Bye Bye [preauth]
Oct 15 07:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19310]: Disconnected from 103.20.223.95 port 57544 [preauth]
Oct 15 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19439]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19440]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19437]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19620]: Successful su for rubyman by root
Oct 15 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19620]: + ??? root:rubyman
Oct 15 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416429 of user rubyman.
Oct 15 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19620]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416429.
Oct 15 07:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: Invalid user terrariaserver from 103.140.73.162
Oct 15 07:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: input_userauth_request: invalid user terrariaserver [preauth]
Oct 15 07:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: Failed password for invalid user terrariaserver from 103.140.73.162 port 37988 ssh2
Oct 15 07:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: Received disconnect from 103.140.73.162 port 37988:11: Bye Bye [preauth]
Oct 15 07:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19842]: Disconnected from 103.140.73.162 port 37988 [preauth]
Oct 15 07:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15845]: pam_unix(cron:session): session closed for user root
Oct 15 07:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19973]: Invalid user steam from 194.0.234.19
Oct 15 07:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19973]: input_userauth_request: invalid user steam [preauth]
Oct 15 07:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19973]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Oct 15 07:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19438]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: Invalid user atl from 14.225.220.107
Oct 15 07:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: input_userauth_request: invalid user atl [preauth]
Oct 15 07:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19973]: Failed password for invalid user steam from 194.0.234.19 port 21656 ssh2
Oct 15 07:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19973]: Connection closed by 194.0.234.19 port 21656 [preauth]
Oct 15 07:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: Failed password for invalid user atl from 14.225.220.107 port 40992 ssh2
Oct 15 07:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: Received disconnect from 14.225.220.107 port 40992:11: Bye Bye [preauth]
Oct 15 07:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20001]: Disconnected from 14.225.220.107 port 40992 [preauth]
Oct 15 07:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20028]: Invalid user erpuser from 202.143.111.139
Oct 15 07:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20028]: input_userauth_request: invalid user erpuser [preauth]
Oct 15 07:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20028]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20028]: Failed password for invalid user erpuser from 202.143.111.139 port 19227 ssh2
Oct 15 07:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20028]: Received disconnect from 202.143.111.139 port 19227:11: Bye Bye [preauth]
Oct 15 07:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20028]: Disconnected from 202.143.111.139 port 19227 [preauth]
Oct 15 07:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17852]: pam_unix(cron:session): session closed for user root
Oct 15 07:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66  user=root
Oct 15 07:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: Failed password for root from 89.218.69.66 port 31411 ssh2
Oct 15 07:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: Received disconnect from 89.218.69.66 port 31411:11: Bye Bye [preauth]
Oct 15 07:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: Disconnected from 89.218.69.66 port 31411 [preauth]
Oct 15 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20198]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20197]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20192]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20296]: Successful su for rubyman by root
Oct 15 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20296]: + ??? root:rubyman
Oct 15 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416432 of user rubyman.
Oct 15 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20296]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416432.
Oct 15 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159  user=root
Oct 15 07:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: Failed password for root from 103.200.25.159 port 58562 ssh2
Oct 15 07:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: Received disconnect from 103.200.25.159 port 58562:11: Bye Bye [preauth]
Oct 15 07:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: Disconnected from 103.200.25.159 port 58562 [preauth]
Oct 15 07:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16349]: pam_unix(cron:session): session closed for user root
Oct 15 07:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20193]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162  user=root
Oct 15 07:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18684]: pam_unix(cron:session): session closed for user root
Oct 15 07:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: Failed password for root from 103.140.73.162 port 58566 ssh2
Oct 15 07:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: Received disconnect from 103.140.73.162 port 58566:11: Bye Bye [preauth]
Oct 15 07:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: Disconnected from 103.140.73.162 port 58566 [preauth]
Oct 15 07:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20642]: Invalid user parisa from 103.20.223.95
Oct 15 07:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20642]: input_userauth_request: invalid user parisa [preauth]
Oct 15 07:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20642]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20642]: Failed password for invalid user parisa from 103.20.223.95 port 47412 ssh2
Oct 15 07:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20642]: Received disconnect from 103.20.223.95 port 47412:11: Bye Bye [preauth]
Oct 15 07:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20642]: Disconnected from 103.20.223.95 port 47412 [preauth]
Oct 15 07:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: Invalid user usuario from 188.18.49.50
Oct 15 07:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: input_userauth_request: invalid user usuario [preauth]
Oct 15 07:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50
Oct 15 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20698]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20699]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20695]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: Failed password for invalid user usuario from 188.18.49.50 port 45466 ssh2
Oct 15 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: Received disconnect from 188.18.49.50 port 45466:11: Bye Bye [preauth]
Oct 15 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20671]: Disconnected from 188.18.49.50 port 45466 [preauth]
Oct 15 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20782]: Successful su for rubyman by root
Oct 15 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20782]: + ??? root:rubyman
Oct 15 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416434 of user rubyman.
Oct 15 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20782]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416434.
Oct 15 07:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20854]: Invalid user intelbras from 202.143.111.139
Oct 15 07:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20854]: input_userauth_request: invalid user intelbras [preauth]
Oct 15 07:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20854]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20854]: Failed password for invalid user intelbras from 202.143.111.139 port 8796 ssh2
Oct 15 07:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16839]: pam_unix(cron:session): session closed for user root
Oct 15 07:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20854]: Received disconnect from 202.143.111.139 port 8796:11: Bye Bye [preauth]
Oct 15 07:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20854]: Disconnected from 202.143.111.139 port 8796 [preauth]
Oct 15 07:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20696]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: Invalid user alex from 89.218.69.66
Oct 15 07:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: input_userauth_request: invalid user alex [preauth]
Oct 15 07:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: Failed password for invalid user alex from 89.218.69.66 port 45517 ssh2
Oct 15 07:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: Received disconnect from 89.218.69.66 port 45517:11: Bye Bye [preauth]
Oct 15 07:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21012]: Disconnected from 89.218.69.66 port 45517 [preauth]
Oct 15 07:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Invalid user rocky from 14.225.220.107
Oct 15 07:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: input_userauth_request: invalid user rocky [preauth]
Oct 15 07:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Failed password for invalid user rocky from 14.225.220.107 port 38076 ssh2
Oct 15 07:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Received disconnect from 14.225.220.107 port 38076:11: Bye Bye [preauth]
Oct 15 07:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Disconnected from 14.225.220.107 port 38076 [preauth]
Oct 15 07:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19440]: pam_unix(cron:session): session closed for user root
Oct 15 07:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: Invalid user test from 103.200.25.159
Oct 15 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: input_userauth_request: invalid user test [preauth]
Oct 15 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21165]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21164]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21162]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21230]: Successful su for rubyman by root
Oct 15 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21230]: + ??? root:rubyman
Oct 15 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416438 of user rubyman.
Oct 15 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21230]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416438.
Oct 15 07:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: Failed password for invalid user test from 103.200.25.159 port 51882 ssh2
Oct 15 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: Received disconnect from 103.200.25.159 port 51882:11: Bye Bye [preauth]
Oct 15 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: Disconnected from 103.200.25.159 port 51882 [preauth]
Oct 15 07:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17316]: pam_unix(cron:session): session closed for user root
Oct 15 07:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: Invalid user alex from 103.140.73.162
Oct 15 07:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: input_userauth_request: invalid user alex [preauth]
Oct 15 07:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21163]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: Failed password for invalid user alex from 103.140.73.162 port 60624 ssh2
Oct 15 07:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: Received disconnect from 103.140.73.162 port 60624:11: Bye Bye [preauth]
Oct 15 07:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21507]: Disconnected from 103.140.73.162 port 60624 [preauth]
Oct 15 07:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20198]: pam_unix(cron:session): session closed for user root
Oct 15 07:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139  user=root
Oct 15 07:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Failed password for root from 202.143.111.139 port 26001 ssh2
Oct 15 07:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Received disconnect from 202.143.111.139 port 26001:11: Bye Bye [preauth]
Oct 15 07:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Disconnected from 202.143.111.139 port 26001 [preauth]
Oct 15 07:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95  user=root
Oct 15 07:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: Failed password for root from 103.20.223.95 port 54468 ssh2
Oct 15 07:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: Received disconnect from 103.20.223.95 port 54468:11: Bye Bye [preauth]
Oct 15 07:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: Disconnected from 103.20.223.95 port 54468 [preauth]
Oct 15 07:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: Invalid user git from 89.218.69.66
Oct 15 07:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: input_userauth_request: invalid user git [preauth]
Oct 15 07:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: Failed password for invalid user git from 89.218.69.66 port 1840 ssh2
Oct 15 07:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: Received disconnect from 89.218.69.66 port 1840:11: Bye Bye [preauth]
Oct 15 07:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: Disconnected from 89.218.69.66 port 1840 [preauth]
Oct 15 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21699]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21695]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21696]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21697]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21694]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21700]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21700]: pam_unix(cron:session): session closed for user root
Oct 15 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21694]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21780]: Successful su for rubyman by root
Oct 15 07:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21780]: + ??? root:rubyman
Oct 15 07:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416442 of user rubyman.
Oct 15 07:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21780]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416442.
Oct 15 07:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21696]: pam_unix(cron:session): session closed for user root
Oct 15 07:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17850]: pam_unix(cron:session): session closed for user root
Oct 15 07:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22003]: Invalid user rubel from 14.225.220.107
Oct 15 07:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22003]: input_userauth_request: invalid user rubel [preauth]
Oct 15 07:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22003]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22003]: Failed password for invalid user rubel from 14.225.220.107 port 43706 ssh2
Oct 15 07:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22003]: Received disconnect from 14.225.220.107 port 43706:11: Bye Bye [preauth]
Oct 15 07:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22003]: Disconnected from 14.225.220.107 port 43706 [preauth]
Oct 15 07:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21695]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20699]: pam_unix(cron:session): session closed for user root
Oct 15 07:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22214]: Invalid user tw from 103.200.25.159
Oct 15 07:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22214]: input_userauth_request: invalid user tw [preauth]
Oct 15 07:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22214]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 07:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: Invalid user kuba from 103.140.73.162
Oct 15 07:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: input_userauth_request: invalid user kuba [preauth]
Oct 15 07:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22214]: Failed password for invalid user tw from 103.200.25.159 port 40358 ssh2
Oct 15 07:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22214]: Received disconnect from 103.200.25.159 port 40358:11: Bye Bye [preauth]
Oct 15 07:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22214]: Disconnected from 103.200.25.159 port 40358 [preauth]
Oct 15 07:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: Failed password for invalid user kuba from 103.140.73.162 port 52116 ssh2
Oct 15 07:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: Received disconnect from 103.140.73.162 port 52116:11: Bye Bye [preauth]
Oct 15 07:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: Disconnected from 103.140.73.162 port 52116 [preauth]
Oct 15 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22250]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22249]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22246]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22330]: Successful su for rubyman by root
Oct 15 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22330]: + ??? root:rubyman
Oct 15 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416448 of user rubyman.
Oct 15 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22330]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416448.
Oct 15 07:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18683]: pam_unix(cron:session): session closed for user root
Oct 15 07:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22247]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: Invalid user ollama from 202.143.111.139
Oct 15 07:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: input_userauth_request: invalid user ollama [preauth]
Oct 15 07:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: Invalid user hacluster from 80.94.95.116
Oct 15 07:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: input_userauth_request: invalid user hacluster [preauth]
Oct 15 07:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: Failed password for invalid user ollama from 202.143.111.139 port 45924 ssh2
Oct 15 07:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: Received disconnect from 202.143.111.139 port 45924:11: Bye Bye [preauth]
Oct 15 07:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22556]: Disconnected from 202.143.111.139 port 45924 [preauth]
Oct 15 07:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 07:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: Invalid user ctarazona from 89.218.69.66
Oct 15 07:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: input_userauth_request: invalid user ctarazona [preauth]
Oct 15 07:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: Failed password for invalid user hacluster from 80.94.95.116 port 50914 ssh2
Oct 15 07:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22546]: Connection closed by 80.94.95.116 port 50914 [preauth]
Oct 15 07:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: Failed password for invalid user ctarazona from 89.218.69.66 port 10286 ssh2
Oct 15 07:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: Received disconnect from 89.218.69.66 port 10286:11: Bye Bye [preauth]
Oct 15 07:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: Disconnected from 89.218.69.66 port 10286 [preauth]
Oct 15 07:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21165]: pam_unix(cron:session): session closed for user root
Oct 15 07:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95  user=root
Oct 15 07:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22710]: Failed password for root from 103.20.223.95 port 38172 ssh2
Oct 15 07:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22710]: Received disconnect from 103.20.223.95 port 38172:11: Bye Bye [preauth]
Oct 15 07:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22710]: Disconnected from 103.20.223.95 port 38172 [preauth]
Oct 15 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22919]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22918]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22916]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23129]: Successful su for rubyman by root
Oct 15 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23129]: + ??? root:rubyman
Oct 15 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23129]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416452 of user rubyman.
Oct 15 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23129]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416452.
Oct 15 07:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23182]: Invalid user royal from 14.225.220.107
Oct 15 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23182]: input_userauth_request: invalid user royal [preauth]
Oct 15 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23182]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23182]: Failed password for invalid user royal from 14.225.220.107 port 54430 ssh2
Oct 15 07:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23182]: Received disconnect from 14.225.220.107 port 54430:11: Bye Bye [preauth]
Oct 15 07:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23182]: Disconnected from 14.225.220.107 port 54430 [preauth]
Oct 15 07:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19439]: pam_unix(cron:session): session closed for user root
Oct 15 07:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22917]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124  user=root
Oct 15 07:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23272]: Failed password for root from 138.68.58.124 port 51114 ssh2
Oct 15 07:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23272]: Connection closed by 138.68.58.124 port 51114 [preauth]
Oct 15 07:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: Invalid user adrien from 103.140.73.162
Oct 15 07:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: input_userauth_request: invalid user adrien [preauth]
Oct 15 07:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: Failed password for invalid user adrien from 103.140.73.162 port 32942 ssh2
Oct 15 07:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: Received disconnect from 103.140.73.162 port 32942:11: Bye Bye [preauth]
Oct 15 07:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23777]: Disconnected from 103.140.73.162 port 32942 [preauth]
Oct 15 07:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21699]: pam_unix(cron:session): session closed for user root
Oct 15 07:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139  user=root
Oct 15 07:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66  user=root
Oct 15 07:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23871]: Failed password for root from 202.143.111.139 port 62543 ssh2
Oct 15 07:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23871]: Received disconnect from 202.143.111.139 port 62543:11: Bye Bye [preauth]
Oct 15 07:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23871]: Disconnected from 202.143.111.139 port 62543 [preauth]
Oct 15 07:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23873]: Failed password for root from 89.218.69.66 port 35835 ssh2
Oct 15 07:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23873]: Received disconnect from 89.218.69.66 port 35835:11: Bye Bye [preauth]
Oct 15 07:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23873]: Disconnected from 89.218.69.66 port 35835 [preauth]
Oct 15 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23908]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23904]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23907]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23901]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23983]: Successful su for rubyman by root
Oct 15 07:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23983]: + ??? root:rubyman
Oct 15 07:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416458 of user rubyman.
Oct 15 07:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23983]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416458.
Oct 15 07:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20197]: pam_unix(cron:session): session closed for user root
Oct 15 07:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23904]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22250]: pam_unix(cron:session): session closed for user root
Oct 15 07:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24380]: Connection closed by 103.200.25.159 port 43894 [preauth]
Oct 15 07:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: Invalid user test from 103.20.223.95
Oct 15 07:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: input_userauth_request: invalid user test [preauth]
Oct 15 07:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: Failed password for invalid user test from 103.20.223.95 port 37090 ssh2
Oct 15 07:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: Received disconnect from 103.20.223.95 port 37090:11: Bye Bye [preauth]
Oct 15 07:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24414]: Disconnected from 103.20.223.95 port 37090 [preauth]
Oct 15 07:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Invalid user alex from 14.225.220.107
Oct 15 07:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: input_userauth_request: invalid user alex [preauth]
Oct 15 07:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Failed password for invalid user alex from 14.225.220.107 port 60246 ssh2
Oct 15 07:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24433]: Invalid user solutec from 103.140.73.162
Oct 15 07:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24433]: input_userauth_request: invalid user solutec [preauth]
Oct 15 07:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24433]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162
Oct 15 07:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Received disconnect from 14.225.220.107 port 60246:11: Bye Bye [preauth]
Oct 15 07:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Disconnected from 14.225.220.107 port 60246 [preauth]
Oct 15 07:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24433]: Failed password for invalid user solutec from 103.140.73.162 port 46492 ssh2
Oct 15 07:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24433]: Received disconnect from 103.140.73.162 port 46492:11: Bye Bye [preauth]
Oct 15 07:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24433]: Disconnected from 103.140.73.162 port 46492 [preauth]
Oct 15 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50  user=root
Oct 15 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24450]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24451]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24447]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24529]: Successful su for rubyman by root
Oct 15 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24529]: + ??? root:rubyman
Oct 15 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416462 of user rubyman.
Oct 15 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24529]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416462.
Oct 15 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24416]: Failed password for root from 188.18.49.50 port 53355 ssh2
Oct 15 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24416]: Received disconnect from 188.18.49.50 port 53355:11: Bye Bye [preauth]
Oct 15 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24416]: Disconnected from 188.18.49.50 port 53355 [preauth]
Oct 15 07:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20698]: pam_unix(cron:session): session closed for user root
Oct 15 07:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24448]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24789]: Invalid user itadmin from 89.218.69.66
Oct 15 07:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24789]: input_userauth_request: invalid user itadmin [preauth]
Oct 15 07:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24789]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66
Oct 15 07:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24789]: Failed password for invalid user itadmin from 89.218.69.66 port 42588 ssh2
Oct 15 07:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24789]: Received disconnect from 89.218.69.66 port 42588:11: Bye Bye [preauth]
Oct 15 07:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24789]: Disconnected from 89.218.69.66 port 42588 [preauth]
Oct 15 07:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: Invalid user nikola from 202.143.111.139
Oct 15 07:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: input_userauth_request: invalid user nikola [preauth]
Oct 15 07:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.143.111.139
Oct 15 07:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: Failed password for invalid user nikola from 202.143.111.139 port 30136 ssh2
Oct 15 07:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: Received disconnect from 202.143.111.139 port 30136:11: Bye Bye [preauth]
Oct 15 07:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: Disconnected from 202.143.111.139 port 30136 [preauth]
Oct 15 07:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22919]: pam_unix(cron:session): session closed for user root
Oct 15 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24935]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24938]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24937]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24939]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24936]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24939]: pam_unix(cron:session): session closed for user root
Oct 15 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24933]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25033]: Successful su for rubyman by root
Oct 15 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25033]: + ??? root:rubyman
Oct 15 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416465 of user rubyman.
Oct 15 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25033]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416465.
Oct 15 07:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24936]: pam_unix(cron:session): session closed for user root
Oct 15 07:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21164]: pam_unix(cron:session): session closed for user root
Oct 15 07:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24935]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162  user=root
Oct 15 07:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: Failed password for root from 103.140.73.162 port 51262 ssh2
Oct 15 07:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: Received disconnect from 103.140.73.162 port 51262:11: Bye Bye [preauth]
Oct 15 07:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: Disconnected from 103.140.73.162 port 51262 [preauth]
Oct 15 07:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23908]: pam_unix(cron:session): session closed for user root
Oct 15 07:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.218.69.66  user=root
Oct 15 07:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: Failed password for root from 89.218.69.66 port 56238 ssh2
Oct 15 07:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: Received disconnect from 89.218.69.66 port 56238:11: Bye Bye [preauth]
Oct 15 07:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: Disconnected from 89.218.69.66 port 56238 [preauth]
Oct 15 07:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: Invalid user josh from 14.225.220.107
Oct 15 07:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: input_userauth_request: invalid user josh [preauth]
Oct 15 07:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: Failed password for invalid user josh from 14.225.220.107 port 34610 ssh2
Oct 15 07:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: Received disconnect from 14.225.220.107 port 34610:11: Bye Bye [preauth]
Oct 15 07:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25668]: Disconnected from 14.225.220.107 port 34610 [preauth]
Oct 15 07:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: Invalid user sosemaloku from 103.20.223.95
Oct 15 07:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: input_userauth_request: invalid user sosemaloku [preauth]
Oct 15 07:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: Failed password for invalid user sosemaloku from 103.20.223.95 port 43554 ssh2
Oct 15 07:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: Received disconnect from 103.20.223.95 port 43554:11: Bye Bye [preauth]
Oct 15 07:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25681]: Disconnected from 103.20.223.95 port 43554 [preauth]
Oct 15 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25697]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25699]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25695]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25772]: Successful su for rubyman by root
Oct 15 07:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25772]: + ??? root:rubyman
Oct 15 07:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416472 of user rubyman.
Oct 15 07:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25772]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416472.
Oct 15 07:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21697]: pam_unix(cron:session): session closed for user root
Oct 15 07:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25696]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24451]: pam_unix(cron:session): session closed for user root
Oct 15 07:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159  user=root
Oct 15 07:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26218]: Failed password for root from 103.200.25.159 port 60780 ssh2
Oct 15 07:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26218]: Received disconnect from 103.200.25.159 port 60780:11: Bye Bye [preauth]
Oct 15 07:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26218]: Disconnected from 103.200.25.159 port 60780 [preauth]
Oct 15 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26282]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26281]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26277]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26360]: Successful su for rubyman by root
Oct 15 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26360]: + ??? root:rubyman
Oct 15 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416475 of user rubyman.
Oct 15 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26360]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416475.
Oct 15 07:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.73.162  user=root
Oct 15 07:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22249]: pam_unix(cron:session): session closed for user root
Oct 15 07:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: Failed password for root from 103.140.73.162 port 60272 ssh2
Oct 15 07:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: Received disconnect from 103.140.73.162 port 60272:11: Bye Bye [preauth]
Oct 15 07:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: Disconnected from 103.140.73.162 port 60272 [preauth]
Oct 15 07:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26280]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24938]: pam_unix(cron:session): session closed for user root
Oct 15 07:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: Invalid user ander from 14.225.220.107
Oct 15 07:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: input_userauth_request: invalid user ander [preauth]
Oct 15 07:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 07:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: Failed password for invalid user ander from 14.225.220.107 port 49290 ssh2
Oct 15 07:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: Received disconnect from 14.225.220.107 port 49290:11: Bye Bye [preauth]
Oct 15 07:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: Disconnected from 14.225.220.107 port 49290 [preauth]
Oct 15 07:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26871]: Invalid user debian from 103.20.223.95
Oct 15 07:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26871]: input_userauth_request: invalid user debian [preauth]
Oct 15 07:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26871]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 07:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26871]: Failed password for invalid user debian from 103.20.223.95 port 50344 ssh2
Oct 15 07:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26871]: Received disconnect from 103.20.223.95 port 50344:11: Bye Bye [preauth]
Oct 15 07:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26871]: Disconnected from 103.20.223.95 port 50344 [preauth]
Oct 15 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26928]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26923]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27147]: Successful su for rubyman by root
Oct 15 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27147]: + ??? root:rubyman
Oct 15 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416478 of user rubyman.
Oct 15 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27147]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416478.
Oct 15 07:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22918]: pam_unix(cron:session): session closed for user root
Oct 15 07:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26924]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27462]: Invalid user qihang from 103.200.25.159
Oct 15 07:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27462]: input_userauth_request: invalid user qihang [preauth]
Oct 15 07:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27462]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 07:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27462]: Failed password for invalid user qihang from 103.200.25.159 port 33694 ssh2
Oct 15 07:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27462]: Received disconnect from 103.200.25.159 port 33694:11: Bye Bye [preauth]
Oct 15 07:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27462]: Disconnected from 103.200.25.159 port 33694 [preauth]
Oct 15 07:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25699]: pam_unix(cron:session): session closed for user root
Oct 15 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27738]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27732]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27924]: Successful su for rubyman by root
Oct 15 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27924]: + ??? root:rubyman
Oct 15 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27924]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416483 of user rubyman.
Oct 15 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27924]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416483.
Oct 15 07:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
Oct 15 07:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27923]: Failed password for root from 80.94.95.116 port 33470 ssh2
Oct 15 07:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27923]: Connection closed by 80.94.95.116 port 33470 [preauth]
Oct 15 07:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23907]: pam_unix(cron:session): session closed for user root
Oct 15 07:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27733]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107  user=root
Oct 15 07:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Failed password for root from 14.225.220.107 port 49964 ssh2
Oct 15 07:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Received disconnect from 14.225.220.107 port 49964:11: Bye Bye [preauth]
Oct 15 07:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Disconnected from 14.225.220.107 port 49964 [preauth]
Oct 15 07:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26282]: pam_unix(cron:session): session closed for user root
Oct 15 07:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95  user=root
Oct 15 07:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: Failed password for root from 103.20.223.95 port 58462 ssh2
Oct 15 07:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: Received disconnect from 103.20.223.95 port 58462:11: Bye Bye [preauth]
Oct 15 07:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28263]: Disconnected from 103.20.223.95 port 58462 [preauth]
Oct 15 07:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50  user=root
Oct 15 07:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: Failed password for root from 188.18.49.50 port 59633 ssh2
Oct 15 07:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: Received disconnect from 188.18.49.50 port 59633:11: Bye Bye [preauth]
Oct 15 07:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: Disconnected from 188.18.49.50 port 59633 [preauth]
Oct 15 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28338]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28340]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28339]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28334]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28340]: pam_unix(cron:session): session closed for user root
Oct 15 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28329]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28423]: Successful su for rubyman by root
Oct 15 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28423]: + ??? root:rubyman
Oct 15 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416490 of user rubyman.
Oct 15 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28423]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416490.
Oct 15 07:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28334]: pam_unix(cron:session): session closed for user root
Oct 15 07:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24450]: pam_unix(cron:session): session closed for user root
Oct 15 07:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28333]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: Invalid user anon from 103.200.25.159
Oct 15 07:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: input_userauth_request: invalid user anon [preauth]
Oct 15 07:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 07:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: Failed password for invalid user anon from 103.200.25.159 port 56800 ssh2
Oct 15 07:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: Received disconnect from 103.200.25.159 port 56800:11: Bye Bye [preauth]
Oct 15 07:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29043]: Disconnected from 103.200.25.159 port 56800 [preauth]
Oct 15 07:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26928]: pam_unix(cron:session): session closed for user root
Oct 15 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29220]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29219]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29218]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29217]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29217]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29311]: Successful su for rubyman by root
Oct 15 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29311]: + ??? root:rubyman
Oct 15 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416493 of user rubyman.
Oct 15 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29311]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416493.
Oct 15 07:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24937]: pam_unix(cron:session): session closed for user root
Oct 15 07:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29218]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107  user=root
Oct 15 07:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29574]: Failed password for root from 14.225.220.107 port 33286 ssh2
Oct 15 07:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29574]: Received disconnect from 14.225.220.107 port 33286:11: Bye Bye [preauth]
Oct 15 07:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29574]: Disconnected from 14.225.220.107 port 33286 [preauth]
Oct 15 07:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95  user=root
Oct 15 07:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29615]: Failed password for root from 103.20.223.95 port 45650 ssh2
Oct 15 07:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29615]: Received disconnect from 103.20.223.95 port 45650:11: Bye Bye [preauth]
Oct 15 07:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29615]: Disconnected from 103.20.223.95 port 45650 [preauth]
Oct 15 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 15 07:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29629]: Failed password for root from 164.68.105.9 port 49546 ssh2
Oct 15 07:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29629]: Connection closed by 164.68.105.9 port 49546 [preauth]
Oct 15 07:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27738]: pam_unix(cron:session): session closed for user root
Oct 15 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29749]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29750]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29746]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29746]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29832]: Successful su for rubyman by root
Oct 15 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29832]: + ??? root:rubyman
Oct 15 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416498 of user rubyman.
Oct 15 07:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29832]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416498.
Oct 15 07:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25697]: pam_unix(cron:session): session closed for user root
Oct 15 07:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: Invalid user ludmila from 103.200.25.159
Oct 15 07:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: input_userauth_request: invalid user ludmila [preauth]
Oct 15 07:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 07:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: Failed password for invalid user ludmila from 103.200.25.159 port 39870 ssh2
Oct 15 07:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: Received disconnect from 103.200.25.159 port 39870:11: Bye Bye [preauth]
Oct 15 07:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: Disconnected from 103.200.25.159 port 39870 [preauth]
Oct 15 07:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29747]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28339]: pam_unix(cron:session): session closed for user root
Oct 15 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30280]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30279]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30276]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30372]: Successful su for rubyman by root
Oct 15 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30372]: + ??? root:rubyman
Oct 15 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30372]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416501 of user rubyman.
Oct 15 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30372]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416501.
Oct 15 07:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26281]: pam_unix(cron:session): session closed for user root
Oct 15 07:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30277]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95  user=root
Oct 15 07:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: Failed password for root from 103.20.223.95 port 32930 ssh2
Oct 15 07:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: Received disconnect from 103.20.223.95 port 32930:11: Bye Bye [preauth]
Oct 15 07:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: Disconnected from 103.20.223.95 port 32930 [preauth]
Oct 15 07:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30742]: User mysql from 14.225.220.107 not allowed because not listed in AllowUsers
Oct 15 07:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30742]: input_userauth_request: invalid user mysql [preauth]
Oct 15 07:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107  user=mysql
Oct 15 07:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30742]: Failed password for invalid user mysql from 14.225.220.107 port 48650 ssh2
Oct 15 07:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30742]: Received disconnect from 14.225.220.107 port 48650:11: Bye Bye [preauth]
Oct 15 07:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30742]: Disconnected from 14.225.220.107 port 48650 [preauth]
Oct 15 07:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29220]: pam_unix(cron:session): session closed for user root
Oct 15 07:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 07:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Invalid user parisa from 103.200.25.159
Oct 15 07:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: input_userauth_request: invalid user parisa [preauth]
Oct 15 07:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 07:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 07:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Failed password for invalid user parisa from 103.200.25.159 port 54338 ssh2
Oct 15 07:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Received disconnect from 103.200.25.159 port 54338:11: Bye Bye [preauth]
Oct 15 07:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30841]: Disconnected from 103.200.25.159 port 54338 [preauth]
Oct 15 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30862]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30861]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30859]: pam_unix(cron:session): session closed for user p13x
Oct 15 07:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30929]: Successful su for rubyman by root
Oct 15 07:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30929]: + ??? root:rubyman
Oct 15 07:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 07:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416505 of user rubyman.
Oct 15 07:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30929]: pam_unix(su:session): session closed for user rubyman
Oct 15 07:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416505.
Oct 15 07:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26925]: pam_unix(cron:session): session closed for user root
Oct 15 07:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30860]: pam_unix(cron:session): session closed for user samftp
Oct 15 07:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29750]: pam_unix(cron:session): session closed for user root
Oct 15 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31336]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31337]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31334]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31335]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31333]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31337]: pam_unix(cron:session): session closed for user root
Oct 15 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31333]: pam_unix(cron:session): session closed for user root
Oct 15 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31329]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31507]: Successful su for rubyman by root
Oct 15 08:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31507]: + ??? root:rubyman
Oct 15 08:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416509 of user rubyman.
Oct 15 08:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31507]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416509.
Oct 15 08:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31334]: pam_unix(cron:session): session closed for user root
Oct 15 08:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session closed for user root
Oct 15 08:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: Invalid user solutec from 14.225.220.107
Oct 15 08:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: input_userauth_request: invalid user solutec [preauth]
Oct 15 08:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107
Oct 15 08:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: Failed password for invalid user solutec from 14.225.220.107 port 46648 ssh2
Oct 15 08:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: Received disconnect from 14.225.220.107 port 46648:11: Bye Bye [preauth]
Oct 15 08:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: Disconnected from 14.225.220.107 port 46648 [preauth]
Oct 15 08:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30280]: pam_unix(cron:session): session closed for user root
Oct 15 08:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32019]: Invalid user scpuser from 103.200.25.159
Oct 15 08:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32019]: input_userauth_request: invalid user scpuser [preauth]
Oct 15 08:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32019]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.200.25.159
Oct 15 08:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32019]: Failed password for invalid user scpuser from 103.200.25.159 port 45436 ssh2
Oct 15 08:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32019]: Received disconnect from 103.200.25.159 port 45436:11: Bye Bye [preauth]
Oct 15 08:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32019]: Disconnected from 103.200.25.159 port 45436 [preauth]
Oct 15 08:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50  user=root
Oct 15 08:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: Failed password for root from 188.18.49.50 port 41588 ssh2
Oct 15 08:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: Received disconnect from 188.18.49.50 port 41588:11: Bye Bye [preauth]
Oct 15 08:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32045]: Disconnected from 188.18.49.50 port 41588 [preauth]
Oct 15 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32098]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32100]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32096]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32252]: Successful su for rubyman by root
Oct 15 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32252]: + ??? root:rubyman
Oct 15 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416516 of user rubyman.
Oct 15 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32252]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416516.
Oct 15 08:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28338]: pam_unix(cron:session): session closed for user root
Oct 15 08:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32097]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: Invalid user sns from 103.20.223.95
Oct 15 08:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: input_userauth_request: invalid user sns [preauth]
Oct 15 08:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.20.223.95
Oct 15 08:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: Failed password for invalid user sns from 103.20.223.95 port 43122 ssh2
Oct 15 08:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: Received disconnect from 103.20.223.95 port 43122:11: Bye Bye [preauth]
Oct 15 08:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: Disconnected from 103.20.223.95 port 43122 [preauth]
Oct 15 08:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30862]: pam_unix(cron:session): session closed for user root
Oct 15 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32636]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32637]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32632]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32708]: Successful su for rubyman by root
Oct 15 08:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32708]: + ??? root:rubyman
Oct 15 08:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416519 of user rubyman.
Oct 15 08:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32708]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416519.
Oct 15 08:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29219]: pam_unix(cron:session): session closed for user root
Oct 15 08:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32635]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.225.220.107  user=root
Oct 15 08:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Failed password for root from 14.225.220.107 port 50738 ssh2
Oct 15 08:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Received disconnect from 14.225.220.107 port 50738:11: Bye Bye [preauth]
Oct 15 08:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Disconnected from 14.225.220.107 port 50738 [preauth]
Oct 15 08:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31336]: pam_unix(cron:session): session closed for user root
Oct 15 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[629]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[630]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[627]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[711]: Successful su for rubyman by root
Oct 15 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[711]: + ??? root:rubyman
Oct 15 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416523 of user rubyman.
Oct 15 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[711]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416523.
Oct 15 08:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29749]: pam_unix(cron:session): session closed for user root
Oct 15 08:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[628]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32100]: pam_unix(cron:session): session closed for user root
Oct 15 08:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.140.229.54  user=root
Oct 15 08:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: Failed password for root from 8.140.229.54 port 46678 ssh2
Oct 15 08:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1179]: Connection closed by 8.140.229.54 port 46678 [preauth]
Oct 15 08:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1202]: Invalid user ubuntu from 8.140.229.54
Oct 15 08:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1202]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 08:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1202]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.140.229.54
Oct 15 08:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Invalid user git from 80.94.95.116
Oct 15 08:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: input_userauth_request: invalid user git [preauth]
Oct 15 08:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1202]: Failed password for invalid user ubuntu from 8.140.229.54 port 49508 ssh2
Oct 15 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1202]: Connection closed by 8.140.229.54 port 49508 [preauth]
Oct 15 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Failed password for invalid user git from 80.94.95.116 port 37546 ssh2
Oct 15 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1213]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1209]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1206]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Connection closed by 80.94.95.116 port 37546 [preauth]
Oct 15 08:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1286]: Successful su for rubyman by root
Oct 15 08:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1286]: + ??? root:rubyman
Oct 15 08:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416528 of user rubyman.
Oct 15 08:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1286]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416528.
Oct 15 08:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30279]: pam_unix(cron:session): session closed for user root
Oct 15 08:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1207]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32637]: pam_unix(cron:session): session closed for user root
Oct 15 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1727]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1725]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1726]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1724]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1727]: pam_unix(cron:session): session closed for user root
Oct 15 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1710]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1803]: Successful su for rubyman by root
Oct 15 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1803]: + ??? root:rubyman
Oct 15 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416533 of user rubyman.
Oct 15 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1803]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416533.
Oct 15 08:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1724]: pam_unix(cron:session): session closed for user root
Oct 15 08:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30861]: pam_unix(cron:session): session closed for user root
Oct 15 08:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1711]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[630]: pam_unix(cron:session): session closed for user root
Oct 15 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2312]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2313]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2310]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2388]: Successful su for rubyman by root
Oct 15 08:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2388]: + ??? root:rubyman
Oct 15 08:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416539 of user rubyman.
Oct 15 08:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2388]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416539.
Oct 15 08:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31335]: pam_unix(cron:session): session closed for user root
Oct 15 08:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2311]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1213]: pam_unix(cron:session): session closed for user root
Oct 15 08:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: Invalid user liz from 188.18.49.50
Oct 15 08:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: input_userauth_request: invalid user liz [preauth]
Oct 15 08:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50
Oct 15 08:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: Failed password for invalid user liz from 188.18.49.50 port 50938 ssh2
Oct 15 08:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: Received disconnect from 188.18.49.50 port 50938:11: Bye Bye [preauth]
Oct 15 08:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2735]: Disconnected from 188.18.49.50 port 50938 [preauth]
Oct 15 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2767]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2765]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2763]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2835]: Successful su for rubyman by root
Oct 15 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2835]: + ??? root:rubyman
Oct 15 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2835]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416542 of user rubyman.
Oct 15 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2835]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416542.
Oct 15 08:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32098]: pam_unix(cron:session): session closed for user root
Oct 15 08:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2764]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1726]: pam_unix(cron:session): session closed for user root
Oct 15 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3211]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3212]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3209]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3288]: Successful su for rubyman by root
Oct 15 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3288]: + ??? root:rubyman
Oct 15 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416546 of user rubyman.
Oct 15 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3288]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416546.
Oct 15 08:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32636]: pam_unix(cron:session): session closed for user root
Oct 15 08:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3210]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2313]: pam_unix(cron:session): session closed for user root
Oct 15 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3682]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3679]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3675]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3677]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3866]: Successful su for rubyman by root
Oct 15 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3866]: + ??? root:rubyman
Oct 15 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416549 of user rubyman.
Oct 15 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3866]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416549.
Oct 15 08:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3675]: pam_unix(cron:session): session closed for user root
Oct 15 08:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[629]: pam_unix(cron:session): session closed for user root
Oct 15 08:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3678]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2767]: pam_unix(cron:session): session closed for user root
Oct 15 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4300]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4298]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4299]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4297]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4295]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4300]: pam_unix(cron:session): session closed for user root
Oct 15 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4295]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4377]: Successful su for rubyman by root
Oct 15 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4377]: + ??? root:rubyman
Oct 15 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416555 of user rubyman.
Oct 15 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4377]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416555.
Oct 15 08:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4297]: pam_unix(cron:session): session closed for user root
Oct 15 08:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1209]: pam_unix(cron:session): session closed for user root
Oct 15 08:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4296]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3212]: pam_unix(cron:session): session closed for user root
Oct 15 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4829]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4830]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4828]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4827]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4997]: Successful su for rubyman by root
Oct 15 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4997]: + ??? root:rubyman
Oct 15 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416561 of user rubyman.
Oct 15 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4997]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416561.
Oct 15 08:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1725]: pam_unix(cron:session): session closed for user root
Oct 15 08:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4828]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3682]: pam_unix(cron:session): session closed for user root
Oct 15 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5796]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5798]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5791]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5876]: Successful su for rubyman by root
Oct 15 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5876]: + ??? root:rubyman
Oct 15 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416565 of user rubyman.
Oct 15 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5876]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416565.
Oct 15 08:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2312]: pam_unix(cron:session): session closed for user root
Oct 15 08:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5794]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4299]: pam_unix(cron:session): session closed for user root
Oct 15 08:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6263]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6264]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6261]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6328]: Successful su for rubyman by root
Oct 15 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6328]: + ??? root:rubyman
Oct 15 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416569 of user rubyman.
Oct 15 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6328]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416569.
Oct 15 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
Oct 15 08:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50  user=root
Oct 15 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: Failed password for root from 80.94.95.116 port 34480 ssh2
Oct 15 08:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: Connection closed by 80.94.95.116 port 34480 [preauth]
Oct 15 08:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6247]: Failed password for root from 188.18.49.50 port 33883 ssh2
Oct 15 08:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6247]: Received disconnect from 188.18.49.50 port 33883:11: Bye Bye [preauth]
Oct 15 08:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6247]: Disconnected from 188.18.49.50 port 33883 [preauth]
Oct 15 08:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2765]: pam_unix(cron:session): session closed for user root
Oct 15 08:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6262]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4830]: pam_unix(cron:session): session closed for user root
Oct 15 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6813]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6812]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6809]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6885]: Successful su for rubyman by root
Oct 15 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6885]: + ??? root:rubyman
Oct 15 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416572 of user rubyman.
Oct 15 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6885]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416572.
Oct 15 08:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3211]: pam_unix(cron:session): session closed for user root
Oct 15 08:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6810]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5798]: pam_unix(cron:session): session closed for user root
Oct 15 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7368]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7366]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7365]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7367]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7364]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7368]: pam_unix(cron:session): session closed for user root
Oct 15 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7457]: Successful su for rubyman by root
Oct 15 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7457]: + ??? root:rubyman
Oct 15 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416576 of user rubyman.
Oct 15 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7457]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416576.
Oct 15 08:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7365]: pam_unix(cron:session): session closed for user root
Oct 15 08:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3679]: pam_unix(cron:session): session closed for user root
Oct 15 08:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7364]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6264]: pam_unix(cron:session): session closed for user root
Oct 15 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8087]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8230]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8032]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8396]: Successful su for rubyman by root
Oct 15 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8396]: + ??? root:rubyman
Oct 15 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416584 of user rubyman.
Oct 15 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8396]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416584.
Oct 15 08:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4298]: pam_unix(cron:session): session closed for user root
Oct 15 08:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8033]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: Invalid user aa from 164.68.105.9
Oct 15 08:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: input_userauth_request: invalid user aa [preauth]
Oct 15 08:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 08:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: Failed password for invalid user aa from 164.68.105.9 port 45462 ssh2
Oct 15 08:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: Connection closed by 164.68.105.9 port 45462 [preauth]
Oct 15 08:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6813]: pam_unix(cron:session): session closed for user root
Oct 15 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8898]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8900]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8894]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8894]: pam_unix(cron:session): session closed for user root
Oct 15 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8896]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8982]: Successful su for rubyman by root
Oct 15 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8982]: + ??? root:rubyman
Oct 15 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416586 of user rubyman.
Oct 15 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8982]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416586.
Oct 15 08:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4829]: pam_unix(cron:session): session closed for user root
Oct 15 08:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8897]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7367]: pam_unix(cron:session): session closed for user root
Oct 15 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9508]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9507]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9505]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9581]: Successful su for rubyman by root
Oct 15 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9581]: + ??? root:rubyman
Oct 15 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416591 of user rubyman.
Oct 15 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9581]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416591.
Oct 15 08:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5796]: pam_unix(cron:session): session closed for user root
Oct 15 08:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9506]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8230]: pam_unix(cron:session): session closed for user root
Oct 15 08:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Invalid user ftpuser from 188.18.49.50
Oct 15 08:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 08:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50
Oct 15 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10115]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10117]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10111]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Failed password for invalid user ftpuser from 188.18.49.50 port 42042 ssh2
Oct 15 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10197]: Successful su for rubyman by root
Oct 15 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10197]: + ??? root:rubyman
Oct 15 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416598 of user rubyman.
Oct 15 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10197]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416598.
Oct 15 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Received disconnect from 188.18.49.50 port 42042:11: Bye Bye [preauth]
Oct 15 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Disconnected from 188.18.49.50 port 42042 [preauth]
Oct 15 08:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6263]: pam_unix(cron:session): session closed for user root
Oct 15 08:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10112]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8900]: pam_unix(cron:session): session closed for user root
Oct 15 08:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 15 08:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ony@mediuscorp.com@198.199.94.12 rhost=::ffff:79.124.49.146
Oct 15 08:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 15 08:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ony@mediuscorp.com rhost=::ffff:79.124.49.146
Oct 15 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10615]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10612]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10613]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10611]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10615]: pam_unix(cron:session): session closed for user root
Oct 15 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10608]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10706]: Successful su for rubyman by root
Oct 15 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10706]: + ??? root:rubyman
Oct 15 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416599 of user rubyman.
Oct 15 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10706]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416599.
Oct 15 08:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6812]: pam_unix(cron:session): session closed for user root
Oct 15 08:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10611]: pam_unix(cron:session): session closed for user root
Oct 15 08:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10610]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9508]: pam_unix(cron:session): session closed for user root
Oct 15 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11111]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11110]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11108]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11109]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11108]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11189]: Successful su for rubyman by root
Oct 15 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11189]: + ??? root:rubyman
Oct 15 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416605 of user rubyman.
Oct 15 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11189]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416605.
Oct 15 08:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7366]: pam_unix(cron:session): session closed for user root
Oct 15 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11109]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10117]: pam_unix(cron:session): session closed for user root
Oct 15 08:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: Invalid user user from 62.60.131.157
Oct 15 08:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: input_userauth_request: invalid user user [preauth]
Oct 15 08:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 08:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: Failed password for invalid user user from 62.60.131.157 port 65243 ssh2
Oct 15 08:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: Failed password for invalid user user from 62.60.131.157 port 65243 ssh2
Oct 15 08:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11585]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11583]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: Failed password for invalid user user from 62.60.131.157 port 65243 ssh2
Oct 15 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11581]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11755]: Successful su for rubyman by root
Oct 15 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11755]: + ??? root:rubyman
Oct 15 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11755]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416609 of user rubyman.
Oct 15 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11755]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416609.
Oct 15 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: Failed password for invalid user user from 62.60.131.157 port 65243 ssh2
Oct 15 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: Failed password for invalid user user from 62.60.131.157 port 65243 ssh2
Oct 15 08:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: Received disconnect from 62.60.131.157 port 65243:11: Bye [preauth]
Oct 15 08:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: Disconnected from 62.60.131.157 port 65243 [preauth]
Oct 15 08:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 08:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11562]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 08:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8087]: pam_unix(cron:session): session closed for user root
Oct 15 08:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11582]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10613]: pam_unix(cron:session): session closed for user root
Oct 15 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12156]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12154]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12150]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12234]: Successful su for rubyman by root
Oct 15 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12234]: + ??? root:rubyman
Oct 15 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416614 of user rubyman.
Oct 15 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12234]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416614.
Oct 15 08:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8898]: pam_unix(cron:session): session closed for user root
Oct 15 08:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: Invalid user ubnt from 194.0.234.19
Oct 15 08:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: input_userauth_request: invalid user ubnt [preauth]
Oct 15 08:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Oct 15 08:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: Failed password for invalid user ubnt from 194.0.234.19 port 56262 ssh2
Oct 15 08:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12402]: Connection closed by 194.0.234.19 port 56262 [preauth]
Oct 15 08:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12153]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11111]: pam_unix(cron:session): session closed for user root
Oct 15 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12654]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12655]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12652]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12728]: Successful su for rubyman by root
Oct 15 08:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12728]: + ??? root:rubyman
Oct 15 08:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12728]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416619 of user rubyman.
Oct 15 08:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12728]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416619.
Oct 15 08:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9507]: pam_unix(cron:session): session closed for user root
Oct 15 08:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12653]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: Invalid user lea from 2.57.122.26
Oct 15 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: input_userauth_request: invalid user lea [preauth]
Oct 15 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26
Oct 15 08:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: Failed password for invalid user lea from 2.57.122.26 port 35740 ssh2
Oct 15 08:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12979]: Connection closed by 2.57.122.26 port 35740 [preauth]
Oct 15 08:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11585]: pam_unix(cron:session): session closed for user root
Oct 15 08:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13153]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13154]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13152]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13151]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13154]: pam_unix(cron:session): session closed for user root
Oct 15 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13148]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13349]: Successful su for rubyman by root
Oct 15 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13349]: + ??? root:rubyman
Oct 15 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416622 of user rubyman.
Oct 15 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13349]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416622.
Oct 15 08:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: Invalid user auser from 188.18.49.50
Oct 15 08:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: input_userauth_request: invalid user auser [preauth]
Oct 15 08:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50
Oct 15 08:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13151]: pam_unix(cron:session): session closed for user root
Oct 15 08:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: Failed password for invalid user auser from 188.18.49.50 port 52010 ssh2
Oct 15 08:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: Received disconnect from 188.18.49.50 port 52010:11: Bye Bye [preauth]
Oct 15 08:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: Disconnected from 188.18.49.50 port 52010 [preauth]
Oct 15 08:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10115]: pam_unix(cron:session): session closed for user root
Oct 15 08:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13149]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Invalid user admin from 2.57.121.25
Oct 15 08:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: input_userauth_request: invalid user admin [preauth]
Oct 15 08:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 08:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Failed password for invalid user admin from 2.57.121.25 port 38024 ssh2
Oct 15 08:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Failed password for invalid user admin from 2.57.121.25 port 38024 ssh2
Oct 15 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Failed password for invalid user admin from 2.57.121.25 port 38024 ssh2
Oct 15 08:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: Invalid user aa from 164.68.105.9
Oct 15 08:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: input_userauth_request: invalid user aa [preauth]
Oct 15 08:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 08:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Failed password for invalid user admin from 2.57.121.25 port 38024 ssh2
Oct 15 08:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: Failed password for invalid user aa from 164.68.105.9 port 44492 ssh2
Oct 15 08:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: Connection closed by 164.68.105.9 port 44492 [preauth]
Oct 15 08:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Failed password for invalid user admin from 2.57.121.25 port 38024 ssh2
Oct 15 08:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Received disconnect from 2.57.121.25 port 38024:11: Bye [preauth]
Oct 15 08:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Disconnected from 2.57.121.25 port 38024 [preauth]
Oct 15 08:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 08:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 08:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12156]: pam_unix(cron:session): session closed for user root
Oct 15 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13785]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13784]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13781]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13883]: Successful su for rubyman by root
Oct 15 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13883]: + ??? root:rubyman
Oct 15 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416627 of user rubyman.
Oct 15 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13883]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416627.
Oct 15 08:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10612]: pam_unix(cron:session): session closed for user root
Oct 15 08:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13782]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12655]: pam_unix(cron:session): session closed for user root
Oct 15 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14341]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14342]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14336]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14405]: Successful su for rubyman by root
Oct 15 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14405]: + ??? root:rubyman
Oct 15 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14405]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416632 of user rubyman.
Oct 15 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14405]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416632.
Oct 15 08:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11110]: pam_unix(cron:session): session closed for user root
Oct 15 08:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14612]: Invalid user admin from 80.94.95.116
Oct 15 08:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14612]: input_userauth_request: invalid user admin [preauth]
Oct 15 08:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14612]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 08:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14338]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14612]: Failed password for invalid user admin from 80.94.95.116 port 36640 ssh2
Oct 15 08:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14612]: Connection closed by 80.94.95.116 port 36640 [preauth]
Oct 15 08:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13153]: pam_unix(cron:session): session closed for user root
Oct 15 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14799]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14801]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14797]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14877]: Successful su for rubyman by root
Oct 15 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14877]: + ??? root:rubyman
Oct 15 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416637 of user rubyman.
Oct 15 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14877]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416637.
Oct 15 08:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11583]: pam_unix(cron:session): session closed for user root
Oct 15 08:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14798]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13785]: pam_unix(cron:session): session closed for user root
Oct 15 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15380]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15379]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15377]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15439]: Successful su for rubyman by root
Oct 15 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15439]: + ??? root:rubyman
Oct 15 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15439]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416639 of user rubyman.
Oct 15 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15439]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416639.
Oct 15 08:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12154]: pam_unix(cron:session): session closed for user root
Oct 15 08:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15378]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14342]: pam_unix(cron:session): session closed for user root
Oct 15 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15814]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15815]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15817]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15816]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15817]: pam_unix(cron:session): session closed for user root
Oct 15 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15812]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15896]: Successful su for rubyman by root
Oct 15 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15896]: + ??? root:rubyman
Oct 15 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416644 of user rubyman.
Oct 15 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15896]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416644.
Oct 15 08:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15814]: pam_unix(cron:session): session closed for user root
Oct 15 08:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12654]: pam_unix(cron:session): session closed for user root
Oct 15 08:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15813]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14801]: pam_unix(cron:session): session closed for user root
Oct 15 08:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: Invalid user mehedi from 188.18.49.50
Oct 15 08:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: input_userauth_request: invalid user mehedi [preauth]
Oct 15 08:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50
Oct 15 08:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: Failed password for invalid user mehedi from 188.18.49.50 port 57488 ssh2
Oct 15 08:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: Received disconnect from 188.18.49.50 port 57488:11: Bye Bye [preauth]
Oct 15 08:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: Disconnected from 188.18.49.50 port 57488 [preauth]
Oct 15 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16304]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16307]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16302]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16392]: Successful su for rubyman by root
Oct 15 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16392]: + ??? root:rubyman
Oct 15 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416650 of user rubyman.
Oct 15 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16392]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416650.
Oct 15 08:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13152]: pam_unix(cron:session): session closed for user root
Oct 15 08:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16303]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15380]: pam_unix(cron:session): session closed for user root
Oct 15 08:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16753]: Did not receive identification string from 196.251.84.181
Oct 15 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16813]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16811]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16814]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16812]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16811]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16878]: Successful su for rubyman by root
Oct 15 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16878]: + ??? root:rubyman
Oct 15 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16878]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416653 of user rubyman.
Oct 15 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16878]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416653.
Oct 15 08:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13784]: pam_unix(cron:session): session closed for user root
Oct 15 08:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16812]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15816]: pam_unix(cron:session): session closed for user root
Oct 15 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17276]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17277]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17272]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17347]: Successful su for rubyman by root
Oct 15 08:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17347]: + ??? root:rubyman
Oct 15 08:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17347]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416657 of user rubyman.
Oct 15 08:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17347]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416657.
Oct 15 08:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14341]: pam_unix(cron:session): session closed for user root
Oct 15 08:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17273]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16307]: pam_unix(cron:session): session closed for user root
Oct 15 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17749]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17748]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17743]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17873]: Successful su for rubyman by root
Oct 15 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17873]: + ??? root:rubyman
Oct 15 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416661 of user rubyman.
Oct 15 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17873]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416661.
Oct 15 08:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17959]: Invalid user  from 129.212.186.249
Oct 15 08:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17959]: input_userauth_request: invalid user  [preauth]
Oct 15 08:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14799]: pam_unix(cron:session): session closed for user root
Oct 15 08:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17959]: Connection closed by 129.212.186.249 port 43396 [preauth]
Oct 15 08:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17744]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16814]: pam_unix(cron:session): session closed for user root
Oct 15 08:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
Oct 15 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18510]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18507]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18511]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18508]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18511]: pam_unix(cron:session): session closed for user root
Oct 15 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18500]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: Failed password for root from 80.94.95.116 port 38828 ssh2
Oct 15 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18488]: Connection closed by 80.94.95.116 port 38828 [preauth]
Oct 15 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18599]: Successful su for rubyman by root
Oct 15 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18599]: + ??? root:rubyman
Oct 15 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416666 of user rubyman.
Oct 15 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18599]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416666.
Oct 15 08:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18507]: pam_unix(cron:session): session closed for user root
Oct 15 08:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15379]: pam_unix(cron:session): session closed for user root
Oct 15 08:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18506]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18938]: Invalid user redis from 129.212.186.249
Oct 15 08:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18938]: input_userauth_request: invalid user redis [preauth]
Oct 15 08:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18938]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18938]: Failed password for invalid user redis from 129.212.186.249 port 48302 ssh2
Oct 15 08:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18938]: Connection closed by 129.212.186.249 port 48302 [preauth]
Oct 15 08:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17277]: pam_unix(cron:session): session closed for user root
Oct 15 08:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19076]: Failed password for root from 129.212.186.249 port 48304 ssh2
Oct 15 08:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19076]: Connection closed by 129.212.186.249 port 48304 [preauth]
Oct 15 08:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19093]: Failed password for root from 129.212.186.249 port 48314 ssh2
Oct 15 08:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19093]: Connection closed by 129.212.186.249 port 48314 [preauth]
Oct 15 08:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19110]: Invalid user deployer from 129.212.186.249
Oct 15 08:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19110]: input_userauth_request: invalid user deployer [preauth]
Oct 15 08:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19110]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19110]: Failed password for invalid user deployer from 129.212.186.249 port 35212 ssh2
Oct 15 08:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19110]: Connection closed by 129.212.186.249 port 35212 [preauth]
Oct 15 08:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19125]: Invalid user uftp from 129.212.186.249
Oct 15 08:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19125]: input_userauth_request: invalid user uftp [preauth]
Oct 15 08:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19125]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19125]: Failed password for invalid user uftp from 129.212.186.249 port 35222 ssh2
Oct 15 08:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19125]: Connection closed by 129.212.186.249 port 35222 [preauth]
Oct 15 08:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: Invalid user username from 129.212.186.249
Oct 15 08:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: input_userauth_request: invalid user username [preauth]
Oct 15 08:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: Failed password for invalid user username from 129.212.186.249 port 35240 ssh2
Oct 15 08:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: Connection closed by 129.212.186.249 port 35240 [preauth]
Oct 15 08:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19148]: Failed password for root from 129.212.186.249 port 57636 ssh2
Oct 15 08:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19148]: Connection closed by 129.212.186.249 port 57636 [preauth]
Oct 15 08:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: Invalid user jack from 129.212.186.249
Oct 15 08:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: input_userauth_request: invalid user jack [preauth]
Oct 15 08:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: Failed password for invalid user jack from 129.212.186.249 port 57646 ssh2
Oct 15 08:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: Connection closed by 129.212.186.249 port 57646 [preauth]
Oct 15 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19179]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19178]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19174]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19281]: Successful su for rubyman by root
Oct 15 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19281]: + ??? root:rubyman
Oct 15 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416671 of user rubyman.
Oct 15 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19281]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416671.
Oct 15 08:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19257]: Failed password for root from 129.212.186.249 port 57660 ssh2
Oct 15 08:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19257]: Connection closed by 129.212.186.249 port 57660 [preauth]
Oct 15 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: Failed password for root from 129.212.186.249 port 57612 ssh2
Oct 15 08:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19449]: Connection closed by 129.212.186.249 port 57612 [preauth]
Oct 15 08:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: Invalid user david from 129.212.186.249
Oct 15 08:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: input_userauth_request: invalid user david [preauth]
Oct 15 08:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15815]: pam_unix(cron:session): session closed for user root
Oct 15 08:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: Failed password for invalid user david from 129.212.186.249 port 57622 ssh2
Oct 15 08:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: Connection closed by 129.212.186.249 port 57622 [preauth]
Oct 15 08:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Invalid user init from 129.212.186.249
Oct 15 08:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: input_userauth_request: invalid user init [preauth]
Oct 15 08:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Failed password for invalid user init from 129.212.186.249 port 57630 ssh2
Oct 15 08:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Connection closed by 129.212.186.249 port 57630 [preauth]
Oct 15 08:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: Invalid user git from 129.212.186.249
Oct 15 08:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: input_userauth_request: invalid user git [preauth]
Oct 15 08:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19176]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: Failed password for invalid user git from 129.212.186.249 port 37566 ssh2
Oct 15 08:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: Connection closed by 129.212.186.249 port 37566 [preauth]
Oct 15 08:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: Failed password for root from 129.212.186.249 port 37578 ssh2
Oct 15 08:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19852]: Connection closed by 129.212.186.249 port 37578 [preauth]
Oct 15 08:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19873]: Invalid user guest from 129.212.186.249
Oct 15 08:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19873]: input_userauth_request: invalid user guest [preauth]
Oct 15 08:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19873]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.126.17  user=root
Oct 15 08:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19873]: Failed password for invalid user guest from 129.212.186.249 port 37584 ssh2
Oct 15 08:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19873]: Connection closed by 129.212.186.249 port 37584 [preauth]
Oct 15 08:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19869]: Failed password for root from 103.140.126.17 port 60750 ssh2
Oct 15 08:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19869]: Connection closed by 103.140.126.17 port 60750 [preauth]
Oct 15 08:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: Invalid user es from 129.212.186.249
Oct 15 08:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: input_userauth_request: invalid user es [preauth]
Oct 15 08:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: Failed password for root from 196.251.84.181 port 37242 ssh2
Oct 15 08:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: Failed password for invalid user es from 129.212.186.249 port 57376 ssh2
Oct 15 08:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19890]: Connection closed by 129.212.186.249 port 57376 [preauth]
Oct 15 08:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: Connection closed by 196.251.84.181 port 37242 [preauth]
Oct 15 08:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: Invalid user dev from 129.212.186.249
Oct 15 08:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: input_userauth_request: invalid user dev [preauth]
Oct 15 08:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: Failed password for invalid user dev from 129.212.186.249 port 57386 ssh2
Oct 15 08:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: Connection closed by 129.212.186.249 port 57386 [preauth]
Oct 15 08:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: Invalid user dietpi from 188.18.49.50
Oct 15 08:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: input_userauth_request: invalid user dietpi [preauth]
Oct 15 08:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50
Oct 15 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: Invalid user nginx from 129.212.186.249
Oct 15 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: input_userauth_request: invalid user nginx [preauth]
Oct 15 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: Failed password for invalid user dietpi from 188.18.49.50 port 60799 ssh2
Oct 15 08:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: Received disconnect from 188.18.49.50 port 60799:11: Bye Bye [preauth]
Oct 15 08:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19909]: Disconnected from 188.18.49.50 port 60799 [preauth]
Oct 15 08:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: Failed password for invalid user nginx from 129.212.186.249 port 57394 ssh2
Oct 15 08:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: Connection closed by 129.212.186.249 port 57394 [preauth]
Oct 15 08:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: Invalid user admin from 129.212.186.249
Oct 15 08:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: input_userauth_request: invalid user admin [preauth]
Oct 15 08:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: Failed password for invalid user admin from 129.212.186.249 port 37648 ssh2
Oct 15 08:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19947]: Connection closed by 129.212.186.249 port 37648 [preauth]
Oct 15 08:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17749]: pam_unix(cron:session): session closed for user root
Oct 15 08:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: Invalid user kubernetes from 129.212.186.249
Oct 15 08:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: input_userauth_request: invalid user kubernetes [preauth]
Oct 15 08:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: Failed password for invalid user kubernetes from 129.212.186.249 port 37658 ssh2
Oct 15 08:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19983]: Connection closed by 129.212.186.249 port 37658 [preauth]
Oct 15 08:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: Invalid user bigdata from 129.212.186.249
Oct 15 08:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: input_userauth_request: invalid user bigdata [preauth]
Oct 15 08:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: Failed password for invalid user bigdata from 129.212.186.249 port 37660 ssh2
Oct 15 08:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19985]: Connection closed by 129.212.186.249 port 37660 [preauth]
Oct 15 08:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Invalid user oracle from 129.212.186.249
Oct 15 08:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: input_userauth_request: invalid user oracle [preauth]
Oct 15 08:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Failed password for invalid user oracle from 129.212.186.249 port 44480 ssh2
Oct 15 08:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Connection closed by 129.212.186.249 port 44480 [preauth]
Oct 15 08:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: Invalid user factorio from 129.212.186.249
Oct 15 08:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: input_userauth_request: invalid user factorio [preauth]
Oct 15 08:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: Failed password for invalid user factorio from 129.212.186.249 port 44500 ssh2
Oct 15 08:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: Connection closed by 129.212.186.249 port 44500 [preauth]
Oct 15 08:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: Invalid user es from 129.212.186.249
Oct 15 08:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: input_userauth_request: invalid user es [preauth]
Oct 15 08:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: Failed password for invalid user es from 129.212.186.249 port 52072 ssh2
Oct 15 08:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: Connection closed by 129.212.186.249 port 52072 [preauth]
Oct 15 08:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: Invalid user niaoyun from 129.212.186.249
Oct 15 08:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: input_userauth_request: invalid user niaoyun [preauth]
Oct 15 08:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: Failed password for invalid user niaoyun from 129.212.186.249 port 52082 ssh2
Oct 15 08:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: Connection closed by 129.212.186.249 port 52082 [preauth]
Oct 15 08:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: Invalid user samba from 129.212.186.249
Oct 15 08:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: input_userauth_request: invalid user samba [preauth]
Oct 15 08:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20070]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20067]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20065]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: Failed password for invalid user samba from 129.212.186.249 port 52084 ssh2
Oct 15 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: Connection closed by 129.212.186.249 port 52084 [preauth]
Oct 15 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20152]: Successful su for rubyman by root
Oct 15 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20152]: + ??? root:rubyman
Oct 15 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416675 of user rubyman.
Oct 15 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20152]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416675.
Oct 15 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: Invalid user dspace from 129.212.186.249
Oct 15 08:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: input_userauth_request: invalid user dspace [preauth]
Oct 15 08:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: Failed password for invalid user dspace from 129.212.186.249 port 52328 ssh2
Oct 15 08:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: Connection closed by 129.212.186.249 port 52328 [preauth]
Oct 15 08:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20296]: Invalid user jenkins from 129.212.186.249
Oct 15 08:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20296]: input_userauth_request: invalid user jenkins [preauth]
Oct 15 08:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20296]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20296]: Failed password for invalid user jenkins from 129.212.186.249 port 52366 ssh2
Oct 15 08:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20296]: Connection closed by 129.212.186.249 port 52366 [preauth]
Oct 15 08:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16304]: pam_unix(cron:session): session closed for user root
Oct 15 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: Failed password for root from 129.212.186.249 port 52408 ssh2
Oct 15 08:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: Connection closed by 129.212.186.249 port 52408 [preauth]
Oct 15 08:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: Invalid user server from 129.212.186.249
Oct 15 08:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: input_userauth_request: invalid user server [preauth]
Oct 15 08:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: Failed password for invalid user server from 129.212.186.249 port 35098 ssh2
Oct 15 08:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: Connection closed by 129.212.186.249 port 35098 [preauth]
Oct 15 08:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20066]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: Invalid user root1 from 129.212.186.249
Oct 15 08:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: input_userauth_request: invalid user root1 [preauth]
Oct 15 08:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: Failed password for invalid user root1 from 129.212.186.249 port 35106 ssh2
Oct 15 08:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: Connection closed by 129.212.186.249 port 35106 [preauth]
Oct 15 08:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: Invalid user zabbix from 129.212.186.249
Oct 15 08:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: input_userauth_request: invalid user zabbix [preauth]
Oct 15 08:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: Failed password for invalid user zabbix from 129.212.186.249 port 35120 ssh2
Oct 15 08:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: Connection closed by 129.212.186.249 port 35120 [preauth]
Oct 15 08:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20453]: Failed password for root from 196.251.84.181 port 51248 ssh2
Oct 15 08:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20453]: Connection closed by 196.251.84.181 port 51248 [preauth]
Oct 15 08:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: Failed password for root from 129.212.186.249 port 40320 ssh2
Oct 15 08:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20466]: Connection closed by 129.212.186.249 port 40320 [preauth]
Oct 15 08:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20469]: Invalid user test from 129.212.186.249
Oct 15 08:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20469]: input_userauth_request: invalid user test [preauth]
Oct 15 08:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20469]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20469]: Failed password for invalid user test from 129.212.186.249 port 40326 ssh2
Oct 15 08:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20469]: Connection closed by 129.212.186.249 port 40326 [preauth]
Oct 15 08:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: User ftp from 129.212.186.249 not allowed because not listed in AllowUsers
Oct 15 08:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: input_userauth_request: invalid user ftp [preauth]
Oct 15 08:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=ftp
Oct 15 08:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: Failed password for invalid user ftp from 129.212.186.249 port 40334 ssh2
Oct 15 08:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: Connection closed by 129.212.186.249 port 40334 [preauth]
Oct 15 08:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20510]: Invalid user asterisk from 129.212.186.249
Oct 15 08:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20510]: input_userauth_request: invalid user asterisk [preauth]
Oct 15 08:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20510]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20510]: Failed password for invalid user asterisk from 129.212.186.249 port 40162 ssh2
Oct 15 08:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20510]: Connection closed by 129.212.186.249 port 40162 [preauth]
Oct 15 08:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: Invalid user gitlab-runner from 129.212.186.249
Oct 15 08:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: input_userauth_request: invalid user gitlab-runner [preauth]
Oct 15 08:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18510]: pam_unix(cron:session): session closed for user root
Oct 15 08:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: Failed password for invalid user gitlab-runner from 129.212.186.249 port 40164 ssh2
Oct 15 08:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20536]: Connection closed by 129.212.186.249 port 40164 [preauth]
Oct 15 08:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: Invalid user pi from 129.212.186.249
Oct 15 08:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: input_userauth_request: invalid user pi [preauth]
Oct 15 08:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: Failed password for invalid user pi from 129.212.186.249 port 40168 ssh2
Oct 15 08:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: Connection closed by 129.212.186.249 port 40168 [preauth]
Oct 15 08:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: Invalid user git from 129.212.186.249
Oct 15 08:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: input_userauth_request: invalid user git [preauth]
Oct 15 08:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: Failed password for invalid user git from 129.212.186.249 port 51458 ssh2
Oct 15 08:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: Connection closed by 129.212.186.249 port 51458 [preauth]
Oct 15 08:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20580]: Failed password for root from 129.212.186.249 port 51470 ssh2
Oct 15 08:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20580]: Connection closed by 129.212.186.249 port 51470 [preauth]
Oct 15 08:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: Failed password for root from 129.212.186.249 port 51484 ssh2
Oct 15 08:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: Connection closed by 129.212.186.249 port 51484 [preauth]
Oct 15 08:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20593]: Invalid user ftpuser from 129.212.186.249
Oct 15 08:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20593]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 08:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20593]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20593]: Failed password for invalid user ftpuser from 129.212.186.249 port 53212 ssh2
Oct 15 08:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20593]: Connection closed by 129.212.186.249 port 53212 [preauth]
Oct 15 08:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20611]: Invalid user nexus from 129.212.186.249
Oct 15 08:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20611]: input_userauth_request: invalid user nexus [preauth]
Oct 15 08:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20611]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20611]: Failed password for invalid user nexus from 129.212.186.249 port 53234 ssh2
Oct 15 08:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20611]: Connection closed by 129.212.186.249 port 53234 [preauth]
Oct 15 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20620]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20619]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20617]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20677]: Invalid user user from 129.212.186.249
Oct 15 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20677]: input_userauth_request: invalid user user [preauth]
Oct 15 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20677]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20698]: Successful su for rubyman by root
Oct 15 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20698]: + ??? root:rubyman
Oct 15 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416679 of user rubyman.
Oct 15 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20698]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416679.
Oct 15 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20677]: Failed password for invalid user user from 129.212.186.249 port 53264 ssh2
Oct 15 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20677]: Connection closed by 129.212.186.249 port 53264 [preauth]
Oct 15 08:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20788]: Failed password for root from 129.212.186.249 port 34314 ssh2
Oct 15 08:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20788]: Connection closed by 129.212.186.249 port 34314 [preauth]
Oct 15 08:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16813]: pam_unix(cron:session): session closed for user root
Oct 15 08:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20876]: Invalid user hadoop from 129.212.186.249
Oct 15 08:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20876]: input_userauth_request: invalid user hadoop [preauth]
Oct 15 08:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20876]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20876]: Failed password for invalid user hadoop from 129.212.186.249 port 34334 ssh2
Oct 15 08:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20876]: Connection closed by 129.212.186.249 port 34334 [preauth]
Oct 15 08:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Invalid user nvidia from 129.212.186.249
Oct 15 08:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: input_userauth_request: invalid user nvidia [preauth]
Oct 15 08:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Failed password for invalid user nvidia from 129.212.186.249 port 34356 ssh2
Oct 15 08:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Connection closed by 129.212.186.249 port 34356 [preauth]
Oct 15 08:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20618]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: Invalid user user from 129.212.186.249
Oct 15 08:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: input_userauth_request: invalid user user [preauth]
Oct 15 08:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: Failed password for invalid user user from 129.212.186.249 port 51394 ssh2
Oct 15 08:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20932]: Connection closed by 129.212.186.249 port 51394 [preauth]
Oct 15 08:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: Invalid user git from 129.212.186.249
Oct 15 08:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: input_userauth_request: invalid user git [preauth]
Oct 15 08:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Failed password for root from 196.251.84.181 port 53722 ssh2
Oct 15 08:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: Failed password for invalid user git from 129.212.186.249 port 51398 ssh2
Oct 15 08:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Connection closed by 196.251.84.181 port 53722 [preauth]
Oct 15 08:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: Connection closed by 129.212.186.249 port 51398 [preauth]
Oct 15 08:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Invalid user test2 from 129.212.186.249
Oct 15 08:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: input_userauth_request: invalid user test2 [preauth]
Oct 15 08:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Failed password for invalid user test2 from 129.212.186.249 port 51408 ssh2
Oct 15 08:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Connection closed by 129.212.186.249 port 51408 [preauth]
Oct 15 08:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: Failed password for root from 129.212.186.249 port 51572 ssh2
Oct 15 08:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20986]: Connection closed by 129.212.186.249 port 51572 [preauth]
Oct 15 08:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 08:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: Invalid user testuser from 129.212.186.249
Oct 15 08:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: input_userauth_request: invalid user testuser [preauth]
Oct 15 08:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: Failed password for root from 20.163.71.109 port 50038 ssh2
Oct 15 08:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21000]: Connection closed by 20.163.71.109 port 50038 [preauth]
Oct 15 08:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: Failed password for invalid user testuser from 129.212.186.249 port 51588 ssh2
Oct 15 08:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21002]: Connection closed by 129.212.186.249 port 51588 [preauth]
Oct 15 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Invalid user ubuntu from 129.212.186.249
Oct 15 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Failed password for invalid user ubuntu from 129.212.186.249 port 51598 ssh2
Oct 15 08:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Connection closed by 129.212.186.249 port 51598 [preauth]
Oct 15 08:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19179]: pam_unix(cron:session): session closed for user root
Oct 15 08:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21030]: Failed password for root from 129.212.186.249 port 42686 ssh2
Oct 15 08:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21030]: Connection closed by 129.212.186.249 port 42686 [preauth]
Oct 15 08:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: Invalid user server from 129.212.186.249
Oct 15 08:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: input_userauth_request: invalid user server [preauth]
Oct 15 08:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: Failed password for invalid user server from 129.212.186.249 port 42694 ssh2
Oct 15 08:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: Connection closed by 129.212.186.249 port 42694 [preauth]
Oct 15 08:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: Invalid user administrator from 129.212.186.249
Oct 15 08:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: input_userauth_request: invalid user administrator [preauth]
Oct 15 08:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: Failed password for invalid user administrator from 129.212.186.249 port 42710 ssh2
Oct 15 08:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21071]: Connection closed by 129.212.186.249 port 42710 [preauth]
Oct 15 08:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21084]: Failed password for root from 129.212.186.249 port 47610 ssh2
Oct 15 08:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21084]: Connection closed by 129.212.186.249 port 47610 [preauth]
Oct 15 08:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21100]: Invalid user nagios from 129.212.186.249
Oct 15 08:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21100]: input_userauth_request: invalid user nagios [preauth]
Oct 15 08:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21100]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21100]: Failed password for invalid user nagios from 129.212.186.249 port 47630 ssh2
Oct 15 08:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21100]: Connection closed by 129.212.186.249 port 47630 [preauth]
Oct 15 08:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21102]: Failed password for root from 129.212.186.249 port 42050 ssh2
Oct 15 08:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21102]: Connection closed by 129.212.186.249 port 42050 [preauth]
Oct 15 08:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21115]: User nobody from 129.212.186.249 not allowed because not listed in AllowUsers
Oct 15 08:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21115]: input_userauth_request: invalid user nobody [preauth]
Oct 15 08:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=nobody
Oct 15 08:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.140.126.17  user=root
Oct 15 08:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21115]: Failed password for invalid user nobody from 129.212.186.249 port 42052 ssh2
Oct 15 08:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21115]: Connection closed by 129.212.186.249 port 42052 [preauth]
Oct 15 08:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: Invalid user postgres from 129.212.186.249
Oct 15 08:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: input_userauth_request: invalid user postgres [preauth]
Oct 15 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21113]: Failed password for root from 103.140.126.17 port 40278 ssh2
Oct 15 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21138]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21140]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21139]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21133]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21137]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: Failed password for invalid user postgres from 129.212.186.249 port 42060 ssh2
Oct 15 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: Connection closed by 129.212.186.249 port 42060 [preauth]
Oct 15 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21321]: Successful su for rubyman by root
Oct 15 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21321]: + ??? root:rubyman
Oct 15 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416684 of user rubyman.
Oct 15 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21321]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416684.
Oct 15 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21113]: Connection closed by 103.140.126.17 port 40278 [preauth]
Oct 15 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21133]: pam_unix(cron:session): session closed for user root
Oct 15 08:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Invalid user user1 from 129.212.186.249
Oct 15 08:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: input_userauth_request: invalid user user1 [preauth]
Oct 15 08:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Failed password for invalid user user1 from 129.212.186.249 port 55446 ssh2
Oct 15 08:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Connection closed by 129.212.186.249 port 55446 [preauth]
Oct 15 08:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21500]: Invalid user sonar from 129.212.186.249
Oct 15 08:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21500]: input_userauth_request: invalid user sonar [preauth]
Oct 15 08:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21500]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17276]: pam_unix(cron:session): session closed for user root
Oct 15 08:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21500]: Failed password for invalid user sonar from 129.212.186.249 port 55462 ssh2
Oct 15 08:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21500]: Connection closed by 129.212.186.249 port 55462 [preauth]
Oct 15 08:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: Connection reset by 103.140.126.17 port 40290 [preauth]
Oct 15 08:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: Invalid user runner from 129.212.186.249
Oct 15 08:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: input_userauth_request: invalid user runner [preauth]
Oct 15 08:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: Failed password for invalid user runner from 129.212.186.249 port 55478 ssh2
Oct 15 08:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21569]: Connection reset by 103.140.126.17 port 35092 [preauth]
Oct 15 08:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: Connection closed by 129.212.186.249 port 55478 [preauth]
Oct 15 08:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21609]: Invalid user linux from 129.212.186.249
Oct 15 08:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21609]: input_userauth_request: invalid user linux [preauth]
Oct 15 08:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21579]: Failed password for root from 196.251.84.181 port 49360 ssh2
Oct 15 08:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21609]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21579]: Connection closed by 196.251.84.181 port 49360 [preauth]
Oct 15 08:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21609]: Failed password for invalid user linux from 129.212.186.249 port 60026 ssh2
Oct 15 08:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21609]: Connection closed by 129.212.186.249 port 60026 [preauth]
Oct 15 08:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21454]: Connection reset by 103.140.126.17 port 35082 [preauth]
Oct 15 08:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21138]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21630]: Invalid user hadoop from 129.212.186.249
Oct 15 08:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21630]: input_userauth_request: invalid user hadoop [preauth]
Oct 15 08:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21630]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21630]: Failed password for invalid user hadoop from 129.212.186.249 port 60036 ssh2
Oct 15 08:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21630]: Connection closed by 129.212.186.249 port 60036 [preauth]
Oct 15 08:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: Invalid user plex from 129.212.186.249
Oct 15 08:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: input_userauth_request: invalid user plex [preauth]
Oct 15 08:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: Failed password for invalid user plex from 129.212.186.249 port 60050 ssh2
Oct 15 08:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: Connection closed by 129.212.186.249 port 60050 [preauth]
Oct 15 08:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21662]: Invalid user tomcat from 129.212.186.249
Oct 15 08:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21662]: input_userauth_request: invalid user tomcat [preauth]
Oct 15 08:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21662]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21662]: Failed password for invalid user tomcat from 129.212.186.249 port 60760 ssh2
Oct 15 08:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21662]: Connection closed by 129.212.186.249 port 60760 [preauth]
Oct 15 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: Invalid user admin1 from 129.212.186.249
Oct 15 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: input_userauth_request: invalid user admin1 [preauth]
Oct 15 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: Failed password for invalid user admin1 from 129.212.186.249 port 60770 ssh2
Oct 15 08:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: Connection closed by 129.212.186.249 port 60770 [preauth]
Oct 15 08:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21694]: Invalid user oscar from 129.212.186.249
Oct 15 08:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21694]: input_userauth_request: invalid user oscar [preauth]
Oct 15 08:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21694]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21694]: Failed password for invalid user oscar from 129.212.186.249 port 60782 ssh2
Oct 15 08:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21694]: Connection closed by 129.212.186.249 port 60782 [preauth]
Oct 15 08:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: Failed password for root from 129.212.186.249 port 45990 ssh2
Oct 15 08:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21705]: Connection closed by 129.212.186.249 port 45990 [preauth]
Oct 15 08:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20070]: pam_unix(cron:session): session closed for user root
Oct 15 08:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21732]: Invalid user debian from 129.212.186.249
Oct 15 08:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21732]: input_userauth_request: invalid user debian [preauth]
Oct 15 08:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21732]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21732]: Failed password for invalid user debian from 129.212.186.249 port 46004 ssh2
Oct 15 08:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21732]: Connection closed by 129.212.186.249 port 46004 [preauth]
Oct 15 08:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: Invalid user postgres from 129.212.186.249
Oct 15 08:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: input_userauth_request: invalid user postgres [preauth]
Oct 15 08:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: Failed password for invalid user postgres from 129.212.186.249 port 46018 ssh2
Oct 15 08:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21748]: Connection closed by 129.212.186.249 port 46018 [preauth]
Oct 15 08:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21763]: Failed password for root from 129.212.186.249 port 35546 ssh2
Oct 15 08:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21763]: Connection closed by 129.212.186.249 port 35546 [preauth]
Oct 15 08:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21780]: Failed password for root from 129.212.186.249 port 35560 ssh2
Oct 15 08:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21780]: Connection closed by 129.212.186.249 port 35560 [preauth]
Oct 15 08:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21791]: Invalid user odoo from 129.212.186.249
Oct 15 08:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21791]: input_userauth_request: invalid user odoo [preauth]
Oct 15 08:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21791]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21791]: Failed password for invalid user odoo from 129.212.186.249 port 35566 ssh2
Oct 15 08:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21791]: Connection closed by 129.212.186.249 port 35566 [preauth]
Oct 15 08:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: Invalid user user from 129.212.186.249
Oct 15 08:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: input_userauth_request: invalid user user [preauth]
Oct 15 08:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: Failed password for invalid user user from 129.212.186.249 port 59790 ssh2
Oct 15 08:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21796]: Connection closed by 129.212.186.249 port 59790 [preauth]
Oct 15 08:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21805]: Invalid user rocky from 129.212.186.249
Oct 15 08:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21805]: input_userauth_request: invalid user rocky [preauth]
Oct 15 08:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21805]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21805]: Failed password for invalid user rocky from 129.212.186.249 port 59804 ssh2
Oct 15 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21805]: Connection closed by 129.212.186.249 port 59804 [preauth]
Oct 15 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21824]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21825]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21826]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21823]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21826]: pam_unix(cron:session): session closed for user root
Oct 15 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21821]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: Invalid user ftpuser from 129.212.186.249
Oct 15 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21918]: Successful su for rubyman by root
Oct 15 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21918]: + ??? root:rubyman
Oct 15 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416689 of user rubyman.
Oct 15 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[21918]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416689.
Oct 15 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: Failed password for invalid user ftpuser from 129.212.186.249 port 59810 ssh2
Oct 15 08:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21905]: Connection closed by 129.212.186.249 port 59810 [preauth]
Oct 15 08:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: Invalid user oracle from 129.212.186.249
Oct 15 08:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: input_userauth_request: invalid user oracle [preauth]
Oct 15 08:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21907]: Failed password for root from 196.251.84.181 port 41802 ssh2
Oct 15 08:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21907]: Connection closed by 196.251.84.181 port 41802 [preauth]
Oct 15 08:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: Failed password for invalid user oracle from 129.212.186.249 port 35752 ssh2
Oct 15 08:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21963]: Connection closed by 129.212.186.249 port 35752 [preauth]
Oct 15 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21823]: pam_unix(cron:session): session closed for user root
Oct 15 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22066]: Invalid user steam from 129.212.186.249
Oct 15 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22066]: input_userauth_request: invalid user steam [preauth]
Oct 15 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22066]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17748]: pam_unix(cron:session): session closed for user root
Oct 15 08:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22066]: Failed password for invalid user steam from 129.212.186.249 port 35766 ssh2
Oct 15 08:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22066]: Connection closed by 129.212.186.249 port 35766 [preauth]
Oct 15 08:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22150]: Invalid user user from 129.212.186.249
Oct 15 08:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22150]: input_userauth_request: invalid user user [preauth]
Oct 15 08:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22150]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22150]: Failed password for invalid user user from 129.212.186.249 port 35770 ssh2
Oct 15 08:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22150]: Connection closed by 129.212.186.249 port 35770 [preauth]
Oct 15 08:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: Invalid user app from 129.212.186.249
Oct 15 08:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: input_userauth_request: invalid user app [preauth]
Oct 15 08:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: Failed password for invalid user app from 129.212.186.249 port 39872 ssh2
Oct 15 08:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: Connection closed by 129.212.186.249 port 39872 [preauth]
Oct 15 08:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21822]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Failed password for root from 129.212.186.249 port 39890 ssh2
Oct 15 08:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22236]: Connection closed by 129.212.186.249 port 39890 [preauth]
Oct 15 08:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22245]: Invalid user centos from 129.212.186.249
Oct 15 08:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22245]: input_userauth_request: invalid user centos [preauth]
Oct 15 08:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22245]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22245]: Failed password for invalid user centos from 129.212.186.249 port 39912 ssh2
Oct 15 08:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22245]: Connection closed by 129.212.186.249 port 39912 [preauth]
Oct 15 08:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22260]: Failed password for root from 129.212.186.249 port 38700 ssh2
Oct 15 08:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22260]: Connection closed by 129.212.186.249 port 38700 [preauth]
Oct 15 08:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22276]: Invalid user kingbase from 129.212.186.249
Oct 15 08:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22276]: input_userauth_request: invalid user kingbase [preauth]
Oct 15 08:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22276]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22276]: Failed password for invalid user kingbase from 129.212.186.249 port 38710 ssh2
Oct 15 08:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22276]: Connection closed by 129.212.186.249 port 38710 [preauth]
Oct 15 08:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22292]: Invalid user g from 129.212.186.249
Oct 15 08:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22292]: input_userauth_request: invalid user g [preauth]
Oct 15 08:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22292]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22292]: Failed password for invalid user g from 129.212.186.249 port 38274 ssh2
Oct 15 08:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22292]: Connection closed by 129.212.186.249 port 38274 [preauth]
Oct 15 08:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22311]: Invalid user deploy from 129.212.186.249
Oct 15 08:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22311]: input_userauth_request: invalid user deploy [preauth]
Oct 15 08:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22311]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20620]: pam_unix(cron:session): session closed for user root
Oct 15 08:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22311]: Failed password for invalid user deploy from 129.212.186.249 port 38280 ssh2
Oct 15 08:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22311]: Connection closed by 129.212.186.249 port 38280 [preauth]
Oct 15 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: Invalid user admin from 129.212.186.249
Oct 15 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: input_userauth_request: invalid user admin [preauth]
Oct 15 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: Failed password for invalid user admin from 129.212.186.249 port 38294 ssh2
Oct 15 08:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: Connection closed by 129.212.186.249 port 38294 [preauth]
Oct 15 08:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: Invalid user www from 129.212.186.249
Oct 15 08:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: input_userauth_request: invalid user www [preauth]
Oct 15 08:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: Failed password for invalid user www from 129.212.186.249 port 56658 ssh2
Oct 15 08:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: Connection closed by 129.212.186.249 port 56658 [preauth]
Oct 15 08:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22354]: Failed password for root from 129.212.186.249 port 56674 ssh2
Oct 15 08:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22354]: Connection closed by 129.212.186.249 port 56674 [preauth]
Oct 15 08:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22372]: Failed password for root from 129.212.186.249 port 56684 ssh2
Oct 15 08:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22372]: Connection closed by 129.212.186.249 port 56684 [preauth]
Oct 15 08:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22382]: Invalid user weblogic from 129.212.186.249
Oct 15 08:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22382]: input_userauth_request: invalid user weblogic [preauth]
Oct 15 08:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22382]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22382]: Failed password for invalid user weblogic from 129.212.186.249 port 35808 ssh2
Oct 15 08:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22382]: Connection closed by 129.212.186.249 port 35808 [preauth]
Oct 15 08:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: Invalid user appuser from 129.212.186.249
Oct 15 08:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: input_userauth_request: invalid user appuser [preauth]
Oct 15 08:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22385]: Failed password for root from 196.251.84.181 port 59902 ssh2
Oct 15 08:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22385]: Connection closed by 196.251.84.181 port 59902 [preauth]
Oct 15 08:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: Failed password for invalid user appuser from 129.212.186.249 port 35810 ssh2
Oct 15 08:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22388]: Connection closed by 129.212.186.249 port 35810 [preauth]
Oct 15 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22403]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22402]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22400]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: Invalid user debian from 129.212.186.249
Oct 15 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: input_userauth_request: invalid user debian [preauth]
Oct 15 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22485]: Successful su for rubyman by root
Oct 15 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22485]: + ??? root:rubyman
Oct 15 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416694 of user rubyman.
Oct 15 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22485]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416694.
Oct 15 08:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: Failed password for invalid user debian from 129.212.186.249 port 35826 ssh2
Oct 15 08:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22473]: Connection closed by 129.212.186.249 port 35826 [preauth]
Oct 15 08:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: Invalid user admin from 129.212.186.249
Oct 15 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: input_userauth_request: invalid user admin [preauth]
Oct 15 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: Failed password for invalid user admin from 129.212.186.249 port 57296 ssh2
Oct 15 08:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: Connection closed by 129.212.186.249 port 57296 [preauth]
Oct 15 08:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22663]: Invalid user minecraft from 129.212.186.249
Oct 15 08:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22663]: input_userauth_request: invalid user minecraft [preauth]
Oct 15 08:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22663]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22663]: Failed password for invalid user minecraft from 129.212.186.249 port 57312 ssh2
Oct 15 08:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22663]: Connection closed by 129.212.186.249 port 57312 [preauth]
Oct 15 08:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18508]: pam_unix(cron:session): session closed for user root
Oct 15 08:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22888]: Invalid user odoo16 from 129.212.186.249
Oct 15 08:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22888]: input_userauth_request: invalid user odoo16 [preauth]
Oct 15 08:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22888]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22888]: Failed password for invalid user odoo16 from 129.212.186.249 port 57338 ssh2
Oct 15 08:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22888]: Connection closed by 129.212.186.249 port 57338 [preauth]
Oct 15 08:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22916]: Invalid user test from 129.212.186.249
Oct 15 08:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22916]: input_userauth_request: invalid user test [preauth]
Oct 15 08:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22916]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22401]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22916]: Failed password for invalid user test from 129.212.186.249 port 56606 ssh2
Oct 15 08:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22916]: Connection closed by 129.212.186.249 port 56606 [preauth]
Oct 15 08:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: Invalid user es from 129.212.186.249
Oct 15 08:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: input_userauth_request: invalid user es [preauth]
Oct 15 08:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: Failed password for invalid user es from 129.212.186.249 port 56608 ssh2
Oct 15 08:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22945]: Connection closed by 129.212.186.249 port 56608 [preauth]
Oct 15 08:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22960]: Invalid user rancher from 129.212.186.249
Oct 15 08:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22960]: input_userauth_request: invalid user rancher [preauth]
Oct 15 08:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22960]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22960]: Failed password for invalid user rancher from 129.212.186.249 port 56614 ssh2
Oct 15 08:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22960]: Connection closed by 129.212.186.249 port 56614 [preauth]
Oct 15 08:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: Failed password for root from 129.212.186.249 port 35006 ssh2
Oct 15 08:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: Connection closed by 129.212.186.249 port 35006 [preauth]
Oct 15 08:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: Invalid user packer from 129.212.186.249
Oct 15 08:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: input_userauth_request: invalid user packer [preauth]
Oct 15 08:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: Failed password for invalid user packer from 129.212.186.249 port 35018 ssh2
Oct 15 08:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: Connection closed by 129.212.186.249 port 35018 [preauth]
Oct 15 08:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23141]: Invalid user devops from 129.212.186.249
Oct 15 08:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23141]: input_userauth_request: invalid user devops [preauth]
Oct 15 08:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23141]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23141]: Failed password for invalid user devops from 129.212.186.249 port 35044 ssh2
Oct 15 08:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23141]: Connection closed by 129.212.186.249 port 35044 [preauth]
Oct 15 08:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: Invalid user guest from 129.212.186.249
Oct 15 08:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: input_userauth_request: invalid user guest [preauth]
Oct 15 08:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: Failed password for invalid user guest from 129.212.186.249 port 53322 ssh2
Oct 15 08:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23149]: Connection closed by 129.212.186.249 port 53322 [preauth]
Oct 15 08:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21140]: pam_unix(cron:session): session closed for user root
Oct 15 08:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23202]: Invalid user steam from 129.212.186.249
Oct 15 08:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23202]: input_userauth_request: invalid user steam [preauth]
Oct 15 08:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23202]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23202]: Failed password for invalid user steam from 129.212.186.249 port 53350 ssh2
Oct 15 08:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23202]: Connection closed by 129.212.186.249 port 53350 [preauth]
Oct 15 08:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23211]: Invalid user pi from 129.212.186.249
Oct 15 08:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23211]: input_userauth_request: invalid user pi [preauth]
Oct 15 08:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23211]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23211]: Failed password for invalid user pi from 129.212.186.249 port 53374 ssh2
Oct 15 08:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23211]: Connection closed by 129.212.186.249 port 53374 [preauth]
Oct 15 08:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23229]: Failed password for root from 129.212.186.249 port 57930 ssh2
Oct 15 08:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23229]: Connection closed by 129.212.186.249 port 57930 [preauth]
Oct 15 08:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23223]: Failed password for root from 196.251.84.181 port 50138 ssh2
Oct 15 08:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23223]: Connection closed by 196.251.84.181 port 50138 [preauth]
Oct 15 08:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: Invalid user hadoop from 129.212.186.249
Oct 15 08:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: input_userauth_request: invalid user hadoop [preauth]
Oct 15 08:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: Failed password for invalid user hadoop from 129.212.186.249 port 57942 ssh2
Oct 15 08:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: Connection closed by 129.212.186.249 port 57942 [preauth]
Oct 15 08:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: Invalid user deploy from 129.212.186.249
Oct 15 08:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: input_userauth_request: invalid user deploy [preauth]
Oct 15 08:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: Failed password for invalid user deploy from 129.212.186.249 port 57948 ssh2
Oct 15 08:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: Connection closed by 129.212.186.249 port 57948 [preauth]
Oct 15 08:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: Invalid user basit from 129.212.186.249
Oct 15 08:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: input_userauth_request: invalid user basit [preauth]
Oct 15 08:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: Failed password for invalid user basit from 129.212.186.249 port 59714 ssh2
Oct 15 08:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: Connection closed by 129.212.186.249 port 59714 [preauth]
Oct 15 08:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: Invalid user support from 129.212.186.249
Oct 15 08:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: input_userauth_request: invalid user support [preauth]
Oct 15 08:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23304]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23302]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23301]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: Failed password for invalid user support from 129.212.186.249 port 59730 ssh2
Oct 15 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23300]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: Connection closed by 129.212.186.249 port 59730 [preauth]
Oct 15 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23502]: Successful su for rubyman by root
Oct 15 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23502]: + ??? root:rubyman
Oct 15 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416698 of user rubyman.
Oct 15 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23502]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416698.
Oct 15 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: Invalid user dmdba from 129.212.186.249
Oct 15 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: input_userauth_request: invalid user dmdba [preauth]
Oct 15 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: Failed password for invalid user dmdba from 129.212.186.249 port 59742 ssh2
Oct 15 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: Connection closed by 129.212.186.249 port 59742 [preauth]
Oct 15 08:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23814]: User mysql from 129.212.186.249 not allowed because not listed in AllowUsers
Oct 15 08:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23814]: input_userauth_request: invalid user mysql [preauth]
Oct 15 08:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=mysql
Oct 15 08:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23814]: Failed password for invalid user mysql from 129.212.186.249 port 57164 ssh2
Oct 15 08:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23814]: Connection closed by 129.212.186.249 port 57164 [preauth]
Oct 15 08:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19178]: pam_unix(cron:session): session closed for user root
Oct 15 08:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23900]: Invalid user master from 129.212.186.249
Oct 15 08:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23900]: input_userauth_request: invalid user master [preauth]
Oct 15 08:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23900]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23900]: Failed password for invalid user master from 129.212.186.249 port 57200 ssh2
Oct 15 08:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23900]: Connection closed by 129.212.186.249 port 57200 [preauth]
Oct 15 08:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: Invalid user centos from 129.212.186.249
Oct 15 08:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: input_userauth_request: invalid user centos [preauth]
Oct 15 08:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: Failed password for invalid user centos from 129.212.186.249 port 45474 ssh2
Oct 15 08:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23924]: Connection closed by 129.212.186.249 port 45474 [preauth]
Oct 15 08:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23301]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: Failed password for root from 129.212.186.249 port 45488 ssh2
Oct 15 08:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: Connection closed by 129.212.186.249 port 45488 [preauth]
Oct 15 08:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23976]: Invalid user git from 129.212.186.249
Oct 15 08:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23976]: input_userauth_request: invalid user git [preauth]
Oct 15 08:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23976]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: Invalid user testusr from 188.18.49.50
Oct 15 08:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: input_userauth_request: invalid user testusr [preauth]
Oct 15 08:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50
Oct 15 08:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23976]: Failed password for invalid user git from 129.212.186.249 port 45492 ssh2
Oct 15 08:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23976]: Connection closed by 129.212.186.249 port 45492 [preauth]
Oct 15 08:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23991]: Invalid user myuser from 129.212.186.249
Oct 15 08:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23991]: input_userauth_request: invalid user myuser [preauth]
Oct 15 08:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23991]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: Failed password for invalid user testusr from 188.18.49.50 port 54907 ssh2
Oct 15 08:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: Received disconnect from 188.18.49.50 port 54907:11: Bye Bye [preauth]
Oct 15 08:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: Disconnected from 188.18.49.50 port 54907 [preauth]
Oct 15 08:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23991]: Failed password for invalid user myuser from 129.212.186.249 port 45130 ssh2
Oct 15 08:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23991]: Connection closed by 129.212.186.249 port 45130 [preauth]
Oct 15 08:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: Invalid user guest from 129.212.186.249
Oct 15 08:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: input_userauth_request: invalid user guest [preauth]
Oct 15 08:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: Failed password for invalid user guest from 129.212.186.249 port 45138 ssh2
Oct 15 08:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24005]: Connection closed by 129.212.186.249 port 45138 [preauth]
Oct 15 08:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24024]: Failed password for root from 129.212.186.249 port 45140 ssh2
Oct 15 08:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24024]: Connection closed by 129.212.186.249 port 45140 [preauth]
Oct 15 08:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: Failed password for root from 129.212.186.249 port 32802 ssh2
Oct 15 08:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: Connection closed by 129.212.186.249 port 32802 [preauth]
Oct 15 08:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24042]: Failed password for root from 196.251.84.181 port 37904 ssh2
Oct 15 08:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24042]: Connection closed by 196.251.84.181 port 37904 [preauth]
Oct 15 08:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24054]: Failed password for root from 129.212.186.249 port 32810 ssh2
Oct 15 08:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24054]: Connection closed by 129.212.186.249 port 32810 [preauth]
Oct 15 08:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21825]: pam_unix(cron:session): session closed for user root
Oct 15 08:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24091]: Invalid user vagrant from 129.212.186.249
Oct 15 08:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24091]: input_userauth_request: invalid user vagrant [preauth]
Oct 15 08:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24091]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24091]: Failed password for invalid user vagrant from 129.212.186.249 port 32818 ssh2
Oct 15 08:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24091]: Connection closed by 129.212.186.249 port 32818 [preauth]
Oct 15 08:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: Invalid user postgres from 129.212.186.249
Oct 15 08:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: input_userauth_request: invalid user postgres [preauth]
Oct 15 08:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: Invalid user default from 80.94.95.115
Oct 15 08:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: input_userauth_request: invalid user default [preauth]
Oct 15 08:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Oct 15 08:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: Failed password for invalid user postgres from 129.212.186.249 port 46182 ssh2
Oct 15 08:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: Connection closed by 129.212.186.249 port 46182 [preauth]
Oct 15 08:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24131]: Invalid user dolphinscheduler from 129.212.186.249
Oct 15 08:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24131]: input_userauth_request: invalid user dolphinscheduler [preauth]
Oct 15 08:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24131]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: Failed password for invalid user default from 80.94.95.115 port 39282 ssh2
Oct 15 08:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: Connection closed by 80.94.95.115 port 39282 [preauth]
Oct 15 08:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24131]: Failed password for invalid user dolphinscheduler from 129.212.186.249 port 46208 ssh2
Oct 15 08:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24131]: Connection closed by 129.212.186.249 port 46208 [preauth]
Oct 15 08:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: Invalid user tom from 129.212.186.249
Oct 15 08:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: input_userauth_request: invalid user tom [preauth]
Oct 15 08:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: Failed password for invalid user tom from 129.212.186.249 port 46222 ssh2
Oct 15 08:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24155]: Connection closed by 129.212.186.249 port 46222 [preauth]
Oct 15 08:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24157]: Invalid user angel from 129.212.186.249
Oct 15 08:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24157]: input_userauth_request: invalid user angel [preauth]
Oct 15 08:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24157]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24157]: Failed password for invalid user angel from 129.212.186.249 port 51098 ssh2
Oct 15 08:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24157]: Connection closed by 129.212.186.249 port 51098 [preauth]
Oct 15 08:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24170]: Invalid user adminuser from 129.212.186.249
Oct 15 08:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24170]: input_userauth_request: invalid user adminuser [preauth]
Oct 15 08:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24170]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24170]: Failed password for invalid user adminuser from 129.212.186.249 port 51110 ssh2
Oct 15 08:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24170]: Connection closed by 129.212.186.249 port 51110 [preauth]
Oct 15 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24185]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24186]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24179]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24273]: Successful su for rubyman by root
Oct 15 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24273]: + ??? root:rubyman
Oct 15 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416702 of user rubyman.
Oct 15 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24273]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416702.
Oct 15 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24173]: Failed password for root from 129.212.186.249 port 51114 ssh2
Oct 15 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24173]: Connection closed by 129.212.186.249 port 51114 [preauth]
Oct 15 08:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: Invalid user demo from 129.212.186.249
Oct 15 08:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: input_userauth_request: invalid user demo [preauth]
Oct 15 08:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: Failed password for invalid user demo from 129.212.186.249 port 43130 ssh2
Oct 15 08:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: Connection closed by 129.212.186.249 port 43130 [preauth]
Oct 15 08:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Invalid user user2 from 129.212.186.249
Oct 15 08:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: input_userauth_request: invalid user user2 [preauth]
Oct 15 08:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20067]: pam_unix(cron:session): session closed for user root
Oct 15 08:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Failed password for invalid user user2 from 129.212.186.249 port 43132 ssh2
Oct 15 08:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Connection closed by 129.212.186.249 port 43132 [preauth]
Oct 15 08:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: Invalid user dev from 129.212.186.249
Oct 15 08:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: input_userauth_request: invalid user dev [preauth]
Oct 15 08:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: Failed password for invalid user dev from 129.212.186.249 port 43142 ssh2
Oct 15 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: Connection closed by 129.212.186.249 port 43142 [preauth]
Oct 15 08:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24180]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24513]: Failed password for root from 129.212.186.249 port 49838 ssh2
Oct 15 08:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24513]: Connection closed by 129.212.186.249 port 49838 [preauth]
Oct 15 08:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: Failed password for root from 129.212.186.249 port 49844 ssh2
Oct 15 08:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: Connection closed by 129.212.186.249 port 49844 [preauth]
Oct 15 08:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: User mysql from 129.212.186.249 not allowed because not listed in AllowUsers
Oct 15 08:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: input_userauth_request: invalid user mysql [preauth]
Oct 15 08:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=mysql
Oct 15 08:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: Failed password for invalid user mysql from 129.212.186.249 port 49858 ssh2
Oct 15 08:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: Connection closed by 129.212.186.249 port 49858 [preauth]
Oct 15 08:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24583]: Invalid user bot from 129.212.186.249
Oct 15 08:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24583]: input_userauth_request: invalid user bot [preauth]
Oct 15 08:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24583]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24572]: Failed password for root from 196.251.84.181 port 53556 ssh2
Oct 15 08:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24572]: Connection closed by 196.251.84.181 port 53556 [preauth]
Oct 15 08:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24583]: Failed password for invalid user bot from 129.212.186.249 port 39912 ssh2
Oct 15 08:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24583]: Connection closed by 129.212.186.249 port 39912 [preauth]
Oct 15 08:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: Invalid user alex from 129.212.186.249
Oct 15 08:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: input_userauth_request: invalid user alex [preauth]
Oct 15 08:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: Failed password for invalid user alex from 129.212.186.249 port 39926 ssh2
Oct 15 08:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: Connection closed by 129.212.186.249 port 39926 [preauth]
Oct 15 08:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: Failed password for root from 129.212.186.249 port 39936 ssh2
Oct 15 08:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: Connection closed by 129.212.186.249 port 39936 [preauth]
Oct 15 08:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24634]: Invalid user steam from 129.212.186.249
Oct 15 08:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24634]: input_userauth_request: invalid user steam [preauth]
Oct 15 08:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24634]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22403]: pam_unix(cron:session): session closed for user root
Oct 15 08:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24634]: Failed password for invalid user steam from 129.212.186.249 port 42564 ssh2
Oct 15 08:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24634]: Connection closed by 129.212.186.249 port 42564 [preauth]
Oct 15 08:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Invalid user admin from 129.212.186.249
Oct 15 08:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: input_userauth_request: invalid user admin [preauth]
Oct 15 08:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Failed password for invalid user admin from 129.212.186.249 port 42574 ssh2
Oct 15 08:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Connection closed by 129.212.186.249 port 42574 [preauth]
Oct 15 08:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24672]: Invalid user www from 129.212.186.249
Oct 15 08:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24672]: input_userauth_request: invalid user www [preauth]
Oct 15 08:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24672]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24672]: Failed password for invalid user www from 129.212.186.249 port 42588 ssh2
Oct 15 08:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24672]: Connection closed by 129.212.186.249 port 42588 [preauth]
Oct 15 08:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: Invalid user testuser from 129.212.186.249
Oct 15 08:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: input_userauth_request: invalid user testuser [preauth]
Oct 15 08:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: Failed password for invalid user testuser from 129.212.186.249 port 60718 ssh2
Oct 15 08:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: Connection closed by 129.212.186.249 port 60718 [preauth]
Oct 15 08:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: Invalid user dmdba from 129.212.186.249
Oct 15 08:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: input_userauth_request: invalid user dmdba [preauth]
Oct 15 08:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: Failed password for invalid user dmdba from 129.212.186.249 port 60720 ssh2
Oct 15 08:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: Connection closed by 129.212.186.249 port 60720 [preauth]
Oct 15 08:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: Invalid user admin from 129.212.186.249
Oct 15 08:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: input_userauth_request: invalid user admin [preauth]
Oct 15 08:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: Failed password for invalid user admin from 129.212.186.249 port 60734 ssh2
Oct 15 08:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: Connection closed by 129.212.186.249 port 60734 [preauth]
Oct 15 08:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: Invalid user oscar from 129.212.186.249
Oct 15 08:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: input_userauth_request: invalid user oscar [preauth]
Oct 15 08:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: Failed password for invalid user oscar from 129.212.186.249 port 48824 ssh2
Oct 15 08:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24724]: Connection closed by 129.212.186.249 port 48824 [preauth]
Oct 15 08:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24746]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24745]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24743]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Failed password for root from 129.212.186.249 port 48854 ssh2
Oct 15 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24740]: Connection closed by 129.212.186.249 port 48854 [preauth]
Oct 15 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24821]: Successful su for rubyman by root
Oct 15 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24821]: + ??? root:rubyman
Oct 15 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416706 of user rubyman.
Oct 15 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24821]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416706.
Oct 15 08:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: Invalid user tom from 129.212.186.249
Oct 15 08:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: input_userauth_request: invalid user tom [preauth]
Oct 15 08:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: Failed password for invalid user tom from 129.212.186.249 port 48894 ssh2
Oct 15 08:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: Connection closed by 129.212.186.249 port 48894 [preauth]
Oct 15 08:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24922]: Failed password for root from 129.212.186.249 port 40648 ssh2
Oct 15 08:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24922]: Connection closed by 129.212.186.249 port 40648 [preauth]
Oct 15 08:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20619]: pam_unix(cron:session): session closed for user root
Oct 15 08:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25023]: Failed password for root from 129.212.186.249 port 40652 ssh2
Oct 15 08:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25023]: Connection closed by 129.212.186.249 port 40652 [preauth]
Oct 15 08:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Invalid user postgres from 129.212.186.249
Oct 15 08:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: input_userauth_request: invalid user postgres [preauth]
Oct 15 08:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: Failed password for root from 196.251.84.181 port 41326 ssh2
Oct 15 08:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: Connection closed by 196.251.84.181 port 41326 [preauth]
Oct 15 08:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Failed password for invalid user postgres from 129.212.186.249 port 40668 ssh2
Oct 15 08:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Connection closed by 129.212.186.249 port 40668 [preauth]
Oct 15 08:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24744]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25071]: Failed password for root from 129.212.186.249 port 48572 ssh2
Oct 15 08:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25071]: Connection closed by 129.212.186.249 port 48572 [preauth]
Oct 15 08:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25110]: Invalid user odoo18 from 129.212.186.249
Oct 15 08:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25110]: input_userauth_request: invalid user odoo18 [preauth]
Oct 15 08:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25110]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25110]: Failed password for invalid user odoo18 from 129.212.186.249 port 48582 ssh2
Oct 15 08:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25110]: Connection closed by 129.212.186.249 port 48582 [preauth]
Oct 15 08:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: Failed password for root from 129.212.186.249 port 56860 ssh2
Oct 15 08:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25117]: Connection closed by 129.212.186.249 port 56860 [preauth]
Oct 15 08:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: Failed password for root from 129.212.186.249 port 56876 ssh2
Oct 15 08:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25128]: Connection closed by 129.212.186.249 port 56876 [preauth]
Oct 15 08:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: Failed password for root from 129.212.186.249 port 56888 ssh2
Oct 15 08:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25166]: Connection closed by 129.212.186.249 port 56888 [preauth]
Oct 15 08:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: Failed password for root from 129.212.186.249 port 40230 ssh2
Oct 15 08:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25170]: Connection closed by 129.212.186.249 port 40230 [preauth]
Oct 15 08:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Invalid user gitlab from 129.212.186.249
Oct 15 08:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: input_userauth_request: invalid user gitlab [preauth]
Oct 15 08:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23304]: pam_unix(cron:session): session closed for user root
Oct 15 08:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Failed password for invalid user gitlab from 129.212.186.249 port 40248 ssh2
Oct 15 08:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25200]: Connection closed by 129.212.186.249 port 40248 [preauth]
Oct 15 08:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25222]: Invalid user elasticsearch from 129.212.186.249
Oct 15 08:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25222]: input_userauth_request: invalid user elasticsearch [preauth]
Oct 15 08:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25222]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: Connection closed by 104.152.52.58 port 49191 [preauth]
Oct 15 08:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25222]: Failed password for invalid user elasticsearch from 129.212.186.249 port 40268 ssh2
Oct 15 08:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25222]: Connection closed by 129.212.186.249 port 40268 [preauth]
Oct 15 08:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: Invalid user dev from 129.212.186.249
Oct 15 08:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: input_userauth_request: invalid user dev [preauth]
Oct 15 08:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: Failed password for invalid user dev from 129.212.186.249 port 39580 ssh2
Oct 15 08:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: Connection closed by 129.212.186.249 port 39580 [preauth]
Oct 15 08:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: Invalid user odoo17 from 129.212.186.249
Oct 15 08:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: input_userauth_request: invalid user odoo17 [preauth]
Oct 15 08:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: Failed password for invalid user odoo17 from 129.212.186.249 port 39594 ssh2
Oct 15 08:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: Connection closed by 129.212.186.249 port 39594 [preauth]
Oct 15 08:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25285]: Invalid user deploy from 129.212.186.249
Oct 15 08:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25285]: input_userauth_request: invalid user deploy [preauth]
Oct 15 08:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25285]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25285]: Failed password for invalid user deploy from 129.212.186.249 port 39596 ssh2
Oct 15 08:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25285]: Connection closed by 129.212.186.249 port 39596 [preauth]
Oct 15 08:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25306]: Invalid user developer from 129.212.186.249
Oct 15 08:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25306]: input_userauth_request: invalid user developer [preauth]
Oct 15 08:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25306]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25306]: Failed password for invalid user developer from 129.212.186.249 port 32820 ssh2
Oct 15 08:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25306]: Connection closed by 129.212.186.249 port 32820 [preauth]
Oct 15 08:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: Failed password for root from 129.212.186.249 port 32834 ssh2
Oct 15 08:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25315]: Connection closed by 129.212.186.249 port 32834 [preauth]
Oct 15 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25527]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25529]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25526]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25529]: pam_unix(cron:session): session closed for user root
Oct 15 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: Invalid user ansible from 129.212.186.249
Oct 15 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: input_userauth_request: invalid user ansible [preauth]
Oct 15 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25520]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: Failed password for invalid user ansible from 129.212.186.249 port 32850 ssh2
Oct 15 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: Connection closed by 129.212.186.249 port 32850 [preauth]
Oct 15 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: Failed password for root from 196.251.84.181 port 56376 ssh2
Oct 15 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25603]: Successful su for rubyman by root
Oct 15 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25603]: + ??? root:rubyman
Oct 15 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416710 of user rubyman.
Oct 15 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25603]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416710.
Oct 15 08:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: Connection closed by 196.251.84.181 port 56376 [preauth]
Oct 15 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: Invalid user esearch from 129.212.186.249
Oct 15 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: input_userauth_request: invalid user esearch [preauth]
Oct 15 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: Failed password for invalid user esearch from 129.212.186.249 port 53784 ssh2
Oct 15 08:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25646]: Connection closed by 129.212.186.249 port 53784 [preauth]
Oct 15 08:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: Invalid user student from 129.212.186.249
Oct 15 08:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: input_userauth_request: invalid user student [preauth]
Oct 15 08:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: Failed password for invalid user student from 129.212.186.249 port 53800 ssh2
Oct 15 08:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25724]: Connection closed by 129.212.186.249 port 53800 [preauth]
Oct 15 08:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session closed for user root
Oct 15 08:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21139]: pam_unix(cron:session): session closed for user root
Oct 15 08:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: Invalid user esuser from 129.212.186.249
Oct 15 08:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: input_userauth_request: invalid user esuser [preauth]
Oct 15 08:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: Failed password for invalid user esuser from 129.212.186.249 port 53818 ssh2
Oct 15 08:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: Connection closed by 129.212.186.249 port 53818 [preauth]
Oct 15 08:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25941]: Invalid user teamspeak from 129.212.186.249
Oct 15 08:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25941]: input_userauth_request: invalid user teamspeak [preauth]
Oct 15 08:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25941]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25941]: Failed password for invalid user teamspeak from 129.212.186.249 port 38444 ssh2
Oct 15 08:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25941]: Connection closed by 129.212.186.249 port 38444 [preauth]
Oct 15 08:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25521]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: Failed password for root from 129.212.186.249 port 38460 ssh2
Oct 15 08:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: Connection closed by 129.212.186.249 port 38460 [preauth]
Oct 15 08:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: Invalid user ubuntu from 129.212.186.249
Oct 15 08:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 08:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: Failed password for invalid user ubuntu from 129.212.186.249 port 38470 ssh2
Oct 15 08:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: Connection closed by 129.212.186.249 port 38470 [preauth]
Oct 15 08:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26013]: Invalid user ubuntu from 129.212.186.249
Oct 15 08:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26013]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 08:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26013]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249
Oct 15 08:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26013]: Failed password for invalid user ubuntu from 129.212.186.249 port 51454 ssh2
Oct 15 08:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26013]: Connection closed by 129.212.186.249 port 51454 [preauth]
Oct 15 08:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.186.249  user=root
Oct 15 08:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: Failed password for root from 129.212.186.249 port 51474 ssh2
Oct 15 08:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24186]: pam_unix(cron:session): session closed for user root
Oct 15 08:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: Failed password for root from 196.251.84.181 port 43344 ssh2
Oct 15 08:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26112]: Connection closed by 196.251.84.181 port 43344 [preauth]
Oct 15 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26137]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26136]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26134]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26224]: Successful su for rubyman by root
Oct 15 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26224]: + ??? root:rubyman
Oct 15 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416719 of user rubyman.
Oct 15 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26224]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416719.
Oct 15 08:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21824]: pam_unix(cron:session): session closed for user root
Oct 15 08:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26135]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24746]: pam_unix(cron:session): session closed for user root
Oct 15 08:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26620]: Failed password for root from 196.251.84.181 port 58548 ssh2
Oct 15 08:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26620]: Connection closed by 196.251.84.181 port 58548 [preauth]
Oct 15 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26740]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26739]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26736]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26834]: Successful su for rubyman by root
Oct 15 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26834]: + ??? root:rubyman
Oct 15 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416721 of user rubyman.
Oct 15 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26834]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416721.
Oct 15 08:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22402]: pam_unix(cron:session): session closed for user root
Oct 15 08:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26738]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: Failed password for root from 196.251.84.181 port 45108 ssh2
Oct 15 08:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: Connection closed by 196.251.84.181 port 45108 [preauth]
Oct 15 08:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25527]: pam_unix(cron:session): session closed for user root
Oct 15 08:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27426]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27425]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27422]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27517]: Successful su for rubyman by root
Oct 15 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27517]: + ??? root:rubyman
Oct 15 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416726 of user rubyman.
Oct 15 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27517]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416726.
Oct 15 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50  user=root
Oct 15 08:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27411]: Failed password for root from 188.18.49.50 port 60551 ssh2
Oct 15 08:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27411]: Received disconnect from 188.18.49.50 port 60551:11: Bye Bye [preauth]
Oct 15 08:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27411]: Disconnected from 188.18.49.50 port 60551 [preauth]
Oct 15 08:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23302]: pam_unix(cron:session): session closed for user root
Oct 15 08:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27424]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: Failed password for root from 196.251.84.181 port 60086 ssh2
Oct 15 08:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28008]: Connection closed by 196.251.84.181 port 60086 [preauth]
Oct 15 08:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26137]: pam_unix(cron:session): session closed for user root
Oct 15 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28211]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28212]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28209]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28278]: Successful su for rubyman by root
Oct 15 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28278]: + ??? root:rubyman
Oct 15 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416729 of user rubyman.
Oct 15 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28278]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416729.
Oct 15 08:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: Failed password for root from 196.251.84.181 port 46586 ssh2
Oct 15 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: Connection closed by 196.251.84.181 port 46586 [preauth]
Oct 15 08:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24185]: pam_unix(cron:session): session closed for user root
Oct 15 08:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28210]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28824]: Invalid user kevin from 80.94.95.116
Oct 15 08:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28824]: input_userauth_request: invalid user kevin [preauth]
Oct 15 08:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28824]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 08:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28824]: Failed password for invalid user kevin from 80.94.95.116 port 27608 ssh2
Oct 15 08:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28824]: Connection closed by 80.94.95.116 port 27608 [preauth]
Oct 15 08:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26740]: pam_unix(cron:session): session closed for user root
Oct 15 08:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28921]: Failed password for root from 196.251.84.181 port 32992 ssh2
Oct 15 08:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28921]: Connection closed by 196.251.84.181 port 32992 [preauth]
Oct 15 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29018]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29019]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29016]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29017]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29019]: pam_unix(cron:session): session closed for user root
Oct 15 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29014]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29129]: Successful su for rubyman by root
Oct 15 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29129]: + ??? root:rubyman
Oct 15 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29129]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416732 of user rubyman.
Oct 15 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29129]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416732.
Oct 15 08:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29016]: pam_unix(cron:session): session closed for user root
Oct 15 08:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24745]: pam_unix(cron:session): session closed for user root
Oct 15 08:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29015]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27426]: pam_unix(cron:session): session closed for user root
Oct 15 08:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: Failed password for root from 196.251.84.181 port 48006 ssh2
Oct 15 08:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29511]: Connection closed by 196.251.84.181 port 48006 [preauth]
Oct 15 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29579]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29580]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29577]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29665]: Successful su for rubyman by root
Oct 15 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29665]: + ??? root:rubyman
Oct 15 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29665]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416739 of user rubyman.
Oct 15 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29665]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416739.
Oct 15 08:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25526]: pam_unix(cron:session): session closed for user root
Oct 15 08:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29578]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: Failed password for root from 196.251.84.181 port 34008 ssh2
Oct 15 08:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: Connection closed by 196.251.84.181 port 34008 [preauth]
Oct 15 08:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28212]: pam_unix(cron:session): session closed for user root
Oct 15 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30107]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30106]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30102]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30185]: Successful su for rubyman by root
Oct 15 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30185]: + ??? root:rubyman
Oct 15 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416743 of user rubyman.
Oct 15 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30185]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416743.
Oct 15 08:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26136]: pam_unix(cron:session): session closed for user root
Oct 15 08:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30105]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30518]: Failed password for root from 196.251.84.181 port 48688 ssh2
Oct 15 08:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30518]: Connection closed by 196.251.84.181 port 48688 [preauth]
Oct 15 08:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29018]: pam_unix(cron:session): session closed for user root
Oct 15 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30712]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30713]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30710]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30781]: Successful su for rubyman by root
Oct 15 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30781]: + ??? root:rubyman
Oct 15 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416748 of user rubyman.
Oct 15 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30781]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416748.
Oct 15 08:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26739]: pam_unix(cron:session): session closed for user root
Oct 15 08:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: Failed password for root from 196.251.84.181 port 34830 ssh2
Oct 15 08:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: Connection closed by 196.251.84.181 port 34830 [preauth]
Oct 15 08:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30711]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.49.50  user=root
Oct 15 08:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: Failed password for root from 188.18.49.50 port 39293 ssh2
Oct 15 08:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: Received disconnect from 188.18.49.50 port 39293:11: Bye Bye [preauth]
Oct 15 08:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: Disconnected from 188.18.49.50 port 39293 [preauth]
Oct 15 08:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29580]: pam_unix(cron:session): session closed for user root
Oct 15 08:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=root
Oct 15 08:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: Failed password for root from 196.251.84.181 port 49688 ssh2
Oct 15 08:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: Connection closed by 196.251.84.181 port 49688 [preauth]
Oct 15 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31195]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31197]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31193]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31267]: Successful su for rubyman by root
Oct 15 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31267]: + ??? root:rubyman
Oct 15 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416753 of user rubyman.
Oct 15 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31267]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416753.
Oct 15 08:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27425]: pam_unix(cron:session): session closed for user root
Oct 15 08:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31194]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30107]: pam_unix(cron:session): session closed for user root
Oct 15 08:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: Invalid user admin from 196.251.84.181
Oct 15 08:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: input_userauth_request: invalid user admin [preauth]
Oct 15 08:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 08:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: Failed password for invalid user admin from 196.251.84.181 port 35980 ssh2
Oct 15 08:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: Connection closed by 196.251.84.181 port 35980 [preauth]
Oct 15 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31816]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31817]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31819]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31814]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31819]: pam_unix(cron:session): session closed for user root
Oct 15 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31812]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[31899]: Successful su for rubyman by root
Oct 15 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[31899]: + ??? root:rubyman
Oct 15 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[31899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416754 of user rubyman.
Oct 15 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[31899]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416754.
Oct 15 08:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31814]: pam_unix(cron:session): session closed for user root
Oct 15 08:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28211]: pam_unix(cron:session): session closed for user root
Oct 15 08:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31813]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32300]: Invalid user admin from 196.251.84.181
Oct 15 08:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32300]: input_userauth_request: invalid user admin [preauth]
Oct 15 08:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32300]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 08:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32300]: Failed password for invalid user admin from 196.251.84.181 port 50094 ssh2
Oct 15 08:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30713]: pam_unix(cron:session): session closed for user root
Oct 15 08:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32300]: Connection closed by 196.251.84.181 port 50094 [preauth]
Oct 15 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32400]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32398]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32396]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32473]: Successful su for rubyman by root
Oct 15 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32473]: + ??? root:rubyman
Oct 15 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416760 of user rubyman.
Oct 15 08:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32473]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416760.
Oct 15 08:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29017]: pam_unix(cron:session): session closed for user root
Oct 15 08:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32397]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: Invalid user admin from 196.251.84.181
Oct 15 08:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: input_userauth_request: invalid user admin [preauth]
Oct 15 08:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 08:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: Failed password for invalid user admin from 196.251.84.181 port 36284 ssh2
Oct 15 08:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32736]: Connection closed by 196.251.84.181 port 36284 [preauth]
Oct 15 08:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31197]: pam_unix(cron:session): session closed for user root
Oct 15 08:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: Invalid user admin from 2.57.121.112
Oct 15 08:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: input_userauth_request: invalid user admin [preauth]
Oct 15 08:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 08:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: Failed password for invalid user admin from 2.57.121.112 port 21207 ssh2
Oct 15 08:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: Failed password for invalid user admin from 2.57.121.112 port 21207 ssh2
Oct 15 08:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: Failed password for invalid user admin from 2.57.121.112 port 21207 ssh2
Oct 15 08:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: Failed password for invalid user admin from 2.57.121.112 port 21207 ssh2
Oct 15 08:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: Failed password for invalid user admin from 2.57.121.112 port 21207 ssh2
Oct 15 08:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: Received disconnect from 2.57.121.112 port 21207:11: Bye [preauth]
Oct 15 08:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: Disconnected from 2.57.121.112 port 21207 [preauth]
Oct 15 08:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 08:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[343]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[411]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[409]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[406]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[494]: Successful su for rubyman by root
Oct 15 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[494]: + ??? root:rubyman
Oct 15 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[494]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416764 of user rubyman.
Oct 15 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[494]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416764.
Oct 15 08:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: Invalid user admin from 196.251.84.181
Oct 15 08:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: input_userauth_request: invalid user admin [preauth]
Oct 15 08:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29579]: pam_unix(cron:session): session closed for user root
Oct 15 08:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 08:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: Failed password for invalid user admin from 196.251.84.181 port 49666 ssh2
Oct 15 08:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: Connection closed by 196.251.84.181 port 49666 [preauth]
Oct 15 08:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[407]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[795]: User ftp from 80.94.95.115 not allowed because not listed in AllowUsers
Oct 15 08:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[795]: input_userauth_request: invalid user ftp [preauth]
Oct 15 08:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=ftp
Oct 15 08:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31817]: pam_unix(cron:session): session closed for user root
Oct 15 08:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[795]: Failed password for invalid user ftp from 80.94.95.115 port 31138 ssh2
Oct 15 08:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[795]: Connection closed by 80.94.95.115 port 31138 [preauth]
Oct 15 08:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 15 08:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: Failed password for root from 190.103.202.7 port 54006 ssh2
Oct 15 08:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: Connection closed by 190.103.202.7 port 54006 [preauth]
Oct 15 08:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: Invalid user admin from 196.251.84.181
Oct 15 08:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: input_userauth_request: invalid user admin [preauth]
Oct 15 08:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 08:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: Failed password for invalid user admin from 196.251.84.181 port 34334 ssh2
Oct 15 08:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: Connection closed by 196.251.84.181 port 34334 [preauth]
Oct 15 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[934]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[933]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[931]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1065]: Successful su for rubyman by root
Oct 15 08:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1065]: + ??? root:rubyman
Oct 15 08:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416769 of user rubyman.
Oct 15 08:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1065]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416769.
Oct 15 08:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30106]: pam_unix(cron:session): session closed for user root
Oct 15 08:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[932]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32400]: pam_unix(cron:session): session closed for user root
Oct 15 08:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1396]: Invalid user admin from 196.251.84.181
Oct 15 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1396]: input_userauth_request: invalid user admin [preauth]
Oct 15 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1396]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 08:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1396]: Failed password for invalid user admin from 196.251.84.181 port 46718 ssh2
Oct 15 08:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1396]: Connection closed by 196.251.84.181 port 46718 [preauth]
Oct 15 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1484]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1486]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1482]: pam_unix(cron:session): session closed for user p13x
Oct 15 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1552]: Successful su for rubyman by root
Oct 15 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1552]: + ??? root:rubyman
Oct 15 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416773 of user rubyman.
Oct 15 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1552]: pam_unix(su:session): session closed for user rubyman
Oct 15 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416773.
Oct 15 08:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30712]: pam_unix(cron:session): session closed for user root
Oct 15 08:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1483]: pam_unix(cron:session): session closed for user samftp
Oct 15 08:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: Invalid user admin from 196.251.84.181
Oct 15 08:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: input_userauth_request: invalid user admin [preauth]
Oct 15 08:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 08:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 08:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: Failed password for invalid user admin from 196.251.84.181 port 58490 ssh2
Oct 15 08:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: Connection closed by 196.251.84.181 port 58490 [preauth]
Oct 15 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[411]: pam_unix(cron:session): session closed for user root
Oct 15 08:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 08:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2041]: Bad protocol version identification '\003' from 138.197.27.1 port 54668
Oct 15 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2066]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2064]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2067]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2065]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2070]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2070]: pam_unix(cron:session): session closed for user root
Oct 15 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2064]: pam_unix(cron:session): session closed for user root
Oct 15 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2061]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2191]: Successful su for rubyman by root
Oct 15 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2191]: + ??? root:rubyman
Oct 15 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416777 of user rubyman.
Oct 15 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2191]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416777.
Oct 15 09:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2065]: pam_unix(cron:session): session closed for user root
Oct 15 09:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31195]: pam_unix(cron:session): session closed for user root
Oct 15 09:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: Invalid user admin from 196.251.84.181
Oct 15 09:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: input_userauth_request: invalid user admin [preauth]
Oct 15 09:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: Failed password for invalid user admin from 196.251.84.181 port 40944 ssh2
Oct 15 09:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2332]: Connection closed by 196.251.84.181 port 40944 [preauth]
Oct 15 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2063]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[934]: pam_unix(cron:session): session closed for user root
Oct 15 09:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2573]: Invalid user  from 43.163.97.137
Oct 15 09:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2573]: input_userauth_request: invalid user  [preauth]
Oct 15 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2573]: Connection closed by 43.163.97.137 port 1476 [preauth]
Oct 15 09:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: Invalid user admin from 196.251.84.181
Oct 15 09:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: input_userauth_request: invalid user admin [preauth]
Oct 15 09:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: Failed password for invalid user admin from 196.251.84.181 port 51682 ssh2
Oct 15 09:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: Connection closed by 196.251.84.181 port 51682 [preauth]
Oct 15 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2638]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2636]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2634]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2708]: Successful su for rubyman by root
Oct 15 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2708]: + ??? root:rubyman
Oct 15 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416783 of user rubyman.
Oct 15 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2708]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416783.
Oct 15 09:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31816]: pam_unix(cron:session): session closed for user root
Oct 15 09:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2635]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1486]: pam_unix(cron:session): session closed for user root
Oct 15 09:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3031]: Invalid user admin from 196.251.84.181
Oct 15 09:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3031]: input_userauth_request: invalid user admin [preauth]
Oct 15 09:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3031]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3031]: Failed password for invalid user admin from 196.251.84.181 port 33100 ssh2
Oct 15 09:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3031]: Connection closed by 196.251.84.181 port 33100 [preauth]
Oct 15 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3096]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3097]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3095]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3094]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3094]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3157]: Successful su for rubyman by root
Oct 15 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3157]: + ??? root:rubyman
Oct 15 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416788 of user rubyman.
Oct 15 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3157]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416788.
Oct 15 09:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32398]: pam_unix(cron:session): session closed for user root
Oct 15 09:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24  user=root
Oct 15 09:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: Failed password for root from 51.161.32.24 port 55138 ssh2
Oct 15 09:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: Received disconnect from 51.161.32.24 port 55138:11: Bye Bye [preauth]
Oct 15 09:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: Disconnected from 51.161.32.24 port 55138 [preauth]
Oct 15 09:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3095]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3417]: Invalid user admin from 196.251.84.181
Oct 15 09:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3417]: input_userauth_request: invalid user admin [preauth]
Oct 15 09:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3417]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3417]: Failed password for invalid user admin from 196.251.84.181 port 43362 ssh2
Oct 15 09:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3417]: Connection closed by 196.251.84.181 port 43362 [preauth]
Oct 15 09:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2067]: pam_unix(cron:session): session closed for user root
Oct 15 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3558]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3556]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3554]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3551]: Invalid user admin from 196.251.84.181
Oct 15 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3551]: input_userauth_request: invalid user admin [preauth]
Oct 15 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3629]: Successful su for rubyman by root
Oct 15 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3629]: + ??? root:rubyman
Oct 15 09:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3629]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416791 of user rubyman.
Oct 15 09:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3629]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416791.
Oct 15 09:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3551]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3551]: Failed password for invalid user admin from 196.251.84.181 port 51212 ssh2
Oct 15 09:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3551]: Connection closed by 196.251.84.181 port 51212 [preauth]
Oct 15 09:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[409]: pam_unix(cron:session): session closed for user root
Oct 15 09:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3555]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2638]: pam_unix(cron:session): session closed for user root
Oct 15 09:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: Invalid user admin from 196.251.84.181
Oct 15 09:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: input_userauth_request: invalid user admin [preauth]
Oct 15 09:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: Failed password for invalid user admin from 196.251.84.181 port 59960 ssh2
Oct 15 09:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: Connection closed by 196.251.84.181 port 59960 [preauth]
Oct 15 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4013]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4014]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4011]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4011]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4083]: Successful su for rubyman by root
Oct 15 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4083]: + ??? root:rubyman
Oct 15 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416795 of user rubyman.
Oct 15 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4083]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416795.
Oct 15 09:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[933]: pam_unix(cron:session): session closed for user root
Oct 15 09:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4012]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: Invalid user admin from 196.251.84.181
Oct 15 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: input_userauth_request: invalid user admin [preauth]
Oct 15 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: Failed password for invalid user admin from 196.251.84.181 port 40536 ssh2
Oct 15 09:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4396]: Connection closed by 196.251.84.181 port 40536 [preauth]
Oct 15 09:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3097]: pam_unix(cron:session): session closed for user root
Oct 15 09:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: Invalid user p from 195.250.72.168
Oct 15 09:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: input_userauth_request: invalid user p [preauth]
Oct 15 09:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: Failed password for invalid user p from 195.250.72.168 port 42820 ssh2
Oct 15 09:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: Received disconnect from 195.250.72.168 port 42820:11: Bye Bye [preauth]
Oct 15 09:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4486]: Disconnected from 195.250.72.168 port 42820 [preauth]
Oct 15 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4524]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4522]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4523]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4519]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4524]: pam_unix(cron:session): session closed for user root
Oct 15 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4516]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4631]: Successful su for rubyman by root
Oct 15 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4631]: + ??? root:rubyman
Oct 15 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416803 of user rubyman.
Oct 15 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4631]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416803.
Oct 15 09:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4752]: Invalid user admin from 196.251.84.181
Oct 15 09:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4752]: input_userauth_request: invalid user admin [preauth]
Oct 15 09:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4752]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4519]: pam_unix(cron:session): session closed for user root
Oct 15 09:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1484]: pam_unix(cron:session): session closed for user root
Oct 15 09:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4752]: Failed password for invalid user admin from 196.251.84.181 port 48770 ssh2
Oct 15 09:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4752]: Connection closed by 196.251.84.181 port 48770 [preauth]
Oct 15 09:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: Invalid user copia from 185.213.164.162
Oct 15 09:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: input_userauth_request: invalid user copia [preauth]
Oct 15 09:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162
Oct 15 09:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: Failed password for invalid user copia from 185.213.164.162 port 57598 ssh2
Oct 15 09:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: Received disconnect from 185.213.164.162 port 57598:11: Bye Bye [preauth]
Oct 15 09:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: Disconnected from 185.213.164.162 port 57598 [preauth]
Oct 15 09:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4518]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3558]: pam_unix(cron:session): session closed for user root
Oct 15 09:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24  user=root
Oct 15 09:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5519]: Failed password for root from 51.161.32.24 port 45494 ssh2
Oct 15 09:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5519]: Received disconnect from 51.161.32.24 port 45494:11: Bye Bye [preauth]
Oct 15 09:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5519]: Disconnected from 51.161.32.24 port 45494 [preauth]
Oct 15 09:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: Invalid user user from 196.251.84.181
Oct 15 09:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: input_userauth_request: invalid user user [preauth]
Oct 15 09:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: Failed password for invalid user user from 196.251.84.181 port 57280 ssh2
Oct 15 09:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5534]: Connection closed by 196.251.84.181 port 57280 [preauth]
Oct 15 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5563]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5567]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5561]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5648]: Successful su for rubyman by root
Oct 15 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5648]: + ??? root:rubyman
Oct 15 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5648]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416807 of user rubyman.
Oct 15 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5648]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416807.
Oct 15 09:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.169  user=root
Oct 15 09:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Invalid user amine from 20.163.71.109
Oct 15 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: input_userauth_request: invalid user amine [preauth]
Oct 15 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: Failed password for root from 14.103.123.169 port 19790 ssh2
Oct 15 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: Received disconnect from 14.103.123.169 port 19790:11: Bye Bye [preauth]
Oct 15 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5632]: Disconnected from 14.103.123.169 port 19790 [preauth]
Oct 15 09:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Failed password for invalid user amine from 20.163.71.109 port 56434 ssh2
Oct 15 09:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Connection closed by 20.163.71.109 port 56434 [preauth]
Oct 15 09:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2066]: pam_unix(cron:session): session closed for user root
Oct 15 09:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5562]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.18.113.233  user=root
Oct 15 09:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: Failed password for root from 14.18.113.233 port 52552 ssh2
Oct 15 09:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: Received disconnect from 14.18.113.233 port 52552:11: Bye Bye [preauth]
Oct 15 09:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: Disconnected from 14.18.113.233 port 52552 [preauth]
Oct 15 09:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: Invalid user user from 196.251.84.181
Oct 15 09:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: input_userauth_request: invalid user user [preauth]
Oct 15 09:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: Failed password for invalid user user from 196.251.84.181 port 37196 ssh2
Oct 15 09:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: Connection closed by 196.251.84.181 port 37196 [preauth]
Oct 15 09:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4014]: pam_unix(cron:session): session closed for user root
Oct 15 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6058]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6059]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6057]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6056]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6128]: Successful su for rubyman by root
Oct 15 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6128]: + ??? root:rubyman
Oct 15 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416809 of user rubyman.
Oct 15 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6128]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416809.
Oct 15 09:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2636]: pam_unix(cron:session): session closed for user root
Oct 15 09:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: Invalid user user from 196.251.84.181
Oct 15 09:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: input_userauth_request: invalid user user [preauth]
Oct 15 09:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24  user=root
Oct 15 09:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6057]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6351]: Invalid user pliki from 195.250.72.168
Oct 15 09:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6351]: input_userauth_request: invalid user pliki [preauth]
Oct 15 09:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6351]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: Failed password for invalid user user from 196.251.84.181 port 45210 ssh2
Oct 15 09:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: Connection closed by 196.251.84.181 port 45210 [preauth]
Oct 15 09:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: Failed password for root from 51.161.32.24 port 34724 ssh2
Oct 15 09:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: Received disconnect from 51.161.32.24 port 34724:11: Bye Bye [preauth]
Oct 15 09:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: Disconnected from 51.161.32.24 port 34724 [preauth]
Oct 15 09:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6351]: Failed password for invalid user pliki from 195.250.72.168 port 44570 ssh2
Oct 15 09:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6351]: Received disconnect from 195.250.72.168 port 44570:11: Bye Bye [preauth]
Oct 15 09:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6351]: Disconnected from 195.250.72.168 port 44570 [preauth]
Oct 15 09:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162  user=root
Oct 15 09:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: Failed password for root from 185.213.164.162 port 51190 ssh2
Oct 15 09:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: Received disconnect from 185.213.164.162 port 51190:11: Bye Bye [preauth]
Oct 15 09:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: Disconnected from 185.213.164.162 port 51190 [preauth]
Oct 15 09:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4523]: pam_unix(cron:session): session closed for user root
Oct 15 09:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6500]: Invalid user user from 196.251.84.181
Oct 15 09:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6500]: input_userauth_request: invalid user user [preauth]
Oct 15 09:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6500]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6500]: Failed password for invalid user user from 196.251.84.181 port 53794 ssh2
Oct 15 09:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6500]: Connection closed by 196.251.84.181 port 53794 [preauth]
Oct 15 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6531]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6532]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6525]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6690]: Successful su for rubyman by root
Oct 15 09:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6690]: + ??? root:rubyman
Oct 15 09:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416814 of user rubyman.
Oct 15 09:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6690]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416814.
Oct 15 09:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3096]: pam_unix(cron:session): session closed for user root
Oct 15 09:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6526]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.18.113.233  user=root
Oct 15 09:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6978]: Failed password for root from 14.18.113.233 port 58338 ssh2
Oct 15 09:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6978]: Received disconnect from 14.18.113.233 port 58338:11: Bye Bye [preauth]
Oct 15 09:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6978]: Disconnected from 14.18.113.233 port 58338 [preauth]
Oct 15 09:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5567]: pam_unix(cron:session): session closed for user root
Oct 15 09:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6991]: Invalid user user from 196.251.84.181
Oct 15 09:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6991]: input_userauth_request: invalid user user [preauth]
Oct 15 09:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6991]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24  user=root
Oct 15 09:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6991]: Failed password for invalid user user from 196.251.84.181 port 34730 ssh2
Oct 15 09:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6991]: Connection closed by 196.251.84.181 port 34730 [preauth]
Oct 15 09:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7005]: Failed password for root from 51.161.32.24 port 55316 ssh2
Oct 15 09:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7005]: Received disconnect from 51.161.32.24 port 55316:11: Bye Bye [preauth]
Oct 15 09:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7005]: Disconnected from 51.161.32.24 port 55316 [preauth]
Oct 15 09:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7053]: Invalid user ubuntu from 195.250.72.168
Oct 15 09:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7053]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7053]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7053]: Failed password for invalid user ubuntu from 195.250.72.168 port 35768 ssh2
Oct 15 09:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7053]: Received disconnect from 195.250.72.168 port 35768:11: Bye Bye [preauth]
Oct 15 09:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7053]: Disconnected from 195.250.72.168 port 35768 [preauth]
Oct 15 09:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162  user=root
Oct 15 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7103]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7104]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7092]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7090]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7092]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7085]: Failed password for root from 185.213.164.162 port 57542 ssh2
Oct 15 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7085]: Received disconnect from 185.213.164.162 port 57542:11: Bye Bye [preauth]
Oct 15 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7085]: Disconnected from 185.213.164.162 port 57542 [preauth]
Oct 15 09:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7352]: Successful su for rubyman by root
Oct 15 09:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7352]: + ??? root:rubyman
Oct 15 09:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416817 of user rubyman.
Oct 15 09:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7352]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416817.
Oct 15 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7090]: pam_unix(cron:session): session closed for user root
Oct 15 09:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3556]: pam_unix(cron:session): session closed for user root
Oct 15 09:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7102]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: Invalid user user from 196.251.84.181
Oct 15 09:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: input_userauth_request: invalid user user [preauth]
Oct 15 09:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: Failed password for invalid user user from 196.251.84.181 port 43032 ssh2
Oct 15 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Invalid user ubnt from 80.94.95.116
Oct 15 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: input_userauth_request: invalid user ubnt [preauth]
Oct 15 09:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: Connection closed by 196.251.84.181 port 43032 [preauth]
Oct 15 09:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 09:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Failed password for invalid user ubnt from 80.94.95.116 port 54468 ssh2
Oct 15 09:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Connection closed by 80.94.95.116 port 54468 [preauth]
Oct 15 09:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6059]: pam_unix(cron:session): session closed for user root
Oct 15 09:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7750]: Invalid user user from 196.251.84.181
Oct 15 09:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7750]: input_userauth_request: invalid user user [preauth]
Oct 15 09:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7750]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7760]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7763]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7759]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7761]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7763]: pam_unix(cron:session): session closed for user root
Oct 15 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7755]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24  user=root
Oct 15 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7750]: Failed password for invalid user user from 196.251.84.181 port 51322 ssh2
Oct 15 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7850]: Successful su for rubyman by root
Oct 15 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7850]: + ??? root:rubyman
Oct 15 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416823 of user rubyman.
Oct 15 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7850]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416823.
Oct 15 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7750]: Connection closed by 196.251.84.181 port 51322 [preauth]
Oct 15 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: Failed password for root from 51.161.32.24 port 51410 ssh2
Oct 15 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: Received disconnect from 51.161.32.24 port 51410:11: Bye Bye [preauth]
Oct 15 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: Disconnected from 51.161.32.24 port 51410 [preauth]
Oct 15 09:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7759]: pam_unix(cron:session): session closed for user root
Oct 15 09:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4013]: pam_unix(cron:session): session closed for user root
Oct 15 09:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8510]: Invalid user ftpuser from 195.250.72.168
Oct 15 09:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8510]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 09:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8510]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8510]: Failed password for invalid user ftpuser from 195.250.72.168 port 47800 ssh2
Oct 15 09:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8510]: Received disconnect from 195.250.72.168 port 47800:11: Bye Bye [preauth]
Oct 15 09:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8510]: Disconnected from 195.250.72.168 port 47800 [preauth]
Oct 15 09:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7758]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: Invalid user staging from 14.18.113.233
Oct 15 09:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: input_userauth_request: invalid user staging [preauth]
Oct 15 09:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.18.113.233
Oct 15 09:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: Failed password for invalid user staging from 14.18.113.233 port 33588 ssh2
Oct 15 09:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: Received disconnect from 14.18.113.233 port 33588:11: Bye Bye [preauth]
Oct 15 09:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: Disconnected from 14.18.113.233 port 33588 [preauth]
Oct 15 09:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162  user=root
Oct 15 09:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: Invalid user support from 78.128.112.74
Oct 15 09:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: input_userauth_request: invalid user support [preauth]
Oct 15 09:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Oct 15 09:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: Failed password for root from 185.213.164.162 port 52864 ssh2
Oct 15 09:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6532]: pam_unix(cron:session): session closed for user root
Oct 15 09:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: Received disconnect from 185.213.164.162 port 52864:11: Bye Bye [preauth]
Oct 15 09:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: Disconnected from 185.213.164.162 port 52864 [preauth]
Oct 15 09:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: Failed password for invalid user support from 78.128.112.74 port 53280 ssh2
Oct 15 09:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: Connection closed by 78.128.112.74 port 53280 [preauth]
Oct 15 09:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Invalid user user from 196.251.84.181
Oct 15 09:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: input_userauth_request: invalid user user [preauth]
Oct 15 09:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: Invalid user amine from 20.163.71.109
Oct 15 09:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: input_userauth_request: invalid user amine [preauth]
Oct 15 09:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 09:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Failed password for invalid user user from 196.251.84.181 port 59588 ssh2
Oct 15 09:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Connection closed by 196.251.84.181 port 59588 [preauth]
Oct 15 09:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: Failed password for invalid user amine from 20.163.71.109 port 37624 ssh2
Oct 15 09:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8664]: Connection closed by 20.163.71.109 port 37624 [preauth]
Oct 15 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8725]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8726]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8723]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8913]: Successful su for rubyman by root
Oct 15 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8913]: + ??? root:rubyman
Oct 15 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416829 of user rubyman.
Oct 15 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8913]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416829.
Oct 15 09:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4522]: pam_unix(cron:session): session closed for user root
Oct 15 09:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8724]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: Invalid user user from 196.251.84.181
Oct 15 09:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: input_userauth_request: invalid user user [preauth]
Oct 15 09:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: Failed password for invalid user user from 196.251.84.181 port 39572 ssh2
Oct 15 09:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9285]: Connection closed by 196.251.84.181 port 39572 [preauth]
Oct 15 09:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9297]: Invalid user rene from 51.161.32.24
Oct 15 09:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9297]: input_userauth_request: invalid user rene [preauth]
Oct 15 09:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9297]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24
Oct 15 09:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9297]: Failed password for invalid user rene from 51.161.32.24 port 38474 ssh2
Oct 15 09:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9297]: Received disconnect from 51.161.32.24 port 38474:11: Bye Bye [preauth]
Oct 15 09:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9297]: Disconnected from 51.161.32.24 port 38474 [preauth]
Oct 15 09:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: Invalid user thiago from 195.250.72.168
Oct 15 09:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: input_userauth_request: invalid user thiago [preauth]
Oct 15 09:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7104]: pam_unix(cron:session): session closed for user root
Oct 15 09:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: Failed password for invalid user thiago from 195.250.72.168 port 60142 ssh2
Oct 15 09:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: Received disconnect from 195.250.72.168 port 60142:11: Bye Bye [preauth]
Oct 15 09:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: Disconnected from 195.250.72.168 port 60142 [preauth]
Oct 15 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9434]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9433]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9432]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9431]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9431]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9527]: Successful su for rubyman by root
Oct 15 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9527]: + ??? root:rubyman
Oct 15 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416832 of user rubyman.
Oct 15 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9527]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416832.
Oct 15 09:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: Invalid user user from 196.251.84.181
Oct 15 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: input_userauth_request: invalid user user [preauth]
Oct 15 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: Failed password for invalid user user from 196.251.84.181 port 47536 ssh2
Oct 15 09:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: Connection closed by 196.251.84.181 port 47536 [preauth]
Oct 15 09:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5563]: pam_unix(cron:session): session closed for user root
Oct 15 09:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Invalid user arpan from 185.213.164.162
Oct 15 09:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: input_userauth_request: invalid user arpan [preauth]
Oct 15 09:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162
Oct 15 09:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Failed password for invalid user arpan from 185.213.164.162 port 59010 ssh2
Oct 15 09:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Received disconnect from 185.213.164.162 port 59010:11: Bye Bye [preauth]
Oct 15 09:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Disconnected from 185.213.164.162 port 59010 [preauth]
Oct 15 09:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9432]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7761]: pam_unix(cron:session): session closed for user root
Oct 15 09:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10007]: Invalid user user from 196.251.84.181
Oct 15 09:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10007]: input_userauth_request: invalid user user [preauth]
Oct 15 09:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10007]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: Invalid user weblogic from 51.161.32.24
Oct 15 09:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: input_userauth_request: invalid user weblogic [preauth]
Oct 15 09:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24
Oct 15 09:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10007]: Failed password for invalid user user from 196.251.84.181 port 55906 ssh2
Oct 15 09:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10007]: Connection closed by 196.251.84.181 port 55906 [preauth]
Oct 15 09:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: Failed password for invalid user weblogic from 51.161.32.24 port 35242 ssh2
Oct 15 09:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: Received disconnect from 51.161.32.24 port 35242:11: Bye Bye [preauth]
Oct 15 09:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: Disconnected from 51.161.32.24 port 35242 [preauth]
Oct 15 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10063]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10065]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10061]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10138]: Successful su for rubyman by root
Oct 15 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10138]: + ??? root:rubyman
Oct 15 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416837 of user rubyman.
Oct 15 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10138]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416837.
Oct 15 09:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168  user=root
Oct 15 09:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: Failed password for root from 195.250.72.168 port 51344 ssh2
Oct 15 09:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: Received disconnect from 195.250.72.168 port 51344:11: Bye Bye [preauth]
Oct 15 09:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10192]: Disconnected from 195.250.72.168 port 51344 [preauth]
Oct 15 09:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6058]: pam_unix(cron:session): session closed for user root
Oct 15 09:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10062]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10431]: Invalid user user from 196.251.84.181
Oct 15 09:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10431]: input_userauth_request: invalid user user [preauth]
Oct 15 09:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10431]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10431]: Failed password for invalid user user from 196.251.84.181 port 35916 ssh2
Oct 15 09:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10431]: Connection closed by 196.251.84.181 port 35916 [preauth]
Oct 15 09:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8726]: pam_unix(cron:session): session closed for user root
Oct 15 09:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162  user=root
Oct 15 09:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10508]: Received disconnect from 91.224.92.108 port 19664:11:  [preauth]
Oct 15 09:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10508]: Disconnected from 91.224.92.108 port 19664 [preauth]
Oct 15 09:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10505]: Failed password for root from 185.213.164.162 port 38936 ssh2
Oct 15 09:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10505]: Received disconnect from 185.213.164.162 port 38936:11: Bye Bye [preauth]
Oct 15 09:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10505]: Disconnected from 185.213.164.162 port 38936 [preauth]
Oct 15 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10562]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10561]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10558]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10558]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10643]: Successful su for rubyman by root
Oct 15 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10643]: + ??? root:rubyman
Oct 15 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416840 of user rubyman.
Oct 15 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10643]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416840.
Oct 15 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24  user=root
Oct 15 09:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: Failed password for root from 51.161.32.24 port 39512 ssh2
Oct 15 09:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: Received disconnect from 51.161.32.24 port 39512:11: Bye Bye [preauth]
Oct 15 09:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: Disconnected from 51.161.32.24 port 39512 [preauth]
Oct 15 09:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6531]: pam_unix(cron:session): session closed for user root
Oct 15 09:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: Invalid user user from 196.251.84.181
Oct 15 09:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: input_userauth_request: invalid user user [preauth]
Oct 15 09:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: Failed password for invalid user user from 196.251.84.181 port 44286 ssh2
Oct 15 09:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: Connection closed by 196.251.84.181 port 44286 [preauth]
Oct 15 09:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10559]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168  user=root
Oct 15 09:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10915]: Failed password for root from 195.250.72.168 port 60044 ssh2
Oct 15 09:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10915]: Received disconnect from 195.250.72.168 port 60044:11: Bye Bye [preauth]
Oct 15 09:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10915]: Disconnected from 195.250.72.168 port 60044 [preauth]
Oct 15 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9434]: pam_unix(cron:session): session closed for user root
Oct 15 09:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: Invalid user user from 196.251.84.181
Oct 15 09:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: input_userauth_request: invalid user user [preauth]
Oct 15 09:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: Failed password for invalid user user from 196.251.84.181 port 52348 ssh2
Oct 15 09:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: Connection closed by 196.251.84.181 port 52348 [preauth]
Oct 15 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11041]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11040]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11038]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11039]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11041]: pam_unix(cron:session): session closed for user root
Oct 15 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11036]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11114]: Successful su for rubyman by root
Oct 15 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11114]: + ??? root:rubyman
Oct 15 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416847 of user rubyman.
Oct 15 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11114]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416847.
Oct 15 09:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11038]: pam_unix(cron:session): session closed for user root
Oct 15 09:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7103]: pam_unix(cron:session): session closed for user root
Oct 15 09:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162  user=root
Oct 15 09:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: Failed password for root from 185.213.164.162 port 47366 ssh2
Oct 15 09:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: Received disconnect from 185.213.164.162 port 47366:11: Bye Bye [preauth]
Oct 15 09:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: Disconnected from 185.213.164.162 port 47366 [preauth]
Oct 15 09:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11037]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: Invalid user arpan from 51.161.32.24
Oct 15 09:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: input_userauth_request: invalid user arpan [preauth]
Oct 15 09:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24
Oct 15 09:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: Failed password for invalid user arpan from 51.161.32.24 port 57958 ssh2
Oct 15 09:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: Received disconnect from 51.161.32.24 port 57958:11: Bye Bye [preauth]
Oct 15 09:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: Disconnected from 51.161.32.24 port 57958 [preauth]
Oct 15 09:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: Invalid user test from 196.251.84.181
Oct 15 09:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: input_userauth_request: invalid user test [preauth]
Oct 15 09:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: Failed password for invalid user test from 196.251.84.181 port 60510 ssh2
Oct 15 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11425]: Connection closed by 196.251.84.181 port 60510 [preauth]
Oct 15 09:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10065]: pam_unix(cron:session): session closed for user root
Oct 15 09:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: Invalid user sql from 195.250.72.168
Oct 15 09:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: input_userauth_request: invalid user sql [preauth]
Oct 15 09:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: Failed password for invalid user sql from 195.250.72.168 port 47572 ssh2
Oct 15 09:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: Received disconnect from 195.250.72.168 port 47572:11: Bye Bye [preauth]
Oct 15 09:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11519]: Disconnected from 195.250.72.168 port 47572 [preauth]
Oct 15 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11538]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11539]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11535]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11534]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11649]: Successful su for rubyman by root
Oct 15 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11649]: + ??? root:rubyman
Oct 15 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416853 of user rubyman.
Oct 15 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11649]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416853.
Oct 15 09:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7760]: pam_unix(cron:session): session closed for user root
Oct 15 09:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11909]: Invalid user test from 196.251.84.181
Oct 15 09:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11909]: input_userauth_request: invalid user test [preauth]
Oct 15 09:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11909]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11909]: Failed password for invalid user test from 196.251.84.181 port 40338 ssh2
Oct 15 09:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11909]: Connection closed by 196.251.84.181 port 40338 [preauth]
Oct 15 09:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11535]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24  user=root
Oct 15 09:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: Failed password for root from 51.161.32.24 port 45396 ssh2
Oct 15 09:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: Received disconnect from 51.161.32.24 port 45396:11: Bye Bye [preauth]
Oct 15 09:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12020]: Disconnected from 51.161.32.24 port 45396 [preauth]
Oct 15 09:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10562]: pam_unix(cron:session): session closed for user root
Oct 15 09:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162  user=root
Oct 15 09:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: Failed password for root from 185.213.164.162 port 40568 ssh2
Oct 15 09:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: Received disconnect from 185.213.164.162 port 40568:11: Bye Bye [preauth]
Oct 15 09:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12068]: Disconnected from 185.213.164.162 port 40568 [preauth]
Oct 15 09:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: Invalid user test from 196.251.84.181
Oct 15 09:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: input_userauth_request: invalid user test [preauth]
Oct 15 09:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: Failed password for invalid user test from 196.251.84.181 port 48964 ssh2
Oct 15 09:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12098]: Connection closed by 196.251.84.181 port 48964 [preauth]
Oct 15 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12131]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12130]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12125]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12125]: pam_unix(cron:session): session closed for user root
Oct 15 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12128]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Received disconnect from 193.46.255.33 port 40244:11:  [preauth]
Oct 15 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Disconnected from 193.46.255.33 port 40244 [preauth]
Oct 15 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12218]: Successful su for rubyman by root
Oct 15 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12218]: + ??? root:rubyman
Oct 15 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416854 of user rubyman.
Oct 15 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12218]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416854.
Oct 15 09:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8725]: pam_unix(cron:session): session closed for user root
Oct 15 09:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: Invalid user staging from 195.250.72.168
Oct 15 09:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: input_userauth_request: invalid user staging [preauth]
Oct 15 09:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: Failed password for invalid user staging from 195.250.72.168 port 38308 ssh2
Oct 15 09:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: Received disconnect from 195.250.72.168 port 38308:11: Bye Bye [preauth]
Oct 15 09:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12420]: Disconnected from 195.250.72.168 port 38308 [preauth]
Oct 15 09:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12129]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: Connection closed by 14.103.123.169 port 34062 [preauth]
Oct 15 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Invalid user test from 196.251.84.181
Oct 15 09:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: input_userauth_request: invalid user test [preauth]
Oct 15 09:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Failed password for invalid user test from 196.251.84.181 port 56942 ssh2
Oct 15 09:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Connection closed by 196.251.84.181 port 56942 [preauth]
Oct 15 09:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11040]: pam_unix(cron:session): session closed for user root
Oct 15 09:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12535]: User sshd from 185.156.73.233 not allowed because not listed in AllowUsers
Oct 15 09:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12535]: input_userauth_request: invalid user sshd [preauth]
Oct 15 09:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12535]: Failed none for invalid user sshd from 185.156.73.233 port 59910 ssh2
Oct 15 09:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12535]: Connection closed by 185.156.73.233 port 59910 [preauth]
Oct 15 09:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: Invalid user james from 51.161.32.24
Oct 15 09:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: input_userauth_request: invalid user james [preauth]
Oct 15 09:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24
Oct 15 09:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: Failed password for invalid user james from 51.161.32.24 port 56418 ssh2
Oct 15 09:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: Received disconnect from 51.161.32.24 port 56418:11: Bye Bye [preauth]
Oct 15 09:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: Disconnected from 51.161.32.24 port 56418 [preauth]
Oct 15 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12652]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12648]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12646]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12724]: Successful su for rubyman by root
Oct 15 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12724]: + ??? root:rubyman
Oct 15 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416859 of user rubyman.
Oct 15 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12724]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416859.
Oct 15 09:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9433]: pam_unix(cron:session): session closed for user root
Oct 15 09:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162  user=root
Oct 15 09:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: Invalid user test from 196.251.84.181
Oct 15 09:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: input_userauth_request: invalid user test [preauth]
Oct 15 09:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12647]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12957]: Failed password for root from 185.213.164.162 port 53750 ssh2
Oct 15 09:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12957]: Received disconnect from 185.213.164.162 port 53750:11: Bye Bye [preauth]
Oct 15 09:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12957]: Disconnected from 185.213.164.162 port 53750 [preauth]
Oct 15 09:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: Failed password for invalid user test from 196.251.84.181 port 36114 ssh2
Oct 15 09:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12961]: Connection closed by 196.251.84.181 port 36114 [preauth]
Oct 15 09:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168  user=root
Oct 15 09:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11539]: pam_unix(cron:session): session closed for user root
Oct 15 09:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: Failed password for root from 195.250.72.168 port 44674 ssh2
Oct 15 09:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: Received disconnect from 195.250.72.168 port 44674:11: Bye Bye [preauth]
Oct 15 09:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: Disconnected from 195.250.72.168 port 44674 [preauth]
Oct 15 09:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Invalid user test from 196.251.84.181
Oct 15 09:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: input_userauth_request: invalid user test [preauth]
Oct 15 09:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Failed password for invalid user test from 196.251.84.181 port 43128 ssh2
Oct 15 09:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Connection closed by 196.251.84.181 port 43128 [preauth]
Oct 15 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13152]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13151]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13148]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13240]: Successful su for rubyman by root
Oct 15 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13240]: + ??? root:rubyman
Oct 15 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13240]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416865 of user rubyman.
Oct 15 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13240]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416865.
Oct 15 09:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10063]: pam_unix(cron:session): session closed for user root
Oct 15 09:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24  user=root
Oct 15 09:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13531]: Failed password for root from 51.161.32.24 port 60252 ssh2
Oct 15 09:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13531]: Received disconnect from 51.161.32.24 port 60252:11: Bye Bye [preauth]
Oct 15 09:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13531]: Disconnected from 51.161.32.24 port 60252 [preauth]
Oct 15 09:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13149]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12131]: pam_unix(cron:session): session closed for user root
Oct 15 09:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Invalid user test from 196.251.84.181
Oct 15 09:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: input_userauth_request: invalid user test [preauth]
Oct 15 09:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Failed password for invalid user test from 196.251.84.181 port 51936 ssh2
Oct 15 09:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Connection closed by 196.251.84.181 port 51936 [preauth]
Oct 15 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: Invalid user james from 185.213.164.162
Oct 15 09:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: input_userauth_request: invalid user james [preauth]
Oct 15 09:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162
Oct 15 09:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: Failed password for invalid user james from 185.213.164.162 port 56520 ssh2
Oct 15 09:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: Received disconnect from 185.213.164.162 port 56520:11: Bye Bye [preauth]
Oct 15 09:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: Disconnected from 185.213.164.162 port 56520 [preauth]
Oct 15 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13750]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13747]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13749]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session closed for user root
Oct 15 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13744]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13860]: Successful su for rubyman by root
Oct 15 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13860]: + ??? root:rubyman
Oct 15 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416867 of user rubyman.
Oct 15 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[13860]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416867.
Oct 15 09:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: Invalid user rftest from 195.250.72.168
Oct 15 09:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: input_userauth_request: invalid user rftest [preauth]
Oct 15 09:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: Failed password for invalid user rftest from 195.250.72.168 port 39300 ssh2
Oct 15 09:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: Received disconnect from 195.250.72.168 port 39300:11: Bye Bye [preauth]
Oct 15 09:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: Disconnected from 195.250.72.168 port 39300 [preauth]
Oct 15 09:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10561]: pam_unix(cron:session): session closed for user root
Oct 15 09:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13747]: pam_unix(cron:session): session closed for user root
Oct 15 09:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13746]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14214]: Invalid user test from 196.251.84.181
Oct 15 09:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14214]: input_userauth_request: invalid user test [preauth]
Oct 15 09:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14214]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160  user=root
Oct 15 09:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14214]: Failed password for invalid user test from 196.251.84.181 port 60564 ssh2
Oct 15 09:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14214]: Connection closed by 196.251.84.181 port 60564 [preauth]
Oct 15 09:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: Failed password for root from 95.111.254.160 port 60364 ssh2
Oct 15 09:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: Received disconnect from 95.111.254.160 port 60364:11: Bye Bye [preauth]
Oct 15 09:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: Disconnected from 95.111.254.160 port 60364 [preauth]
Oct 15 09:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24  user=root
Oct 15 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: Failed password for root from 51.161.32.24 port 44958 ssh2
Oct 15 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: Received disconnect from 51.161.32.24 port 44958:11: Bye Bye [preauth]
Oct 15 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: Disconnected from 51.161.32.24 port 44958 [preauth]
Oct 15 09:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: Invalid user support from 103.82.37.34
Oct 15 09:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: input_userauth_request: invalid user support [preauth]
Oct 15 09:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12652]: pam_unix(cron:session): session closed for user root
Oct 15 09:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150  user=root
Oct 15 09:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: Failed password for invalid user support from 103.82.37.34 port 51864 ssh2
Oct 15 09:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: Received disconnect from 103.82.37.34 port 51864:11: Bye Bye [preauth]
Oct 15 09:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14266]: Disconnected from 103.82.37.34 port 51864 [preauth]
Oct 15 09:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: Failed password for root from 185.216.117.150 port 40870 ssh2
Oct 15 09:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: Received disconnect from 185.216.117.150 port 40870:11: Bye Bye [preauth]
Oct 15 09:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: Disconnected from 185.216.117.150 port 40870 [preauth]
Oct 15 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14357]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14358]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14353]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14427]: Successful su for rubyman by root
Oct 15 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14427]: + ??? root:rubyman
Oct 15 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416873 of user rubyman.
Oct 15 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14427]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416873.
Oct 15 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Invalid user test from 196.251.84.181
Oct 15 09:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: input_userauth_request: invalid user test [preauth]
Oct 15 09:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Failed password for invalid user test from 196.251.84.181 port 40542 ssh2
Oct 15 09:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Connection closed by 196.251.84.181 port 40542 [preauth]
Oct 15 09:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11039]: pam_unix(cron:session): session closed for user root
Oct 15 09:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14354]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: Invalid user debian from 185.213.164.162
Oct 15 09:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: input_userauth_request: invalid user debian [preauth]
Oct 15 09:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162
Oct 15 09:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: Failed password for invalid user debian from 185.213.164.162 port 59768 ssh2
Oct 15 09:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: Received disconnect from 185.213.164.162 port 59768:11: Bye Bye [preauth]
Oct 15 09:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: Disconnected from 185.213.164.162 port 59768 [preauth]
Oct 15 09:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14717]: Invalid user smart from 195.250.72.168
Oct 15 09:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14717]: input_userauth_request: invalid user smart [preauth]
Oct 15 09:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14717]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: Invalid user lrendon from 101.36.231.233
Oct 15 09:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: input_userauth_request: invalid user lrendon [preauth]
Oct 15 09:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.231.233
Oct 15 09:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14717]: Failed password for invalid user smart from 195.250.72.168 port 59614 ssh2
Oct 15 09:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14717]: Received disconnect from 195.250.72.168 port 59614:11: Bye Bye [preauth]
Oct 15 09:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14717]: Disconnected from 195.250.72.168 port 59614 [preauth]
Oct 15 09:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: Failed password for invalid user lrendon from 101.36.231.233 port 46622 ssh2
Oct 15 09:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: Received disconnect from 101.36.231.233 port 46622:11: Bye Bye [preauth]
Oct 15 09:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14719]: Disconnected from 101.36.231.233 port 46622 [preauth]
Oct 15 09:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13152]: pam_unix(cron:session): session closed for user root
Oct 15 09:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14728]: Invalid user tony from 103.154.77.2
Oct 15 09:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14728]: input_userauth_request: invalid user tony [preauth]
Oct 15 09:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14728]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2
Oct 15 09:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14728]: Failed password for invalid user tony from 103.154.77.2 port 51972 ssh2
Oct 15 09:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14728]: Received disconnect from 103.154.77.2 port 51972:11: Bye Bye [preauth]
Oct 15 09:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14728]: Disconnected from 103.154.77.2 port 51972 [preauth]
Oct 15 09:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14777]: Invalid user test from 196.251.84.181
Oct 15 09:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14777]: input_userauth_request: invalid user test [preauth]
Oct 15 09:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14777]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14777]: Failed password for invalid user test from 196.251.84.181 port 48740 ssh2
Oct 15 09:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14777]: Connection closed by 196.251.84.181 port 48740 [preauth]
Oct 15 09:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14801]: Invalid user ehsan from 51.161.32.24
Oct 15 09:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14801]: input_userauth_request: invalid user ehsan [preauth]
Oct 15 09:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14801]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24
Oct 15 09:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14801]: Failed password for invalid user ehsan from 51.161.32.24 port 50254 ssh2
Oct 15 09:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14801]: Received disconnect from 51.161.32.24 port 50254:11: Bye Bye [preauth]
Oct 15 09:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14801]: Disconnected from 51.161.32.24 port 50254 [preauth]
Oct 15 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14849]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14846]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14844]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14911]: Successful su for rubyman by root
Oct 15 09:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14911]: + ??? root:rubyman
Oct 15 09:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416878 of user rubyman.
Oct 15 09:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14911]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416878.
Oct 15 09:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11538]: pam_unix(cron:session): session closed for user root
Oct 15 09:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15222]: Invalid user elastic from 95.111.254.160
Oct 15 09:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15222]: input_userauth_request: invalid user elastic [preauth]
Oct 15 09:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15222]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 09:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14845]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15222]: Failed password for invalid user elastic from 95.111.254.160 port 60022 ssh2
Oct 15 09:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15222]: Received disconnect from 95.111.254.160 port 60022:11: Bye Bye [preauth]
Oct 15 09:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15222]: Disconnected from 95.111.254.160 port 60022 [preauth]
Oct 15 09:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15269]: Invalid user test from 196.251.84.181
Oct 15 09:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15269]: input_userauth_request: invalid user test [preauth]
Oct 15 09:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15269]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15269]: Failed password for invalid user test from 196.251.84.181 port 56892 ssh2
Oct 15 09:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15269]: Connection closed by 196.251.84.181 port 56892 [preauth]
Oct 15 09:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13750]: pam_unix(cron:session): session closed for user root
Oct 15 09:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169  user=root
Oct 15 09:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: Failed password for root from 69.166.235.169 port 48908 ssh2
Oct 15 09:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: Received disconnect from 69.166.235.169 port 48908:11: Bye Bye [preauth]
Oct 15 09:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: Disconnected from 69.166.235.169 port 48908 [preauth]
Oct 15 09:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162  user=root
Oct 15 09:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: Failed password for root from 185.213.164.162 port 45644 ssh2
Oct 15 09:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: Received disconnect from 185.213.164.162 port 45644:11: Bye Bye [preauth]
Oct 15 09:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: Disconnected from 185.213.164.162 port 45644 [preauth]
Oct 15 09:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168  user=root
Oct 15 09:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: Failed password for root from 195.250.72.168 port 57684 ssh2
Oct 15 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: Received disconnect from 195.250.72.168 port 57684:11: Bye Bye [preauth]
Oct 15 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: Disconnected from 195.250.72.168 port 57684 [preauth]
Oct 15 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15417]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15418]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15415]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15480]: Successful su for rubyman by root
Oct 15 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15480]: + ??? root:rubyman
Oct 15 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416884 of user rubyman.
Oct 15 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15480]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416884.
Oct 15 09:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Invalid user guest from 196.251.84.181
Oct 15 09:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: input_userauth_request: invalid user guest [preauth]
Oct 15 09:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: Invalid user irfan from 51.161.32.24
Oct 15 09:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: input_userauth_request: invalid user irfan [preauth]
Oct 15 09:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24
Oct 15 09:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Failed password for invalid user guest from 196.251.84.181 port 36622 ssh2
Oct 15 09:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Connection closed by 196.251.84.181 port 36622 [preauth]
Oct 15 09:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12130]: pam_unix(cron:session): session closed for user root
Oct 15 09:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: Failed password for invalid user irfan from 51.161.32.24 port 38272 ssh2
Oct 15 09:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: Received disconnect from 51.161.32.24 port 38272:11: Bye Bye [preauth]
Oct 15 09:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15580]: Disconnected from 51.161.32.24 port 38272 [preauth]
Oct 15 09:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: Invalid user lrendon from 185.216.117.150
Oct 15 09:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: input_userauth_request: invalid user lrendon [preauth]
Oct 15 09:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 09:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: Invalid user publisher from 103.82.37.34
Oct 15 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: input_userauth_request: invalid user publisher [preauth]
Oct 15 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: Failed password for invalid user lrendon from 185.216.117.150 port 39078 ssh2
Oct 15 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: Received disconnect from 185.216.117.150 port 39078:11: Bye Bye [preauth]
Oct 15 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15679]: Disconnected from 185.216.117.150 port 39078 [preauth]
Oct 15 09:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: Failed password for invalid user publisher from 103.82.37.34 port 47562 ssh2
Oct 15 09:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: Received disconnect from 103.82.37.34 port 47562:11: Bye Bye [preauth]
Oct 15 09:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15689]: Disconnected from 103.82.37.34 port 47562 [preauth]
Oct 15 09:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15416]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15779]: Invalid user odoo from 103.154.77.2
Oct 15 09:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15779]: input_userauth_request: invalid user odoo [preauth]
Oct 15 09:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15779]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2
Oct 15 09:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14358]: pam_unix(cron:session): session closed for user root
Oct 15 09:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: Invalid user water from 95.111.254.160
Oct 15 09:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: input_userauth_request: invalid user water [preauth]
Oct 15 09:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 09:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15779]: Failed password for invalid user odoo from 103.154.77.2 port 59328 ssh2
Oct 15 09:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15779]: Received disconnect from 103.154.77.2 port 59328:11: Bye Bye [preauth]
Oct 15 09:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15779]: Disconnected from 103.154.77.2 port 59328 [preauth]
Oct 15 09:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: Failed password for invalid user water from 95.111.254.160 port 39318 ssh2
Oct 15 09:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: Received disconnect from 95.111.254.160 port 39318:11: Bye Bye [preauth]
Oct 15 09:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: Disconnected from 95.111.254.160 port 39318 [preauth]
Oct 15 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Invalid user guest from 196.251.84.181
Oct 15 09:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: input_userauth_request: invalid user guest [preauth]
Oct 15 09:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Failed password for invalid user guest from 196.251.84.181 port 44426 ssh2
Oct 15 09:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Connection closed by 196.251.84.181 port 44426 [preauth]
Oct 15 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15872]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15870]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15867]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15934]: Successful su for rubyman by root
Oct 15 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15934]: + ??? root:rubyman
Oct 15 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416886 of user rubyman.
Oct 15 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15934]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416886.
Oct 15 09:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: Invalid user njzf from 218.78.60.105
Oct 15 09:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: input_userauth_request: invalid user njzf [preauth]
Oct 15 09:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.78.60.105
Oct 15 09:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12648]: pam_unix(cron:session): session closed for user root
Oct 15 09:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: Failed password for invalid user njzf from 218.78.60.105 port 48078 ssh2
Oct 15 09:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: Received disconnect from 218.78.60.105 port 48078:11: Bye Bye [preauth]
Oct 15 09:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: Disconnected from 218.78.60.105 port 48078 [preauth]
Oct 15 09:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15868]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16209]: Invalid user krodriguez from 195.250.72.168
Oct 15 09:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16209]: input_userauth_request: invalid user krodriguez [preauth]
Oct 15 09:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16209]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16209]: Failed password for invalid user krodriguez from 195.250.72.168 port 47946 ssh2
Oct 15 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16209]: Received disconnect from 195.250.72.168 port 47946:11: Bye Bye [preauth]
Oct 15 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16209]: Disconnected from 195.250.72.168 port 47946 [preauth]
Oct 15 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: Invalid user zoom from 185.213.164.162
Oct 15 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: input_userauth_request: invalid user zoom [preauth]
Oct 15 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162
Oct 15 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: Invalid user guest from 196.251.84.181
Oct 15 09:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: input_userauth_request: invalid user guest [preauth]
Oct 15 09:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: Failed password for invalid user zoom from 185.213.164.162 port 49042 ssh2
Oct 15 09:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: Received disconnect from 185.213.164.162 port 49042:11: Bye Bye [preauth]
Oct 15 09:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16213]: Disconnected from 185.213.164.162 port 49042 [preauth]
Oct 15 09:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24  user=root
Oct 15 09:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: Failed password for invalid user guest from 196.251.84.181 port 52184 ssh2
Oct 15 09:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: Connection closed by 196.251.84.181 port 52184 [preauth]
Oct 15 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Failed password for root from 51.161.32.24 port 56190 ssh2
Oct 15 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Received disconnect from 51.161.32.24 port 56190:11: Bye Bye [preauth]
Oct 15 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Disconnected from 51.161.32.24 port 56190 [preauth]
Oct 15 09:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14849]: pam_unix(cron:session): session closed for user root
Oct 15 09:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: Invalid user sa from 185.216.117.150
Oct 15 09:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: input_userauth_request: invalid user sa [preauth]
Oct 15 09:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 09:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: Invalid user armand from 103.82.37.34
Oct 15 09:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: input_userauth_request: invalid user armand [preauth]
Oct 15 09:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: Failed password for invalid user sa from 185.216.117.150 port 53914 ssh2
Oct 15 09:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: Received disconnect from 185.216.117.150 port 53914:11: Bye Bye [preauth]
Oct 15 09:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16317]: Disconnected from 185.216.117.150 port 53914 [preauth]
Oct 15 09:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: Failed password for invalid user armand from 103.82.37.34 port 40626 ssh2
Oct 15 09:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: Received disconnect from 103.82.37.34 port 40626:11: Bye Bye [preauth]
Oct 15 09:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: Disconnected from 103.82.37.34 port 40626 [preauth]
Oct 15 09:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: Invalid user bounce from 95.111.254.160
Oct 15 09:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: input_userauth_request: invalid user bounce [preauth]
Oct 15 09:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: Failed password for invalid user bounce from 95.111.254.160 port 53854 ssh2
Oct 15 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: Received disconnect from 95.111.254.160 port 53854:11: Bye Bye [preauth]
Oct 15 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: Disconnected from 95.111.254.160 port 53854 [preauth]
Oct 15 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16362]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16363]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16359]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16361]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16363]: pam_unix(cron:session): session closed for user root
Oct 15 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16357]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16438]: Successful su for rubyman by root
Oct 15 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16438]: + ??? root:rubyman
Oct 15 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16438]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416889 of user rubyman.
Oct 15 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16438]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416889.
Oct 15 09:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16359]: pam_unix(cron:session): session closed for user root
Oct 15 09:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13151]: pam_unix(cron:session): session closed for user root
Oct 15 09:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: Invalid user guest from 196.251.84.181
Oct 15 09:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: input_userauth_request: invalid user guest [preauth]
Oct 15 09:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: Invalid user git from 103.154.77.2
Oct 15 09:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: input_userauth_request: invalid user git [preauth]
Oct 15 09:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2
Oct 15 09:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: Failed password for invalid user guest from 196.251.84.181 port 60244 ssh2
Oct 15 09:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: Connection closed by 196.251.84.181 port 60244 [preauth]
Oct 15 09:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: Failed password for invalid user git from 103.154.77.2 port 33846 ssh2
Oct 15 09:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: Received disconnect from 103.154.77.2 port 33846:11: Bye Bye [preauth]
Oct 15 09:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16655]: Disconnected from 103.154.77.2 port 33846 [preauth]
Oct 15 09:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16358]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: Invalid user ftp-user from 69.166.235.169
Oct 15 09:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: input_userauth_request: invalid user ftp-user [preauth]
Oct 15 09:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 09:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: Failed password for invalid user ftp-user from 69.166.235.169 port 49200 ssh2
Oct 15 09:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: Received disconnect from 69.166.235.169 port 49200:11: Bye Bye [preauth]
Oct 15 09:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: Disconnected from 69.166.235.169 port 49200 [preauth]
Oct 15 09:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15418]: pam_unix(cron:session): session closed for user root
Oct 15 09:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: Invalid user guest from 196.251.84.181
Oct 15 09:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: input_userauth_request: invalid user guest [preauth]
Oct 15 09:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: Failed password for invalid user guest from 196.251.84.181 port 39706 ssh2
Oct 15 09:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: Connection closed by 196.251.84.181 port 39706 [preauth]
Oct 15 09:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16855]: Invalid user ftpuser from 51.161.32.24
Oct 15 09:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16855]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 09:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16855]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24
Oct 15 09:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168  user=root
Oct 15 09:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16855]: Failed password for invalid user ftpuser from 51.161.32.24 port 59738 ssh2
Oct 15 09:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16855]: Received disconnect from 51.161.32.24 port 59738:11: Bye Bye [preauth]
Oct 15 09:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16855]: Disconnected from 51.161.32.24 port 59738 [preauth]
Oct 15 09:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16857]: Failed password for root from 195.250.72.168 port 41836 ssh2
Oct 15 09:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16857]: Received disconnect from 195.250.72.168 port 41836:11: Bye Bye [preauth]
Oct 15 09:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16857]: Disconnected from 195.250.72.168 port 41836 [preauth]
Oct 15 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16872]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16874]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16870]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16943]: Successful su for rubyman by root
Oct 15 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16943]: + ??? root:rubyman
Oct 15 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416895 of user rubyman.
Oct 15 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16943]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416895.
Oct 15 09:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162  user=root
Oct 15 09:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16944]: Failed password for root from 185.213.164.162 port 57180 ssh2
Oct 15 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16944]: Received disconnect from 185.213.164.162 port 57180:11: Bye Bye [preauth]
Oct 15 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16944]: Disconnected from 185.213.164.162 port 57180 [preauth]
Oct 15 09:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13749]: pam_unix(cron:session): session closed for user root
Oct 15 09:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16871]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160  user=root
Oct 15 09:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17217]: Failed password for root from 95.111.254.160 port 47746 ssh2
Oct 15 09:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17217]: Received disconnect from 95.111.254.160 port 47746:11: Bye Bye [preauth]
Oct 15 09:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17217]: Disconnected from 95.111.254.160 port 47746 [preauth]
Oct 15 09:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150  user=root
Oct 15 09:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: Failed password for root from 185.216.117.150 port 32878 ssh2
Oct 15 09:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: Received disconnect from 185.216.117.150 port 32878:11: Bye Bye [preauth]
Oct 15 09:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17229]: Disconnected from 185.216.117.150 port 32878 [preauth]
Oct 15 09:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34  user=root
Oct 15 09:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: Failed password for root from 103.82.37.34 port 40766 ssh2
Oct 15 09:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: Received disconnect from 103.82.37.34 port 40766:11: Bye Bye [preauth]
Oct 15 09:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: Disconnected from 103.82.37.34 port 40766 [preauth]
Oct 15 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: Invalid user guest from 196.251.84.181
Oct 15 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: input_userauth_request: invalid user guest [preauth]
Oct 15 09:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: Failed password for invalid user guest from 196.251.84.181 port 47526 ssh2
Oct 15 09:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17265]: Connection closed by 196.251.84.181 port 47526 [preauth]
Oct 15 09:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15872]: pam_unix(cron:session): session closed for user root
Oct 15 09:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: Invalid user myvision from 103.154.77.2
Oct 15 09:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: input_userauth_request: invalid user myvision [preauth]
Oct 15 09:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2
Oct 15 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: Failed password for invalid user myvision from 103.154.77.2 port 36590 ssh2
Oct 15 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: Received disconnect from 103.154.77.2 port 36590:11: Bye Bye [preauth]
Oct 15 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: Disconnected from 103.154.77.2 port 36590 [preauth]
Oct 15 09:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: Invalid user manager from 69.166.235.169
Oct 15 09:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: input_userauth_request: invalid user manager [preauth]
Oct 15 09:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 09:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: Failed password for invalid user manager from 69.166.235.169 port 49376 ssh2
Oct 15 09:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: Received disconnect from 69.166.235.169 port 49376:11: Bye Bye [preauth]
Oct 15 09:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17337]: Disconnected from 69.166.235.169 port 49376 [preauth]
Oct 15 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17365]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17364]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17362]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17434]: Successful su for rubyman by root
Oct 15 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17434]: + ??? root:rubyman
Oct 15 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416901 of user rubyman.
Oct 15 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17434]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416901.
Oct 15 09:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14357]: pam_unix(cron:session): session closed for user root
Oct 15 09:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: Invalid user guest from 196.251.84.181
Oct 15 09:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: input_userauth_request: invalid user guest [preauth]
Oct 15 09:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: Failed password for invalid user guest from 196.251.84.181 port 54296 ssh2
Oct 15 09:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17648]: Invalid user jupiter from 51.161.32.24
Oct 15 09:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17648]: input_userauth_request: invalid user jupiter [preauth]
Oct 15 09:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17648]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24
Oct 15 09:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: Connection closed by 196.251.84.181 port 54296 [preauth]
Oct 15 09:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Invalid user thiago from 14.103.123.169
Oct 15 09:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: input_userauth_request: invalid user thiago [preauth]
Oct 15 09:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.169
Oct 15 09:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17648]: Failed password for invalid user jupiter from 51.161.32.24 port 55172 ssh2
Oct 15 09:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17648]: Received disconnect from 51.161.32.24 port 55172:11: Bye Bye [preauth]
Oct 15 09:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17648]: Disconnected from 51.161.32.24 port 55172 [preauth]
Oct 15 09:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17363]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Failed password for invalid user thiago from 14.103.123.169 port 42854 ssh2
Oct 15 09:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Received disconnect from 14.103.123.169 port 42854:11: Bye Bye [preauth]
Oct 15 09:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Disconnected from 14.103.123.169 port 42854 [preauth]
Oct 15 09:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168  user=root
Oct 15 09:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: Failed password for root from 195.250.72.168 port 58698 ssh2
Oct 15 09:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: Received disconnect from 195.250.72.168 port 58698:11: Bye Bye [preauth]
Oct 15 09:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17694]: Disconnected from 195.250.72.168 port 58698 [preauth]
Oct 15 09:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: Invalid user admin from 194.0.234.19
Oct 15 09:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: input_userauth_request: invalid user admin [preauth]
Oct 15 09:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Oct 15 09:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: Failed password for invalid user admin from 194.0.234.19 port 51764 ssh2
Oct 15 09:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17730]: Connection closed by 194.0.234.19 port 51764 [preauth]
Oct 15 09:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17771]: Invalid user irfan from 185.213.164.162
Oct 15 09:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17771]: input_userauth_request: invalid user irfan [preauth]
Oct 15 09:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17771]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162
Oct 15 09:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17771]: Failed password for invalid user irfan from 185.213.164.162 port 56404 ssh2
Oct 15 09:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17771]: Received disconnect from 185.213.164.162 port 56404:11: Bye Bye [preauth]
Oct 15 09:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17771]: Disconnected from 185.213.164.162 port 56404 [preauth]
Oct 15 09:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16362]: pam_unix(cron:session): session closed for user root
Oct 15 09:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17884]: Invalid user iksi from 95.111.254.160
Oct 15 09:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17884]: input_userauth_request: invalid user iksi [preauth]
Oct 15 09:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17884]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 09:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17884]: Failed password for invalid user iksi from 95.111.254.160 port 47846 ssh2
Oct 15 09:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17884]: Received disconnect from 95.111.254.160 port 47846:11: Bye Bye [preauth]
Oct 15 09:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17884]: Disconnected from 95.111.254.160 port 47846 [preauth]
Oct 15 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: Invalid user guest from 196.251.84.181
Oct 15 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: input_userauth_request: invalid user guest [preauth]
Oct 15 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: Failed password for invalid user guest from 196.251.84.181 port 58946 ssh2
Oct 15 09:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: Connection closed by 196.251.84.181 port 58946 [preauth]
Oct 15 09:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: Invalid user sabina from 185.216.117.150
Oct 15 09:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: input_userauth_request: invalid user sabina [preauth]
Oct 15 09:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 09:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: Failed password for invalid user sabina from 185.216.117.150 port 34924 ssh2
Oct 15 09:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: Received disconnect from 185.216.117.150 port 34924:11: Bye Bye [preauth]
Oct 15 09:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17910]: Disconnected from 185.216.117.150 port 34924 [preauth]
Oct 15 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17921]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17920]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17918]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17918]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17913]: Invalid user server from 103.82.37.34
Oct 15 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17913]: input_userauth_request: invalid user server [preauth]
Oct 15 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17913]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17999]: Successful su for rubyman by root
Oct 15 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17999]: + ??? root:rubyman
Oct 15 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416903 of user rubyman.
Oct 15 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17999]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416903.
Oct 15 09:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17913]: Failed password for invalid user server from 103.82.37.34 port 48390 ssh2
Oct 15 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17913]: Received disconnect from 103.82.37.34 port 48390:11: Bye Bye [preauth]
Oct 15 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17913]: Disconnected from 103.82.37.34 port 48390 [preauth]
Oct 15 09:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2  user=root
Oct 15 09:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14846]: pam_unix(cron:session): session closed for user root
Oct 15 09:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: Failed password for root from 103.154.77.2 port 39328 ssh2
Oct 15 09:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: Received disconnect from 103.154.77.2 port 39328:11: Bye Bye [preauth]
Oct 15 09:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: Disconnected from 103.154.77.2 port 39328 [preauth]
Oct 15 09:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17919]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169  user=root
Oct 15 09:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18460]: Failed password for root from 69.166.235.169 port 49546 ssh2
Oct 15 09:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18460]: Received disconnect from 69.166.235.169 port 49546:11: Bye Bye [preauth]
Oct 15 09:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18460]: Disconnected from 69.166.235.169 port 49546 [preauth]
Oct 15 09:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: Connection reset by 198.235.24.231 port 62824 [preauth]
Oct 15 09:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: Invalid user ftpuser from 51.161.32.24
Oct 15 09:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 09:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24
Oct 15 09:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: Failed password for invalid user ftpuser from 51.161.32.24 port 56112 ssh2
Oct 15 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: Received disconnect from 51.161.32.24 port 56112:11: Bye Bye [preauth]
Oct 15 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: Disconnected from 51.161.32.24 port 56112 [preauth]
Oct 15 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: Invalid user guest from 196.251.84.181
Oct 15 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: input_userauth_request: invalid user guest [preauth]
Oct 15 09:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: Failed password for invalid user guest from 196.251.84.181 port 34036 ssh2
Oct 15 09:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: Connection closed by 196.251.84.181 port 34036 [preauth]
Oct 15 09:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16874]: pam_unix(cron:session): session closed for user root
Oct 15 09:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18588]: Invalid user zgr from 195.250.72.168
Oct 15 09:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18588]: input_userauth_request: invalid user zgr [preauth]
Oct 15 09:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18588]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18588]: Failed password for invalid user zgr from 195.250.72.168 port 57390 ssh2
Oct 15 09:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18588]: Received disconnect from 195.250.72.168 port 57390:11: Bye Bye [preauth]
Oct 15 09:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18588]: Disconnected from 195.250.72.168 port 57390 [preauth]
Oct 15 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18646]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18648]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18644]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18719]: Successful su for rubyman by root
Oct 15 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18719]: + ??? root:rubyman
Oct 15 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416907 of user rubyman.
Oct 15 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18719]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416907.
Oct 15 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162  user=root
Oct 15 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18747]: Failed password for root from 185.213.164.162 port 46760 ssh2
Oct 15 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18747]: Received disconnect from 185.213.164.162 port 46760:11: Bye Bye [preauth]
Oct 15 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18747]: Disconnected from 185.213.164.162 port 46760 [preauth]
Oct 15 09:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15417]: pam_unix(cron:session): session closed for user root
Oct 15 09:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19018]: Invalid user guest from 196.251.84.181
Oct 15 09:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19018]: input_userauth_request: invalid user guest [preauth]
Oct 15 09:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19018]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19018]: Failed password for invalid user guest from 196.251.84.181 port 35214 ssh2
Oct 15 09:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19018]: Connection closed by 196.251.84.181 port 35214 [preauth]
Oct 15 09:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18645]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160  user=root
Oct 15 09:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: Failed password for root from 95.111.254.160 port 43698 ssh2
Oct 15 09:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: Received disconnect from 95.111.254.160 port 43698:11: Bye Bye [preauth]
Oct 15 09:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: Disconnected from 95.111.254.160 port 43698 [preauth]
Oct 15 09:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: Invalid user intell from 185.216.117.150
Oct 15 09:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: input_userauth_request: invalid user intell [preauth]
Oct 15 09:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 09:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: Failed password for invalid user intell from 185.216.117.150 port 42608 ssh2
Oct 15 09:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: Received disconnect from 185.216.117.150 port 42608:11: Bye Bye [preauth]
Oct 15 09:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: Disconnected from 185.216.117.150 port 42608 [preauth]
Oct 15 09:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: Invalid user saeid from 103.82.37.34
Oct 15 09:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: input_userauth_request: invalid user saeid [preauth]
Oct 15 09:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: Failed password for invalid user saeid from 103.82.37.34 port 38096 ssh2
Oct 15 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: Received disconnect from 103.82.37.34 port 38096:11: Bye Bye [preauth]
Oct 15 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: Disconnected from 103.82.37.34 port 38096 [preauth]
Oct 15 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: Invalid user tecnopos from 103.154.77.2
Oct 15 09:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: input_userauth_request: invalid user tecnopos [preauth]
Oct 15 09:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2
Oct 15 09:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19170]: User john from 69.166.235.169 not allowed because not listed in AllowUsers
Oct 15 09:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19170]: input_userauth_request: invalid user john [preauth]
Oct 15 09:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169  user=john
Oct 15 09:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: Failed password for invalid user tecnopos from 103.154.77.2 port 42060 ssh2
Oct 15 09:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: Received disconnect from 103.154.77.2 port 42060:11: Bye Bye [preauth]
Oct 15 09:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: Disconnected from 103.154.77.2 port 42060 [preauth]
Oct 15 09:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19170]: Failed password for invalid user john from 69.166.235.169 port 49714 ssh2
Oct 15 09:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19170]: Received disconnect from 69.166.235.169 port 49714:11: Bye Bye [preauth]
Oct 15 09:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19170]: Disconnected from 69.166.235.169 port 49714 [preauth]
Oct 15 09:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17365]: pam_unix(cron:session): session closed for user root
Oct 15 09:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24  user=root
Oct 15 09:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: Failed password for root from 51.161.32.24 port 45748 ssh2
Oct 15 09:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: Received disconnect from 51.161.32.24 port 45748:11: Bye Bye [preauth]
Oct 15 09:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: Disconnected from 51.161.32.24 port 45748 [preauth]
Oct 15 09:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: Invalid user ubuntu from 196.251.84.181
Oct 15 09:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: Failed password for invalid user ubuntu from 196.251.84.181 port 34126 ssh2
Oct 15 09:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19250]: Connection closed by 196.251.84.181 port 34126 [preauth]
Oct 15 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19301]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19297]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19300]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19298]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19301]: pam_unix(cron:session): session closed for user root
Oct 15 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19290]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[19557]: Successful su for rubyman by root
Oct 15 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[19557]: + ??? root:rubyman
Oct 15 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[19557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416913 of user rubyman.
Oct 15 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[19557]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416913.
Oct 15 09:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168  user=root
Oct 15 09:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: Failed password for root from 195.250.72.168 port 57550 ssh2
Oct 15 09:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: Received disconnect from 195.250.72.168 port 57550:11: Bye Bye [preauth]
Oct 15 09:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: Disconnected from 195.250.72.168 port 57550 [preauth]
Oct 15 09:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19297]: pam_unix(cron:session): session closed for user root
Oct 15 09:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15870]: pam_unix(cron:session): session closed for user root
Oct 15 09:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19292]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: Invalid user ubuntu from 196.251.84.181
Oct 15 09:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20037]: Invalid user exploit from 185.213.164.162
Oct 15 09:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20037]: input_userauth_request: invalid user exploit [preauth]
Oct 15 09:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20037]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162
Oct 15 09:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: Failed password for invalid user ubuntu from 196.251.84.181 port 33092 ssh2
Oct 15 09:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: Connection closed by 196.251.84.181 port 33092 [preauth]
Oct 15 09:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20037]: Failed password for invalid user exploit from 185.213.164.162 port 47882 ssh2
Oct 15 09:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20037]: Received disconnect from 185.213.164.162 port 47882:11: Bye Bye [preauth]
Oct 15 09:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20037]: Disconnected from 185.213.164.162 port 47882 [preauth]
Oct 15 09:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17921]: pam_unix(cron:session): session closed for user root
Oct 15 09:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160  user=root
Oct 15 09:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: Failed password for root from 95.111.254.160 port 56908 ssh2
Oct 15 09:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: Received disconnect from 95.111.254.160 port 56908:11: Bye Bye [preauth]
Oct 15 09:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: Disconnected from 95.111.254.160 port 56908 [preauth]
Oct 15 09:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150  user=root
Oct 15 09:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: Failed password for root from 185.216.117.150 port 49784 ssh2
Oct 15 09:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: Received disconnect from 185.216.117.150 port 49784:11: Bye Bye [preauth]
Oct 15 09:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: Disconnected from 185.216.117.150 port 49784 [preauth]
Oct 15 09:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Invalid user stefanos from 69.166.235.169
Oct 15 09:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: input_userauth_request: invalid user stefanos [preauth]
Oct 15 09:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 09:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Failed password for invalid user stefanos from 69.166.235.169 port 49890 ssh2
Oct 15 09:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Received disconnect from 69.166.235.169 port 49890:11: Bye Bye [preauth]
Oct 15 09:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Disconnected from 69.166.235.169 port 49890 [preauth]
Oct 15 09:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: Invalid user nabi from 103.82.37.34
Oct 15 09:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: input_userauth_request: invalid user nabi [preauth]
Oct 15 09:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20157]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20159]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20155]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: Failed password for invalid user nabi from 103.82.37.34 port 47632 ssh2
Oct 15 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20145]: Invalid user water from 103.154.77.2
Oct 15 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20145]: input_userauth_request: invalid user water [preauth]
Oct 15 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20145]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2
Oct 15 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: Received disconnect from 103.82.37.34 port 47632:11: Bye Bye [preauth]
Oct 15 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: Disconnected from 103.82.37.34 port 47632 [preauth]
Oct 15 09:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20273]: Successful su for rubyman by root
Oct 15 09:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20273]: + ??? root:rubyman
Oct 15 09:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416917 of user rubyman.
Oct 15 09:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20273]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416917.
Oct 15 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20145]: Failed password for invalid user water from 103.154.77.2 port 44804 ssh2
Oct 15 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20145]: Received disconnect from 103.154.77.2 port 44804:11: Bye Bye [preauth]
Oct 15 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20145]: Disconnected from 103.154.77.2 port 44804 [preauth]
Oct 15 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24  user=root
Oct 15 09:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20344]: Failed password for root from 51.161.32.24 port 52456 ssh2
Oct 15 09:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20344]: Received disconnect from 51.161.32.24 port 52456:11: Bye Bye [preauth]
Oct 15 09:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20344]: Disconnected from 51.161.32.24 port 52456 [preauth]
Oct 15 09:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16361]: pam_unix(cron:session): session closed for user root
Oct 15 09:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20476]: Invalid user ubuntu from 196.251.84.181
Oct 15 09:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20476]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20476]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20476]: Failed password for invalid user ubuntu from 196.251.84.181 port 32806 ssh2
Oct 15 09:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20476]: Connection closed by 196.251.84.181 port 32806 [preauth]
Oct 15 09:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20156]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168  user=root
Oct 15 09:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20566]: Failed password for root from 195.250.72.168 port 54580 ssh2
Oct 15 09:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20566]: Received disconnect from 195.250.72.168 port 54580:11: Bye Bye [preauth]
Oct 15 09:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20566]: Disconnected from 195.250.72.168 port 54580 [preauth]
Oct 15 09:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18648]: pam_unix(cron:session): session closed for user root
Oct 15 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: Invalid user ubuntu from 196.251.84.181
Oct 15 09:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: Failed password for invalid user ubuntu from 196.251.84.181 port 33068 ssh2
Oct 15 09:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20651]: Connection closed by 196.251.84.181 port 33068 [preauth]
Oct 15 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20667]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20665]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20746]: Successful su for rubyman by root
Oct 15 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20746]: + ??? root:rubyman
Oct 15 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416922 of user rubyman.
Oct 15 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20746]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416922.
Oct 15 09:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16872]: pam_unix(cron:session): session closed for user root
Oct 15 09:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162  user=root
Oct 15 09:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Failed password for root from 185.213.164.162 port 44906 ssh2
Oct 15 09:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Received disconnect from 185.213.164.162 port 44906:11: Bye Bye [preauth]
Oct 15 09:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Disconnected from 185.213.164.162 port 44906 [preauth]
Oct 15 09:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20666]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: Invalid user tecnopos from 95.111.254.160
Oct 15 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: input_userauth_request: invalid user tecnopos [preauth]
Oct 15 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21005]: Invalid user postgres from 69.166.235.169
Oct 15 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21005]: input_userauth_request: invalid user postgres [preauth]
Oct 15 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21005]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 09:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: Failed password for invalid user tecnopos from 95.111.254.160 port 34046 ssh2
Oct 15 09:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: Received disconnect from 95.111.254.160 port 34046:11: Bye Bye [preauth]
Oct 15 09:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: Disconnected from 95.111.254.160 port 34046 [preauth]
Oct 15 09:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21005]: Failed password for invalid user postgres from 69.166.235.169 port 50058 ssh2
Oct 15 09:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21005]: Received disconnect from 69.166.235.169 port 50058:11: Bye Bye [preauth]
Oct 15 09:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21005]: Disconnected from 69.166.235.169 port 50058 [preauth]
Oct 15 09:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150  user=root
Oct 15 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Invalid user shree from 51.161.32.24
Oct 15 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: input_userauth_request: invalid user shree [preauth]
Oct 15 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24
Oct 15 09:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Failed password for root from 185.216.117.150 port 36858 ssh2
Oct 15 09:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Received disconnect from 185.216.117.150 port 36858:11: Bye Bye [preauth]
Oct 15 09:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Disconnected from 185.216.117.150 port 36858 [preauth]
Oct 15 09:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Failed password for invalid user shree from 51.161.32.24 port 58356 ssh2
Oct 15 09:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Received disconnect from 51.161.32.24 port 58356:11: Bye Bye [preauth]
Oct 15 09:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Disconnected from 51.161.32.24 port 58356 [preauth]
Oct 15 09:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21022]: Invalid user yash from 103.154.77.2
Oct 15 09:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21022]: input_userauth_request: invalid user yash [preauth]
Oct 15 09:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21022]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2
Oct 15 09:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34  user=root
Oct 15 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21022]: Failed password for invalid user yash from 103.154.77.2 port 47542 ssh2
Oct 15 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21022]: Received disconnect from 103.154.77.2 port 47542:11: Bye Bye [preauth]
Oct 15 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21022]: Disconnected from 103.154.77.2 port 47542 [preauth]
Oct 15 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: Invalid user ubuntu from 196.251.84.181
Oct 15 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: Failed password for root from 103.82.37.34 port 36336 ssh2
Oct 15 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: Received disconnect from 103.82.37.34 port 36336:11: Bye Bye [preauth]
Oct 15 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: Disconnected from 103.82.37.34 port 36336 [preauth]
Oct 15 09:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: Failed password for invalid user ubuntu from 196.251.84.181 port 60364 ssh2
Oct 15 09:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: Connection closed by 196.251.84.181 port 60364 [preauth]
Oct 15 09:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19300]: pam_unix(cron:session): session closed for user root
Oct 15 09:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 15 09:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: Failed password for root from 185.156.73.233 port 44924 ssh2
Oct 15 09:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: Connection closed by 185.156.73.233 port 44924 [preauth]
Oct 15 09:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21142]: Invalid user sakurai from 195.250.72.168
Oct 15 09:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21142]: input_userauth_request: invalid user sakurai [preauth]
Oct 15 09:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21142]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21142]: Failed password for invalid user sakurai from 195.250.72.168 port 53346 ssh2
Oct 15 09:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21142]: Received disconnect from 195.250.72.168 port 53346:11: Bye Bye [preauth]
Oct 15 09:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21142]: Disconnected from 195.250.72.168 port 53346 [preauth]
Oct 15 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21149]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21148]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21145]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21145]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21221]: Successful su for rubyman by root
Oct 15 09:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21221]: + ??? root:rubyman
Oct 15 09:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416925 of user rubyman.
Oct 15 09:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21221]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416925.
Oct 15 09:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21353]: Invalid user adi from 220.247.224.226
Oct 15 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21353]: input_userauth_request: invalid user adi [preauth]
Oct 15 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21353]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17364]: pam_unix(cron:session): session closed for user root
Oct 15 09:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21353]: Failed password for invalid user adi from 220.247.224.226 port 9965 ssh2
Oct 15 09:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21353]: Received disconnect from 220.247.224.226 port 9965:11: Bye Bye [preauth]
Oct 15 09:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21353]: Disconnected from 220.247.224.226 port 9965 [preauth]
Oct 15 09:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Invalid user kamera from 158.51.124.122
Oct 15 09:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: input_userauth_request: invalid user kamera [preauth]
Oct 15 09:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.124.122
Oct 15 09:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Failed password for invalid user kamera from 158.51.124.122 port 38994 ssh2
Oct 15 09:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Received disconnect from 158.51.124.122 port 38994:11: Bye Bye [preauth]
Oct 15 09:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Disconnected from 158.51.124.122 port 38994 [preauth]
Oct 15 09:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: Invalid user ubuntu from 196.251.84.181
Oct 15 09:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: Failed password for invalid user ubuntu from 196.251.84.181 port 59914 ssh2
Oct 15 09:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: Connection closed by 196.251.84.181 port 59914 [preauth]
Oct 15 09:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21147]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192  user=root
Oct 15 09:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Failed password for root from 46.25.236.192 port 54396 ssh2
Oct 15 09:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Received disconnect from 46.25.236.192 port 54396:11: Bye Bye [preauth]
Oct 15 09:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21578]: Disconnected from 46.25.236.192 port 54396 [preauth]
Oct 15 09:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: Invalid user jupiter from 185.213.164.162
Oct 15 09:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: input_userauth_request: invalid user jupiter [preauth]
Oct 15 09:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162
Oct 15 09:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20159]: pam_unix(cron:session): session closed for user root
Oct 15 09:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: Failed password for invalid user jupiter from 185.213.164.162 port 32812 ssh2
Oct 15 09:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: Received disconnect from 185.213.164.162 port 32812:11: Bye Bye [preauth]
Oct 15 09:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21594]: Disconnected from 185.213.164.162 port 32812 [preauth]
Oct 15 09:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240  user=root
Oct 15 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: Failed password for root from 38.57.235.240 port 37988 ssh2
Oct 15 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: Received disconnect from 38.57.235.240 port 37988:11: Bye Bye [preauth]
Oct 15 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21628]: Disconnected from 38.57.235.240 port 37988 [preauth]
Oct 15 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: Invalid user jessetho from 69.166.235.169
Oct 15 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: input_userauth_request: invalid user jessetho [preauth]
Oct 15 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 09:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24  user=root
Oct 15 09:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: Failed password for invalid user jessetho from 69.166.235.169 port 50208 ssh2
Oct 15 09:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: Received disconnect from 69.166.235.169 port 50208:11: Bye Bye [preauth]
Oct 15 09:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: Disconnected from 69.166.235.169 port 50208 [preauth]
Oct 15 09:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Failed password for root from 51.161.32.24 port 53874 ssh2
Oct 15 09:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Received disconnect from 51.161.32.24 port 53874:11: Bye Bye [preauth]
Oct 15 09:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21633]: Disconnected from 51.161.32.24 port 53874 [preauth]
Oct 15 09:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: Invalid user r from 95.111.254.160
Oct 15 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: input_userauth_request: invalid user r [preauth]
Oct 15 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 09:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21668]: Invalid user ubuntu from 196.251.84.181
Oct 15 09:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21668]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21668]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: Failed password for invalid user r from 95.111.254.160 port 46218 ssh2
Oct 15 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: Received disconnect from 95.111.254.160 port 46218:11: Bye Bye [preauth]
Oct 15 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21665]: Disconnected from 95.111.254.160 port 46218 [preauth]
Oct 15 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21668]: Failed password for invalid user ubuntu from 196.251.84.181 port 59102 ssh2
Oct 15 09:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21668]: Connection closed by 196.251.84.181 port 59102 [preauth]
Oct 15 09:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21679]: Invalid user staging from 185.216.117.150
Oct 15 09:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21679]: input_userauth_request: invalid user staging [preauth]
Oct 15 09:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21679]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 09:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21701]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21702]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21699]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21699]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2  user=root
Oct 15 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21679]: Failed password for invalid user staging from 185.216.117.150 port 39322 ssh2
Oct 15 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21679]: Received disconnect from 185.216.117.150 port 39322:11: Bye Bye [preauth]
Oct 15 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21679]: Disconnected from 185.216.117.150 port 39322 [preauth]
Oct 15 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21776]: Successful su for rubyman by root
Oct 15 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21776]: + ??? root:rubyman
Oct 15 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21776]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416930 of user rubyman.
Oct 15 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21776]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416930.
Oct 15 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21694]: Failed password for root from 103.154.77.2 port 50292 ssh2
Oct 15 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21694]: Received disconnect from 103.154.77.2 port 50292:11: Bye Bye [preauth]
Oct 15 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21694]: Disconnected from 103.154.77.2 port 50292 [preauth]
Oct 15 09:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17920]: pam_unix(cron:session): session closed for user root
Oct 15 09:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21976]: Invalid user ubuntu from 103.82.37.34
Oct 15 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21976]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21976]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21976]: Failed password for invalid user ubuntu from 103.82.37.34 port 56646 ssh2
Oct 15 09:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21976]: Received disconnect from 103.82.37.34 port 56646:11: Bye Bye [preauth]
Oct 15 09:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21976]: Disconnected from 103.82.37.34 port 56646 [preauth]
Oct 15 09:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21700]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22025]: Invalid user  from 129.212.181.5
Oct 15 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22025]: input_userauth_request: invalid user  [preauth]
Oct 15 09:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22043]: Invalid user sns from 195.250.72.168
Oct 15 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22043]: input_userauth_request: invalid user sns [preauth]
Oct 15 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22043]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22025]: Connection closed by 129.212.181.5 port 44236 [preauth]
Oct 15 09:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22043]: Failed password for invalid user sns from 195.250.72.168 port 59550 ssh2
Oct 15 09:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22043]: Received disconnect from 195.250.72.168 port 59550:11: Bye Bye [preauth]
Oct 15 09:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22043]: Disconnected from 195.250.72.168 port 59550 [preauth]
Oct 15 09:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: Invalid user ubuntu from 196.251.84.181
Oct 15 09:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: Invalid user min from 37.120.247.100
Oct 15 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: input_userauth_request: invalid user min [preauth]
Oct 15 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: Failed password for invalid user ubuntu from 196.251.84.181 port 58208 ssh2
Oct 15 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: Connection closed by 196.251.84.181 port 58208 [preauth]
Oct 15 09:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: Failed password for invalid user min from 37.120.247.100 port 50216 ssh2
Oct 15 09:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: Received disconnect from 37.120.247.100 port 50216:11: Bye Bye [preauth]
Oct 15 09:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: Disconnected from 37.120.247.100 port 50216 [preauth]
Oct 15 09:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session closed for user root
Oct 15 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: Invalid user zoom from 107.150.110.167
Oct 15 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: input_userauth_request: invalid user zoom [preauth]
Oct 15 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 09:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.78.60.105  user=root
Oct 15 09:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: Failed password for invalid user zoom from 107.150.110.167 port 62010 ssh2
Oct 15 09:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: Received disconnect from 107.150.110.167 port 62010:11: Bye Bye [preauth]
Oct 15 09:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22125]: Disconnected from 107.150.110.167 port 62010 [preauth]
Oct 15 09:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Failed password for root from 218.78.60.105 port 49512 ssh2
Oct 15 09:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Received disconnect from 218.78.60.105 port 49512:11: Bye Bye [preauth]
Oct 15 09:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Disconnected from 218.78.60.105 port 49512 [preauth]
Oct 15 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22226]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22222]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22220]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22224]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22226]: pam_unix(cron:session): session closed for user root
Oct 15 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22218]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22310]: Successful su for rubyman by root
Oct 15 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22310]: + ??? root:rubyman
Oct 15 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22310]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416938 of user rubyman.
Oct 15 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22310]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416938.
Oct 15 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: Invalid user exploit from 51.161.32.24
Oct 15 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: input_userauth_request: invalid user exploit [preauth]
Oct 15 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24
Oct 15 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22220]: pam_unix(cron:session): session closed for user root
Oct 15 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22440]: Invalid user neil from 185.213.164.162
Oct 15 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22440]: input_userauth_request: invalid user neil [preauth]
Oct 15 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22440]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162
Oct 15 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: Invalid user ubuntu from 196.251.84.181
Oct 15 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18646]: pam_unix(cron:session): session closed for user root
Oct 15 09:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22440]: Failed password for invalid user neil from 185.213.164.162 port 44796 ssh2
Oct 15 09:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: Failed password for invalid user exploit from 51.161.32.24 port 50702 ssh2
Oct 15 09:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: Received disconnect from 51.161.32.24 port 50702:11: Bye Bye [preauth]
Oct 15 09:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22438]: Disconnected from 51.161.32.24 port 50702 [preauth]
Oct 15 09:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22440]: Received disconnect from 185.213.164.162 port 44796:11: Bye Bye [preauth]
Oct 15 09:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22440]: Disconnected from 185.213.164.162 port 44796 [preauth]
Oct 15 09:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: Failed password for invalid user ubuntu from 196.251.84.181 port 57296 ssh2
Oct 15 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: Connection closed by 196.251.84.181 port 57296 [preauth]
Oct 15 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22526]: Invalid user webmail from 69.166.235.169
Oct 15 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22526]: input_userauth_request: invalid user webmail [preauth]
Oct 15 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22526]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22526]: Failed password for invalid user webmail from 69.166.235.169 port 50396 ssh2
Oct 15 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22526]: Received disconnect from 69.166.235.169 port 50396:11: Bye Bye [preauth]
Oct 15 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22526]: Disconnected from 69.166.235.169 port 50396 [preauth]
Oct 15 09:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22219]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160  user=root
Oct 15 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22587]: Failed password for root from 95.111.254.160 port 52412 ssh2
Oct 15 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22587]: Received disconnect from 95.111.254.160 port 52412:11: Bye Bye [preauth]
Oct 15 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22587]: Disconnected from 95.111.254.160 port 52412 [preauth]
Oct 15 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22600]: Invalid user samba from 129.212.181.5
Oct 15 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22600]: input_userauth_request: invalid user samba [preauth]
Oct 15 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22600]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22600]: Failed password for invalid user samba from 129.212.181.5 port 36068 ssh2
Oct 15 09:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22600]: Connection closed by 129.212.181.5 port 36068 [preauth]
Oct 15 09:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150  user=root
Oct 15 09:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: Invalid user ansible from 129.212.181.5
Oct 15 09:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: input_userauth_request: invalid user ansible [preauth]
Oct 15 09:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22602]: Failed password for root from 185.216.117.150 port 57918 ssh2
Oct 15 09:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22602]: Received disconnect from 185.216.117.150 port 57918:11: Bye Bye [preauth]
Oct 15 09:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22602]: Disconnected from 185.216.117.150 port 57918 [preauth]
Oct 15 09:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2  user=root
Oct 15 09:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: Failed password for invalid user ansible from 129.212.181.5 port 36076 ssh2
Oct 15 09:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22615]: Connection closed by 129.212.181.5 port 36076 [preauth]
Oct 15 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: Failed password for root from 103.154.77.2 port 53048 ssh2
Oct 15 09:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: Received disconnect from 103.154.77.2 port 53048:11: Bye Bye [preauth]
Oct 15 09:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: Disconnected from 103.154.77.2 port 53048 [preauth]
Oct 15 09:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: Failed password for root from 129.212.181.5 port 36082 ssh2
Oct 15 09:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: Connection closed by 129.212.181.5 port 36082 [preauth]
Oct 15 09:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: Did not receive identification string from 116.212.152.39
Oct 15 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: Invalid user jack from 129.212.181.5
Oct 15 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: input_userauth_request: invalid user jack [preauth]
Oct 15 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232  user=root
Oct 15 09:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21149]: pam_unix(cron:session): session closed for user root
Oct 15 09:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Did not receive identification string from 116.212.152.39
Oct 15 09:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: Failed password for invalid user jack from 129.212.181.5 port 41124 ssh2
Oct 15 09:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22667]: Connection closed by 129.212.181.5 port 41124 [preauth]
Oct 15 09:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22669]: Failed password for root from 160.174.129.232 port 42915 ssh2
Oct 15 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22669]: Received disconnect from 160.174.129.232 port 42915:11: Bye Bye [preauth]
Oct 15 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22669]: Disconnected from 160.174.129.232 port 42915 [preauth]
Oct 15 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22710]: Invalid user kingbase from 129.212.181.5
Oct 15 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22710]: input_userauth_request: invalid user kingbase [preauth]
Oct 15 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22710]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22710]: Failed password for invalid user kingbase from 129.212.181.5 port 41136 ssh2
Oct 15 09:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22710]: Connection closed by 129.212.181.5 port 41136 [preauth]
Oct 15 09:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: User mysql from 129.212.181.5 not allowed because not listed in AllowUsers
Oct 15 09:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: input_userauth_request: invalid user mysql [preauth]
Oct 15 09:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=mysql
Oct 15 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: Invalid user negar from 103.82.37.34
Oct 15 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: input_userauth_request: invalid user negar [preauth]
Oct 15 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: Failed password for invalid user mysql from 129.212.181.5 port 41152 ssh2
Oct 15 09:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: Connection closed by 129.212.181.5 port 41152 [preauth]
Oct 15 09:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22908]: Invalid user linux from 129.212.181.5
Oct 15 09:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22908]: input_userauth_request: invalid user linux [preauth]
Oct 15 09:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: Failed password for invalid user negar from 103.82.37.34 port 45450 ssh2
Oct 15 09:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22908]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: Received disconnect from 103.82.37.34 port 45450:11: Bye Bye [preauth]
Oct 15 09:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: Disconnected from 103.82.37.34 port 45450 [preauth]
Oct 15 09:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22908]: Failed password for invalid user linux from 129.212.181.5 port 60984 ssh2
Oct 15 09:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22908]: Connection closed by 129.212.181.5 port 60984 [preauth]
Oct 15 09:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22936]: Invalid user pi from 196.251.84.181
Oct 15 09:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22936]: input_userauth_request: invalid user pi [preauth]
Oct 15 09:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22936]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22938]: Invalid user david from 129.212.181.5
Oct 15 09:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22938]: input_userauth_request: invalid user david [preauth]
Oct 15 09:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22938]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22936]: Failed password for invalid user pi from 196.251.84.181 port 56974 ssh2
Oct 15 09:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168  user=root
Oct 15 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22936]: Connection closed by 196.251.84.181 port 56974 [preauth]
Oct 15 09:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22938]: Failed password for invalid user david from 129.212.181.5 port 60994 ssh2
Oct 15 09:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22938]: Connection closed by 129.212.181.5 port 60994 [preauth]
Oct 15 09:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: Failed password for root from 195.250.72.168 port 56186 ssh2
Oct 15 09:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: Received disconnect from 195.250.72.168 port 56186:11: Bye Bye [preauth]
Oct 15 09:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22942]: Disconnected from 195.250.72.168 port 56186 [preauth]
Oct 15 09:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22956]: Invalid user support from 129.212.181.5
Oct 15 09:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22956]: input_userauth_request: invalid user support [preauth]
Oct 15 09:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22956]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22956]: Failed password for invalid user support from 129.212.181.5 port 32768 ssh2
Oct 15 09:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22956]: Connection closed by 129.212.181.5 port 32768 [preauth]
Oct 15 09:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22959]: Invalid user es from 129.212.181.5
Oct 15 09:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22959]: input_userauth_request: invalid user es [preauth]
Oct 15 09:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22959]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22959]: Failed password for invalid user es from 129.212.181.5 port 60924 ssh2
Oct 15 09:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22959]: Connection closed by 129.212.181.5 port 60924 [preauth]
Oct 15 09:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: Invalid user hadoop from 129.212.181.5
Oct 15 09:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: input_userauth_request: invalid user hadoop [preauth]
Oct 15 09:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23114]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23113]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23110]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: Failed password for invalid user hadoop from 129.212.181.5 port 60938 ssh2
Oct 15 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23107]: Connection closed by 129.212.181.5 port 60938 [preauth]
Oct 15 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23221]: Successful su for rubyman by root
Oct 15 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23221]: + ??? root:rubyman
Oct 15 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416939 of user rubyman.
Oct 15 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23221]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416939.
Oct 15 09:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: Invalid user dmdba from 129.212.181.5
Oct 15 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: input_userauth_request: invalid user dmdba [preauth]
Oct 15 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: Failed password for invalid user dmdba from 129.212.181.5 port 60948 ssh2
Oct 15 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: Connection closed by 129.212.181.5 port 60948 [preauth]
Oct 15 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23342]: Invalid user vagrant from 129.212.181.5
Oct 15 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23342]: input_userauth_request: invalid user vagrant [preauth]
Oct 15 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23342]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22707]: Connection closed by 116.212.152.39 port 24986 [preauth]
Oct 15 09:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23342]: Failed password for invalid user vagrant from 129.212.181.5 port 44924 ssh2
Oct 15 09:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23342]: Connection closed by 129.212.181.5 port 44924 [preauth]
Oct 15 09:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: User nobody from 129.212.181.5 not allowed because not listed in AllowUsers
Oct 15 09:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: input_userauth_request: invalid user nobody [preauth]
Oct 15 09:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=nobody
Oct 15 09:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: Failed password for invalid user nobody from 129.212.181.5 port 44938 ssh2
Oct 15 09:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23577]: Connection closed by 129.212.181.5 port 44938 [preauth]
Oct 15 09:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19298]: pam_unix(cron:session): session closed for user root
Oct 15 09:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: Invalid user user1 from 129.212.181.5
Oct 15 09:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: input_userauth_request: invalid user user1 [preauth]
Oct 15 09:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: Failed password for invalid user user1 from 129.212.181.5 port 48570 ssh2
Oct 15 09:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23787]: Connection closed by 129.212.181.5 port 48570 [preauth]
Oct 15 09:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23112]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23815]: Failed password for root from 129.212.181.5 port 48588 ssh2
Oct 15 09:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23815]: Connection closed by 129.212.181.5 port 48588 [preauth]
Oct 15 09:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23841]: Invalid user admin from 129.212.181.5
Oct 15 09:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23841]: input_userauth_request: invalid user admin [preauth]
Oct 15 09:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23841]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23841]: Failed password for invalid user admin from 129.212.181.5 port 48610 ssh2
Oct 15 09:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23841]: Connection closed by 129.212.181.5 port 48610 [preauth]
Oct 15 09:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: Invalid user gitlab-runner from 129.212.181.5
Oct 15 09:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: input_userauth_request: invalid user gitlab-runner [preauth]
Oct 15 09:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: Failed password for invalid user gitlab-runner from 129.212.181.5 port 48636 ssh2
Oct 15 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23846]: Connection closed by 129.212.181.5 port 48636 [preauth]
Oct 15 09:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23857]: Invalid user ubuntu from 129.212.181.5
Oct 15 09:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23857]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23857]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24  user=root
Oct 15 09:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: Invalid user pi from 196.251.84.181
Oct 15 09:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: input_userauth_request: invalid user pi [preauth]
Oct 15 09:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23857]: Failed password for invalid user ubuntu from 129.212.181.5 port 56424 ssh2
Oct 15 09:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23857]: Connection closed by 129.212.181.5 port 56424 [preauth]
Oct 15 09:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23862]: Failed password for root from 51.161.32.24 port 44462 ssh2
Oct 15 09:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23862]: Received disconnect from 51.161.32.24 port 44462:11: Bye Bye [preauth]
Oct 15 09:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23862]: Disconnected from 51.161.32.24 port 44462 [preauth]
Oct 15 09:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23878]: Invalid user nvidia from 129.212.181.5
Oct 15 09:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23878]: input_userauth_request: invalid user nvidia [preauth]
Oct 15 09:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23878]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: Failed password for invalid user pi from 196.251.84.181 port 55804 ssh2
Oct 15 09:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: Connection closed by 196.251.84.181 port 55804 [preauth]
Oct 15 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23878]: Failed password for invalid user nvidia from 129.212.181.5 port 56428 ssh2
Oct 15 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23878]: Connection closed by 129.212.181.5 port 56428 [preauth]
Oct 15 09:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23892]: Invalid user jenkins from 129.212.181.5
Oct 15 09:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23892]: input_userauth_request: invalid user jenkins [preauth]
Oct 15 09:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23892]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
Oct 15 09:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23892]: Failed password for invalid user jenkins from 129.212.181.5 port 42878 ssh2
Oct 15 09:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23892]: Connection closed by 129.212.181.5 port 42878 [preauth]
Oct 15 09:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23890]: Failed password for root from 220.247.224.226 port 42637 ssh2
Oct 15 09:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23890]: Received disconnect from 220.247.224.226 port 42637:11: Bye Bye [preauth]
Oct 15 09:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23890]: Disconnected from 220.247.224.226 port 42637 [preauth]
Oct 15 09:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21702]: pam_unix(cron:session): session closed for user root
Oct 15 09:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: Received disconnect from 193.46.255.217 port 11298:11:  [preauth]
Oct 15 09:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: Disconnected from 193.46.255.217 port 11298 [preauth]
Oct 15 09:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23900]: Failed password for root from 129.212.181.5 port 42884 ssh2
Oct 15 09:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23900]: Connection closed by 129.212.181.5 port 42884 [preauth]
Oct 15 09:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: Invalid user username from 129.212.181.5
Oct 15 09:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: input_userauth_request: invalid user username [preauth]
Oct 15 09:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: Failed password for invalid user username from 129.212.181.5 port 42896 ssh2
Oct 15 09:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: Connection closed by 129.212.181.5 port 42896 [preauth]
Oct 15 09:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: Invalid user angel from 129.212.181.5
Oct 15 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: input_userauth_request: invalid user angel [preauth]
Oct 15 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: Invalid user weblogic from 185.213.164.162
Oct 15 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: input_userauth_request: invalid user weblogic [preauth]
Oct 15 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162
Oct 15 09:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: Failed password for invalid user angel from 129.212.181.5 port 53410 ssh2
Oct 15 09:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: Connection closed by 129.212.181.5 port 53410 [preauth]
Oct 15 09:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: Failed password for invalid user weblogic from 185.213.164.162 port 40526 ssh2
Oct 15 09:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: Received disconnect from 185.213.164.162 port 40526:11: Bye Bye [preauth]
Oct 15 09:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: Disconnected from 185.213.164.162 port 40526 [preauth]
Oct 15 09:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: Failed password for root from 129.212.181.5 port 53420 ssh2
Oct 15 09:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: Connection closed by 129.212.181.5 port 53420 [preauth]
Oct 15 09:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: Invalid user guest from 129.212.181.5
Oct 15 09:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: input_userauth_request: invalid user guest [preauth]
Oct 15 09:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169  user=root
Oct 15 09:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: Failed password for invalid user guest from 129.212.181.5 port 53426 ssh2
Oct 15 09:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: Connection closed by 129.212.181.5 port 53426 [preauth]
Oct 15 09:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: Failed password for root from 69.166.235.169 port 50552 ssh2
Oct 15 09:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: Received disconnect from 69.166.235.169 port 50552:11: Bye Bye [preauth]
Oct 15 09:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23992]: Disconnected from 69.166.235.169 port 50552 [preauth]
Oct 15 09:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: Invalid user oracle from 129.212.181.5
Oct 15 09:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: input_userauth_request: invalid user oracle [preauth]
Oct 15 09:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: Failed password for invalid user oracle from 129.212.181.5 port 38432 ssh2
Oct 15 09:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23994]: Connection closed by 129.212.181.5 port 38432 [preauth]
Oct 15 09:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24009]: Invalid user niaoyun from 129.212.181.5
Oct 15 09:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24009]: input_userauth_request: invalid user niaoyun [preauth]
Oct 15 09:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24009]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167  user=root
Oct 15 09:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24009]: Failed password for invalid user niaoyun from 129.212.181.5 port 38446 ssh2
Oct 15 09:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160  user=root
Oct 15 09:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24009]: Connection closed by 129.212.181.5 port 38446 [preauth]
Oct 15 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: Invalid user sachin from 38.57.235.240
Oct 15 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: input_userauth_request: invalid user sachin [preauth]
Oct 15 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: Failed password for root from 107.150.110.167 port 49370 ssh2
Oct 15 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: Received disconnect from 107.150.110.167 port 49370:11: Bye Bye [preauth]
Oct 15 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24012]: Disconnected from 107.150.110.167 port 49370 [preauth]
Oct 15 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: Invalid user student from 129.212.181.5
Oct 15 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: input_userauth_request: invalid user student [preauth]
Oct 15 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24027]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24026]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24024]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24014]: Failed password for root from 95.111.254.160 port 37192 ssh2
Oct 15 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: Failed password for invalid user sachin from 38.57.235.240 port 33198 ssh2
Oct 15 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: Received disconnect from 38.57.235.240 port 33198:11: Bye Bye [preauth]
Oct 15 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24016]: Disconnected from 38.57.235.240 port 33198 [preauth]
Oct 15 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24014]: Received disconnect from 95.111.254.160 port 37192:11: Bye Bye [preauth]
Oct 15 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24014]: Disconnected from 95.111.254.160 port 37192 [preauth]
Oct 15 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24128]: Successful su for rubyman by root
Oct 15 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24128]: + ??? root:rubyman
Oct 15 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416943 of user rubyman.
Oct 15 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24128]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416943.
Oct 15 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: Failed password for invalid user student from 129.212.181.5 port 38454 ssh2
Oct 15 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: Connection closed by 129.212.181.5 port 38454 [preauth]
Oct 15 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100  user=root
Oct 15 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: Invalid user www from 129.212.181.5
Oct 15 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: input_userauth_request: invalid user www [preauth]
Oct 15 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Invalid user r from 103.154.77.2
Oct 15 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: input_userauth_request: invalid user r [preauth]
Oct 15 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2
Oct 15 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: Failed password for invalid user www from 129.212.181.5 port 57162 ssh2
Oct 15 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24180]: Connection closed by 129.212.181.5 port 57162 [preauth]
Oct 15 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24164]: Failed password for root from 37.120.247.100 port 54294 ssh2
Oct 15 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24164]: Received disconnect from 37.120.247.100 port 54294:11: Bye Bye [preauth]
Oct 15 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24164]: Disconnected from 37.120.247.100 port 54294 [preauth]
Oct 15 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: Invalid user confluence from 185.216.117.150
Oct 15 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: input_userauth_request: invalid user confluence [preauth]
Oct 15 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Failed password for invalid user r from 103.154.77.2 port 55790 ssh2
Oct 15 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Received disconnect from 103.154.77.2 port 55790:11: Bye Bye [preauth]
Oct 15 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24209]: Disconnected from 103.154.77.2 port 55790 [preauth]
Oct 15 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24291]: Invalid user pi from 196.251.84.181
Oct 15 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24291]: input_userauth_request: invalid user pi [preauth]
Oct 15 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: Failed password for invalid user confluence from 185.216.117.150 port 56166 ssh2
Oct 15 09:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: Received disconnect from 185.216.117.150 port 56166:11: Bye Bye [preauth]
Oct 15 09:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24229]: Disconnected from 185.216.117.150 port 56166 [preauth]
Oct 15 09:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24291]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: Failed password for root from 129.212.181.5 port 57168 ssh2
Oct 15 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: Connection closed by 129.212.181.5 port 57168 [preauth]
Oct 15 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20157]: pam_unix(cron:session): session closed for user root
Oct 15 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: Invalid user tom from 129.212.181.5
Oct 15 09:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: input_userauth_request: invalid user tom [preauth]
Oct 15 09:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24291]: Failed password for invalid user pi from 196.251.84.181 port 54798 ssh2
Oct 15 09:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24291]: Connection closed by 196.251.84.181 port 54798 [preauth]
Oct 15 09:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: Failed password for invalid user tom from 129.212.181.5 port 57178 ssh2
Oct 15 09:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: Connection closed by 129.212.181.5 port 57178 [preauth]
Oct 15 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24025]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24384]: Failed password for root from 129.212.181.5 port 46948 ssh2
Oct 15 09:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24384]: Connection closed by 129.212.181.5 port 46948 [preauth]
Oct 15 09:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24423]: Invalid user ubuntu from 129.212.181.5
Oct 15 09:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24423]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24423]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24423]: Failed password for invalid user ubuntu from 129.212.181.5 port 46974 ssh2
Oct 15 09:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24423]: Connection closed by 129.212.181.5 port 46974 [preauth]
Oct 15 09:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24442]: Invalid user nagios from 129.212.181.5
Oct 15 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24442]: input_userauth_request: invalid user nagios [preauth]
Oct 15 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24442]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Invalid user upload from 103.82.37.34
Oct 15 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: input_userauth_request: invalid user upload [preauth]
Oct 15 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24444]: Invalid user edith from 195.250.72.168
Oct 15 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24444]: input_userauth_request: invalid user edith [preauth]
Oct 15 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24444]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24442]: Failed password for invalid user nagios from 129.212.181.5 port 46980 ssh2
Oct 15 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24442]: Connection closed by 129.212.181.5 port 46980 [preauth]
Oct 15 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Failed password for invalid user upload from 103.82.37.34 port 51194 ssh2
Oct 15 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Received disconnect from 103.82.37.34 port 51194:11: Bye Bye [preauth]
Oct 15 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Disconnected from 103.82.37.34 port 51194 [preauth]
Oct 15 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24457]: Invalid user elastic from 129.212.181.5
Oct 15 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24457]: input_userauth_request: invalid user elastic [preauth]
Oct 15 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24457]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24444]: Failed password for invalid user edith from 195.250.72.168 port 38464 ssh2
Oct 15 09:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24444]: Received disconnect from 195.250.72.168 port 38464:11: Bye Bye [preauth]
Oct 15 09:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24444]: Disconnected from 195.250.72.168 port 38464 [preauth]
Oct 15 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24457]: Failed password for invalid user elastic from 129.212.181.5 port 42570 ssh2
Oct 15 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24457]: Connection closed by 129.212.181.5 port 42570 [preauth]
Oct 15 09:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24460]: Invalid user adminuser from 129.212.181.5
Oct 15 09:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24460]: input_userauth_request: invalid user adminuser [preauth]
Oct 15 09:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24460]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24460]: Failed password for invalid user adminuser from 129.212.181.5 port 42582 ssh2
Oct 15 09:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24460]: Connection closed by 129.212.181.5 port 42582 [preauth]
Oct 15 09:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Invalid user pi from 129.212.181.5
Oct 15 09:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: input_userauth_request: invalid user pi [preauth]
Oct 15 09:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Failed password for invalid user pi from 129.212.181.5 port 42594 ssh2
Oct 15 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Connection closed by 129.212.181.5 port 42594 [preauth]
Oct 15 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: Invalid user elaine from 160.174.129.232
Oct 15 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: input_userauth_request: invalid user elaine [preauth]
Oct 15 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: Invalid user sonar from 129.212.181.5
Oct 15 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: input_userauth_request: invalid user sonar [preauth]
Oct 15 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: Failed password for invalid user elaine from 160.174.129.232 port 33568 ssh2
Oct 15 09:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: Received disconnect from 160.174.129.232 port 33568:11: Bye Bye [preauth]
Oct 15 09:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: Disconnected from 160.174.129.232 port 33568 [preauth]
Oct 15 09:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: Failed password for invalid user sonar from 129.212.181.5 port 55950 ssh2
Oct 15 09:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24499]: Connection closed by 129.212.181.5 port 55950 [preauth]
Oct 15 09:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192  user=root
Oct 15 09:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24527]: User mysql from 129.212.181.5 not allowed because not listed in AllowUsers
Oct 15 09:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24527]: input_userauth_request: invalid user mysql [preauth]
Oct 15 09:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=mysql
Oct 15 09:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24497]: Failed password for root from 46.25.236.192 port 49158 ssh2
Oct 15 09:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24497]: Received disconnect from 46.25.236.192 port 49158:11: Bye Bye [preauth]
Oct 15 09:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24497]: Disconnected from 46.25.236.192 port 49158 [preauth]
Oct 15 09:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24527]: Failed password for invalid user mysql from 129.212.181.5 port 55964 ssh2
Oct 15 09:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24527]: Connection closed by 129.212.181.5 port 55964 [preauth]
Oct 15 09:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22224]: pam_unix(cron:session): session closed for user root
Oct 15 09:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24560]: Invalid user testuser from 129.212.181.5
Oct 15 09:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24560]: input_userauth_request: invalid user testuser [preauth]
Oct 15 09:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24560]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24560]: Failed password for invalid user testuser from 129.212.181.5 port 55974 ssh2
Oct 15 09:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24560]: Connection closed by 129.212.181.5 port 55974 [preauth]
Oct 15 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: Invalid user ftpuser from 129.212.181.5
Oct 15 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: Failed password for invalid user ftpuser from 129.212.181.5 port 34532 ssh2
Oct 15 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24563]: Connection closed by 129.212.181.5 port 34532 [preauth]
Oct 15 09:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: Invalid user kubernetes from 129.212.181.5
Oct 15 09:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: input_userauth_request: invalid user kubernetes [preauth]
Oct 15 09:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24583]: Invalid user pi from 196.251.84.181
Oct 15 09:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24583]: input_userauth_request: invalid user pi [preauth]
Oct 15 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24583]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: Failed password for invalid user kubernetes from 129.212.181.5 port 34548 ssh2
Oct 15 09:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: Connection closed by 129.212.181.5 port 34548 [preauth]
Oct 15 09:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24603]: Invalid user test from 129.212.181.5
Oct 15 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24603]: input_userauth_request: invalid user test [preauth]
Oct 15 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: Invalid user zain from 51.161.32.24
Oct 15 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: input_userauth_request: invalid user zain [preauth]
Oct 15 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24
Oct 15 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24603]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24583]: Failed password for invalid user pi from 196.251.84.181 port 54580 ssh2
Oct 15 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24583]: Connection closed by 196.251.84.181 port 54580 [preauth]
Oct 15 09:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: Failed password for invalid user zain from 51.161.32.24 port 50090 ssh2
Oct 15 09:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24603]: Failed password for invalid user test from 129.212.181.5 port 34564 ssh2
Oct 15 09:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: Received disconnect from 51.161.32.24 port 50090:11: Bye Bye [preauth]
Oct 15 09:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: Disconnected from 51.161.32.24 port 50090 [preauth]
Oct 15 09:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24603]: Connection closed by 129.212.181.5 port 34564 [preauth]
Oct 15 09:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: Invalid user user3 from 129.212.181.5
Oct 15 09:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: input_userauth_request: invalid user user3 [preauth]
Oct 15 09:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: Failed password for invalid user user3 from 129.212.181.5 port 45190 ssh2
Oct 15 09:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24617]: Connection closed by 129.212.181.5 port 45190 [preauth]
Oct 15 09:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Invalid user centos from 129.212.181.5
Oct 15 09:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: input_userauth_request: invalid user centos [preauth]
Oct 15 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Failed password for invalid user centos from 129.212.181.5 port 45202 ssh2
Oct 15 09:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Connection closed by 129.212.181.5 port 45202 [preauth]
Oct 15 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24641]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24639]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24636]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24717]: Successful su for rubyman by root
Oct 15 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24717]: + ??? root:rubyman
Oct 15 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416947 of user rubyman.
Oct 15 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24717]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416947.
Oct 15 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: Failed password for root from 129.212.181.5 port 45218 ssh2
Oct 15 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24633]: Connection closed by 129.212.181.5 port 45218 [preauth]
Oct 15 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24775]: Failed password for root from 129.212.181.5 port 52618 ssh2
Oct 15 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24775]: Connection closed by 129.212.181.5 port 52618 [preauth]
Oct 15 09:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: Invalid user steam from 129.212.181.5
Oct 15 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: input_userauth_request: invalid user steam [preauth]
Oct 15 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20667]: pam_unix(cron:session): session closed for user root
Oct 15 09:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: Failed password for invalid user steam from 129.212.181.5 port 52626 ssh2
Oct 15 09:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24832]: Connection closed by 129.212.181.5 port 52626 [preauth]
Oct 15 09:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24910]: User ftp from 129.212.181.5 not allowed because not listed in AllowUsers
Oct 15 09:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24910]: input_userauth_request: invalid user ftp [preauth]
Oct 15 09:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=ftp
Oct 15 09:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24910]: Failed password for invalid user ftp from 129.212.181.5 port 52638 ssh2
Oct 15 09:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24910]: Connection closed by 129.212.181.5 port 52638 [preauth]
Oct 15 09:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24932]: Invalid user debian from 129.212.181.5
Oct 15 09:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24932]: input_userauth_request: invalid user debian [preauth]
Oct 15 09:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24932]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24932]: Failed password for invalid user debian from 129.212.181.5 port 54996 ssh2
Oct 15 09:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24932]: Connection closed by 129.212.181.5 port 54996 [preauth]
Oct 15 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24637]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24971]: Invalid user test from 129.212.181.5
Oct 15 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24971]: input_userauth_request: invalid user test [preauth]
Oct 15 09:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24971]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24971]: Failed password for invalid user test from 129.212.181.5 port 55008 ssh2
Oct 15 09:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24971]: Connection closed by 129.212.181.5 port 55008 [preauth]
Oct 15 09:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: Invalid user lana from 220.247.224.226
Oct 15 09:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: input_userauth_request: invalid user lana [preauth]
Oct 15 09:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 09:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: Invalid user dev from 129.212.181.5
Oct 15 09:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: input_userauth_request: invalid user dev [preauth]
Oct 15 09:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Invalid user shree from 185.213.164.162
Oct 15 09:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: input_userauth_request: invalid user shree [preauth]
Oct 15 09:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162
Oct 15 09:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: Failed password for invalid user lana from 220.247.224.226 port 65076 ssh2
Oct 15 09:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: Received disconnect from 220.247.224.226 port 65076:11: Bye Bye [preauth]
Oct 15 09:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: Disconnected from 220.247.224.226 port 65076 [preauth]
Oct 15 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: Failed password for invalid user dev from 129.212.181.5 port 55034 ssh2
Oct 15 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: Connection closed by 129.212.181.5 port 55034 [preauth]
Oct 15 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Failed password for invalid user shree from 185.213.164.162 port 60380 ssh2
Oct 15 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Received disconnect from 185.213.164.162 port 60380:11: Bye Bye [preauth]
Oct 15 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Disconnected from 185.213.164.162 port 60380 [preauth]
Oct 15 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25004]: Invalid user dspace from 129.212.181.5
Oct 15 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25004]: input_userauth_request: invalid user dspace [preauth]
Oct 15 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25004]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25006]: Invalid user user_1 from 107.150.110.167
Oct 15 09:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25006]: input_userauth_request: invalid user user_1 [preauth]
Oct 15 09:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25006]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 09:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25004]: Failed password for invalid user dspace from 129.212.181.5 port 49522 ssh2
Oct 15 09:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25004]: Connection closed by 129.212.181.5 port 49522 [preauth]
Oct 15 09:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25006]: Failed password for invalid user user_1 from 107.150.110.167 port 26644 ssh2
Oct 15 09:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25006]: Received disconnect from 107.150.110.167 port 26644:11: Bye Bye [preauth]
Oct 15 09:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25006]: Disconnected from 107.150.110.167 port 26644 [preauth]
Oct 15 09:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25025]: Invalid user app from 129.212.181.5
Oct 15 09:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25025]: input_userauth_request: invalid user app [preauth]
Oct 15 09:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25025]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25023]: Invalid user pi from 196.251.84.181
Oct 15 09:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25023]: input_userauth_request: invalid user pi [preauth]
Oct 15 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25023]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25025]: Failed password for invalid user app from 129.212.181.5 port 49532 ssh2
Oct 15 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25025]: Connection closed by 129.212.181.5 port 49532 [preauth]
Oct 15 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25023]: Failed password for invalid user pi from 196.251.84.181 port 53134 ssh2
Oct 15 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25041]: Invalid user hadoop from 129.212.181.5
Oct 15 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25041]: input_userauth_request: invalid user hadoop [preauth]
Oct 15 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25023]: Connection closed by 196.251.84.181 port 53134 [preauth]
Oct 15 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25041]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25041]: Failed password for invalid user hadoop from 129.212.181.5 port 49538 ssh2
Oct 15 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25041]: Connection closed by 129.212.181.5 port 49538 [preauth]
Oct 15 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: Invalid user artin from 69.166.235.169
Oct 15 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: input_userauth_request: invalid user artin [preauth]
Oct 15 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: Invalid user steam from 129.212.181.5
Oct 15 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: input_userauth_request: invalid user steam [preauth]
Oct 15 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25059]: Invalid user aman from 37.120.247.100
Oct 15 09:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25059]: input_userauth_request: invalid user aman [preauth]
Oct 15 09:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25059]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: Failed password for invalid user artin from 69.166.235.169 port 50714 ssh2
Oct 15 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: Received disconnect from 69.166.235.169 port 50714:11: Bye Bye [preauth]
Oct 15 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25055]: Disconnected from 69.166.235.169 port 50714 [preauth]
Oct 15 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: Failed password for invalid user steam from 129.212.181.5 port 44266 ssh2
Oct 15 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: Connection closed by 129.212.181.5 port 44266 [preauth]
Oct 15 09:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25059]: Failed password for invalid user aman from 37.120.247.100 port 35046 ssh2
Oct 15 09:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25059]: Received disconnect from 37.120.247.100 port 35046:11: Bye Bye [preauth]
Oct 15 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25059]: Disconnected from 37.120.247.100 port 35046 [preauth]
Oct 15 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23114]: pam_unix(cron:session): session closed for user root
Oct 15 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25085]: Invalid user myvision from 95.111.254.160
Oct 15 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25085]: input_userauth_request: invalid user myvision [preauth]
Oct 15 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25085]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 09:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25087]: Failed password for root from 129.212.181.5 port 44280 ssh2
Oct 15 09:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25087]: Connection closed by 129.212.181.5 port 44280 [preauth]
Oct 15 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25085]: Failed password for invalid user myvision from 95.111.254.160 port 38150 ssh2
Oct 15 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25085]: Received disconnect from 95.111.254.160 port 38150:11: Bye Bye [preauth]
Oct 15 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25085]: Disconnected from 95.111.254.160 port 38150 [preauth]
Oct 15 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25119]: Invalid user iksi from 103.154.77.2
Oct 15 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25119]: input_userauth_request: invalid user iksi [preauth]
Oct 15 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25119]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2
Oct 15 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25123]: Invalid user printer from 185.216.117.150
Oct 15 09:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25123]: input_userauth_request: invalid user printer [preauth]
Oct 15 09:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25123]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 09:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25121]: Failed password for root from 129.212.181.5 port 44284 ssh2
Oct 15 09:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25121]: Connection closed by 129.212.181.5 port 44284 [preauth]
Oct 15 09:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25119]: Failed password for invalid user iksi from 103.154.77.2 port 58532 ssh2
Oct 15 09:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25119]: Received disconnect from 103.154.77.2 port 58532:11: Bye Bye [preauth]
Oct 15 09:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25119]: Disconnected from 103.154.77.2 port 58532 [preauth]
Oct 15 09:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: Invalid user odoo18 from 129.212.181.5
Oct 15 09:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: input_userauth_request: invalid user odoo18 [preauth]
Oct 15 09:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25123]: Failed password for invalid user printer from 185.216.117.150 port 50526 ssh2
Oct 15 09:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25123]: Received disconnect from 185.216.117.150 port 50526:11: Bye Bye [preauth]
Oct 15 09:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25123]: Disconnected from 185.216.117.150 port 50526 [preauth]
Oct 15 09:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: Failed password for invalid user odoo18 from 129.212.181.5 port 56942 ssh2
Oct 15 09:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25138]: Connection closed by 129.212.181.5 port 56942 [preauth]
Oct 15 09:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25167]: Invalid user developer from 129.212.181.5
Oct 15 09:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25167]: input_userauth_request: invalid user developer [preauth]
Oct 15 09:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25167]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25167]: Failed password for invalid user developer from 129.212.181.5 port 56948 ssh2
Oct 15 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25167]: Connection closed by 129.212.181.5 port 56948 [preauth]
Oct 15 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Invalid user bot from 129.212.181.5
Oct 15 09:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: input_userauth_request: invalid user bot [preauth]
Oct 15 09:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Invalid user ke from 195.250.72.168
Oct 15 09:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: input_userauth_request: invalid user ke [preauth]
Oct 15 09:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Failed password for invalid user bot from 129.212.181.5 port 56952 ssh2
Oct 15 09:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Connection closed by 129.212.181.5 port 56952 [preauth]
Oct 15 09:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Failed password for invalid user ke from 195.250.72.168 port 58650 ssh2
Oct 15 09:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25149]: Connection closed by 38.57.235.240 port 38454 [preauth]
Oct 15 09:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Received disconnect from 195.250.72.168 port 58650:11: Bye Bye [preauth]
Oct 15 09:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Disconnected from 195.250.72.168 port 58650 [preauth]
Oct 15 09:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25191]: Invalid user esearch from 129.212.181.5
Oct 15 09:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25191]: input_userauth_request: invalid user esearch [preauth]
Oct 15 09:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25191]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25191]: Failed password for invalid user esearch from 129.212.181.5 port 56304 ssh2
Oct 15 09:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25191]: Connection closed by 129.212.181.5 port 56304 [preauth]
Oct 15 09:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Invalid user deployer from 129.212.181.5
Oct 15 09:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: input_userauth_request: invalid user deployer [preauth]
Oct 15 09:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Failed password for invalid user deployer from 129.212.181.5 port 56320 ssh2
Oct 15 09:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Connection closed by 129.212.181.5 port 56320 [preauth]
Oct 15 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25233]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25232]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25222]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25226]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25559]: Invalid user compiler from 103.82.37.34
Oct 15 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25559]: input_userauth_request: invalid user compiler [preauth]
Oct 15 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25559]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25629]: Successful su for rubyman by root
Oct 15 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25629]: + ??? root:rubyman
Oct 15 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25629]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416953 of user rubyman.
Oct 15 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25629]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416953.
Oct 15 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: Failed password for root from 129.212.181.5 port 56350 ssh2
Oct 15 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25521]: Connection closed by 129.212.181.5 port 56350 [preauth]
Oct 15 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: Invalid user guest from 160.174.129.232
Oct 15 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: input_userauth_request: invalid user guest [preauth]
Oct 15 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25222]: pam_unix(cron:session): session closed for user root
Oct 15 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25559]: Failed password for invalid user compiler from 103.82.37.34 port 60400 ssh2
Oct 15 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: Invalid user runner from 129.212.181.5
Oct 15 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: input_userauth_request: invalid user runner [preauth]
Oct 15 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25559]: Received disconnect from 103.82.37.34 port 60400:11: Bye Bye [preauth]
Oct 15 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25559]: Disconnected from 103.82.37.34 port 60400 [preauth]
Oct 15 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: Failed password for invalid user guest from 160.174.129.232 port 49797 ssh2
Oct 15 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: Received disconnect from 160.174.129.232 port 49797:11: Bye Bye [preauth]
Oct 15 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25624]: Disconnected from 160.174.129.232 port 49797 [preauth]
Oct 15 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: Failed password for invalid user runner from 129.212.181.5 port 60242 ssh2
Oct 15 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: Connection closed by 129.212.181.5 port 60242 [preauth]
Oct 15 09:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25705]: Invalid user pi from 196.251.84.181
Oct 15 09:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25705]: input_userauth_request: invalid user pi [preauth]
Oct 15 09:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: Invalid user debian from 129.212.181.5
Oct 15 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: input_userauth_request: invalid user debian [preauth]
Oct 15 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25705]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: Failed password for invalid user debian from 129.212.181.5 port 60258 ssh2
Oct 15 09:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: Connection closed by 129.212.181.5 port 60258 [preauth]
Oct 15 09:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21148]: pam_unix(cron:session): session closed for user root
Oct 15 09:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25705]: Failed password for invalid user pi from 196.251.84.181 port 52120 ssh2
Oct 15 09:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25705]: Connection closed by 196.251.84.181 port 52120 [preauth]
Oct 15 09:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: Invalid user grid from 129.212.181.5
Oct 15 09:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: input_userauth_request: invalid user grid [preauth]
Oct 15 09:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: Failed password for invalid user grid from 129.212.181.5 port 60260 ssh2
Oct 15 09:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25916]: Connection closed by 129.212.181.5 port 60260 [preauth]
Oct 15 09:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25937]: Invalid user g from 129.212.181.5
Oct 15 09:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25937]: input_userauth_request: invalid user g [preauth]
Oct 15 09:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25937]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25938]: Invalid user copia from 51.161.32.24
Oct 15 09:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25938]: input_userauth_request: invalid user copia [preauth]
Oct 15 09:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25938]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24
Oct 15 09:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25937]: Failed password for invalid user g from 129.212.181.5 port 43262 ssh2
Oct 15 09:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25937]: Connection closed by 129.212.181.5 port 43262 [preauth]
Oct 15 09:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25938]: Failed password for invalid user copia from 51.161.32.24 port 43370 ssh2
Oct 15 09:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25938]: Received disconnect from 51.161.32.24 port 43370:11: Bye Bye [preauth]
Oct 15 09:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25938]: Disconnected from 51.161.32.24 port 43370 [preauth]
Oct 15 09:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: Invalid user git from 129.212.181.5
Oct 15 09:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: input_userauth_request: invalid user git [preauth]
Oct 15 09:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25227]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: Failed password for invalid user git from 129.212.181.5 port 43276 ssh2
Oct 15 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25978]: Connection closed by 129.212.181.5 port 43276 [preauth]
Oct 15 09:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: Failed password for root from 129.212.181.5 port 43306 ssh2
Oct 15 09:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: Connection closed by 129.212.181.5 port 43306 [preauth]
Oct 15 09:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: Failed password for root from 129.212.181.5 port 58140 ssh2
Oct 15 09:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: Connection closed by 129.212.181.5 port 58140 [preauth]
Oct 15 09:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: Failed password for root from 129.212.181.5 port 58154 ssh2
Oct 15 09:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: Connection closed by 129.212.181.5 port 58154 [preauth]
Oct 15 09:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: Invalid user odoo from 129.212.181.5
Oct 15 09:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: input_userauth_request: invalid user odoo [preauth]
Oct 15 09:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: Failed password for invalid user odoo from 129.212.181.5 port 58162 ssh2
Oct 15 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26046]: Connection closed by 129.212.181.5 port 58162 [preauth]
Oct 15 09:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: Failed password for root from 129.212.181.5 port 58810 ssh2
Oct 15 09:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26048]: Connection closed by 129.212.181.5 port 58810 [preauth]
Oct 15 09:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24027]: pam_unix(cron:session): session closed for user root
Oct 15 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26076]: Invalid user master from 129.212.181.5
Oct 15 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26076]: input_userauth_request: invalid user master [preauth]
Oct 15 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26076]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26076]: Failed password for invalid user master from 129.212.181.5 port 58824 ssh2
Oct 15 09:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26076]: Connection closed by 129.212.181.5 port 58824 [preauth]
Oct 15 09:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: Invalid user oracle from 129.212.181.5
Oct 15 09:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: input_userauth_request: invalid user oracle [preauth]
Oct 15 09:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: Failed password for invalid user oracle from 129.212.181.5 port 58836 ssh2
Oct 15 09:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: Connection closed by 129.212.181.5 port 58836 [preauth]
Oct 15 09:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: Invalid user www from 129.212.181.5
Oct 15 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: input_userauth_request: invalid user www [preauth]
Oct 15 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: Invalid user sachin from 46.25.236.192
Oct 15 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: input_userauth_request: invalid user sachin [preauth]
Oct 15 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
Oct 15 09:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: Invalid user omar from 107.150.110.167
Oct 15 09:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: input_userauth_request: invalid user omar [preauth]
Oct 15 09:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: Failed password for invalid user www from 129.212.181.5 port 60406 ssh2
Oct 15 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: Connection closed by 129.212.181.5 port 60406 [preauth]
Oct 15 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: Failed password for invalid user sachin from 46.25.236.192 port 46912 ssh2
Oct 15 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: Received disconnect from 46.25.236.192 port 46912:11: Bye Bye [preauth]
Oct 15 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: Disconnected from 46.25.236.192 port 46912 [preauth]
Oct 15 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26103]: Invalid user pi from 196.251.84.181
Oct 15 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26103]: input_userauth_request: invalid user pi [preauth]
Oct 15 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: Failed password for invalid user omar from 107.150.110.167 port 58902 ssh2
Oct 15 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: Received disconnect from 107.150.110.167 port 58902:11: Bye Bye [preauth]
Oct 15 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: Disconnected from 107.150.110.167 port 58902 [preauth]
Oct 15 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26103]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26103]: Failed password for invalid user pi from 196.251.84.181 port 51176 ssh2
Oct 15 09:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: Failed password for root from 129.212.181.5 port 60436 ssh2
Oct 15 09:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26103]: Connection closed by 196.251.84.181 port 51176 [preauth]
Oct 15 09:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26126]: Connection closed by 129.212.181.5 port 60436 [preauth]
Oct 15 09:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: Invalid user guest from 129.212.181.5
Oct 15 09:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: input_userauth_request: invalid user guest [preauth]
Oct 15 09:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: Failed password for invalid user guest from 129.212.181.5 port 60446 ssh2
Oct 15 09:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: Connection closed by 129.212.181.5 port 60446 [preauth]
Oct 15 09:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26148]: Invalid user admin from 129.212.181.5
Oct 15 09:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26148]: input_userauth_request: invalid user admin [preauth]
Oct 15 09:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26148]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26146]: Invalid user ftpuser from 185.213.164.162
Oct 15 09:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26146]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 09:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26146]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162
Oct 15 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26148]: Failed password for invalid user admin from 129.212.181.5 port 54292 ssh2
Oct 15 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26148]: Connection closed by 129.212.181.5 port 54292 [preauth]
Oct 15 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26146]: Failed password for invalid user ftpuser from 185.213.164.162 port 58858 ssh2
Oct 15 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26146]: Received disconnect from 185.213.164.162 port 58858:11: Bye Bye [preauth]
Oct 15 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26146]: Disconnected from 185.213.164.162 port 58858 [preauth]
Oct 15 09:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26150]: Failed password for root from 129.212.181.5 port 54306 ssh2
Oct 15 09:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26150]: Connection closed by 129.212.181.5 port 54306 [preauth]
Oct 15 09:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: Invalid user test from 37.120.247.100
Oct 15 09:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: input_userauth_request: invalid user test [preauth]
Oct 15 09:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Invalid user gs from 220.247.224.226
Oct 15 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: input_userauth_request: invalid user gs [preauth]
Oct 15 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: Invalid user postgres from 129.212.181.5
Oct 15 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: input_userauth_request: invalid user postgres [preauth]
Oct 15 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26176]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26177]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26173]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26174]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26177]: pam_unix(cron:session): session closed for user root
Oct 15 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26171]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: Failed password for invalid user test from 37.120.247.100 port 37626 ssh2
Oct 15 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: Received disconnect from 37.120.247.100 port 37626:11: Bye Bye [preauth]
Oct 15 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: Disconnected from 37.120.247.100 port 37626 [preauth]
Oct 15 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Failed password for invalid user gs from 220.247.224.226 port 11895 ssh2
Oct 15 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Received disconnect from 220.247.224.226 port 11895:11: Bye Bye [preauth]
Oct 15 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Disconnected from 220.247.224.226 port 11895 [preauth]
Oct 15 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: Failed password for invalid user postgres from 129.212.181.5 port 54312 ssh2
Oct 15 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26168]: Connection closed by 129.212.181.5 port 54312 [preauth]
Oct 15 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26258]: Successful su for rubyman by root
Oct 15 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26258]: + ??? root:rubyman
Oct 15 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416957 of user rubyman.
Oct 15 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26258]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416957.
Oct 15 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: Invalid user user2 from 129.212.181.5
Oct 15 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: input_userauth_request: invalid user user2 [preauth]
Oct 15 09:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: Failed password for invalid user user2 from 129.212.181.5 port 37076 ssh2
Oct 15 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: Connection closed by 129.212.181.5 port 37076 [preauth]
Oct 15 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26397]: Invalid user bigdata from 129.212.181.5
Oct 15 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26397]: input_userauth_request: invalid user bigdata [preauth]
Oct 15 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26397]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26397]: Failed password for invalid user bigdata from 129.212.181.5 port 37082 ssh2
Oct 15 09:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26397]: Connection closed by 129.212.181.5 port 37082 [preauth]
Oct 15 09:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26173]: pam_unix(cron:session): session closed for user root
Oct 15 09:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21701]: pam_unix(cron:session): session closed for user root
Oct 15 09:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: Invalid user kelvin from 103.154.77.2
Oct 15 09:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: input_userauth_request: invalid user kelvin [preauth]
Oct 15 09:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2
Oct 15 09:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: Invalid user es from 129.212.181.5
Oct 15 09:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: input_userauth_request: invalid user es [preauth]
Oct 15 09:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: Failed password for invalid user kelvin from 103.154.77.2 port 33038 ssh2
Oct 15 09:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: Received disconnect from 103.154.77.2 port 33038:11: Bye Bye [preauth]
Oct 15 09:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26514]: Disconnected from 103.154.77.2 port 33038 [preauth]
Oct 15 09:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: Failed password for invalid user es from 129.212.181.5 port 37090 ssh2
Oct 15 09:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: Connection closed by 129.212.181.5 port 37090 [preauth]
Oct 15 09:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160  user=root
Oct 15 09:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26597]: Invalid user admin from 185.216.117.150
Oct 15 09:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26597]: input_userauth_request: invalid user admin [preauth]
Oct 15 09:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26597]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 09:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169  user=root
Oct 15 09:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168  user=root
Oct 15 09:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26591]: Failed password for root from 95.111.254.160 port 52774 ssh2
Oct 15 09:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26591]: Received disconnect from 95.111.254.160 port 52774:11: Bye Bye [preauth]
Oct 15 09:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26591]: Disconnected from 95.111.254.160 port 52774 [preauth]
Oct 15 09:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26599]: Failed password for root from 129.212.181.5 port 37612 ssh2
Oct 15 09:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26599]: Connection closed by 129.212.181.5 port 37612 [preauth]
Oct 15 09:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26597]: Failed password for invalid user admin from 185.216.117.150 port 57312 ssh2
Oct 15 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Failed password for root from 69.166.235.169 port 50882 ssh2
Oct 15 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Received disconnect from 69.166.235.169 port 50882:11: Bye Bye [preauth]
Oct 15 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Disconnected from 69.166.235.169 port 50882 [preauth]
Oct 15 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26597]: Received disconnect from 185.216.117.150 port 57312:11: Bye Bye [preauth]
Oct 15 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26597]: Disconnected from 185.216.117.150 port 57312 [preauth]
Oct 15 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: Failed password for root from 195.250.72.168 port 42996 ssh2
Oct 15 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: Received disconnect from 195.250.72.168 port 42996:11: Bye Bye [preauth]
Oct 15 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: Disconnected from 195.250.72.168 port 42996 [preauth]
Oct 15 09:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: Failed password for root from 129.212.181.5 port 37626 ssh2
Oct 15 09:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26637]: Connection closed by 129.212.181.5 port 37626 [preauth]
Oct 15 09:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26172]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26658]: Failed password for root from 129.212.181.5 port 37636 ssh2
Oct 15 09:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26658]: Connection closed by 129.212.181.5 port 37636 [preauth]
Oct 15 09:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: Invalid user dev from 129.212.181.5
Oct 15 09:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: input_userauth_request: invalid user dev [preauth]
Oct 15 09:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232  user=root
Oct 15 09:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240  user=root
Oct 15 09:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: Failed password for invalid user dev from 129.212.181.5 port 37782 ssh2
Oct 15 09:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: Connection closed by 129.212.181.5 port 37782 [preauth]
Oct 15 09:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26686]: Invalid user pi from 196.251.84.181
Oct 15 09:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26686]: input_userauth_request: invalid user pi [preauth]
Oct 15 09:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26681]: Failed password for root from 160.174.129.232 port 4345 ssh2
Oct 15 09:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26686]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26681]: Received disconnect from 160.174.129.232 port 4345:11: Bye Bye [preauth]
Oct 15 09:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26681]: Disconnected from 160.174.129.232 port 4345 [preauth]
Oct 15 09:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26705]: Invalid user pi from 129.212.181.5
Oct 15 09:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26705]: input_userauth_request: invalid user pi [preauth]
Oct 15 09:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26705]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: Failed password for root from 38.57.235.240 port 43706 ssh2
Oct 15 09:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: Received disconnect from 38.57.235.240 port 43706:11: Bye Bye [preauth]
Oct 15 09:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: Disconnected from 38.57.235.240 port 43706 [preauth]
Oct 15 09:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26705]: Failed password for invalid user pi from 129.212.181.5 port 37788 ssh2
Oct 15 09:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26686]: Failed password for invalid user pi from 196.251.84.181 port 50338 ssh2
Oct 15 09:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26705]: Connection closed by 129.212.181.5 port 37788 [preauth]
Oct 15 09:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26686]: Connection closed by 196.251.84.181 port 50338 [preauth]
Oct 15 09:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26717]: Invalid user git from 129.212.181.5
Oct 15 09:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26717]: input_userauth_request: invalid user git [preauth]
Oct 15 09:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26717]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: Invalid user ndd from 51.161.32.24
Oct 15 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: input_userauth_request: invalid user ndd [preauth]
Oct 15 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24
Oct 15 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26717]: Failed password for invalid user git from 129.212.181.5 port 37800 ssh2
Oct 15 09:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26717]: Connection closed by 129.212.181.5 port 37800 [preauth]
Oct 15 09:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: Invalid user rabbitmq from 103.82.37.34
Oct 15 09:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: input_userauth_request: invalid user rabbitmq [preauth]
Oct 15 09:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: Invalid user git from 129.212.181.5
Oct 15 09:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: input_userauth_request: invalid user git [preauth]
Oct 15 09:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: Failed password for invalid user ndd from 51.161.32.24 port 60382 ssh2
Oct 15 09:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: Received disconnect from 51.161.32.24 port 60382:11: Bye Bye [preauth]
Oct 15 09:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: Disconnected from 51.161.32.24 port 60382 [preauth]
Oct 15 09:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: Failed password for invalid user rabbitmq from 103.82.37.34 port 49254 ssh2
Oct 15 09:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: Received disconnect from 103.82.37.34 port 49254:11: Bye Bye [preauth]
Oct 15 09:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: Disconnected from 103.82.37.34 port 49254 [preauth]
Oct 15 09:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: Failed password for invalid user git from 129.212.181.5 port 46422 ssh2
Oct 15 09:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: Connection closed by 129.212.181.5 port 46422 [preauth]
Oct 15 09:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: Invalid user admin from 129.212.181.5
Oct 15 09:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: input_userauth_request: invalid user admin [preauth]
Oct 15 09:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24641]: pam_unix(cron:session): session closed for user root
Oct 15 09:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: Failed password for invalid user admin from 129.212.181.5 port 46426 ssh2
Oct 15 09:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26772]: Connection closed by 129.212.181.5 port 46426 [preauth]
Oct 15 09:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: Failed password for root from 129.212.181.5 port 46434 ssh2
Oct 15 09:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26798]: Connection closed by 129.212.181.5 port 46434 [preauth]
Oct 15 09:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: Failed password for root from 129.212.181.5 port 40130 ssh2
Oct 15 09:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: Connection closed by 129.212.181.5 port 40130 [preauth]
Oct 15 09:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: Invalid user kafka from 129.212.181.5
Oct 15 09:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: input_userauth_request: invalid user kafka [preauth]
Oct 15 09:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: Failed password for invalid user kafka from 129.212.181.5 port 40150 ssh2
Oct 15 09:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26844]: Connection closed by 129.212.181.5 port 40150 [preauth]
Oct 15 09:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 15 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: Failed password for root from 129.212.181.5 port 40164 ssh2
Oct 15 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26857]: Failed password for root from 185.156.73.233 port 58604 ssh2
Oct 15 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: Connection closed by 129.212.181.5 port 40164 [preauth]
Oct 15 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26857]: Connection closed by 185.156.73.233 port 58604 [preauth]
Oct 15 09:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: Invalid user elasticsearch from 129.212.181.5
Oct 15 09:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: input_userauth_request: invalid user elasticsearch [preauth]
Oct 15 09:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: Failed password for invalid user elasticsearch from 129.212.181.5 port 49338 ssh2
Oct 15 09:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26887]: Connection closed by 129.212.181.5 port 49338 [preauth]
Oct 15 09:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: Failed password for root from 129.212.181.5 port 49364 ssh2
Oct 15 09:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: Connection closed by 129.212.181.5 port 49364 [preauth]
Oct 15 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26919]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26920]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26913]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27131]: Invalid user oscar from 129.212.181.5
Oct 15 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27131]: input_userauth_request: invalid user oscar [preauth]
Oct 15 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27131]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: Invalid user gp from 107.150.110.167
Oct 15 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: input_userauth_request: invalid user gp [preauth]
Oct 15 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27153]: Successful su for rubyman by root
Oct 15 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27153]: + ??? root:rubyman
Oct 15 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27153]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416962 of user rubyman.
Oct 15 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27153]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416962.
Oct 15 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27131]: Failed password for invalid user oscar from 129.212.181.5 port 49396 ssh2
Oct 15 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: Failed password for invalid user gp from 107.150.110.167 port 36160 ssh2
Oct 15 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27131]: Connection closed by 129.212.181.5 port 49396 [preauth]
Oct 15 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: Received disconnect from 107.150.110.167 port 36160:11: Bye Bye [preauth]
Oct 15 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27133]: Disconnected from 107.150.110.167 port 36160 [preauth]
Oct 15 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27249]: Invalid user pi from 196.251.84.181
Oct 15 09:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27249]: input_userauth_request: invalid user pi [preauth]
Oct 15 09:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27245]: Failed password for root from 129.212.181.5 port 55496 ssh2
Oct 15 09:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27245]: Connection closed by 129.212.181.5 port 55496 [preauth]
Oct 15 09:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27249]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27249]: Failed password for invalid user pi from 196.251.84.181 port 49254 ssh2
Oct 15 09:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27249]: Connection closed by 196.251.84.181 port 49254 [preauth]
Oct 15 09:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: Failed password for root from 129.212.181.5 port 55506 ssh2
Oct 15 09:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: Connection closed by 129.212.181.5 port 55506 [preauth]
Oct 15 09:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: Invalid user user from 129.212.181.5
Oct 15 09:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: input_userauth_request: invalid user user [preauth]
Oct 15 09:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22222]: pam_unix(cron:session): session closed for user root
Oct 15 09:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: Failed password for invalid user user from 129.212.181.5 port 55518 ssh2
Oct 15 09:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: Connection closed by 129.212.181.5 port 55518 [preauth]
Oct 15 09:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27398]: Invalid user dmdba from 129.212.181.5
Oct 15 09:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27398]: input_userauth_request: invalid user dmdba [preauth]
Oct 15 09:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27398]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27398]: Failed password for invalid user dmdba from 129.212.181.5 port 55660 ssh2
Oct 15 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27398]: Connection closed by 129.212.181.5 port 55660 [preauth]
Oct 15 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26916]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27420]: Invalid user admin from 129.212.181.5
Oct 15 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27420]: input_userauth_request: invalid user admin [preauth]
Oct 15 09:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27420]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100  user=root
Oct 15 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27420]: Failed password for invalid user admin from 129.212.181.5 port 55674 ssh2
Oct 15 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27420]: Connection closed by 129.212.181.5 port 55674 [preauth]
Oct 15 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27446]: Invalid user teamspeak from 129.212.181.5
Oct 15 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27446]: input_userauth_request: invalid user teamspeak [preauth]
Oct 15 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27446]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: Failed password for root from 37.120.247.100 port 47934 ssh2
Oct 15 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: Received disconnect from 37.120.247.100 port 47934:11: Bye Bye [preauth]
Oct 15 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27437]: Disconnected from 37.120.247.100 port 47934 [preauth]
Oct 15 09:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27446]: Failed password for invalid user teamspeak from 129.212.181.5 port 55678 ssh2
Oct 15 09:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27446]: Connection closed by 129.212.181.5 port 55678 [preauth]
Oct 15 09:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Invalid user zain from 185.213.164.162
Oct 15 09:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: input_userauth_request: invalid user zain [preauth]
Oct 15 09:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162
Oct 15 09:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: Invalid user server from 129.212.181.5
Oct 15 09:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: input_userauth_request: invalid user server [preauth]
Oct 15 09:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Failed password for invalid user zain from 185.213.164.162 port 51394 ssh2
Oct 15 09:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Received disconnect from 185.213.164.162 port 51394:11: Bye Bye [preauth]
Oct 15 09:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Disconnected from 185.213.164.162 port 51394 [preauth]
Oct 15 09:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: Failed password for invalid user server from 129.212.181.5 port 53788 ssh2
Oct 15 09:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27464]: Connection closed by 129.212.181.5 port 53788 [preauth]
Oct 15 09:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Invalid user postgres from 129.212.181.5
Oct 15 09:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: input_userauth_request: invalid user postgres [preauth]
Oct 15 09:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Failed password for invalid user postgres from 129.212.181.5 port 53796 ssh2
Oct 15 09:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27488]: Connection closed by 129.212.181.5 port 53796 [preauth]
Oct 15 09:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27505]: Invalid user server from 129.212.181.5
Oct 15 09:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27505]: input_userauth_request: invalid user server [preauth]
Oct 15 09:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27505]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27511]: Invalid user gp from 220.247.224.226
Oct 15 09:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27511]: input_userauth_request: invalid user gp [preauth]
Oct 15 09:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27511]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 09:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27505]: Failed password for invalid user server from 129.212.181.5 port 53812 ssh2
Oct 15 09:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27505]: Connection closed by 129.212.181.5 port 53812 [preauth]
Oct 15 09:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27511]: Failed password for invalid user gp from 220.247.224.226 port 5660 ssh2
Oct 15 09:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27511]: Received disconnect from 220.247.224.226 port 5660:11: Bye Bye [preauth]
Oct 15 09:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27511]: Disconnected from 220.247.224.226 port 5660 [preauth]
Oct 15 09:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27515]: Failed password for root from 129.212.181.5 port 60744 ssh2
Oct 15 09:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27515]: Connection closed by 129.212.181.5 port 60744 [preauth]
Oct 15 09:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: User lp from 103.154.77.2 not allowed because not listed in AllowUsers
Oct 15 09:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: input_userauth_request: invalid user lp [preauth]
Oct 15 09:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2  user=lp
Oct 15 09:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25233]: pam_unix(cron:session): session closed for user root
Oct 15 09:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27704]: Invalid user asterisk from 129.212.181.5
Oct 15 09:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27704]: input_userauth_request: invalid user asterisk [preauth]
Oct 15 09:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27704]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: Failed password for invalid user lp from 103.154.77.2 port 35776 ssh2
Oct 15 09:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: Invalid user hero from 195.250.72.168
Oct 15 09:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: input_userauth_request: invalid user hero [preauth]
Oct 15 09:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: Received disconnect from 103.154.77.2 port 35776:11: Bye Bye [preauth]
Oct 15 09:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: Disconnected from 103.154.77.2 port 35776 [preauth]
Oct 15 09:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27704]: Failed password for invalid user asterisk from 129.212.181.5 port 60772 ssh2
Oct 15 09:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27704]: Connection closed by 129.212.181.5 port 60772 [preauth]
Oct 15 09:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: Invalid user odoo from 95.111.254.160
Oct 15 09:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: input_userauth_request: invalid user odoo [preauth]
Oct 15 09:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 09:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: Failed password for invalid user hero from 195.250.72.168 port 34116 ssh2
Oct 15 09:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: Received disconnect from 195.250.72.168 port 34116:11: Bye Bye [preauth]
Oct 15 09:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27725]: Disconnected from 195.250.72.168 port 34116 [preauth]
Oct 15 09:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: Failed password for invalid user odoo from 95.111.254.160 port 39402 ssh2
Oct 15 09:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: Received disconnect from 95.111.254.160 port 39402:11: Bye Bye [preauth]
Oct 15 09:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: Disconnected from 95.111.254.160 port 39402 [preauth]
Oct 15 09:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Failed password for root from 129.212.181.5 port 60786 ssh2
Oct 15 09:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Connection closed by 129.212.181.5 port 60786 [preauth]
Oct 15 09:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: Invalid user ubuntu from 160.174.129.232
Oct 15 09:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 09:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: Invalid user postgres from 129.212.181.5
Oct 15 09:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: input_userauth_request: invalid user postgres [preauth]
Oct 15 09:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: Invalid user oracle from 196.251.84.181
Oct 15 09:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: input_userauth_request: invalid user oracle [preauth]
Oct 15 09:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: Failed password for invalid user ubuntu from 160.174.129.232 port 53972 ssh2
Oct 15 09:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27862]: Invalid user user from 185.216.117.150
Oct 15 09:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27862]: input_userauth_request: invalid user user [preauth]
Oct 15 09:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27862]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 09:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: Received disconnect from 160.174.129.232 port 53972:11: Bye Bye [preauth]
Oct 15 09:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: Disconnected from 160.174.129.232 port 53972 [preauth]
Oct 15 09:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: Failed password for invalid user postgres from 129.212.181.5 port 46624 ssh2
Oct 15 09:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: Connection closed by 129.212.181.5 port 46624 [preauth]
Oct 15 09:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24  user=root
Oct 15 09:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27862]: Failed password for invalid user user from 185.216.117.150 port 42082 ssh2
Oct 15 09:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27862]: Received disconnect from 185.216.117.150 port 42082:11: Bye Bye [preauth]
Oct 15 09:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27862]: Disconnected from 185.216.117.150 port 42082 [preauth]
Oct 15 09:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: Failed password for invalid user oracle from 196.251.84.181 port 48246 ssh2
Oct 15 09:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: Connection closed by 196.251.84.181 port 48246 [preauth]
Oct 15 09:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: Invalid user basit from 129.212.181.5
Oct 15 09:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: input_userauth_request: invalid user basit [preauth]
Oct 15 09:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: Failed password for root from 51.161.32.24 port 36518 ssh2
Oct 15 09:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: Received disconnect from 51.161.32.24 port 36518:11: Bye Bye [preauth]
Oct 15 09:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: Disconnected from 51.161.32.24 port 36518 [preauth]
Oct 15 09:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: Failed password for invalid user basit from 129.212.181.5 port 46634 ssh2
Oct 15 09:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: Connection closed by 129.212.181.5 port 46634 [preauth]
Oct 15 09:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.124.122  user=root
Oct 15 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27902]: Invalid user user from 129.212.181.5
Oct 15 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27902]: input_userauth_request: invalid user user [preauth]
Oct 15 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27902]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: Invalid user kafka from 69.166.235.169
Oct 15 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: input_userauth_request: invalid user kafka [preauth]
Oct 15 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: Failed password for root from 158.51.124.122 port 37214 ssh2
Oct 15 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: Received disconnect from 158.51.124.122 port 37214:11: Bye Bye [preauth]
Oct 15 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: Disconnected from 158.51.124.122 port 37214 [preauth]
Oct 15 09:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27902]: Failed password for invalid user user from 129.212.181.5 port 46646 ssh2
Oct 15 09:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27902]: Connection closed by 129.212.181.5 port 46646 [preauth]
Oct 15 09:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: Failed password for invalid user kafka from 69.166.235.169 port 51050 ssh2
Oct 15 09:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: Received disconnect from 69.166.235.169 port 51050:11: Bye Bye [preauth]
Oct 15 09:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: Disconnected from 69.166.235.169 port 51050 [preauth]
Oct 15 09:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: Invalid user ftpuser from 129.212.181.5
Oct 15 09:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 09:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: Failed password for invalid user ftpuser from 129.212.181.5 port 51680 ssh2
Oct 15 09:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: Connection closed by 129.212.181.5 port 51680 [preauth]
Oct 15 09:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: Invalid user dolphinscheduler from 129.212.181.5
Oct 15 09:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: input_userauth_request: invalid user dolphinscheduler [preauth]
Oct 15 09:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: Failed password for invalid user dolphinscheduler from 129.212.181.5 port 51684 ssh2
Oct 15 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: Connection closed by 129.212.181.5 port 51684 [preauth]
Oct 15 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27938]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27934]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27936]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27935]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27934]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240  user=root
Oct 15 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: Invalid user odoo16 from 129.212.181.5
Oct 15 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: input_userauth_request: invalid user odoo16 [preauth]
Oct 15 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28027]: Successful su for rubyman by root
Oct 15 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28027]: + ??? root:rubyman
Oct 15 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416966 of user rubyman.
Oct 15 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28027]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416966.
Oct 15 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Invalid user es from 103.82.37.34
Oct 15 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: input_userauth_request: invalid user es [preauth]
Oct 15 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: Failed password for root from 38.57.235.240 port 48958 ssh2
Oct 15 09:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: Received disconnect from 38.57.235.240 port 48958:11: Bye Bye [preauth]
Oct 15 09:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: Disconnected from 38.57.235.240 port 48958 [preauth]
Oct 15 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: Failed password for invalid user odoo16 from 129.212.181.5 port 51686 ssh2
Oct 15 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: Connection closed by 129.212.181.5 port 51686 [preauth]
Oct 15 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Failed password for invalid user es from 103.82.37.34 port 35374 ssh2
Oct 15 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Received disconnect from 103.82.37.34 port 35374:11: Bye Bye [preauth]
Oct 15 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Disconnected from 103.82.37.34 port 35374 [preauth]
Oct 15 09:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28102]: Invalid user centos from 129.212.181.5
Oct 15 09:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28102]: input_userauth_request: invalid user centos [preauth]
Oct 15 09:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28102]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28102]: Failed password for invalid user centos from 129.212.181.5 port 36624 ssh2
Oct 15 09:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28102]: Connection closed by 129.212.181.5 port 36624 [preauth]
Oct 15 09:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23113]: pam_unix(cron:session): session closed for user root
Oct 15 09:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28190]: Failed password for root from 129.212.181.5 port 36634 ssh2
Oct 15 09:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28190]: Connection closed by 129.212.181.5 port 36634 [preauth]
Oct 15 09:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: Failed password for root from 129.212.181.5 port 36644 ssh2
Oct 15 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28232]: Connection closed by 129.212.181.5 port 36644 [preauth]
Oct 15 09:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27904]: Connection closed by 46.25.236.192 port 44670 [preauth]
Oct 15 09:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: Failed password for root from 129.212.181.5 port 39012 ssh2
Oct 15 09:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28253]: Connection closed by 129.212.181.5 port 39012 [preauth]
Oct 15 09:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27935]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: Invalid user o2 from 107.150.110.167
Oct 15 09:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: input_userauth_request: invalid user o2 [preauth]
Oct 15 09:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 09:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: Failed password for invalid user o2 from 107.150.110.167 port 13422 ssh2
Oct 15 09:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: Received disconnect from 107.150.110.167 port 13422:11: Bye Bye [preauth]
Oct 15 09:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: Disconnected from 107.150.110.167 port 13422 [preauth]
Oct 15 09:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: Failed password for root from 129.212.181.5 port 39016 ssh2
Oct 15 09:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: Connection closed by 129.212.181.5 port 39016 [preauth]
Oct 15 09:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: Invalid user appuser from 129.212.181.5
Oct 15 09:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: input_userauth_request: invalid user appuser [preauth]
Oct 15 09:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: Failed password for invalid user appuser from 129.212.181.5 port 39028 ssh2
Oct 15 09:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: Connection closed by 129.212.181.5 port 39028 [preauth]
Oct 15 09:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: Invalid user oracle from 196.251.84.181
Oct 15 09:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: input_userauth_request: invalid user oracle [preauth]
Oct 15 09:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28311]: Failed password for root from 129.212.181.5 port 47944 ssh2
Oct 15 09:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28311]: Connection closed by 129.212.181.5 port 47944 [preauth]
Oct 15 09:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: Failed password for invalid user oracle from 196.251.84.181 port 46770 ssh2
Oct 15 09:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28309]: Connection closed by 196.251.84.181 port 46770 [preauth]
Oct 15 09:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: Invalid user postgres from 129.212.181.5
Oct 15 09:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: input_userauth_request: invalid user postgres [preauth]
Oct 15 09:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: Failed password for invalid user postgres from 129.212.181.5 port 47948 ssh2
Oct 15 09:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: Connection closed by 129.212.181.5 port 47948 [preauth]
Oct 15 09:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28349]: Invalid user docker from 129.212.181.5
Oct 15 09:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28349]: input_userauth_request: invalid user docker [preauth]
Oct 15 09:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28349]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28349]: Failed password for invalid user docker from 129.212.181.5 port 47964 ssh2
Oct 15 09:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28349]: Connection closed by 129.212.181.5 port 47964 [preauth]
Oct 15 09:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: Invalid user rancher from 129.212.181.5
Oct 15 09:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: input_userauth_request: invalid user rancher [preauth]
Oct 15 09:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: Failed password for invalid user rancher from 129.212.181.5 port 42998 ssh2
Oct 15 09:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28360]: Connection closed by 129.212.181.5 port 42998 [preauth]
Oct 15 09:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: Invalid user ftpuser from 129.212.181.5
Oct 15 09:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 09:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: Failed password for invalid user ftpuser from 129.212.181.5 port 43010 ssh2
Oct 15 09:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28379]: Connection closed by 129.212.181.5 port 43010 [preauth]
Oct 15 09:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26176]: pam_unix(cron:session): session closed for user root
Oct 15 09:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: Invalid user dev from 129.212.181.5
Oct 15 09:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: input_userauth_request: invalid user dev [preauth]
Oct 15 09:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: Failed password for invalid user dev from 129.212.181.5 port 43026 ssh2
Oct 15 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: Connection closed by 129.212.181.5 port 43026 [preauth]
Oct 15 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Invalid user deploy from 129.212.181.5
Oct 15 09:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: input_userauth_request: invalid user deploy [preauth]
Oct 15 09:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28415]: Invalid user bobi from 37.120.247.100
Oct 15 09:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28415]: input_userauth_request: invalid user bobi [preauth]
Oct 15 09:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28415]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 09:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Failed password for invalid user deploy from 129.212.181.5 port 58964 ssh2
Oct 15 09:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28415]: Failed password for invalid user bobi from 37.120.247.100 port 55014 ssh2
Oct 15 09:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Connection closed by 129.212.181.5 port 58964 [preauth]
Oct 15 09:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28415]: Received disconnect from 37.120.247.100 port 55014:11: Bye Bye [preauth]
Oct 15 09:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28415]: Disconnected from 37.120.247.100 port 55014 [preauth]
Oct 15 09:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Failed password for root from 129.212.181.5 port 58970 ssh2
Oct 15 09:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Connection closed by 129.212.181.5 port 58970 [preauth]
Oct 15 09:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: Invalid user packer from 129.212.181.5
Oct 15 09:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: input_userauth_request: invalid user packer [preauth]
Oct 15 09:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: Invalid user ftpuser from 185.213.164.162
Oct 15 09:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 09:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162
Oct 15 09:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: Failed password for invalid user packer from 129.212.181.5 port 58976 ssh2
Oct 15 09:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: Connection closed by 129.212.181.5 port 58976 [preauth]
Oct 15 09:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: Invalid user ts from 129.212.181.5
Oct 15 09:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: input_userauth_request: invalid user ts [preauth]
Oct 15 09:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: Failed password for invalid user ftpuser from 185.213.164.162 port 47014 ssh2
Oct 15 09:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: Received disconnect from 185.213.164.162 port 47014:11: Bye Bye [preauth]
Oct 15 09:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: Disconnected from 185.213.164.162 port 47014 [preauth]
Oct 15 09:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: Failed password for invalid user ts from 129.212.181.5 port 33022 ssh2
Oct 15 09:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: Connection closed by 129.212.181.5 port 33022 [preauth]
Oct 15 09:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: Invalid user user from 129.212.181.5
Oct 15 09:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: input_userauth_request: invalid user user [preauth]
Oct 15 09:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: Failed password for invalid user user from 129.212.181.5 port 33036 ssh2
Oct 15 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: Connection closed by 129.212.181.5 port 33036 [preauth]
Oct 15 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28717]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28719]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28704]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: Invalid user tom from 129.212.181.5
Oct 15 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: input_userauth_request: invalid user tom [preauth]
Oct 15 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: Invalid user ubuntu from 101.36.231.233
Oct 15 09:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.231.233
Oct 15 09:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28799]: Successful su for rubyman by root
Oct 15 09:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28799]: + ??? root:rubyman
Oct 15 09:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416971 of user rubyman.
Oct 15 09:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28799]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416971.
Oct 15 09:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2  user=root
Oct 15 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: Failed password for invalid user tom from 129.212.181.5 port 33042 ssh2
Oct 15 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: Connection closed by 129.212.181.5 port 33042 [preauth]
Oct 15 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: Invalid user redis from 160.174.129.232
Oct 15 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: input_userauth_request: invalid user redis [preauth]
Oct 15 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28855]: Invalid user oracle from 196.251.84.181
Oct 15 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28855]: input_userauth_request: invalid user oracle [preauth]
Oct 15 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28888]: Invalid user esuser from 129.212.181.5
Oct 15 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28888]: input_userauth_request: invalid user esuser [preauth]
Oct 15 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: Failed password for invalid user ubuntu from 101.36.231.233 port 56906 ssh2
Oct 15 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28888]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: Received disconnect from 101.36.231.233 port 56906:11: Bye Bye [preauth]
Oct 15 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28774]: Disconnected from 101.36.231.233 port 56906 [preauth]
Oct 15 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28855]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28829]: Failed password for root from 103.154.77.2 port 38532 ssh2
Oct 15 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: Invalid user mtvps1 from 195.250.72.168
Oct 15 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: input_userauth_request: invalid user mtvps1 [preauth]
Oct 15 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: Failed password for invalid user redis from 160.174.129.232 port 7536 ssh2
Oct 15 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28829]: Received disconnect from 103.154.77.2 port 38532:11: Bye Bye [preauth]
Oct 15 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28829]: Disconnected from 103.154.77.2 port 38532 [preauth]
Oct 15 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: Received disconnect from 160.174.129.232 port 7536:11: Bye Bye [preauth]
Oct 15 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28835]: Disconnected from 160.174.129.232 port 7536 [preauth]
Oct 15 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28888]: Failed password for invalid user esuser from 129.212.181.5 port 46542 ssh2
Oct 15 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: Invalid user omar from 220.247.224.226
Oct 15 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: input_userauth_request: invalid user omar [preauth]
Oct 15 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 09:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28888]: Connection closed by 129.212.181.5 port 46542 [preauth]
Oct 15 09:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28855]: Failed password for invalid user oracle from 196.251.84.181 port 46264 ssh2
Oct 15 09:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28855]: Connection closed by 196.251.84.181 port 46264 [preauth]
Oct 15 09:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29016]: Invalid user debian from 51.161.32.24
Oct 15 09:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29016]: input_userauth_request: invalid user debian [preauth]
Oct 15 09:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29016]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24
Oct 15 09:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: Failed password for invalid user mtvps1 from 195.250.72.168 port 54268 ssh2
Oct 15 09:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: Received disconnect from 195.250.72.168 port 54268:11: Bye Bye [preauth]
Oct 15 09:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: Disconnected from 195.250.72.168 port 54268 [preauth]
Oct 15 09:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: Failed password for invalid user omar from 220.247.224.226 port 23081 ssh2
Oct 15 09:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: Received disconnect from 220.247.224.226 port 23081:11: Bye Bye [preauth]
Oct 15 09:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28911]: Disconnected from 220.247.224.226 port 23081 [preauth]
Oct 15 09:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24026]: pam_unix(cron:session): session closed for user root
Oct 15 09:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29016]: Failed password for invalid user debian from 51.161.32.24 port 59942 ssh2
Oct 15 09:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29016]: Received disconnect from 51.161.32.24 port 59942:11: Bye Bye [preauth]
Oct 15 09:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29016]: Disconnected from 51.161.32.24 port 59942 [preauth]
Oct 15 09:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29079]: Failed password for root from 129.212.181.5 port 46548 ssh2
Oct 15 09:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29079]: Connection closed by 129.212.181.5 port 46548 [preauth]
Oct 15 09:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29135]: Invalid user ubuntu from 95.111.254.160
Oct 15 09:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29135]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29135]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 09:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29142]: Invalid user factorio from 129.212.181.5
Oct 15 09:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29142]: input_userauth_request: invalid user factorio [preauth]
Oct 15 09:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29142]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29135]: Failed password for invalid user ubuntu from 95.111.254.160 port 54142 ssh2
Oct 15 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29135]: Received disconnect from 95.111.254.160 port 54142:11: Bye Bye [preauth]
Oct 15 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29135]: Disconnected from 95.111.254.160 port 54142 [preauth]
Oct 15 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29142]: Failed password for invalid user factorio from 129.212.181.5 port 46554 ssh2
Oct 15 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29142]: Connection closed by 129.212.181.5 port 46554 [preauth]
Oct 15 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: Invalid user taufik from 185.216.117.150
Oct 15 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: input_userauth_request: invalid user taufik [preauth]
Oct 15 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 09:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: Failed password for invalid user taufik from 185.216.117.150 port 56060 ssh2
Oct 15 09:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: Received disconnect from 185.216.117.150 port 56060:11: Bye Bye [preauth]
Oct 15 09:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: Disconnected from 185.216.117.150 port 56060 [preauth]
Oct 15 09:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29160]: Failed password for root from 129.212.181.5 port 39346 ssh2
Oct 15 09:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29160]: Connection closed by 129.212.181.5 port 39346 [preauth]
Oct 15 09:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28706]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29208]: Invalid user user from 129.212.181.5
Oct 15 09:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29208]: input_userauth_request: invalid user user [preauth]
Oct 15 09:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29208]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29208]: Failed password for invalid user user from 129.212.181.5 port 39354 ssh2
Oct 15 09:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29208]: Connection closed by 129.212.181.5 port 39354 [preauth]
Oct 15 09:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: Failed password for root from 129.212.181.5 port 39356 ssh2
Oct 15 09:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: Connection closed by 129.212.181.5 port 39356 [preauth]
Oct 15 09:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29230]: Failed password for root from 129.212.181.5 port 40646 ssh2
Oct 15 09:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29230]: Connection closed by 129.212.181.5 port 40646 [preauth]
Oct 15 09:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29248]: Invalid user minecraft from 129.212.181.5
Oct 15 09:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29248]: input_userauth_request: invalid user minecraft [preauth]
Oct 15 09:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29248]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29248]: Failed password for invalid user minecraft from 129.212.181.5 port 40660 ssh2
Oct 15 09:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29248]: Connection closed by 129.212.181.5 port 40660 [preauth]
Oct 15 09:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29263]: Invalid user useradmin from 69.166.235.169
Oct 15 09:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29263]: input_userauth_request: invalid user useradmin [preauth]
Oct 15 09:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29263]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: Invalid user demo from 129.212.181.5
Oct 15 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: input_userauth_request: invalid user demo [preauth]
Oct 15 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: Invalid user scan from 103.82.37.34
Oct 15 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: input_userauth_request: invalid user scan [preauth]
Oct 15 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29263]: Failed password for invalid user useradmin from 69.166.235.169 port 51218 ssh2
Oct 15 09:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29263]: Received disconnect from 69.166.235.169 port 51218:11: Bye Bye [preauth]
Oct 15 09:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29263]: Disconnected from 69.166.235.169 port 51218 [preauth]
Oct 15 09:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: Failed password for invalid user demo from 129.212.181.5 port 40664 ssh2
Oct 15 09:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29271]: Connection closed by 129.212.181.5 port 40664 [preauth]
Oct 15 09:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: Failed password for invalid user scan from 103.82.37.34 port 60138 ssh2
Oct 15 09:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: Received disconnect from 103.82.37.34 port 60138:11: Bye Bye [preauth]
Oct 15 09:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: Disconnected from 103.82.37.34 port 60138 [preauth]
Oct 15 09:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: Invalid user oscar from 129.212.181.5
Oct 15 09:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: input_userauth_request: invalid user oscar [preauth]
Oct 15 09:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: Invalid user sudarshan from 107.150.110.167
Oct 15 09:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: input_userauth_request: invalid user sudarshan [preauth]
Oct 15 09:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 09:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: Failed password for invalid user oscar from 129.212.181.5 port 42090 ssh2
Oct 15 09:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: Connection closed by 129.212.181.5 port 42090 [preauth]
Oct 15 09:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: Failed password for invalid user sudarshan from 107.150.110.167 port 45680 ssh2
Oct 15 09:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: Received disconnect from 107.150.110.167 port 45680:11: Bye Bye [preauth]
Oct 15 09:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: Disconnected from 107.150.110.167 port 45680 [preauth]
Oct 15 09:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26920]: pam_unix(cron:session): session closed for user root
Oct 15 09:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: Invalid user user from 129.212.181.5
Oct 15 09:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: input_userauth_request: invalid user user [preauth]
Oct 15 09:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240  user=root
Oct 15 09:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29319]: Failed password for root from 38.57.235.240 port 54202 ssh2
Oct 15 09:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29319]: Received disconnect from 38.57.235.240 port 54202:11: Bye Bye [preauth]
Oct 15 09:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29319]: Disconnected from 38.57.235.240 port 54202 [preauth]
Oct 15 09:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: Failed password for invalid user user from 129.212.181.5 port 42118 ssh2
Oct 15 09:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29317]: Connection closed by 129.212.181.5 port 42118 [preauth]
Oct 15 09:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: Invalid user tomcat from 129.212.181.5
Oct 15 09:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: input_userauth_request: invalid user tomcat [preauth]
Oct 15 09:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: Invalid user oracle from 196.251.84.181
Oct 15 09:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: input_userauth_request: invalid user oracle [preauth]
Oct 15 09:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: Failed password for invalid user tomcat from 129.212.181.5 port 42130 ssh2
Oct 15 09:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: Connection closed by 129.212.181.5 port 42130 [preauth]
Oct 15 09:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29347]: Invalid user odoo17 from 129.212.181.5
Oct 15 09:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29347]: input_userauth_request: invalid user odoo17 [preauth]
Oct 15 09:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29347]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: Failed password for invalid user oracle from 196.251.84.181 port 46448 ssh2
Oct 15 09:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29345]: Connection closed by 196.251.84.181 port 46448 [preauth]
Oct 15 09:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29347]: Failed password for invalid user odoo17 from 129.212.181.5 port 43268 ssh2
Oct 15 09:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29347]: Connection closed by 129.212.181.5 port 43268 [preauth]
Oct 15 09:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Invalid user elasticsearch from 129.212.181.5
Oct 15 09:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: input_userauth_request: invalid user elasticsearch [preauth]
Oct 15 09:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Failed password for invalid user elasticsearch from 129.212.181.5 port 43296 ssh2
Oct 15 09:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29376]: Connection closed by 129.212.181.5 port 43296 [preauth]
Oct 15 09:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29379]: Invalid user nexus from 129.212.181.5
Oct 15 09:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29379]: input_userauth_request: invalid user nexus [preauth]
Oct 15 09:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29379]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29379]: Failed password for invalid user nexus from 129.212.181.5 port 43324 ssh2
Oct 15 09:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29379]: Connection closed by 129.212.181.5 port 43324 [preauth]
Oct 15 09:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: Invalid user plex from 129.212.181.5
Oct 15 09:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: input_userauth_request: invalid user plex [preauth]
Oct 15 09:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: Failed password for invalid user plex from 129.212.181.5 port 49230 ssh2
Oct 15 09:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: Connection closed by 129.212.181.5 port 49230 [preauth]
Oct 15 09:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29394]: Invalid user git from 129.212.181.5
Oct 15 09:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29394]: input_userauth_request: invalid user git [preauth]
Oct 15 09:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29394]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29411]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29413]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29409]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29394]: Failed password for invalid user git from 129.212.181.5 port 49236 ssh2
Oct 15 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29394]: Connection closed by 129.212.181.5 port 49236 [preauth]
Oct 15 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: Successful su for rubyman by root
Oct 15 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: + ??? root:rubyman
Oct 15 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416975 of user rubyman.
Oct 15 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416975.
Oct 15 09:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: Failed password for root from 129.212.181.5 port 49246 ssh2
Oct 15 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29523]: Connection closed by 129.212.181.5 port 49246 [preauth]
Oct 15 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192  user=root
Oct 15 09:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29599]: Failed password for root from 129.212.181.5 port 59610 ssh2
Oct 15 09:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29599]: Connection closed by 129.212.181.5 port 59610 [preauth]
Oct 15 09:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: Failed password for root from 46.25.236.192 port 42484 ssh2
Oct 15 09:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: Received disconnect from 46.25.236.192 port 42484:11: Bye Bye [preauth]
Oct 15 09:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: Disconnected from 46.25.236.192 port 42484 [preauth]
Oct 15 09:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24639]: pam_unix(cron:session): session closed for user root
Oct 15 09:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: Invalid user user from 62.60.131.157
Oct 15 09:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: input_userauth_request: invalid user user [preauth]
Oct 15 09:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 09:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: Failed password for root from 129.212.181.5 port 59624 ssh2
Oct 15 09:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: Connection closed by 129.212.181.5 port 59624 [preauth]
Oct 15 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29717]: Invalid user nginx from 129.212.181.5
Oct 15 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29717]: input_userauth_request: invalid user nginx [preauth]
Oct 15 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29717]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: Failed password for invalid user user from 62.60.131.157 port 33269 ssh2
Oct 15 09:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29717]: Failed password for invalid user nginx from 129.212.181.5 port 59644 ssh2
Oct 15 09:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29717]: Connection closed by 129.212.181.5 port 59644 [preauth]
Oct 15 09:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Invalid user redis from 129.212.181.5
Oct 15 09:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: input_userauth_request: invalid user redis [preauth]
Oct 15 09:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29410]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: Failed password for invalid user user from 62.60.131.157 port 33269 ssh2
Oct 15 09:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: Invalid user wx from 37.120.247.100
Oct 15 09:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: input_userauth_request: invalid user wx [preauth]
Oct 15 09:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 09:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Failed password for invalid user redis from 129.212.181.5 port 33648 ssh2
Oct 15 09:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Connection closed by 129.212.181.5 port 33648 [preauth]
Oct 15 09:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: Failed password for invalid user user from 62.60.131.157 port 33269 ssh2
Oct 15 09:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: Failed password for invalid user wx from 37.120.247.100 port 50346 ssh2
Oct 15 09:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: Received disconnect from 37.120.247.100 port 50346:11: Bye Bye [preauth]
Oct 15 09:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: Disconnected from 37.120.247.100 port 50346 [preauth]
Oct 15 09:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: Failed password for invalid user user from 62.60.131.157 port 33269 ssh2
Oct 15 09:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: Failed password for root from 129.212.181.5 port 33660 ssh2
Oct 15 09:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: Connection closed by 129.212.181.5 port 33660 [preauth]
Oct 15 09:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Invalid user esuser from 129.212.181.5
Oct 15 09:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: input_userauth_request: invalid user esuser [preauth]
Oct 15 09:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29790]: Invalid user oracle from 196.251.84.181
Oct 15 09:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29790]: input_userauth_request: invalid user oracle [preauth]
Oct 15 09:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: Failed password for invalid user user from 62.60.131.157 port 33269 ssh2
Oct 15 09:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29790]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: Received disconnect from 62.60.131.157 port 33269:11: Bye [preauth]
Oct 15 09:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: Disconnected from 62.60.131.157 port 33269 [preauth]
Oct 15 09:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.131.157
Oct 15 09:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 09:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Failed password for invalid user esuser from 129.212.181.5 port 33670 ssh2
Oct 15 09:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Connection closed by 129.212.181.5 port 33670 [preauth]
Oct 15 09:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29790]: Failed password for invalid user oracle from 196.251.84.181 port 46156 ssh2
Oct 15 09:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: Invalid user user1 from 129.212.181.5
Oct 15 09:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: input_userauth_request: invalid user user1 [preauth]
Oct 15 09:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29790]: Connection closed by 196.251.84.181 port 46156 [preauth]
Oct 15 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: Invalid user administrator from 160.174.129.232
Oct 15 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: input_userauth_request: invalid user administrator [preauth]
Oct 15 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162  user=root
Oct 15 09:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: Invalid user neil from 51.161.32.24
Oct 15 09:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: input_userauth_request: invalid user neil [preauth]
Oct 15 09:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24
Oct 15 09:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: Failed password for invalid user user1 from 129.212.181.5 port 38862 ssh2
Oct 15 09:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: Connection closed by 129.212.181.5 port 38862 [preauth]
Oct 15 09:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: Failed password for invalid user administrator from 160.174.129.232 port 58136 ssh2
Oct 15 09:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: Received disconnect from 160.174.129.232 port 58136:11: Bye Bye [preauth]
Oct 15 09:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29798]: Disconnected from 160.174.129.232 port 58136 [preauth]
Oct 15 09:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Failed password for root from 185.213.164.162 port 49152 ssh2
Oct 15 09:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: Invalid user test2 from 129.212.181.5
Oct 15 09:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: input_userauth_request: invalid user test2 [preauth]
Oct 15 09:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Received disconnect from 185.213.164.162 port 49152:11: Bye Bye [preauth]
Oct 15 09:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Disconnected from 185.213.164.162 port 49152 [preauth]
Oct 15 09:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: Failed password for invalid user neil from 51.161.32.24 port 34704 ssh2
Oct 15 09:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: Received disconnect from 51.161.32.24 port 34704:11: Bye Bye [preauth]
Oct 15 09:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: Disconnected from 51.161.32.24 port 34704 [preauth]
Oct 15 09:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: Failed password for invalid user test2 from 129.212.181.5 port 38878 ssh2
Oct 15 09:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: Connection closed by 129.212.181.5 port 38878 [preauth]
Oct 15 09:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: Invalid user bot3 from 195.250.72.168
Oct 15 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: input_userauth_request: invalid user bot3 [preauth]
Oct 15 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29862]: Invalid user gitlab from 129.212.181.5
Oct 15 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29862]: input_userauth_request: invalid user gitlab [preauth]
Oct 15 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29862]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: Invalid user alexey from 103.154.77.2
Oct 15 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: input_userauth_request: invalid user alexey [preauth]
Oct 15 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2
Oct 15 09:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: Failed password for invalid user bot3 from 195.250.72.168 port 45720 ssh2
Oct 15 09:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: Received disconnect from 195.250.72.168 port 45720:11: Bye Bye [preauth]
Oct 15 09:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29845]: Disconnected from 195.250.72.168 port 45720 [preauth]
Oct 15 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29862]: Failed password for invalid user gitlab from 129.212.181.5 port 38908 ssh2
Oct 15 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29862]: Connection closed by 129.212.181.5 port 38908 [preauth]
Oct 15 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: Failed password for invalid user alexey from 103.154.77.2 port 41278 ssh2
Oct 15 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: Received disconnect from 103.154.77.2 port 41278:11: Bye Bye [preauth]
Oct 15 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: Disconnected from 103.154.77.2 port 41278 [preauth]
Oct 15 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: Invalid user alex from 129.212.181.5
Oct 15 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: input_userauth_request: invalid user alex [preauth]
Oct 15 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: Failed password for invalid user alex from 129.212.181.5 port 53162 ssh2
Oct 15 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: Connection closed by 129.212.181.5 port 53162 [preauth]
Oct 15 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27938]: pam_unix(cron:session): session closed for user root
Oct 15 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29909]: Invalid user deploy from 129.212.181.5
Oct 15 09:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29909]: input_userauth_request: invalid user deploy [preauth]
Oct 15 09:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29909]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29909]: Failed password for invalid user deploy from 129.212.181.5 port 53174 ssh2
Oct 15 09:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29909]: Connection closed by 129.212.181.5 port 53174 [preauth]
Oct 15 09:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29912]: Invalid user hadoop from 129.212.181.5
Oct 15 09:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29912]: input_userauth_request: invalid user hadoop [preauth]
Oct 15 09:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29912]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Invalid user samba from 185.216.117.150
Oct 15 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: input_userauth_request: invalid user samba [preauth]
Oct 15 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: Invalid user yash from 95.111.254.160
Oct 15 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: input_userauth_request: invalid user yash [preauth]
Oct 15 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 09:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29912]: Failed password for invalid user hadoop from 129.212.181.5 port 53178 ssh2
Oct 15 09:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29912]: Connection closed by 129.212.181.5 port 53178 [preauth]
Oct 15 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: Invalid user alexis from 220.247.224.226
Oct 15 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: input_userauth_request: invalid user alexis [preauth]
Oct 15 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Failed password for invalid user samba from 185.216.117.150 port 45018 ssh2
Oct 15 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: Invalid user init from 129.212.181.5
Oct 15 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: input_userauth_request: invalid user init [preauth]
Oct 15 09:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Received disconnect from 185.216.117.150 port 45018:11: Bye Bye [preauth]
Oct 15 09:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29914]: Disconnected from 185.216.117.150 port 45018 [preauth]
Oct 15 09:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: Failed password for invalid user yash from 95.111.254.160 port 36146 ssh2
Oct 15 09:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: Received disconnect from 95.111.254.160 port 36146:11: Bye Bye [preauth]
Oct 15 09:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: Disconnected from 95.111.254.160 port 36146 [preauth]
Oct 15 09:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: Failed password for invalid user alexis from 220.247.224.226 port 27500 ssh2
Oct 15 09:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: Received disconnect from 220.247.224.226 port 27500:11: Bye Bye [preauth]
Oct 15 09:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: Disconnected from 220.247.224.226 port 27500 [preauth]
Oct 15 09:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: Failed password for invalid user init from 129.212.181.5 port 44084 ssh2
Oct 15 09:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29936]: Connection closed by 129.212.181.5 port 44084 [preauth]
Oct 15 09:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: Invalid user admin1 from 129.212.181.5
Oct 15 09:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: input_userauth_request: invalid user admin1 [preauth]
Oct 15 09:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: Failed password for invalid user admin1 from 129.212.181.5 port 44112 ssh2
Oct 15 09:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: Connection closed by 129.212.181.5 port 44112 [preauth]
Oct 15 09:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29973]: Invalid user devops from 129.212.181.5
Oct 15 09:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29973]: input_userauth_request: invalid user devops [preauth]
Oct 15 09:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29973]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29973]: Failed password for invalid user devops from 129.212.181.5 port 44130 ssh2
Oct 15 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29973]: Connection closed by 129.212.181.5 port 44130 [preauth]
Oct 15 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: Invalid user kamera from 107.150.110.167
Oct 15 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: input_userauth_request: invalid user kamera [preauth]
Oct 15 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 09:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.78.60.105  user=root
Oct 15 09:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29988]: Invalid user user2 from 129.212.181.5
Oct 15 09:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29988]: input_userauth_request: invalid user user2 [preauth]
Oct 15 09:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29988]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: Failed password for invalid user kamera from 107.150.110.167 port 22938 ssh2
Oct 15 09:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: Received disconnect from 107.150.110.167 port 22938:11: Bye Bye [preauth]
Oct 15 09:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29983]: Disconnected from 107.150.110.167 port 22938 [preauth]
Oct 15 09:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: Failed password for root from 218.78.60.105 port 41546 ssh2
Oct 15 09:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29988]: Failed password for invalid user user2 from 129.212.181.5 port 37824 ssh2
Oct 15 09:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29988]: Connection closed by 129.212.181.5 port 37824 [preauth]
Oct 15 09:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: Received disconnect from 218.78.60.105 port 41546:11: Bye Bye [preauth]
Oct 15 09:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29985]: Disconnected from 218.78.60.105 port 41546 [preauth]
Oct 15 09:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29990]: Invalid user ubuntu from 129.212.181.5
Oct 15 09:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29990]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29990]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30011]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30010]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30007]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30009]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30011]: pam_unix(cron:session): session closed for user root
Oct 15 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30003]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29990]: Failed password for invalid user ubuntu from 129.212.181.5 port 37834 ssh2
Oct 15 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29990]: Connection closed by 129.212.181.5 port 37834 [preauth]
Oct 15 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: Invalid user oracle from 196.251.84.181
Oct 15 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: input_userauth_request: invalid user oracle [preauth]
Oct 15 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Invalid user testuser from 129.212.181.5
Oct 15 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: input_userauth_request: invalid user testuser [preauth]
Oct 15 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[30106]: Successful su for rubyman by root
Oct 15 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[30106]: + ??? root:rubyman
Oct 15 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[30106]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416982 of user rubyman.
Oct 15 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[30106]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416982.
Oct 15 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Failed password for invalid user testuser from 129.212.181.5 port 37846 ssh2
Oct 15 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Connection closed by 129.212.181.5 port 37846 [preauth]
Oct 15 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: Failed password for invalid user oracle from 196.251.84.181 port 45338 ssh2
Oct 15 09:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: Connection closed by 196.251.84.181 port 45338 [preauth]
Oct 15 09:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: Invalid user uftp from 129.212.181.5
Oct 15 09:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: input_userauth_request: invalid user uftp [preauth]
Oct 15 09:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: Failed password for invalid user uftp from 129.212.181.5 port 60380 ssh2
Oct 15 09:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30205]: Connection closed by 129.212.181.5 port 60380 [preauth]
Oct 15 09:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169  user=root
Oct 15 09:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30007]: pam_unix(cron:session): session closed for user root
Oct 15 09:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: Invalid user myuser from 129.212.181.5
Oct 15 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: input_userauth_request: invalid user myuser [preauth]
Oct 15 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25232]: pam_unix(cron:session): session closed for user root
Oct 15 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: Failed password for root from 69.166.235.169 port 51382 ssh2
Oct 15 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: Received disconnect from 69.166.235.169 port 51382:11: Bye Bye [preauth]
Oct 15 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: Disconnected from 69.166.235.169 port 51382 [preauth]
Oct 15 09:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: Failed password for invalid user myuser from 129.212.181.5 port 60386 ssh2
Oct 15 09:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: Connection closed by 129.212.181.5 port 60386 [preauth]
Oct 15 09:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: Failed password for root from 129.212.181.5 port 45132 ssh2
Oct 15 09:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: Connection closed by 129.212.181.5 port 45132 [preauth]
Oct 15 09:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: Invalid user weblogic from 129.212.181.5
Oct 15 09:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: input_userauth_request: invalid user weblogic [preauth]
Oct 15 09:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: Failed password for invalid user weblogic from 129.212.181.5 port 45160 ssh2
Oct 15 09:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: Connection closed by 129.212.181.5 port 45160 [preauth]
Oct 15 09:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34  user=root
Oct 15 09:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30432]: Invalid user admin from 129.212.181.5
Oct 15 09:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30432]: input_userauth_request: invalid user admin [preauth]
Oct 15 09:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30432]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30005]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: Failed password for root from 103.82.37.34 port 37262 ssh2
Oct 15 09:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: Received disconnect from 103.82.37.34 port 37262:11: Bye Bye [preauth]
Oct 15 09:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30417]: Disconnected from 103.82.37.34 port 37262 [preauth]
Oct 15 09:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30432]: Failed password for invalid user admin from 129.212.181.5 port 45176 ssh2
Oct 15 09:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30432]: Connection closed by 129.212.181.5 port 45176 [preauth]
Oct 15 09:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: Invalid user root1 from 129.212.181.5
Oct 15 09:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: input_userauth_request: invalid user root1 [preauth]
Oct 15 09:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: Invalid user deb from 38.57.235.240
Oct 15 09:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: input_userauth_request: invalid user deb [preauth]
Oct 15 09:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 09:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: Failed password for invalid user root1 from 129.212.181.5 port 51374 ssh2
Oct 15 09:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: Connection closed by 129.212.181.5 port 51374 [preauth]
Oct 15 09:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30518]: Invalid user administrator from 129.212.181.5
Oct 15 09:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30518]: input_userauth_request: invalid user administrator [preauth]
Oct 15 09:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30518]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: Failed password for invalid user deb from 38.57.235.240 port 59450 ssh2
Oct 15 09:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: Received disconnect from 38.57.235.240 port 59450:11: Bye Bye [preauth]
Oct 15 09:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: Disconnected from 38.57.235.240 port 59450 [preauth]
Oct 15 09:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30518]: Failed password for invalid user administrator from 129.212.181.5 port 51378 ssh2
Oct 15 09:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30518]: Connection closed by 129.212.181.5 port 51378 [preauth]
Oct 15 09:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30527]: Failed password for root from 129.212.181.5 port 51386 ssh2
Oct 15 09:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30527]: Connection closed by 129.212.181.5 port 51386 [preauth]
Oct 15 09:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: Invalid user rocky from 129.212.181.5
Oct 15 09:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: input_userauth_request: invalid user rocky [preauth]
Oct 15 09:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: Failed password for invalid user rocky from 129.212.181.5 port 46188 ssh2
Oct 15 09:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: Connection closed by 129.212.181.5 port 46188 [preauth]
Oct 15 09:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30614]: Invalid user steam from 129.212.181.5
Oct 15 09:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30614]: input_userauth_request: invalid user steam [preauth]
Oct 15 09:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30614]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28719]: pam_unix(cron:session): session closed for user root
Oct 15 09:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30614]: Failed password for invalid user steam from 129.212.181.5 port 46198 ssh2
Oct 15 09:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30614]: Connection closed by 129.212.181.5 port 46198 [preauth]
Oct 15 09:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30625]: Invalid user oracle from 196.251.84.181
Oct 15 09:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30625]: input_userauth_request: invalid user oracle [preauth]
Oct 15 09:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30625]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: Failed password for root from 129.212.181.5 port 46202 ssh2
Oct 15 09:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30627]: Connection closed by 129.212.181.5 port 46202 [preauth]
Oct 15 09:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30625]: Failed password for invalid user oracle from 196.251.84.181 port 44274 ssh2
Oct 15 09:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30625]: Connection closed by 196.251.84.181 port 44274 [preauth]
Oct 15 09:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30649]: Failed password for root from 129.212.181.5 port 36862 ssh2
Oct 15 09:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30649]: Connection closed by 129.212.181.5 port 36862 [preauth]
Oct 15 09:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24  user=root
Oct 15 09:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: Invalid user oracle from 129.212.181.5
Oct 15 09:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: input_userauth_request: invalid user oracle [preauth]
Oct 15 09:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30657]: Failed password for root from 51.161.32.24 port 51102 ssh2
Oct 15 09:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30657]: Received disconnect from 51.161.32.24 port 51102:11: Bye Bye [preauth]
Oct 15 09:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30657]: Disconnected from 51.161.32.24 port 51102 [preauth]
Oct 15 09:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: Invalid user admin from 2.57.121.25
Oct 15 09:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: input_userauth_request: invalid user admin [preauth]
Oct 15 09:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 09:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: Failed password for invalid user oracle from 129.212.181.5 port 36866 ssh2
Oct 15 09:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: Connection closed by 129.212.181.5 port 36866 [preauth]
Oct 15 09:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100  user=root
Oct 15 09:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: Invalid user test from 129.212.181.5
Oct 15 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: input_userauth_request: invalid user test [preauth]
Oct 15 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: Failed password for invalid user admin from 2.57.121.25 port 56847 ssh2
Oct 15 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232  user=root
Oct 15 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30685]: Failed password for root from 37.120.247.100 port 35652 ssh2
Oct 15 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30685]: Received disconnect from 37.120.247.100 port 35652:11: Bye Bye [preauth]
Oct 15 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30685]: Disconnected from 37.120.247.100 port 35652 [preauth]
Oct 15 09:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: Failed password for invalid user test from 129.212.181.5 port 36890 ssh2
Oct 15 09:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30692]: Connection closed by 129.212.181.5 port 36890 [preauth]
Oct 15 09:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: Failed password for root from 160.174.129.232 port 24409 ssh2
Oct 15 09:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: Failed password for invalid user admin from 2.57.121.25 port 56847 ssh2
Oct 15 09:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: Received disconnect from 160.174.129.232 port 24409:11: Bye Bye [preauth]
Oct 15 09:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: Disconnected from 160.174.129.232 port 24409 [preauth]
Oct 15 09:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30694]: Invalid user es from 129.212.181.5
Oct 15 09:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30694]: input_userauth_request: invalid user es [preauth]
Oct 15 09:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30694]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: Failed password for invalid user admin from 2.57.121.25 port 56847 ssh2
Oct 15 09:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30694]: Failed password for invalid user es from 129.212.181.5 port 47922 ssh2
Oct 15 09:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30694]: Connection closed by 129.212.181.5 port 47922 [preauth]
Oct 15 09:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168  user=root
Oct 15 09:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: Failed password for invalid user admin from 2.57.121.25 port 56847 ssh2
Oct 15 09:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: Failed password for root from 195.250.72.168 port 37816 ssh2
Oct 15 09:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: Received disconnect from 195.250.72.168 port 37816:11: Bye Bye [preauth]
Oct 15 09:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: Disconnected from 195.250.72.168 port 37816 [preauth]
Oct 15 09:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: Failed password for invalid user admin from 2.57.121.25 port 56847 ssh2
Oct 15 09:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30707]: Failed password for root from 129.212.181.5 port 47934 ssh2
Oct 15 09:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: Received disconnect from 2.57.121.25 port 56847:11: Bye [preauth]
Oct 15 09:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: Disconnected from 2.57.121.25 port 56847 [preauth]
Oct 15 09:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 09:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30680]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 09:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30707]: Connection closed by 129.212.181.5 port 47934 [preauth]
Oct 15 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30723]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30725]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30721]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162  user=root
Oct 15 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30801]: Successful su for rubyman by root
Oct 15 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30801]: + ??? root:rubyman
Oct 15 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30801]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416985 of user rubyman.
Oct 15 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30801]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416985.
Oct 15 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30710]: Failed password for root from 185.213.164.162 port 49886 ssh2
Oct 15 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30788]: Failed password for root from 129.212.181.5 port 47950 ssh2
Oct 15 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30710]: Received disconnect from 185.213.164.162 port 49886:11: Bye Bye [preauth]
Oct 15 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30710]: Disconnected from 185.213.164.162 port 49886 [preauth]
Oct 15 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30788]: Connection closed by 129.212.181.5 port 47950 [preauth]
Oct 15 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: Invalid user production from 103.154.77.2
Oct 15 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: input_userauth_request: invalid user production [preauth]
Oct 15 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2
Oct 15 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: Failed password for invalid user production from 103.154.77.2 port 44024 ssh2
Oct 15 09:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: Received disconnect from 103.154.77.2 port 44024:11: Bye Bye [preauth]
Oct 15 09:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: Disconnected from 103.154.77.2 port 44024 [preauth]
Oct 15 09:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30882]: Failed password for root from 129.212.181.5 port 58746 ssh2
Oct 15 09:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30882]: Connection closed by 129.212.181.5 port 58746 [preauth]
Oct 15 09:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30966]: Invalid user deploy from 129.212.181.5
Oct 15 09:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30966]: input_userauth_request: invalid user deploy [preauth]
Oct 15 09:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30966]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30966]: Failed password for invalid user deploy from 129.212.181.5 port 58766 ssh2
Oct 15 09:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30966]: Connection closed by 129.212.181.5 port 58766 [preauth]
Oct 15 09:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: Invalid user monitor from 107.150.110.167
Oct 15 09:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: input_userauth_request: invalid user monitor [preauth]
Oct 15 09:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 09:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26174]: pam_unix(cron:session): session closed for user root
Oct 15 09:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31001]: Invalid user family from 185.216.117.150
Oct 15 09:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31001]: input_userauth_request: invalid user family [preauth]
Oct 15 09:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31001]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 09:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31023]: Invalid user guest from 129.212.181.5
Oct 15 09:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31023]: input_userauth_request: invalid user guest [preauth]
Oct 15 09:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31023]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: Failed password for invalid user monitor from 107.150.110.167 port 55196 ssh2
Oct 15 09:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: Received disconnect from 107.150.110.167 port 55196:11: Bye Bye [preauth]
Oct 15 09:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30990]: Disconnected from 107.150.110.167 port 55196 [preauth]
Oct 15 09:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31001]: Failed password for invalid user family from 185.216.117.150 port 57388 ssh2
Oct 15 09:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31001]: Received disconnect from 185.216.117.150 port 57388:11: Bye Bye [preauth]
Oct 15 09:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31001]: Disconnected from 185.216.117.150 port 57388 [preauth]
Oct 15 09:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31023]: Failed password for invalid user guest from 129.212.181.5 port 58786 ssh2
Oct 15 09:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31023]: Connection closed by 129.212.181.5 port 58786 [preauth]
Oct 15 09:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160  user=root
Oct 15 09:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: Invalid user minecraft from 129.212.181.5
Oct 15 09:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: input_userauth_request: invalid user minecraft [preauth]
Oct 15 09:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: Failed password for root from 95.111.254.160 port 57846 ssh2
Oct 15 09:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: Received disconnect from 95.111.254.160 port 57846:11: Bye Bye [preauth]
Oct 15 09:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: Disconnected from 95.111.254.160 port 57846 [preauth]
Oct 15 09:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: Failed password for invalid user minecraft from 129.212.181.5 port 45756 ssh2
Oct 15 09:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31044]: Connection closed by 129.212.181.5 port 45756 [preauth]
Oct 15 09:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30722]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
Oct 15 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31103]: Invalid user zabbix from 129.212.181.5
Oct 15 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31103]: input_userauth_request: invalid user zabbix [preauth]
Oct 15 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31103]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5
Oct 15 09:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: Invalid user oracle from 196.251.84.181
Oct 15 09:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: input_userauth_request: invalid user oracle [preauth]
Oct 15 09:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Failed password for root from 220.247.224.226 port 40725 ssh2
Oct 15 09:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Received disconnect from 220.247.224.226 port 40725:11: Bye Bye [preauth]
Oct 15 09:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Disconnected from 220.247.224.226 port 40725 [preauth]
Oct 15 09:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31103]: Failed password for invalid user zabbix from 129.212.181.5 port 45786 ssh2
Oct 15 09:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31103]: Connection closed by 129.212.181.5 port 45786 [preauth]
Oct 15 09:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: Failed password for invalid user oracle from 196.251.84.181 port 42922 ssh2
Oct 15 09:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=root
Oct 15 09:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: Connection closed by 196.251.84.181 port 42922 [preauth]
Oct 15 09:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31111]: Failed password for root from 129.212.181.5 port 55652 ssh2
Oct 15 09:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31111]: Connection closed by 129.212.181.5 port 55652 [preauth]
Oct 15 09:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: User ftp from 129.212.181.5 not allowed because not listed in AllowUsers
Oct 15 09:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: input_userauth_request: invalid user ftp [preauth]
Oct 15 09:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.212.181.5  user=ftp
Oct 15 09:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: Failed password for invalid user ftp from 129.212.181.5 port 55656 ssh2
Oct 15 09:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31119]: Connection closed by 129.212.181.5 port 55656 [preauth]
Oct 15 09:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29413]: pam_unix(cron:session): session closed for user root
Oct 15 09:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: Invalid user jerome from 69.166.235.169
Oct 15 09:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: input_userauth_request: invalid user jerome [preauth]
Oct 15 09:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 09:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: Failed password for invalid user jerome from 69.166.235.169 port 51548 ssh2
Oct 15 09:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: Received disconnect from 69.166.235.169 port 51548:11: Bye Bye [preauth]
Oct 15 09:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: Disconnected from 69.166.235.169 port 51548 [preauth]
Oct 15 09:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31208]: Invalid user test1 from 103.82.37.34
Oct 15 09:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31208]: input_userauth_request: invalid user test1 [preauth]
Oct 15 09:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31208]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: Invalid user mariadb from 218.78.60.105
Oct 15 09:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: input_userauth_request: invalid user mariadb [preauth]
Oct 15 09:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.78.60.105
Oct 15 09:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31208]: Failed password for invalid user test1 from 103.82.37.34 port 33298 ssh2
Oct 15 09:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31208]: Received disconnect from 103.82.37.34 port 33298:11: Bye Bye [preauth]
Oct 15 09:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31208]: Disconnected from 103.82.37.34 port 33298 [preauth]
Oct 15 09:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31214]: Failed password for invalid user mariadb from 218.78.60.105 port 34294 ssh2
Oct 15 09:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: Invalid user oracle from 196.251.84.181
Oct 15 09:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: input_userauth_request: invalid user oracle [preauth]
Oct 15 09:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31249]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31250]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31246]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: Failed password for invalid user oracle from 196.251.84.181 port 42150 ssh2
Oct 15 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24  user=root
Oct 15 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: Connection closed by 196.251.84.181 port 42150 [preauth]
Oct 15 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31323]: Successful su for rubyman by root
Oct 15 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31323]: + ??? root:rubyman
Oct 15 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416989 of user rubyman.
Oct 15 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31323]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416989.
Oct 15 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31280]: Failed password for root from 51.161.32.24 port 42424 ssh2
Oct 15 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31280]: Received disconnect from 51.161.32.24 port 42424:11: Bye Bye [preauth]
Oct 15 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31280]: Disconnected from 51.161.32.24 port 42424 [preauth]
Oct 15 09:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Invalid user integration from 38.57.235.240
Oct 15 09:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: input_userauth_request: invalid user integration [preauth]
Oct 15 09:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 09:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: Invalid user mm from 160.174.129.232
Oct 15 09:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: input_userauth_request: invalid user mm [preauth]
Oct 15 09:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 09:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26919]: pam_unix(cron:session): session closed for user root
Oct 15 09:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Failed password for invalid user integration from 38.57.235.240 port 36470 ssh2
Oct 15 09:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Received disconnect from 38.57.235.240 port 36470:11: Bye Bye [preauth]
Oct 15 09:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Disconnected from 38.57.235.240 port 36470 [preauth]
Oct 15 09:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: Failed password for invalid user mm from 160.174.129.232 port 29394 ssh2
Oct 15 09:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: Received disconnect from 160.174.129.232 port 29394:11: Bye Bye [preauth]
Oct 15 09:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: Disconnected from 160.174.129.232 port 29394 [preauth]
Oct 15 09:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31247]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31733]: Invalid user abdullah from 195.250.72.168
Oct 15 09:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31733]: input_userauth_request: invalid user abdullah [preauth]
Oct 15 09:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31733]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: Invalid user redis from 37.120.247.100
Oct 15 09:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: input_userauth_request: invalid user redis [preauth]
Oct 15 09:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 09:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31733]: Failed password for invalid user abdullah from 195.250.72.168 port 49904 ssh2
Oct 15 09:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: Failed password for invalid user redis from 37.120.247.100 port 59334 ssh2
Oct 15 09:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31733]: Received disconnect from 195.250.72.168 port 49904:11: Bye Bye [preauth]
Oct 15 09:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31733]: Disconnected from 195.250.72.168 port 49904 [preauth]
Oct 15 09:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: Received disconnect from 37.120.247.100 port 59334:11: Bye Bye [preauth]
Oct 15 09:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: Disconnected from 37.120.247.100 port 59334 [preauth]
Oct 15 09:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: Invalid user rene from 185.213.164.162
Oct 15 09:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: input_userauth_request: invalid user rene [preauth]
Oct 15 09:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162
Oct 15 09:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31768]: Invalid user techuser from 107.150.110.167
Oct 15 09:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31768]: input_userauth_request: invalid user techuser [preauth]
Oct 15 09:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31768]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 09:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31768]: Failed password for invalid user techuser from 107.150.110.167 port 32454 ssh2
Oct 15 09:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31768]: Received disconnect from 107.150.110.167 port 32454:11: Bye Bye [preauth]
Oct 15 09:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31768]: Disconnected from 107.150.110.167 port 32454 [preauth]
Oct 15 09:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: Failed password for invalid user rene from 185.213.164.162 port 49634 ssh2
Oct 15 09:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: Received disconnect from 185.213.164.162 port 49634:11: Bye Bye [preauth]
Oct 15 09:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: Disconnected from 185.213.164.162 port 49634 [preauth]
Oct 15 09:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: Invalid user ubuntu from 103.154.77.2
Oct 15 09:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2
Oct 15 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: Failed password for invalid user ubuntu from 103.154.77.2 port 46770 ssh2
Oct 15 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: Received disconnect from 103.154.77.2 port 46770:11: Bye Bye [preauth]
Oct 15 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: Disconnected from 103.154.77.2 port 46770 [preauth]
Oct 15 09:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: Invalid user postgres from 196.251.84.181
Oct 15 09:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: input_userauth_request: invalid user postgres [preauth]
Oct 15 09:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150  user=root
Oct 15 09:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: Failed password for invalid user postgres from 196.251.84.181 port 40998 ssh2
Oct 15 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31814]: Failed password for root from 185.216.117.150 port 45102 ssh2
Oct 15 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31804]: Connection closed by 196.251.84.181 port 40998 [preauth]
Oct 15 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31814]: Received disconnect from 185.216.117.150 port 45102:11: Bye Bye [preauth]
Oct 15 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31814]: Disconnected from 185.216.117.150 port 45102 [preauth]
Oct 15 09:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30010]: pam_unix(cron:session): session closed for user root
Oct 15 09:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: Invalid user alexey from 95.111.254.160
Oct 15 09:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: input_userauth_request: invalid user alexey [preauth]
Oct 15 09:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 09:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: Failed password for invalid user alexey from 95.111.254.160 port 60766 ssh2
Oct 15 09:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: Received disconnect from 95.111.254.160 port 60766:11: Bye Bye [preauth]
Oct 15 09:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: Disconnected from 95.111.254.160 port 60766 [preauth]
Oct 15 09:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: Invalid user ftp_user from 220.247.224.226
Oct 15 09:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: input_userauth_request: invalid user ftp_user [preauth]
Oct 15 09:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 09:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: Failed password for invalid user ftp_user from 220.247.224.226 port 10709 ssh2
Oct 15 09:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: Received disconnect from 220.247.224.226 port 10709:11: Bye Bye [preauth]
Oct 15 09:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: Disconnected from 220.247.224.226 port 10709 [preauth]
Oct 15 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31892]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31890]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31887]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31887]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31976]: Successful su for rubyman by root
Oct 15 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31976]: + ??? root:rubyman
Oct 15 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416992 of user rubyman.
Oct 15 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31976]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416992.
Oct 15 09:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27936]: pam_unix(cron:session): session closed for user root
Oct 15 09:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169  user=root
Oct 15 09:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31889]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Invalid user postgres from 196.251.84.181
Oct 15 09:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: input_userauth_request: invalid user postgres [preauth]
Oct 15 09:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: Invalid user sonar from 103.82.37.34
Oct 15 09:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: input_userauth_request: invalid user sonar [preauth]
Oct 15 09:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32276]: Failed password for root from 69.166.235.169 port 51702 ssh2
Oct 15 09:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32276]: Received disconnect from 69.166.235.169 port 51702:11: Bye Bye [preauth]
Oct 15 09:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32276]: Disconnected from 69.166.235.169 port 51702 [preauth]
Oct 15 09:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: Failed password for invalid user sonar from 103.82.37.34 port 43778 ssh2
Oct 15 09:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: Received disconnect from 103.82.37.34 port 43778:11: Bye Bye [preauth]
Oct 15 09:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: Disconnected from 103.82.37.34 port 43778 [preauth]
Oct 15 09:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Failed password for invalid user postgres from 196.251.84.181 port 39910 ssh2
Oct 15 09:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32274]: Connection closed by 196.251.84.181 port 39910 [preauth]
Oct 15 09:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Invalid user zoom from 51.161.32.24
Oct 15 09:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: input_userauth_request: invalid user zoom [preauth]
Oct 15 09:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.161.32.24
Oct 15 09:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Failed password for invalid user zoom from 51.161.32.24 port 44980 ssh2
Oct 15 09:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Received disconnect from 51.161.32.24 port 44980:11: Bye Bye [preauth]
Oct 15 09:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Disconnected from 51.161.32.24 port 44980 [preauth]
Oct 15 09:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: Invalid user pp from 160.174.129.232
Oct 15 09:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: input_userauth_request: invalid user pp [preauth]
Oct 15 09:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 09:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32318]: Connection closed by 46.25.236.192 port 38046 [preauth]
Oct 15 09:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: Failed password for invalid user pp from 160.174.129.232 port 50271 ssh2
Oct 15 09:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: Received disconnect from 160.174.129.232 port 50271:11: Bye Bye [preauth]
Oct 15 09:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32334]: Disconnected from 160.174.129.232 port 50271 [preauth]
Oct 15 09:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30725]: pam_unix(cron:session): session closed for user root
Oct 15 09:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Invalid user fernando from 195.250.72.168
Oct 15 09:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: input_userauth_request: invalid user fernando [preauth]
Oct 15 09:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: Invalid user dario from 2.57.122.26
Oct 15 09:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: input_userauth_request: invalid user dario [preauth]
Oct 15 09:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26
Oct 15 09:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Failed password for invalid user fernando from 195.250.72.168 port 43134 ssh2
Oct 15 09:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Received disconnect from 195.250.72.168 port 43134:11: Bye Bye [preauth]
Oct 15 09:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Disconnected from 195.250.72.168 port 43134 [preauth]
Oct 15 09:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: Failed password for invalid user dario from 2.57.122.26 port 58582 ssh2
Oct 15 09:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: Connection closed by 2.57.122.26 port 58582 [preauth]
Oct 15 09:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: Invalid user fernando from 107.150.110.167
Oct 15 09:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: input_userauth_request: invalid user fernando [preauth]
Oct 15 09:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 09:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: Invalid user user from 37.120.247.100
Oct 15 09:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: input_userauth_request: invalid user user [preauth]
Oct 15 09:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 09:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: Failed password for invalid user fernando from 107.150.110.167 port 64712 ssh2
Oct 15 09:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: Received disconnect from 107.150.110.167 port 64712:11: Bye Bye [preauth]
Oct 15 09:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: Disconnected from 107.150.110.167 port 64712 [preauth]
Oct 15 09:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: Failed password for invalid user user from 37.120.247.100 port 51838 ssh2
Oct 15 09:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: Received disconnect from 37.120.247.100 port 51838:11: Bye Bye [preauth]
Oct 15 09:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32436]: Disconnected from 37.120.247.100 port 51838 [preauth]
Oct 15 09:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: Invalid user ndd from 185.213.164.162
Oct 15 09:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: input_userauth_request: invalid user ndd [preauth]
Oct 15 09:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162
Oct 15 09:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: Failed password for invalid user ndd from 185.213.164.162 port 51888 ssh2
Oct 15 09:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: Invalid user postgres from 196.251.84.181
Oct 15 09:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: input_userauth_request: invalid user postgres [preauth]
Oct 15 09:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: Received disconnect from 185.213.164.162 port 51888:11: Bye Bye [preauth]
Oct 15 09:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: Disconnected from 185.213.164.162 port 51888 [preauth]
Oct 15 09:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32455]: Invalid user cc from 38.57.235.240
Oct 15 09:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32455]: input_userauth_request: invalid user cc [preauth]
Oct 15 09:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32455]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 09:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: Failed password for invalid user postgres from 196.251.84.181 port 39022 ssh2
Oct 15 09:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: Connection closed by 196.251.84.181 port 39022 [preauth]
Oct 15 09:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32455]: Failed password for invalid user cc from 38.57.235.240 port 41724 ssh2
Oct 15 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32455]: Received disconnect from 38.57.235.240 port 41724:11: Bye Bye [preauth]
Oct 15 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32455]: Disconnected from 38.57.235.240 port 41724 [preauth]
Oct 15 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Invalid user rahul from 103.154.77.2
Oct 15 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: input_userauth_request: invalid user rahul [preauth]
Oct 15 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2
Oct 15 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32473]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32472]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32470]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32471]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32470]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32543]: Successful su for rubyman by root
Oct 15 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32543]: + ??? root:rubyman
Oct 15 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 416996 of user rubyman.
Oct 15 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32543]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 416996.
Oct 15 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Failed password for invalid user rahul from 103.154.77.2 port 49526 ssh2
Oct 15 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Received disconnect from 103.154.77.2 port 49526:11: Bye Bye [preauth]
Oct 15 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Disconnected from 103.154.77.2 port 49526 [preauth]
Oct 15 09:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: Invalid user ubuntu from 185.216.117.150
Oct 15 09:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 09:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28717]: pam_unix(cron:session): session closed for user root
Oct 15 09:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: Failed password for invalid user ubuntu from 185.216.117.150 port 36466 ssh2
Oct 15 09:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: Received disconnect from 185.216.117.150 port 36466:11: Bye Bye [preauth]
Oct 15 09:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32681]: Disconnected from 185.216.117.150 port 36466 [preauth]
Oct 15 09:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Invalid user feedback from 95.111.254.160
Oct 15 09:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: input_userauth_request: invalid user feedback [preauth]
Oct 15 09:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 09:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Failed password for invalid user feedback from 95.111.254.160 port 56220 ssh2
Oct 15 09:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Received disconnect from 95.111.254.160 port 56220:11: Bye Bye [preauth]
Oct 15 09:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Disconnected from 95.111.254.160 port 56220 [preauth]
Oct 15 09:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32471]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
Oct 15 09:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[344]: Failed password for root from 220.247.224.226 port 45361 ssh2
Oct 15 09:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[344]: Received disconnect from 220.247.224.226 port 45361:11: Bye Bye [preauth]
Oct 15 09:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[344]: Disconnected from 220.247.224.226 port 45361 [preauth]
Oct 15 09:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: Invalid user admin from 80.94.95.116
Oct 15 09:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: input_userauth_request: invalid user admin [preauth]
Oct 15 09:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 09:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: Failed password for invalid user admin from 80.94.95.116 port 45358 ssh2
Oct 15 09:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: Connection closed by 80.94.95.116 port 45358 [preauth]
Oct 15 09:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: Invalid user postgres from 196.251.84.181
Oct 15 09:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: input_userauth_request: invalid user postgres [preauth]
Oct 15 09:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: Failed password for invalid user postgres from 196.251.84.181 port 38532 ssh2
Oct 15 09:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: Connection closed by 196.251.84.181 port 38532 [preauth]
Oct 15 09:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31250]: pam_unix(cron:session): session closed for user root
Oct 15 09:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[464]: Invalid user cc from 160.174.129.232
Oct 15 09:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[464]: input_userauth_request: invalid user cc [preauth]
Oct 15 09:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[464]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 09:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[464]: Failed password for invalid user cc from 160.174.129.232 port 38214 ssh2
Oct 15 09:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[464]: Received disconnect from 160.174.129.232 port 38214:11: Bye Bye [preauth]
Oct 15 09:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[464]: Disconnected from 160.174.129.232 port 38214 [preauth]
Oct 15 09:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: Invalid user ubuntu from 69.166.235.169
Oct 15 09:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 09:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: Failed password for invalid user ubuntu from 69.166.235.169 port 51872 ssh2
Oct 15 09:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: Received disconnect from 69.166.235.169 port 51872:11: Bye Bye [preauth]
Oct 15 09:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[477]: Disconnected from 69.166.235.169 port 51872 [preauth]
Oct 15 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[502]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[500]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[501]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[499]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[502]: pam_unix(cron:session): session closed for user root
Oct 15 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[496]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34  user=root
Oct 15 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[584]: Successful su for rubyman by root
Oct 15 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[584]: + ??? root:rubyman
Oct 15 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[584]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417002 of user rubyman.
Oct 15 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[584]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417002.
Oct 15 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[489]: Failed password for root from 103.82.37.34 port 55222 ssh2
Oct 15 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[489]: Received disconnect from 103.82.37.34 port 55222:11: Bye Bye [preauth]
Oct 15 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[489]: Disconnected from 103.82.37.34 port 55222 [preauth]
Oct 15 09:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[499]: pam_unix(cron:session): session closed for user root
Oct 15 09:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29411]: pam_unix(cron:session): session closed for user root
Oct 15 09:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: Invalid user postgres from 196.251.84.181
Oct 15 09:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: input_userauth_request: invalid user postgres [preauth]
Oct 15 09:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168  user=root
Oct 15 09:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[849]: Invalid user build from 107.150.110.167
Oct 15 09:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[849]: input_userauth_request: invalid user build [preauth]
Oct 15 09:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[849]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 09:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: Failed password for invalid user postgres from 196.251.84.181 port 37538 ssh2
Oct 15 09:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: Connection closed by 196.251.84.181 port 37538 [preauth]
Oct 15 09:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[825]: Failed password for root from 195.250.72.168 port 37522 ssh2
Oct 15 09:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[825]: Received disconnect from 195.250.72.168 port 37522:11: Bye Bye [preauth]
Oct 15 09:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[825]: Disconnected from 195.250.72.168 port 37522 [preauth]
Oct 15 09:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[849]: Failed password for invalid user build from 107.150.110.167 port 41978 ssh2
Oct 15 09:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[849]: Received disconnect from 107.150.110.167 port 41978:11: Bye Bye [preauth]
Oct 15 09:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[849]: Disconnected from 107.150.110.167 port 41978 [preauth]
Oct 15 09:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[497]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162  user=root
Oct 15 09:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: Failed password for root from 185.213.164.162 port 57032 ssh2
Oct 15 09:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: Received disconnect from 185.213.164.162 port 57032:11: Bye Bye [preauth]
Oct 15 09:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: Disconnected from 185.213.164.162 port 57032 [preauth]
Oct 15 09:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100  user=root
Oct 15 09:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2  user=root
Oct 15 09:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1003]: Failed password for root from 37.120.247.100 port 43762 ssh2
Oct 15 09:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1003]: Received disconnect from 37.120.247.100 port 43762:11: Bye Bye [preauth]
Oct 15 09:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1003]: Disconnected from 37.120.247.100 port 43762 [preauth]
Oct 15 09:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31892]: pam_unix(cron:session): session closed for user root
Oct 15 09:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: Failed password for root from 103.154.77.2 port 52284 ssh2
Oct 15 09:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: Received disconnect from 103.154.77.2 port 52284:11: Bye Bye [preauth]
Oct 15 09:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1007]: Disconnected from 103.154.77.2 port 52284 [preauth]
Oct 15 09:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150  user=root
Oct 15 09:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: Failed password for root from 185.216.117.150 port 49412 ssh2
Oct 15 09:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: Received disconnect from 185.216.117.150 port 49412:11: Bye Bye [preauth]
Oct 15 09:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1071]: Disconnected from 185.216.117.150 port 49412 [preauth]
Oct 15 09:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1101]: Invalid user aman from 38.57.235.240
Oct 15 09:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1101]: input_userauth_request: invalid user aman [preauth]
Oct 15 09:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1101]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 09:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160  user=root
Oct 15 09:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1101]: Failed password for invalid user aman from 38.57.235.240 port 46976 ssh2
Oct 15 09:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1101]: Received disconnect from 38.57.235.240 port 46976:11: Bye Bye [preauth]
Oct 15 09:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1101]: Disconnected from 38.57.235.240 port 46976 [preauth]
Oct 15 09:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: Invalid user postgres from 196.251.84.181
Oct 15 09:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: input_userauth_request: invalid user postgres [preauth]
Oct 15 09:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1103]: Failed password for root from 95.111.254.160 port 32864 ssh2
Oct 15 09:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1103]: Received disconnect from 95.111.254.160 port 32864:11: Bye Bye [preauth]
Oct 15 09:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1103]: Disconnected from 95.111.254.160 port 32864 [preauth]
Oct 15 09:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: Failed password for invalid user postgres from 196.251.84.181 port 36438 ssh2
Oct 15 09:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: Connection closed by 196.251.84.181 port 36438 [preauth]
Oct 15 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1122]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1121]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1119]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1205]: Successful su for rubyman by root
Oct 15 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1205]: + ??? root:rubyman
Oct 15 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417007 of user rubyman.
Oct 15 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1205]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417007.
Oct 15 09:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: Invalid user PRUEBA from 220.247.224.226
Oct 15 09:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: input_userauth_request: invalid user PRUEBA [preauth]
Oct 15 09:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 09:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: Failed password for invalid user PRUEBA from 220.247.224.226 port 25780 ssh2
Oct 15 09:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: Received disconnect from 220.247.224.226 port 25780:11: Bye Bye [preauth]
Oct 15 09:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1288]: Disconnected from 220.247.224.226 port 25780 [preauth]
Oct 15 09:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30009]: pam_unix(cron:session): session closed for user root
Oct 15 09:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1120]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1492]: Invalid user egor from 160.174.129.232
Oct 15 09:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1492]: input_userauth_request: invalid user egor [preauth]
Oct 15 09:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1492]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 09:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1492]: Failed password for invalid user egor from 160.174.129.232 port 58700 ssh2
Oct 15 09:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1492]: Received disconnect from 160.174.129.232 port 58700:11: Bye Bye [preauth]
Oct 15 09:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1492]: Disconnected from 160.174.129.232 port 58700 [preauth]
Oct 15 09:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1527]: Invalid user ftpuser from 69.166.235.169
Oct 15 09:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1527]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 09:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1527]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 09:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1529]: Invalid user postgres from 196.251.84.181
Oct 15 09:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1529]: input_userauth_request: invalid user postgres [preauth]
Oct 15 09:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1529]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1527]: Failed password for invalid user ftpuser from 69.166.235.169 port 52056 ssh2
Oct 15 09:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1527]: Received disconnect from 69.166.235.169 port 52056:11: Bye Bye [preauth]
Oct 15 09:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1527]: Disconnected from 69.166.235.169 port 52056 [preauth]
Oct 15 09:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1529]: Failed password for invalid user postgres from 196.251.84.181 port 35244 ssh2
Oct 15 09:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1529]: Connection closed by 196.251.84.181 port 35244 [preauth]
Oct 15 09:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1558]: Invalid user lzj from 103.82.37.34
Oct 15 09:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1558]: input_userauth_request: invalid user lzj [preauth]
Oct 15 09:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1558]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32473]: pam_unix(cron:session): session closed for user root
Oct 15 09:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1558]: Failed password for invalid user lzj from 103.82.37.34 port 60802 ssh2
Oct 15 09:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1558]: Received disconnect from 103.82.37.34 port 60802:11: Bye Bye [preauth]
Oct 15 09:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1558]: Disconnected from 103.82.37.34 port 60802 [preauth]
Oct 15 09:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: Invalid user admin from 107.150.110.167
Oct 15 09:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: input_userauth_request: invalid user admin [preauth]
Oct 15 09:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 09:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: Failed password for invalid user admin from 107.150.110.167 port 19250 ssh2
Oct 15 09:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: Received disconnect from 107.150.110.167 port 19250:11: Bye Bye [preauth]
Oct 15 09:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: Disconnected from 107.150.110.167 port 19250 [preauth]
Oct 15 09:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168  user=root
Oct 15 09:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: Failed password for root from 195.250.72.168 port 55688 ssh2
Oct 15 09:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: Received disconnect from 195.250.72.168 port 55688:11: Bye Bye [preauth]
Oct 15 09:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: Disconnected from 195.250.72.168 port 55688 [preauth]
Oct 15 09:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162  user=root
Oct 15 09:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: Failed password for root from 185.213.164.162 port 54818 ssh2
Oct 15 09:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: Received disconnect from 185.213.164.162 port 54818:11: Bye Bye [preauth]
Oct 15 09:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1606]: Disconnected from 185.213.164.162 port 54818 [preauth]
Oct 15 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1641]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1639]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1638]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1635]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: Invalid user test2 from 101.36.231.233
Oct 15 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: input_userauth_request: invalid user test2 [preauth]
Oct 15 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.231.233
Oct 15 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1732]: Successful su for rubyman by root
Oct 15 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1732]: + ??? root:rubyman
Oct 15 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417011 of user rubyman.
Oct 15 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1732]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417011.
Oct 15 09:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: Failed password for invalid user test2 from 101.36.231.233 port 39454 ssh2
Oct 15 09:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: Received disconnect from 101.36.231.233 port 39454:11: Bye Bye [preauth]
Oct 15 09:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1705]: Disconnected from 101.36.231.233 port 39454 [preauth]
Oct 15 09:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30723]: pam_unix(cron:session): session closed for user root
Oct 15 09:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2  user=root
Oct 15 09:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Failed password for root from 103.154.77.2 port 55040 ssh2
Oct 15 09:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Received disconnect from 103.154.77.2 port 55040:11: Bye Bye [preauth]
Oct 15 09:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Disconnected from 103.154.77.2 port 55040 [preauth]
Oct 15 09:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100  user=root
Oct 15 09:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: Invalid user postgres from 196.251.84.181
Oct 15 09:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: input_userauth_request: invalid user postgres [preauth]
Oct 15 09:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Failed password for root from 37.120.247.100 port 57430 ssh2
Oct 15 09:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Received disconnect from 37.120.247.100 port 57430:11: Bye Bye [preauth]
Oct 15 09:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Disconnected from 37.120.247.100 port 57430 [preauth]
Oct 15 09:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: Failed password for invalid user postgres from 196.251.84.181 port 34520 ssh2
Oct 15 09:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: Connection closed by 196.251.84.181 port 34520 [preauth]
Oct 15 09:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1638]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: Invalid user filippo from 185.216.117.150
Oct 15 09:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: input_userauth_request: invalid user filippo [preauth]
Oct 15 09:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 09:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: Failed password for invalid user filippo from 185.216.117.150 port 60048 ssh2
Oct 15 09:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: Received disconnect from 185.216.117.150 port 60048:11: Bye Bye [preauth]
Oct 15 09:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: Disconnected from 185.216.117.150 port 60048 [preauth]
Oct 15 09:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160  user=root
Oct 15 09:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: Failed password for root from 95.111.254.160 port 55892 ssh2
Oct 15 09:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: Received disconnect from 95.111.254.160 port 55892:11: Bye Bye [preauth]
Oct 15 09:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: Disconnected from 95.111.254.160 port 55892 [preauth]
Oct 15 09:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152  user=root
Oct 15 09:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: Failed password for root from 111.68.98.152 port 37444 ssh2
Oct 15 09:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[501]: pam_unix(cron:session): session closed for user root
Oct 15 09:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: Received disconnect from 111.68.98.152 port 37444:11: Bye Bye [preauth]
Oct 15 09:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: Disconnected from 111.68.98.152 port 37444 [preauth]
Oct 15 09:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: Invalid user min from 46.25.236.192
Oct 15 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: input_userauth_request: invalid user min [preauth]
Oct 15 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
Oct 15 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: Invalid user sachin from 160.174.129.232
Oct 15 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: input_userauth_request: invalid user sachin [preauth]
Oct 15 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 09:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: Invalid user build from 220.247.224.226
Oct 15 09:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: input_userauth_request: invalid user build [preauth]
Oct 15 09:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 09:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: Invalid user user from 38.57.235.240
Oct 15 09:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: input_userauth_request: invalid user user [preauth]
Oct 15 09:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: Failed password for invalid user min from 46.25.236.192 port 33594 ssh2
Oct 15 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: Received disconnect from 46.25.236.192 port 33594:11: Bye Bye [preauth]
Oct 15 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2180]: Disconnected from 46.25.236.192 port 33594 [preauth]
Oct 15 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: Failed password for invalid user sachin from 160.174.129.232 port 42373 ssh2
Oct 15 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: Received disconnect from 160.174.129.232 port 42373:11: Bye Bye [preauth]
Oct 15 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2183]: Disconnected from 160.174.129.232 port 42373 [preauth]
Oct 15 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: Failed password for invalid user build from 220.247.224.226 port 45016 ssh2
Oct 15 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: Received disconnect from 220.247.224.226 port 45016:11: Bye Bye [preauth]
Oct 15 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: Disconnected from 220.247.224.226 port 45016 [preauth]
Oct 15 09:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: Failed password for invalid user user from 38.57.235.240 port 52240 ssh2
Oct 15 09:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: Received disconnect from 38.57.235.240 port 52240:11: Bye Bye [preauth]
Oct 15 09:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2200]: Disconnected from 38.57.235.240 port 52240 [preauth]
Oct 15 09:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Invalid user postgres from 196.251.84.181
Oct 15 09:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: input_userauth_request: invalid user postgres [preauth]
Oct 15 09:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Failed password for invalid user postgres from 196.251.84.181 port 32924 ssh2
Oct 15 09:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Connection closed by 196.251.84.181 port 32924 [preauth]
Oct 15 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2245]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2242]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2244]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2240]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2307]: Successful su for rubyman by root
Oct 15 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2307]: + ??? root:rubyman
Oct 15 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417014 of user rubyman.
Oct 15 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2307]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417014.
Oct 15 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167  user=root
Oct 15 09:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: Failed password for root from 107.150.110.167 port 51516 ssh2
Oct 15 09:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: Received disconnect from 107.150.110.167 port 51516:11: Bye Bye [preauth]
Oct 15 09:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2330]: Disconnected from 107.150.110.167 port 51516 [preauth]
Oct 15 09:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31249]: pam_unix(cron:session): session closed for user root
Oct 15 09:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: Invalid user panda from 69.166.235.169
Oct 15 09:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: input_userauth_request: invalid user panda [preauth]
Oct 15 09:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 09:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: Invalid user oss from 103.82.37.34
Oct 15 09:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: input_userauth_request: invalid user oss [preauth]
Oct 15 09:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: Failed password for invalid user panda from 69.166.235.169 port 52212 ssh2
Oct 15 09:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: Received disconnect from 69.166.235.169 port 52212:11: Bye Bye [preauth]
Oct 15 09:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: Disconnected from 69.166.235.169 port 52212 [preauth]
Oct 15 09:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: Invalid user deep from 195.250.72.168
Oct 15 09:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: input_userauth_request: invalid user deep [preauth]
Oct 15 09:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.250.72.168
Oct 15 09:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: Failed password for invalid user oss from 103.82.37.34 port 56220 ssh2
Oct 15 09:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: Received disconnect from 103.82.37.34 port 56220:11: Bye Bye [preauth]
Oct 15 09:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: Disconnected from 103.82.37.34 port 56220 [preauth]
Oct 15 09:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: Failed password for invalid user deep from 195.250.72.168 port 39846 ssh2
Oct 15 09:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: Received disconnect from 195.250.72.168 port 39846:11: Bye Bye [preauth]
Oct 15 09:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2521]: Disconnected from 195.250.72.168 port 39846 [preauth]
Oct 15 09:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2242]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Invalid user ehsan from 185.213.164.162
Oct 15 09:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: input_userauth_request: invalid user ehsan [preauth]
Oct 15 09:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162
Oct 15 09:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Failed password for invalid user ehsan from 185.213.164.162 port 39980 ssh2
Oct 15 09:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Received disconnect from 185.213.164.162 port 39980:11: Bye Bye [preauth]
Oct 15 09:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Disconnected from 185.213.164.162 port 39980 [preauth]
Oct 15 09:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2616]: User ftp from 196.251.84.181 not allowed because not listed in AllowUsers
Oct 15 09:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2616]: input_userauth_request: invalid user ftp [preauth]
Oct 15 09:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=ftp
Oct 15 09:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2616]: Failed password for invalid user ftp from 196.251.84.181 port 59902 ssh2
Oct 15 09:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2616]: Connection closed by 196.251.84.181 port 59902 [preauth]
Oct 15 09:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1122]: pam_unix(cron:session): session closed for user root
Oct 15 09:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2  user=root
Oct 15 09:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: Failed password for root from 103.154.77.2 port 57796 ssh2
Oct 15 09:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: Received disconnect from 103.154.77.2 port 57796:11: Bye Bye [preauth]
Oct 15 09:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2648]: Disconnected from 103.154.77.2 port 57796 [preauth]
Oct 15 09:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100  user=root
Oct 15 09:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150  user=root
Oct 15 09:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2683]: Failed password for root from 37.120.247.100 port 58416 ssh2
Oct 15 09:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2683]: Received disconnect from 37.120.247.100 port 58416:11: Bye Bye [preauth]
Oct 15 09:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2683]: Disconnected from 37.120.247.100 port 58416 [preauth]
Oct 15 09:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: Failed password for root from 185.216.117.150 port 59364 ssh2
Oct 15 09:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: Received disconnect from 185.216.117.150 port 59364:11: Bye Bye [preauth]
Oct 15 09:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: Disconnected from 185.216.117.150 port 59364 [preauth]
Oct 15 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2702]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2703]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2697]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2773]: Successful su for rubyman by root
Oct 15 09:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2773]: + ??? root:rubyman
Oct 15 09:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2773]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417020 of user rubyman.
Oct 15 09:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2773]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417020.
Oct 15 09:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160  user=root
Oct 15 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232  user=root
Oct 15 09:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2787]: Failed password for root from 95.111.254.160 port 56208 ssh2
Oct 15 09:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2787]: Received disconnect from 95.111.254.160 port 56208:11: Bye Bye [preauth]
Oct 15 09:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2787]: Disconnected from 95.111.254.160 port 56208 [preauth]
Oct 15 09:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2802]: Failed password for root from 160.174.129.232 port 5002 ssh2
Oct 15 09:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2802]: Received disconnect from 160.174.129.232 port 5002:11: Bye Bye [preauth]
Oct 15 09:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2802]: Disconnected from 160.174.129.232 port 5002 [preauth]
Oct 15 09:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2854]: Invalid user rachit from 190.103.202.7
Oct 15 09:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2854]: input_userauth_request: invalid user rachit [preauth]
Oct 15 09:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2854]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 15 09:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2854]: Failed password for invalid user rachit from 190.103.202.7 port 39816 ssh2
Oct 15 09:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2854]: Connection closed by 190.103.202.7 port 39816 [preauth]
Oct 15 09:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31890]: pam_unix(cron:session): session closed for user root
Oct 15 09:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: User ftp from 196.251.84.181 not allowed because not listed in AllowUsers
Oct 15 09:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: input_userauth_request: invalid user ftp [preauth]
Oct 15 09:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=ftp
Oct 15 09:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: Failed password for invalid user ftp from 196.251.84.181 port 58928 ssh2
Oct 15 09:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2985]: Connection closed by 196.251.84.181 port 58928 [preauth]
Oct 15 09:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167  user=root
Oct 15 09:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2700]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3015]: Failed password for root from 107.150.110.167 port 28782 ssh2
Oct 15 09:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3015]: Received disconnect from 107.150.110.167 port 28782:11: Bye Bye [preauth]
Oct 15 09:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3015]: Disconnected from 107.150.110.167 port 28782 [preauth]
Oct 15 09:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
Oct 15 09:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3046]: Failed password for root from 220.247.224.226 port 43566 ssh2
Oct 15 09:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3046]: Received disconnect from 220.247.224.226 port 43566:11: Bye Bye [preauth]
Oct 15 09:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3046]: Disconnected from 220.247.224.226 port 43566 [preauth]
Oct 15 09:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: Invalid user adc from 38.57.235.240
Oct 15 09:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: input_userauth_request: invalid user adc [preauth]
Oct 15 09:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 09:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1641]: pam_unix(cron:session): session closed for user root
Oct 15 09:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: Failed password for invalid user adc from 38.57.235.240 port 57496 ssh2
Oct 15 09:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: Received disconnect from 38.57.235.240 port 57496:11: Bye Bye [preauth]
Oct 15 09:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: Disconnected from 38.57.235.240 port 57496 [preauth]
Oct 15 09:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162  user=root
Oct 15 09:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3122]: Invalid user jenkins from 111.68.98.152
Oct 15 09:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3122]: input_userauth_request: invalid user jenkins [preauth]
Oct 15 09:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3122]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 09:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3148]: Invalid user privacy from 69.166.235.169
Oct 15 09:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3148]: input_userauth_request: invalid user privacy [preauth]
Oct 15 09:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3148]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 09:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: Failed password for root from 185.213.164.162 port 42466 ssh2
Oct 15 09:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: Received disconnect from 185.213.164.162 port 42466:11: Bye Bye [preauth]
Oct 15 09:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3126]: Disconnected from 185.213.164.162 port 42466 [preauth]
Oct 15 09:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3122]: Failed password for invalid user jenkins from 111.68.98.152 port 37316 ssh2
Oct 15 09:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3148]: Failed password for invalid user privacy from 69.166.235.169 port 52388 ssh2
Oct 15 09:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3148]: Received disconnect from 69.166.235.169 port 52388:11: Bye Bye [preauth]
Oct 15 09:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3148]: Disconnected from 69.166.235.169 port 52388 [preauth]
Oct 15 09:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3122]: Received disconnect from 111.68.98.152 port 37316:11: Bye Bye [preauth]
Oct 15 09:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3122]: Disconnected from 111.68.98.152 port 37316 [preauth]
Oct 15 09:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: User ftp from 196.251.84.181 not allowed because not listed in AllowUsers
Oct 15 09:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: input_userauth_request: invalid user ftp [preauth]
Oct 15 09:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: Invalid user smita from 103.82.37.34
Oct 15 09:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: input_userauth_request: invalid user smita [preauth]
Oct 15 09:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=ftp
Oct 15 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: Failed password for invalid user smita from 103.82.37.34 port 34912 ssh2
Oct 15 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: Failed password for invalid user ftp from 196.251.84.181 port 57690 ssh2
Oct 15 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: Received disconnect from 103.82.37.34 port 34912:11: Bye Bye [preauth]
Oct 15 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: Disconnected from 103.82.37.34 port 34912 [preauth]
Oct 15 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: Connection closed by 196.251.84.181 port 57690 [preauth]
Oct 15 09:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192  user=root
Oct 15 09:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: Failed password for root from 46.25.236.192 port 59570 ssh2
Oct 15 09:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: Received disconnect from 46.25.236.192 port 59570:11: Bye Bye [preauth]
Oct 15 09:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3162]: Disconnected from 46.25.236.192 port 59570 [preauth]
Oct 15 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3177]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3180]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3179]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3181]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3181]: pam_unix(cron:session): session closed for user root
Oct 15 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3175]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3255]: Successful su for rubyman by root
Oct 15 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3255]: + ??? root:rubyman
Oct 15 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417023 of user rubyman.
Oct 15 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3255]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417023.
Oct 15 09:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3177]: pam_unix(cron:session): session closed for user root
Oct 15 09:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2  user=root
Oct 15 09:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3393]: Failed password for root from 103.154.77.2 port 60556 ssh2
Oct 15 09:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: Invalid user ftpuser from 218.78.60.105
Oct 15 09:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 09:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3393]: Received disconnect from 103.154.77.2 port 60556:11: Bye Bye [preauth]
Oct 15 09:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3393]: Disconnected from 103.154.77.2 port 60556 [preauth]
Oct 15 09:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.78.60.105
Oct 15 09:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32472]: pam_unix(cron:session): session closed for user root
Oct 15 09:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: Failed password for invalid user ftpuser from 218.78.60.105 port 33522 ssh2
Oct 15 09:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: Received disconnect from 218.78.60.105 port 33522:11: Bye Bye [preauth]
Oct 15 09:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: Disconnected from 218.78.60.105 port 33522 [preauth]
Oct 15 09:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3532]: Invalid user diradmin from 20.163.71.109
Oct 15 09:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3532]: input_userauth_request: invalid user diradmin [preauth]
Oct 15 09:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3532]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 09:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: Invalid user test2 from 185.216.117.150
Oct 15 09:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: input_userauth_request: invalid user test2 [preauth]
Oct 15 09:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 09:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3532]: Failed password for invalid user diradmin from 20.163.71.109 port 41524 ssh2
Oct 15 09:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3176]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3532]: Connection closed by 20.163.71.109 port 41524 [preauth]
Oct 15 09:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232  user=root
Oct 15 09:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: Failed password for invalid user test2 from 185.216.117.150 port 58036 ssh2
Oct 15 09:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: Received disconnect from 185.216.117.150 port 58036:11: Bye Bye [preauth]
Oct 15 09:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: Disconnected from 185.216.117.150 port 58036 [preauth]
Oct 15 09:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3562]: Failed password for root from 160.174.129.232 port 46508 ssh2
Oct 15 09:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3562]: Received disconnect from 160.174.129.232 port 46508:11: Bye Bye [preauth]
Oct 15 09:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3562]: Disconnected from 160.174.129.232 port 46508 [preauth]
Oct 15 09:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100  user=root
Oct 15 09:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3576]: Failed password for root from 37.120.247.100 port 47902 ssh2
Oct 15 09:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3576]: Received disconnect from 37.120.247.100 port 47902:11: Bye Bye [preauth]
Oct 15 09:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3576]: Disconnected from 37.120.247.100 port 47902 [preauth]
Oct 15 09:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3586]: User ftp from 196.251.84.181 not allowed because not listed in AllowUsers
Oct 15 09:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3586]: input_userauth_request: invalid user ftp [preauth]
Oct 15 09:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=ftp
Oct 15 09:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3586]: Failed password for invalid user ftp from 196.251.84.181 port 57248 ssh2
Oct 15 09:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3586]: Connection closed by 196.251.84.181 port 57248 [preauth]
Oct 15 09:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: Invalid user armand from 95.111.254.160
Oct 15 09:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: input_userauth_request: invalid user armand [preauth]
Oct 15 09:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 09:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: Invalid user oem from 107.150.110.167
Oct 15 09:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: input_userauth_request: invalid user oem [preauth]
Oct 15 09:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 09:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: Failed password for invalid user armand from 95.111.254.160 port 58852 ssh2
Oct 15 09:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: Failed password for invalid user oem from 107.150.110.167 port 61046 ssh2
Oct 15 09:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: Received disconnect from 95.111.254.160 port 58852:11: Bye Bye [preauth]
Oct 15 09:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: Disconnected from 95.111.254.160 port 58852 [preauth]
Oct 15 09:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: Received disconnect from 107.150.110.167 port 61046:11: Bye Bye [preauth]
Oct 15 09:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3613]: Disconnected from 107.150.110.167 port 61046 [preauth]
Oct 15 09:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2245]: pam_unix(cron:session): session closed for user root
Oct 15 09:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: Invalid user user8 from 220.247.224.226
Oct 15 09:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: input_userauth_request: invalid user user8 [preauth]
Oct 15 09:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 09:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: Failed password for invalid user user8 from 220.247.224.226 port 2463 ssh2
Oct 15 09:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: Received disconnect from 220.247.224.226 port 2463:11: Bye Bye [preauth]
Oct 15 09:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: Disconnected from 220.247.224.226 port 2463 [preauth]
Oct 15 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3695]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3696]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3693]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3780]: Successful su for rubyman by root
Oct 15 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3780]: + ??? root:rubyman
Oct 15 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417028 of user rubyman.
Oct 15 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3780]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417028.
Oct 15 09:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3951]: User ftp from 196.251.84.181 not allowed because not listed in AllowUsers
Oct 15 09:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3951]: input_userauth_request: invalid user ftp [preauth]
Oct 15 09:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=ftp
Oct 15 09:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[500]: pam_unix(cron:session): session closed for user root
Oct 15 09:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3951]: Failed password for invalid user ftp from 196.251.84.181 port 56132 ssh2
Oct 15 09:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3951]: Connection closed by 196.251.84.181 port 56132 [preauth]
Oct 15 09:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3694]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.162  user=root
Oct 15 09:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: Failed password for root from 185.213.164.162 port 41826 ssh2
Oct 15 09:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: Received disconnect from 185.213.164.162 port 41826:11: Bye Bye [preauth]
Oct 15 09:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4027]: Disconnected from 185.213.164.162 port 41826 [preauth]
Oct 15 09:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: Invalid user egor from 38.57.235.240
Oct 15 09:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: input_userauth_request: invalid user egor [preauth]
Oct 15 09:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 09:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: Failed password for invalid user egor from 38.57.235.240 port 34518 ssh2
Oct 15 09:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: Received disconnect from 38.57.235.240 port 34518:11: Bye Bye [preauth]
Oct 15 09:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: Disconnected from 38.57.235.240 port 34518 [preauth]
Oct 15 09:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169  user=root
Oct 15 09:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34  user=root
Oct 15 09:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Failed password for root from 69.166.235.169 port 52556 ssh2
Oct 15 09:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Received disconnect from 69.166.235.169 port 52556:11: Bye Bye [preauth]
Oct 15 09:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Disconnected from 69.166.235.169 port 52556 [preauth]
Oct 15 09:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: Failed password for root from 103.82.37.34 port 59348 ssh2
Oct 15 09:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: Received disconnect from 103.82.37.34 port 59348:11: Bye Bye [preauth]
Oct 15 09:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: Disconnected from 103.82.37.34 port 59348 [preauth]
Oct 15 09:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: Invalid user elastic from 103.154.77.2
Oct 15 09:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: input_userauth_request: invalid user elastic [preauth]
Oct 15 09:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2
Oct 15 09:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2703]: pam_unix(cron:session): session closed for user root
Oct 15 09:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: Failed password for invalid user elastic from 103.154.77.2 port 35074 ssh2
Oct 15 09:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: Received disconnect from 103.154.77.2 port 35074:11: Bye Bye [preauth]
Oct 15 09:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: Disconnected from 103.154.77.2 port 35074 [preauth]
Oct 15 09:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: Invalid user ftpuser from 160.174.129.232
Oct 15 09:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 09:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 09:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: Failed password for invalid user ftpuser from 160.174.129.232 port 34446 ssh2
Oct 15 09:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: Received disconnect from 160.174.129.232 port 34446:11: Bye Bye [preauth]
Oct 15 09:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: Disconnected from 160.174.129.232 port 34446 [preauth]
Oct 15 09:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: User ftp from 196.251.84.181 not allowed because not listed in AllowUsers
Oct 15 09:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: input_userauth_request: invalid user ftp [preauth]
Oct 15 09:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=ftp
Oct 15 09:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Failed password for invalid user ftp from 196.251.84.181 port 55094 ssh2
Oct 15 09:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Connection closed by 196.251.84.181 port 55094 [preauth]
Oct 15 09:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: Invalid user teamspeak from 111.68.98.152
Oct 15 09:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: input_userauth_request: invalid user teamspeak [preauth]
Oct 15 09:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 09:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4188]: Invalid user ins from 185.216.117.150
Oct 15 09:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4188]: input_userauth_request: invalid user ins [preauth]
Oct 15 09:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4188]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 09:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167  user=root
Oct 15 09:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: Failed password for invalid user teamspeak from 111.68.98.152 port 38858 ssh2
Oct 15 09:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: Received disconnect from 111.68.98.152 port 38858:11: Bye Bye [preauth]
Oct 15 09:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: Disconnected from 111.68.98.152 port 38858 [preauth]
Oct 15 09:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4188]: Failed password for invalid user ins from 185.216.117.150 port 60046 ssh2
Oct 15 09:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4202]: Failed password for root from 107.150.110.167 port 38306 ssh2
Oct 15 09:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4202]: Received disconnect from 107.150.110.167 port 38306:11: Bye Bye [preauth]
Oct 15 09:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4202]: Disconnected from 107.150.110.167 port 38306 [preauth]
Oct 15 09:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4188]: Received disconnect from 185.216.117.150 port 60046:11: Bye Bye [preauth]
Oct 15 09:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4188]: Disconnected from 185.216.117.150 port 60046 [preauth]
Oct 15 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4211]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4218]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4209]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4320]: Successful su for rubyman by root
Oct 15 09:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4320]: + ??? root:rubyman
Oct 15 09:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417035 of user rubyman.
Oct 15 09:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4320]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417035.
Oct 15 09:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: Invalid user mm from 37.120.247.100
Oct 15 09:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: input_userauth_request: invalid user mm [preauth]
Oct 15 09:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 09:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: Failed password for invalid user mm from 37.120.247.100 port 47842 ssh2
Oct 15 09:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: Received disconnect from 37.120.247.100 port 47842:11: Bye Bye [preauth]
Oct 15 09:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4306]: Disconnected from 37.120.247.100 port 47842 [preauth]
Oct 15 09:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1121]: pam_unix(cron:session): session closed for user root
Oct 15 09:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: Invalid user tony from 95.111.254.160
Oct 15 09:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: input_userauth_request: invalid user tony [preauth]
Oct 15 09:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 09:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: Failed password for invalid user tony from 95.111.254.160 port 56914 ssh2
Oct 15 09:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: Received disconnect from 95.111.254.160 port 56914:11: Bye Bye [preauth]
Oct 15 09:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: Disconnected from 95.111.254.160 port 56914 [preauth]
Oct 15 09:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4210]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: Invalid user rachit from 190.103.202.7
Oct 15 09:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: input_userauth_request: invalid user rachit [preauth]
Oct 15 09:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 15 09:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: Failed password for invalid user rachit from 190.103.202.7 port 60896 ssh2
Oct 15 09:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 15 09:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: Connection closed by 190.103.202.7 port 60896 [preauth]
Oct 15 09:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: Failed password for root from 185.156.73.233 port 25790 ssh2
Oct 15 09:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4588]: Connection closed by 185.156.73.233 port 25790 [preauth]
Oct 15 09:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: User ftp from 196.251.84.181 not allowed because not listed in AllowUsers
Oct 15 09:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: input_userauth_request: invalid user ftp [preauth]
Oct 15 09:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=ftp
Oct 15 09:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
Oct 15 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: Failed password for invalid user ftp from 196.251.84.181 port 53636 ssh2
Oct 15 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: Connection closed by 196.251.84.181 port 53636 [preauth]
Oct 15 09:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: Failed password for root from 220.247.224.226 port 14584 ssh2
Oct 15 09:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: Received disconnect from 220.247.224.226 port 14584:11: Bye Bye [preauth]
Oct 15 09:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: Disconnected from 220.247.224.226 port 14584 [preauth]
Oct 15 09:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3180]: pam_unix(cron:session): session closed for user root
Oct 15 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4753]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4752]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4748]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4748]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4825]: Successful su for rubyman by root
Oct 15 09:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4825]: + ??? root:rubyman
Oct 15 09:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417038 of user rubyman.
Oct 15 09:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4825]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417038.
Oct 15 09:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232  user=root
Oct 15 09:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: Failed password for root from 160.174.129.232 port 50616 ssh2
Oct 15 09:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: Received disconnect from 160.174.129.232 port 50616:11: Bye Bye [preauth]
Oct 15 09:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: Disconnected from 160.174.129.232 port 50616 [preauth]
Oct 15 09:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1639]: pam_unix(cron:session): session closed for user root
Oct 15 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5221]: User ftp from 196.251.84.181 not allowed because not listed in AllowUsers
Oct 15 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5221]: input_userauth_request: invalid user ftp [preauth]
Oct 15 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: Invalid user feedback from 103.154.77.2
Oct 15 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: input_userauth_request: invalid user feedback [preauth]
Oct 15 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2
Oct 15 09:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=ftp
Oct 15 09:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: Invalid user produccion from 103.82.37.34
Oct 15 09:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: input_userauth_request: invalid user produccion [preauth]
Oct 15 09:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5221]: Failed password for invalid user ftp from 196.251.84.181 port 52598 ssh2
Oct 15 09:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5221]: Connection closed by 196.251.84.181 port 52598 [preauth]
Oct 15 09:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: Failed password for invalid user feedback from 103.154.77.2 port 37828 ssh2
Oct 15 09:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: Received disconnect from 103.154.77.2 port 37828:11: Bye Bye [preauth]
Oct 15 09:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: Disconnected from 103.154.77.2 port 37828 [preauth]
Oct 15 09:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Invalid user nacos from 69.166.235.169
Oct 15 09:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: input_userauth_request: invalid user nacos [preauth]
Oct 15 09:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 09:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: Failed password for invalid user produccion from 103.82.37.34 port 57778 ssh2
Oct 15 09:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: Received disconnect from 103.82.37.34 port 57778:11: Bye Bye [preauth]
Oct 15 09:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: Disconnected from 103.82.37.34 port 57778 [preauth]
Oct 15 09:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Invalid user elaine from 38.57.235.240
Oct 15 09:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: input_userauth_request: invalid user elaine [preauth]
Oct 15 09:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 09:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Failed password for invalid user nacos from 69.166.235.169 port 52722 ssh2
Oct 15 09:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Received disconnect from 69.166.235.169 port 52722:11: Bye Bye [preauth]
Oct 15 09:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Disconnected from 69.166.235.169 port 52722 [preauth]
Oct 15 09:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: Invalid user ftp_user from 107.150.110.167
Oct 15 09:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: input_userauth_request: invalid user ftp_user [preauth]
Oct 15 09:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 09:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Failed password for invalid user elaine from 38.57.235.240 port 39770 ssh2
Oct 15 09:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Received disconnect from 38.57.235.240 port 39770:11: Bye Bye [preauth]
Oct 15 09:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Disconnected from 38.57.235.240 port 39770 [preauth]
Oct 15 09:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4751]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: Failed password for invalid user ftp_user from 107.150.110.167 port 15574 ssh2
Oct 15 09:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: Received disconnect from 107.150.110.167 port 15574:11: Bye Bye [preauth]
Oct 15 09:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5546]: Disconnected from 107.150.110.167 port 15574 [preauth]
Oct 15 09:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150  user=root
Oct 15 09:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: Failed password for root from 185.216.117.150 port 59242 ssh2
Oct 15 09:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: Received disconnect from 185.216.117.150 port 59242:11: Bye Bye [preauth]
Oct 15 09:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: Disconnected from 185.216.117.150 port 59242 [preauth]
Oct 15 09:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100  user=root
Oct 15 09:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3696]: pam_unix(cron:session): session closed for user root
Oct 15 09:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5630]: Failed password for root from 37.120.247.100 port 47026 ssh2
Oct 15 09:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5630]: Received disconnect from 37.120.247.100 port 47026:11: Bye Bye [preauth]
Oct 15 09:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5630]: Disconnected from 37.120.247.100 port 47026 [preauth]
Oct 15 09:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160  user=root
Oct 15 09:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5667]: Failed password for root from 95.111.254.160 port 34666 ssh2
Oct 15 09:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5667]: Received disconnect from 95.111.254.160 port 34666:11: Bye Bye [preauth]
Oct 15 09:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5667]: Disconnected from 95.111.254.160 port 34666 [preauth]
Oct 15 09:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5678]: Invalid user ubuntu from 111.68.98.152
Oct 15 09:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5678]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 09:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5678]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 09:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5678]: Failed password for invalid user ubuntu from 111.68.98.152 port 42578 ssh2
Oct 15 09:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5678]: Received disconnect from 111.68.98.152 port 42578:11: Bye Bye [preauth]
Oct 15 09:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5678]: Disconnected from 111.68.98.152 port 42578 [preauth]
Oct 15 09:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: User ftp from 196.251.84.181 not allowed because not listed in AllowUsers
Oct 15 09:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: input_userauth_request: invalid user ftp [preauth]
Oct 15 09:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181  user=ftp
Oct 15 09:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: Failed password for invalid user ftp from 196.251.84.181 port 51254 ssh2
Oct 15 09:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5699]: Connection closed by 196.251.84.181 port 51254 [preauth]
Oct 15 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5726]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5724]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5721]: pam_unix(cron:session): session closed for user p13x
Oct 15 09:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5815]: Successful su for rubyman by root
Oct 15 09:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5815]: + ??? root:rubyman
Oct 15 09:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 09:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417040 of user rubyman.
Oct 15 09:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5815]: pam_unix(su:session): session closed for user rubyman
Oct 15 09:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417040.
Oct 15 09:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: Invalid user monitor from 220.247.224.226
Oct 15 09:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: input_userauth_request: invalid user monitor [preauth]
Oct 15 09:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 09:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: Failed password for invalid user monitor from 220.247.224.226 port 52440 ssh2
Oct 15 09:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: Received disconnect from 220.247.224.226 port 52440:11: Bye Bye [preauth]
Oct 15 09:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5909]: Disconnected from 220.247.224.226 port 52440 [preauth]
Oct 15 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2244]: pam_unix(cron:session): session closed for user root
Oct 15 09:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: Invalid user wx from 46.25.236.192
Oct 15 09:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: input_userauth_request: invalid user wx [preauth]
Oct 15 09:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
Oct 15 09:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5722]: pam_unix(cron:session): session closed for user samftp
Oct 15 09:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: Failed password for invalid user wx from 46.25.236.192 port 55142 ssh2
Oct 15 09:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: Received disconnect from 46.25.236.192 port 55142:11: Bye Bye [preauth]
Oct 15 09:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6025]: Disconnected from 46.25.236.192 port 55142 [preauth]
Oct 15 09:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232  user=root
Oct 15 09:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6073]: Failed password for root from 160.174.129.232 port 38546 ssh2
Oct 15 09:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6073]: Received disconnect from 160.174.129.232 port 38546:11: Bye Bye [preauth]
Oct 15 09:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6073]: Disconnected from 160.174.129.232 port 38546 [preauth]
Oct 15 09:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: Invalid user apache from 196.251.84.181
Oct 15 09:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: input_userauth_request: invalid user apache [preauth]
Oct 15 09:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 09:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: Failed password for invalid user apache from 196.251.84.181 port 50004 ssh2
Oct 15 09:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: Connection closed by 196.251.84.181 port 50004 [preauth]
Oct 15 09:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: Invalid user gs from 107.150.110.167
Oct 15 09:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: input_userauth_request: invalid user gs [preauth]
Oct 15 09:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 09:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: Failed password for invalid user gs from 107.150.110.167 port 47832 ssh2
Oct 15 09:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: Received disconnect from 107.150.110.167 port 47832:11: Bye Bye [preauth]
Oct 15 09:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: Disconnected from 107.150.110.167 port 47832 [preauth]
Oct 15 09:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4218]: pam_unix(cron:session): session closed for user root
Oct 15 09:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.154.77.2  user=root
Oct 15 09:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6140]: Failed password for root from 103.154.77.2 port 40588 ssh2
Oct 15 09:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6140]: Received disconnect from 103.154.77.2 port 40588:11: Bye Bye [preauth]
Oct 15 09:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6140]: Disconnected from 103.154.77.2 port 40588 [preauth]
Oct 15 09:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: Invalid user bobi from 38.57.235.240
Oct 15 09:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: input_userauth_request: invalid user bobi [preauth]
Oct 15 09:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 09:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: Failed password for invalid user bobi from 38.57.235.240 port 45012 ssh2
Oct 15 09:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: Received disconnect from 38.57.235.240 port 45012:11: Bye Bye [preauth]
Oct 15 09:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: Disconnected from 38.57.235.240 port 45012 [preauth]
Oct 15 09:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169  user=root
Oct 15 09:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Invalid user sahil from 103.82.37.34
Oct 15 09:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: input_userauth_request: invalid user sahil [preauth]
Oct 15 09:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.82.37.34
Oct 15 09:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: Failed password for root from 69.166.235.169 port 52874 ssh2
Oct 15 09:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: Received disconnect from 69.166.235.169 port 52874:11: Bye Bye [preauth]
Oct 15 09:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: Disconnected from 69.166.235.169 port 52874 [preauth]
Oct 15 09:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 09:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: Invalid user jumpserver from 185.216.117.150
Oct 15 09:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: input_userauth_request: invalid user jumpserver [preauth]
Oct 15 09:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 09:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 09:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Failed password for invalid user sahil from 103.82.37.34 port 43310 ssh2
Oct 15 09:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Received disconnect from 103.82.37.34 port 43310:11: Bye Bye [preauth]
Oct 15 09:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Disconnected from 103.82.37.34 port 43310 [preauth]
Oct 15 09:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: Failed password for invalid user jumpserver from 185.216.117.150 port 58928 ssh2
Oct 15 09:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: Received disconnect from 185.216.117.150 port 58928:11: Bye Bye [preauth]
Oct 15 09:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6209]: Disconnected from 185.216.117.150 port 58928 [preauth]
Oct 15 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6228]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6226]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6223]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6225]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6227]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6228]: pam_unix(cron:session): session closed for user root
Oct 15 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6223]: pam_unix(cron:session): session closed for user root
Oct 15 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6221]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6340]: Successful su for rubyman by root
Oct 15 10:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6340]: + ??? root:rubyman
Oct 15 10:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417044 of user rubyman.
Oct 15 10:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6340]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417044.
Oct 15 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: Invalid user apache from 196.251.84.181
Oct 15 10:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: input_userauth_request: invalid user apache [preauth]
Oct 15 10:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 10:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: Failed password for invalid user apache from 196.251.84.181 port 48666 ssh2
Oct 15 10:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: Connection closed by 196.251.84.181 port 48666 [preauth]
Oct 15 10:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6225]: pam_unix(cron:session): session closed for user root
Oct 15 10:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2702]: pam_unix(cron:session): session closed for user root
Oct 15 10:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: Invalid user production from 95.111.254.160
Oct 15 10:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: input_userauth_request: invalid user production [preauth]
Oct 15 10:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 10:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6544]: Invalid user dimas from 37.120.247.100
Oct 15 10:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6544]: input_userauth_request: invalid user dimas [preauth]
Oct 15 10:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6544]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 10:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: Failed password for invalid user production from 95.111.254.160 port 35744 ssh2
Oct 15 10:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: Received disconnect from 95.111.254.160 port 35744:11: Bye Bye [preauth]
Oct 15 10:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6508]: Disconnected from 95.111.254.160 port 35744 [preauth]
Oct 15 10:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6544]: Failed password for invalid user dimas from 37.120.247.100 port 51930 ssh2
Oct 15 10:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6544]: Received disconnect from 37.120.247.100 port 51930:11: Bye Bye [preauth]
Oct 15 10:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6544]: Disconnected from 37.120.247.100 port 51930 [preauth]
Oct 15 10:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6222]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4753]: pam_unix(cron:session): session closed for user root
Oct 15 10:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Invalid user ftpuser from 220.247.224.226
Oct 15 10:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 10:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 10:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6812]: Invalid user user01 from 111.68.98.152
Oct 15 10:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6812]: input_userauth_request: invalid user user01 [preauth]
Oct 15 10:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6812]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Failed password for invalid user ftpuser from 220.247.224.226 port 17963 ssh2
Oct 15 10:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Received disconnect from 220.247.224.226 port 17963:11: Bye Bye [preauth]
Oct 15 10:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Disconnected from 220.247.224.226 port 17963 [preauth]
Oct 15 10:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Invalid user user from 160.174.129.232
Oct 15 10:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: input_userauth_request: invalid user user [preauth]
Oct 15 10:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 10:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6812]: Failed password for invalid user user01 from 111.68.98.152 port 44690 ssh2
Oct 15 10:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6812]: Received disconnect from 111.68.98.152 port 44690:11: Bye Bye [preauth]
Oct 15 10:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6812]: Disconnected from 111.68.98.152 port 44690 [preauth]
Oct 15 10:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Failed password for invalid user user from 160.174.129.232 port 54753 ssh2
Oct 15 10:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Received disconnect from 160.174.129.232 port 54753:11: Bye Bye [preauth]
Oct 15 10:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Disconnected from 160.174.129.232 port 54753 [preauth]
Oct 15 10:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: Invalid user apache from 196.251.84.181
Oct 15 10:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: input_userauth_request: invalid user apache [preauth]
Oct 15 10:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 10:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: Failed password for invalid user apache from 196.251.84.181 port 47562 ssh2
Oct 15 10:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: Connection closed by 196.251.84.181 port 47562 [preauth]
Oct 15 10:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Invalid user lana from 107.150.110.167
Oct 15 10:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: input_userauth_request: invalid user lana [preauth]
Oct 15 10:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 10:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Failed password for invalid user lana from 107.150.110.167 port 25086 ssh2
Oct 15 10:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Received disconnect from 107.150.110.167 port 25086:11: Bye Bye [preauth]
Oct 15 10:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Disconnected from 107.150.110.167 port 25086 [preauth]
Oct 15 10:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Invalid user ankur from 101.36.231.233
Oct 15 10:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: input_userauth_request: invalid user ankur [preauth]
Oct 15 10:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.231.233
Oct 15 10:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Failed password for invalid user ankur from 101.36.231.233 port 51214 ssh2
Oct 15 10:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Received disconnect from 101.36.231.233 port 51214:11: Bye Bye [preauth]
Oct 15 10:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Disconnected from 101.36.231.233 port 51214 [preauth]
Oct 15 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6909]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6908]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6906]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6986]: Successful su for rubyman by root
Oct 15 10:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6986]: + ??? root:rubyman
Oct 15 10:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417052 of user rubyman.
Oct 15 10:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6986]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417052.
Oct 15 10:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3179]: pam_unix(cron:session): session closed for user root
Oct 15 10:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6907]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: Invalid user susi from 185.216.117.150
Oct 15 10:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: input_userauth_request: invalid user susi [preauth]
Oct 15 10:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 10:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: Failed password for invalid user susi from 185.216.117.150 port 45986 ssh2
Oct 15 10:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: Received disconnect from 185.216.117.150 port 45986:11: Bye Bye [preauth]
Oct 15 10:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: Disconnected from 185.216.117.150 port 45986 [preauth]
Oct 15 10:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7334]: Invalid user joseph from 69.166.235.169
Oct 15 10:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7334]: input_userauth_request: invalid user joseph [preauth]
Oct 15 10:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7334]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 10:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Invalid user apache from 196.251.84.181
Oct 15 10:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: input_userauth_request: invalid user apache [preauth]
Oct 15 10:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 10:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7334]: Failed password for invalid user joseph from 69.166.235.169 port 53050 ssh2
Oct 15 10:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7334]: Received disconnect from 69.166.235.169 port 53050:11: Bye Bye [preauth]
Oct 15 10:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7334]: Disconnected from 69.166.235.169 port 53050 [preauth]
Oct 15 10:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: Invalid user user from 46.25.236.192
Oct 15 10:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: input_userauth_request: invalid user user [preauth]
Oct 15 10:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
Oct 15 10:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Failed password for invalid user apache from 196.251.84.181 port 46912 ssh2
Oct 15 10:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Connection closed by 196.251.84.181 port 46912 [preauth]
Oct 15 10:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: Failed password for invalid user user from 46.25.236.192 port 52888 ssh2
Oct 15 10:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: Received disconnect from 46.25.236.192 port 52888:11: Bye Bye [preauth]
Oct 15 10:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: Disconnected from 46.25.236.192 port 52888 [preauth]
Oct 15 10:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: Invalid user redis from 38.57.235.240
Oct 15 10:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: input_userauth_request: invalid user redis [preauth]
Oct 15 10:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 10:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: Failed password for invalid user redis from 38.57.235.240 port 50260 ssh2
Oct 15 10:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: Received disconnect from 38.57.235.240 port 50260:11: Bye Bye [preauth]
Oct 15 10:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: Disconnected from 38.57.235.240 port 50260 [preauth]
Oct 15 10:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5726]: pam_unix(cron:session): session closed for user root
Oct 15 10:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Invalid user kelvin from 95.111.254.160
Oct 15 10:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: input_userauth_request: invalid user kelvin [preauth]
Oct 15 10:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 10:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7428]: Invalid user adc from 37.120.247.100
Oct 15 10:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7428]: input_userauth_request: invalid user adc [preauth]
Oct 15 10:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7428]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 10:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Failed password for invalid user kelvin from 95.111.254.160 port 33850 ssh2
Oct 15 10:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Received disconnect from 95.111.254.160 port 33850:11: Bye Bye [preauth]
Oct 15 10:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Disconnected from 95.111.254.160 port 33850 [preauth]
Oct 15 10:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7428]: Failed password for invalid user adc from 37.120.247.100 port 53100 ssh2
Oct 15 10:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7428]: Received disconnect from 37.120.247.100 port 53100:11: Bye Bye [preauth]
Oct 15 10:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7428]: Disconnected from 37.120.247.100 port 53100 [preauth]
Oct 15 10:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7481]: Invalid user dimas from 160.174.129.232
Oct 15 10:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7481]: input_userauth_request: invalid user dimas [preauth]
Oct 15 10:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7481]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7481]: Failed password for invalid user dimas from 160.174.129.232 port 42686 ssh2
Oct 15 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7481]: Received disconnect from 160.174.129.232 port 42686:11: Bye Bye [preauth]
Oct 15 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7481]: Disconnected from 160.174.129.232 port 42686 [preauth]
Oct 15 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7496]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7497]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7494]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7566]: Successful su for rubyman by root
Oct 15 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7566]: + ??? root:rubyman
Oct 15 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417056 of user rubyman.
Oct 15 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7566]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417056.
Oct 15 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: Invalid user apache from 196.251.84.181
Oct 15 10:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: input_userauth_request: invalid user apache [preauth]
Oct 15 10:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 10:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: Failed password for invalid user apache from 196.251.84.181 port 45374 ssh2
Oct 15 10:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7603]: Connection closed by 196.251.84.181 port 45374 [preauth]
Oct 15 10:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3695]: pam_unix(cron:session): session closed for user root
Oct 15 10:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Invalid user ftpuser from 107.150.110.167
Oct 15 10:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 10:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 10:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7761]: Invalid user kamera from 220.247.224.226
Oct 15 10:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7761]: input_userauth_request: invalid user kamera [preauth]
Oct 15 10:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7761]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 10:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Failed password for invalid user ftpuser from 107.150.110.167 port 57348 ssh2
Oct 15 10:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Received disconnect from 107.150.110.167 port 57348:11: Bye Bye [preauth]
Oct 15 10:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Disconnected from 107.150.110.167 port 57348 [preauth]
Oct 15 10:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7761]: Failed password for invalid user kamera from 220.247.224.226 port 22829 ssh2
Oct 15 10:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7761]: Received disconnect from 220.247.224.226 port 22829:11: Bye Bye [preauth]
Oct 15 10:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7761]: Disconnected from 220.247.224.226 port 22829 [preauth]
Oct 15 10:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7495]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152  user=root
Oct 15 10:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Failed password for root from 111.68.98.152 port 59672 ssh2
Oct 15 10:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Received disconnect from 111.68.98.152 port 59672:11: Bye Bye [preauth]
Oct 15 10:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Disconnected from 111.68.98.152 port 59672 [preauth]
Oct 15 10:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6227]: pam_unix(cron:session): session closed for user root
Oct 15 10:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Invalid user apache from 196.251.84.181
Oct 15 10:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: input_userauth_request: invalid user apache [preauth]
Oct 15 10:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 10:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Failed password for invalid user apache from 196.251.84.181 port 44660 ssh2
Oct 15 10:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8334]: Connection closed by 196.251.84.181 port 44660 [preauth]
Oct 15 10:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150  user=root
Oct 15 10:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: Failed password for root from 185.216.117.150 port 41088 ssh2
Oct 15 10:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: Received disconnect from 185.216.117.150 port 41088:11: Bye Bye [preauth]
Oct 15 10:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8397]: Disconnected from 185.216.117.150 port 41088 [preauth]
Oct 15 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8408]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8409]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8405]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8466]: Invalid user tfj from 69.166.235.169
Oct 15 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8466]: input_userauth_request: invalid user tfj [preauth]
Oct 15 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8466]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8486]: Successful su for rubyman by root
Oct 15 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8486]: + ??? root:rubyman
Oct 15 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417059 of user rubyman.
Oct 15 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8486]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417059.
Oct 15 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8466]: Failed password for invalid user tfj from 69.166.235.169 port 53224 ssh2
Oct 15 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8466]: Received disconnect from 69.166.235.169 port 53224:11: Bye Bye [preauth]
Oct 15 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8466]: Disconnected from 69.166.235.169 port 53224 [preauth]
Oct 15 10:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: Invalid user wx from 38.57.235.240
Oct 15 10:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: input_userauth_request: invalid user wx [preauth]
Oct 15 10:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 10:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4211]: pam_unix(cron:session): session closed for user root
Oct 15 10:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: Failed password for invalid user wx from 38.57.235.240 port 55510 ssh2
Oct 15 10:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: Received disconnect from 38.57.235.240 port 55510:11: Bye Bye [preauth]
Oct 15 10:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8601]: Disconnected from 38.57.235.240 port 55510 [preauth]
Oct 15 10:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: User lp from 95.111.254.160 not allowed because not listed in AllowUsers
Oct 15 10:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: input_userauth_request: invalid user lp [preauth]
Oct 15 10:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160  user=lp
Oct 15 10:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: Invalid user ubuntu from 37.120.247.100
Oct 15 10:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 10:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 10:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: Failed password for invalid user lp from 95.111.254.160 port 50728 ssh2
Oct 15 10:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: Received disconnect from 95.111.254.160 port 50728:11: Bye Bye [preauth]
Oct 15 10:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: Disconnected from 95.111.254.160 port 50728 [preauth]
Oct 15 10:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: Failed password for invalid user ubuntu from 37.120.247.100 port 56254 ssh2
Oct 15 10:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: Received disconnect from 37.120.247.100 port 56254:11: Bye Bye [preauth]
Oct 15 10:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8700]: Disconnected from 37.120.247.100 port 56254 [preauth]
Oct 15 10:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8407]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8747]: Invalid user min from 160.174.129.232
Oct 15 10:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8747]: input_userauth_request: invalid user min [preauth]
Oct 15 10:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8747]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 10:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8749]: Invalid user apache from 196.251.84.181
Oct 15 10:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8749]: input_userauth_request: invalid user apache [preauth]
Oct 15 10:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8749]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 10:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8747]: Failed password for invalid user min from 160.174.129.232 port 51369 ssh2
Oct 15 10:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8747]: Received disconnect from 160.174.129.232 port 51369:11: Bye Bye [preauth]
Oct 15 10:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8747]: Disconnected from 160.174.129.232 port 51369 [preauth]
Oct 15 10:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8749]: Failed password for invalid user apache from 196.251.84.181 port 43846 ssh2
Oct 15 10:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8749]: Connection closed by 196.251.84.181 port 43846 [preauth]
Oct 15 10:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167  user=root
Oct 15 10:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: Failed password for root from 107.150.110.167 port 34616 ssh2
Oct 15 10:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: Received disconnect from 107.150.110.167 port 34616:11: Bye Bye [preauth]
Oct 15 10:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: Disconnected from 107.150.110.167 port 34616 [preauth]
Oct 15 10:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6909]: pam_unix(cron:session): session closed for user root
Oct 15 10:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: Invalid user temp from 220.247.224.226
Oct 15 10:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: input_userauth_request: invalid user temp [preauth]
Oct 15 10:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 10:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: Failed password for invalid user temp from 220.247.224.226 port 64430 ssh2
Oct 15 10:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: Received disconnect from 220.247.224.226 port 64430:11: Bye Bye [preauth]
Oct 15 10:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8984]: Disconnected from 220.247.224.226 port 64430 [preauth]
Oct 15 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9015]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9012]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9009]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9083]: Successful su for rubyman by root
Oct 15 10:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9083]: + ??? root:rubyman
Oct 15 10:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417063 of user rubyman.
Oct 15 10:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9083]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417063.
Oct 15 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9123]: Invalid user apache from 196.251.84.181
Oct 15 10:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9123]: input_userauth_request: invalid user apache [preauth]
Oct 15 10:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9123]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 10:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9123]: Failed password for invalid user apache from 196.251.84.181 port 42698 ssh2
Oct 15 10:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9123]: Connection closed by 196.251.84.181 port 42698 [preauth]
Oct 15 10:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4752]: pam_unix(cron:session): session closed for user root
Oct 15 10:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9010]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: Invalid user server from 185.216.117.150
Oct 15 10:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: input_userauth_request: invalid user server [preauth]
Oct 15 10:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 10:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: Failed password for invalid user server from 185.216.117.150 port 42892 ssh2
Oct 15 10:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: Received disconnect from 185.216.117.150 port 42892:11: Bye Bye [preauth]
Oct 15 10:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9505]: Disconnected from 185.216.117.150 port 42892 [preauth]
Oct 15 10:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7497]: pam_unix(cron:session): session closed for user root
Oct 15 10:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169  user=root
Oct 15 10:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9554]: Failed password for root from 69.166.235.169 port 53398 ssh2
Oct 15 10:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9554]: Received disconnect from 69.166.235.169 port 53398:11: Bye Bye [preauth]
Oct 15 10:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9554]: Disconnected from 69.166.235.169 port 53398 [preauth]
Oct 15 10:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: Invalid user adminuser from 111.68.98.152
Oct 15 10:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: input_userauth_request: invalid user adminuser [preauth]
Oct 15 10:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: Failed password for invalid user adminuser from 111.68.98.152 port 44488 ssh2
Oct 15 10:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9560]: Invalid user apache from 196.251.84.181
Oct 15 10:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9560]: input_userauth_request: invalid user apache [preauth]
Oct 15 10:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: Received disconnect from 111.68.98.152 port 44488:11: Bye Bye [preauth]
Oct 15 10:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: Disconnected from 111.68.98.152 port 44488 [preauth]
Oct 15 10:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9560]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 10:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: Invalid user ftp2 from 95.111.254.160
Oct 15 10:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: input_userauth_request: invalid user ftp2 [preauth]
Oct 15 10:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 10:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9560]: Failed password for invalid user apache from 196.251.84.181 port 41480 ssh2
Oct 15 10:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9560]: Connection closed by 196.251.84.181 port 41480 [preauth]
Oct 15 10:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240  user=root
Oct 15 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: Invalid user integration from 160.174.129.232
Oct 15 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: input_userauth_request: invalid user integration [preauth]
Oct 15 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: Failed password for invalid user ftp2 from 95.111.254.160 port 41412 ssh2
Oct 15 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Invalid user cc from 37.120.247.100
Oct 15 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: input_userauth_request: invalid user cc [preauth]
Oct 15 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: Received disconnect from 95.111.254.160 port 41412:11: Bye Bye [preauth]
Oct 15 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9580]: Disconnected from 95.111.254.160 port 41412 [preauth]
Oct 15 10:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: Failed password for root from 38.57.235.240 port 60760 ssh2
Oct 15 10:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: Received disconnect from 38.57.235.240 port 60760:11: Bye Bye [preauth]
Oct 15 10:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: Disconnected from 38.57.235.240 port 60760 [preauth]
Oct 15 10:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: Failed password for invalid user integration from 160.174.129.232 port 46798 ssh2
Oct 15 10:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: Received disconnect from 160.174.129.232 port 46798:11: Bye Bye [preauth]
Oct 15 10:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9586]: Disconnected from 160.174.129.232 port 46798 [preauth]
Oct 15 10:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Failed password for invalid user cc from 37.120.247.100 port 51800 ssh2
Oct 15 10:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Received disconnect from 37.120.247.100 port 51800:11: Bye Bye [preauth]
Oct 15 10:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9599]: Disconnected from 37.120.247.100 port 51800 [preauth]
Oct 15 10:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: Invalid user test3 from 107.150.110.167
Oct 15 10:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: input_userauth_request: invalid user test3 [preauth]
Oct 15 10:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 10:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: Failed password for invalid user test3 from 107.150.110.167 port 11888 ssh2
Oct 15 10:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: Received disconnect from 107.150.110.167 port 11888:11: Bye Bye [preauth]
Oct 15 10:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9636]: Disconnected from 107.150.110.167 port 11888 [preauth]
Oct 15 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9647]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9642]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9644]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9643]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9647]: pam_unix(cron:session): session closed for user root
Oct 15 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9640]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9850]: Successful su for rubyman by root
Oct 15 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9850]: + ??? root:rubyman
Oct 15 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417072 of user rubyman.
Oct 15 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9850]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417072.
Oct 15 10:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9642]: pam_unix(cron:session): session closed for user root
Oct 15 10:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5724]: pam_unix(cron:session): session closed for user root
Oct 15 10:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9641]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: Invalid user nginx from 196.251.84.181
Oct 15 10:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: input_userauth_request: invalid user nginx [preauth]
Oct 15 10:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 10:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: Failed password for invalid user nginx from 196.251.84.181 port 39868 ssh2
Oct 15 10:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: Connection closed by 196.251.84.181 port 39868 [preauth]
Oct 15 10:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
Oct 15 10:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: Failed password for root from 220.247.224.226 port 55380 ssh2
Oct 15 10:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: Received disconnect from 220.247.224.226 port 55380:11: Bye Bye [preauth]
Oct 15 10:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: Disconnected from 220.247.224.226 port 55380 [preauth]
Oct 15 10:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8409]: pam_unix(cron:session): session closed for user root
Oct 15 10:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: User uucp from 80.94.95.115 not allowed because not listed in AllowUsers
Oct 15 10:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: input_userauth_request: invalid user uucp [preauth]
Oct 15 10:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=uucp
Oct 15 10:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: Failed password for invalid user uucp from 80.94.95.115 port 15954 ssh2
Oct 15 10:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10229]: Connection closed by 80.94.95.115 port 15954 [preauth]
Oct 15 10:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10240]: Invalid user user from 46.25.236.192
Oct 15 10:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10240]: input_userauth_request: invalid user user [preauth]
Oct 15 10:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10240]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
Oct 15 10:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10240]: Failed password for invalid user user from 46.25.236.192 port 48448 ssh2
Oct 15 10:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10240]: Received disconnect from 46.25.236.192 port 48448:11: Bye Bye [preauth]
Oct 15 10:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10240]: Disconnected from 46.25.236.192 port 48448 [preauth]
Oct 15 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10294]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10295]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10292]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10386]: Successful su for rubyman by root
Oct 15 10:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10386]: + ??? root:rubyman
Oct 15 10:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417074 of user rubyman.
Oct 15 10:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10386]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417074.
Oct 15 10:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10413]: Invalid user woojeong from 185.216.117.150
Oct 15 10:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10413]: input_userauth_request: invalid user woojeong [preauth]
Oct 15 10:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10413]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: Invalid user nginx from 196.251.84.181
Oct 15 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: input_userauth_request: invalid user nginx [preauth]
Oct 15 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 10:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10413]: Failed password for invalid user woojeong from 185.216.117.150 port 57124 ssh2
Oct 15 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10413]: Received disconnect from 185.216.117.150 port 57124:11: Bye Bye [preauth]
Oct 15 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10413]: Disconnected from 185.216.117.150 port 57124 [preauth]
Oct 15 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: Failed password for invalid user nginx from 196.251.84.181 port 38578 ssh2
Oct 15 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10416]: Connection closed by 196.251.84.181 port 38578 [preauth]
Oct 15 10:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232  user=root
Oct 15 10:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6226]: pam_unix(cron:session): session closed for user root
Oct 15 10:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: Failed password for root from 160.174.129.232 port 2548 ssh2
Oct 15 10:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: Received disconnect from 160.174.129.232 port 2548:11: Bye Bye [preauth]
Oct 15 10:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: Disconnected from 160.174.129.232 port 2548 [preauth]
Oct 15 10:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167  user=root
Oct 15 10:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Invalid user test from 69.166.235.169
Oct 15 10:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: input_userauth_request: invalid user test [preauth]
Oct 15 10:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 10:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10602]: Failed password for root from 107.150.110.167 port 44148 ssh2
Oct 15 10:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10602]: Received disconnect from 107.150.110.167 port 44148:11: Bye Bye [preauth]
Oct 15 10:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10602]: Disconnected from 107.150.110.167 port 44148 [preauth]
Oct 15 10:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10293]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Failed password for invalid user test from 69.166.235.169 port 53564 ssh2
Oct 15 10:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Received disconnect from 69.166.235.169 port 53564:11: Bye Bye [preauth]
Oct 15 10:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10617]: Disconnected from 69.166.235.169 port 53564 [preauth]
Oct 15 10:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: fatal: monitor_read: unpermitted request 6
Oct 15 10:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10660]: Invalid user hu from 95.111.254.160
Oct 15 10:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10660]: input_userauth_request: invalid user hu [preauth]
Oct 15 10:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10660]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 10:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10660]: Failed password for invalid user hu from 95.111.254.160 port 60644 ssh2
Oct 15 10:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10660]: Received disconnect from 95.111.254.160 port 60644:11: Bye Bye [preauth]
Oct 15 10:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10660]: Disconnected from 95.111.254.160 port 60644 [preauth]
Oct 15 10:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10667]: Invalid user pp from 37.120.247.100
Oct 15 10:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10667]: input_userauth_request: invalid user pp [preauth]
Oct 15 10:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10667]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 10:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10667]: Failed password for invalid user pp from 37.120.247.100 port 36410 ssh2
Oct 15 10:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10667]: Received disconnect from 37.120.247.100 port 36410:11: Bye Bye [preauth]
Oct 15 10:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10667]: Disconnected from 37.120.247.100 port 36410 [preauth]
Oct 15 10:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10716]: Invalid user ftpuser from 38.57.235.240
Oct 15 10:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10716]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 10:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10716]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 10:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10716]: Failed password for invalid user ftpuser from 38.57.235.240 port 37784 ssh2
Oct 15 10:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10716]: Received disconnect from 38.57.235.240 port 37784:11: Bye Bye [preauth]
Oct 15 10:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10716]: Disconnected from 38.57.235.240 port 37784 [preauth]
Oct 15 10:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9015]: pam_unix(cron:session): session closed for user root
Oct 15 10:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: Invalid user nginx from 196.251.84.181
Oct 15 10:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: input_userauth_request: invalid user nginx [preauth]
Oct 15 10:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 10:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: Failed password for invalid user nginx from 196.251.84.181 port 37502 ssh2
Oct 15 10:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10756]: Connection closed by 196.251.84.181 port 37502 [preauth]
Oct 15 10:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10699]: Connection closed by 216.180.246.151 port 54224 [preauth]
Oct 15 10:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: Invalid user a from 111.68.98.152
Oct 15 10:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: input_userauth_request: invalid user a [preauth]
Oct 15 10:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: Failed password for invalid user a from 111.68.98.152 port 40452 ssh2
Oct 15 10:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: Received disconnect from 111.68.98.152 port 40452:11: Bye Bye [preauth]
Oct 15 10:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: Disconnected from 111.68.98.152 port 40452 [preauth]
Oct 15 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10807]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10808]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10805]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10881]: Successful su for rubyman by root
Oct 15 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10881]: + ??? root:rubyman
Oct 15 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417078 of user rubyman.
Oct 15 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10881]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417078.
Oct 15 10:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
Oct 15 10:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: Failed password for root from 220.247.224.226 port 27509 ssh2
Oct 15 10:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: Received disconnect from 220.247.224.226 port 27509:11: Bye Bye [preauth]
Oct 15 10:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: Disconnected from 220.247.224.226 port 27509 [preauth]
Oct 15 10:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6908]: pam_unix(cron:session): session closed for user root
Oct 15 10:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10806]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: Invalid user nginx from 196.251.84.181
Oct 15 10:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: input_userauth_request: invalid user nginx [preauth]
Oct 15 10:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 10:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: Failed password for invalid user nginx from 196.251.84.181 port 37306 ssh2
Oct 15 10:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: Connection closed by 196.251.84.181 port 37306 [preauth]
Oct 15 10:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11149]: fatal: Unable to negotiate with 159.65.220.35 port 47484: no matching host key type found. Their offer: ssh-dss [preauth]
Oct 15 10:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11150]: fatal: Unable to negotiate with 159.65.220.35 port 47520: no matching host key type found. Their offer: sk-ecdsa-sha2-nistp256@openssh.com [preauth]
Oct 15 10:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232  user=root
Oct 15 10:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11153]: Connection closed by 159.65.220.35 port 47494 [preauth]
Oct 15 10:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11151]: Connection closed by 159.65.220.35 port 47504 [preauth]
Oct 15 10:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11157]: fatal: Unable to negotiate with 159.65.220.35 port 47512: no matching host key type found. Their offer: ssh-ed25519 [preauth]
Oct 15 10:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: fatal: Unable to negotiate with 159.65.220.35 port 47536: no matching host key type found. Their offer: sk-ssh-ed25519@openssh.com [preauth]
Oct 15 10:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11143]: Failed password for root from 160.174.129.232 port 50929 ssh2
Oct 15 10:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11143]: Received disconnect from 160.174.129.232 port 50929:11: Bye Bye [preauth]
Oct 15 10:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11143]: Disconnected from 160.174.129.232 port 50929 [preauth]
Oct 15 10:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: Invalid user ankur from 185.216.117.150
Oct 15 10:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: input_userauth_request: invalid user ankur [preauth]
Oct 15 10:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150
Oct 15 10:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: Failed password for invalid user ankur from 185.216.117.150 port 43780 ssh2
Oct 15 10:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: Received disconnect from 185.216.117.150 port 43780:11: Bye Bye [preauth]
Oct 15 10:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11185]: Disconnected from 185.216.117.150 port 43780 [preauth]
Oct 15 10:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9644]: pam_unix(cron:session): session closed for user root
Oct 15 10:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Invalid user rahul from 95.111.254.160
Oct 15 10:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: input_userauth_request: invalid user rahul [preauth]
Oct 15 10:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 10:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: Invalid user cy from 69.166.235.169
Oct 15 10:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: input_userauth_request: invalid user cy [preauth]
Oct 15 10:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 10:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Invalid user deb from 37.120.247.100
Oct 15 10:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: input_userauth_request: invalid user deb [preauth]
Oct 15 10:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 10:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Failed password for invalid user rahul from 95.111.254.160 port 45354 ssh2
Oct 15 10:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Received disconnect from 95.111.254.160 port 45354:11: Bye Bye [preauth]
Oct 15 10:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Disconnected from 95.111.254.160 port 45354 [preauth]
Oct 15 10:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: Failed password for invalid user cy from 69.166.235.169 port 53728 ssh2
Oct 15 10:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: Received disconnect from 69.166.235.169 port 53728:11: Bye Bye [preauth]
Oct 15 10:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11270]: Disconnected from 69.166.235.169 port 53728 [preauth]
Oct 15 10:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: Invalid user integration from 46.25.236.192
Oct 15 10:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: input_userauth_request: invalid user integration [preauth]
Oct 15 10:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
Oct 15 10:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Failed password for invalid user deb from 37.120.247.100 port 58058 ssh2
Oct 15 10:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Received disconnect from 37.120.247.100 port 58058:11: Bye Bye [preauth]
Oct 15 10:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Disconnected from 37.120.247.100 port 58058 [preauth]
Oct 15 10:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: Failed password for invalid user integration from 46.25.236.192 port 46242 ssh2
Oct 15 10:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: Received disconnect from 46.25.236.192 port 46242:11: Bye Bye [preauth]
Oct 15 10:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: Disconnected from 46.25.236.192 port 46242 [preauth]
Oct 15 10:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11305]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11306]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11302]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: Invalid user nginx from 196.251.84.181
Oct 15 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: input_userauth_request: invalid user nginx [preauth]
Oct 15 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 10:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11375]: Successful su for rubyman by root
Oct 15 10:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11375]: + ??? root:rubyman
Oct 15 10:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417081 of user rubyman.
Oct 15 10:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11375]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417081.
Oct 15 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: Failed password for invalid user nginx from 196.251.84.181 port 36598 ssh2
Oct 15 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11293]: Connection closed by 196.251.84.181 port 36598 [preauth]
Oct 15 10:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7496]: pam_unix(cron:session): session closed for user root
Oct 15 10:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11583]: Invalid user user from 38.57.235.240
Oct 15 10:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11583]: input_userauth_request: invalid user user [preauth]
Oct 15 10:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11583]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 10:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11583]: Failed password for invalid user user from 38.57.235.240 port 43030 ssh2
Oct 15 10:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11583]: Received disconnect from 38.57.235.240 port 43030:11: Bye Bye [preauth]
Oct 15 10:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11583]: Disconnected from 38.57.235.240 port 43030 [preauth]
Oct 15 10:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11304]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Invalid user jony from 164.68.105.9
Oct 15 10:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: input_userauth_request: invalid user jony [preauth]
Oct 15 10:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 10:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Failed password for invalid user jony from 164.68.105.9 port 53968 ssh2
Oct 15 10:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Connection closed by 164.68.105.9 port 53968 [preauth]
Oct 15 10:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: Invalid user ajay from 218.78.60.105
Oct 15 10:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: input_userauth_request: invalid user ajay [preauth]
Oct 15 10:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.78.60.105
Oct 15 10:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: Failed password for invalid user ajay from 218.78.60.105 port 39234 ssh2
Oct 15 10:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: Received disconnect from 218.78.60.105 port 39234:11: Bye Bye [preauth]
Oct 15 10:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11763]: Disconnected from 218.78.60.105 port 39234 [preauth]
Oct 15 10:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10295]: pam_unix(cron:session): session closed for user root
Oct 15 10:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11798]: Invalid user nginx from 196.251.84.181
Oct 15 10:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11798]: input_userauth_request: invalid user nginx [preauth]
Oct 15 10:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11798]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 10:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
Oct 15 10:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11798]: Failed password for invalid user nginx from 196.251.84.181 port 35540 ssh2
Oct 15 10:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11798]: Connection closed by 196.251.84.181 port 35540 [preauth]
Oct 15 10:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11822]: Failed password for root from 220.247.224.226 port 49588 ssh2
Oct 15 10:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11822]: Received disconnect from 220.247.224.226 port 49588:11: Bye Bye [preauth]
Oct 15 10:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11822]: Disconnected from 220.247.224.226 port 49588 [preauth]
Oct 15 10:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11854]: Invalid user test from 160.174.129.232
Oct 15 10:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11854]: input_userauth_request: invalid user test [preauth]
Oct 15 10:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11854]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 10:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11854]: Failed password for invalid user test from 160.174.129.232 port 38868 ssh2
Oct 15 10:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11854]: Received disconnect from 160.174.129.232 port 38868:11: Bye Bye [preauth]
Oct 15 10:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11854]: Disconnected from 160.174.129.232 port 38868 [preauth]
Oct 15 10:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11869]: Invalid user user1 from 111.68.98.152
Oct 15 10:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11869]: input_userauth_request: invalid user user1 [preauth]
Oct 15 10:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11869]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11869]: Failed password for invalid user user1 from 111.68.98.152 port 54486 ssh2
Oct 15 10:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11869]: Received disconnect from 111.68.98.152 port 54486:11: Bye Bye [preauth]
Oct 15 10:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11869]: Disconnected from 111.68.98.152 port 54486 [preauth]
Oct 15 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11885]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11887]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11881]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11883]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150  user=root
Oct 15 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12059]: Successful su for rubyman by root
Oct 15 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12059]: + ??? root:rubyman
Oct 15 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417088 of user rubyman.
Oct 15 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12059]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417088.
Oct 15 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11881]: pam_unix(cron:session): session closed for user root
Oct 15 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: Failed password for root from 185.216.117.150 port 44712 ssh2
Oct 15 10:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: Received disconnect from 185.216.117.150 port 44712:11: Bye Bye [preauth]
Oct 15 10:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: Disconnected from 185.216.117.150 port 44712 [preauth]
Oct 15 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: Invalid user temp from 107.150.110.167
Oct 15 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: input_userauth_request: invalid user temp [preauth]
Oct 15 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 10:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: Failed password for invalid user temp from 107.150.110.167 port 21488 ssh2
Oct 15 10:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: Received disconnect from 107.150.110.167 port 21488:11: Bye Bye [preauth]
Oct 15 10:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: Disconnected from 107.150.110.167 port 21488 [preauth]
Oct 15 10:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8408]: pam_unix(cron:session): session closed for user root
Oct 15 10:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11884]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: Invalid user nginx from 196.251.84.181
Oct 15 10:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: input_userauth_request: invalid user nginx [preauth]
Oct 15 10:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 10:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: Failed password for invalid user nginx from 196.251.84.181 port 35140 ssh2
Oct 15 10:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: Connection closed by 196.251.84.181 port 35140 [preauth]
Oct 15 10:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: Invalid user git from 95.111.254.160
Oct 15 10:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: input_userauth_request: invalid user git [preauth]
Oct 15 10:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.111.254.160
Oct 15 10:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: Failed password for invalid user git from 95.111.254.160 port 38080 ssh2
Oct 15 10:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: Received disconnect from 95.111.254.160 port 38080:11: Bye Bye [preauth]
Oct 15 10:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: Disconnected from 95.111.254.160 port 38080 [preauth]
Oct 15 10:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: Invalid user administrator from 37.120.247.100
Oct 15 10:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: input_userauth_request: invalid user administrator [preauth]
Oct 15 10:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 10:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: Failed password for invalid user administrator from 37.120.247.100 port 59426 ssh2
Oct 15 10:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: Received disconnect from 37.120.247.100 port 59426:11: Bye Bye [preauth]
Oct 15 10:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: Disconnected from 37.120.247.100 port 59426 [preauth]
Oct 15 10:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169  user=root
Oct 15 10:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12386]: Failed password for root from 69.166.235.169 port 53894 ssh2
Oct 15 10:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12386]: Received disconnect from 69.166.235.169 port 53894:11: Bye Bye [preauth]
Oct 15 10:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12386]: Disconnected from 69.166.235.169 port 53894 [preauth]
Oct 15 10:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10808]: pam_unix(cron:session): session closed for user root
Oct 15 10:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240  user=root
Oct 15 10:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: Failed password for root from 38.57.235.240 port 48274 ssh2
Oct 15 10:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: Received disconnect from 38.57.235.240 port 48274:11: Bye Bye [preauth]
Oct 15 10:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: Disconnected from 38.57.235.240 port 48274 [preauth]
Oct 15 10:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: Invalid user nginx from 196.251.84.181
Oct 15 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: input_userauth_request: invalid user nginx [preauth]
Oct 15 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12500]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12498]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12496]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12499]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12500]: pam_unix(cron:session): session closed for user root
Oct 15 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12493]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: Failed password for invalid user nginx from 196.251.84.181 port 34106 ssh2
Oct 15 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12479]: Connection closed by 196.251.84.181 port 34106 [preauth]
Oct 15 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12578]: Successful su for rubyman by root
Oct 15 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12578]: + ??? root:rubyman
Oct 15 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417091 of user rubyman.
Oct 15 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12578]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417091.
Oct 15 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12496]: pam_unix(cron:session): session closed for user root
Oct 15 10:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9012]: pam_unix(cron:session): session closed for user root
Oct 15 10:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12824]: Invalid user adc from 160.174.129.232
Oct 15 10:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12824]: input_userauth_request: invalid user adc [preauth]
Oct 15 10:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12824]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 10:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12824]: Failed password for invalid user adc from 160.174.129.232 port 55074 ssh2
Oct 15 10:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12824]: Received disconnect from 160.174.129.232 port 55074:11: Bye Bye [preauth]
Oct 15 10:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12824]: Disconnected from 160.174.129.232 port 55074 [preauth]
Oct 15 10:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12494]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: Invalid user redmine from 220.247.224.226
Oct 15 10:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: input_userauth_request: invalid user redmine [preauth]
Oct 15 10:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 10:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: Failed password for invalid user redmine from 220.247.224.226 port 42536 ssh2
Oct 15 10:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: Received disconnect from 220.247.224.226 port 42536:11: Bye Bye [preauth]
Oct 15 10:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12866]: Disconnected from 220.247.224.226 port 42536 [preauth]
Oct 15 10:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Invalid user couchdb from 107.150.110.167
Oct 15 10:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: input_userauth_request: invalid user couchdb [preauth]
Oct 15 10:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 10:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.78.60.105  user=root
Oct 15 10:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Failed password for invalid user couchdb from 107.150.110.167 port 53746 ssh2
Oct 15 10:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Received disconnect from 107.150.110.167 port 53746:11: Bye Bye [preauth]
Oct 15 10:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Disconnected from 107.150.110.167 port 53746 [preauth]
Oct 15 10:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12902]: Failed password for root from 218.78.60.105 port 60234 ssh2
Oct 15 10:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12902]: Received disconnect from 218.78.60.105 port 60234:11: Bye Bye [preauth]
Oct 15 10:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12902]: Disconnected from 218.78.60.105 port 60234 [preauth]
Oct 15 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.216.117.150  user=root
Oct 15 10:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: Failed password for root from 185.216.117.150 port 41446 ssh2
Oct 15 10:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: Received disconnect from 185.216.117.150 port 41446:11: Bye Bye [preauth]
Oct 15 10:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: Disconnected from 185.216.117.150 port 41446 [preauth]
Oct 15 10:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11306]: pam_unix(cron:session): session closed for user root
Oct 15 10:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: Invalid user nginx from 196.251.84.181
Oct 15 10:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: input_userauth_request: invalid user nginx [preauth]
Oct 15 10:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.181
Oct 15 10:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: Failed password for invalid user nginx from 196.251.84.181 port 33182 ssh2
Oct 15 10:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12955]: Connection closed by 196.251.84.181 port 33182 [preauth]
Oct 15 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13056]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13055]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13053]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13133]: Successful su for rubyman by root
Oct 15 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13133]: + ??? root:rubyman
Oct 15 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417096 of user rubyman.
Oct 15 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13133]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417096.
Oct 15 10:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: Invalid user newuser from 111.68.98.152
Oct 15 10:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: input_userauth_request: invalid user newuser [preauth]
Oct 15 10:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: Failed password for invalid user newuser from 111.68.98.152 port 54724 ssh2
Oct 15 10:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: Received disconnect from 111.68.98.152 port 54724:11: Bye Bye [preauth]
Oct 15 10:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: Disconnected from 111.68.98.152 port 54724 [preauth]
Oct 15 10:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13390]: Invalid user sachin from 37.120.247.100
Oct 15 10:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13390]: input_userauth_request: invalid user sachin [preauth]
Oct 15 10:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13390]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 10:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13390]: Failed password for invalid user sachin from 37.120.247.100 port 42196 ssh2
Oct 15 10:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13390]: Received disconnect from 37.120.247.100 port 42196:11: Bye Bye [preauth]
Oct 15 10:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13390]: Disconnected from 37.120.247.100 port 42196 [preauth]
Oct 15 10:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9643]: pam_unix(cron:session): session closed for user root
Oct 15 10:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13490]: Invalid user saga from 69.166.235.169
Oct 15 10:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13490]: input_userauth_request: invalid user saga [preauth]
Oct 15 10:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13490]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 10:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13054]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.169  user=root
Oct 15 10:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13490]: Failed password for invalid user saga from 69.166.235.169 port 54074 ssh2
Oct 15 10:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13490]: Received disconnect from 69.166.235.169 port 54074:11: Bye Bye [preauth]
Oct 15 10:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13490]: Disconnected from 69.166.235.169 port 54074 [preauth]
Oct 15 10:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: Failed password for root from 14.103.123.169 port 24132 ssh2
Oct 15 10:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: Received disconnect from 14.103.123.169 port 24132:11: Bye Bye [preauth]
Oct 15 10:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13480]: Disconnected from 14.103.123.169 port 24132 [preauth]
Oct 15 10:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13529]: Did not receive identification string from 194.195.215.221
Oct 15 10:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232  user=root
Oct 15 10:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: Failed password for root from 160.174.129.232 port 43006 ssh2
Oct 15 10:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: Received disconnect from 160.174.129.232 port 43006:11: Bye Bye [preauth]
Oct 15 10:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: Disconnected from 160.174.129.232 port 43006 [preauth]
Oct 15 10:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11887]: pam_unix(cron:session): session closed for user root
Oct 15 10:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: Invalid user min from 38.57.235.240
Oct 15 10:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: input_userauth_request: invalid user min [preauth]
Oct 15 10:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 10:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: Failed password for invalid user min from 38.57.235.240 port 53534 ssh2
Oct 15 10:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: Received disconnect from 38.57.235.240 port 53534:11: Bye Bye [preauth]
Oct 15 10:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: Disconnected from 38.57.235.240 port 53534 [preauth]
Oct 15 10:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: Invalid user user8 from 107.150.110.167
Oct 15 10:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: input_userauth_request: invalid user user8 [preauth]
Oct 15 10:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 10:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: Failed password for invalid user user8 from 107.150.110.167 port 31004 ssh2
Oct 15 10:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: Received disconnect from 107.150.110.167 port 31004:11: Bye Bye [preauth]
Oct 15 10:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13617]: Disconnected from 107.150.110.167 port 31004 [preauth]
Oct 15 10:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: Invalid user fernando from 220.247.224.226
Oct 15 10:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: input_userauth_request: invalid user fernando [preauth]
Oct 15 10:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 10:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: Failed password for invalid user fernando from 220.247.224.226 port 52299 ssh2
Oct 15 10:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: Received disconnect from 220.247.224.226 port 52299:11: Bye Bye [preauth]
Oct 15 10:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13642]: Disconnected from 220.247.224.226 port 52299 [preauth]
Oct 15 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13660]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13661]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13658]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13746]: Successful su for rubyman by root
Oct 15 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13746]: + ??? root:rubyman
Oct 15 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417101 of user rubyman.
Oct 15 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13746]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417101.
Oct 15 10:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10294]: pam_unix(cron:session): session closed for user root
Oct 15 10:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13659]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: Connection closed by 46.25.236.192 port 41754 [preauth]
Oct 15 10:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: Invalid user user from 37.120.247.100
Oct 15 10:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: input_userauth_request: invalid user user [preauth]
Oct 15 10:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 10:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12499]: pam_unix(cron:session): session closed for user root
Oct 15 10:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: Failed password for invalid user user from 37.120.247.100 port 53490 ssh2
Oct 15 10:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: Received disconnect from 37.120.247.100 port 53490:11: Bye Bye [preauth]
Oct 15 10:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14166]: Disconnected from 37.120.247.100 port 53490 [preauth]
Oct 15 10:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169  user=root
Oct 15 10:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: Failed password for root from 69.166.235.169 port 54250 ssh2
Oct 15 10:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: Received disconnect from 69.166.235.169 port 54250:11: Bye Bye [preauth]
Oct 15 10:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: Disconnected from 69.166.235.169 port 54250 [preauth]
Oct 15 10:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232  user=root
Oct 15 10:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: Failed password for root from 160.174.129.232 port 59182 ssh2
Oct 15 10:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: Received disconnect from 160.174.129.232 port 59182:11: Bye Bye [preauth]
Oct 15 10:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: Disconnected from 160.174.129.232 port 59182 [preauth]
Oct 15 10:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167  user=root
Oct 15 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14253]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14250]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14247]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Failed password for root from 107.150.110.167 port 63264 ssh2
Oct 15 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Received disconnect from 107.150.110.167 port 63264:11: Bye Bye [preauth]
Oct 15 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Disconnected from 107.150.110.167 port 63264 [preauth]
Oct 15 10:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14312]: Successful su for rubyman by root
Oct 15 10:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14312]: + ??? root:rubyman
Oct 15 10:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14312]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417106 of user rubyman.
Oct 15 10:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14312]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417106.
Oct 15 10:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10807]: pam_unix(cron:session): session closed for user root
Oct 15 10:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: Invalid user system from 111.68.98.152
Oct 15 10:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: input_userauth_request: invalid user system [preauth]
Oct 15 10:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: Failed password for invalid user system from 111.68.98.152 port 54588 ssh2
Oct 15 10:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14248]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: Received disconnect from 111.68.98.152 port 54588:11: Bye Bye [preauth]
Oct 15 10:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: Disconnected from 111.68.98.152 port 54588 [preauth]
Oct 15 10:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14540]: Invalid user ubuntu from 38.57.235.240
Oct 15 10:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14540]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 10:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14540]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 10:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14540]: Failed password for invalid user ubuntu from 38.57.235.240 port 58776 ssh2
Oct 15 10:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14540]: Received disconnect from 38.57.235.240 port 58776:11: Bye Bye [preauth]
Oct 15 10:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14540]: Disconnected from 38.57.235.240 port 58776 [preauth]
Oct 15 10:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: Invalid user admin from 220.247.224.226
Oct 15 10:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: input_userauth_request: invalid user admin [preauth]
Oct 15 10:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 10:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: Failed password for invalid user admin from 220.247.224.226 port 15282 ssh2
Oct 15 10:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: Received disconnect from 220.247.224.226 port 15282:11: Bye Bye [preauth]
Oct 15 10:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: Disconnected from 220.247.224.226 port 15282 [preauth]
Oct 15 10:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13056]: pam_unix(cron:session): session closed for user root
Oct 15 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14684]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14685]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14681]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14764]: Successful su for rubyman by root
Oct 15 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14764]: + ??? root:rubyman
Oct 15 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417108 of user rubyman.
Oct 15 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14764]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417108.
Oct 15 10:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: Invalid user ftpuser from 37.120.247.100
Oct 15 10:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 10:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 10:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11305]: pam_unix(cron:session): session closed for user root
Oct 15 10:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: Failed password for invalid user ftpuser from 37.120.247.100 port 56998 ssh2
Oct 15 10:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: Received disconnect from 37.120.247.100 port 56998:11: Bye Bye [preauth]
Oct 15 10:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: Disconnected from 37.120.247.100 port 56998 [preauth]
Oct 15 10:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: Invalid user user from 160.174.129.232
Oct 15 10:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: input_userauth_request: invalid user user [preauth]
Oct 15 10:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 10:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167  user=root
Oct 15 10:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: Failed password for invalid user user from 160.174.129.232 port 47114 ssh2
Oct 15 10:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: Received disconnect from 160.174.129.232 port 47114:11: Bye Bye [preauth]
Oct 15 10:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: Disconnected from 160.174.129.232 port 47114 [preauth]
Oct 15 10:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: Invalid user admin from 185.156.73.233
Oct 15 10:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: input_userauth_request: invalid user admin [preauth]
Oct 15 10:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 10:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: Failed password for root from 107.150.110.167 port 40526 ssh2
Oct 15 10:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14683]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: Received disconnect from 107.150.110.167 port 40526:11: Bye Bye [preauth]
Oct 15 10:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14995]: Disconnected from 107.150.110.167 port 40526 [preauth]
Oct 15 10:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: Failed password for invalid user admin from 185.156.73.233 port 51190 ssh2
Oct 15 10:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: Connection closed by 185.156.73.233 port 51190 [preauth]
Oct 15 10:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: Invalid user cc from 46.25.236.192
Oct 15 10:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: input_userauth_request: invalid user cc [preauth]
Oct 15 10:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
Oct 15 10:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: Failed password for invalid user cc from 46.25.236.192 port 39568 ssh2
Oct 15 10:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: Received disconnect from 46.25.236.192 port 39568:11: Bye Bye [preauth]
Oct 15 10:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15043]: Disconnected from 46.25.236.192 port 39568 [preauth]
Oct 15 10:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: Invalid user david from 69.166.235.169
Oct 15 10:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: input_userauth_request: invalid user david [preauth]
Oct 15 10:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 10:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: Failed password for invalid user david from 69.166.235.169 port 54420 ssh2
Oct 15 10:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: Received disconnect from 69.166.235.169 port 54420:11: Bye Bye [preauth]
Oct 15 10:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: Disconnected from 69.166.235.169 port 54420 [preauth]
Oct 15 10:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13661]: pam_unix(cron:session): session closed for user root
Oct 15 10:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15270]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15269]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15273]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15271]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15273]: pam_unix(cron:session): session closed for user root
Oct 15 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15267]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Invalid user oem from 220.247.224.226
Oct 15 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: input_userauth_request: invalid user oem [preauth]
Oct 15 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15367]: Successful su for rubyman by root
Oct 15 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15367]: + ??? root:rubyman
Oct 15 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417116 of user rubyman.
Oct 15 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15367]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417116.
Oct 15 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Failed password for invalid user oem from 220.247.224.226 port 61248 ssh2
Oct 15 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Received disconnect from 220.247.224.226 port 61248:11: Bye Bye [preauth]
Oct 15 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Disconnected from 220.247.224.226 port 61248 [preauth]
Oct 15 10:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240  user=root
Oct 15 10:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Failed password for root from 38.57.235.240 port 35796 ssh2
Oct 15 10:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Received disconnect from 38.57.235.240 port 35796:11: Bye Bye [preauth]
Oct 15 10:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15409]: Disconnected from 38.57.235.240 port 35796 [preauth]
Oct 15 10:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15269]: pam_unix(cron:session): session closed for user root
Oct 15 10:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11885]: pam_unix(cron:session): session closed for user root
Oct 15 10:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15268]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15599]: Invalid user user01 from 111.68.98.152
Oct 15 10:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15599]: input_userauth_request: invalid user user01 [preauth]
Oct 15 10:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15599]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15599]: Failed password for invalid user user01 from 111.68.98.152 port 54892 ssh2
Oct 15 10:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15599]: Received disconnect from 111.68.98.152 port 54892:11: Bye Bye [preauth]
Oct 15 10:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15599]: Disconnected from 111.68.98.152 port 54892 [preauth]
Oct 15 10:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: Invalid user ubuntu from 186.96.145.241
Oct 15 10:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 10:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 15 10:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: Failed password for invalid user ubuntu from 186.96.145.241 port 44514 ssh2
Oct 15 10:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15666]: Connection closed by 186.96.145.241 port 44514 [preauth]
Oct 15 10:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: Invalid user deb from 160.174.129.232
Oct 15 10:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: input_userauth_request: invalid user deb [preauth]
Oct 15 10:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 10:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14253]: pam_unix(cron:session): session closed for user root
Oct 15 10:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: Invalid user PRUEBA from 107.150.110.167
Oct 15 10:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: input_userauth_request: invalid user PRUEBA [preauth]
Oct 15 10:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 10:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: Failed password for invalid user deb from 160.174.129.232 port 43188 ssh2
Oct 15 10:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: Received disconnect from 160.174.129.232 port 43188:11: Bye Bye [preauth]
Oct 15 10:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: Disconnected from 160.174.129.232 port 43188 [preauth]
Oct 15 10:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: Failed password for invalid user PRUEBA from 107.150.110.167 port 17794 ssh2
Oct 15 10:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: Received disconnect from 107.150.110.167 port 17794:11: Bye Bye [preauth]
Oct 15 10:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: Disconnected from 107.150.110.167 port 17794 [preauth]
Oct 15 10:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100  user=root
Oct 15 10:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15712]: Failed password for root from 37.120.247.100 port 50898 ssh2
Oct 15 10:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15712]: Received disconnect from 37.120.247.100 port 50898:11: Bye Bye [preauth]
Oct 15 10:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15712]: Disconnected from 37.120.247.100 port 50898 [preauth]
Oct 15 10:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15746]: Connection closed by 198.199.72.27 port 23468 [preauth]
Oct 15 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15772]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15775]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15770]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15856]: Successful su for rubyman by root
Oct 15 10:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15856]: + ??? root:rubyman
Oct 15 10:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417118 of user rubyman.
Oct 15 10:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15856]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417118.
Oct 15 10:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: Invalid user user1 from 69.166.235.169
Oct 15 10:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: input_userauth_request: invalid user user1 [preauth]
Oct 15 10:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.235.169
Oct 15 10:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: Failed password for invalid user user1 from 69.166.235.169 port 54602 ssh2
Oct 15 10:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: Received disconnect from 69.166.235.169 port 54602:11: Bye Bye [preauth]
Oct 15 10:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: Disconnected from 69.166.235.169 port 54602 [preauth]
Oct 15 10:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12498]: pam_unix(cron:session): session closed for user root
Oct 15 10:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15771]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14685]: pam_unix(cron:session): session closed for user root
Oct 15 10:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Invalid user o2 from 220.247.224.226
Oct 15 10:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: input_userauth_request: invalid user o2 [preauth]
Oct 15 10:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 10:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: Connection closed by 46.25.236.192 port 37308 [preauth]
Oct 15 10:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Failed password for invalid user o2 from 220.247.224.226 port 12323 ssh2
Oct 15 10:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Received disconnect from 220.247.224.226 port 12323:11: Bye Bye [preauth]
Oct 15 10:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Disconnected from 220.247.224.226 port 12323 [preauth]
Oct 15 10:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Invalid user admin from 2.57.121.112
Oct 15 10:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: input_userauth_request: invalid user admin [preauth]
Oct 15 10:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 10:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Failed password for invalid user admin from 2.57.121.112 port 43681 ssh2
Oct 15 10:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Failed password for invalid user admin from 2.57.121.112 port 43681 ssh2
Oct 15 10:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Failed password for invalid user admin from 2.57.121.112 port 43681 ssh2
Oct 15 10:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Failed password for invalid user admin from 2.57.121.112 port 43681 ssh2
Oct 15 10:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: Invalid user administrator from 38.57.235.240
Oct 15 10:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: input_userauth_request: invalid user administrator [preauth]
Oct 15 10:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 10:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Failed password for invalid user admin from 2.57.121.112 port 43681 ssh2
Oct 15 10:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Received disconnect from 2.57.121.112 port 43681:11: Bye [preauth]
Oct 15 10:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Disconnected from 2.57.121.112 port 43681 [preauth]
Oct 15 10:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 10:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 10:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: Failed password for invalid user administrator from 38.57.235.240 port 41052 ssh2
Oct 15 10:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: Received disconnect from 38.57.235.240 port 41052:11: Bye Bye [preauth]
Oct 15 10:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16225]: Disconnected from 38.57.235.240 port 41052 [preauth]
Oct 15 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16249]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16246]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16242]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16242]: pam_unix(cron:session): session closed for user root
Oct 15 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16244]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16325]: Successful su for rubyman by root
Oct 15 10:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16325]: + ??? root:rubyman
Oct 15 10:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417124 of user rubyman.
Oct 15 10:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16325]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417124.
Oct 15 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: Invalid user adi from 107.150.110.167
Oct 15 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: input_userauth_request: invalid user adi [preauth]
Oct 15 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 10:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: Failed password for invalid user adi from 107.150.110.167 port 50068 ssh2
Oct 15 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: Received disconnect from 107.150.110.167 port 50068:11: Bye Bye [preauth]
Oct 15 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: Disconnected from 107.150.110.167 port 50068 [preauth]
Oct 15 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16407]: Invalid user bobi from 160.174.129.232
Oct 15 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16407]: input_userauth_request: invalid user bobi [preauth]
Oct 15 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16407]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 10:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16407]: Failed password for invalid user bobi from 160.174.129.232 port 53942 ssh2
Oct 15 10:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16407]: Received disconnect from 160.174.129.232 port 53942:11: Bye Bye [preauth]
Oct 15 10:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16407]: Disconnected from 160.174.129.232 port 53942 [preauth]
Oct 15 10:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13055]: pam_unix(cron:session): session closed for user root
Oct 15 10:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100  user=root
Oct 15 10:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16245]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: Failed password for root from 37.120.247.100 port 33498 ssh2
Oct 15 10:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: Received disconnect from 37.120.247.100 port 33498:11: Bye Bye [preauth]
Oct 15 10:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16551]: Disconnected from 37.120.247.100 port 33498 [preauth]
Oct 15 10:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: Invalid user client from 111.68.98.152
Oct 15 10:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: input_userauth_request: invalid user client [preauth]
Oct 15 10:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: Failed password for invalid user client from 111.68.98.152 port 50912 ssh2
Oct 15 10:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: Received disconnect from 111.68.98.152 port 50912:11: Bye Bye [preauth]
Oct 15 10:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: Disconnected from 111.68.98.152 port 50912 [preauth]
Oct 15 10:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15271]: pam_unix(cron:session): session closed for user root
Oct 15 10:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16722]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16718]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16719]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16717]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16817]: Successful su for rubyman by root
Oct 15 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16817]: + ??? root:rubyman
Oct 15 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16817]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417127 of user rubyman.
Oct 15 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16817]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417127.
Oct 15 10:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124  user=root
Oct 15 10:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: Failed password for root from 138.68.58.124 port 44920 ssh2
Oct 15 10:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: Connection closed by 138.68.58.124 port 44920 [preauth]
Oct 15 10:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13660]: pam_unix(cron:session): session closed for user root
Oct 15 10:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: Invalid user couchdb from 220.247.224.226
Oct 15 10:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: input_userauth_request: invalid user couchdb [preauth]
Oct 15 10:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 10:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: Failed password for invalid user couchdb from 220.247.224.226 port 20467 ssh2
Oct 15 10:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: Received disconnect from 220.247.224.226 port 20467:11: Bye Bye [preauth]
Oct 15 10:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: Disconnected from 220.247.224.226 port 20467 [preauth]
Oct 15 10:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16718]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: Invalid user alexis from 107.150.110.167
Oct 15 10:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: input_userauth_request: invalid user alexis [preauth]
Oct 15 10:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 10:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: Failed password for invalid user alexis from 107.150.110.167 port 27330 ssh2
Oct 15 10:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: Received disconnect from 107.150.110.167 port 27330:11: Bye Bye [preauth]
Oct 15 10:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17063]: Disconnected from 107.150.110.167 port 27330 [preauth]
Oct 15 10:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Invalid user aman from 160.174.129.232
Oct 15 10:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: input_userauth_request: invalid user aman [preauth]
Oct 15 10:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 10:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Failed password for invalid user aman from 160.174.129.232 port 39192 ssh2
Oct 15 10:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Received disconnect from 160.174.129.232 port 39192:11: Bye Bye [preauth]
Oct 15 10:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Disconnected from 160.174.129.232 port 39192 [preauth]
Oct 15 10:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15775]: pam_unix(cron:session): session closed for user root
Oct 15 10:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192  user=root
Oct 15 10:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240  user=root
Oct 15 10:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17154]: Failed password for root from 46.25.236.192 port 35114 ssh2
Oct 15 10:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17154]: Received disconnect from 46.25.236.192 port 35114:11: Bye Bye [preauth]
Oct 15 10:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17154]: Disconnected from 46.25.236.192 port 35114 [preauth]
Oct 15 10:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: Failed password for root from 38.57.235.240 port 46314 ssh2
Oct 15 10:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: Received disconnect from 38.57.235.240 port 46314:11: Bye Bye [preauth]
Oct 15 10:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17168]: Disconnected from 38.57.235.240 port 46314 [preauth]
Oct 15 10:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Invalid user egor from 37.120.247.100
Oct 15 10:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: input_userauth_request: invalid user egor [preauth]
Oct 15 10:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 10:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Failed password for invalid user egor from 37.120.247.100 port 46108 ssh2
Oct 15 10:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Received disconnect from 37.120.247.100 port 46108:11: Bye Bye [preauth]
Oct 15 10:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Disconnected from 37.120.247.100 port 46108 [preauth]
Oct 15 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17213]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17215]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17211]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17286]: Successful su for rubyman by root
Oct 15 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17286]: + ??? root:rubyman
Oct 15 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417131 of user rubyman.
Oct 15 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17286]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417131.
Oct 15 10:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14250]: pam_unix(cron:session): session closed for user root
Oct 15 10:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17212]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: Invalid user client from 111.68.98.152
Oct 15 10:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: input_userauth_request: invalid user client [preauth]
Oct 15 10:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: Failed password for invalid user client from 111.68.98.152 port 43472 ssh2
Oct 15 10:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: Received disconnect from 111.68.98.152 port 43472:11: Bye Bye [preauth]
Oct 15 10:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17556]: Disconnected from 111.68.98.152 port 43472 [preauth]
Oct 15 10:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16249]: pam_unix(cron:session): session closed for user root
Oct 15 10:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167  user=root
Oct 15 10:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: Failed password for root from 107.150.110.167 port 59590 ssh2
Oct 15 10:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: Received disconnect from 107.150.110.167 port 59590:11: Bye Bye [preauth]
Oct 15 10:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: Disconnected from 107.150.110.167 port 59590 [preauth]
Oct 15 10:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: Invalid user test3 from 220.247.224.226
Oct 15 10:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: input_userauth_request: invalid user test3 [preauth]
Oct 15 10:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 10:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232  user=root
Oct 15 10:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: Failed password for invalid user test3 from 220.247.224.226 port 2315 ssh2
Oct 15 10:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: Received disconnect from 220.247.224.226 port 2315:11: Bye Bye [preauth]
Oct 15 10:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17635]: Disconnected from 220.247.224.226 port 2315 [preauth]
Oct 15 10:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17647]: Failed password for root from 160.174.129.232 port 55356 ssh2
Oct 15 10:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17647]: Received disconnect from 160.174.129.232 port 55356:11: Bye Bye [preauth]
Oct 15 10:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17647]: Disconnected from 160.174.129.232 port 55356 [preauth]
Oct 15 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17682]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17680]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17678]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17679]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17682]: pam_unix(cron:session): session closed for user root
Oct 15 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17676]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17819]: Successful su for rubyman by root
Oct 15 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17819]: + ??? root:rubyman
Oct 15 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17819]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417137 of user rubyman.
Oct 15 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[17819]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417137.
Oct 15 10:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17678]: pam_unix(cron:session): session closed for user root
Oct 15 10:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14684]: pam_unix(cron:session): session closed for user root
Oct 15 10:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17677]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: Invalid user elaine from 37.120.247.100
Oct 15 10:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: input_userauth_request: invalid user elaine [preauth]
Oct 15 10:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 10:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: Failed password for invalid user elaine from 37.120.247.100 port 37194 ssh2
Oct 15 10:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: Received disconnect from 37.120.247.100 port 37194:11: Bye Bye [preauth]
Oct 15 10:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18246]: Disconnected from 37.120.247.100 port 37194 [preauth]
Oct 15 10:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16722]: pam_unix(cron:session): session closed for user root
Oct 15 10:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: Invalid user guest from 38.57.235.240
Oct 15 10:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: input_userauth_request: invalid user guest [preauth]
Oct 15 10:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 10:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: Failed password for invalid user guest from 38.57.235.240 port 51566 ssh2
Oct 15 10:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: Received disconnect from 38.57.235.240 port 51566:11: Bye Bye [preauth]
Oct 15 10:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18308]: Disconnected from 38.57.235.240 port 51566 [preauth]
Oct 15 10:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18436]: Invalid user admin from 185.156.73.233
Oct 15 10:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18436]: input_userauth_request: invalid user admin [preauth]
Oct 15 10:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18436]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 10:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18436]: Failed password for invalid user admin from 185.156.73.233 port 44842 ssh2
Oct 15 10:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18436]: Connection closed by 185.156.73.233 port 44842 [preauth]
Oct 15 10:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: Invalid user redmine from 107.150.110.167
Oct 15 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: input_userauth_request: invalid user redmine [preauth]
Oct 15 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.150.110.167
Oct 15 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18485]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18484]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18481]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18481]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18588]: Successful su for rubyman by root
Oct 15 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18588]: + ??? root:rubyman
Oct 15 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417143 of user rubyman.
Oct 15 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18588]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417143.
Oct 15 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: Failed password for invalid user redmine from 107.150.110.167 port 36854 ssh2
Oct 15 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: Received disconnect from 107.150.110.167 port 36854:11: Bye Bye [preauth]
Oct 15 10:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: Disconnected from 107.150.110.167 port 36854 [preauth]
Oct 15 10:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15270]: pam_unix(cron:session): session closed for user root
Oct 15 10:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18482]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18863]: Invalid user techuser from 220.247.224.226
Oct 15 10:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18863]: input_userauth_request: invalid user techuser [preauth]
Oct 15 10:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18863]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 10:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18863]: Failed password for invalid user techuser from 220.247.224.226 port 44685 ssh2
Oct 15 10:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18863]: Received disconnect from 220.247.224.226 port 44685:11: Bye Bye [preauth]
Oct 15 10:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18863]: Disconnected from 220.247.224.226 port 44685 [preauth]
Oct 15 10:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18895]: Invalid user sammy from 111.68.98.152
Oct 15 10:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18895]: input_userauth_request: invalid user sammy [preauth]
Oct 15 10:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18895]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18895]: Failed password for invalid user sammy from 111.68.98.152 port 55532 ssh2
Oct 15 10:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18895]: Received disconnect from 111.68.98.152 port 55532:11: Bye Bye [preauth]
Oct 15 10:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18895]: Disconnected from 111.68.98.152 port 55532 [preauth]
Oct 15 10:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17215]: pam_unix(cron:session): session closed for user root
Oct 15 10:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: Invalid user wx from 160.174.129.232
Oct 15 10:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: input_userauth_request: invalid user wx [preauth]
Oct 15 10:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.174.129.232
Oct 15 10:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: Failed password for invalid user wx from 160.174.129.232 port 43350 ssh2
Oct 15 10:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: Received disconnect from 160.174.129.232 port 43350:11: Bye Bye [preauth]
Oct 15 10:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19014]: Disconnected from 160.174.129.232 port 43350 [preauth]
Oct 15 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19118]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19116]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19114]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100  user=root
Oct 15 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19196]: Successful su for rubyman by root
Oct 15 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19196]: + ??? root:rubyman
Oct 15 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417145 of user rubyman.
Oct 15 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19196]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417145.
Oct 15 10:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19111]: Failed password for root from 37.120.247.100 port 56028 ssh2
Oct 15 10:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19111]: Received disconnect from 37.120.247.100 port 56028:11: Bye Bye [preauth]
Oct 15 10:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19111]: Disconnected from 37.120.247.100 port 56028 [preauth]
Oct 15 10:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15772]: pam_unix(cron:session): session closed for user root
Oct 15 10:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19115]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: Invalid user dimas from 38.57.235.240
Oct 15 10:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: input_userauth_request: invalid user dimas [preauth]
Oct 15 10:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 10:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: Failed password for invalid user dimas from 38.57.235.240 port 56828 ssh2
Oct 15 10:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: Received disconnect from 38.57.235.240 port 56828:11: Bye Bye [preauth]
Oct 15 10:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: Disconnected from 38.57.235.240 port 56828 [preauth]
Oct 15 10:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17680]: pam_unix(cron:session): session closed for user root
Oct 15 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19940]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19938]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19935]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20024]: Successful su for rubyman by root
Oct 15 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20024]: + ??? root:rubyman
Oct 15 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417149 of user rubyman.
Oct 15 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20024]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417149.
Oct 15 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20037]: Invalid user pp from 46.25.236.192
Oct 15 10:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20037]: input_userauth_request: invalid user pp [preauth]
Oct 15 10:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20037]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
Oct 15 10:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: Invalid user zoom from 220.247.224.226
Oct 15 10:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: input_userauth_request: invalid user zoom [preauth]
Oct 15 10:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 10:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20037]: Failed password for invalid user pp from 46.25.236.192 port 58906 ssh2
Oct 15 10:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20037]: Received disconnect from 46.25.236.192 port 58906:11: Bye Bye [preauth]
Oct 15 10:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20037]: Disconnected from 46.25.236.192 port 58906 [preauth]
Oct 15 10:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16246]: pam_unix(cron:session): session closed for user root
Oct 15 10:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: Failed password for invalid user zoom from 220.247.224.226 port 36434 ssh2
Oct 15 10:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: Received disconnect from 220.247.224.226 port 36434:11: Bye Bye [preauth]
Oct 15 10:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20117]: Disconnected from 220.247.224.226 port 36434 [preauth]
Oct 15 10:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19936]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18485]: pam_unix(cron:session): session closed for user root
Oct 15 10:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: Invalid user abc from 111.68.98.152
Oct 15 10:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: input_userauth_request: invalid user abc [preauth]
Oct 15 10:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: Failed password for invalid user abc from 111.68.98.152 port 60932 ssh2
Oct 15 10:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: Received disconnect from 111.68.98.152 port 60932:11: Bye Bye [preauth]
Oct 15 10:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20412]: Disconnected from 111.68.98.152 port 60932 [preauth]
Oct 15 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20463]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20464]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20461]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20539]: Successful su for rubyman by root
Oct 15 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20539]: + ??? root:rubyman
Oct 15 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20539]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417154 of user rubyman.
Oct 15 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20539]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417154.
Oct 15 10:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100  user=root
Oct 15 10:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: Failed password for root from 37.120.247.100 port 55108 ssh2
Oct 15 10:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: Received disconnect from 37.120.247.100 port 55108:11: Bye Bye [preauth]
Oct 15 10:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20605]: Disconnected from 37.120.247.100 port 55108 [preauth]
Oct 15 10:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16719]: pam_unix(cron:session): session closed for user root
Oct 15 10:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20462]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240  user=root
Oct 15 10:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: Failed password for root from 38.57.235.240 port 33852 ssh2
Oct 15 10:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: Received disconnect from 38.57.235.240 port 33852:11: Bye Bye [preauth]
Oct 15 10:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: Disconnected from 38.57.235.240 port 33852 [preauth]
Oct 15 10:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19118]: pam_unix(cron:session): session closed for user root
Oct 15 10:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20879]: Invalid user sudarshan from 220.247.224.226
Oct 15 10:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20879]: input_userauth_request: invalid user sudarshan [preauth]
Oct 15 10:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20879]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 10:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20879]: Failed password for invalid user sudarshan from 220.247.224.226 port 21751 ssh2
Oct 15 10:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20879]: Received disconnect from 220.247.224.226 port 21751:11: Bye Bye [preauth]
Oct 15 10:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20879]: Disconnected from 220.247.224.226 port 21751 [preauth]
Oct 15 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20933]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20934]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20935]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20932]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20935]: pam_unix(cron:session): session closed for user root
Oct 15 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20930]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[21018]: Successful su for rubyman by root
Oct 15 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[21018]: + ??? root:rubyman
Oct 15 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[21018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417158 of user rubyman.
Oct 15 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[21018]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417158.
Oct 15 10:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20932]: pam_unix(cron:session): session closed for user root
Oct 15 10:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17213]: pam_unix(cron:session): session closed for user root
Oct 15 10:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Invalid user dimas from 46.25.236.192
Oct 15 10:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: input_userauth_request: invalid user dimas [preauth]
Oct 15 10:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
Oct 15 10:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Failed password for invalid user dimas from 46.25.236.192 port 56664 ssh2
Oct 15 10:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Received disconnect from 46.25.236.192 port 56664:11: Bye Bye [preauth]
Oct 15 10:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Disconnected from 46.25.236.192 port 56664 [preauth]
Oct 15 10:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20931]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21389]: Invalid user guest from 37.120.247.100
Oct 15 10:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21389]: input_userauth_request: invalid user guest [preauth]
Oct 15 10:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21389]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 10:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19940]: pam_unix(cron:session): session closed for user root
Oct 15 10:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21389]: Failed password for invalid user guest from 37.120.247.100 port 38166 ssh2
Oct 15 10:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21389]: Received disconnect from 37.120.247.100 port 38166:11: Bye Bye [preauth]
Oct 15 10:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21389]: Disconnected from 37.120.247.100 port 38166 [preauth]
Oct 15 10:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: Invalid user test from 111.68.98.152
Oct 15 10:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: input_userauth_request: invalid user test [preauth]
Oct 15 10:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: Failed password for invalid user test from 111.68.98.152 port 45842 ssh2
Oct 15 10:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: Received disconnect from 111.68.98.152 port 45842:11: Bye Bye [preauth]
Oct 15 10:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21461]: Disconnected from 111.68.98.152 port 45842 [preauth]
Oct 15 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21484]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21485]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21482]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21564]: Successful su for rubyman by root
Oct 15 10:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21564]: + ??? root:rubyman
Oct 15 10:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417163 of user rubyman.
Oct 15 10:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21564]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417163.
Oct 15 10:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240  user=root
Oct 15 10:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21704]: Failed password for root from 38.57.235.240 port 39110 ssh2
Oct 15 10:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21704]: Received disconnect from 38.57.235.240 port 39110:11: Bye Bye [preauth]
Oct 15 10:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21704]: Disconnected from 38.57.235.240 port 39110 [preauth]
Oct 15 10:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17679]: pam_unix(cron:session): session closed for user root
Oct 15 10:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21784]: Invalid user user_1 from 220.247.224.226
Oct 15 10:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21784]: input_userauth_request: invalid user user_1 [preauth]
Oct 15 10:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21784]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226
Oct 15 10:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21483]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21784]: Failed password for invalid user user_1 from 220.247.224.226 port 25555 ssh2
Oct 15 10:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21784]: Received disconnect from 220.247.224.226 port 25555:11: Bye Bye [preauth]
Oct 15 10:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21784]: Disconnected from 220.247.224.226 port 25555 [preauth]
Oct 15 10:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20464]: pam_unix(cron:session): session closed for user root
Oct 15 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21966]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21964]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21962]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22040]: Successful su for rubyman by root
Oct 15 10:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22040]: + ??? root:rubyman
Oct 15 10:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417167 of user rubyman.
Oct 15 10:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22040]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417167.
Oct 15 10:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: Invalid user integration from 37.120.247.100
Oct 15 10:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: input_userauth_request: invalid user integration [preauth]
Oct 15 10:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.120.247.100
Oct 15 10:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18484]: pam_unix(cron:session): session closed for user root
Oct 15 10:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: Failed password for invalid user integration from 37.120.247.100 port 51264 ssh2
Oct 15 10:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: Received disconnect from 37.120.247.100 port 51264:11: Bye Bye [preauth]
Oct 15 10:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: Disconnected from 37.120.247.100 port 51264 [preauth]
Oct 15 10:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21963]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22337]: Connection closed by 46.25.236.192 port 54454 [preauth]
Oct 15 10:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: Invalid user jony from 164.68.105.9
Oct 15 10:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: input_userauth_request: invalid user jony [preauth]
Oct 15 10:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 10:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: Failed password for invalid user jony from 164.68.105.9 port 43206 ssh2
Oct 15 10:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: Connection closed by 164.68.105.9 port 43206 [preauth]
Oct 15 10:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20934]: pam_unix(cron:session): session closed for user root
Oct 15 10:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.247.224.226  user=root
Oct 15 10:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Failed password for root from 220.247.224.226 port 8341 ssh2
Oct 15 10:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Received disconnect from 220.247.224.226 port 8341:11: Bye Bye [preauth]
Oct 15 10:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Disconnected from 220.247.224.226 port 8341 [preauth]
Oct 15 10:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: Invalid user pp from 38.57.235.240
Oct 15 10:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: input_userauth_request: invalid user pp [preauth]
Oct 15 10:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 10:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22465]: Invalid user array from 80.94.95.116
Oct 15 10:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22465]: input_userauth_request: invalid user array [preauth]
Oct 15 10:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22465]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 10:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: Failed password for invalid user pp from 38.57.235.240 port 44368 ssh2
Oct 15 10:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: Received disconnect from 38.57.235.240 port 44368:11: Bye Bye [preauth]
Oct 15 10:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22462]: Disconnected from 38.57.235.240 port 44368 [preauth]
Oct 15 10:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22465]: Failed password for invalid user array from 80.94.95.116 port 54378 ssh2
Oct 15 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22465]: Connection closed by 80.94.95.116 port 54378 [preauth]
Oct 15 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22479]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22480]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22477]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: Invalid user bot from 111.68.98.152
Oct 15 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: input_userauth_request: invalid user bot [preauth]
Oct 15 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22549]: Successful su for rubyman by root
Oct 15 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22549]: + ??? root:rubyman
Oct 15 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417171 of user rubyman.
Oct 15 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22549]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417171.
Oct 15 10:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: Failed password for invalid user bot from 111.68.98.152 port 48526 ssh2
Oct 15 10:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: Received disconnect from 111.68.98.152 port 48526:11: Bye Bye [preauth]
Oct 15 10:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: Disconnected from 111.68.98.152 port 48526 [preauth]
Oct 15 10:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19116]: pam_unix(cron:session): session closed for user root
Oct 15 10:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22478]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21485]: pam_unix(cron:session): session closed for user root
Oct 15 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23311]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23312]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23308]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23516]: Successful su for rubyman by root
Oct 15 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23516]: + ??? root:rubyman
Oct 15 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417176 of user rubyman.
Oct 15 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23516]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417176.
Oct 15 10:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19938]: pam_unix(cron:session): session closed for user root
Oct 15 10:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: Invalid user omm from 218.78.60.105
Oct 15 10:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: input_userauth_request: invalid user omm [preauth]
Oct 15 10:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.78.60.105
Oct 15 10:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23310]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: Failed password for invalid user omm from 218.78.60.105 port 51612 ssh2
Oct 15 10:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: Received disconnect from 218.78.60.105 port 51612:11: Bye Bye [preauth]
Oct 15 10:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: Disconnected from 218.78.60.105 port 51612 [preauth]
Oct 15 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21966]: pam_unix(cron:session): session closed for user root
Oct 15 10:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24024]: Connection closed by 46.25.236.192 port 52238 [preauth]
Oct 15 10:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: Invalid user mm from 38.57.235.240
Oct 15 10:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: input_userauth_request: invalid user mm [preauth]
Oct 15 10:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240
Oct 15 10:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: Failed password for invalid user mm from 38.57.235.240 port 49624 ssh2
Oct 15 10:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: Received disconnect from 38.57.235.240 port 49624:11: Bye Bye [preauth]
Oct 15 10:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: Disconnected from 38.57.235.240 port 49624 [preauth]
Oct 15 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24155]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24154]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24156]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24152]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24156]: pam_unix(cron:session): session closed for user root
Oct 15 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[24239]: Successful su for rubyman by root
Oct 15 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[24239]: + ??? root:rubyman
Oct 15 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[24239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417182 of user rubyman.
Oct 15 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[24239]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417182.
Oct 15 10:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: Invalid user postgres from 111.68.98.152
Oct 15 10:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: input_userauth_request: invalid user postgres [preauth]
Oct 15 10:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24152]: pam_unix(cron:session): session closed for user root
Oct 15 10:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20463]: pam_unix(cron:session): session closed for user root
Oct 15 10:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: Failed password for invalid user postgres from 111.68.98.152 port 41654 ssh2
Oct 15 10:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: Received disconnect from 111.68.98.152 port 41654:11: Bye Bye [preauth]
Oct 15 10:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: Disconnected from 111.68.98.152 port 41654 [preauth]
Oct 15 10:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22480]: pam_unix(cron:session): session closed for user root
Oct 15 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24701]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24704]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24699]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24699]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24790]: Successful su for rubyman by root
Oct 15 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24790]: + ??? root:rubyman
Oct 15 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417187 of user rubyman.
Oct 15 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24790]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417187.
Oct 15 10:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20933]: pam_unix(cron:session): session closed for user root
Oct 15 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24700]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23312]: pam_unix(cron:session): session closed for user root
Oct 15 10:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240  user=root
Oct 15 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: Failed password for root from 38.57.235.240 port 54884 ssh2
Oct 15 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: Received disconnect from 38.57.235.240 port 54884:11: Bye Bye [preauth]
Oct 15 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25136]: Disconnected from 38.57.235.240 port 54884 [preauth]
Oct 15 10:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25139]: Invalid user test from 46.25.236.192
Oct 15 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25139]: input_userauth_request: invalid user test [preauth]
Oct 15 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25139]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
Oct 15 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25139]: Failed password for invalid user test from 46.25.236.192 port 49990 ssh2
Oct 15 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25139]: Received disconnect from 46.25.236.192 port 49990:11: Bye Bye [preauth]
Oct 15 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25139]: Disconnected from 46.25.236.192 port 49990 [preauth]
Oct 15 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25211]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25210]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25208]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25323]: Successful su for rubyman by root
Oct 15 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25323]: + ??? root:rubyman
Oct 15 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417190 of user rubyman.
Oct 15 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25323]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417190.
Oct 15 10:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21484]: pam_unix(cron:session): session closed for user root
Oct 15 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: Invalid user user1 from 111.68.98.152
Oct 15 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: input_userauth_request: invalid user user1 [preauth]
Oct 15 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: Failed password for invalid user user1 from 111.68.98.152 port 54634 ssh2
Oct 15 10:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: Received disconnect from 111.68.98.152 port 54634:11: Bye Bye [preauth]
Oct 15 10:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25661]: Disconnected from 111.68.98.152 port 54634 [preauth]
Oct 15 10:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25209]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24155]: pam_unix(cron:session): session closed for user root
Oct 15 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25999]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25998]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25994]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26066]: Successful su for rubyman by root
Oct 15 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26066]: + ??? root:rubyman
Oct 15 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417193 of user rubyman.
Oct 15 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26066]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417193.
Oct 15 10:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21964]: pam_unix(cron:session): session closed for user root
Oct 15 10:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.57.235.240  user=root
Oct 15 10:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: Failed password for root from 38.57.235.240 port 60128 ssh2
Oct 15 10:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: Received disconnect from 38.57.235.240 port 60128:11: Bye Bye [preauth]
Oct 15 10:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: Disconnected from 38.57.235.240 port 60128 [preauth]
Oct 15 10:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25995]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24704]: pam_unix(cron:session): session closed for user root
Oct 15 10:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192  user=root
Oct 15 10:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: Failed password for root from 46.25.236.192 port 47806 ssh2
Oct 15 10:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: Received disconnect from 46.25.236.192 port 47806:11: Bye Bye [preauth]
Oct 15 10:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26536]: Disconnected from 46.25.236.192 port 47806 [preauth]
Oct 15 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26566]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26565]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26562]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26562]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26640]: Successful su for rubyman by root
Oct 15 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26640]: + ??? root:rubyman
Oct 15 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417197 of user rubyman.
Oct 15 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26640]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417197.
Oct 15 10:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22479]: pam_unix(cron:session): session closed for user root
Oct 15 10:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Invalid user system from 111.68.98.152
Oct 15 10:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: input_userauth_request: invalid user system [preauth]
Oct 15 10:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Failed password for invalid user system from 111.68.98.152 port 34838 ssh2
Oct 15 10:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Received disconnect from 111.68.98.152 port 34838:11: Bye Bye [preauth]
Oct 15 10:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Disconnected from 111.68.98.152 port 34838 [preauth]
Oct 15 10:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26563]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25211]: pam_unix(cron:session): session closed for user root
Oct 15 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27256]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27257]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27252]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27254]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27255]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27257]: pam_unix(cron:session): session closed for user root
Oct 15 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27252]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27336]: Successful su for rubyman by root
Oct 15 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27336]: + ??? root:rubyman
Oct 15 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27336]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417201 of user rubyman.
Oct 15 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27336]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417201.
Oct 15 10:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27254]: pam_unix(cron:session): session closed for user root
Oct 15 10:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23311]: pam_unix(cron:session): session closed for user root
Oct 15 10:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27253]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27995]: Bad protocol version identification '\003' from 138.197.27.1 port 63883
Oct 15 10:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25999]: pam_unix(cron:session): session closed for user root
Oct 15 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28073]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28071]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28070]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28069]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28160]: Successful su for rubyman by root
Oct 15 10:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28160]: + ??? root:rubyman
Oct 15 10:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28160]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417207 of user rubyman.
Oct 15 10:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28160]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417207.
Oct 15 10:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28208]: Connection closed by 46.25.236.192 port 45570 [preauth]
Oct 15 10:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24154]: pam_unix(cron:session): session closed for user root
Oct 15 10:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28070]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28388]: Invalid user minecraft from 111.68.98.152
Oct 15 10:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28388]: input_userauth_request: invalid user minecraft [preauth]
Oct 15 10:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28388]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28388]: Failed password for invalid user minecraft from 111.68.98.152 port 56602 ssh2
Oct 15 10:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28388]: Received disconnect from 111.68.98.152 port 56602:11: Bye Bye [preauth]
Oct 15 10:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28388]: Disconnected from 111.68.98.152 port 56602 [preauth]
Oct 15 10:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26566]: pam_unix(cron:session): session closed for user root
Oct 15 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28797]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28795]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28793]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28888]: Successful su for rubyman by root
Oct 15 10:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28888]: + ??? root:rubyman
Oct 15 10:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417212 of user rubyman.
Oct 15 10:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28888]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417212.
Oct 15 10:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24701]: pam_unix(cron:session): session closed for user root
Oct 15 10:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28794]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27256]: pam_unix(cron:session): session closed for user root
Oct 15 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29405]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29404]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29399]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29489]: Successful su for rubyman by root
Oct 15 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29489]: + ??? root:rubyman
Oct 15 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417217 of user rubyman.
Oct 15 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29489]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417217.
Oct 15 10:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25210]: pam_unix(cron:session): session closed for user root
Oct 15 10:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: Invalid user adc from 46.25.236.192
Oct 15 10:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: input_userauth_request: invalid user adc [preauth]
Oct 15 10:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
Oct 15 10:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29401]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: Failed password for invalid user adc from 46.25.236.192 port 43346 ssh2
Oct 15 10:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: Received disconnect from 46.25.236.192 port 43346:11: Bye Bye [preauth]
Oct 15 10:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: Disconnected from 46.25.236.192 port 43346 [preauth]
Oct 15 10:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: Invalid user oracle from 111.68.98.152
Oct 15 10:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: input_userauth_request: invalid user oracle [preauth]
Oct 15 10:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: Failed password for invalid user oracle from 111.68.98.152 port 50512 ssh2
Oct 15 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: Received disconnect from 111.68.98.152 port 50512:11: Bye Bye [preauth]
Oct 15 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: Disconnected from 111.68.98.152 port 50512 [preauth]
Oct 15 10:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28073]: pam_unix(cron:session): session closed for user root
Oct 15 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29927]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29928]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29918]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29923]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30121]: Successful su for rubyman by root
Oct 15 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30121]: + ??? root:rubyman
Oct 15 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417221 of user rubyman.
Oct 15 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30121]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417221.
Oct 15 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29918]: pam_unix(cron:session): session closed for user root
Oct 15 10:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
Oct 15 10:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: Failed password for root from 194.0.234.19 port 33208 ssh2
Oct 15 10:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: Connection closed by 194.0.234.19 port 33208 [preauth]
Oct 15 10:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25998]: pam_unix(cron:session): session closed for user root
Oct 15 10:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29925]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: Did not receive identification string from 39.172.84.55
Oct 15 10:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28797]: pam_unix(cron:session): session closed for user root
Oct 15 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30658]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30655]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30657]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30654]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30658]: pam_unix(cron:session): session closed for user root
Oct 15 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30649]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30738]: Successful su for rubyman by root
Oct 15 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30738]: + ??? root:rubyman
Oct 15 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30738]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417225 of user rubyman.
Oct 15 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30738]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417225.
Oct 15 10:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26565]: pam_unix(cron:session): session closed for user root
Oct 15 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30654]: pam_unix(cron:session): session closed for user root
Oct 15 10:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30650]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: Invalid user egor from 46.25.236.192
Oct 15 10:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: input_userauth_request: invalid user egor [preauth]
Oct 15 10:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
Oct 15 10:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: Failed password for invalid user egor from 46.25.236.192 port 41106 ssh2
Oct 15 10:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: Received disconnect from 46.25.236.192 port 41106:11: Bye Bye [preauth]
Oct 15 10:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: Disconnected from 46.25.236.192 port 41106 [preauth]
Oct 15 10:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: Invalid user ts3 from 111.68.98.152
Oct 15 10:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: input_userauth_request: invalid user ts3 [preauth]
Oct 15 10:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: Failed password for invalid user ts3 from 111.68.98.152 port 34688 ssh2
Oct 15 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: Received disconnect from 111.68.98.152 port 34688:11: Bye Bye [preauth]
Oct 15 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: Disconnected from 111.68.98.152 port 34688 [preauth]
Oct 15 10:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29405]: pam_unix(cron:session): session closed for user root
Oct 15 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31169]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31168]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31166]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31249]: Successful su for rubyman by root
Oct 15 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31249]: + ??? root:rubyman
Oct 15 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417230 of user rubyman.
Oct 15 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31249]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417230.
Oct 15 10:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 15 10:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31274]: Failed password for root from 164.68.105.9 port 41254 ssh2
Oct 15 10:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31274]: Connection closed by 164.68.105.9 port 41254 [preauth]
Oct 15 10:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27255]: pam_unix(cron:session): session closed for user root
Oct 15 10:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31167]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29928]: pam_unix(cron:session): session closed for user root
Oct 15 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31797]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31796]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31793]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31863]: Successful su for rubyman by root
Oct 15 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31863]: + ??? root:rubyman
Oct 15 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31863]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417234 of user rubyman.
Oct 15 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31863]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417234.
Oct 15 10:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28071]: pam_unix(cron:session): session closed for user root
Oct 15 10:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.218.160.83  user=root
Oct 15 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31794]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32109]: Failed password for root from 8.218.160.83 port 33862 ssh2
Oct 15 10:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32109]: Connection closed by 8.218.160.83 port 33862 [preauth]
Oct 15 10:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: Connection closed by 46.25.236.192 port 38914 [preauth]
Oct 15 10:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30657]: pam_unix(cron:session): session closed for user root
Oct 15 10:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32280]: Invalid user tempuser from 111.68.98.152
Oct 15 10:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32280]: input_userauth_request: invalid user tempuser [preauth]
Oct 15 10:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32280]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32280]: Failed password for invalid user tempuser from 111.68.98.152 port 33524 ssh2
Oct 15 10:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32280]: Received disconnect from 111.68.98.152 port 33524:11: Bye Bye [preauth]
Oct 15 10:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32280]: Disconnected from 111.68.98.152 port 33524 [preauth]
Oct 15 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32348]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32350]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32346]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32417]: Successful su for rubyman by root
Oct 15 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32417]: + ??? root:rubyman
Oct 15 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32417]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417239 of user rubyman.
Oct 15 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32417]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417239.
Oct 15 10:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28795]: pam_unix(cron:session): session closed for user root
Oct 15 10:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32347]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31169]: pam_unix(cron:session): session closed for user root
Oct 15 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[336]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[334]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[332]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[409]: Successful su for rubyman by root
Oct 15 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[409]: + ??? root:rubyman
Oct 15 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417242 of user rubyman.
Oct 15 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[409]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417242.
Oct 15 10:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29404]: pam_unix(cron:session): session closed for user root
Oct 15 10:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[333]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31797]: pam_unix(cron:session): session closed for user root
Oct 15 10:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.218.160.83  user=root
Oct 15 10:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[742]: Failed password for root from 8.218.160.83 port 36798 ssh2
Oct 15 10:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[742]: Connection closed by 8.218.160.83 port 36798 [preauth]
Oct 15 10:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: Invalid user dev from 111.68.98.152
Oct 15 10:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: input_userauth_request: invalid user dev [preauth]
Oct 15 10:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: Failed password for invalid user dev from 111.68.98.152 port 39486 ssh2
Oct 15 10:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: Received disconnect from 111.68.98.152 port 39486:11: Bye Bye [preauth]
Oct 15 10:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[746]: Disconnected from 111.68.98.152 port 39486 [preauth]
Oct 15 10:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[807]: Invalid user nginx from 8.218.160.83
Oct 15 10:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[807]: input_userauth_request: invalid user nginx [preauth]
Oct 15 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[789]: Invalid user git from 8.218.160.83
Oct 15 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[789]: input_userauth_request: invalid user git [preauth]
Oct 15 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[854]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[851]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[852]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[849]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[854]: pam_unix(cron:session): session closed for user root
Oct 15 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[846]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[999]: Successful su for rubyman by root
Oct 15 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[999]: + ??? root:rubyman
Oct 15 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417246 of user rubyman.
Oct 15 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[999]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417246.
Oct 15 10:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[849]: pam_unix(cron:session): session closed for user root
Oct 15 10:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[789]: Connection closed by 8.218.160.83 port 36852 [preauth]
Oct 15 10:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29927]: pam_unix(cron:session): session closed for user root
Oct 15 10:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[744]: Did not receive identification string from 8.218.160.83
Oct 15 10:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[809]: Connection reset by 8.218.160.83 port 51474 [preauth]
Oct 15 10:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[960]: Connection reset by 8.218.160.83 port 59574 [preauth]
Oct 15 10:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[766]: Connection closed by 8.218.160.83 port 36834 [preauth]
Oct 15 10:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[847]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[812]: Connection closed by 8.218.160.83 port 51504 [preauth]
Oct 15 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[807]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.218.160.83
Oct 15 10:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[807]: Failed password for invalid user nginx from 8.218.160.83 port 51444 ssh2
Oct 15 10:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[807]: Connection closed by 8.218.160.83 port 51444 [preauth]
Oct 15 10:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: Connection closed by 8.218.160.83 port 51414 [preauth]
Oct 15 10:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32350]: pam_unix(cron:session): session closed for user root
Oct 15 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1469]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1470]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1466]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1539]: Successful su for rubyman by root
Oct 15 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1539]: + ??? root:rubyman
Oct 15 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1539]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417254 of user rubyman.
Oct 15 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1539]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417254.
Oct 15 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1625]: Invalid user usuario from 194.0.234.19
Oct 15 10:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1625]: input_userauth_request: invalid user usuario [preauth]
Oct 15 10:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1625]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Oct 15 10:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1625]: Failed password for invalid user usuario from 194.0.234.19 port 60448 ssh2
Oct 15 10:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1625]: Connection closed by 194.0.234.19 port 60448 [preauth]
Oct 15 10:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30655]: pam_unix(cron:session): session closed for user root
Oct 15 10:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1467]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[336]: pam_unix(cron:session): session closed for user root
Oct 15 10:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2007]: Invalid user nagios from 111.68.98.152
Oct 15 10:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2007]: input_userauth_request: invalid user nagios [preauth]
Oct 15 10:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2007]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2007]: Failed password for invalid user nagios from 111.68.98.152 port 54462 ssh2
Oct 15 10:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2007]: Received disconnect from 111.68.98.152 port 54462:11: Bye Bye [preauth]
Oct 15 10:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2007]: Disconnected from 111.68.98.152 port 54462 [preauth]
Oct 15 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2059]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2060]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2057]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2128]: Successful su for rubyman by root
Oct 15 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2128]: + ??? root:rubyman
Oct 15 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417256 of user rubyman.
Oct 15 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2128]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417256.
Oct 15 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31168]: pam_unix(cron:session): session closed for user root
Oct 15 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2058]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[852]: pam_unix(cron:session): session closed for user root
Oct 15 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2525]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2524]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2522]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2590]: Successful su for rubyman by root
Oct 15 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2590]: + ??? root:rubyman
Oct 15 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417260 of user rubyman.
Oct 15 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2590]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417260.
Oct 15 10:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31796]: pam_unix(cron:session): session closed for user root
Oct 15 10:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2523]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1470]: pam_unix(cron:session): session closed for user root
Oct 15 10:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: Invalid user nagios from 111.68.98.152
Oct 15 10:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: input_userauth_request: invalid user nagios [preauth]
Oct 15 10:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: Failed password for invalid user nagios from 111.68.98.152 port 35456 ssh2
Oct 15 10:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: Received disconnect from 111.68.98.152 port 35456:11: Bye Bye [preauth]
Oct 15 10:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: Disconnected from 111.68.98.152 port 35456 [preauth]
Oct 15 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2958]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2959]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2956]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3043]: Successful su for rubyman by root
Oct 15 10:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3043]: + ??? root:rubyman
Oct 15 10:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417265 of user rubyman.
Oct 15 10:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3043]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417265.
Oct 15 10:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32348]: pam_unix(cron:session): session closed for user root
Oct 15 10:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2957]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2060]: pam_unix(cron:session): session closed for user root
Oct 15 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3421]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3420]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3416]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3417]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3421]: pam_unix(cron:session): session closed for user root
Oct 15 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3414]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3499]: Successful su for rubyman by root
Oct 15 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3499]: + ??? root:rubyman
Oct 15 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417269 of user rubyman.
Oct 15 10:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3499]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417269.
Oct 15 10:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3416]: pam_unix(cron:session): session closed for user root
Oct 15 10:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[334]: pam_unix(cron:session): session closed for user root
Oct 15 10:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3415]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2525]: pam_unix(cron:session): session closed for user root
Oct 15 10:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3876]: Invalid user ubuntu from 111.68.98.152
Oct 15 10:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3876]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 10:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3876]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3876]: Failed password for invalid user ubuntu from 111.68.98.152 port 51394 ssh2
Oct 15 10:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3876]: Received disconnect from 111.68.98.152 port 51394:11: Bye Bye [preauth]
Oct 15 10:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3876]: Disconnected from 111.68.98.152 port 51394 [preauth]
Oct 15 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3914]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3915]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3912]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3989]: Successful su for rubyman by root
Oct 15 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3989]: + ??? root:rubyman
Oct 15 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417275 of user rubyman.
Oct 15 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3989]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417275.
Oct 15 10:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[851]: pam_unix(cron:session): session closed for user root
Oct 15 10:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3913]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2959]: pam_unix(cron:session): session closed for user root
Oct 15 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4444]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4443]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4441]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4505]: Successful su for rubyman by root
Oct 15 10:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4505]: + ??? root:rubyman
Oct 15 10:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417278 of user rubyman.
Oct 15 10:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4505]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417278.
Oct 15 10:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1469]: pam_unix(cron:session): session closed for user root
Oct 15 10:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4442]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3420]: pam_unix(cron:session): session closed for user root
Oct 15 10:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Invalid user user from 111.68.98.152
Oct 15 10:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: input_userauth_request: invalid user user [preauth]
Oct 15 10:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Failed password for invalid user user from 111.68.98.152 port 55302 ssh2
Oct 15 10:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Received disconnect from 111.68.98.152 port 55302:11: Bye Bye [preauth]
Oct 15 10:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Disconnected from 111.68.98.152 port 55302 [preauth]
Oct 15 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5113]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5114]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5107]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5497]: Successful su for rubyman by root
Oct 15 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5497]: + ??? root:rubyman
Oct 15 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417283 of user rubyman.
Oct 15 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5497]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417283.
Oct 15 10:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2059]: pam_unix(cron:session): session closed for user root
Oct 15 10:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Invalid user daniel from 194.0.234.19
Oct 15 10:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: input_userauth_request: invalid user daniel [preauth]
Oct 15 10:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Oct 15 10:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Failed password for invalid user daniel from 194.0.234.19 port 63498 ssh2
Oct 15 10:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Connection closed by 194.0.234.19 port 63498 [preauth]
Oct 15 10:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5108]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3915]: pam_unix(cron:session): session closed for user root
Oct 15 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5914]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5915]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5912]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5981]: Successful su for rubyman by root
Oct 15 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5981]: + ??? root:rubyman
Oct 15 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417288 of user rubyman.
Oct 15 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5981]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417288.
Oct 15 10:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2524]: pam_unix(cron:session): session closed for user root
Oct 15 10:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5913]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4444]: pam_unix(cron:session): session closed for user root
Oct 15 10:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: Invalid user radio from 111.68.98.152
Oct 15 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: input_userauth_request: invalid user radio [preauth]
Oct 15 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: Failed password for invalid user radio from 111.68.98.152 port 55062 ssh2
Oct 15 10:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: Received disconnect from 111.68.98.152 port 55062:11: Bye Bye [preauth]
Oct 15 10:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6300]: Disconnected from 111.68.98.152 port 55062 [preauth]
Oct 15 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6364]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6362]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6361]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6363]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6360]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6364]: pam_unix(cron:session): session closed for user root
Oct 15 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6359]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6437]: Successful su for rubyman by root
Oct 15 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6437]: + ??? root:rubyman
Oct 15 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6437]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417291 of user rubyman.
Oct 15 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6437]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417291.
Oct 15 10:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6361]: pam_unix(cron:session): session closed for user root
Oct 15 10:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2958]: pam_unix(cron:session): session closed for user root
Oct 15 10:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6360]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5114]: pam_unix(cron:session): session closed for user root
Oct 15 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6945]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6944]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6941]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7031]: Successful su for rubyman by root
Oct 15 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7031]: + ??? root:rubyman
Oct 15 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417296 of user rubyman.
Oct 15 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7031]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417296.
Oct 15 10:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3417]: pam_unix(cron:session): session closed for user root
Oct 15 10:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6942]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7417]: Invalid user local from 20.163.71.109
Oct 15 10:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7417]: input_userauth_request: invalid user local [preauth]
Oct 15 10:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7417]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109
Oct 15 10:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5915]: pam_unix(cron:session): session closed for user root
Oct 15 10:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7417]: Failed password for invalid user local from 20.163.71.109 port 54526 ssh2
Oct 15 10:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7417]: Connection closed by 20.163.71.109 port 54526 [preauth]
Oct 15 10:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: Invalid user www from 111.68.98.152
Oct 15 10:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: input_userauth_request: invalid user www [preauth]
Oct 15 10:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152
Oct 15 10:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: Failed password for invalid user www from 111.68.98.152 port 35960 ssh2
Oct 15 10:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: Received disconnect from 111.68.98.152 port 35960:11: Bye Bye [preauth]
Oct 15 10:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7455]: Disconnected from 111.68.98.152 port 35960 [preauth]
Oct 15 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7517]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7516]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7514]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7513]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7587]: Successful su for rubyman by root
Oct 15 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7587]: + ??? root:rubyman
Oct 15 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417300 of user rubyman.
Oct 15 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7587]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417300.
Oct 15 10:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3914]: pam_unix(cron:session): session closed for user root
Oct 15 10:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7514]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6363]: pam_unix(cron:session): session closed for user root
Oct 15 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8424]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8423]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8420]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8490]: Successful su for rubyman by root
Oct 15 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8490]: + ??? root:rubyman
Oct 15 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417304 of user rubyman.
Oct 15 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8490]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417304.
Oct 15 10:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4443]: pam_unix(cron:session): session closed for user root
Oct 15 10:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8421]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: Invalid user onlime_r from 80.94.95.116
Oct 15 10:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: input_userauth_request: invalid user onlime_r [preauth]
Oct 15 10:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 10:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 10:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: Failed password for invalid user onlime_r from 80.94.95.116 port 34826 ssh2
Oct 15 10:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: Connection closed by 80.94.95.116 port 34826 [preauth]
Oct 15 10:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 10:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152  user=root
Oct 15 10:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8904]: Failed password for root from 111.68.98.152 port 53950 ssh2
Oct 15 10:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8904]: Received disconnect from 111.68.98.152 port 53950:11: Bye Bye [preauth]
Oct 15 10:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8904]: Disconnected from 111.68.98.152 port 53950 [preauth]
Oct 15 10:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6945]: pam_unix(cron:session): session closed for user root
Oct 15 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9015]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9012]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9009]: pam_unix(cron:session): session closed for user p13x
Oct 15 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9083]: Successful su for rubyman by root
Oct 15 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9083]: + ??? root:rubyman
Oct 15 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417309 of user rubyman.
Oct 15 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9083]: pam_unix(su:session): session closed for user rubyman
Oct 15 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417309.
Oct 15 10:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5113]: pam_unix(cron:session): session closed for user root
Oct 15 10:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9010]: pam_unix(cron:session): session closed for user samftp
Oct 15 10:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7517]: pam_unix(cron:session): session closed for user root
Oct 15 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9639]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9637]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9640]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9641]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9638]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9637]: pam_unix(cron:session): session closed for user root
Oct 15 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9641]: pam_unix(cron:session): session closed for user root
Oct 15 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9635]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[9888]: Successful su for rubyman by root
Oct 15 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[9888]: + ??? root:rubyman
Oct 15 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[9888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417317 of user rubyman.
Oct 15 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[9888]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417317.
Oct 15 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9915]: Did not receive identification string from 45.119.212.196
Oct 15 11:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
Oct 15 11:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: Failed password for root from 45.119.212.196 port 42878 ssh2
Oct 15 11:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9916]: Connection closed by 45.119.212.196 port 42878 [preauth]
Oct 15 11:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: Invalid user admin from 45.119.212.196
Oct 15 11:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: input_userauth_request: invalid user admin [preauth]
Oct 15 11:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5914]: pam_unix(cron:session): session closed for user root
Oct 15 11:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9638]: pam_unix(cron:session): session closed for user root
Oct 15 11:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: Failed password for invalid user admin from 45.119.212.196 port 47976 ssh2
Oct 15 11:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: Connection closed by 45.119.212.196 port 47976 [preauth]
Oct 15 11:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
Oct 15 11:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10077]: Failed password for root from 45.119.212.196 port 47978 ssh2
Oct 15 11:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10077]: Connection closed by 45.119.212.196 port 47978 [preauth]
Oct 15 11:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: Invalid user postgres from 45.119.212.196
Oct 15 11:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: input_userauth_request: invalid user postgres [preauth]
Oct 15 11:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: Failed password for invalid user postgres from 45.119.212.196 port 47988 ssh2
Oct 15 11:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: Connection closed by 45.119.212.196 port 47988 [preauth]
Oct 15 11:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: Invalid user testuser from 45.119.212.196
Oct 15 11:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: input_userauth_request: invalid user testuser [preauth]
Oct 15 11:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9636]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: Failed password for invalid user testuser from 45.119.212.196 port 52836 ssh2
Oct 15 11:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: Connection closed by 45.119.212.196 port 52836 [preauth]
Oct 15 11:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
Oct 15 11:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: Failed password for root from 45.119.212.196 port 52838 ssh2
Oct 15 11:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: Connection closed by 45.119.212.196 port 52838 [preauth]
Oct 15 11:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: Invalid user ubuntu from 45.119.212.196
Oct 15 11:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 11:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: Failed password for invalid user ubuntu from 45.119.212.196 port 38134 ssh2
Oct 15 11:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10208]: Connection closed by 45.119.212.196 port 38134 [preauth]
Oct 15 11:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10210]: Invalid user odoo from 45.119.212.196
Oct 15 11:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10210]: input_userauth_request: invalid user odoo [preauth]
Oct 15 11:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10210]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10210]: Failed password for invalid user odoo from 45.119.212.196 port 38148 ssh2
Oct 15 11:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10210]: Connection closed by 45.119.212.196 port 38148 [preauth]
Oct 15 11:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: Invalid user db2inst1 from 45.119.212.196
Oct 15 11:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: input_userauth_request: invalid user db2inst1 [preauth]
Oct 15 11:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8424]: pam_unix(cron:session): session closed for user root
Oct 15 11:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: Failed password for invalid user db2inst1 from 45.119.212.196 port 38162 ssh2
Oct 15 11:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10280]: Connection closed by 45.119.212.196 port 38162 [preauth]
Oct 15 11:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10311]: Invalid user test from 45.119.212.196
Oct 15 11:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10311]: input_userauth_request: invalid user test [preauth]
Oct 15 11:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10311]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10311]: Failed password for invalid user test from 45.119.212.196 port 56298 ssh2
Oct 15 11:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10311]: Connection closed by 45.119.212.196 port 56298 [preauth]
Oct 15 11:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: Invalid user devops from 45.119.212.196
Oct 15 11:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: input_userauth_request: invalid user devops [preauth]
Oct 15 11:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: Failed password for invalid user devops from 45.119.212.196 port 56304 ssh2
Oct 15 11:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10316]: Connection closed by 45.119.212.196 port 56304 [preauth]
Oct 15 11:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: Invalid user dspace from 45.119.212.196
Oct 15 11:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: input_userauth_request: invalid user dspace [preauth]
Oct 15 11:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: Failed password for invalid user dspace from 45.119.212.196 port 56314 ssh2
Oct 15 11:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10347]: Connection closed by 45.119.212.196 port 56314 [preauth]
Oct 15 11:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10374]: Invalid user ubuntu from 45.119.212.196
Oct 15 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10374]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10374]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10374]: Failed password for invalid user ubuntu from 45.119.212.196 port 50022 ssh2
Oct 15 11:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10374]: Connection closed by 45.119.212.196 port 50022 [preauth]
Oct 15 11:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
Oct 15 11:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: Failed password for root from 45.119.212.196 port 50034 ssh2
Oct 15 11:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: Connection closed by 45.119.212.196 port 50034 [preauth]
Oct 15 11:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10389]: Invalid user admin from 45.119.212.196
Oct 15 11:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10389]: input_userauth_request: invalid user admin [preauth]
Oct 15 11:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10389]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10405]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10406]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10401]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10389]: Failed password for invalid user admin from 45.119.212.196 port 42254 ssh2
Oct 15 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10389]: Connection closed by 45.119.212.196 port 42254 [preauth]
Oct 15 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10485]: Successful su for rubyman by root
Oct 15 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10485]: + ??? root:rubyman
Oct 15 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417319 of user rubyman.
Oct 15 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10485]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417319.
Oct 15 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Invalid user ftpuser from 45.119.212.196
Oct 15 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Failed password for invalid user ftpuser from 45.119.212.196 port 42264 ssh2
Oct 15 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Connection closed by 45.119.212.196 port 42264 [preauth]
Oct 15 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10569]: Invalid user admin from 45.119.212.196
Oct 15 11:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10569]: input_userauth_request: invalid user admin [preauth]
Oct 15 11:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10569]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10569]: Failed password for invalid user admin from 45.119.212.196 port 42280 ssh2
Oct 15 11:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10569]: Connection closed by 45.119.212.196 port 42280 [preauth]
Oct 15 11:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: Invalid user kali from 45.119.212.196
Oct 15 11:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: input_userauth_request: invalid user kali [preauth]
Oct 15 11:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: Failed password for invalid user kali from 45.119.212.196 port 40622 ssh2
Oct 15 11:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10663]: Connection closed by 45.119.212.196 port 40622 [preauth]
Oct 15 11:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6362]: pam_unix(cron:session): session closed for user root
Oct 15 11:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
Oct 15 11:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: Failed password for root from 45.119.212.196 port 40638 ssh2
Oct 15 11:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10696]: Connection closed by 45.119.212.196 port 40638 [preauth]
Oct 15 11:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10404]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
Oct 15 11:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: Failed password for root from 45.119.212.196 port 55636 ssh2
Oct 15 11:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: Connection closed by 45.119.212.196 port 55636 [preauth]
Oct 15 11:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10757]: Invalid user minecraft from 45.119.212.196
Oct 15 11:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10757]: input_userauth_request: invalid user minecraft [preauth]
Oct 15 11:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10757]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10757]: Failed password for invalid user minecraft from 45.119.212.196 port 55640 ssh2
Oct 15 11:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10757]: Connection closed by 45.119.212.196 port 55640 [preauth]
Oct 15 11:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10770]: Invalid user ubuntu from 45.119.212.196
Oct 15 11:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10770]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 11:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10770]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10770]: Failed password for invalid user ubuntu from 45.119.212.196 port 55648 ssh2
Oct 15 11:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10770]: Connection closed by 45.119.212.196 port 55648 [preauth]
Oct 15 11:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
Oct 15 11:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: Failed password for root from 45.119.212.196 port 56888 ssh2
Oct 15 11:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: Connection closed by 45.119.212.196 port 56888 [preauth]
Oct 15 11:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
Oct 15 11:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10798]: Failed password for root from 45.119.212.196 port 56902 ssh2
Oct 15 11:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10798]: Connection closed by 45.119.212.196 port 56902 [preauth]
Oct 15 11:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Invalid user linaro from 45.119.212.196
Oct 15 11:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: input_userauth_request: invalid user linaro [preauth]
Oct 15 11:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9015]: pam_unix(cron:session): session closed for user root
Oct 15 11:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Failed password for invalid user linaro from 45.119.212.196 port 56908 ssh2
Oct 15 11:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10810]: Connection closed by 45.119.212.196 port 56908 [preauth]
Oct 15 11:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10839]: Invalid user pi from 45.119.212.196
Oct 15 11:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10839]: input_userauth_request: invalid user pi [preauth]
Oct 15 11:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10839]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10839]: Failed password for invalid user pi from 45.119.212.196 port 40506 ssh2
Oct 15 11:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10839]: Connection closed by 45.119.212.196 port 40506 [preauth]
Oct 15 11:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
Oct 15 11:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10855]: Failed password for root from 45.119.212.196 port 40512 ssh2
Oct 15 11:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10855]: Connection closed by 45.119.212.196 port 40512 [preauth]
Oct 15 11:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: Invalid user postgres from 45.119.212.196
Oct 15 11:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: input_userauth_request: invalid user postgres [preauth]
Oct 15 11:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: Failed password for invalid user postgres from 45.119.212.196 port 40528 ssh2
Oct 15 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: Connection closed by 45.119.212.196 port 40528 [preauth]
Oct 15 11:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
Oct 15 11:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10876]: Failed password for root from 45.119.212.196 port 48282 ssh2
Oct 15 11:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10876]: Connection closed by 45.119.212.196 port 48282 [preauth]
Oct 15 11:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10891]: Invalid user postgres from 45.119.212.196
Oct 15 11:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10891]: input_userauth_request: invalid user postgres [preauth]
Oct 15 11:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10891]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10891]: Failed password for invalid user postgres from 45.119.212.196 port 48298 ssh2
Oct 15 11:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10891]: Connection closed by 45.119.212.196 port 48298 [preauth]
Oct 15 11:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
Oct 15 11:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: Failed password for root from 45.119.212.196 port 48306 ssh2
Oct 15 11:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: Connection closed by 45.119.212.196 port 48306 [preauth]
Oct 15 11:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: Invalid user user from 45.119.212.196
Oct 15 11:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: input_userauth_request: invalid user user [preauth]
Oct 15 11:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10916]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10917]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10914]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10985]: Successful su for rubyman by root
Oct 15 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10985]: + ??? root:rubyman
Oct 15 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10985]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417326 of user rubyman.
Oct 15 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10985]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417326.
Oct 15 11:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: Failed password for invalid user user from 45.119.212.196 port 45130 ssh2
Oct 15 11:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: Connection closed by 45.119.212.196 port 45130 [preauth]
Oct 15 11:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
Oct 15 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: Failed password for root from 45.119.212.196 port 45132 ssh2
Oct 15 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: Connection closed by 45.119.212.196 port 45132 [preauth]
Oct 15 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
Oct 15 11:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6944]: pam_unix(cron:session): session closed for user root
Oct 15 11:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11099]: Failed password for root from 45.119.212.196 port 33552 ssh2
Oct 15 11:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11099]: Connection closed by 45.119.212.196 port 33552 [preauth]
Oct 15 11:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: Invalid user vyos from 45.119.212.196
Oct 15 11:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: input_userauth_request: invalid user vyos [preauth]
Oct 15 11:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: Failed password for invalid user vyos from 45.119.212.196 port 33558 ssh2
Oct 15 11:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: Connection closed by 45.119.212.196 port 33558 [preauth]
Oct 15 11:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11201]: Invalid user odroid from 45.119.212.196
Oct 15 11:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11201]: input_userauth_request: invalid user odroid [preauth]
Oct 15 11:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11201]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10915]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11201]: Failed password for invalid user odroid from 45.119.212.196 port 33572 ssh2
Oct 15 11:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11201]: Connection closed by 45.119.212.196 port 33572 [preauth]
Oct 15 11:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
Oct 15 11:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11230]: Failed password for root from 45.119.212.196 port 42924 ssh2
Oct 15 11:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11230]: Connection closed by 45.119.212.196 port 42924 [preauth]
Oct 15 11:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
Oct 15 11:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: Failed password for root from 45.119.212.196 port 42940 ssh2
Oct 15 11:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: Connection closed by 45.119.212.196 port 42940 [preauth]
Oct 15 11:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
Oct 15 11:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Failed password for root from 45.119.212.196 port 42956 ssh2
Oct 15 11:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Connection closed by 45.119.212.196 port 42956 [preauth]
Oct 15 11:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Invalid user deploy from 45.119.212.196
Oct 15 11:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: input_userauth_request: invalid user deploy [preauth]
Oct 15 11:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Failed password for invalid user deploy from 45.119.212.196 port 54832 ssh2
Oct 15 11:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Connection closed by 45.119.212.196 port 54832 [preauth]
Oct 15 11:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11301]: Invalid user steam from 45.119.212.196
Oct 15 11:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11301]: input_userauth_request: invalid user steam [preauth]
Oct 15 11:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11301]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11301]: Failed password for invalid user steam from 45.119.212.196 port 54836 ssh2
Oct 15 11:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11301]: Connection closed by 45.119.212.196 port 54836 [preauth]
Oct 15 11:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
Oct 15 11:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: Failed password for root from 45.119.212.196 port 54850 ssh2
Oct 15 11:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11304]: Connection closed by 45.119.212.196 port 54850 [preauth]
Oct 15 11:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11326]: Invalid user deploy from 45.119.212.196
Oct 15 11:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11326]: input_userauth_request: invalid user deploy [preauth]
Oct 15 11:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11326]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11326]: Failed password for invalid user deploy from 45.119.212.196 port 51186 ssh2
Oct 15 11:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11326]: Connection closed by 45.119.212.196 port 51186 [preauth]
Oct 15 11:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: Invalid user ubuntu from 45.119.212.196
Oct 15 11:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 11:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: Failed password for invalid user ubuntu from 45.119.212.196 port 51198 ssh2
Oct 15 11:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: Connection closed by 45.119.212.196 port 51198 [preauth]
Oct 15 11:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9640]: pam_unix(cron:session): session closed for user root
Oct 15 11:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11350]: Invalid user ubuntu from 45.119.212.196
Oct 15 11:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11350]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 11:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11350]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11350]: Failed password for invalid user ubuntu from 45.119.212.196 port 51212 ssh2
Oct 15 11:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11350]: Connection closed by 45.119.212.196 port 51212 [preauth]
Oct 15 11:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: Invalid user vagrant from 45.119.212.196
Oct 15 11:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: input_userauth_request: invalid user vagrant [preauth]
Oct 15 11:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: Failed password for invalid user vagrant from 45.119.212.196 port 43476 ssh2
Oct 15 11:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11359]: Connection closed by 45.119.212.196 port 43476 [preauth]
Oct 15 11:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: Invalid user hadoop from 45.119.212.196
Oct 15 11:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: input_userauth_request: invalid user hadoop [preauth]
Oct 15 11:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: Failed password for invalid user hadoop from 45.119.212.196 port 43484 ssh2
Oct 15 11:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: Connection closed by 45.119.212.196 port 43484 [preauth]
Oct 15 11:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11397]: Invalid user ansible from 45.119.212.196
Oct 15 11:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11397]: input_userauth_request: invalid user ansible [preauth]
Oct 15 11:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11397]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11397]: Failed password for invalid user ansible from 45.119.212.196 port 43500 ssh2
Oct 15 11:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11397]: Connection closed by 45.119.212.196 port 43500 [preauth]
Oct 15 11:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Invalid user guest from 45.119.212.196
Oct 15 11:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: input_userauth_request: invalid user guest [preauth]
Oct 15 11:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Failed password for invalid user guest from 45.119.212.196 port 53150 ssh2
Oct 15 11:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Connection closed by 45.119.212.196 port 53150 [preauth]
Oct 15 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11423]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11424]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11415]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: Invalid user user from 45.119.212.196
Oct 15 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: input_userauth_request: invalid user user [preauth]
Oct 15 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11491]: Successful su for rubyman by root
Oct 15 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11491]: + ??? root:rubyman
Oct 15 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417330 of user rubyman.
Oct 15 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11491]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417330.
Oct 15 11:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: Failed password for invalid user user from 45.119.212.196 port 53164 ssh2
Oct 15 11:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: Connection closed by 45.119.212.196 port 53164 [preauth]
Oct 15 11:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: Invalid user deployer from 45.119.212.196
Oct 15 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: input_userauth_request: invalid user deployer [preauth]
Oct 15 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: Failed password for invalid user deployer from 45.119.212.196 port 53178 ssh2
Oct 15 11:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: Connection closed by 45.119.212.196 port 53178 [preauth]
Oct 15 11:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: Invalid user kafka from 45.119.212.196
Oct 15 11:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: input_userauth_request: invalid user kafka [preauth]
Oct 15 11:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7516]: pam_unix(cron:session): session closed for user root
Oct 15 11:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
Oct 15 11:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: Failed password for invalid user kafka from 45.119.212.196 port 49150 ssh2
Oct 15 11:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11743]: Connection closed by 45.119.212.196 port 49150 [preauth]
Oct 15 11:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11416]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10406]: pam_unix(cron:session): session closed for user root
Oct 15 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11991]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11992]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11988]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12064]: Successful su for rubyman by root
Oct 15 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12064]: + ??? root:rubyman
Oct 15 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12064]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417331 of user rubyman.
Oct 15 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12064]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417331.
Oct 15 11:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8423]: pam_unix(cron:session): session closed for user root
Oct 15 11:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11989]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10917]: pam_unix(cron:session): session closed for user root
Oct 15 11:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: Invalid user admin from 2.57.121.25
Oct 15 11:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: input_userauth_request: invalid user admin [preauth]
Oct 15 11:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 11:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: Failed password for invalid user admin from 2.57.121.25 port 44208 ssh2
Oct 15 11:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: Failed password for invalid user admin from 2.57.121.25 port 44208 ssh2
Oct 15 11:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: Failed password for invalid user admin from 2.57.121.25 port 44208 ssh2
Oct 15 11:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: Failed password for invalid user admin from 2.57.121.25 port 44208 ssh2
Oct 15 11:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: Failed password for invalid user admin from 2.57.121.25 port 44208 ssh2
Oct 15 11:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: Received disconnect from 2.57.121.25 port 44208:11: Bye [preauth]
Oct 15 11:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: Disconnected from 2.57.121.25 port 44208 [preauth]
Oct 15 11:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 11:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12496]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12494]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12492]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12493]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12496]: pam_unix(cron:session): session closed for user root
Oct 15 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12490]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12575]: Successful su for rubyman by root
Oct 15 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12575]: + ??? root:rubyman
Oct 15 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417338 of user rubyman.
Oct 15 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12575]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417338.
Oct 15 11:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: Did not receive identification string from 165.22.200.57
Oct 15 11:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12492]: pam_unix(cron:session): session closed for user root
Oct 15 11:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9012]: pam_unix(cron:session): session closed for user root
Oct 15 11:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 15 11:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: Failed password for root from 190.103.202.7 port 36852 ssh2
Oct 15 11:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: Connection closed by 190.103.202.7 port 36852 [preauth]
Oct 15 11:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12491]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
Oct 15 11:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12881]: Failed password for root from 80.94.95.116 port 52440 ssh2
Oct 15 11:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12881]: Connection closed by 80.94.95.116 port 52440 [preauth]
Oct 15 11:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11424]: pam_unix(cron:session): session closed for user root
Oct 15 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13036]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13037]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13032]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13120]: Successful su for rubyman by root
Oct 15 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13120]: + ??? root:rubyman
Oct 15 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417342 of user rubyman.
Oct 15 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13120]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417342.
Oct 15 11:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9639]: pam_unix(cron:session): session closed for user root
Oct 15 11:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=root
Oct 15 11:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13033]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13456]: Failed password for root from 165.22.200.57 port 51648 ssh2
Oct 15 11:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13456]: Connection closed by 165.22.200.57 port 51648 [preauth]
Oct 15 11:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.91.2.158  user=root
Oct 15 11:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Failed password for root from 183.91.2.158 port 21280 ssh2
Oct 15 11:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13499]: Connection closed by 183.91.2.158 port 21280 [preauth]
Oct 15 11:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: Invalid user support from 78.128.112.74
Oct 15 11:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: input_userauth_request: invalid user support [preauth]
Oct 15 11:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Oct 15 11:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: Failed password for invalid user support from 78.128.112.74 port 45286 ssh2
Oct 15 11:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13518]: Connection closed by 78.128.112.74 port 45286 [preauth]
Oct 15 11:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11992]: pam_unix(cron:session): session closed for user root
Oct 15 11:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: Invalid user odoo from 138.68.58.124
Oct 15 11:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: input_userauth_request: invalid user odoo [preauth]
Oct 15 11:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Oct 15 11:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: Failed password for invalid user odoo from 138.68.58.124 port 36230 ssh2
Oct 15 11:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13574]: Connection closed by 138.68.58.124 port 36230 [preauth]
Oct 15 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13641]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13642]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13639]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13710]: Successful su for rubyman by root
Oct 15 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13710]: + ??? root:rubyman
Oct 15 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417347 of user rubyman.
Oct 15 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13710]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417347.
Oct 15 11:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10405]: pam_unix(cron:session): session closed for user root
Oct 15 11:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=root
Oct 15 11:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Failed password for root from 165.22.200.57 port 42548 ssh2
Oct 15 11:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13934]: Connection closed by 165.22.200.57 port 42548 [preauth]
Oct 15 11:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13640]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12494]: pam_unix(cron:session): session closed for user root
Oct 15 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14222]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14217]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14214]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14287]: Successful su for rubyman by root
Oct 15 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14287]: + ??? root:rubyman
Oct 15 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417349 of user rubyman.
Oct 15 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14287]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417349.
Oct 15 11:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=root
Oct 15 11:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Failed password for root from 165.22.200.57 port 53458 ssh2
Oct 15 11:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Connection closed by 165.22.200.57 port 53458 [preauth]
Oct 15 11:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10916]: pam_unix(cron:session): session closed for user root
Oct 15 11:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14215]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13037]: pam_unix(cron:session): session closed for user root
Oct 15 11:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=root
Oct 15 11:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: Failed password for root from 165.22.200.57 port 57014 ssh2
Oct 15 11:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: Connection closed by 165.22.200.57 port 57014 [preauth]
Oct 15 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14667]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14666]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14662]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14664]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14856]: Successful su for rubyman by root
Oct 15 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14856]: + ??? root:rubyman
Oct 15 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417353 of user rubyman.
Oct 15 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14856]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417353.
Oct 15 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14662]: pam_unix(cron:session): session closed for user root
Oct 15 11:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11423]: pam_unix(cron:session): session closed for user root
Oct 15 11:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14665]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13642]: pam_unix(cron:session): session closed for user root
Oct 15 11:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=root
Oct 15 11:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15316]: Failed password for root from 165.22.200.57 port 52676 ssh2
Oct 15 11:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15316]: Connection closed by 165.22.200.57 port 52676 [preauth]
Oct 15 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15369]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15367]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15366]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15368]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15369]: pam_unix(cron:session): session closed for user root
Oct 15 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15364]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15440]: Successful su for rubyman by root
Oct 15 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15440]: + ??? root:rubyman
Oct 15 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417358 of user rubyman.
Oct 15 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15440]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417358.
Oct 15 11:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15366]: pam_unix(cron:session): session closed for user root
Oct 15 11:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11991]: pam_unix(cron:session): session closed for user root
Oct 15 11:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15365]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=root
Oct 15 11:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14222]: pam_unix(cron:session): session closed for user root
Oct 15 11:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15750]: Failed password for root from 165.22.200.57 port 46444 ssh2
Oct 15 11:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15750]: Connection closed by 165.22.200.57 port 46444 [preauth]
Oct 15 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15854]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15851]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15852]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15850]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15925]: Successful su for rubyman by root
Oct 15 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15925]: + ??? root:rubyman
Oct 15 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15925]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417364 of user rubyman.
Oct 15 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15925]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417364.
Oct 15 11:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12493]: pam_unix(cron:session): session closed for user root
Oct 15 11:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15851]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=root
Oct 15 11:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: Failed password for root from 165.22.200.57 port 37348 ssh2
Oct 15 11:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: Connection closed by 165.22.200.57 port 37348 [preauth]
Oct 15 11:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14667]: pam_unix(cron:session): session closed for user root
Oct 15 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16333]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16337]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16331]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16408]: Successful su for rubyman by root
Oct 15 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16408]: + ??? root:rubyman
Oct 15 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417370 of user rubyman.
Oct 15 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16408]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417370.
Oct 15 11:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=root
Oct 15 11:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16497]: Failed password for root from 165.22.200.57 port 35854 ssh2
Oct 15 11:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16497]: Connection closed by 165.22.200.57 port 35854 [preauth]
Oct 15 11:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13036]: pam_unix(cron:session): session closed for user root
Oct 15 11:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16332]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15368]: pam_unix(cron:session): session closed for user root
Oct 15 11:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=root
Oct 15 11:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: Failed password for root from 165.22.200.57 port 51818 ssh2
Oct 15 11:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16772]: Connection closed by 165.22.200.57 port 51818 [preauth]
Oct 15 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16822]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16823]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16820]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16893]: Successful su for rubyman by root
Oct 15 11:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16893]: + ??? root:rubyman
Oct 15 11:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417373 of user rubyman.
Oct 15 11:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16893]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417373.
Oct 15 11:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13641]: pam_unix(cron:session): session closed for user root
Oct 15 11:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16821]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17181]: Invalid user admin from 165.22.200.57
Oct 15 11:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17181]: input_userauth_request: invalid user admin [preauth]
Oct 15 11:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17181]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17181]: Failed password for invalid user admin from 165.22.200.57 port 41054 ssh2
Oct 15 11:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17181]: Connection closed by 165.22.200.57 port 41054 [preauth]
Oct 15 11:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15854]: pam_unix(cron:session): session closed for user root
Oct 15 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17293]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17291]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17362]: Successful su for rubyman by root
Oct 15 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17362]: + ??? root:rubyman
Oct 15 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417376 of user rubyman.
Oct 15 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17362]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417376.
Oct 15 11:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14217]: pam_unix(cron:session): session closed for user root
Oct 15 11:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: Invalid user admin from 165.22.200.57
Oct 15 11:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: input_userauth_request: invalid user admin [preauth]
Oct 15 11:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: Failed password for invalid user admin from 165.22.200.57 port 43612 ssh2
Oct 15 11:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: Connection closed by 165.22.200.57 port 43612 [preauth]
Oct 15 11:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17292]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16337]: pam_unix(cron:session): session closed for user root
Oct 15 11:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Invalid user admin from 165.22.200.57
Oct 15 11:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: input_userauth_request: invalid user admin [preauth]
Oct 15 11:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Failed password for invalid user admin from 165.22.200.57 port 58162 ssh2
Oct 15 11:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Connection closed by 165.22.200.57 port 58162 [preauth]
Oct 15 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17813]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17806]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17792]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17801]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17813]: pam_unix(cron:session): session closed for user root
Oct 15 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17790]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17920]: Successful su for rubyman by root
Oct 15 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17920]: + ??? root:rubyman
Oct 15 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417381 of user rubyman.
Oct 15 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17920]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417381.
Oct 15 11:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17792]: pam_unix(cron:session): session closed for user root
Oct 15 11:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14666]: pam_unix(cron:session): session closed for user root
Oct 15 11:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17791]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: Invalid user Administrator from 194.0.234.19
Oct 15 11:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: input_userauth_request: invalid user Administrator [preauth]
Oct 15 11:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Oct 15 11:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: Failed password for invalid user Administrator from 194.0.234.19 port 29282 ssh2
Oct 15 11:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: Connection closed by 194.0.234.19 port 29282 [preauth]
Oct 15 11:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: Invalid user admin from 165.22.200.57
Oct 15 11:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: input_userauth_request: invalid user admin [preauth]
Oct 15 11:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: Failed password for invalid user admin from 165.22.200.57 port 35446 ssh2
Oct 15 11:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: Connection closed by 165.22.200.57 port 35446 [preauth]
Oct 15 11:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16823]: pam_unix(cron:session): session closed for user root
Oct 15 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18579]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18580]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18576]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18674]: Successful su for rubyman by root
Oct 15 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18674]: + ??? root:rubyman
Oct 15 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417386 of user rubyman.
Oct 15 11:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18674]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417386.
Oct 15 11:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: Invalid user admin from 165.22.200.57
Oct 15 11:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: input_userauth_request: invalid user admin [preauth]
Oct 15 11:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15367]: pam_unix(cron:session): session closed for user root
Oct 15 11:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: Failed password for invalid user admin from 165.22.200.57 port 41638 ssh2
Oct 15 11:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: Connection closed by 165.22.200.57 port 41638 [preauth]
Oct 15 11:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18577]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session closed for user root
Oct 15 11:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19170]: Bad protocol version identification 'GET / HTTP/1.1' from 142.93.65.4 port 33268
Oct 15 11:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: Invalid user admin from 165.22.200.57
Oct 15 11:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: input_userauth_request: invalid user admin [preauth]
Oct 15 11:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: Failed password for invalid user admin from 165.22.200.57 port 57066 ssh2
Oct 15 11:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19168]: Connection closed by 165.22.200.57 port 57066 [preauth]
Oct 15 11:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: Did not receive identification string from 159.192.122.127
Oct 15 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19210]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19211]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19204]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19204]: pam_unix(cron:session): session closed for user root
Oct 15 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19208]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19331]: Successful su for rubyman by root
Oct 15 11:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19331]: + ??? root:rubyman
Oct 15 11:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417392 of user rubyman.
Oct 15 11:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19331]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417392.
Oct 15 11:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15852]: pam_unix(cron:session): session closed for user root
Oct 15 11:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19209]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: Invalid user admin from 165.22.200.57
Oct 15 11:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: input_userauth_request: invalid user admin [preauth]
Oct 15 11:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: Failed password for invalid user admin from 165.22.200.57 port 34864 ssh2
Oct 15 11:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19906]: Connection closed by 165.22.200.57 port 34864 [preauth]
Oct 15 11:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17806]: pam_unix(cron:session): session closed for user root
Oct 15 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20062]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20059]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20056]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20140]: Successful su for rubyman by root
Oct 15 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20140]: + ??? root:rubyman
Oct 15 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417397 of user rubyman.
Oct 15 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20140]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417397.
Oct 15 11:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: Invalid user admin from 165.22.200.57
Oct 15 11:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: input_userauth_request: invalid user admin [preauth]
Oct 15 11:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: Failed password for invalid user admin from 165.22.200.57 port 57456 ssh2
Oct 15 11:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20243]: Connection closed by 165.22.200.57 port 57456 [preauth]
Oct 15 11:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16333]: pam_unix(cron:session): session closed for user root
Oct 15 11:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 15 11:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:118.193.73.8
Oct 15 11:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20058]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18580]: pam_unix(cron:session): session closed for user root
Oct 15 11:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20517]: Invalid user alex from 2.57.122.26
Oct 15 11:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20517]: input_userauth_request: invalid user alex [preauth]
Oct 15 11:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20517]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26
Oct 15 11:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20517]: Failed password for invalid user alex from 2.57.122.26 port 55866 ssh2
Oct 15 11:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20517]: Connection closed by 2.57.122.26 port 55866 [preauth]
Oct 15 11:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: Invalid user admin from 165.22.200.57
Oct 15 11:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: input_userauth_request: invalid user admin [preauth]
Oct 15 11:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: Failed password for invalid user admin from 165.22.200.57 port 38802 ssh2
Oct 15 11:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20541]: Connection closed by 165.22.200.57 port 38802 [preauth]
Oct 15 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20589]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20588]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20586]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20662]: Successful su for rubyman by root
Oct 15 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20662]: + ??? root:rubyman
Oct 15 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417399 of user rubyman.
Oct 15 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20662]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417399.
Oct 15 11:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16822]: pam_unix(cron:session): session closed for user root
Oct 15 11:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20587]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: Invalid user test from 165.22.200.57
Oct 15 11:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: input_userauth_request: invalid user test [preauth]
Oct 15 11:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: Failed password for invalid user test from 165.22.200.57 port 59286 ssh2
Oct 15 11:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: Connection closed by 165.22.200.57 port 59286 [preauth]
Oct 15 11:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19211]: pam_unix(cron:session): session closed for user root
Oct 15 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21063]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21065]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21064]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21061]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21065]: pam_unix(cron:session): session closed for user root
Oct 15 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21059]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21138]: Successful su for rubyman by root
Oct 15 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21138]: + ??? root:rubyman
Oct 15 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417405 of user rubyman.
Oct 15 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21138]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417405.
Oct 15 11:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: Invalid user test from 165.22.200.57
Oct 15 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: input_userauth_request: invalid user test [preauth]
Oct 15 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 15 11:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: Failed password for invalid user test from 165.22.200.57 port 36210 ssh2
Oct 15 11:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21181]: Connection closed by 165.22.200.57 port 36210 [preauth]
Oct 15 11:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21061]: pam_unix(cron:session): session closed for user root
Oct 15 11:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17293]: pam_unix(cron:session): session closed for user root
Oct 15 11:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21183]: Failed password for root from 185.156.73.233 port 48282 ssh2
Oct 15 11:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21183]: Connection closed by 185.156.73.233 port 48282 [preauth]
Oct 15 11:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21060]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20062]: pam_unix(cron:session): session closed for user root
Oct 15 11:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: Invalid user test from 165.22.200.57
Oct 15 11:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: input_userauth_request: invalid user test [preauth]
Oct 15 11:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: Failed password for invalid user test from 165.22.200.57 port 57826 ssh2
Oct 15 11:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21582]: Connection closed by 165.22.200.57 port 57826 [preauth]
Oct 15 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21612]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21611]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21609]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21694]: Successful su for rubyman by root
Oct 15 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21694]: + ??? root:rubyman
Oct 15 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417409 of user rubyman.
Oct 15 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21694]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417409.
Oct 15 11:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17801]: pam_unix(cron:session): session closed for user root
Oct 15 11:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21610]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21984]: Invalid user test from 165.22.200.57
Oct 15 11:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21984]: input_userauth_request: invalid user test [preauth]
Oct 15 11:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21984]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21984]: Failed password for invalid user test from 165.22.200.57 port 47778 ssh2
Oct 15 11:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21984]: Connection closed by 165.22.200.57 port 47778 [preauth]
Oct 15 11:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20589]: pam_unix(cron:session): session closed for user root
Oct 15 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22097]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22096]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22095]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22093]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22190]: Successful su for rubyman by root
Oct 15 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22190]: + ??? root:rubyman
Oct 15 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417413 of user rubyman.
Oct 15 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22190]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417413.
Oct 15 11:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18579]: pam_unix(cron:session): session closed for user root
Oct 15 11:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: Invalid user test from 165.22.200.57
Oct 15 11:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: input_userauth_request: invalid user test [preauth]
Oct 15 11:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: Failed password for invalid user test from 165.22.200.57 port 45644 ssh2
Oct 15 11:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22390]: Connection closed by 165.22.200.57 port 45644 [preauth]
Oct 15 11:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22095]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21064]: pam_unix(cron:session): session closed for user root
Oct 15 11:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22544]: Invalid user test from 165.22.200.57
Oct 15 11:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22544]: input_userauth_request: invalid user test [preauth]
Oct 15 11:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22544]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22544]: Failed password for invalid user test from 165.22.200.57 port 56792 ssh2
Oct 15 11:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22544]: Connection closed by 165.22.200.57 port 56792 [preauth]
Oct 15 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22596]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22595]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22593]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22689]: Successful su for rubyman by root
Oct 15 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22689]: + ??? root:rubyman
Oct 15 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417417 of user rubyman.
Oct 15 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22689]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417417.
Oct 15 11:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19210]: pam_unix(cron:session): session closed for user root
Oct 15 11:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22594]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: Invalid user test from 165.22.200.57
Oct 15 11:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: input_userauth_request: invalid user test [preauth]
Oct 15 11:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: Failed password for invalid user test from 165.22.200.57 port 57718 ssh2
Oct 15 11:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23305]: Connection closed by 165.22.200.57 port 57718 [preauth]
Oct 15 11:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21612]: pam_unix(cron:session): session closed for user root
Oct 15 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23776]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23775]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23770]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23852]: Successful su for rubyman by root
Oct 15 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23852]: + ??? root:rubyman
Oct 15 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417421 of user rubyman.
Oct 15 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23852]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417421.
Oct 15 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23850]: Invalid user test from 165.22.200.57
Oct 15 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23850]: input_userauth_request: invalid user test [preauth]
Oct 15 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23850]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23850]: Failed password for invalid user test from 165.22.200.57 port 43252 ssh2
Oct 15 11:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23850]: Connection closed by 165.22.200.57 port 43252 [preauth]
Oct 15 11:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20059]: pam_unix(cron:session): session closed for user root
Oct 15 11:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23773]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22097]: pam_unix(cron:session): session closed for user root
Oct 15 11:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24211]: Invalid user test from 165.22.200.57
Oct 15 11:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24211]: input_userauth_request: invalid user test [preauth]
Oct 15 11:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24211]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24211]: Failed password for invalid user test from 165.22.200.57 port 38770 ssh2
Oct 15 11:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24211]: Connection closed by 165.22.200.57 port 38770 [preauth]
Oct 15 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24284]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24285]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24287]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24283]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24280]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24287]: pam_unix(cron:session): session closed for user root
Oct 15 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24280]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24380]: Successful su for rubyman by root
Oct 15 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24380]: + ??? root:rubyman
Oct 15 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417427 of user rubyman.
Oct 15 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24380]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417427.
Oct 15 11:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24283]: pam_unix(cron:session): session closed for user root
Oct 15 11:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20588]: pam_unix(cron:session): session closed for user root
Oct 15 11:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: Invalid user user from 165.22.200.57
Oct 15 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: input_userauth_request: invalid user user [preauth]
Oct 15 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24281]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: Failed password for invalid user user from 165.22.200.57 port 51902 ssh2
Oct 15 11:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: Connection closed by 165.22.200.57 port 51902 [preauth]
Oct 15 11:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22596]: pam_unix(cron:session): session closed for user root
Oct 15 11:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: Invalid user user from 165.22.200.57
Oct 15 11:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: input_userauth_request: invalid user user [preauth]
Oct 15 11:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: Failed password for invalid user user from 165.22.200.57 port 55130 ssh2
Oct 15 11:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: Connection closed by 165.22.200.57 port 55130 [preauth]
Oct 15 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24824]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24825]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24822]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24905]: Successful su for rubyman by root
Oct 15 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24905]: + ??? root:rubyman
Oct 15 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417431 of user rubyman.
Oct 15 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24905]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417431.
Oct 15 11:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21063]: pam_unix(cron:session): session closed for user root
Oct 15 11:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24823]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25251]: Invalid user user from 165.22.200.57
Oct 15 11:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25251]: input_userauth_request: invalid user user [preauth]
Oct 15 11:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25251]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23776]: pam_unix(cron:session): session closed for user root
Oct 15 11:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25251]: Failed password for invalid user user from 165.22.200.57 port 53098 ssh2
Oct 15 11:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25251]: Connection closed by 165.22.200.57 port 53098 [preauth]
Oct 15 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25557]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25556]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25554]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25624]: Successful su for rubyman by root
Oct 15 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25624]: + ??? root:rubyman
Oct 15 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417435 of user rubyman.
Oct 15 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25624]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417435.
Oct 15 11:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21611]: pam_unix(cron:session): session closed for user root
Oct 15 11:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: Invalid user user from 165.22.200.57
Oct 15 11:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: input_userauth_request: invalid user user [preauth]
Oct 15 11:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25555]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: Failed password for invalid user user from 165.22.200.57 port 58592 ssh2
Oct 15 11:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25930]: Connection closed by 165.22.200.57 port 58592 [preauth]
Oct 15 11:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: Invalid user ftpuser from 185.156.73.233
Oct 15 11:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 11:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 11:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: Failed password for invalid user ftpuser from 185.156.73.233 port 46984 ssh2
Oct 15 11:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: Connection closed by 185.156.73.233 port 46984 [preauth]
Oct 15 11:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24285]: pam_unix(cron:session): session closed for user root
Oct 15 11:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: Invalid user user from 165.22.200.57
Oct 15 11:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: input_userauth_request: invalid user user [preauth]
Oct 15 11:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: Failed password for invalid user user from 165.22.200.57 port 55144 ssh2
Oct 15 11:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: Connection closed by 165.22.200.57 port 55144 [preauth]
Oct 15 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26125]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26124]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26122]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26197]: Successful su for rubyman by root
Oct 15 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26197]: + ??? root:rubyman
Oct 15 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417441 of user rubyman.
Oct 15 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26197]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417441.
Oct 15 11:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22096]: pam_unix(cron:session): session closed for user root
Oct 15 11:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26123]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26578]: Invalid user user from 165.22.200.57
Oct 15 11:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26578]: input_userauth_request: invalid user user [preauth]
Oct 15 11:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26578]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26578]: Failed password for invalid user user from 165.22.200.57 port 49398 ssh2
Oct 15 11:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26578]: Connection closed by 165.22.200.57 port 49398 [preauth]
Oct 15 11:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24825]: pam_unix(cron:session): session closed for user root
Oct 15 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26695]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26699]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26692]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26693]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26692]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26789]: Successful su for rubyman by root
Oct 15 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26789]: + ??? root:rubyman
Oct 15 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417445 of user rubyman.
Oct 15 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26789]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417445.
Oct 15 11:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22595]: pam_unix(cron:session): session closed for user root
Oct 15 11:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Invalid user user from 165.22.200.57
Oct 15 11:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: input_userauth_request: invalid user user [preauth]
Oct 15 11:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Failed password for invalid user user from 165.22.200.57 port 43070 ssh2
Oct 15 11:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27163]: Connection closed by 165.22.200.57 port 43070 [preauth]
Oct 15 11:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26693]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25557]: pam_unix(cron:session): session closed for user root
Oct 15 11:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: Invalid user user from 165.22.200.57
Oct 15 11:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: input_userauth_request: invalid user user [preauth]
Oct 15 11:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: Failed password for invalid user user from 165.22.200.57 port 37318 ssh2
Oct 15 11:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27336]: Connection closed by 165.22.200.57 port 37318 [preauth]
Oct 15 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27401]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27402]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27399]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27400]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27402]: pam_unix(cron:session): session closed for user root
Oct 15 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27397]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27487]: Successful su for rubyman by root
Oct 15 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27487]: + ??? root:rubyman
Oct 15 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27487]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417447 of user rubyman.
Oct 15 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27487]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417447.
Oct 15 11:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27399]: pam_unix(cron:session): session closed for user root
Oct 15 11:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23775]: pam_unix(cron:session): session closed for user root
Oct 15 11:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27398]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: Invalid user user from 165.22.200.57
Oct 15 11:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: input_userauth_request: invalid user user [preauth]
Oct 15 11:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: Failed password for invalid user user from 165.22.200.57 port 46152 ssh2
Oct 15 11:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: Connection closed by 165.22.200.57 port 46152 [preauth]
Oct 15 11:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26125]: pam_unix(cron:session): session closed for user root
Oct 15 11:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: Invalid user ubuntu from 165.22.200.57
Oct 15 11:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 11:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28213]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28212]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28210]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: Failed password for invalid user ubuntu from 165.22.200.57 port 53228 ssh2
Oct 15 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28207]: Connection closed by 165.22.200.57 port 53228 [preauth]
Oct 15 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28285]: Successful su for rubyman by root
Oct 15 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28285]: + ??? root:rubyman
Oct 15 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28285]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417453 of user rubyman.
Oct 15 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28285]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417453.
Oct 15 11:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 15 11:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.79.192.229
Oct 15 11:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24284]: pam_unix(cron:session): session closed for user root
Oct 15 11:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28211]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26699]: pam_unix(cron:session): session closed for user root
Oct 15 11:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: Invalid user ubuntu from 165.22.200.57
Oct 15 11:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 11:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: Failed password for invalid user ubuntu from 165.22.200.57 port 34948 ssh2
Oct 15 11:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28892]: Connection closed by 165.22.200.57 port 34948 [preauth]
Oct 15 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29072]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29071]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29070]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29073]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29070]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29147]: Successful su for rubyman by root
Oct 15 11:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29147]: + ??? root:rubyman
Oct 15 11:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417457 of user rubyman.
Oct 15 11:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29147]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417457.
Oct 15 11:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24824]: pam_unix(cron:session): session closed for user root
Oct 15 11:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29381]: Invalid user test from 178.62.93.150
Oct 15 11:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29381]: input_userauth_request: invalid user test [preauth]
Oct 15 11:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29381]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 11:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29381]: Failed password for invalid user test from 178.62.93.150 port 53886 ssh2
Oct 15 11:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29381]: Received disconnect from 178.62.93.150 port 53886:11: Bye Bye [preauth]
Oct 15 11:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29381]: Disconnected from 178.62.93.150 port 53886 [preauth]
Oct 15 11:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29071]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: Invalid user ubuntu from 165.22.200.57
Oct 15 11:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 11:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: Failed password for invalid user ubuntu from 165.22.200.57 port 51974 ssh2
Oct 15 11:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29397]: Connection closed by 165.22.200.57 port 51974 [preauth]
Oct 15 11:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27401]: pam_unix(cron:session): session closed for user root
Oct 15 11:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29570]: Invalid user ubuntu from 165.22.200.57
Oct 15 11:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29570]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 11:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29570]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29570]: Failed password for invalid user ubuntu from 165.22.200.57 port 34144 ssh2
Oct 15 11:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29570]: Connection closed by 165.22.200.57 port 34144 [preauth]
Oct 15 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29585]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29584]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29582]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29662]: Successful su for rubyman by root
Oct 15 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29662]: + ??? root:rubyman
Oct 15 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417462 of user rubyman.
Oct 15 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29662]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417462.
Oct 15 11:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25556]: pam_unix(cron:session): session closed for user root
Oct 15 11:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29583]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29990]: Invalid user ubuntu from 165.22.200.57
Oct 15 11:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29990]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 11:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29990]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29990]: Failed password for invalid user ubuntu from 165.22.200.57 port 38508 ssh2
Oct 15 11:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29990]: Connection closed by 165.22.200.57 port 38508 [preauth]
Oct 15 11:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28213]: pam_unix(cron:session): session closed for user root
Oct 15 11:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: Invalid user dev from 117.252.95.54
Oct 15 11:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: input_userauth_request: invalid user dev [preauth]
Oct 15 11:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 11:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: Failed password for invalid user dev from 117.252.95.54 port 14644 ssh2
Oct 15 11:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: Received disconnect from 117.252.95.54 port 14644:11: Bye Bye [preauth]
Oct 15 11:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: Disconnected from 117.252.95.54 port 14644 [preauth]
Oct 15 11:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: Invalid user ali from 115.240.221.28
Oct 15 11:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: input_userauth_request: invalid user ali [preauth]
Oct 15 11:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 11:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: Failed password for invalid user ali from 115.240.221.28 port 46203 ssh2
Oct 15 11:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: Received disconnect from 115.240.221.28 port 46203:11: Bye Bye [preauth]
Oct 15 11:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: Disconnected from 115.240.221.28 port 46203 [preauth]
Oct 15 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30107]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30108]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30105]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30187]: Successful su for rubyman by root
Oct 15 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30187]: + ??? root:rubyman
Oct 15 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417466 of user rubyman.
Oct 15 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30187]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417466.
Oct 15 11:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26124]: pam_unix(cron:session): session closed for user root
Oct 15 11:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: Invalid user ubuntu from 165.22.200.57
Oct 15 11:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 11:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: Failed password for invalid user ubuntu from 165.22.200.57 port 58776 ssh2
Oct 15 11:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: Connection closed by 165.22.200.57 port 58776 [preauth]
Oct 15 11:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30106]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 15 11:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mediuscorp@mediuscorp.com@198.199.94.12 rhost=::ffff:79.124.49.146
Oct 15 11:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 15 11:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=mediuscorp@mediuscorp.com rhost=::ffff:79.124.49.146
Oct 15 11:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: Invalid user postgres from 47.247.99.155
Oct 15 11:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: input_userauth_request: invalid user postgres [preauth]
Oct 15 11:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 11:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: Failed password for invalid user postgres from 47.247.99.155 port 60772 ssh2
Oct 15 11:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: Received disconnect from 47.247.99.155 port 60772:11: Bye Bye [preauth]
Oct 15 11:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30612]: Disconnected from 47.247.99.155 port 60772 [preauth]
Oct 15 11:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29073]: pam_unix(cron:session): session closed for user root
Oct 15 11:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30708]: Invalid user ubuntu from 165.22.200.57
Oct 15 11:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30708]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 11:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30708]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30708]: Failed password for invalid user ubuntu from 165.22.200.57 port 53984 ssh2
Oct 15 11:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30708]: Connection closed by 165.22.200.57 port 53984 [preauth]
Oct 15 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30728]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30731]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30729]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30727]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30731]: pam_unix(cron:session): session closed for user root
Oct 15 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30723]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30812]: Successful su for rubyman by root
Oct 15 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30812]: + ??? root:rubyman
Oct 15 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417471 of user rubyman.
Oct 15 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[30812]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417471.
Oct 15 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: Invalid user agent from 178.62.93.150
Oct 15 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: input_userauth_request: invalid user agent [preauth]
Oct 15 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 11:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: Failed password for invalid user agent from 178.62.93.150 port 36214 ssh2
Oct 15 11:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: Received disconnect from 178.62.93.150 port 36214:11: Bye Bye [preauth]
Oct 15 11:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: Disconnected from 178.62.93.150 port 36214 [preauth]
Oct 15 11:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30727]: pam_unix(cron:session): session closed for user root
Oct 15 11:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26695]: pam_unix(cron:session): session closed for user root
Oct 15 11:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30725]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
Oct 15 11:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Invalid user admin from 2.57.121.112
Oct 15 11:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: input_userauth_request: invalid user admin [preauth]
Oct 15 11:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 11:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: Failed password for root from 80.94.95.116 port 45808 ssh2
Oct 15 11:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Failed password for invalid user admin from 2.57.121.112 port 25214 ssh2
Oct 15 11:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: Connection closed by 80.94.95.116 port 45808 [preauth]
Oct 15 11:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Failed password for invalid user admin from 2.57.121.112 port 25214 ssh2
Oct 15 11:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Failed password for invalid user admin from 2.57.121.112 port 25214 ssh2
Oct 15 11:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Failed password for invalid user admin from 2.57.121.112 port 25214 ssh2
Oct 15 11:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Failed password for invalid user admin from 2.57.121.112 port 25214 ssh2
Oct 15 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: Invalid user ubuntu from 165.22.200.57
Oct 15 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Received disconnect from 2.57.121.112 port 25214:11: Bye [preauth]
Oct 15 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: Disconnected from 2.57.121.112 port 25214 [preauth]
Oct 15 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31109]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: Failed password for invalid user ubuntu from 165.22.200.57 port 42070 ssh2
Oct 15 11:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31132]: Connection closed by 165.22.200.57 port 42070 [preauth]
Oct 15 11:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29585]: pam_unix(cron:session): session closed for user root
Oct 15 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31251]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31250]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31247]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31329]: Successful su for rubyman by root
Oct 15 11:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31329]: + ??? root:rubyman
Oct 15 11:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417475 of user rubyman.
Oct 15 11:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31329]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417475.
Oct 15 11:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31364]: Invalid user ubuntu from 165.22.200.57
Oct 15 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31364]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31364]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31364]: Failed password for invalid user ubuntu from 165.22.200.57 port 52216 ssh2
Oct 15 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31364]: Connection closed by 165.22.200.57 port 52216 [preauth]
Oct 15 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31496]: Invalid user vishal from 117.252.95.54
Oct 15 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31496]: input_userauth_request: invalid user vishal [preauth]
Oct 15 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31496]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 11:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31496]: Failed password for invalid user vishal from 117.252.95.54 port 52121 ssh2
Oct 15 11:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31496]: Received disconnect from 117.252.95.54 port 52121:11: Bye Bye [preauth]
Oct 15 11:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31496]: Disconnected from 117.252.95.54 port 52121 [preauth]
Oct 15 11:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27400]: pam_unix(cron:session): session closed for user root
Oct 15 11:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Invalid user delphine from 164.68.105.9
Oct 15 11:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: input_userauth_request: invalid user delphine [preauth]
Oct 15 11:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 11:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Failed password for invalid user delphine from 164.68.105.9 port 41980 ssh2
Oct 15 11:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Connection closed by 164.68.105.9 port 41980 [preauth]
Oct 15 11:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31249]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: Invalid user deploy from 178.62.93.150
Oct 15 11:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: input_userauth_request: invalid user deploy [preauth]
Oct 15 11:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 11:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30108]: pam_unix(cron:session): session closed for user root
Oct 15 11:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: Failed password for invalid user deploy from 178.62.93.150 port 56008 ssh2
Oct 15 11:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Invalid user user from 115.240.221.28
Oct 15 11:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: input_userauth_request: invalid user user [preauth]
Oct 15 11:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 11:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: Received disconnect from 178.62.93.150 port 56008:11: Bye Bye [preauth]
Oct 15 11:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: Disconnected from 178.62.93.150 port 56008 [preauth]
Oct 15 11:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: Invalid user guest from 165.22.200.57
Oct 15 11:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: input_userauth_request: invalid user guest [preauth]
Oct 15 11:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Failed password for invalid user user from 115.240.221.28 port 30675 ssh2
Oct 15 11:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Received disconnect from 115.240.221.28 port 30675:11: Bye Bye [preauth]
Oct 15 11:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Disconnected from 115.240.221.28 port 30675 [preauth]
Oct 15 11:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: Failed password for invalid user guest from 165.22.200.57 port 60682 ssh2
Oct 15 11:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31835]: Connection closed by 165.22.200.57 port 60682 [preauth]
Oct 15 11:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: Invalid user server from 47.247.99.155
Oct 15 11:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: input_userauth_request: invalid user server [preauth]
Oct 15 11:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 11:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: Failed password for invalid user server from 47.247.99.155 port 52294 ssh2
Oct 15 11:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: Received disconnect from 47.247.99.155 port 52294:11: Bye Bye [preauth]
Oct 15 11:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: Disconnected from 47.247.99.155 port 52294 [preauth]
Oct 15 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31900]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31899]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31896]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31975]: Successful su for rubyman by root
Oct 15 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31975]: + ??? root:rubyman
Oct 15 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417479 of user rubyman.
Oct 15 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31975]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417479.
Oct 15 11:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28212]: pam_unix(cron:session): session closed for user root
Oct 15 11:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31897]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: Invalid user guest from 165.22.200.57
Oct 15 11:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: input_userauth_request: invalid user guest [preauth]
Oct 15 11:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: Failed password for invalid user guest from 165.22.200.57 port 48486 ssh2
Oct 15 11:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: Connection closed by 165.22.200.57 port 48486 [preauth]
Oct 15 11:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30729]: pam_unix(cron:session): session closed for user root
Oct 15 11:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: Invalid user radio from 117.252.95.54
Oct 15 11:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: input_userauth_request: invalid user radio [preauth]
Oct 15 11:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 11:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: Failed password for invalid user radio from 117.252.95.54 port 42595 ssh2
Oct 15 11:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: Received disconnect from 117.252.95.54 port 42595:11: Bye Bye [preauth]
Oct 15 11:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: Disconnected from 117.252.95.54 port 42595 [preauth]
Oct 15 11:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: Invalid user guest from 165.22.200.57
Oct 15 11:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: input_userauth_request: invalid user guest [preauth]
Oct 15 11:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: Failed password for invalid user guest from 165.22.200.57 port 45196 ssh2
Oct 15 11:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32434]: Connection closed by 165.22.200.57 port 45196 [preauth]
Oct 15 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32454]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32453]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32450]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32520]: Successful su for rubyman by root
Oct 15 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32520]: + ??? root:rubyman
Oct 15 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417485 of user rubyman.
Oct 15 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32520]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417485.
Oct 15 11:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29072]: pam_unix(cron:session): session closed for user root
Oct 15 11:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: Invalid user testuser from 115.240.221.28
Oct 15 11:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: input_userauth_request: invalid user testuser [preauth]
Oct 15 11:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 11:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: Invalid user odoo17 from 178.62.93.150
Oct 15 11:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: input_userauth_request: invalid user odoo17 [preauth]
Oct 15 11:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 11:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: Failed password for invalid user testuser from 115.240.221.28 port 55426 ssh2
Oct 15 11:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: Received disconnect from 115.240.221.28 port 55426:11: Bye Bye [preauth]
Oct 15 11:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32724]: Disconnected from 115.240.221.28 port 55426 [preauth]
Oct 15 11:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32452]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: Failed password for invalid user odoo17 from 178.62.93.150 port 33784 ssh2
Oct 15 11:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: Received disconnect from 178.62.93.150 port 33784:11: Bye Bye [preauth]
Oct 15 11:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: Disconnected from 178.62.93.150 port 33784 [preauth]
Oct 15 11:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155  user=root
Oct 15 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[362]: Invalid user guest from 165.22.200.57
Oct 15 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[362]: input_userauth_request: invalid user guest [preauth]
Oct 15 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[362]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: Failed password for root from 47.247.99.155 port 55902 ssh2
Oct 15 11:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[362]: Failed password for invalid user guest from 165.22.200.57 port 43424 ssh2
Oct 15 11:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: Received disconnect from 47.247.99.155 port 55902:11: Bye Bye [preauth]
Oct 15 11:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[358]: Disconnected from 47.247.99.155 port 55902 [preauth]
Oct 15 11:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[362]: Connection closed by 165.22.200.57 port 43424 [preauth]
Oct 15 11:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31251]: pam_unix(cron:session): session closed for user root
Oct 15 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[476]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[475]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[470]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[473]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[637]: Successful su for rubyman by root
Oct 15 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[637]: + ??? root:rubyman
Oct 15 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417488 of user rubyman.
Oct 15 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[637]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417488.
Oct 15 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[470]: pam_unix(cron:session): session closed for user root
Oct 15 11:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29584]: pam_unix(cron:session): session closed for user root
Oct 15 11:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[898]: Invalid user guest from 165.22.200.57
Oct 15 11:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[898]: input_userauth_request: invalid user guest [preauth]
Oct 15 11:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[898]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[474]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[898]: Failed password for invalid user guest from 165.22.200.57 port 34826 ssh2
Oct 15 11:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[898]: Connection closed by 165.22.200.57 port 34826 [preauth]
Oct 15 11:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: Invalid user deployer from 117.252.95.54
Oct 15 11:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: input_userauth_request: invalid user deployer [preauth]
Oct 15 11:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: Failed password for invalid user deployer from 117.252.95.54 port 23848 ssh2
Oct 15 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: Received disconnect from 117.252.95.54 port 23848:11: Bye Bye [preauth]
Oct 15 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1042]: Disconnected from 117.252.95.54 port 23848 [preauth]
Oct 15 11:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31900]: pam_unix(cron:session): session closed for user root
Oct 15 11:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: Invalid user tempuser from 178.62.93.150
Oct 15 11:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: input_userauth_request: invalid user tempuser [preauth]
Oct 15 11:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 11:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: Failed password for invalid user tempuser from 178.62.93.150 port 51992 ssh2
Oct 15 11:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: Received disconnect from 178.62.93.150 port 51992:11: Bye Bye [preauth]
Oct 15 11:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1110]: Disconnected from 178.62.93.150 port 51992 [preauth]
Oct 15 11:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Invalid user server from 115.240.221.28
Oct 15 11:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: input_userauth_request: invalid user server [preauth]
Oct 15 11:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 11:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1133]: Invalid user guest from 165.22.200.57
Oct 15 11:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1133]: input_userauth_request: invalid user guest [preauth]
Oct 15 11:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1133]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Failed password for invalid user server from 115.240.221.28 port 29796 ssh2
Oct 15 11:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Received disconnect from 115.240.221.28 port 29796:11: Bye Bye [preauth]
Oct 15 11:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1122]: Disconnected from 115.240.221.28 port 29796 [preauth]
Oct 15 11:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1133]: Failed password for invalid user guest from 165.22.200.57 port 57284 ssh2
Oct 15 11:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1133]: Connection closed by 165.22.200.57 port 57284 [preauth]
Oct 15 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1153]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1156]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1154]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1152]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1156]: pam_unix(cron:session): session closed for user root
Oct 15 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1150]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1231]: Successful su for rubyman by root
Oct 15 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1231]: + ??? root:rubyman
Oct 15 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417494 of user rubyman.
Oct 15 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1231]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417494.
Oct 15 11:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1152]: pam_unix(cron:session): session closed for user root
Oct 15 11:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30107]: pam_unix(cron:session): session closed for user root
Oct 15 11:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: Invalid user nagios from 47.247.99.155
Oct 15 11:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: input_userauth_request: invalid user nagios [preauth]
Oct 15 11:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 11:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: Failed password for invalid user nagios from 47.247.99.155 port 53834 ssh2
Oct 15 11:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: Received disconnect from 47.247.99.155 port 53834:11: Bye Bye [preauth]
Oct 15 11:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1482]: Disconnected from 47.247.99.155 port 53834 [preauth]
Oct 15 11:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1151]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1583]: Invalid user guest from 165.22.200.57
Oct 15 11:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1583]: input_userauth_request: invalid user guest [preauth]
Oct 15 11:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1583]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1583]: Failed password for invalid user guest from 165.22.200.57 port 51010 ssh2
Oct 15 11:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1583]: Connection closed by 165.22.200.57 port 51010 [preauth]
Oct 15 11:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32454]: pam_unix(cron:session): session closed for user root
Oct 15 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1696]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1697]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1694]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1695]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1694]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: Successful su for rubyman by root
Oct 15 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: + ??? root:rubyman
Oct 15 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417500 of user rubyman.
Oct 15 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417500.
Oct 15 11:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: Invalid user nagios from 117.252.95.54
Oct 15 11:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: input_userauth_request: invalid user nagios [preauth]
Oct 15 11:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 11:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: Failed password for invalid user nagios from 117.252.95.54 port 32944 ssh2
Oct 15 11:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: Received disconnect from 117.252.95.54 port 32944:11: Bye Bye [preauth]
Oct 15 11:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1997]: Disconnected from 117.252.95.54 port 32944 [preauth]
Oct 15 11:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30728]: pam_unix(cron:session): session closed for user root
Oct 15 11:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Invalid user guest from 165.22.200.57
Oct 15 11:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: input_userauth_request: invalid user guest [preauth]
Oct 15 11:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: Invalid user test01 from 178.62.93.150
Oct 15 11:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: input_userauth_request: invalid user test01 [preauth]
Oct 15 11:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 11:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: Failed password for invalid user test01 from 178.62.93.150 port 56752 ssh2
Oct 15 11:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Failed password for invalid user guest from 165.22.200.57 port 39334 ssh2
Oct 15 11:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: Received disconnect from 178.62.93.150 port 56752:11: Bye Bye [preauth]
Oct 15 11:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: Disconnected from 178.62.93.150 port 56752 [preauth]
Oct 15 11:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Connection closed by 165.22.200.57 port 39334 [preauth]
Oct 15 11:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1695]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2165]: Invalid user radio from 115.240.221.28
Oct 15 11:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2165]: input_userauth_request: invalid user radio [preauth]
Oct 15 11:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2165]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 11:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2165]: Failed password for invalid user radio from 115.240.221.28 port 9577 ssh2
Oct 15 11:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2165]: Received disconnect from 115.240.221.28 port 9577:11: Bye Bye [preauth]
Oct 15 11:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2165]: Disconnected from 115.240.221.28 port 9577 [preauth]
Oct 15 11:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[476]: pam_unix(cron:session): session closed for user root
Oct 15 11:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: Invalid user test from 47.247.99.155
Oct 15 11:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: input_userauth_request: invalid user test [preauth]
Oct 15 11:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 11:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: Failed password for invalid user test from 47.247.99.155 port 49788 ssh2
Oct 15 11:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: Received disconnect from 47.247.99.155 port 49788:11: Bye Bye [preauth]
Oct 15 11:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2232]: Disconnected from 47.247.99.155 port 49788 [preauth]
Oct 15 11:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: Invalid user guest from 165.22.200.57
Oct 15 11:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: input_userauth_request: invalid user guest [preauth]
Oct 15 11:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: Failed password for invalid user guest from 165.22.200.57 port 59364 ssh2
Oct 15 11:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: Connection closed by 165.22.200.57 port 59364 [preauth]
Oct 15 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2289]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2290]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2287]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2351]: Successful su for rubyman by root
Oct 15 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2351]: + ??? root:rubyman
Oct 15 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417503 of user rubyman.
Oct 15 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2351]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417503.
Oct 15 11:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31250]: pam_unix(cron:session): session closed for user root
Oct 15 11:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2288]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: Invalid user delphine from 164.68.105.9
Oct 15 11:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: input_userauth_request: invalid user delphine [preauth]
Oct 15 11:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 11:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: Invalid user oracle from 165.22.200.57
Oct 15 11:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: input_userauth_request: invalid user oracle [preauth]
Oct 15 11:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: Failed password for invalid user delphine from 164.68.105.9 port 49870 ssh2
Oct 15 11:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: Connection closed by 164.68.105.9 port 49870 [preauth]
Oct 15 11:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: Failed password for invalid user oracle from 165.22.200.57 port 37486 ssh2
Oct 15 11:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: Connection closed by 165.22.200.57 port 37486 [preauth]
Oct 15 11:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: Invalid user teamspeak from 178.62.93.150
Oct 15 11:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: input_userauth_request: invalid user teamspeak [preauth]
Oct 15 11:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 11:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: Failed password for invalid user teamspeak from 178.62.93.150 port 55090 ssh2
Oct 15 11:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: Received disconnect from 178.62.93.150 port 55090:11: Bye Bye [preauth]
Oct 15 11:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: Disconnected from 178.62.93.150 port 55090 [preauth]
Oct 15 11:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: Invalid user server from 117.252.95.54
Oct 15 11:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: input_userauth_request: invalid user server [preauth]
Oct 15 11:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 11:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1154]: pam_unix(cron:session): session closed for user root
Oct 15 11:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: Failed password for invalid user server from 117.252.95.54 port 31694 ssh2
Oct 15 11:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: Received disconnect from 117.252.95.54 port 31694:11: Bye Bye [preauth]
Oct 15 11:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2681]: Disconnected from 117.252.95.54 port 31694 [preauth]
Oct 15 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2742]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2744]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2740]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2809]: Successful su for rubyman by root
Oct 15 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2809]: + ??? root:rubyman
Oct 15 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417506 of user rubyman.
Oct 15 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2809]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417506.
Oct 15 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: Invalid user oracle from 165.22.200.57
Oct 15 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: input_userauth_request: invalid user oracle [preauth]
Oct 15 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: Invalid user django from 115.240.221.28
Oct 15 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: input_userauth_request: invalid user django [preauth]
Oct 15 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: Failed password for invalid user oracle from 165.22.200.57 port 60864 ssh2
Oct 15 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: Failed password for invalid user django from 115.240.221.28 port 55388 ssh2
Oct 15 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: Connection closed by 165.22.200.57 port 60864 [preauth]
Oct 15 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: Received disconnect from 115.240.221.28 port 55388:11: Bye Bye [preauth]
Oct 15 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: Disconnected from 115.240.221.28 port 55388 [preauth]
Oct 15 11:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31899]: pam_unix(cron:session): session closed for user root
Oct 15 11:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: Invalid user weblogic from 47.247.99.155
Oct 15 11:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: input_userauth_request: invalid user weblogic [preauth]
Oct 15 11:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 11:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2741]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: Failed password for invalid user weblogic from 47.247.99.155 port 44562 ssh2
Oct 15 11:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: Received disconnect from 47.247.99.155 port 44562:11: Bye Bye [preauth]
Oct 15 11:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3030]: Disconnected from 47.247.99.155 port 44562 [preauth]
Oct 15 11:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1697]: pam_unix(cron:session): session closed for user root
Oct 15 11:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: Invalid user oracle from 165.22.200.57
Oct 15 11:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: input_userauth_request: invalid user oracle [preauth]
Oct 15 11:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: Failed password for invalid user oracle from 165.22.200.57 port 59892 ssh2
Oct 15 11:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: Connection closed by 165.22.200.57 port 59892 [preauth]
Oct 15 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3197]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3196]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3194]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3268]: Successful su for rubyman by root
Oct 15 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3268]: + ??? root:rubyman
Oct 15 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417513 of user rubyman.
Oct 15 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3268]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417513.
Oct 15 11:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3373]: Invalid user deployer from 178.62.93.150
Oct 15 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3373]: input_userauth_request: invalid user deployer [preauth]
Oct 15 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3373]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3373]: Failed password for invalid user deployer from 178.62.93.150 port 48664 ssh2
Oct 15 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3373]: Received disconnect from 178.62.93.150 port 48664:11: Bye Bye [preauth]
Oct 15 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3373]: Disconnected from 178.62.93.150 port 48664 [preauth]
Oct 15 11:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32453]: pam_unix(cron:session): session closed for user root
Oct 15 11:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: Invalid user test01 from 117.252.95.54
Oct 15 11:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: input_userauth_request: invalid user test01 [preauth]
Oct 15 11:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 11:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: Failed password for invalid user test01 from 117.252.95.54 port 36405 ssh2
Oct 15 11:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: Received disconnect from 117.252.95.54 port 36405:11: Bye Bye [preauth]
Oct 15 11:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3477]: Disconnected from 117.252.95.54 port 36405 [preauth]
Oct 15 11:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3195]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: Invalid user oracle from 165.22.200.57
Oct 15 11:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: input_userauth_request: invalid user oracle [preauth]
Oct 15 11:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: Failed password for invalid user oracle from 165.22.200.57 port 44546 ssh2
Oct 15 11:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: Connection closed by 165.22.200.57 port 44546 [preauth]
Oct 15 11:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.93  user=root
Oct 15 11:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: Failed password for root from 194.0.234.93 port 30262 ssh2
Oct 15 11:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3542]: Connection closed by 194.0.234.93 port 30262 [preauth]
Oct 15 11:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2290]: pam_unix(cron:session): session closed for user root
Oct 15 11:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: Invalid user test from 115.240.221.28
Oct 15 11:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: input_userauth_request: invalid user test [preauth]
Oct 15 11:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 11:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: Failed password for invalid user test from 115.240.221.28 port 9187 ssh2
Oct 15 11:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: Invalid user www from 47.247.99.155
Oct 15 11:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: input_userauth_request: invalid user www [preauth]
Oct 15 11:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 11:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: Received disconnect from 115.240.221.28 port 9187:11: Bye Bye [preauth]
Oct 15 11:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: Disconnected from 115.240.221.28 port 9187 [preauth]
Oct 15 11:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: Failed password for invalid user www from 47.247.99.155 port 47190 ssh2
Oct 15 11:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: Received disconnect from 47.247.99.155 port 47190:11: Bye Bye [preauth]
Oct 15 11:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: Disconnected from 47.247.99.155 port 47190 [preauth]
Oct 15 11:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: Invalid user oracle from 165.22.200.57
Oct 15 11:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: input_userauth_request: invalid user oracle [preauth]
Oct 15 11:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: Failed password for invalid user oracle from 165.22.200.57 port 37638 ssh2
Oct 15 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: Connection closed by 165.22.200.57 port 37638 [preauth]
Oct 15 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3675]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3672]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3673]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3674]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3670]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3675]: pam_unix(cron:session): session closed for user root
Oct 15 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3670]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3763]: Successful su for rubyman by root
Oct 15 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3763]: + ??? root:rubyman
Oct 15 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417517 of user rubyman.
Oct 15 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3763]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417517.
Oct 15 11:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3672]: pam_unix(cron:session): session closed for user root
Oct 15 11:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[475]: pam_unix(cron:session): session closed for user root
Oct 15 11:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3671]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: Invalid user oracle from 165.22.200.57
Oct 15 11:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: input_userauth_request: invalid user oracle [preauth]
Oct 15 11:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2744]: pam_unix(cron:session): session closed for user root
Oct 15 11:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: Failed password for invalid user oracle from 165.22.200.57 port 37088 ssh2
Oct 15 11:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: Connection closed by 165.22.200.57 port 37088 [preauth]
Oct 15 11:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54  user=root
Oct 15 11:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Invalid user ftptest from 178.62.93.150
Oct 15 11:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: input_userauth_request: invalid user ftptest [preauth]
Oct 15 11:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 11:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: Failed password for root from 117.252.95.54 port 60443 ssh2
Oct 15 11:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: Received disconnect from 117.252.95.54 port 60443:11: Bye Bye [preauth]
Oct 15 11:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4132]: Disconnected from 117.252.95.54 port 60443 [preauth]
Oct 15 11:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Failed password for invalid user ftptest from 178.62.93.150 port 42138 ssh2
Oct 15 11:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Received disconnect from 178.62.93.150 port 42138:11: Bye Bye [preauth]
Oct 15 11:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Disconnected from 178.62.93.150 port 42138 [preauth]
Oct 15 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4209]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4210]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4315]: Successful su for rubyman by root
Oct 15 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4315]: + ??? root:rubyman
Oct 15 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417521 of user rubyman.
Oct 15 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4315]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417521.
Oct 15 11:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1153]: pam_unix(cron:session): session closed for user root
Oct 15 11:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: Invalid user oracle from 165.22.200.57
Oct 15 11:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: input_userauth_request: invalid user oracle [preauth]
Oct 15 11:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: Failed password for invalid user oracle from 165.22.200.57 port 59092 ssh2
Oct 15 11:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: Connection closed by 165.22.200.57 port 59092 [preauth]
Oct 15 11:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Invalid user ec2-user from 47.247.99.155
Oct 15 11:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: input_userauth_request: invalid user ec2-user [preauth]
Oct 15 11:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 11:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Failed password for invalid user ec2-user from 47.247.99.155 port 54962 ssh2
Oct 15 11:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Received disconnect from 47.247.99.155 port 54962:11: Bye Bye [preauth]
Oct 15 11:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Disconnected from 47.247.99.155 port 54962 [preauth]
Oct 15 11:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Invalid user guest from 115.240.221.28
Oct 15 11:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: input_userauth_request: invalid user guest [preauth]
Oct 15 11:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 11:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Failed password for invalid user guest from 115.240.221.28 port 20353 ssh2
Oct 15 11:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Received disconnect from 115.240.221.28 port 20353:11: Bye Bye [preauth]
Oct 15 11:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Disconnected from 115.240.221.28 port 20353 [preauth]
Oct 15 11:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3197]: pam_unix(cron:session): session closed for user root
Oct 15 11:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4688]: Bad protocol version identification '\026\003\001' from 195.178.110.15 port 56980
Oct 15 11:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4689]: Bad protocol version identification 'GET / HTTP/1.1' from 195.178.110.15 port 56988
Oct 15 11:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Invalid user oracle from 165.22.200.57
Oct 15 11:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: input_userauth_request: invalid user oracle [preauth]
Oct 15 11:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Failed password for invalid user oracle from 165.22.200.57 port 47842 ssh2
Oct 15 11:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Connection closed by 165.22.200.57 port 47842 [preauth]
Oct 15 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4751]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4752]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4747]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4824]: Successful su for rubyman by root
Oct 15 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4824]: + ??? root:rubyman
Oct 15 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417525 of user rubyman.
Oct 15 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4824]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417525.
Oct 15 11:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1696]: pam_unix(cron:session): session closed for user root
Oct 15 11:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4748]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: Invalid user client from 117.252.95.54
Oct 15 11:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: input_userauth_request: invalid user client [preauth]
Oct 15 11:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 11:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: Failed password for invalid user client from 117.252.95.54 port 49692 ssh2
Oct 15 11:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: Received disconnect from 117.252.95.54 port 49692:11: Bye Bye [preauth]
Oct 15 11:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5571]: Disconnected from 117.252.95.54 port 49692 [preauth]
Oct 15 11:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: Invalid user oracle from 165.22.200.57
Oct 15 11:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: input_userauth_request: invalid user oracle [preauth]
Oct 15 11:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: Invalid user ali from 178.62.93.150
Oct 15 11:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: input_userauth_request: invalid user ali [preauth]
Oct 15 11:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 11:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: Failed password for invalid user oracle from 165.22.200.57 port 56078 ssh2
Oct 15 11:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: Connection closed by 165.22.200.57 port 56078 [preauth]
Oct 15 11:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: Failed password for invalid user ali from 178.62.93.150 port 40446 ssh2
Oct 15 11:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: Received disconnect from 178.62.93.150 port 40446:11: Bye Bye [preauth]
Oct 15 11:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5600]: Disconnected from 178.62.93.150 port 40446 [preauth]
Oct 15 11:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3674]: pam_unix(cron:session): session closed for user root
Oct 15 11:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5686]: Invalid user radio from 47.247.99.155
Oct 15 11:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5686]: input_userauth_request: invalid user radio [preauth]
Oct 15 11:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5686]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 11:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5686]: Failed password for invalid user radio from 47.247.99.155 port 60586 ssh2
Oct 15 11:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5686]: Received disconnect from 47.247.99.155 port 60586:11: Bye Bye [preauth]
Oct 15 11:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5686]: Disconnected from 47.247.99.155 port 60586 [preauth]
Oct 15 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5705]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5706]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5701]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5789]: Successful su for rubyman by root
Oct 15 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5789]: + ??? root:rubyman
Oct 15 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417528 of user rubyman.
Oct 15 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5789]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417528.
Oct 15 11:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5877]: Invalid user postgres from 165.22.200.57
Oct 15 11:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5877]: input_userauth_request: invalid user postgres [preauth]
Oct 15 11:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5877]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5877]: Failed password for invalid user postgres from 165.22.200.57 port 54616 ssh2
Oct 15 11:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5877]: Connection closed by 165.22.200.57 port 54616 [preauth]
Oct 15 11:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2289]: pam_unix(cron:session): session closed for user root
Oct 15 11:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: Invalid user vishal from 115.240.221.28
Oct 15 11:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: input_userauth_request: invalid user vishal [preauth]
Oct 15 11:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 11:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: Failed password for invalid user vishal from 115.240.221.28 port 27203 ssh2
Oct 15 11:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: Received disconnect from 115.240.221.28 port 27203:11: Bye Bye [preauth]
Oct 15 11:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5979]: Disconnected from 115.240.221.28 port 27203 [preauth]
Oct 15 11:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5702]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4210]: pam_unix(cron:session): session closed for user root
Oct 15 11:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6133]: Invalid user postgres from 165.22.200.57
Oct 15 11:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6133]: input_userauth_request: invalid user postgres [preauth]
Oct 15 11:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6133]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6133]: Failed password for invalid user postgres from 165.22.200.57 port 56866 ssh2
Oct 15 11:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6133]: Connection closed by 165.22.200.57 port 56866 [preauth]
Oct 15 11:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Invalid user alex from 117.252.95.54
Oct 15 11:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: input_userauth_request: invalid user alex [preauth]
Oct 15 11:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Failed password for invalid user alex from 117.252.95.54 port 20659 ssh2
Oct 15 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Received disconnect from 117.252.95.54 port 20659:11: Bye Bye [preauth]
Oct 15 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Disconnected from 117.252.95.54 port 20659 [preauth]
Oct 15 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6189]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6188]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6186]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6256]: Successful su for rubyman by root
Oct 15 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6256]: + ??? root:rubyman
Oct 15 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417532 of user rubyman.
Oct 15 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6256]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417532.
Oct 15 11:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2742]: pam_unix(cron:session): session closed for user root
Oct 15 11:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: Invalid user dev from 178.62.93.150
Oct 15 11:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: input_userauth_request: invalid user dev [preauth]
Oct 15 11:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 11:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: Failed password for invalid user dev from 178.62.93.150 port 43928 ssh2
Oct 15 11:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6187]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: Received disconnect from 178.62.93.150 port 43928:11: Bye Bye [preauth]
Oct 15 11:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6456]: Disconnected from 178.62.93.150 port 43928 [preauth]
Oct 15 11:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: Invalid user postgres from 165.22.200.57
Oct 15 11:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: input_userauth_request: invalid user postgres [preauth]
Oct 15 11:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: Failed password for invalid user postgres from 165.22.200.57 port 37260 ssh2
Oct 15 11:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: Connection closed by 165.22.200.57 port 37260 [preauth]
Oct 15 11:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: Invalid user django from 47.247.99.155
Oct 15 11:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: input_userauth_request: invalid user django [preauth]
Oct 15 11:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 11:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: Failed password for invalid user django from 47.247.99.155 port 55826 ssh2
Oct 15 11:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: Received disconnect from 47.247.99.155 port 55826:11: Bye Bye [preauth]
Oct 15 11:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6547]: Disconnected from 47.247.99.155 port 55826 [preauth]
Oct 15 11:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4752]: pam_unix(cron:session): session closed for user root
Oct 15 11:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: Invalid user test01 from 115.240.221.28
Oct 15 11:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: input_userauth_request: invalid user test01 [preauth]
Oct 15 11:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 11:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: Failed password for invalid user test01 from 115.240.221.28 port 11631 ssh2
Oct 15 11:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: Received disconnect from 115.240.221.28 port 11631:11: Bye Bye [preauth]
Oct 15 11:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: Disconnected from 115.240.221.28 port 11631 [preauth]
Oct 15 11:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: Invalid user postgres from 165.22.200.57
Oct 15 11:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: input_userauth_request: invalid user postgres [preauth]
Oct 15 11:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: Failed password for invalid user postgres from 165.22.200.57 port 55590 ssh2
Oct 15 11:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: Connection closed by 165.22.200.57 port 55590 [preauth]
Oct 15 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6750]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6752]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6751]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6749]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6753]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6753]: pam_unix(cron:session): session closed for user root
Oct 15 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6747]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6824]: Successful su for rubyman by root
Oct 15 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6824]: + ??? root:rubyman
Oct 15 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417540 of user rubyman.
Oct 15 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6824]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417540.
Oct 15 11:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6750]: pam_unix(cron:session): session closed for user root
Oct 15 11:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3196]: pam_unix(cron:session): session closed for user root
Oct 15 11:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6749]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: Invalid user postgres from 165.22.200.57
Oct 15 11:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: input_userauth_request: invalid user postgres [preauth]
Oct 15 11:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: Failed password for invalid user postgres from 165.22.200.57 port 41938 ssh2
Oct 15 11:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7230]: Connection closed by 165.22.200.57 port 41938 [preauth]
Oct 15 11:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5706]: pam_unix(cron:session): session closed for user root
Oct 15 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7251]: Invalid user user from 117.252.95.54
Oct 15 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7251]: input_userauth_request: invalid user user [preauth]
Oct 15 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7251]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7251]: Failed password for invalid user user from 117.252.95.54 port 19674 ssh2
Oct 15 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7251]: Received disconnect from 117.252.95.54 port 19674:11: Bye Bye [preauth]
Oct 15 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7251]: Disconnected from 117.252.95.54 port 19674 [preauth]
Oct 15 11:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: Invalid user test from 80.94.95.116
Oct 15 11:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: input_userauth_request: invalid user test [preauth]
Oct 15 11:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
Oct 15 11:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: Failed password for invalid user test from 80.94.95.116 port 55792 ssh2
Oct 15 11:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: Connection closed by 80.94.95.116 port 55792 [preauth]
Oct 15 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7329]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7328]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7430]: Successful su for rubyman by root
Oct 15 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7430]: + ??? root:rubyman
Oct 15 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417543 of user rubyman.
Oct 15 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7430]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417543.
Oct 15 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150  user=root
Oct 15 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Failed password for root from 178.62.93.150 port 60096 ssh2
Oct 15 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Received disconnect from 178.62.93.150 port 60096:11: Bye Bye [preauth]
Oct 15 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Disconnected from 178.62.93.150 port 60096 [preauth]
Oct 15 11:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: Invalid user postgres from 165.22.200.57
Oct 15 11:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: input_userauth_request: invalid user postgres [preauth]
Oct 15 11:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7545]: User john from 47.247.99.155 not allowed because not listed in AllowUsers
Oct 15 11:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7545]: input_userauth_request: invalid user john [preauth]
Oct 15 11:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155  user=john
Oct 15 11:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: Failed password for invalid user postgres from 165.22.200.57 port 42432 ssh2
Oct 15 11:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7564]: Connection closed by 165.22.200.57 port 42432 [preauth]
Oct 15 11:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7545]: Failed password for invalid user john from 47.247.99.155 port 38078 ssh2
Oct 15 11:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7545]: Received disconnect from 47.247.99.155 port 38078:11: Bye Bye [preauth]
Oct 15 11:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7545]: Disconnected from 47.247.99.155 port 38078 [preauth]
Oct 15 11:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3673]: pam_unix(cron:session): session closed for user root
Oct 15 11:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: Invalid user deploy from 115.240.221.28
Oct 15 11:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: input_userauth_request: invalid user deploy [preauth]
Oct 15 11:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: Failed password for invalid user deploy from 115.240.221.28 port 26840 ssh2
Oct 15 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: Received disconnect from 115.240.221.28 port 26840:11: Bye Bye [preauth]
Oct 15 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7722]: Disconnected from 115.240.221.28 port 26840 [preauth]
Oct 15 11:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6189]: pam_unix(cron:session): session closed for user root
Oct 15 11:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7746]: Invalid user arduino from 178.217.173.50
Oct 15 11:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7746]: input_userauth_request: invalid user arduino [preauth]
Oct 15 11:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7746]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 11:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7746]: Failed password for invalid user arduino from 178.217.173.50 port 51854 ssh2
Oct 15 11:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7746]: Received disconnect from 178.217.173.50 port 51854:11: Bye Bye [preauth]
Oct 15 11:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7746]: Disconnected from 178.217.173.50 port 51854 [preauth]
Oct 15 11:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: Invalid user postgres from 165.22.200.57
Oct 15 11:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: input_userauth_request: invalid user postgres [preauth]
Oct 15 11:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: Failed password for invalid user postgres from 165.22.200.57 port 53926 ssh2
Oct 15 11:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7772]: Connection closed by 165.22.200.57 port 53926 [preauth]
Oct 15 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7829]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7828]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7825]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8326]: Successful su for rubyman by root
Oct 15 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8326]: + ??? root:rubyman
Oct 15 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417546 of user rubyman.
Oct 15 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8326]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417546.
Oct 15 11:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: Invalid user arduino from 27.112.78.170
Oct 15 11:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: input_userauth_request: invalid user arduino [preauth]
Oct 15 11:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 11:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: Failed password for invalid user arduino from 27.112.78.170 port 48348 ssh2
Oct 15 11:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4209]: pam_unix(cron:session): session closed for user root
Oct 15 11:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7826]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: Invalid user teamspeak from 117.252.95.54
Oct 15 11:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: input_userauth_request: invalid user teamspeak [preauth]
Oct 15 11:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 11:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: Invalid user postgres from 165.22.200.57
Oct 15 11:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: input_userauth_request: invalid user postgres [preauth]
Oct 15 11:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: Failed password for invalid user teamspeak from 117.252.95.54 port 59722 ssh2
Oct 15 11:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: Received disconnect from 117.252.95.54 port 59722:11: Bye Bye [preauth]
Oct 15 11:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8603]: Disconnected from 117.252.95.54 port 59722 [preauth]
Oct 15 11:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: Failed password for invalid user postgres from 165.22.200.57 port 38656 ssh2
Oct 15 11:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: Connection closed by 165.22.200.57 port 38656 [preauth]
Oct 15 11:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8442]: Connection reset by 27.112.78.170 port 48348 [preauth]
Oct 15 11:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6752]: pam_unix(cron:session): session closed for user root
Oct 15 11:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8712]: Invalid user odoo17 from 47.247.99.155
Oct 15 11:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8712]: input_userauth_request: invalid user odoo17 [preauth]
Oct 15 11:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8712]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 11:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8712]: Failed password for invalid user odoo17 from 47.247.99.155 port 54400 ssh2
Oct 15 11:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8712]: Received disconnect from 47.247.99.155 port 54400:11: Bye Bye [preauth]
Oct 15 11:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8712]: Disconnected from 47.247.99.155 port 54400 [preauth]
Oct 15 11:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: Invalid user teamspeak3 from 178.62.93.150
Oct 15 11:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: input_userauth_request: invalid user teamspeak3 [preauth]
Oct 15 11:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 11:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: Failed password for invalid user teamspeak3 from 178.62.93.150 port 47270 ssh2
Oct 15 11:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: Received disconnect from 178.62.93.150 port 47270:11: Bye Bye [preauth]
Oct 15 11:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: Disconnected from 178.62.93.150 port 47270 [preauth]
Oct 15 11:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: Invalid user postgres from 165.22.200.57
Oct 15 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: input_userauth_request: invalid user postgres [preauth]
Oct 15 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8748]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8749]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8746]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8746]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8933]: Successful su for rubyman by root
Oct 15 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8933]: + ??? root:rubyman
Oct 15 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417550 of user rubyman.
Oct 15 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8933]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417550.
Oct 15 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: Failed password for invalid user postgres from 165.22.200.57 port 38338 ssh2
Oct 15 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8742]: Connection closed by 165.22.200.57 port 38338 [preauth]
Oct 15 11:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4751]: pam_unix(cron:session): session closed for user root
Oct 15 11:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: Invalid user tempuser from 115.240.221.28
Oct 15 11:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: input_userauth_request: invalid user tempuser [preauth]
Oct 15 11:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 11:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: Failed password for invalid user tempuser from 115.240.221.28 port 28436 ssh2
Oct 15 11:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: Received disconnect from 115.240.221.28 port 28436:11: Bye Bye [preauth]
Oct 15 11:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9238]: Disconnected from 115.240.221.28 port 28436 [preauth]
Oct 15 11:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8747]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: Invalid user pi from 165.22.200.57
Oct 15 11:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: input_userauth_request: invalid user pi [preauth]
Oct 15 11:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7329]: pam_unix(cron:session): session closed for user root
Oct 15 11:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: Failed password for invalid user pi from 165.22.200.57 port 47200 ssh2
Oct 15 11:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: Connection closed by 165.22.200.57 port 47200 [preauth]
Oct 15 11:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9464]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9462]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9460]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: Invalid user testuser from 117.252.95.54
Oct 15 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: input_userauth_request: invalid user testuser [preauth]
Oct 15 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9548]: Successful su for rubyman by root
Oct 15 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9548]: + ??? root:rubyman
Oct 15 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417554 of user rubyman.
Oct 15 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9548]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417554.
Oct 15 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: Failed password for invalid user testuser from 117.252.95.54 port 50011 ssh2
Oct 15 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: Received disconnect from 117.252.95.54 port 50011:11: Bye Bye [preauth]
Oct 15 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9445]: Disconnected from 117.252.95.54 port 50011 [preauth]
Oct 15 11:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5705]: pam_unix(cron:session): session closed for user root
Oct 15 11:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: Invalid user pi from 165.22.200.57
Oct 15 11:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: input_userauth_request: invalid user pi [preauth]
Oct 15 11:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9461]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: Failed password for invalid user pi from 165.22.200.57 port 36688 ssh2
Oct 15 11:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: Connection closed by 165.22.200.57 port 36688 [preauth]
Oct 15 11:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9928]: Invalid user aramos from 178.217.173.50
Oct 15 11:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9928]: input_userauth_request: invalid user aramos [preauth]
Oct 15 11:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9928]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 11:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9928]: Failed password for invalid user aramos from 178.217.173.50 port 40990 ssh2
Oct 15 11:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9928]: Received disconnect from 178.217.173.50 port 40990:11: Bye Bye [preauth]
Oct 15 11:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9928]: Disconnected from 178.217.173.50 port 40990 [preauth]
Oct 15 11:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9962]: Invalid user dockeruser from 47.247.99.155
Oct 15 11:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9962]: input_userauth_request: invalid user dockeruser [preauth]
Oct 15 11:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9962]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 11:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9962]: Failed password for invalid user dockeruser from 47.247.99.155 port 56386 ssh2
Oct 15 11:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9962]: Received disconnect from 47.247.99.155 port 56386:11: Bye Bye [preauth]
Oct 15 11:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9962]: Disconnected from 47.247.99.155 port 56386 [preauth]
Oct 15 11:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: Invalid user radio from 178.62.93.150
Oct 15 11:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: input_userauth_request: invalid user radio [preauth]
Oct 15 11:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 11:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7829]: pam_unix(cron:session): session closed for user root
Oct 15 11:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: Failed password for invalid user radio from 178.62.93.150 port 59458 ssh2
Oct 15 11:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: Received disconnect from 178.62.93.150 port 59458:11: Bye Bye [preauth]
Oct 15 11:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: Disconnected from 178.62.93.150 port 59458 [preauth]
Oct 15 11:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: Invalid user www from 115.240.221.28
Oct 15 11:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: input_userauth_request: invalid user www [preauth]
Oct 15 11:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 11:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Invalid user pi from 165.22.200.57
Oct 15 11:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: input_userauth_request: invalid user pi [preauth]
Oct 15 11:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: Failed password for invalid user www from 115.240.221.28 port 47023 ssh2
Oct 15 11:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: Received disconnect from 115.240.221.28 port 47023:11: Bye Bye [preauth]
Oct 15 11:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10066]: Disconnected from 115.240.221.28 port 47023 [preauth]
Oct 15 11:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Failed password for invalid user pi from 165.22.200.57 port 44602 ssh2
Oct 15 11:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Connection closed by 165.22.200.57 port 44602 [preauth]
Oct 15 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10100]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10098]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10101]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10099]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10101]: pam_unix(cron:session): session closed for user root
Oct 15 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10096]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10190]: Successful su for rubyman by root
Oct 15 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10190]: + ??? root:rubyman
Oct 15 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417558 of user rubyman.
Oct 15 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10190]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417558.
Oct 15 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10098]: pam_unix(cron:session): session closed for user root
Oct 15 11:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6188]: pam_unix(cron:session): session closed for user root
Oct 15 11:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10097]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: Invalid user pi from 165.22.200.57
Oct 15 11:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: input_userauth_request: invalid user pi [preauth]
Oct 15 11:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: Failed password for invalid user pi from 165.22.200.57 port 45382 ssh2
Oct 15 11:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10491]: Connection closed by 165.22.200.57 port 45382 [preauth]
Oct 15 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10528]: Invalid user teamspeak3 from 117.252.95.54
Oct 15 11:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10528]: input_userauth_request: invalid user teamspeak3 [preauth]
Oct 15 11:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10528]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 11:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10528]: Failed password for invalid user teamspeak3 from 117.252.95.54 port 5512 ssh2
Oct 15 11:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10528]: Received disconnect from 117.252.95.54 port 5512:11: Bye Bye [preauth]
Oct 15 11:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10528]: Disconnected from 117.252.95.54 port 5512 [preauth]
Oct 15 11:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8749]: pam_unix(cron:session): session closed for user root
Oct 15 11:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50  user=root
Oct 15 11:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: Failed password for root from 178.217.173.50 port 45058 ssh2
Oct 15 11:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: Received disconnect from 178.217.173.50 port 45058:11: Bye Bye [preauth]
Oct 15 11:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10568]: Disconnected from 178.217.173.50 port 45058 [preauth]
Oct 15 11:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10618]: Invalid user halley from 27.112.78.170
Oct 15 11:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10618]: input_userauth_request: invalid user halley [preauth]
Oct 15 11:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10618]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10628]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10631]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10626]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10618]: Failed password for invalid user halley from 27.112.78.170 port 59290 ssh2
Oct 15 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10618]: Received disconnect from 27.112.78.170 port 59290:11: Bye Bye [preauth]
Oct 15 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10618]: Disconnected from 27.112.78.170 port 59290 [preauth]
Oct 15 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10726]: Successful su for rubyman by root
Oct 15 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10726]: + ??? root:rubyman
Oct 15 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417565 of user rubyman.
Oct 15 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10726]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417565.
Oct 15 11:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10720]: Invalid user abc from 47.247.99.155
Oct 15 11:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10720]: input_userauth_request: invalid user abc [preauth]
Oct 15 11:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10720]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 11:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10755]: Invalid user pi from 165.22.200.57
Oct 15 11:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10755]: input_userauth_request: invalid user pi [preauth]
Oct 15 11:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10755]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10720]: Failed password for invalid user abc from 47.247.99.155 port 39352 ssh2
Oct 15 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10720]: Received disconnect from 47.247.99.155 port 39352:11: Bye Bye [preauth]
Oct 15 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10720]: Disconnected from 47.247.99.155 port 39352 [preauth]
Oct 15 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10755]: Failed password for invalid user pi from 165.22.200.57 port 34350 ssh2
Oct 15 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10755]: Connection closed by 165.22.200.57 port 34350 [preauth]
Oct 15 11:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6751]: pam_unix(cron:session): session closed for user root
Oct 15 11:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10627]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150  user=root
Oct 15 11:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10973]: Failed password for root from 178.62.93.150 port 49708 ssh2
Oct 15 11:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10973]: Received disconnect from 178.62.93.150 port 49708:11: Bye Bye [preauth]
Oct 15 11:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10973]: Disconnected from 178.62.93.150 port 49708 [preauth]
Oct 15 11:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10985]: Invalid user teamspeak from 115.240.221.28
Oct 15 11:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10985]: input_userauth_request: invalid user teamspeak [preauth]
Oct 15 11:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10985]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 11:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10985]: Failed password for invalid user teamspeak from 115.240.221.28 port 16756 ssh2
Oct 15 11:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10985]: Received disconnect from 115.240.221.28 port 16756:11: Bye Bye [preauth]
Oct 15 11:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10985]: Disconnected from 115.240.221.28 port 16756 [preauth]
Oct 15 11:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9464]: pam_unix(cron:session): session closed for user root
Oct 15 11:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11045]: Invalid user pi from 165.22.200.57
Oct 15 11:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11045]: input_userauth_request: invalid user pi [preauth]
Oct 15 11:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11045]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11045]: Failed password for invalid user pi from 165.22.200.57 port 56468 ssh2
Oct 15 11:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11045]: Connection closed by 165.22.200.57 port 56468 [preauth]
Oct 15 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11108]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11107]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11104]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11103]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11103]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11177]: Successful su for rubyman by root
Oct 15 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11177]: + ??? root:rubyman
Oct 15 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417570 of user rubyman.
Oct 15 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11177]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417570.
Oct 15 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7328]: pam_unix(cron:session): session closed for user root
Oct 15 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: Invalid user test from 117.252.95.54
Oct 15 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: input_userauth_request: invalid user test [preauth]
Oct 15 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 11:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: Failed password for invalid user test from 117.252.95.54 port 25865 ssh2
Oct 15 11:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: Received disconnect from 117.252.95.54 port 25865:11: Bye Bye [preauth]
Oct 15 11:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11360]: Disconnected from 117.252.95.54 port 25865 [preauth]
Oct 15 11:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50  user=root
Oct 15 11:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11104]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Failed password for root from 178.217.173.50 port 49140 ssh2
Oct 15 11:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Received disconnect from 178.217.173.50 port 49140:11: Bye Bye [preauth]
Oct 15 11:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11400]: Disconnected from 178.217.173.50 port 49140 [preauth]
Oct 15 11:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11435]: Invalid user pi from 165.22.200.57
Oct 15 11:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11435]: input_userauth_request: invalid user pi [preauth]
Oct 15 11:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11435]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11435]: Failed password for invalid user pi from 165.22.200.57 port 53548 ssh2
Oct 15 11:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11435]: Connection closed by 165.22.200.57 port 53548 [preauth]
Oct 15 11:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Invalid user test from 47.247.99.155
Oct 15 11:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: input_userauth_request: invalid user test [preauth]
Oct 15 11:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 11:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10100]: pam_unix(cron:session): session closed for user root
Oct 15 11:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Failed password for invalid user test from 47.247.99.155 port 47286 ssh2
Oct 15 11:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Received disconnect from 47.247.99.155 port 47286:11: Bye Bye [preauth]
Oct 15 11:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Disconnected from 47.247.99.155 port 47286 [preauth]
Oct 15 11:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: Invalid user pi from 165.22.200.57
Oct 15 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: input_userauth_request: invalid user pi [preauth]
Oct 15 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: Failed password for invalid user pi from 165.22.200.57 port 35628 ssh2
Oct 15 11:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11570]: Connection closed by 165.22.200.57 port 35628 [preauth]
Oct 15 11:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11595]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11594]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11591]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11583]: Invalid user farm from 27.112.78.170
Oct 15 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11583]: input_userauth_request: invalid user farm [preauth]
Oct 15 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11583]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11760]: Successful su for rubyman by root
Oct 15 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11760]: + ??? root:rubyman
Oct 15 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417572 of user rubyman.
Oct 15 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11760]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417572.
Oct 15 11:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11583]: Failed password for invalid user farm from 27.112.78.170 port 36446 ssh2
Oct 15 11:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11583]: Received disconnect from 27.112.78.170 port 36446:11: Bye Bye [preauth]
Oct 15 11:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11583]: Disconnected from 27.112.78.170 port 36446 [preauth]
Oct 15 11:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: User john from 178.62.93.150 not allowed because not listed in AllowUsers
Oct 15 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: input_userauth_request: invalid user john [preauth]
Oct 15 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150  user=john
Oct 15 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: Invalid user frappe from 115.240.221.28
Oct 15 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: input_userauth_request: invalid user frappe [preauth]
Oct 15 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: Failed password for invalid user john from 178.62.93.150 port 52998 ssh2
Oct 15 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: Received disconnect from 178.62.93.150 port 52998:11: Bye Bye [preauth]
Oct 15 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: Disconnected from 178.62.93.150 port 52998 [preauth]
Oct 15 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: Failed password for invalid user frappe from 115.240.221.28 port 29885 ssh2
Oct 15 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: Received disconnect from 115.240.221.28 port 29885:11: Bye Bye [preauth]
Oct 15 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11849]: Disconnected from 115.240.221.28 port 29885 [preauth]
Oct 15 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7828]: pam_unix(cron:session): session closed for user root
Oct 15 11:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11592]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: Did not receive identification string from 36.91.166.189
Oct 15 11:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: Invalid user pi from 165.22.200.57
Oct 15 11:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: input_userauth_request: invalid user pi [preauth]
Oct 15 11:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: Failed password for invalid user pi from 165.22.200.57 port 49642 ssh2
Oct 15 11:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12065]: Connection closed by 165.22.200.57 port 49642 [preauth]
Oct 15 11:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10631]: pam_unix(cron:session): session closed for user root
Oct 15 11:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: Invalid user ruby from 178.217.173.50
Oct 15 11:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: input_userauth_request: invalid user ruby [preauth]
Oct 15 11:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 11:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: Failed password for invalid user ruby from 178.217.173.50 port 53198 ssh2
Oct 15 11:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: Received disconnect from 178.217.173.50 port 53198:11: Bye Bye [preauth]
Oct 15 11:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: Disconnected from 178.217.173.50 port 53198 [preauth]
Oct 15 11:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: Invalid user frappe from 117.252.95.54
Oct 15 11:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: input_userauth_request: invalid user frappe [preauth]
Oct 15 11:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 11:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: Failed password for invalid user frappe from 117.252.95.54 port 52725 ssh2
Oct 15 11:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: Received disconnect from 117.252.95.54 port 52725:11: Bye Bye [preauth]
Oct 15 11:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: Disconnected from 117.252.95.54 port 52725 [preauth]
Oct 15 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12183]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12180]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12177]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12176]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12176]: pam_unix(cron:session): session closed for user p13x
Oct 15 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12260]: Successful su for rubyman by root
Oct 15 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12260]: + ??? root:rubyman
Oct 15 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417577 of user rubyman.
Oct 15 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12260]: pam_unix(su:session): session closed for user rubyman
Oct 15 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417577.
Oct 15 11:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8748]: pam_unix(cron:session): session closed for user root
Oct 15 11:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: Invalid user administrator from 165.22.200.57
Oct 15 11:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: input_userauth_request: invalid user administrator [preauth]
Oct 15 11:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: Failed password for invalid user administrator from 165.22.200.57 port 49908 ssh2
Oct 15 11:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: Connection closed by 165.22.200.57 port 49908 [preauth]
Oct 15 11:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: Invalid user oracle from 47.247.99.155
Oct 15 11:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: input_userauth_request: invalid user oracle [preauth]
Oct 15 11:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 11:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: Failed password for invalid user oracle from 47.247.99.155 port 49932 ssh2
Oct 15 11:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: Received disconnect from 47.247.99.155 port 49932:11: Bye Bye [preauth]
Oct 15 11:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12469]: Disconnected from 47.247.99.155 port 49932 [preauth]
Oct 15 11:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12177]: pam_unix(cron:session): session closed for user samftp
Oct 15 11:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11108]: pam_unix(cron:session): session closed for user root
Oct 15 11:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: Invalid user administrator from 165.22.200.57
Oct 15 11:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: input_userauth_request: invalid user administrator [preauth]
Oct 15 11:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 11:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12631]: Invalid user ftptest from 115.240.221.28
Oct 15 11:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12631]: input_userauth_request: invalid user ftptest [preauth]
Oct 15 11:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12631]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 11:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: Failed password for invalid user administrator from 165.22.200.57 port 51436 ssh2
Oct 15 11:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12625]: Connection closed by 165.22.200.57 port 51436 [preauth]
Oct 15 11:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12631]: Failed password for invalid user ftptest from 115.240.221.28 port 53353 ssh2
Oct 15 11:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12631]: Received disconnect from 115.240.221.28 port 53353:11: Bye Bye [preauth]
Oct 15 11:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12631]: Disconnected from 115.240.221.28 port 53353 [preauth]
Oct 15 11:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 11:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: Invalid user vishal from 178.62.93.150
Oct 15 11:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: input_userauth_request: invalid user vishal [preauth]
Oct 15 11:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 11:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 11:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: Failed password for invalid user vishal from 178.62.93.150 port 48070 ssh2
Oct 15 11:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: Received disconnect from 178.62.93.150 port 48070:11: Bye Bye [preauth]
Oct 15 11:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: Disconnected from 178.62.93.150 port 48070 [preauth]
Oct 15 12:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12695]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12697]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12696]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12698]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12700]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12692]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12695]: pam_unix(cron:session): session closed for user root
Oct 15 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12700]: pam_unix(cron:session): session closed for user root
Oct 15 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12692]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: Invalid user koumy from 27.112.78.170
Oct 15 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: input_userauth_request: invalid user koumy [preauth]
Oct 15 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: Failed password for invalid user koumy from 27.112.78.170 port 53690 ssh2
Oct 15 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: Received disconnect from 27.112.78.170 port 53690:11: Bye Bye [preauth]
Oct 15 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: Disconnected from 27.112.78.170 port 53690 [preauth]
Oct 15 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[12815]: Successful su for rubyman by root
Oct 15 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[12815]: + ??? root:rubyman
Oct 15 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[12815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417583 of user rubyman.
Oct 15 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[12815]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417583.
Oct 15 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: Invalid user django from 178.217.173.50
Oct 15 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: input_userauth_request: invalid user django [preauth]
Oct 15 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: Failed password for invalid user django from 178.217.173.50 port 57262 ssh2
Oct 15 12:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: Received disconnect from 178.217.173.50 port 57262:11: Bye Bye [preauth]
Oct 15 12:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: Disconnected from 178.217.173.50 port 57262 [preauth]
Oct 15 12:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9462]: pam_unix(cron:session): session closed for user root
Oct 15 12:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12696]: pam_unix(cron:session): session closed for user root
Oct 15 12:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12694]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54  user=root
Oct 15 12:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: Failed password for root from 117.252.95.54 port 9403 ssh2
Oct 15 12:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: Received disconnect from 117.252.95.54 port 9403:11: Bye Bye [preauth]
Oct 15 12:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: Disconnected from 117.252.95.54 port 9403 [preauth]
Oct 15 12:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13137]: Invalid user administrator from 165.22.200.57
Oct 15 12:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13137]: input_userauth_request: invalid user administrator [preauth]
Oct 15 12:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13137]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13137]: Failed password for invalid user administrator from 165.22.200.57 port 56118 ssh2
Oct 15 12:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13137]: Connection closed by 165.22.200.57 port 56118 [preauth]
Oct 15 12:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11595]: pam_unix(cron:session): session closed for user root
Oct 15 12:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.93  user=root
Oct 15 12:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13350]: Failed password for root from 194.0.234.93 port 24662 ssh2
Oct 15 12:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13350]: Connection closed by 194.0.234.93 port 24662 [preauth]
Oct 15 12:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: Invalid user app from 47.247.99.155
Oct 15 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: input_userauth_request: invalid user app [preauth]
Oct 15 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 12:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: Failed password for invalid user app from 47.247.99.155 port 60172 ssh2
Oct 15 12:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: Received disconnect from 47.247.99.155 port 60172:11: Bye Bye [preauth]
Oct 15 12:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13368]: Disconnected from 47.247.99.155 port 60172 [preauth]
Oct 15 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13423]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13424]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13421]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13517]: Successful su for rubyman by root
Oct 15 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13517]: + ??? root:rubyman
Oct 15 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417589 of user rubyman.
Oct 15 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13517]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417589.
Oct 15 12:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: Invalid user administrator from 165.22.200.57
Oct 15 12:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: input_userauth_request: invalid user administrator [preauth]
Oct 15 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: Failed password for invalid user administrator from 165.22.200.57 port 33728 ssh2
Oct 15 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13497]: Connection closed by 165.22.200.57 port 33728 [preauth]
Oct 15 12:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10099]: pam_unix(cron:session): session closed for user root
Oct 15 12:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13422]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13782]: Invalid user jordan from 178.217.173.50
Oct 15 12:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13782]: input_userauth_request: invalid user jordan [preauth]
Oct 15 12:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13782]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: User john from 115.240.221.28 not allowed because not listed in AllowUsers
Oct 15 12:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: input_userauth_request: invalid user john [preauth]
Oct 15 12:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28  user=john
Oct 15 12:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13782]: Failed password for invalid user jordan from 178.217.173.50 port 33088 ssh2
Oct 15 12:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13782]: Received disconnect from 178.217.173.50 port 33088:11: Bye Bye [preauth]
Oct 15 12:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13782]: Disconnected from 178.217.173.50 port 33088 [preauth]
Oct 15 12:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Failed password for invalid user john from 115.240.221.28 port 60392 ssh2
Oct 15 12:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Received disconnect from 115.240.221.28 port 60392:11: Bye Bye [preauth]
Oct 15 12:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Disconnected from 115.240.221.28 port 60392 [preauth]
Oct 15 12:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13835]: Invalid user alex from 178.62.93.150
Oct 15 12:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13835]: input_userauth_request: invalid user alex [preauth]
Oct 15 12:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13835]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 12:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12183]: pam_unix(cron:session): session closed for user root
Oct 15 12:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13835]: Failed password for invalid user alex from 178.62.93.150 port 57384 ssh2
Oct 15 12:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13835]: Received disconnect from 178.62.93.150 port 57384:11: Bye Bye [preauth]
Oct 15 12:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13835]: Disconnected from 178.62.93.150 port 57384 [preauth]
Oct 15 12:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Invalid user administrator from 165.22.200.57
Oct 15 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: input_userauth_request: invalid user administrator [preauth]
Oct 15 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Failed password for invalid user administrator from 165.22.200.57 port 53226 ssh2
Oct 15 12:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Connection closed by 165.22.200.57 port 53226 [preauth]
Oct 15 12:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: Invalid user zhangsan from 27.112.78.170
Oct 15 12:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: input_userauth_request: invalid user zhangsan [preauth]
Oct 15 12:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: Failed password for invalid user zhangsan from 27.112.78.170 port 40444 ssh2
Oct 15 12:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: Received disconnect from 27.112.78.170 port 40444:11: Bye Bye [preauth]
Oct 15 12:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13899]: Disconnected from 27.112.78.170 port 40444 [preauth]
Oct 15 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13945]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13947]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13944]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13942]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13942]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14009]: Successful su for rubyman by root
Oct 15 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14009]: + ??? root:rubyman
Oct 15 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417593 of user rubyman.
Oct 15 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14009]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417593.
Oct 15 12:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10628]: pam_unix(cron:session): session closed for user root
Oct 15 12:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: Invalid user administrator from 165.22.200.57
Oct 15 12:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: input_userauth_request: invalid user administrator [preauth]
Oct 15 12:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13944]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: Failed password for invalid user administrator from 165.22.200.57 port 41498 ssh2
Oct 15 12:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: Connection closed by 165.22.200.57 port 41498 [preauth]
Oct 15 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Invalid user deployer from 47.247.99.155
Oct 15 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: input_userauth_request: invalid user deployer [preauth]
Oct 15 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 12:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Failed password for invalid user deployer from 47.247.99.155 port 52636 ssh2
Oct 15 12:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Received disconnect from 47.247.99.155 port 52636:11: Bye Bye [preauth]
Oct 15 12:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Disconnected from 47.247.99.155 port 52636 [preauth]
Oct 15 12:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12698]: pam_unix(cron:session): session closed for user root
Oct 15 12:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: Invalid user taibabi from 178.217.173.50
Oct 15 12:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: input_userauth_request: invalid user taibabi [preauth]
Oct 15 12:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: Invalid user administrator from 165.22.200.57
Oct 15 12:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: input_userauth_request: invalid user administrator [preauth]
Oct 15 12:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: Failed password for invalid user taibabi from 178.217.173.50 port 37148 ssh2
Oct 15 12:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: Received disconnect from 178.217.173.50 port 37148:11: Bye Bye [preauth]
Oct 15 12:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: Disconnected from 178.217.173.50 port 37148 [preauth]
Oct 15 12:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: Failed password for invalid user administrator from 165.22.200.57 port 36932 ssh2
Oct 15 12:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14469]: Connection closed by 165.22.200.57 port 36932 [preauth]
Oct 15 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14498]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14499]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14496]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14570]: Successful su for rubyman by root
Oct 15 12:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14570]: + ??? root:rubyman
Oct 15 12:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417595 of user rubyman.
Oct 15 12:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14570]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417595.
Oct 15 12:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14652]: Invalid user teamspeak3 from 115.240.221.28
Oct 15 12:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14652]: input_userauth_request: invalid user teamspeak3 [preauth]
Oct 15 12:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14652]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 12:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11107]: pam_unix(cron:session): session closed for user root
Oct 15 12:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14652]: Failed password for invalid user teamspeak3 from 115.240.221.28 port 3421 ssh2
Oct 15 12:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14652]: Received disconnect from 115.240.221.28 port 3421:11: Bye Bye [preauth]
Oct 15 12:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14652]: Disconnected from 115.240.221.28 port 3421 [preauth]
Oct 15 12:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14497]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: Invalid user pmuser from 46.101.170.54
Oct 15 12:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: input_userauth_request: invalid user pmuser [preauth]
Oct 15 12:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54
Oct 15 12:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: Failed password for invalid user pmuser from 46.101.170.54 port 47816 ssh2
Oct 15 12:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: Connection closed by 46.101.170.54 port 47816 [preauth]
Oct 15 12:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14832]: Invalid user botuser from 178.62.93.150
Oct 15 12:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14832]: input_userauth_request: invalid user botuser [preauth]
Oct 15 12:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14832]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 12:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14832]: Failed password for invalid user botuser from 178.62.93.150 port 44664 ssh2
Oct 15 12:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14832]: Received disconnect from 178.62.93.150 port 44664:11: Bye Bye [preauth]
Oct 15 12:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14832]: Disconnected from 178.62.93.150 port 44664 [preauth]
Oct 15 12:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14866]: Invalid user administrator from 165.22.200.57
Oct 15 12:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14866]: input_userauth_request: invalid user administrator [preauth]
Oct 15 12:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14866]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14866]: Failed password for invalid user administrator from 165.22.200.57 port 52562 ssh2
Oct 15 12:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14866]: Connection closed by 165.22.200.57 port 52562 [preauth]
Oct 15 12:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170  user=root
Oct 15 12:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14880]: Invalid user ftptest from 117.252.95.54
Oct 15 12:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14880]: input_userauth_request: invalid user ftptest [preauth]
Oct 15 12:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14880]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 12:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14877]: Failed password for root from 27.112.78.170 port 50600 ssh2
Oct 15 12:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13424]: pam_unix(cron:session): session closed for user root
Oct 15 12:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14877]: Received disconnect from 27.112.78.170 port 50600:11: Bye Bye [preauth]
Oct 15 12:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14877]: Disconnected from 27.112.78.170 port 50600 [preauth]
Oct 15 12:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14880]: Failed password for invalid user ftptest from 117.252.95.54 port 39731 ssh2
Oct 15 12:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14880]: Received disconnect from 117.252.95.54 port 39731:11: Bye Bye [preauth]
Oct 15 12:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14880]: Disconnected from 117.252.95.54 port 39731 [preauth]
Oct 15 12:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: Invalid user dummy from 47.247.99.155
Oct 15 12:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: input_userauth_request: invalid user dummy [preauth]
Oct 15 12:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 12:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: Failed password for invalid user dummy from 47.247.99.155 port 47118 ssh2
Oct 15 12:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: Received disconnect from 47.247.99.155 port 47118:11: Bye Bye [preauth]
Oct 15 12:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: Disconnected from 47.247.99.155 port 47118 [preauth]
Oct 15 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14973]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14972]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14970]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15144]: Successful su for rubyman by root
Oct 15 12:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15144]: + ??? root:rubyman
Oct 15 12:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15144]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417600 of user rubyman.
Oct 15 12:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15144]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417600.
Oct 15 12:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: Invalid user administrator from 165.22.200.57
Oct 15 12:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: input_userauth_request: invalid user administrator [preauth]
Oct 15 12:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11594]: pam_unix(cron:session): session closed for user root
Oct 15 12:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: Failed password for invalid user administrator from 165.22.200.57 port 57742 ssh2
Oct 15 12:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15270]: Connection closed by 165.22.200.57 port 57742 [preauth]
Oct 15 12:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14971]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: Invalid user ubuntu from 178.217.173.50
Oct 15 12:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 12:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: Failed password for invalid user ubuntu from 178.217.173.50 port 41210 ssh2
Oct 15 12:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: Received disconnect from 178.217.173.50 port 41210:11: Bye Bye [preauth]
Oct 15 12:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: Disconnected from 178.217.173.50 port 41210 [preauth]
Oct 15 12:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13947]: pam_unix(cron:session): session closed for user root
Oct 15 12:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: Invalid user ftpuser from 165.22.200.57
Oct 15 12:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 12:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 15 12:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: Failed password for invalid user ftpuser from 165.22.200.57 port 49054 ssh2
Oct 15 12:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: Connection closed by 165.22.200.57 port 49054 [preauth]
Oct 15 12:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15506]: Invalid user alex from 115.240.221.28
Oct 15 12:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15506]: input_userauth_request: invalid user alex [preauth]
Oct 15 12:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15506]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 12:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: Failed password for root from 190.103.202.7 port 45828 ssh2
Oct 15 12:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15489]: Connection closed by 190.103.202.7 port 45828 [preauth]
Oct 15 12:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15506]: Failed password for invalid user alex from 115.240.221.28 port 30876 ssh2
Oct 15 12:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15506]: Received disconnect from 115.240.221.28 port 30876:11: Bye Bye [preauth]
Oct 15 12:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15506]: Disconnected from 115.240.221.28 port 30876 [preauth]
Oct 15 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15532]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15535]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15533]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15531]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15535]: pam_unix(cron:session): session closed for user root
Oct 15 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15529]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15614]: Successful su for rubyman by root
Oct 15 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15614]: + ??? root:rubyman
Oct 15 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417603 of user rubyman.
Oct 15 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15614]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417603.
Oct 15 12:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15531]: pam_unix(cron:session): session closed for user root
Oct 15 12:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12180]: pam_unix(cron:session): session closed for user root
Oct 15 12:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: Invalid user www from 178.62.93.150
Oct 15 12:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: input_userauth_request: invalid user www [preauth]
Oct 15 12:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 12:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: Invalid user botuser from 117.252.95.54
Oct 15 12:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: input_userauth_request: invalid user botuser [preauth]
Oct 15 12:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 12:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: Failed password for invalid user www from 178.62.93.150 port 60296 ssh2
Oct 15 12:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: Received disconnect from 178.62.93.150 port 60296:11: Bye Bye [preauth]
Oct 15 12:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15852]: Disconnected from 178.62.93.150 port 60296 [preauth]
Oct 15 12:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15530]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: Failed password for invalid user botuser from 117.252.95.54 port 13074 ssh2
Oct 15 12:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: Received disconnect from 117.252.95.54 port 13074:11: Bye Bye [preauth]
Oct 15 12:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15860]: Disconnected from 117.252.95.54 port 13074 [preauth]
Oct 15 12:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15900]: Invalid user ftpuser from 165.22.200.57
Oct 15 12:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15900]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 12:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15900]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: Invalid user batman from 27.112.78.170
Oct 15 12:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: input_userauth_request: invalid user batman [preauth]
Oct 15 12:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15900]: Failed password for invalid user ftpuser from 165.22.200.57 port 51346 ssh2
Oct 15 12:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15900]: Connection closed by 165.22.200.57 port 51346 [preauth]
Oct 15 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: Failed password for invalid user batman from 27.112.78.170 port 37720 ssh2
Oct 15 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: Received disconnect from 27.112.78.170 port 37720:11: Bye Bye [preauth]
Oct 15 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: Disconnected from 27.112.78.170 port 37720 [preauth]
Oct 15 12:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14499]: pam_unix(cron:session): session closed for user root
Oct 15 12:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155  user=root
Oct 15 12:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: Failed password for root from 47.247.99.155 port 49146 ssh2
Oct 15 12:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: Received disconnect from 47.247.99.155 port 49146:11: Bye Bye [preauth]
Oct 15 12:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: Disconnected from 47.247.99.155 port 49146 [preauth]
Oct 15 12:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: Invalid user rocketmq from 178.217.173.50
Oct 15 12:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: input_userauth_request: invalid user rocketmq [preauth]
Oct 15 12:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: Failed password for invalid user rocketmq from 178.217.173.50 port 45274 ssh2
Oct 15 12:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: Received disconnect from 178.217.173.50 port 45274:11: Bye Bye [preauth]
Oct 15 12:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: Disconnected from 178.217.173.50 port 45274 [preauth]
Oct 15 12:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: Invalid user ftpuser from 165.22.200.57
Oct 15 12:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 12:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: Failed password for invalid user ftpuser from 165.22.200.57 port 51290 ssh2
Oct 15 12:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: Connection closed by 165.22.200.57 port 51290 [preauth]
Oct 15 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16040]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16039]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16037]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16037]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16126]: Successful su for rubyman by root
Oct 15 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16126]: + ??? root:rubyman
Oct 15 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16126]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417609 of user rubyman.
Oct 15 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16126]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417609.
Oct 15 12:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12697]: pam_unix(cron:session): session closed for user root
Oct 15 12:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16038]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28  user=root
Oct 15 12:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Failed password for root from 115.240.221.28 port 46726 ssh2
Oct 15 12:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Received disconnect from 115.240.221.28 port 46726:11: Bye Bye [preauth]
Oct 15 12:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Disconnected from 115.240.221.28 port 46726 [preauth]
Oct 15 12:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16417]: Invalid user ftpuser from 165.22.200.57
Oct 15 12:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16417]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 12:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16417]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16417]: Failed password for invalid user ftpuser from 165.22.200.57 port 34800 ssh2
Oct 15 12:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16417]: Connection closed by 165.22.200.57 port 34800 [preauth]
Oct 15 12:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14973]: pam_unix(cron:session): session closed for user root
Oct 15 12:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: Invalid user guest from 117.252.95.54
Oct 15 12:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: input_userauth_request: invalid user guest [preauth]
Oct 15 12:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 12:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: Failed password for invalid user guest from 117.252.95.54 port 20957 ssh2
Oct 15 12:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: Received disconnect from 117.252.95.54 port 20957:11: Bye Bye [preauth]
Oct 15 12:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16501]: Disconnected from 117.252.95.54 port 20957 [preauth]
Oct 15 12:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16521]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16520]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16518]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: Invalid user client from 178.62.93.150
Oct 15 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: input_userauth_request: invalid user client [preauth]
Oct 15 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16602]: Successful su for rubyman by root
Oct 15 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16602]: + ??? root:rubyman
Oct 15 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16602]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417613 of user rubyman.
Oct 15 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16602]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417613.
Oct 15 12:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: Failed password for invalid user client from 178.62.93.150 port 46702 ssh2
Oct 15 12:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: Received disconnect from 178.62.93.150 port 46702:11: Bye Bye [preauth]
Oct 15 12:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16514]: Disconnected from 178.62.93.150 port 46702 [preauth]
Oct 15 12:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13423]: pam_unix(cron:session): session closed for user root
Oct 15 12:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170  user=root
Oct 15 12:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Invalid user ftpuser from 165.22.200.57
Oct 15 12:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 12:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Failed password for root from 27.112.78.170 port 42084 ssh2
Oct 15 12:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Received disconnect from 27.112.78.170 port 42084:11: Bye Bye [preauth]
Oct 15 12:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Disconnected from 27.112.78.170 port 42084 [preauth]
Oct 15 12:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Failed password for invalid user ftpuser from 165.22.200.57 port 58134 ssh2
Oct 15 12:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Connection closed by 165.22.200.57 port 58134 [preauth]
Oct 15 12:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: Invalid user magento from 178.217.173.50
Oct 15 12:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: input_userauth_request: invalid user magento [preauth]
Oct 15 12:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16832]: Invalid user git from 47.247.99.155
Oct 15 12:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16832]: input_userauth_request: invalid user git [preauth]
Oct 15 12:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16832]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 12:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: Failed password for invalid user magento from 178.217.173.50 port 49334 ssh2
Oct 15 12:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: Received disconnect from 178.217.173.50 port 49334:11: Bye Bye [preauth]
Oct 15 12:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: Disconnected from 178.217.173.50 port 49334 [preauth]
Oct 15 12:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16519]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16832]: Failed password for invalid user git from 47.247.99.155 port 56088 ssh2
Oct 15 12:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16832]: Received disconnect from 47.247.99.155 port 56088:11: Bye Bye [preauth]
Oct 15 12:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16832]: Disconnected from 47.247.99.155 port 56088 [preauth]
Oct 15 12:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15533]: pam_unix(cron:session): session closed for user root
Oct 15 12:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Invalid user ftpuser from 165.22.200.57
Oct 15 12:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 12:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Failed password for invalid user ftpuser from 165.22.200.57 port 33376 ssh2
Oct 15 12:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Connection closed by 165.22.200.57 port 33376 [preauth]
Oct 15 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17006]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17007]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17004]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17070]: Successful su for rubyman by root
Oct 15 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17070]: + ??? root:rubyman
Oct 15 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417620 of user rubyman.
Oct 15 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17070]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417620.
Oct 15 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: Invalid user ftptest from 115.240.221.28
Oct 15 12:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: input_userauth_request: invalid user ftptest [preauth]
Oct 15 12:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 12:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: Failed password for invalid user ftptest from 115.240.221.28 port 27615 ssh2
Oct 15 12:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: Received disconnect from 115.240.221.28 port 27615:11: Bye Bye [preauth]
Oct 15 12:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17131]: Disconnected from 115.240.221.28 port 27615 [preauth]
Oct 15 12:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13945]: pam_unix(cron:session): session closed for user root
Oct 15 12:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17005]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: Invalid user ftpuser from 165.22.200.57
Oct 15 12:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 12:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: Failed password for invalid user ftpuser from 165.22.200.57 port 59906 ssh2
Oct 15 12:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: Connection closed by 165.22.200.57 port 59906 [preauth]
Oct 15 12:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: Invalid user odoo17 from 117.252.95.54
Oct 15 12:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: input_userauth_request: invalid user odoo17 [preauth]
Oct 15 12:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 12:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: Failed password for invalid user odoo17 from 117.252.95.54 port 20089 ssh2
Oct 15 12:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: Received disconnect from 117.252.95.54 port 20089:11: Bye Bye [preauth]
Oct 15 12:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17361]: Disconnected from 117.252.95.54 port 20089 [preauth]
Oct 15 12:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16040]: pam_unix(cron:session): session closed for user root
Oct 15 12:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: Invalid user staging from 178.217.173.50
Oct 15 12:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: input_userauth_request: invalid user staging [preauth]
Oct 15 12:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: Failed password for invalid user staging from 178.217.173.50 port 53398 ssh2
Oct 15 12:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: Received disconnect from 178.217.173.50 port 53398:11: Bye Bye [preauth]
Oct 15 12:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17409]: Disconnected from 178.217.173.50 port 53398 [preauth]
Oct 15 12:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17427]: Invalid user ts3 from 178.62.93.150
Oct 15 12:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17427]: input_userauth_request: invalid user ts3 [preauth]
Oct 15 12:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17427]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 12:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17427]: Failed password for invalid user ts3 from 178.62.93.150 port 51476 ssh2
Oct 15 12:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17427]: Received disconnect from 178.62.93.150 port 51476:11: Bye Bye [preauth]
Oct 15 12:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17427]: Disconnected from 178.62.93.150 port 51476 [preauth]
Oct 15 12:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: Invalid user dolphinscheduler from 47.247.99.155
Oct 15 12:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: input_userauth_request: invalid user dolphinscheduler [preauth]
Oct 15 12:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 12:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: Failed password for invalid user dolphinscheduler from 47.247.99.155 port 60310 ssh2
Oct 15 12:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: Received disconnect from 47.247.99.155 port 60310:11: Bye Bye [preauth]
Oct 15 12:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: Disconnected from 47.247.99.155 port 60310 [preauth]
Oct 15 12:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.93  user=root
Oct 15 12:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: Invalid user inspector from 27.112.78.170
Oct 15 12:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: input_userauth_request: invalid user inspector [preauth]
Oct 15 12:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: Failed password for root from 194.0.234.93 port 24250 ssh2
Oct 15 12:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17476]: Connection closed by 194.0.234.93 port 24250 [preauth]
Oct 15 12:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: Invalid user ftpuser from 165.22.200.57
Oct 15 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: Failed password for invalid user inspector from 27.112.78.170 port 38272 ssh2
Oct 15 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: Received disconnect from 27.112.78.170 port 38272:11: Bye Bye [preauth]
Oct 15 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17479]: Disconnected from 27.112.78.170 port 38272 [preauth]
Oct 15 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17497]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17491]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17493]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: Failed password for invalid user ftpuser from 165.22.200.57 port 41592 ssh2
Oct 15 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17481]: Connection closed by 165.22.200.57 port 41592 [preauth]
Oct 15 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17680]: Successful su for rubyman by root
Oct 15 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17680]: + ??? root:rubyman
Oct 15 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417621 of user rubyman.
Oct 15 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17680]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417621.
Oct 15 12:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17491]: pam_unix(cron:session): session closed for user root
Oct 15 12:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14498]: pam_unix(cron:session): session closed for user root
Oct 15 12:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17494]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: Invalid user ftpuser from 165.22.200.57
Oct 15 12:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 12:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16521]: pam_unix(cron:session): session closed for user root
Oct 15 12:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: Failed password for invalid user ftpuser from 165.22.200.57 port 47852 ssh2
Oct 15 12:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: Connection closed by 165.22.200.57 port 47852 [preauth]
Oct 15 12:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Invalid user nagios from 115.240.221.28
Oct 15 12:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: input_userauth_request: invalid user nagios [preauth]
Oct 15 12:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 12:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Failed password for invalid user nagios from 115.240.221.28 port 64584 ssh2
Oct 15 12:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Received disconnect from 115.240.221.28 port 64584:11: Bye Bye [preauth]
Oct 15 12:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Disconnected from 115.240.221.28 port 64584 [preauth]
Oct 15 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18280]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18279]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18281]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18276]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18277]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18281]: pam_unix(cron:session): session closed for user root
Oct 15 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18275]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18470]: Successful su for rubyman by root
Oct 15 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18470]: + ??? root:rubyman
Oct 15 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417627 of user rubyman.
Oct 15 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18470]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417627.
Oct 15 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: Invalid user deploy from 117.252.95.54
Oct 15 12:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: input_userauth_request: invalid user deploy [preauth]
Oct 15 12:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: Failed password for invalid user deploy from 117.252.95.54 port 63691 ssh2
Oct 15 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: Received disconnect from 117.252.95.54 port 63691:11: Bye Bye [preauth]
Oct 15 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18480]: Disconnected from 117.252.95.54 port 63691 [preauth]
Oct 15 12:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: Invalid user halley from 178.217.173.50
Oct 15 12:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: input_userauth_request: invalid user halley [preauth]
Oct 15 12:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18277]: pam_unix(cron:session): session closed for user root
Oct 15 12:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: Failed password for invalid user halley from 178.217.173.50 port 57460 ssh2
Oct 15 12:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: Received disconnect from 178.217.173.50 port 57460:11: Bye Bye [preauth]
Oct 15 12:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: Disconnected from 178.217.173.50 port 57460 [preauth]
Oct 15 12:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14972]: pam_unix(cron:session): session closed for user root
Oct 15 12:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: User mysql from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: input_userauth_request: invalid user mysql [preauth]
Oct 15 12:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=mysql
Oct 15 12:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: Failed password for invalid user mysql from 165.22.200.57 port 39316 ssh2
Oct 15 12:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: Connection closed by 165.22.200.57 port 39316 [preauth]
Oct 15 12:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18276]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: Invalid user git from 47.247.99.155
Oct 15 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: input_userauth_request: invalid user git [preauth]
Oct 15 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 12:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: Failed password for invalid user git from 47.247.99.155 port 53158 ssh2
Oct 15 12:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: Received disconnect from 47.247.99.155 port 53158:11: Bye Bye [preauth]
Oct 15 12:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18767]: Disconnected from 47.247.99.155 port 53158 [preauth]
Oct 15 12:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: Invalid user server from 178.62.93.150
Oct 15 12:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: input_userauth_request: invalid user server [preauth]
Oct 15 12:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 12:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: Failed password for invalid user server from 178.62.93.150 port 58230 ssh2
Oct 15 12:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: Received disconnect from 178.62.93.150 port 58230:11: Bye Bye [preauth]
Oct 15 12:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: Disconnected from 178.62.93.150 port 58230 [preauth]
Oct 15 12:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17007]: pam_unix(cron:session): session closed for user root
Oct 15 12:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: User mysql from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: input_userauth_request: invalid user mysql [preauth]
Oct 15 12:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170  user=root
Oct 15 12:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=mysql
Oct 15 12:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18896]: Failed password for root from 27.112.78.170 port 33476 ssh2
Oct 15 12:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: Failed password for invalid user mysql from 165.22.200.57 port 49244 ssh2
Oct 15 12:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18896]: Received disconnect from 27.112.78.170 port 33476:11: Bye Bye [preauth]
Oct 15 12:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18896]: Disconnected from 27.112.78.170 port 33476 [preauth]
Oct 15 12:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: Connection closed by 165.22.200.57 port 49244 [preauth]
Oct 15 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18928]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18927]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18929]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18925]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19122]: Successful su for rubyman by root
Oct 15 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19122]: + ??? root:rubyman
Oct 15 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417635 of user rubyman.
Oct 15 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19122]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417635.
Oct 15 12:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15532]: pam_unix(cron:session): session closed for user root
Oct 15 12:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18927]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: Invalid user agent from 115.240.221.28
Oct 15 12:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: input_userauth_request: invalid user agent [preauth]
Oct 15 12:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 12:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: Failed password for invalid user agent from 115.240.221.28 port 55242 ssh2
Oct 15 12:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: Received disconnect from 115.240.221.28 port 55242:11: Bye Bye [preauth]
Oct 15 12:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19600]: Disconnected from 115.240.221.28 port 55242 [preauth]
Oct 15 12:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: User mysql from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: input_userauth_request: invalid user mysql [preauth]
Oct 15 12:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=mysql
Oct 15 12:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: Failed password for invalid user mysql from 165.22.200.57 port 42736 ssh2
Oct 15 12:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: Connection closed by 165.22.200.57 port 42736 [preauth]
Oct 15 12:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: Invalid user igor from 178.217.173.50
Oct 15 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: input_userauth_request: invalid user igor [preauth]
Oct 15 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: Failed password for invalid user igor from 178.217.173.50 port 33290 ssh2
Oct 15 12:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: Received disconnect from 178.217.173.50 port 33290:11: Bye Bye [preauth]
Oct 15 12:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: Disconnected from 178.217.173.50 port 33290 [preauth]
Oct 15 12:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17497]: pam_unix(cron:session): session closed for user root
Oct 15 12:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Invalid user agent from 117.252.95.54
Oct 15 12:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: input_userauth_request: invalid user agent [preauth]
Oct 15 12:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 12:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Failed password for invalid user agent from 117.252.95.54 port 49015 ssh2
Oct 15 12:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Received disconnect from 117.252.95.54 port 49015:11: Bye Bye [preauth]
Oct 15 12:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Disconnected from 117.252.95.54 port 49015 [preauth]
Oct 15 12:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19851]: Invalid user devuser from 47.247.99.155
Oct 15 12:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19851]: input_userauth_request: invalid user devuser [preauth]
Oct 15 12:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19851]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 12:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19851]: Failed password for invalid user devuser from 47.247.99.155 port 55192 ssh2
Oct 15 12:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19851]: Received disconnect from 47.247.99.155 port 55192:11: Bye Bye [preauth]
Oct 15 12:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19851]: Disconnected from 47.247.99.155 port 55192 [preauth]
Oct 15 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19874]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19878]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19869]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19951]: User mysql from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19951]: input_userauth_request: invalid user mysql [preauth]
Oct 15 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=mysql
Oct 15 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19966]: Successful su for rubyman by root
Oct 15 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19966]: + ??? root:rubyman
Oct 15 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417639 of user rubyman.
Oct 15 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19966]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417639.
Oct 15 12:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19951]: Failed password for invalid user mysql from 165.22.200.57 port 59868 ssh2
Oct 15 12:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19951]: Connection closed by 165.22.200.57 port 59868 [preauth]
Oct 15 12:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16039]: pam_unix(cron:session): session closed for user root
Oct 15 12:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20189]: Invalid user vishal from 178.62.93.150
Oct 15 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20189]: input_userauth_request: invalid user vishal [preauth]
Oct 15 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20189]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 12:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20189]: Failed password for invalid user vishal from 178.62.93.150 port 52824 ssh2
Oct 15 12:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20189]: Received disconnect from 178.62.93.150 port 52824:11: Bye Bye [preauth]
Oct 15 12:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20189]: Disconnected from 178.62.93.150 port 52824 [preauth]
Oct 15 12:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19873]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20334]: User mysql from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20334]: input_userauth_request: invalid user mysql [preauth]
Oct 15 12:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=mysql
Oct 15 12:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20334]: Failed password for invalid user mysql from 165.22.200.57 port 45854 ssh2
Oct 15 12:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18280]: pam_unix(cron:session): session closed for user root
Oct 15 12:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20334]: Connection closed by 165.22.200.57 port 45854 [preauth]
Oct 15 12:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20363]: Invalid user rocketmq from 27.112.78.170
Oct 15 12:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20363]: input_userauth_request: invalid user rocketmq [preauth]
Oct 15 12:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20363]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20363]: Failed password for invalid user rocketmq from 27.112.78.170 port 58048 ssh2
Oct 15 12:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20363]: Received disconnect from 27.112.78.170 port 58048:11: Bye Bye [preauth]
Oct 15 12:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20363]: Disconnected from 27.112.78.170 port 58048 [preauth]
Oct 15 12:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50  user=root
Oct 15 12:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20409]: Failed password for root from 178.217.173.50 port 37356 ssh2
Oct 15 12:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20409]: Received disconnect from 178.217.173.50 port 37356:11: Bye Bye [preauth]
Oct 15 12:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20409]: Disconnected from 178.217.173.50 port 37356 [preauth]
Oct 15 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20427]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20428]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20424]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20501]: Successful su for rubyman by root
Oct 15 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20501]: + ??? root:rubyman
Oct 15 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417642 of user rubyman.
Oct 15 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20501]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417642.
Oct 15 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: Invalid user ts3 from 115.240.221.28
Oct 15 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: input_userauth_request: invalid user ts3 [preauth]
Oct 15 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 12:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: Failed password for invalid user ts3 from 115.240.221.28 port 37184 ssh2
Oct 15 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: Received disconnect from 115.240.221.28 port 37184:11: Bye Bye [preauth]
Oct 15 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: Disconnected from 115.240.221.28 port 37184 [preauth]
Oct 15 12:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16520]: pam_unix(cron:session): session closed for user root
Oct 15 12:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20724]: User mysql from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20724]: input_userauth_request: invalid user mysql [preauth]
Oct 15 12:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=mysql
Oct 15 12:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20425]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20724]: Failed password for invalid user mysql from 165.22.200.57 port 35996 ssh2
Oct 15 12:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20724]: Connection closed by 165.22.200.57 port 35996 [preauth]
Oct 15 12:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: Invalid user www from 117.252.95.54
Oct 15 12:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: input_userauth_request: invalid user www [preauth]
Oct 15 12:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 12:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: Failed password for invalid user www from 117.252.95.54 port 9295 ssh2
Oct 15 12:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: Received disconnect from 117.252.95.54 port 9295:11: Bye Bye [preauth]
Oct 15 12:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20741]: Disconnected from 117.252.95.54 port 9295 [preauth]
Oct 15 12:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: Invalid user ahmed from 47.247.99.155
Oct 15 12:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: input_userauth_request: invalid user ahmed [preauth]
Oct 15 12:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 12:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: Failed password for invalid user ahmed from 47.247.99.155 port 32844 ssh2
Oct 15 12:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: Received disconnect from 47.247.99.155 port 32844:11: Bye Bye [preauth]
Oct 15 12:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20782]: Disconnected from 47.247.99.155 port 32844 [preauth]
Oct 15 12:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18929]: pam_unix(cron:session): session closed for user root
Oct 15 12:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20877]: User mysql from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20877]: input_userauth_request: invalid user mysql [preauth]
Oct 15 12:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=mysql
Oct 15 12:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20877]: Failed password for invalid user mysql from 165.22.200.57 port 42692 ssh2
Oct 15 12:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20877]: Connection closed by 165.22.200.57 port 42692 [preauth]
Oct 15 12:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 15 12:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20880]: Failed password for root from 185.156.73.233 port 57014 ssh2
Oct 15 12:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20880]: Connection closed by 185.156.73.233 port 57014 [preauth]
Oct 15 12:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20890]: Invalid user deployer from 178.62.93.150
Oct 15 12:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20890]: input_userauth_request: invalid user deployer [preauth]
Oct 15 12:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20890]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 12:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20890]: Failed password for invalid user deployer from 178.62.93.150 port 44856 ssh2
Oct 15 12:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20890]: Received disconnect from 178.62.93.150 port 44856:11: Bye Bye [preauth]
Oct 15 12:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20890]: Disconnected from 178.62.93.150 port 44856 [preauth]
Oct 15 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20908]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20909]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20906]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20978]: Successful su for rubyman by root
Oct 15 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20978]: + ??? root:rubyman
Oct 15 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417647 of user rubyman.
Oct 15 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20978]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417647.
Oct 15 12:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17006]: pam_unix(cron:session): session closed for user root
Oct 15 12:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20907]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50  user=root
Oct 15 12:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: Failed password for root from 178.217.173.50 port 41426 ssh2
Oct 15 12:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: Received disconnect from 178.217.173.50 port 41426:11: Bye Bye [preauth]
Oct 15 12:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: Disconnected from 178.217.173.50 port 41426 [preauth]
Oct 15 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: User mysql from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: input_userauth_request: invalid user mysql [preauth]
Oct 15 12:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=mysql
Oct 15 12:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: Failed password for invalid user mysql from 165.22.200.57 port 45508 ssh2
Oct 15 12:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21234]: Connection closed by 165.22.200.57 port 45508 [preauth]
Oct 15 12:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170  user=root
Oct 15 12:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: Invalid user botuser from 115.240.221.28
Oct 15 12:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: input_userauth_request: invalid user botuser [preauth]
Oct 15 12:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 12:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19878]: pam_unix(cron:session): session closed for user root
Oct 15 12:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21264]: Failed password for root from 27.112.78.170 port 43440 ssh2
Oct 15 12:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21264]: Received disconnect from 27.112.78.170 port 43440:11: Bye Bye [preauth]
Oct 15 12:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21264]: Disconnected from 27.112.78.170 port 43440 [preauth]
Oct 15 12:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: Failed password for invalid user botuser from 115.240.221.28 port 19842 ssh2
Oct 15 12:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: Received disconnect from 115.240.221.28 port 19842:11: Bye Bye [preauth]
Oct 15 12:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21291]: Disconnected from 115.240.221.28 port 19842 [preauth]
Oct 15 12:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21405]: Invalid user ali from 117.252.95.54
Oct 15 12:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21405]: input_userauth_request: invalid user ali [preauth]
Oct 15 12:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21405]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 12:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21405]: Failed password for invalid user ali from 117.252.95.54 port 32449 ssh2
Oct 15 12:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21405]: Received disconnect from 117.252.95.54 port 32449:11: Bye Bye [preauth]
Oct 15 12:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21405]: Disconnected from 117.252.95.54 port 32449 [preauth]
Oct 15 12:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21417]: Invalid user adminuser from 47.247.99.155
Oct 15 12:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21417]: input_userauth_request: invalid user adminuser [preauth]
Oct 15 12:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21417]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 12:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21437]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21435]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21432]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21434]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21437]: pam_unix(cron:session): session closed for user root
Oct 15 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21430]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21423]: User mysql from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21423]: input_userauth_request: invalid user mysql [preauth]
Oct 15 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=mysql
Oct 15 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21417]: Failed password for invalid user adminuser from 47.247.99.155 port 50296 ssh2
Oct 15 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21417]: Received disconnect from 47.247.99.155 port 50296:11: Bye Bye [preauth]
Oct 15 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21417]: Disconnected from 47.247.99.155 port 50296 [preauth]
Oct 15 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21522]: Successful su for rubyman by root
Oct 15 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21522]: + ??? root:rubyman
Oct 15 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417649 of user rubyman.
Oct 15 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21522]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417649.
Oct 15 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21423]: Failed password for invalid user mysql from 165.22.200.57 port 50620 ssh2
Oct 15 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21423]: Connection closed by 165.22.200.57 port 50620 [preauth]
Oct 15 12:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21432]: pam_unix(cron:session): session closed for user root
Oct 15 12:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session closed for user root
Oct 15 12:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21431]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20428]: pam_unix(cron:session): session closed for user root
Oct 15 12:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: User backup from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: input_userauth_request: invalid user backup [preauth]
Oct 15 12:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=backup
Oct 15 12:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Failed password for invalid user backup from 165.22.200.57 port 50454 ssh2
Oct 15 12:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Connection closed by 165.22.200.57 port 50454 [preauth]
Oct 15 12:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: Invalid user frappe from 178.62.93.150
Oct 15 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: input_userauth_request: invalid user frappe [preauth]
Oct 15 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 12:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50  user=root
Oct 15 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21923]: Failed password for root from 178.217.173.50 port 45496 ssh2
Oct 15 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21923]: Received disconnect from 178.217.173.50 port 45496:11: Bye Bye [preauth]
Oct 15 12:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21923]: Disconnected from 178.217.173.50 port 45496 [preauth]
Oct 15 12:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: Failed password for invalid user frappe from 178.62.93.150 port 44876 ssh2
Oct 15 12:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: Received disconnect from 178.62.93.150 port 44876:11: Bye Bye [preauth]
Oct 15 12:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21925]: Disconnected from 178.62.93.150 port 44876 [preauth]
Oct 15 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21949]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21948]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21946]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22034]: Successful su for rubyman by root
Oct 15 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22034]: + ??? root:rubyman
Oct 15 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417655 of user rubyman.
Oct 15 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22034]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417655.
Oct 15 12:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18279]: pam_unix(cron:session): session closed for user root
Oct 15 12:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: User backup from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: input_userauth_request: invalid user backup [preauth]
Oct 15 12:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=backup
Oct 15 12:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21947]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: Failed password for invalid user backup from 165.22.200.57 port 42288 ssh2
Oct 15 12:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: Connection closed by 165.22.200.57 port 42288 [preauth]
Oct 15 12:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28  user=root
Oct 15 12:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: Failed password for root from 115.240.221.28 port 43577 ssh2
Oct 15 12:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: Received disconnect from 115.240.221.28 port 43577:11: Bye Bye [preauth]
Oct 15 12:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22309]: Disconnected from 115.240.221.28 port 43577 [preauth]
Oct 15 12:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170  user=root
Oct 15 12:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: Failed password for root from 27.112.78.170 port 46028 ssh2
Oct 15 12:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: Received disconnect from 27.112.78.170 port 46028:11: Bye Bye [preauth]
Oct 15 12:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: Disconnected from 27.112.78.170 port 46028 [preauth]
Oct 15 12:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22370]: Invalid user tempuser from 117.252.95.54
Oct 15 12:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22370]: input_userauth_request: invalid user tempuser [preauth]
Oct 15 12:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22370]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 12:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22372]: Invalid user dspace from 47.247.99.155
Oct 15 12:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22372]: input_userauth_request: invalid user dspace [preauth]
Oct 15 12:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22372]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 12:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22370]: Failed password for invalid user tempuser from 117.252.95.54 port 5294 ssh2
Oct 15 12:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22370]: Received disconnect from 117.252.95.54 port 5294:11: Bye Bye [preauth]
Oct 15 12:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22370]: Disconnected from 117.252.95.54 port 5294 [preauth]
Oct 15 12:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22372]: Failed password for invalid user dspace from 47.247.99.155 port 44278 ssh2
Oct 15 12:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22372]: Received disconnect from 47.247.99.155 port 44278:11: Bye Bye [preauth]
Oct 15 12:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22372]: Disconnected from 47.247.99.155 port 44278 [preauth]
Oct 15 12:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20909]: pam_unix(cron:session): session closed for user root
Oct 15 12:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: User backup from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: input_userauth_request: invalid user backup [preauth]
Oct 15 12:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=backup
Oct 15 12:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: Failed password for invalid user backup from 165.22.200.57 port 38566 ssh2
Oct 15 12:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: Connection closed by 165.22.200.57 port 38566 [preauth]
Oct 15 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22473]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22474]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22469]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22469]: pam_unix(cron:session): session closed for user root
Oct 15 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22471]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22546]: Successful su for rubyman by root
Oct 15 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22546]: + ??? root:rubyman
Oct 15 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417658 of user rubyman.
Oct 15 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22546]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417658.
Oct 15 12:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18928]: pam_unix(cron:session): session closed for user root
Oct 15 12:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: Invalid user koumy from 178.217.173.50
Oct 15 12:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: input_userauth_request: invalid user koumy [preauth]
Oct 15 12:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22472]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: Failed password for invalid user koumy from 178.217.173.50 port 49558 ssh2
Oct 15 12:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: Received disconnect from 178.217.173.50 port 49558:11: Bye Bye [preauth]
Oct 15 12:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23095]: Disconnected from 178.217.173.50 port 49558 [preauth]
Oct 15 12:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55  user=root
Oct 15 12:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: Failed password for root from 39.172.84.55 port 38429 ssh2
Oct 15 12:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: Connection closed by 39.172.84.55 port 38429 [preauth]
Oct 15 12:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23152]: Invalid user admin from 39.172.84.55
Oct 15 12:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23152]: input_userauth_request: invalid user admin [preauth]
Oct 15 12:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23152]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23176]: User backup from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23176]: input_userauth_request: invalid user backup [preauth]
Oct 15 12:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=backup
Oct 15 12:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23152]: Failed password for invalid user admin from 39.172.84.55 port 39220 ssh2
Oct 15 12:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23152]: Connection closed by 39.172.84.55 port 39220 [preauth]
Oct 15 12:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23176]: Failed password for invalid user backup from 165.22.200.57 port 49556 ssh2
Oct 15 12:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23176]: Connection closed by 165.22.200.57 port 49556 [preauth]
Oct 15 12:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23202]: Invalid user ubuntu from 39.172.84.55
Oct 15 12:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23202]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 12:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23202]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23202]: Failed password for invalid user ubuntu from 39.172.84.55 port 39958 ssh2
Oct 15 12:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23202]: Connection closed by 39.172.84.55 port 39958 [preauth]
Oct 15 12:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: Invalid user user from 178.62.93.150
Oct 15 12:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: input_userauth_request: invalid user user [preauth]
Oct 15 12:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 12:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: Failed password for invalid user user from 178.62.93.150 port 56014 ssh2
Oct 15 12:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: Received disconnect from 178.62.93.150 port 56014:11: Bye Bye [preauth]
Oct 15 12:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: Disconnected from 178.62.93.150 port 56014 [preauth]
Oct 15 12:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21435]: pam_unix(cron:session): session closed for user root
Oct 15 12:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23247]: Invalid user minecraft from 39.172.84.55
Oct 15 12:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23247]: input_userauth_request: invalid user minecraft [preauth]
Oct 15 12:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23247]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23247]: Failed password for invalid user minecraft from 39.172.84.55 port 40867 ssh2
Oct 15 12:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23247]: Connection closed by 39.172.84.55 port 40867 [preauth]
Oct 15 12:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: Invalid user pi from 39.172.84.55
Oct 15 12:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: input_userauth_request: invalid user pi [preauth]
Oct 15 12:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: Failed password for invalid user pi from 39.172.84.55 port 41720 ssh2
Oct 15 12:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: Connection closed by 39.172.84.55 port 41720 [preauth]
Oct 15 12:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23312]: Invalid user vagrant from 39.172.84.55
Oct 15 12:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23312]: input_userauth_request: invalid user vagrant [preauth]
Oct 15 12:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23312]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23312]: Failed password for invalid user vagrant from 39.172.84.55 port 42457 ssh2
Oct 15 12:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23312]: Connection closed by 39.172.84.55 port 42457 [preauth]
Oct 15 12:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23329]: Invalid user deployer from 115.240.221.28
Oct 15 12:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23329]: input_userauth_request: invalid user deployer [preauth]
Oct 15 12:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23329]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 12:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23329]: Failed password for invalid user deployer from 115.240.221.28 port 61469 ssh2
Oct 15 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23387]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23388]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23350]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23329]: Received disconnect from 115.240.221.28 port 61469:11: Bye Bye [preauth]
Oct 15 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23329]: Disconnected from 115.240.221.28 port 61469 [preauth]
Oct 15 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23748]: Successful su for rubyman by root
Oct 15 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23748]: + ??? root:rubyman
Oct 15 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417665 of user rubyman.
Oct 15 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23748]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417665.
Oct 15 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23778]: User backup from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23778]: input_userauth_request: invalid user backup [preauth]
Oct 15 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=backup
Oct 15 12:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23778]: Failed password for invalid user backup from 165.22.200.57 port 49204 ssh2
Oct 15 12:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23778]: Connection closed by 165.22.200.57 port 49204 [preauth]
Oct 15 12:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55  user=root
Oct 15 12:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23345]: Failed password for root from 39.172.84.55 port 43450 ssh2
Oct 15 12:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19874]: pam_unix(cron:session): session closed for user root
Oct 15 12:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23345]: Connection closed by 39.172.84.55 port 43450 [preauth]
Oct 15 12:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: Invalid user frappe from 47.247.99.155
Oct 15 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: input_userauth_request: invalid user frappe [preauth]
Oct 15 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: Invalid user cortega from 27.112.78.170
Oct 15 12:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: input_userauth_request: invalid user cortega [preauth]
Oct 15 12:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: Invalid user user from 39.172.84.55
Oct 15 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: input_userauth_request: invalid user user [preauth]
Oct 15 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: Failed password for invalid user frappe from 47.247.99.155 port 48210 ssh2
Oct 15 12:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: Received disconnect from 47.247.99.155 port 48210:11: Bye Bye [preauth]
Oct 15 12:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: Disconnected from 47.247.99.155 port 48210 [preauth]
Oct 15 12:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: Failed password for invalid user cortega from 27.112.78.170 port 47682 ssh2
Oct 15 12:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: Received disconnect from 27.112.78.170 port 47682:11: Bye Bye [preauth]
Oct 15 12:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23964]: Disconnected from 27.112.78.170 port 47682 [preauth]
Oct 15 12:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23386]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: Invalid user vishal from 117.252.95.54
Oct 15 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: input_userauth_request: invalid user vishal [preauth]
Oct 15 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: Failed password for invalid user user from 39.172.84.55 port 44544 ssh2
Oct 15 12:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23946]: Connection closed by 39.172.84.55 port 44544 [preauth]
Oct 15 12:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: Failed password for invalid user vishal from 117.252.95.54 port 22234 ssh2
Oct 15 12:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: Received disconnect from 117.252.95.54 port 22234:11: Bye Bye [preauth]
Oct 15 12:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23989]: Disconnected from 117.252.95.54 port 22234 [preauth]
Oct 15 12:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: Invalid user openvpn from 39.172.84.55
Oct 15 12:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: input_userauth_request: invalid user openvpn [preauth]
Oct 15 12:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: Failed password for invalid user openvpn from 39.172.84.55 port 45551 ssh2
Oct 15 12:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: Connection closed by 39.172.84.55 port 45551 [preauth]
Oct 15 12:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55  user=root
Oct 15 12:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: Failed password for root from 39.172.84.55 port 46594 ssh2
Oct 15 12:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: Connection closed by 39.172.84.55 port 46594 [preauth]
Oct 15 12:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21949]: pam_unix(cron:session): session closed for user root
Oct 15 12:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: Invalid user ts3 from 39.172.84.55
Oct 15 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: input_userauth_request: invalid user ts3 [preauth]
Oct 15 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: Invalid user helen from 178.217.173.50
Oct 15 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: input_userauth_request: invalid user helen [preauth]
Oct 15 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24137]: User backup from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24137]: input_userauth_request: invalid user backup [preauth]
Oct 15 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=backup
Oct 15 12:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: Failed password for invalid user helen from 178.217.173.50 port 53616 ssh2
Oct 15 12:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: Received disconnect from 178.217.173.50 port 53616:11: Bye Bye [preauth]
Oct 15 12:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24133]: Disconnected from 178.217.173.50 port 53616 [preauth]
Oct 15 12:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: Failed password for invalid user ts3 from 39.172.84.55 port 47545 ssh2
Oct 15 12:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24083]: Connection closed by 39.172.84.55 port 47545 [preauth]
Oct 15 12:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24137]: Failed password for invalid user backup from 165.22.200.57 port 60456 ssh2
Oct 15 12:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24137]: Connection closed by 165.22.200.57 port 60456 [preauth]
Oct 15 12:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: Invalid user pi from 39.172.84.55
Oct 15 12:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: input_userauth_request: invalid user pi [preauth]
Oct 15 12:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: Failed password for invalid user pi from 39.172.84.55 port 48789 ssh2
Oct 15 12:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24154]: Connection closed by 39.172.84.55 port 48789 [preauth]
Oct 15 12:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24188]: Invalid user deploy from 39.172.84.55
Oct 15 12:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24188]: input_userauth_request: invalid user deploy [preauth]
Oct 15 12:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24188]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24216]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24215]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24212]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24188]: Failed password for invalid user deploy from 39.172.84.55 port 50048 ssh2
Oct 15 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24294]: Successful su for rubyman by root
Oct 15 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24294]: + ??? root:rubyman
Oct 15 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24294]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417668 of user rubyman.
Oct 15 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24294]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417668.
Oct 15 12:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24188]: Connection closed by 39.172.84.55 port 50048 [preauth]
Oct 15 12:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: Invalid user postgres from 39.172.84.55
Oct 15 12:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: input_userauth_request: invalid user postgres [preauth]
Oct 15 12:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20427]: pam_unix(cron:session): session closed for user root
Oct 15 12:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: Failed password for invalid user postgres from 39.172.84.55 port 51170 ssh2
Oct 15 12:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: Connection closed by 39.172.84.55 port 51170 [preauth]
Oct 15 12:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24214]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: User backup from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: input_userauth_request: invalid user backup [preauth]
Oct 15 12:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=backup
Oct 15 12:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55  user=root
Oct 15 12:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: Failed password for root from 39.172.84.55 port 52461 ssh2
Oct 15 12:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: Failed password for invalid user backup from 165.22.200.57 port 50172 ssh2
Oct 15 12:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24564]: Connection closed by 165.22.200.57 port 50172 [preauth]
Oct 15 12:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: Connection closed by 39.172.84.55 port 52461 [preauth]
Oct 15 12:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: Invalid user ftpuser from 39.172.84.55
Oct 15 12:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 12:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: Failed password for invalid user ftpuser from 39.172.84.55 port 53570 ssh2
Oct 15 12:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: Connection closed by 39.172.84.55 port 53570 [preauth]
Oct 15 12:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: Invalid user django from 178.62.93.150
Oct 15 12:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: input_userauth_request: invalid user django [preauth]
Oct 15 12:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 12:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: Failed password for invalid user django from 178.62.93.150 port 33944 ssh2
Oct 15 12:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: Received disconnect from 178.62.93.150 port 33944:11: Bye Bye [preauth]
Oct 15 12:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: Disconnected from 178.62.93.150 port 33944 [preauth]
Oct 15 12:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24625]: Invalid user orangepi from 39.172.84.55
Oct 15 12:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24625]: input_userauth_request: invalid user orangepi [preauth]
Oct 15 12:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24625]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22474]: pam_unix(cron:session): session closed for user root
Oct 15 12:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24645]: Invalid user vishal from 115.240.221.28
Oct 15 12:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24645]: input_userauth_request: invalid user vishal [preauth]
Oct 15 12:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24645]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 12:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24625]: Failed password for invalid user orangepi from 39.172.84.55 port 54612 ssh2
Oct 15 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24645]: Failed password for invalid user vishal from 115.240.221.28 port 9707 ssh2
Oct 15 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24645]: Received disconnect from 115.240.221.28 port 9707:11: Bye Bye [preauth]
Oct 15 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24645]: Disconnected from 115.240.221.28 port 9707 [preauth]
Oct 15 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24625]: Connection closed by 39.172.84.55 port 54612 [preauth]
Oct 15 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24668]: Invalid user vpn from 39.172.84.55
Oct 15 12:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24668]: input_userauth_request: invalid user vpn [preauth]
Oct 15 12:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24668]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: Invalid user radio from 47.247.99.155
Oct 15 12:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: input_userauth_request: invalid user radio [preauth]
Oct 15 12:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 12:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24668]: Failed password for invalid user vpn from 39.172.84.55 port 55962 ssh2
Oct 15 12:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24668]: Connection closed by 39.172.84.55 port 55962 [preauth]
Oct 15 12:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: Failed password for invalid user radio from 47.247.99.155 port 51026 ssh2
Oct 15 12:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: Received disconnect from 47.247.99.155 port 51026:11: Bye Bye [preauth]
Oct 15 12:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: Disconnected from 47.247.99.155 port 51026 [preauth]
Oct 15 12:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: User backup from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: input_userauth_request: invalid user backup [preauth]
Oct 15 12:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=backup
Oct 15 12:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55  user=root
Oct 15 12:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24731]: Invalid user django from 117.252.95.54
Oct 15 12:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24731]: input_userauth_request: invalid user django [preauth]
Oct 15 12:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24731]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 12:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24731]: Failed password for invalid user django from 117.252.95.54 port 6181 ssh2
Oct 15 12:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Failed password for invalid user backup from 165.22.200.57 port 40346 ssh2
Oct 15 12:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24731]: Received disconnect from 117.252.95.54 port 6181:11: Bye Bye [preauth]
Oct 15 12:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24731]: Disconnected from 117.252.95.54 port 6181 [preauth]
Oct 15 12:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Connection closed by 165.22.200.57 port 40346 [preauth]
Oct 15 12:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24715]: Failed password for root from 39.172.84.55 port 57104 ssh2
Oct 15 12:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24715]: Connection closed by 39.172.84.55 port 57104 [preauth]
Oct 15 12:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Invalid user jordan from 27.112.78.170
Oct 15 12:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: input_userauth_request: invalid user jordan [preauth]
Oct 15 12:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Failed password for invalid user jordan from 27.112.78.170 port 51914 ssh2
Oct 15 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24760]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24758]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24756]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24759]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24754]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24760]: pam_unix(cron:session): session closed for user root
Oct 15 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24754]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Received disconnect from 27.112.78.170 port 51914:11: Bye Bye [preauth]
Oct 15 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Disconnected from 27.112.78.170 port 51914 [preauth]
Oct 15 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55  user=root
Oct 15 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: Successful su for rubyman by root
Oct 15 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: + ??? root:rubyman
Oct 15 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417671 of user rubyman.
Oct 15 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417671.
Oct 15 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24742]: Failed password for root from 39.172.84.55 port 58172 ssh2
Oct 15 12:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: Invalid user farm from 178.217.173.50
Oct 15 12:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: input_userauth_request: invalid user farm [preauth]
Oct 15 12:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24742]: Connection closed by 39.172.84.55 port 58172 [preauth]
Oct 15 12:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: Failed password for invalid user farm from 178.217.173.50 port 57682 ssh2
Oct 15 12:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: Received disconnect from 178.217.173.50 port 57682:11: Bye Bye [preauth]
Oct 15 12:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24862]: Disconnected from 178.217.173.50 port 57682 [preauth]
Oct 15 12:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24756]: pam_unix(cron:session): session closed for user root
Oct 15 12:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20908]: pam_unix(cron:session): session closed for user root
Oct 15 12:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: Invalid user kali from 39.172.84.55
Oct 15 12:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: input_userauth_request: invalid user kali [preauth]
Oct 15 12:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: Failed password for invalid user kali from 39.172.84.55 port 59185 ssh2
Oct 15 12:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: Connection closed by 39.172.84.55 port 59185 [preauth]
Oct 15 12:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24755]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55  user=root
Oct 15 12:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: Failed password for root from 39.172.84.55 port 60198 ssh2
Oct 15 12:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: Connection closed by 39.172.84.55 port 60198 [preauth]
Oct 15 12:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25157]: Invalid user pi from 39.172.84.55
Oct 15 12:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25157]: input_userauth_request: invalid user pi [preauth]
Oct 15 12:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25157]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: User backup from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: input_userauth_request: invalid user backup [preauth]
Oct 15 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=backup
Oct 15 12:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25157]: Failed password for invalid user pi from 39.172.84.55 port 32839 ssh2
Oct 15 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25157]: Connection closed by 39.172.84.55 port 32839 [preauth]
Oct 15 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: Failed password for invalid user backup from 165.22.200.57 port 47268 ssh2
Oct 15 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: Connection closed by 165.22.200.57 port 47268 [preauth]
Oct 15 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: Invalid user vpn from 39.172.84.55
Oct 15 12:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: input_userauth_request: invalid user vpn [preauth]
Oct 15 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: Failed password for invalid user vpn from 39.172.84.55 port 33804 ssh2
Oct 15 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23388]: pam_unix(cron:session): session closed for user root
Oct 15 12:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: Connection closed by 39.172.84.55 port 33804 [preauth]
Oct 15 12:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25253]: Invalid user deploy from 39.172.84.55
Oct 15 12:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25253]: input_userauth_request: invalid user deploy [preauth]
Oct 15 12:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25253]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25253]: Failed password for invalid user deploy from 39.172.84.55 port 34640 ssh2
Oct 15 12:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25253]: Connection closed by 39.172.84.55 port 34640 [preauth]
Oct 15 12:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55  user=root
Oct 15 12:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: Failed password for root from 39.172.84.55 port 35535 ssh2
Oct 15 12:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: Connection closed by 39.172.84.55 port 35535 [preauth]
Oct 15 12:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25547]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25543]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25544]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25542]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25542]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55  user=root
Oct 15 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25618]: Successful su for rubyman by root
Oct 15 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25618]: + ??? root:rubyman
Oct 15 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25618]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417678 of user rubyman.
Oct 15 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25618]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417678.
Oct 15 12:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25526]: Failed password for root from 39.172.84.55 port 36513 ssh2
Oct 15 12:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25526]: Connection closed by 39.172.84.55 port 36513 [preauth]
Oct 15 12:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25712]: User www-data from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25712]: input_userauth_request: invalid user www-data [preauth]
Oct 15 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=www-data
Oct 15 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: Invalid user mzc from 190.103.202.7
Oct 15 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: input_userauth_request: invalid user mzc [preauth]
Oct 15 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 15 12:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25688]: Invalid user devopsuser from 39.172.84.55
Oct 15 12:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25688]: input_userauth_request: invalid user devopsuser [preauth]
Oct 15 12:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25712]: Failed password for invalid user www-data from 165.22.200.57 port 44018 ssh2
Oct 15 12:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25712]: Connection closed by 165.22.200.57 port 44018 [preauth]
Oct 15 12:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25688]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: Failed password for invalid user mzc from 190.103.202.7 port 36864 ssh2
Oct 15 12:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21434]: pam_unix(cron:session): session closed for user root
Oct 15 12:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: Connection closed by 190.103.202.7 port 36864 [preauth]
Oct 15 12:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25688]: Failed password for invalid user devopsuser from 39.172.84.55 port 37559 ssh2
Oct 15 12:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25688]: Connection closed by 39.172.84.55 port 37559 [preauth]
Oct 15 12:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: Invalid user client from 115.240.221.28
Oct 15 12:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: input_userauth_request: invalid user client [preauth]
Oct 15 12:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: Failed password for invalid user client from 115.240.221.28 port 27791 ssh2
Oct 15 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: Received disconnect from 115.240.221.28 port 27791:11: Bye Bye [preauth]
Oct 15 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25918]: Disconnected from 115.240.221.28 port 27791 [preauth]
Oct 15 12:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25947]: Invalid user ftptest from 178.62.93.150
Oct 15 12:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25947]: input_userauth_request: invalid user ftptest [preauth]
Oct 15 12:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25947]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 12:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25543]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25947]: Failed password for invalid user ftptest from 178.62.93.150 port 52284 ssh2
Oct 15 12:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25947]: Received disconnect from 178.62.93.150 port 52284:11: Bye Bye [preauth]
Oct 15 12:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25947]: Disconnected from 178.62.93.150 port 52284 [preauth]
Oct 15 12:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55  user=root
Oct 15 12:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25984]: Invalid user weblogic from 47.247.99.155
Oct 15 12:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25984]: input_userauth_request: invalid user weblogic [preauth]
Oct 15 12:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25984]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 12:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: Failed password for root from 39.172.84.55 port 38396 ssh2
Oct 15 12:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25924]: Connection closed by 39.172.84.55 port 38396 [preauth]
Oct 15 12:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25984]: Failed password for invalid user weblogic from 47.247.99.155 port 59408 ssh2
Oct 15 12:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25984]: Received disconnect from 47.247.99.155 port 59408:11: Bye Bye [preauth]
Oct 15 12:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25984]: Disconnected from 47.247.99.155 port 59408 [preauth]
Oct 15 12:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: Invalid user ansible from 39.172.84.55
Oct 15 12:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: input_userauth_request: invalid user ansible [preauth]
Oct 15 12:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: Failed password for invalid user ansible from 39.172.84.55 port 39315 ssh2
Oct 15 12:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50  user=root
Oct 15 12:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: Connection closed by 39.172.84.55 port 39315 [preauth]
Oct 15 12:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26035]: Invalid user ftptest from 117.252.95.54
Oct 15 12:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26035]: input_userauth_request: invalid user ftptest [preauth]
Oct 15 12:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26035]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 12:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: Failed password for root from 178.217.173.50 port 33520 ssh2
Oct 15 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: Received disconnect from 178.217.173.50 port 33520:11: Bye Bye [preauth]
Oct 15 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: Disconnected from 178.217.173.50 port 33520 [preauth]
Oct 15 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26035]: Failed password for invalid user ftptest from 117.252.95.54 port 38428 ssh2
Oct 15 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26035]: Received disconnect from 117.252.95.54 port 38428:11: Bye Bye [preauth]
Oct 15 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26035]: Disconnected from 117.252.95.54 port 38428 [preauth]
Oct 15 12:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26037]: Invalid user postgres from 39.172.84.55
Oct 15 12:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26037]: input_userauth_request: invalid user postgres [preauth]
Oct 15 12:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26037]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24216]: pam_unix(cron:session): session closed for user root
Oct 15 12:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26037]: Failed password for invalid user postgres from 39.172.84.55 port 40262 ssh2
Oct 15 12:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26037]: Connection closed by 39.172.84.55 port 40262 [preauth]
Oct 15 12:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170  user=root
Oct 15 12:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55  user=root
Oct 15 12:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: User www-data from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: input_userauth_request: invalid user www-data [preauth]
Oct 15 12:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=www-data
Oct 15 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: Failed password for root from 27.112.78.170 port 54510 ssh2
Oct 15 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: Received disconnect from 27.112.78.170 port 54510:11: Bye Bye [preauth]
Oct 15 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: Disconnected from 27.112.78.170 port 54510 [preauth]
Oct 15 12:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Failed password for root from 39.172.84.55 port 41230 ssh2
Oct 15 12:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: Failed password for invalid user www-data from 165.22.200.57 port 35854 ssh2
Oct 15 12:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26089]: Connection closed by 165.22.200.57 port 35854 [preauth]
Oct 15 12:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Connection closed by 39.172.84.55 port 41230 [preauth]
Oct 15 12:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 15 12:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: Failed password for root from 185.156.73.233 port 48602 ssh2
Oct 15 12:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26098]: Connection closed by 185.156.73.233 port 48602 [preauth]
Oct 15 12:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26107]: Invalid user odoo18 from 39.172.84.55
Oct 15 12:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26107]: input_userauth_request: invalid user odoo18 [preauth]
Oct 15 12:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26107]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26107]: Failed password for invalid user odoo18 from 39.172.84.55 port 42168 ssh2
Oct 15 12:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26107]: Connection closed by 39.172.84.55 port 42168 [preauth]
Oct 15 12:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26149]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26148]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26146]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26229]: Successful su for rubyman by root
Oct 15 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26229]: + ??? root:rubyman
Oct 15 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417682 of user rubyman.
Oct 15 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[26229]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417682.
Oct 15 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: Invalid user ubuntu from 39.172.84.55
Oct 15 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: Failed password for invalid user ubuntu from 39.172.84.55 port 43048 ssh2
Oct 15 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26137]: Connection closed by 39.172.84.55 port 43048 [preauth]
Oct 15 12:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21948]: pam_unix(cron:session): session closed for user root
Oct 15 12:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: Invalid user steam from 39.172.84.55
Oct 15 12:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: input_userauth_request: invalid user steam [preauth]
Oct 15 12:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: Failed password for invalid user steam from 39.172.84.55 port 44052 ssh2
Oct 15 12:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26147]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26345]: Connection closed by 39.172.84.55 port 44052 [preauth]
Oct 15 12:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: Invalid user user from 39.172.84.55
Oct 15 12:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: input_userauth_request: invalid user user [preauth]
Oct 15 12:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26578]: User www-data from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26578]: input_userauth_request: invalid user www-data [preauth]
Oct 15 12:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=www-data
Oct 15 12:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: Failed password for invalid user user from 39.172.84.55 port 45042 ssh2
Oct 15 12:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26578]: Failed password for invalid user www-data from 165.22.200.57 port 34682 ssh2
Oct 15 12:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: Connection closed by 39.172.84.55 port 45042 [preauth]
Oct 15 12:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26578]: Connection closed by 165.22.200.57 port 34682 [preauth]
Oct 15 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55  user=root
Oct 15 12:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: Failed password for root from 39.172.84.55 port 46048 ssh2
Oct 15 12:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26592]: Connection closed by 39.172.84.55 port 46048 [preauth]
Oct 15 12:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: Invalid user user from 39.172.84.55
Oct 15 12:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: input_userauth_request: invalid user user [preauth]
Oct 15 12:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: Failed password for invalid user user from 39.172.84.55 port 46993 ssh2
Oct 15 12:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24759]: pam_unix(cron:session): session closed for user root
Oct 15 12:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26618]: Connection closed by 39.172.84.55 port 46993 [preauth]
Oct 15 12:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26673]: Invalid user nanopi from 39.172.84.55
Oct 15 12:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26673]: input_userauth_request: invalid user nanopi [preauth]
Oct 15 12:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26673]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26673]: Failed password for invalid user nanopi from 39.172.84.55 port 47885 ssh2
Oct 15 12:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26673]: Connection closed by 39.172.84.55 port 47885 [preauth]
Oct 15 12:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26714]: Invalid user dev from 115.240.221.28
Oct 15 12:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26714]: input_userauth_request: invalid user dev [preauth]
Oct 15 12:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26714]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 12:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26714]: Failed password for invalid user dev from 115.240.221.28 port 62272 ssh2
Oct 15 12:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26714]: Received disconnect from 115.240.221.28 port 62272:11: Bye Bye [preauth]
Oct 15 12:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26714]: Disconnected from 115.240.221.28 port 62272 [preauth]
Oct 15 12:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26732]: Invalid user user from 47.247.99.155
Oct 15 12:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26732]: input_userauth_request: invalid user user [preauth]
Oct 15 12:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26732]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 12:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: Invalid user postgres from 39.172.84.55
Oct 15 12:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: input_userauth_request: invalid user postgres [preauth]
Oct 15 12:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: Invalid user zookeeper from 178.217.173.50
Oct 15 12:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: input_userauth_request: invalid user zookeeper [preauth]
Oct 15 12:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26732]: Failed password for invalid user user from 47.247.99.155 port 51264 ssh2
Oct 15 12:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26732]: Received disconnect from 47.247.99.155 port 51264:11: Bye Bye [preauth]
Oct 15 12:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26732]: Disconnected from 47.247.99.155 port 51264 [preauth]
Oct 15 12:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26748]: User www-data from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26748]: input_userauth_request: invalid user www-data [preauth]
Oct 15 12:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=www-data
Oct 15 12:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: Failed password for invalid user postgres from 39.172.84.55 port 49035 ssh2
Oct 15 12:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: Failed password for invalid user zookeeper from 178.217.173.50 port 37586 ssh2
Oct 15 12:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: Received disconnect from 178.217.173.50 port 37586:11: Bye Bye [preauth]
Oct 15 12:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26736]: Disconnected from 178.217.173.50 port 37586 [preauth]
Oct 15 12:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26748]: Failed password for invalid user www-data from 165.22.200.57 port 35664 ssh2
Oct 15 12:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26748]: Connection closed by 165.22.200.57 port 35664 [preauth]
Oct 15 12:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26722]: Connection closed by 39.172.84.55 port 49035 [preauth]
Oct 15 12:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: Invalid user guest from 178.62.93.150
Oct 15 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: input_userauth_request: invalid user guest [preauth]
Oct 15 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26765]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26766]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26761]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26871]: Successful su for rubyman by root
Oct 15 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26871]: + ??? root:rubyman
Oct 15 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417686 of user rubyman.
Oct 15 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26871]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417686.
Oct 15 12:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: Failed password for invalid user guest from 178.62.93.150 port 53478 ssh2
Oct 15 12:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: Received disconnect from 178.62.93.150 port 53478:11: Bye Bye [preauth]
Oct 15 12:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26755]: Disconnected from 178.62.93.150 port 53478 [preauth]
Oct 15 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: Invalid user test from 39.172.84.55
Oct 15 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: input_userauth_request: invalid user test [preauth]
Oct 15 12:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: Invalid user deployer from 117.252.95.54
Oct 15 12:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: input_userauth_request: invalid user deployer [preauth]
Oct 15 12:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 12:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: Failed password for invalid user test from 39.172.84.55 port 50003 ssh2
Oct 15 12:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: Connection closed by 39.172.84.55 port 50003 [preauth]
Oct 15 12:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22473]: pam_unix(cron:session): session closed for user root
Oct 15 12:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: Failed password for invalid user deployer from 117.252.95.54 port 52093 ssh2
Oct 15 12:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: Received disconnect from 117.252.95.54 port 52093:11: Bye Bye [preauth]
Oct 15 12:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27035]: Disconnected from 117.252.95.54 port 52093 [preauth]
Oct 15 12:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: Invalid user admin from 2.57.121.25
Oct 15 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: input_userauth_request: invalid user admin [preauth]
Oct 15 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55  user=root
Oct 15 12:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: Failed password for invalid user admin from 2.57.121.25 port 45337 ssh2
Oct 15 12:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: Failed password for root from 39.172.84.55 port 50866 ssh2
Oct 15 12:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26764]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27197]: Connection closed by 39.172.84.55 port 50866 [preauth]
Oct 15 12:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: Failed password for invalid user admin from 2.57.121.25 port 45337 ssh2
Oct 15 12:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: Failed password for invalid user admin from 2.57.121.25 port 45337 ssh2
Oct 15 12:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: Failed password for invalid user admin from 2.57.121.25 port 45337 ssh2
Oct 15 12:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27292]: Invalid user elastic from 39.172.84.55
Oct 15 12:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27292]: input_userauth_request: invalid user elastic [preauth]
Oct 15 12:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27292]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: Failed password for invalid user admin from 2.57.121.25 port 45337 ssh2
Oct 15 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: Received disconnect from 2.57.121.25 port 45337:11: Bye [preauth]
Oct 15 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: Disconnected from 2.57.121.25 port 45337 [preauth]
Oct 15 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27259]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 12:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27292]: Failed password for invalid user elastic from 39.172.84.55 port 51868 ssh2
Oct 15 12:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27292]: Connection closed by 39.172.84.55 port 51868 [preauth]
Oct 15 12:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: Invalid user admin from 39.172.84.55
Oct 15 12:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: input_userauth_request: invalid user admin [preauth]
Oct 15 12:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: User www-data from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: input_userauth_request: invalid user www-data [preauth]
Oct 15 12:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=www-data
Oct 15 12:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: Failed password for invalid user www-data from 165.22.200.57 port 54314 ssh2
Oct 15 12:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27357]: Connection closed by 165.22.200.57 port 54314 [preauth]
Oct 15 12:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: Failed password for invalid user admin from 39.172.84.55 port 52918 ssh2
Oct 15 12:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27324]: Connection closed by 39.172.84.55 port 52918 [preauth]
Oct 15 12:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170  user=root
Oct 15 12:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25547]: pam_unix(cron:session): session closed for user root
Oct 15 12:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27377]: Failed password for root from 27.112.78.170 port 58598 ssh2
Oct 15 12:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27377]: Received disconnect from 27.112.78.170 port 58598:11: Bye Bye [preauth]
Oct 15 12:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27377]: Disconnected from 27.112.78.170 port 58598 [preauth]
Oct 15 12:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27390]: Invalid user es from 39.172.84.55
Oct 15 12:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27390]: input_userauth_request: invalid user es [preauth]
Oct 15 12:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27390]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27390]: Failed password for invalid user es from 39.172.84.55 port 54300 ssh2
Oct 15 12:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27390]: Connection closed by 39.172.84.55 port 54300 [preauth]
Oct 15 12:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55  user=root
Oct 15 12:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: Failed password for root from 39.172.84.55 port 55925 ssh2
Oct 15 12:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27441]: Connection closed by 39.172.84.55 port 55925 [preauth]
Oct 15 12:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27479]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27481]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55  user=root
Oct 15 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27474]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27727]: Successful su for rubyman by root
Oct 15 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27727]: + ??? root:rubyman
Oct 15 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417690 of user rubyman.
Oct 15 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27727]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417690.
Oct 15 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27456]: Failed password for root from 39.172.84.55 port 57472 ssh2
Oct 15 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27456]: Connection closed by 39.172.84.55 port 57472 [preauth]
Oct 15 12:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27985]: User www-data from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27985]: input_userauth_request: invalid user www-data [preauth]
Oct 15 12:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=www-data
Oct 15 12:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: Invalid user esuser from 39.172.84.55
Oct 15 12:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: input_userauth_request: invalid user esuser [preauth]
Oct 15 12:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23387]: pam_unix(cron:session): session closed for user root
Oct 15 12:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27985]: Failed password for invalid user www-data from 165.22.200.57 port 34066 ssh2
Oct 15 12:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27985]: Connection closed by 165.22.200.57 port 34066 [preauth]
Oct 15 12:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: Failed password for invalid user esuser from 39.172.84.55 port 59158 ssh2
Oct 15 12:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27920]: Connection closed by 39.172.84.55 port 59158 [preauth]
Oct 15 12:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27478]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55  user=root
Oct 15 12:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28067]: Failed password for root from 39.172.84.55 port 60967 ssh2
Oct 15 12:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28067]: Connection closed by 39.172.84.55 port 60967 [preauth]
Oct 15 12:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: Invalid user inspector from 178.217.173.50
Oct 15 12:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: input_userauth_request: invalid user inspector [preauth]
Oct 15 12:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: Failed password for invalid user inspector from 178.217.173.50 port 41648 ssh2
Oct 15 12:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: Received disconnect from 178.217.173.50 port 41648:11: Bye Bye [preauth]
Oct 15 12:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28124]: Disconnected from 178.217.173.50 port 41648 [preauth]
Oct 15 12:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55  user=root
Oct 15 12:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28119]: Failed password for root from 39.172.84.55 port 34750 ssh2
Oct 15 12:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28119]: Connection closed by 39.172.84.55 port 34750 [preauth]
Oct 15 12:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: Invalid user git from 47.247.99.155
Oct 15 12:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: input_userauth_request: invalid user git [preauth]
Oct 15 12:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.247.99.155
Oct 15 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: Failed password for invalid user git from 47.247.99.155 port 46262 ssh2
Oct 15 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: Received disconnect from 47.247.99.155 port 46262:11: Bye Bye [preauth]
Oct 15 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: Disconnected from 47.247.99.155 port 46262 [preauth]
Oct 15 12:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: Invalid user deployer from 115.240.221.28
Oct 15 12:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: input_userauth_request: invalid user deployer [preauth]
Oct 15 12:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 12:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: Invalid user devuser from 39.172.84.55
Oct 15 12:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: input_userauth_request: invalid user devuser [preauth]
Oct 15 12:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: Failed password for invalid user deployer from 115.240.221.28 port 23426 ssh2
Oct 15 12:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: Received disconnect from 115.240.221.28 port 23426:11: Bye Bye [preauth]
Oct 15 12:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28179]: Disconnected from 115.240.221.28 port 23426 [preauth]
Oct 15 12:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26149]: pam_unix(cron:session): session closed for user root
Oct 15 12:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: Failed password for invalid user devuser from 39.172.84.55 port 37205 ssh2
Oct 15 12:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: Connection closed by 39.172.84.55 port 37205 [preauth]
Oct 15 12:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: User www-data from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: input_userauth_request: invalid user www-data [preauth]
Oct 15 12:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: User john from 117.252.95.54 not allowed because not listed in AllowUsers
Oct 15 12:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: input_userauth_request: invalid user john [preauth]
Oct 15 12:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54  user=john
Oct 15 12:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=www-data
Oct 15 12:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Invalid user fa from 39.172.84.55
Oct 15 12:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: input_userauth_request: invalid user fa [preauth]
Oct 15 12:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.172.84.55
Oct 15 12:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: Failed password for invalid user john from 117.252.95.54 port 62010 ssh2
Oct 15 12:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: Failed password for invalid user www-data from 165.22.200.57 port 44668 ssh2
Oct 15 12:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: Received disconnect from 117.252.95.54 port 62010:11: Bye Bye [preauth]
Oct 15 12:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: Disconnected from 117.252.95.54 port 62010 [preauth]
Oct 15 12:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28223]: Connection closed by 165.22.200.57 port 44668 [preauth]
Oct 15 12:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Failed password for invalid user fa from 39.172.84.55 port 39773 ssh2
Oct 15 12:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Connection closed by 39.172.84.55 port 39773 [preauth]
Oct 15 12:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: Invalid user nagios from 178.62.93.150
Oct 15 12:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: input_userauth_request: invalid user nagios [preauth]
Oct 15 12:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 12:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: Failed password for invalid user nagios from 178.62.93.150 port 55200 ssh2
Oct 15 12:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: Received disconnect from 178.62.93.150 port 55200:11: Bye Bye [preauth]
Oct 15 12:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28250]: Disconnected from 178.62.93.150 port 55200 [preauth]
Oct 15 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28281]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28277]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28278]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28276]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28273]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28280]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28281]: pam_unix(cron:session): session closed for user root
Oct 15 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28273]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28368]: Successful su for rubyman by root
Oct 15 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28368]: + ??? root:rubyman
Oct 15 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28368]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417695 of user rubyman.
Oct 15 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28368]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417695.
Oct 15 12:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28277]: pam_unix(cron:session): session closed for user root
Oct 15 12:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24215]: pam_unix(cron:session): session closed for user root
Oct 15 12:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28276]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: User www-data from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: input_userauth_request: invalid user www-data [preauth]
Oct 15 12:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=www-data
Oct 15 12:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: Failed password for invalid user www-data from 165.22.200.57 port 47802 ssh2
Oct 15 12:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: Connection closed by 165.22.200.57 port 47802 [preauth]
Oct 15 12:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29033]: Invalid user igor from 27.112.78.170
Oct 15 12:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29033]: input_userauth_request: invalid user igor [preauth]
Oct 15 12:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29033]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29033]: Failed password for invalid user igor from 27.112.78.170 port 37782 ssh2
Oct 15 12:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29033]: Received disconnect from 27.112.78.170 port 37782:11: Bye Bye [preauth]
Oct 15 12:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29033]: Disconnected from 27.112.78.170 port 37782 [preauth]
Oct 15 12:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26766]: pam_unix(cron:session): session closed for user root
Oct 15 12:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: Invalid user postgres from 178.217.173.50
Oct 15 12:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: input_userauth_request: invalid user postgres [preauth]
Oct 15 12:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: Failed password for invalid user postgres from 178.217.173.50 port 45706 ssh2
Oct 15 12:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: Received disconnect from 178.217.173.50 port 45706:11: Bye Bye [preauth]
Oct 15 12:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: Disconnected from 178.217.173.50 port 45706 [preauth]
Oct 15 12:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: User www-data from 165.22.200.57 not allowed because not listed in AllowUsers
Oct 15 12:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: input_userauth_request: invalid user www-data [preauth]
Oct 15 12:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57  user=www-data
Oct 15 12:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Failed password for invalid user www-data from 165.22.200.57 port 41092 ssh2
Oct 15 12:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Connection closed by 165.22.200.57 port 41092 [preauth]
Oct 15 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29169]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29162]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29166]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29160]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29251]: Successful su for rubyman by root
Oct 15 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29251]: + ??? root:rubyman
Oct 15 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29251]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417699 of user rubyman.
Oct 15 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29251]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417699.
Oct 15 12:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24758]: pam_unix(cron:session): session closed for user root
Oct 15 12:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29162]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29505]: Invalid user odoo17 from 115.240.221.28
Oct 15 12:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29505]: input_userauth_request: invalid user odoo17 [preauth]
Oct 15 12:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29505]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.240.221.28
Oct 15 12:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: Invalid user ts3 from 117.252.95.54
Oct 15 12:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: input_userauth_request: invalid user ts3 [preauth]
Oct 15 12:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.252.95.54
Oct 15 12:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29505]: Failed password for invalid user odoo17 from 115.240.221.28 port 7495 ssh2
Oct 15 12:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: Failed password for invalid user ts3 from 117.252.95.54 port 57082 ssh2
Oct 15 12:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29505]: Received disconnect from 115.240.221.28 port 7495:11: Bye Bye [preauth]
Oct 15 12:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29505]: Disconnected from 115.240.221.28 port 7495 [preauth]
Oct 15 12:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: Received disconnect from 117.252.95.54 port 57082:11: Bye Bye [preauth]
Oct 15 12:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29504]: Disconnected from 117.252.95.54 port 57082 [preauth]
Oct 15 12:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29555]: Invalid user webmaster from 165.22.200.57
Oct 15 12:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29555]: input_userauth_request: invalid user webmaster [preauth]
Oct 15 12:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29555]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29555]: Failed password for invalid user webmaster from 165.22.200.57 port 54726 ssh2
Oct 15 12:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29555]: Connection closed by 165.22.200.57 port 54726 [preauth]
Oct 15 12:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29582]: Connection closed by 134.122.33.132 port 60632 [preauth]
Oct 15 12:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: Connection closed by 134.122.33.132 port 60648 [preauth]
Oct 15 12:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: Connection closed by 134.122.33.132 port 60656 [preauth]
Oct 15 12:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29590]: Invalid user testuser from 178.62.93.150
Oct 15 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29590]: input_userauth_request: invalid user testuser [preauth]
Oct 15 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29590]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.93.150
Oct 15 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29594]: Connection closed by 134.122.33.132 port 60660 [preauth]
Oct 15 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29598]: Connection closed by 134.122.33.132 port 60664 [preauth]
Oct 15 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29600]: Connection closed by 134.122.33.132 port 60674 [preauth]
Oct 15 12:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29604]: Connection closed by 134.122.33.132 port 60686 [preauth]
Oct 15 12:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29590]: Failed password for invalid user testuser from 178.62.93.150 port 36672 ssh2
Oct 15 12:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29590]: Received disconnect from 178.62.93.150 port 36672:11: Bye Bye [preauth]
Oct 15 12:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29590]: Disconnected from 178.62.93.150 port 36672 [preauth]
Oct 15 12:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29606]: Connection closed by 134.122.33.132 port 60702 [preauth]
Oct 15 12:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29609]: Connection closed by 134.122.33.132 port 60716 [preauth]
Oct 15 12:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29611]: Connection closed by 134.122.33.132 port 60724 [preauth]
Oct 15 12:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29621]: Connection closed by 134.122.33.132 port 60728 [preauth]
Oct 15 12:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: Connection closed by 134.122.33.132 port 60740 [preauth]
Oct 15 12:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29645]: Connection closed by 134.122.33.132 port 60744 [preauth]
Oct 15 12:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27481]: pam_unix(cron:session): session closed for user root
Oct 15 12:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29654]: Connection closed by 134.122.33.132 port 60758 [preauth]
Oct 15 12:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: Connection closed by 134.122.33.132 port 60772 [preauth]
Oct 15 12:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: Invalid user webmaster from 165.22.200.57
Oct 15 12:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: input_userauth_request: invalid user webmaster [preauth]
Oct 15 12:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: Failed password for invalid user webmaster from 165.22.200.57 port 51128 ssh2
Oct 15 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: Connection closed by 165.22.200.57 port 51128 [preauth]
Oct 15 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29731]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29730]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29725]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29807]: Successful su for rubyman by root
Oct 15 12:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29807]: + ??? root:rubyman
Oct 15 12:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417705 of user rubyman.
Oct 15 12:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29807]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417705.
Oct 15 12:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25544]: pam_unix(cron:session): session closed for user root
Oct 15 12:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50  user=root
Oct 15 12:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29952]: Failed password for root from 178.217.173.50 port 49772 ssh2
Oct 15 12:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29952]: Received disconnect from 178.217.173.50 port 49772:11: Bye Bye [preauth]
Oct 15 12:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29952]: Disconnected from 178.217.173.50 port 49772 [preauth]
Oct 15 12:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29727]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170  user=root
Oct 15 12:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30107]: Failed password for root from 27.112.78.170 port 39770 ssh2
Oct 15 12:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30107]: Received disconnect from 27.112.78.170 port 39770:11: Bye Bye [preauth]
Oct 15 12:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30107]: Disconnected from 27.112.78.170 port 39770 [preauth]
Oct 15 12:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: Invalid user webmaster from 165.22.200.57
Oct 15 12:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: input_userauth_request: invalid user webmaster [preauth]
Oct 15 12:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: Failed password for invalid user webmaster from 165.22.200.57 port 50800 ssh2
Oct 15 12:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: Connection closed by 165.22.200.57 port 50800 [preauth]
Oct 15 12:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28280]: pam_unix(cron:session): session closed for user root
Oct 15 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30253]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30254]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30248]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30350]: Successful su for rubyman by root
Oct 15 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30350]: + ??? root:rubyman
Oct 15 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417709 of user rubyman.
Oct 15 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30350]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417709.
Oct 15 12:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30502]: Invalid user webmaster from 165.22.200.57
Oct 15 12:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30502]: input_userauth_request: invalid user webmaster [preauth]
Oct 15 12:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30502]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30502]: Failed password for invalid user webmaster from 165.22.200.57 port 33096 ssh2
Oct 15 12:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30502]: Connection closed by 165.22.200.57 port 33096 [preauth]
Oct 15 12:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26148]: pam_unix(cron:session): session closed for user root
Oct 15 12:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: Did not receive identification string from 103.203.57.11
Oct 15 12:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30249]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50  user=root
Oct 15 12:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: Failed password for root from 178.217.173.50 port 53842 ssh2
Oct 15 12:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: Received disconnect from 178.217.173.50 port 53842:11: Bye Bye [preauth]
Oct 15 12:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: Disconnected from 178.217.173.50 port 53842 [preauth]
Oct 15 12:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29169]: pam_unix(cron:session): session closed for user root
Oct 15 12:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30782]: Invalid user webmaster from 165.22.200.57
Oct 15 12:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30782]: input_userauth_request: invalid user webmaster [preauth]
Oct 15 12:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30782]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30782]: Failed password for invalid user webmaster from 165.22.200.57 port 58110 ssh2
Oct 15 12:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30782]: Connection closed by 165.22.200.57 port 58110 [preauth]
Oct 15 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30840]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30838]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30836]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30909]: Successful su for rubyman by root
Oct 15 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30909]: + ??? root:rubyman
Oct 15 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417711 of user rubyman.
Oct 15 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30909]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417711.
Oct 15 12:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26765]: pam_unix(cron:session): session closed for user root
Oct 15 12:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: Invalid user webmaster from 165.22.200.57
Oct 15 12:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: input_userauth_request: invalid user webmaster [preauth]
Oct 15 12:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30837]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170  user=root
Oct 15 12:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: Failed password for invalid user webmaster from 165.22.200.57 port 55662 ssh2
Oct 15 12:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31165]: Connection closed by 165.22.200.57 port 55662 [preauth]
Oct 15 12:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31186]: Failed password for root from 27.112.78.170 port 58186 ssh2
Oct 15 12:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31186]: Received disconnect from 27.112.78.170 port 58186:11: Bye Bye [preauth]
Oct 15 12:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31186]: Disconnected from 27.112.78.170 port 58186 [preauth]
Oct 15 12:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 15 12:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Failed password for root from 185.156.73.233 port 19126 ssh2
Oct 15 12:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Connection closed by 185.156.73.233 port 19126 [preauth]
Oct 15 12:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29731]: pam_unix(cron:session): session closed for user root
Oct 15 12:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: Invalid user webmaster from 165.22.200.57
Oct 15 12:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: input_userauth_request: invalid user webmaster [preauth]
Oct 15 12:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: Failed password for invalid user webmaster from 165.22.200.57 port 35642 ssh2
Oct 15 12:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31302]: Connection closed by 165.22.200.57 port 35642 [preauth]
Oct 15 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31326]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31324]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31325]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31327]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31327]: pam_unix(cron:session): session closed for user root
Oct 15 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31321]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31389]: Invalid user ftpuser from 178.217.173.50
Oct 15 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31389]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31389]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31402]: Successful su for rubyman by root
Oct 15 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31402]: + ??? root:rubyman
Oct 15 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417716 of user rubyman.
Oct 15 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31402]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417716.
Oct 15 12:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31389]: Failed password for invalid user ftpuser from 178.217.173.50 port 57904 ssh2
Oct 15 12:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31389]: Received disconnect from 178.217.173.50 port 57904:11: Bye Bye [preauth]
Oct 15 12:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31389]: Disconnected from 178.217.173.50 port 57904 [preauth]
Oct 15 12:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31324]: pam_unix(cron:session): session closed for user root
Oct 15 12:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27479]: pam_unix(cron:session): session closed for user root
Oct 15 12:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31323]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: Invalid user webmaster from 165.22.200.57
Oct 15 12:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: input_userauth_request: invalid user webmaster [preauth]
Oct 15 12:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: Failed password for invalid user webmaster from 165.22.200.57 port 35132 ssh2
Oct 15 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31863]: Connection closed by 165.22.200.57 port 35132 [preauth]
Oct 15 12:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30254]: pam_unix(cron:session): session closed for user root
Oct 15 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31983]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31984]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31980]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31979]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32074]: Successful su for rubyman by root
Oct 15 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32074]: + ??? root:rubyman
Oct 15 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417723 of user rubyman.
Oct 15 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32074]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417723.
Oct 15 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: Invalid user webmaster from 165.22.200.57
Oct 15 12:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: input_userauth_request: invalid user webmaster [preauth]
Oct 15 12:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: Failed password for invalid user webmaster from 165.22.200.57 port 46372 ssh2
Oct 15 12:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32230]: Connection closed by 165.22.200.57 port 46372 [preauth]
Oct 15 12:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28278]: pam_unix(cron:session): session closed for user root
Oct 15 12:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32348]: Invalid user postgres from 27.112.78.170
Oct 15 12:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32348]: input_userauth_request: invalid user postgres [preauth]
Oct 15 12:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32348]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32348]: Failed password for invalid user postgres from 27.112.78.170 port 51824 ssh2
Oct 15 12:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32348]: Received disconnect from 27.112.78.170 port 51824:11: Bye Bye [preauth]
Oct 15 12:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32348]: Disconnected from 27.112.78.170 port 51824 [preauth]
Oct 15 12:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31980]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: Invalid user qwe from 178.217.173.50
Oct 15 12:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: input_userauth_request: invalid user qwe [preauth]
Oct 15 12:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: Failed password for invalid user qwe from 178.217.173.50 port 33734 ssh2
Oct 15 12:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: Received disconnect from 178.217.173.50 port 33734:11: Bye Bye [preauth]
Oct 15 12:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: Disconnected from 178.217.173.50 port 33734 [preauth]
Oct 15 12:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30840]: pam_unix(cron:session): session closed for user root
Oct 15 12:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: Invalid user nagios from 165.22.200.57
Oct 15 12:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: input_userauth_request: invalid user nagios [preauth]
Oct 15 12:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: Failed password for invalid user nagios from 165.22.200.57 port 53508 ssh2
Oct 15 12:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: Connection closed by 165.22.200.57 port 53508 [preauth]
Oct 15 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32529]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32528]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32526]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32604]: Successful su for rubyman by root
Oct 15 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32604]: + ??? root:rubyman
Oct 15 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417727 of user rubyman.
Oct 15 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32604]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417727.
Oct 15 12:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29166]: pam_unix(cron:session): session closed for user root
Oct 15 12:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32527]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: Invalid user nagios from 165.22.200.57
Oct 15 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: input_userauth_request: invalid user nagios [preauth]
Oct 15 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: Failed password for invalid user nagios from 165.22.200.57 port 56100 ssh2
Oct 15 12:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[387]: Connection closed by 165.22.200.57 port 56100 [preauth]
Oct 15 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31326]: pam_unix(cron:session): session closed for user root
Oct 15 12:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[521]: Invalid user cortega from 178.217.173.50
Oct 15 12:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[521]: input_userauth_request: invalid user cortega [preauth]
Oct 15 12:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[521]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: Invalid user nagios from 165.22.200.57
Oct 15 12:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: input_userauth_request: invalid user nagios [preauth]
Oct 15 12:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[521]: Failed password for invalid user cortega from 178.217.173.50 port 37792 ssh2
Oct 15 12:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[521]: Received disconnect from 178.217.173.50 port 37792:11: Bye Bye [preauth]
Oct 15 12:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[521]: Disconnected from 178.217.173.50 port 37792 [preauth]
Oct 15 12:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: Failed password for invalid user nagios from 165.22.200.57 port 55968 ssh2
Oct 15 12:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: Connection closed by 165.22.200.57 port 55968 [preauth]
Oct 15 12:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: Invalid user zookeeper from 27.112.78.170
Oct 15 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: input_userauth_request: invalid user zookeeper [preauth]
Oct 15 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[554]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[555]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[551]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[616]: Successful su for rubyman by root
Oct 15 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[616]: + ??? root:rubyman
Oct 15 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417730 of user rubyman.
Oct 15 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[616]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417730.
Oct 15 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: Failed password for invalid user zookeeper from 27.112.78.170 port 40520 ssh2
Oct 15 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: Received disconnect from 27.112.78.170 port 40520:11: Bye Bye [preauth]
Oct 15 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[547]: Disconnected from 27.112.78.170 port 40520 [preauth]
Oct 15 12:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29730]: pam_unix(cron:session): session closed for user root
Oct 15 12:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[552]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[932]: Did not receive identification string from 222.104.76.94
Oct 15 12:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: Invalid user nagios from 165.22.200.57
Oct 15 12:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: input_userauth_request: invalid user nagios [preauth]
Oct 15 12:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: Failed password for invalid user nagios from 165.22.200.57 port 42564 ssh2
Oct 15 12:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[933]: Connection closed by 165.22.200.57 port 42564 [preauth]
Oct 15 12:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31984]: pam_unix(cron:session): session closed for user root
Oct 15 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1109]: Invalid user nagios from 165.22.200.57
Oct 15 12:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1109]: input_userauth_request: invalid user nagios [preauth]
Oct 15 12:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1109]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1117]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1116]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1113]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1112]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1109]: Failed password for invalid user nagios from 165.22.200.57 port 56438 ssh2
Oct 15 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1109]: Connection closed by 165.22.200.57 port 56438 [preauth]
Oct 15 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1191]: Successful su for rubyman by root
Oct 15 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1191]: + ??? root:rubyman
Oct 15 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417734 of user rubyman.
Oct 15 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1191]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417734.
Oct 15 12:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30253]: pam_unix(cron:session): session closed for user root
Oct 15 12:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1113]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50  user=root
Oct 15 12:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1472]: Failed password for root from 178.217.173.50 port 41866 ssh2
Oct 15 12:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1472]: Received disconnect from 178.217.173.50 port 41866:11: Bye Bye [preauth]
Oct 15 12:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1472]: Disconnected from 178.217.173.50 port 41866 [preauth]
Oct 15 12:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: Invalid user nagios from 165.22.200.57
Oct 15 12:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: input_userauth_request: invalid user nagios [preauth]
Oct 15 12:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: Failed password for invalid user nagios from 165.22.200.57 port 56684 ssh2
Oct 15 12:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: Connection closed by 165.22.200.57 port 56684 [preauth]
Oct 15 12:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32529]: pam_unix(cron:session): session closed for user root
Oct 15 12:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Invalid user django from 27.112.78.170
Oct 15 12:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: input_userauth_request: invalid user django [preauth]
Oct 15 12:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Failed password for invalid user django from 27.112.78.170 port 58382 ssh2
Oct 15 12:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Received disconnect from 27.112.78.170 port 58382:11: Bye Bye [preauth]
Oct 15 12:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Disconnected from 27.112.78.170 port 58382 [preauth]
Oct 15 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1612]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1607]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1606]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1608]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1612]: pam_unix(cron:session): session closed for user root
Oct 15 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1603]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1701]: Successful su for rubyman by root
Oct 15 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1701]: + ??? root:rubyman
Oct 15 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417738 of user rubyman.
Oct 15 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1701]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417738.
Oct 15 12:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1606]: pam_unix(cron:session): session closed for user root
Oct 15 12:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: Invalid user nagios from 165.22.200.57
Oct 15 12:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: input_userauth_request: invalid user nagios [preauth]
Oct 15 12:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30838]: pam_unix(cron:session): session closed for user root
Oct 15 12:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: Failed password for invalid user nagios from 165.22.200.57 port 35824 ssh2
Oct 15 12:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1851]: Connection closed by 165.22.200.57 port 35824 [preauth]
Oct 15 12:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1604]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[555]: pam_unix(cron:session): session closed for user root
Oct 15 12:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Invalid user nagios from 165.22.200.57
Oct 15 12:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: input_userauth_request: invalid user nagios [preauth]
Oct 15 12:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Failed password for invalid user nagios from 165.22.200.57 port 52388 ssh2
Oct 15 12:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Connection closed by 165.22.200.57 port 52388 [preauth]
Oct 15 12:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50  user=root
Oct 15 12:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: Failed password for root from 178.217.173.50 port 45936 ssh2
Oct 15 12:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: Received disconnect from 178.217.173.50 port 45936:11: Bye Bye [preauth]
Oct 15 12:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2190]: Disconnected from 178.217.173.50 port 45936 [preauth]
Oct 15 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2233]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2234]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2231]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2304]: Successful su for rubyman by root
Oct 15 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2304]: + ??? root:rubyman
Oct 15 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417744 of user rubyman.
Oct 15 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2304]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417744.
Oct 15 12:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31325]: pam_unix(cron:session): session closed for user root
Oct 15 12:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2232]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2559]: Invalid user nagios from 165.22.200.57
Oct 15 12:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2559]: input_userauth_request: invalid user nagios [preauth]
Oct 15 12:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2559]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2559]: Failed password for invalid user nagios from 165.22.200.57 port 60096 ssh2
Oct 15 12:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2559]: Connection closed by 165.22.200.57 port 60096 [preauth]
Oct 15 12:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1117]: pam_unix(cron:session): session closed for user root
Oct 15 12:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: Invalid user staging from 27.112.78.170
Oct 15 12:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: input_userauth_request: invalid user staging [preauth]
Oct 15 12:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: Failed password for invalid user staging from 27.112.78.170 port 56094 ssh2
Oct 15 12:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: Received disconnect from 27.112.78.170 port 56094:11: Bye Bye [preauth]
Oct 15 12:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: Disconnected from 27.112.78.170 port 56094 [preauth]
Oct 15 12:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2667]: Invalid user tomcat from 165.22.200.57
Oct 15 12:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2667]: input_userauth_request: invalid user tomcat [preauth]
Oct 15 12:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2667]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2667]: Failed password for invalid user tomcat from 165.22.200.57 port 59900 ssh2
Oct 15 12:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2667]: Connection closed by 165.22.200.57 port 59900 [preauth]
Oct 15 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2687]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2688]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2684]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2757]: Successful su for rubyman by root
Oct 15 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2757]: + ??? root:rubyman
Oct 15 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417747 of user rubyman.
Oct 15 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2757]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417747.
Oct 15 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Invalid user prueba from 185.156.73.233
Oct 15 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: input_userauth_request: invalid user prueba [preauth]
Oct 15 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 12:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Failed password for invalid user prueba from 185.156.73.233 port 51452 ssh2
Oct 15 12:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Connection closed by 185.156.73.233 port 51452 [preauth]
Oct 15 12:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31983]: pam_unix(cron:session): session closed for user root
Oct 15 12:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Invalid user zhangsan from 178.217.173.50
Oct 15 12:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: input_userauth_request: invalid user zhangsan [preauth]
Oct 15 12:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Failed password for invalid user zhangsan from 178.217.173.50 port 50002 ssh2
Oct 15 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Received disconnect from 178.217.173.50 port 50002:11: Bye Bye [preauth]
Oct 15 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Disconnected from 178.217.173.50 port 50002 [preauth]
Oct 15 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2686]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: Invalid user tomcat from 165.22.200.57
Oct 15 12:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: input_userauth_request: invalid user tomcat [preauth]
Oct 15 12:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: Failed password for invalid user tomcat from 165.22.200.57 port 38842 ssh2
Oct 15 12:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3027]: Connection closed by 165.22.200.57 port 38842 [preauth]
Oct 15 12:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1608]: pam_unix(cron:session): session closed for user root
Oct 15 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3141]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3140]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3137]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3201]: Successful su for rubyman by root
Oct 15 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3201]: + ??? root:rubyman
Oct 15 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3201]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417752 of user rubyman.
Oct 15 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3201]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417752.
Oct 15 12:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: Invalid user tomcat from 165.22.200.57
Oct 15 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: input_userauth_request: invalid user tomcat [preauth]
Oct 15 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: Failed password for invalid user tomcat from 165.22.200.57 port 38696 ssh2
Oct 15 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: Connection closed by 165.22.200.57 port 38696 [preauth]
Oct 15 12:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32528]: pam_unix(cron:session): session closed for user root
Oct 15 12:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3139]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170  user=root
Oct 15 12:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: Failed password for root from 27.112.78.170 port 44764 ssh2
Oct 15 12:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: Received disconnect from 27.112.78.170 port 44764:11: Bye Bye [preauth]
Oct 15 12:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: Disconnected from 27.112.78.170 port 44764 [preauth]
Oct 15 12:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.163.71.109  user=root
Oct 15 12:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: Failed password for root from 20.163.71.109 port 48414 ssh2
Oct 15 12:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: Connection closed by 20.163.71.109 port 48414 [preauth]
Oct 15 12:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2234]: pam_unix(cron:session): session closed for user root
Oct 15 12:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: Invalid user tomcat from 165.22.200.57
Oct 15 12:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: input_userauth_request: invalid user tomcat [preauth]
Oct 15 12:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: Failed password for invalid user tomcat from 165.22.200.57 port 55448 ssh2
Oct 15 12:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: Connection closed by 165.22.200.57 port 55448 [preauth]
Oct 15 12:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50  user=root
Oct 15 12:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: Failed password for root from 178.217.173.50 port 54072 ssh2
Oct 15 12:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: Received disconnect from 178.217.173.50 port 54072:11: Bye Bye [preauth]
Oct 15 12:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: Disconnected from 178.217.173.50 port 54072 [preauth]
Oct 15 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3618]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3617]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3613]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3615]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3791]: Successful su for rubyman by root
Oct 15 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3791]: + ??? root:rubyman
Oct 15 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3791]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417757 of user rubyman.
Oct 15 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3791]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417757.
Oct 15 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3613]: pam_unix(cron:session): session closed for user root
Oct 15 12:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[554]: pam_unix(cron:session): session closed for user root
Oct 15 12:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3986]: Invalid user tomcat from 165.22.200.57
Oct 15 12:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3986]: input_userauth_request: invalid user tomcat [preauth]
Oct 15 12:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3986]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3986]: Failed password for invalid user tomcat from 165.22.200.57 port 39398 ssh2
Oct 15 12:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3986]: Connection closed by 165.22.200.57 port 39398 [preauth]
Oct 15 12:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3616]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2688]: pam_unix(cron:session): session closed for user root
Oct 15 12:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4139]: Invalid user tomcat from 165.22.200.57
Oct 15 12:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4139]: input_userauth_request: invalid user tomcat [preauth]
Oct 15 12:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4139]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4139]: Failed password for invalid user tomcat from 165.22.200.57 port 48842 ssh2
Oct 15 12:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4139]: Connection closed by 165.22.200.57 port 48842 [preauth]
Oct 15 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4202]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4201]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4204]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session closed for user root
Oct 15 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4197]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4314]: Successful su for rubyman by root
Oct 15 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4314]: + ??? root:rubyman
Oct 15 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4314]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417764 of user rubyman.
Oct 15 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4314]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417764.
Oct 15 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4354]: Invalid user batman from 178.217.173.50
Oct 15 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4354]: input_userauth_request: invalid user batman [preauth]
Oct 15 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4354]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.217.173.50
Oct 15 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4354]: Failed password for invalid user batman from 178.217.173.50 port 58130 ssh2
Oct 15 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4354]: Received disconnect from 178.217.173.50 port 58130:11: Bye Bye [preauth]
Oct 15 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4354]: Disconnected from 178.217.173.50 port 58130 [preauth]
Oct 15 12:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4201]: pam_unix(cron:session): session closed for user root
Oct 15 12:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1116]: pam_unix(cron:session): session closed for user root
Oct 15 12:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: Invalid user qwe from 27.112.78.170
Oct 15 12:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: input_userauth_request: invalid user qwe [preauth]
Oct 15 12:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: Failed password for invalid user qwe from 27.112.78.170 port 47550 ssh2
Oct 15 12:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: Received disconnect from 27.112.78.170 port 47550:11: Bye Bye [preauth]
Oct 15 12:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: Disconnected from 27.112.78.170 port 47550 [preauth]
Oct 15 12:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4200]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Invalid user tomcat from 165.22.200.57
Oct 15 12:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: input_userauth_request: invalid user tomcat [preauth]
Oct 15 12:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Failed password for invalid user tomcat from 165.22.200.57 port 50368 ssh2
Oct 15 12:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Connection closed by 165.22.200.57 port 50368 [preauth]
Oct 15 12:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3141]: pam_unix(cron:session): session closed for user root
Oct 15 12:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4754]: Invalid user tomcat from 165.22.200.57
Oct 15 12:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4754]: input_userauth_request: invalid user tomcat [preauth]
Oct 15 12:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4754]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4764]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4765]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4759]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4754]: Failed password for invalid user tomcat from 165.22.200.57 port 59674 ssh2
Oct 15 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4754]: Connection closed by 165.22.200.57 port 59674 [preauth]
Oct 15 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4840]: Successful su for rubyman by root
Oct 15 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4840]: + ??? root:rubyman
Oct 15 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417767 of user rubyman.
Oct 15 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4840]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417767.
Oct 15 12:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1607]: pam_unix(cron:session): session closed for user root
Oct 15 12:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4761]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5629]: Invalid user tomcat from 165.22.200.57
Oct 15 12:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5629]: input_userauth_request: invalid user tomcat [preauth]
Oct 15 12:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5629]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5629]: Failed password for invalid user tomcat from 165.22.200.57 port 58574 ssh2
Oct 15 12:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5629]: Connection closed by 165.22.200.57 port 58574 [preauth]
Oct 15 12:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3618]: pam_unix(cron:session): session closed for user root
Oct 15 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5724]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5726]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5721]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5808]: Successful su for rubyman by root
Oct 15 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5808]: + ??? root:rubyman
Oct 15 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5808]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417772 of user rubyman.
Oct 15 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5808]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417772.
Oct 15 12:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: Invalid user ruby from 27.112.78.170
Oct 15 12:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: input_userauth_request: invalid user ruby [preauth]
Oct 15 12:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2233]: pam_unix(cron:session): session closed for user root
Oct 15 12:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: Failed password for invalid user ruby from 27.112.78.170 port 60814 ssh2
Oct 15 12:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: Received disconnect from 27.112.78.170 port 60814:11: Bye Bye [preauth]
Oct 15 12:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5940]: Disconnected from 27.112.78.170 port 60814 [preauth]
Oct 15 12:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6007]: Invalid user weblogic from 165.22.200.57
Oct 15 12:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6007]: input_userauth_request: invalid user weblogic [preauth]
Oct 15 12:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6007]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6007]: Failed password for invalid user weblogic from 165.22.200.57 port 54776 ssh2
Oct 15 12:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6007]: Connection closed by 165.22.200.57 port 54776 [preauth]
Oct 15 12:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5722]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4204]: pam_unix(cron:session): session closed for user root
Oct 15 12:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6160]: Invalid user weblogic from 165.22.200.57
Oct 15 12:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6160]: input_userauth_request: invalid user weblogic [preauth]
Oct 15 12:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6160]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6160]: Failed password for invalid user weblogic from 165.22.200.57 port 55958 ssh2
Oct 15 12:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6160]: Connection closed by 165.22.200.57 port 55958 [preauth]
Oct 15 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6200]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6199]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6197]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6264]: Successful su for rubyman by root
Oct 15 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6264]: + ??? root:rubyman
Oct 15 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417774 of user rubyman.
Oct 15 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6264]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417774.
Oct 15 12:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2687]: pam_unix(cron:session): session closed for user root
Oct 15 12:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6198]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: Invalid user weblogic from 165.22.200.57
Oct 15 12:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: input_userauth_request: invalid user weblogic [preauth]
Oct 15 12:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: Failed password for invalid user weblogic from 165.22.200.57 port 34628 ssh2
Oct 15 12:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6526]: Connection closed by 165.22.200.57 port 34628 [preauth]
Oct 15 12:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4765]: pam_unix(cron:session): session closed for user root
Oct 15 12:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: Invalid user weblogic from 165.22.200.57
Oct 15 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: input_userauth_request: invalid user weblogic [preauth]
Oct 15 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6752]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6753]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6750]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6821]: Successful su for rubyman by root
Oct 15 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6821]: + ??? root:rubyman
Oct 15 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: Failed password for invalid user weblogic from 165.22.200.57 port 58756 ssh2
Oct 15 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417779 of user rubyman.
Oct 15 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6821]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417779.
Oct 15 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: Connection closed by 165.22.200.57 port 58756 [preauth]
Oct 15 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Invalid user magento from 27.112.78.170
Oct 15 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: input_userauth_request: invalid user magento [preauth]
Oct 15 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Failed password for invalid user magento from 27.112.78.170 port 38832 ssh2
Oct 15 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Received disconnect from 27.112.78.170 port 38832:11: Bye Bye [preauth]
Oct 15 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Disconnected from 27.112.78.170 port 38832 [preauth]
Oct 15 12:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3140]: pam_unix(cron:session): session closed for user root
Oct 15 12:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6751]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: Invalid user weblogic from 165.22.200.57
Oct 15 12:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: input_userauth_request: invalid user weblogic [preauth]
Oct 15 12:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5726]: pam_unix(cron:session): session closed for user root
Oct 15 12:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: Failed password for invalid user weblogic from 165.22.200.57 port 35702 ssh2
Oct 15 12:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: Connection closed by 165.22.200.57 port 35702 [preauth]
Oct 15 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7295]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7293]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7291]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7294]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7296]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7296]: pam_unix(cron:session): session closed for user root
Oct 15 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7290]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7378]: Successful su for rubyman by root
Oct 15 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7378]: + ??? root:rubyman
Oct 15 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417784 of user rubyman.
Oct 15 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7378]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417784.
Oct 15 12:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7293]: pam_unix(cron:session): session closed for user root
Oct 15 12:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3617]: pam_unix(cron:session): session closed for user root
Oct 15 12:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: Invalid user weblogic from 165.22.200.57
Oct 15 12:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: input_userauth_request: invalid user weblogic [preauth]
Oct 15 12:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: Failed password for invalid user weblogic from 165.22.200.57 port 51876 ssh2
Oct 15 12:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7598]: Connection closed by 165.22.200.57 port 51876 [preauth]
Oct 15 12:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7291]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6200]: pam_unix(cron:session): session closed for user root
Oct 15 12:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Invalid user weblogic from 165.22.200.57
Oct 15 12:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: input_userauth_request: invalid user weblogic [preauth]
Oct 15 12:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Failed password for invalid user weblogic from 165.22.200.57 port 49018 ssh2
Oct 15 12:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Connection closed by 165.22.200.57 port 49018 [preauth]
Oct 15 12:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: Invalid user taibabi from 27.112.78.170
Oct 15 12:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: input_userauth_request: invalid user taibabi [preauth]
Oct 15 12:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: Failed password for invalid user taibabi from 27.112.78.170 port 36402 ssh2
Oct 15 12:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: Received disconnect from 27.112.78.170 port 36402:11: Bye Bye [preauth]
Oct 15 12:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: Disconnected from 27.112.78.170 port 36402 [preauth]
Oct 15 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7813]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7812]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7809]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8319]: Successful su for rubyman by root
Oct 15 12:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8319]: + ??? root:rubyman
Oct 15 12:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417789 of user rubyman.
Oct 15 12:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8319]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417789.
Oct 15 12:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4202]: pam_unix(cron:session): session closed for user root
Oct 15 12:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7810]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: Invalid user weblogic from 165.22.200.57
Oct 15 12:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: input_userauth_request: invalid user weblogic [preauth]
Oct 15 12:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: Failed password for invalid user weblogic from 165.22.200.57 port 55550 ssh2
Oct 15 12:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8581]: Connection closed by 165.22.200.57 port 55550 [preauth]
Oct 15 12:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6753]: pam_unix(cron:session): session closed for user root
Oct 15 12:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: Invalid user weblogic from 165.22.200.57
Oct 15 12:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: input_userauth_request: invalid user weblogic [preauth]
Oct 15 12:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: Failed password for invalid user weblogic from 165.22.200.57 port 50224 ssh2
Oct 15 12:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: Connection closed by 165.22.200.57 port 50224 [preauth]
Oct 15 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8725]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8724]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8722]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8904]: Successful su for rubyman by root
Oct 15 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8904]: + ??? root:rubyman
Oct 15 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417792 of user rubyman.
Oct 15 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8904]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417792.
Oct 15 12:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4764]: pam_unix(cron:session): session closed for user root
Oct 15 12:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8723]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9300]: Invalid user git from 165.22.200.57
Oct 15 12:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9300]: input_userauth_request: invalid user git [preauth]
Oct 15 12:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9300]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9300]: Failed password for invalid user git from 165.22.200.57 port 51974 ssh2
Oct 15 12:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9300]: Connection closed by 165.22.200.57 port 51974 [preauth]
Oct 15 12:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7295]: pam_unix(cron:session): session closed for user root
Oct 15 12:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: Invalid user aramos from 27.112.78.170
Oct 15 12:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: input_userauth_request: invalid user aramos [preauth]
Oct 15 12:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: Failed password for invalid user aramos from 27.112.78.170 port 59750 ssh2
Oct 15 12:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: Received disconnect from 27.112.78.170 port 59750:11: Bye Bye [preauth]
Oct 15 12:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: Disconnected from 27.112.78.170 port 59750 [preauth]
Oct 15 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9415]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9416]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9413]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9512]: Successful su for rubyman by root
Oct 15 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9512]: + ??? root:rubyman
Oct 15 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417796 of user rubyman.
Oct 15 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9512]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417796.
Oct 15 12:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9595]: Invalid user git from 165.22.200.57
Oct 15 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9595]: input_userauth_request: invalid user git [preauth]
Oct 15 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9595]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9595]: Failed password for invalid user git from 165.22.200.57 port 49582 ssh2
Oct 15 12:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9595]: Connection closed by 165.22.200.57 port 49582 [preauth]
Oct 15 12:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5724]: pam_unix(cron:session): session closed for user root
Oct 15 12:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9414]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7813]: pam_unix(cron:session): session closed for user root
Oct 15 12:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: Invalid user git from 165.22.200.57
Oct 15 12:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: input_userauth_request: invalid user git [preauth]
Oct 15 12:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: Failed password for invalid user git from 165.22.200.57 port 49288 ssh2
Oct 15 12:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: Connection closed by 165.22.200.57 port 49288 [preauth]
Oct 15 12:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49  user=root
Oct 15 12:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10019]: Failed password for root from 211.253.9.49 port 56275 ssh2
Oct 15 12:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10019]: Received disconnect from 211.253.9.49 port 56275:11: Bye Bye [preauth]
Oct 15 12:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10019]: Disconnected from 211.253.9.49 port 56275 [preauth]
Oct 15 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10046]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10049]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10044]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10119]: Successful su for rubyman by root
Oct 15 12:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10119]: + ??? root:rubyman
Oct 15 12:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417800 of user rubyman.
Oct 15 12:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10119]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417800.
Oct 15 12:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: Invalid user wireguard from 82.115.24.11
Oct 15 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: input_userauth_request: invalid user wireguard [preauth]
Oct 15 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 12:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: Failed password for invalid user wireguard from 82.115.24.11 port 59860 ssh2
Oct 15 12:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: Received disconnect from 82.115.24.11 port 59860:11: Bye Bye [preauth]
Oct 15 12:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10133]: Disconnected from 82.115.24.11 port 59860 [preauth]
Oct 15 12:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6199]: pam_unix(cron:session): session closed for user root
Oct 15 12:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: Invalid user git from 165.22.200.57
Oct 15 12:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: input_userauth_request: invalid user git [preauth]
Oct 15 12:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10045]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: Failed password for invalid user git from 165.22.200.57 port 60952 ssh2
Oct 15 12:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: Connection closed by 165.22.200.57 port 60952 [preauth]
Oct 15 12:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8725]: pam_unix(cron:session): session closed for user root
Oct 15 12:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Invalid user ubuntu from 27.112.78.170
Oct 15 12:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 12:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Failed password for invalid user ubuntu from 27.112.78.170 port 38522 ssh2
Oct 15 12:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Received disconnect from 27.112.78.170 port 38522:11: Bye Bye [preauth]
Oct 15 12:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Disconnected from 27.112.78.170 port 38522 [preauth]
Oct 15 12:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10483]: Invalid user test from 194.0.234.19
Oct 15 12:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10483]: input_userauth_request: invalid user test [preauth]
Oct 15 12:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10483]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
Oct 15 12:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10483]: Failed password for invalid user test from 194.0.234.19 port 15232 ssh2
Oct 15 12:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10483]: Connection closed by 194.0.234.19 port 15232 [preauth]
Oct 15 12:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: Invalid user git from 165.22.200.57
Oct 15 12:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: input_userauth_request: invalid user git [preauth]
Oct 15 12:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: Failed password for invalid user git from 165.22.200.57 port 37716 ssh2
Oct 15 12:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10519]: Connection closed by 165.22.200.57 port 37716 [preauth]
Oct 15 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10542]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10541]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10543]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10539]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10544]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10544]: pam_unix(cron:session): session closed for user root
Oct 15 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10537]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10628]: Successful su for rubyman by root
Oct 15 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10628]: + ??? root:rubyman
Oct 15 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10628]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417808 of user rubyman.
Oct 15 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10628]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417808.
Oct 15 12:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6752]: pam_unix(cron:session): session closed for user root
Oct 15 12:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10541]: pam_unix(cron:session): session closed for user root
Oct 15 12:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10539]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: Invalid user git from 165.22.200.57
Oct 15 12:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: input_userauth_request: invalid user git [preauth]
Oct 15 12:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: Failed password for invalid user git from 165.22.200.57 port 46304 ssh2
Oct 15 12:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: Connection closed by 165.22.200.57 port 46304 [preauth]
Oct 15 12:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9416]: pam_unix(cron:session): session closed for user root
Oct 15 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11038]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11037]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11035]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11114]: Successful su for rubyman by root
Oct 15 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11114]: + ??? root:rubyman
Oct 15 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417810 of user rubyman.
Oct 15 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11114]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417810.
Oct 15 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: Invalid user git from 165.22.200.57
Oct 15 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: input_userauth_request: invalid user git [preauth]
Oct 15 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: Failed password for invalid user git from 165.22.200.57 port 55596 ssh2
Oct 15 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11111]: Connection closed by 165.22.200.57 port 55596 [preauth]
Oct 15 12:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11295]: Invalid user achil from 2.57.122.26
Oct 15 12:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11295]: input_userauth_request: invalid user achil [preauth]
Oct 15 12:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11295]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26
Oct 15 12:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7294]: pam_unix(cron:session): session closed for user root
Oct 15 12:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11295]: Failed password for invalid user achil from 2.57.122.26 port 39028 ssh2
Oct 15 12:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11295]: Connection closed by 2.57.122.26 port 39028 [preauth]
Oct 15 12:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11036]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: Invalid user ftpuser from 27.112.78.170
Oct 15 12:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 12:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: Failed password for invalid user ftpuser from 27.112.78.170 port 36836 ssh2
Oct 15 12:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: Received disconnect from 27.112.78.170 port 36836:11: Bye Bye [preauth]
Oct 15 12:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: Disconnected from 27.112.78.170 port 36836 [preauth]
Oct 15 12:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Invalid user git from 165.22.200.57
Oct 15 12:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: input_userauth_request: invalid user git [preauth]
Oct 15 12:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10049]: pam_unix(cron:session): session closed for user root
Oct 15 12:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Failed password for invalid user git from 165.22.200.57 port 43570 ssh2
Oct 15 12:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Connection closed by 165.22.200.57 port 43570 [preauth]
Oct 15 12:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11461]: Invalid user vida from 82.115.24.11
Oct 15 12:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11461]: input_userauth_request: invalid user vida [preauth]
Oct 15 12:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11461]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 12:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11461]: Failed password for invalid user vida from 82.115.24.11 port 60956 ssh2
Oct 15 12:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11461]: Received disconnect from 82.115.24.11 port 60956:11: Bye Bye [preauth]
Oct 15 12:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11461]: Disconnected from 82.115.24.11 port 60956 [preauth]
Oct 15 12:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: Invalid user rramirez from 27.254.235.12
Oct 15 12:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: input_userauth_request: invalid user rramirez [preauth]
Oct 15 12:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 12:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: Failed password for invalid user rramirez from 27.254.235.12 port 50604 ssh2
Oct 15 12:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: Received disconnect from 27.254.235.12 port 50604:11: Bye Bye [preauth]
Oct 15 12:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11487]: Disconnected from 27.254.235.12 port 50604 [preauth]
Oct 15 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11511]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11510]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11507]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11596]: Successful su for rubyman by root
Oct 15 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11596]: + ??? root:rubyman
Oct 15 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11596]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417814 of user rubyman.
Oct 15 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11596]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417814.
Oct 15 12:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7812]: pam_unix(cron:session): session closed for user root
Oct 15 12:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11895]: Invalid user git from 165.22.200.57
Oct 15 12:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11895]: input_userauth_request: invalid user git [preauth]
Oct 15 12:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11895]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11895]: Failed password for invalid user git from 165.22.200.57 port 41038 ssh2
Oct 15 12:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11895]: Connection closed by 165.22.200.57 port 41038 [preauth]
Oct 15 12:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11508]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49  user=root
Oct 15 12:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11951]: Failed password for root from 211.253.9.49 port 56024 ssh2
Oct 15 12:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11951]: Received disconnect from 211.253.9.49 port 56024:11: Bye Bye [preauth]
Oct 15 12:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11951]: Disconnected from 211.253.9.49 port 56024 [preauth]
Oct 15 12:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10543]: pam_unix(cron:session): session closed for user root
Oct 15 12:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: Invalid user svn from 165.22.200.57
Oct 15 12:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: input_userauth_request: invalid user svn [preauth]
Oct 15 12:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: Failed password for invalid user svn from 165.22.200.57 port 46958 ssh2
Oct 15 12:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: Connection closed by 165.22.200.57 port 46958 [preauth]
Oct 15 12:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: Invalid user user from 52.224.240.74
Oct 15 12:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: input_userauth_request: invalid user user [preauth]
Oct 15 12:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 12:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: Failed password for invalid user user from 52.224.240.74 port 52818 ssh2
Oct 15 12:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: Received disconnect from 52.224.240.74 port 52818:11: Bye Bye [preauth]
Oct 15 12:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: Disconnected from 52.224.240.74 port 52818 [preauth]
Oct 15 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12088]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12087]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12085]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12167]: Successful su for rubyman by root
Oct 15 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12167]: + ??? root:rubyman
Oct 15 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12167]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417818 of user rubyman.
Oct 15 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12167]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417818.
Oct 15 12:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11  user=root
Oct 15 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: Failed password for root from 82.115.24.11 port 48144 ssh2
Oct 15 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: Received disconnect from 82.115.24.11 port 48144:11: Bye Bye [preauth]
Oct 15 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12210]: Disconnected from 82.115.24.11 port 48144 [preauth]
Oct 15 12:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8724]: pam_unix(cron:session): session closed for user root
Oct 15 12:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: Invalid user admin from 2.57.121.112
Oct 15 12:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: input_userauth_request: invalid user admin [preauth]
Oct 15 12:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 12:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Invalid user helen from 27.112.78.170
Oct 15 12:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: input_userauth_request: invalid user helen [preauth]
Oct 15 12:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
Oct 15 12:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: Failed password for invalid user admin from 2.57.121.112 port 62573 ssh2
Oct 15 12:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Failed password for invalid user helen from 27.112.78.170 port 49448 ssh2
Oct 15 12:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Received disconnect from 27.112.78.170 port 49448:11: Bye Bye [preauth]
Oct 15 12:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Disconnected from 27.112.78.170 port 49448 [preauth]
Oct 15 12:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: Failed password for invalid user admin from 2.57.121.112 port 62573 ssh2
Oct 15 12:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: Failed password for invalid user admin from 2.57.121.112 port 62573 ssh2
Oct 15 12:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12086]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: Failed password for invalid user admin from 2.57.121.112 port 62573 ssh2
Oct 15 12:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: Failed password for invalid user admin from 2.57.121.112 port 62573 ssh2
Oct 15 12:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: Received disconnect from 2.57.121.112 port 62573:11: Bye [preauth]
Oct 15 12:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: Disconnected from 2.57.121.112 port 62573 [preauth]
Oct 15 12:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 12:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 12:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Invalid user svn from 165.22.200.57
Oct 15 12:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: input_userauth_request: invalid user svn [preauth]
Oct 15 12:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Failed password for invalid user svn from 165.22.200.57 port 46234 ssh2
Oct 15 12:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Connection closed by 165.22.200.57 port 46234 [preauth]
Oct 15 12:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: Invalid user admin from 185.156.73.233
Oct 15 12:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: input_userauth_request: invalid user admin [preauth]
Oct 15 12:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 12:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11038]: pam_unix(cron:session): session closed for user root
Oct 15 12:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: Failed password for invalid user admin from 185.156.73.233 port 23362 ssh2
Oct 15 12:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: Connection closed by 185.156.73.233 port 23362 [preauth]
Oct 15 12:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Invalid user asw from 27.254.235.12
Oct 15 12:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: input_userauth_request: invalid user asw [preauth]
Oct 15 12:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 12:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Failed password for invalid user asw from 27.254.235.12 port 56790 ssh2
Oct 15 12:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Received disconnect from 27.254.235.12 port 56790:11: Bye Bye [preauth]
Oct 15 12:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Disconnected from 27.254.235.12 port 56790 [preauth]
Oct 15 12:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12567]: Invalid user svn from 165.22.200.57
Oct 15 12:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12567]: input_userauth_request: invalid user svn [preauth]
Oct 15 12:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12567]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12567]: Failed password for invalid user svn from 165.22.200.57 port 35820 ssh2
Oct 15 12:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12567]: Connection closed by 165.22.200.57 port 35820 [preauth]
Oct 15 12:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: Invalid user teacher from 164.68.105.9
Oct 15 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: input_userauth_request: invalid user teacher [preauth]
Oct 15 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12598]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12599]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12597]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12595]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: Failed password for invalid user teacher from 164.68.105.9 port 58692 ssh2
Oct 15 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: Connection closed by 164.68.105.9 port 58692 [preauth]
Oct 15 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12689]: Successful su for rubyman by root
Oct 15 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12689]: + ??? root:rubyman
Oct 15 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417824 of user rubyman.
Oct 15 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[12689]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417824.
Oct 15 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: Invalid user ubuntu from 186.96.145.241
Oct 15 12:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 12:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
Oct 15 12:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12729]: Invalid user eth from 211.253.9.49
Oct 15 12:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12729]: input_userauth_request: invalid user eth [preauth]
Oct 15 12:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12729]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 12:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: Failed password for invalid user ubuntu from 186.96.145.241 port 56512 ssh2
Oct 15 12:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: Connection closed by 186.96.145.241 port 56512 [preauth]
Oct 15 12:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12729]: Failed password for invalid user eth from 211.253.9.49 port 44283 ssh2
Oct 15 12:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12729]: Received disconnect from 211.253.9.49 port 44283:11: Bye Bye [preauth]
Oct 15 12:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12729]: Disconnected from 211.253.9.49 port 44283 [preauth]
Oct 15 12:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9415]: pam_unix(cron:session): session closed for user root
Oct 15 12:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12597]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: Invalid user debianuser from 82.115.24.11
Oct 15 12:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: input_userauth_request: invalid user debianuser [preauth]
Oct 15 12:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 12:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: Failed password for invalid user debianuser from 82.115.24.11 port 33662 ssh2
Oct 15 12:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: Received disconnect from 82.115.24.11 port 33662:11: Bye Bye [preauth]
Oct 15 12:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: Disconnected from 82.115.24.11 port 33662 [preauth]
Oct 15 12:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.18.123  user=root
Oct 15 12:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Failed password for root from 14.103.18.123 port 53782 ssh2
Oct 15 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: Invalid user svn from 165.22.200.57
Oct 15 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: input_userauth_request: invalid user svn [preauth]
Oct 15 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Received disconnect from 14.103.18.123 port 53782:11: Bye Bye [preauth]
Oct 15 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Disconnected from 14.103.18.123 port 53782 [preauth]
Oct 15 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: Failed password for invalid user svn from 165.22.200.57 port 38338 ssh2
Oct 15 12:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13010]: Connection closed by 165.22.200.57 port 38338 [preauth]
Oct 15 12:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11511]: pam_unix(cron:session): session closed for user root
Oct 15 12:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170  user=root
Oct 15 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13119]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13120]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13116]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13117]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13118]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13115]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13120]: pam_unix(cron:session): session closed for user root
Oct 15 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13115]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13110]: Failed password for root from 27.112.78.170 port 38374 ssh2
Oct 15 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13110]: Received disconnect from 27.112.78.170 port 38374:11: Bye Bye [preauth]
Oct 15 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13110]: Disconnected from 27.112.78.170 port 38374 [preauth]
Oct 15 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13189]: Successful su for rubyman by root
Oct 15 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13189]: + ??? root:rubyman
Oct 15 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417826 of user rubyman.
Oct 15 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13189]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417826.
Oct 15 12:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: Invalid user svn from 165.22.200.57
Oct 15 12:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: input_userauth_request: invalid user svn [preauth]
Oct 15 12:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13117]: pam_unix(cron:session): session closed for user root
Oct 15 12:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10046]: pam_unix(cron:session): session closed for user root
Oct 15 12:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: Failed password for invalid user svn from 165.22.200.57 port 39164 ssh2
Oct 15 12:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13432]: Connection closed by 165.22.200.57 port 39164 [preauth]
Oct 15 12:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13116]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: Invalid user admin from 27.254.235.12
Oct 15 12:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: input_userauth_request: invalid user admin [preauth]
Oct 15 12:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 12:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254  user=root
Oct 15 12:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74  user=root
Oct 15 12:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: Failed password for invalid user admin from 27.254.235.12 port 60446 ssh2
Oct 15 12:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: Received disconnect from 27.254.235.12 port 60446:11: Bye Bye [preauth]
Oct 15 12:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13611]: Disconnected from 27.254.235.12 port 60446 [preauth]
Oct 15 12:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: Failed password for root from 52.224.240.74 port 51600 ssh2
Oct 15 12:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Failed password for root from 107.175.209.254 port 49996 ssh2
Oct 15 12:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Received disconnect from 107.175.209.254 port 49996:11: Bye Bye [preauth]
Oct 15 12:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Disconnected from 107.175.209.254 port 49996 [preauth]
Oct 15 12:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: Received disconnect from 52.224.240.74 port 51600:11: Bye Bye [preauth]
Oct 15 12:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13614]: Disconnected from 52.224.240.74 port 51600 [preauth]
Oct 15 12:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12088]: pam_unix(cron:session): session closed for user root
Oct 15 12:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13676]: Invalid user ftpuser from 82.115.24.11
Oct 15 12:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13676]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 12:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13676]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 12:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13676]: Failed password for invalid user ftpuser from 82.115.24.11 port 54290 ssh2
Oct 15 12:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13676]: Received disconnect from 82.115.24.11 port 54290:11: Bye Bye [preauth]
Oct 15 12:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13676]: Disconnected from 82.115.24.11 port 54290 [preauth]
Oct 15 12:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13684]: Invalid user svn from 165.22.200.57
Oct 15 12:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13684]: input_userauth_request: invalid user svn [preauth]
Oct 15 12:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13684]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13684]: Failed password for invalid user svn from 165.22.200.57 port 43070 ssh2
Oct 15 12:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13684]: Connection closed by 165.22.200.57 port 43070 [preauth]
Oct 15 12:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49  user=root
Oct 15 12:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13714]: Failed password for root from 211.253.9.49 port 60773 ssh2
Oct 15 12:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13714]: Received disconnect from 211.253.9.49 port 60773:11: Bye Bye [preauth]
Oct 15 12:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13714]: Disconnected from 211.253.9.49 port 60773 [preauth]
Oct 15 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13750]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13749]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13747]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13865]: Successful su for rubyman by root
Oct 15 12:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13865]: + ??? root:rubyman
Oct 15 12:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417832 of user rubyman.
Oct 15 12:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13865]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417832.
Oct 15 12:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10542]: pam_unix(cron:session): session closed for user root
Oct 15 12:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14368]: Invalid user svn from 165.22.200.57
Oct 15 12:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14368]: input_userauth_request: invalid user svn [preauth]
Oct 15 12:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14368]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13749]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14368]: Failed password for invalid user svn from 165.22.200.57 port 33624 ssh2
Oct 15 12:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14368]: Connection closed by 165.22.200.57 port 33624 [preauth]
Oct 15 12:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12599]: pam_unix(cron:session): session closed for user root
Oct 15 12:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: Invalid user punit from 82.115.24.11
Oct 15 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: input_userauth_request: invalid user punit [preauth]
Oct 15 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14600]: Invalid user hyper from 27.254.235.12
Oct 15 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14600]: input_userauth_request: invalid user hyper [preauth]
Oct 15 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14600]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 12:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: Failed password for invalid user punit from 82.115.24.11 port 44446 ssh2
Oct 15 12:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: Received disconnect from 82.115.24.11 port 44446:11: Bye Bye [preauth]
Oct 15 12:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: Disconnected from 82.115.24.11 port 44446 [preauth]
Oct 15 12:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14600]: Failed password for invalid user hyper from 27.254.235.12 port 35862 ssh2
Oct 15 12:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Invalid user svn from 165.22.200.57
Oct 15 12:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: input_userauth_request: invalid user svn [preauth]
Oct 15 12:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14600]: Received disconnect from 27.254.235.12 port 35862:11: Bye Bye [preauth]
Oct 15 12:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14600]: Disconnected from 27.254.235.12 port 35862 [preauth]
Oct 15 12:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Failed password for invalid user svn from 165.22.200.57 port 57972 ssh2
Oct 15 12:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Connection closed by 165.22.200.57 port 57972 [preauth]
Oct 15 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14621]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14620]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14617]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14683]: Successful su for rubyman by root
Oct 15 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14683]: + ??? root:rubyman
Oct 15 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417836 of user rubyman.
Oct 15 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14683]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417836.
Oct 15 12:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11037]: pam_unix(cron:session): session closed for user root
Oct 15 12:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14619]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: Invalid user adminuser from 211.253.9.49
Oct 15 12:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: input_userauth_request: invalid user adminuser [preauth]
Oct 15 12:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 12:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: Invalid user svn from 165.22.200.57
Oct 15 12:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: input_userauth_request: invalid user svn [preauth]
Oct 15 12:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: Failed password for invalid user adminuser from 211.253.9.49 port 49033 ssh2
Oct 15 12:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: Received disconnect from 211.253.9.49 port 49033:11: Bye Bye [preauth]
Oct 15 12:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14990]: Disconnected from 211.253.9.49 port 49033 [preauth]
Oct 15 12:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: Failed password for invalid user svn from 165.22.200.57 port 60800 ssh2
Oct 15 12:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14993]: Connection closed by 165.22.200.57 port 60800 [preauth]
Oct 15 12:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Invalid user eacsaci from 52.224.240.74
Oct 15 12:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: input_userauth_request: invalid user eacsaci [preauth]
Oct 15 12:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 12:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13119]: pam_unix(cron:session): session closed for user root
Oct 15 12:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Failed password for invalid user eacsaci from 52.224.240.74 port 52318 ssh2
Oct 15 12:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Received disconnect from 52.224.240.74 port 52318:11: Bye Bye [preauth]
Oct 15 12:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Disconnected from 52.224.240.74 port 52318 [preauth]
Oct 15 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15183]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15185]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15181]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15255]: Successful su for rubyman by root
Oct 15 12:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15255]: + ??? root:rubyman
Oct 15 12:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417842 of user rubyman.
Oct 15 12:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15255]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417842.
Oct 15 12:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: Invalid user docker from 165.22.200.57
Oct 15 12:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: input_userauth_request: invalid user docker [preauth]
Oct 15 12:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: Failed password for invalid user docker from 165.22.200.57 port 34280 ssh2
Oct 15 12:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15362]: Connection closed by 165.22.200.57 port 34280 [preauth]
Oct 15 12:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254  user=root
Oct 15 12:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11510]: pam_unix(cron:session): session closed for user root
Oct 15 12:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: Failed password for root from 107.175.209.254 port 43950 ssh2
Oct 15 12:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: Received disconnect from 107.175.209.254 port 43950:11: Bye Bye [preauth]
Oct 15 12:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: Disconnected from 107.175.209.254 port 43950 [preauth]
Oct 15 12:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11  user=root
Oct 15 12:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15456]: Failed password for root from 82.115.24.11 port 57370 ssh2
Oct 15 12:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15456]: Received disconnect from 82.115.24.11 port 57370:11: Bye Bye [preauth]
Oct 15 12:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15456]: Disconnected from 82.115.24.11 port 57370 [preauth]
Oct 15 12:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15182]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12  user=root
Oct 15 12:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: Failed password for root from 27.254.235.12 port 39516 ssh2
Oct 15 12:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: Received disconnect from 27.254.235.12 port 39516:11: Bye Bye [preauth]
Oct 15 12:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: Disconnected from 27.254.235.12 port 39516 [preauth]
Oct 15 12:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.18.123  user=root
Oct 15 12:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15529]: Failed password for root from 14.103.18.123 port 50512 ssh2
Oct 15 12:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15529]: Received disconnect from 14.103.18.123 port 50512:11: Bye Bye [preauth]
Oct 15 12:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15529]: Disconnected from 14.103.18.123 port 50512 [preauth]
Oct 15 12:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session closed for user root
Oct 15 12:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: Invalid user docker from 165.22.200.57
Oct 15 12:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: input_userauth_request: invalid user docker [preauth]
Oct 15 12:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: Failed password for invalid user docker from 165.22.200.57 port 33454 ssh2
Oct 15 12:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: Connection closed by 165.22.200.57 port 33454 [preauth]
Oct 15 12:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15648]: User www-data from 14.103.18.123 not allowed because not listed in AllowUsers
Oct 15 12:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15648]: input_userauth_request: invalid user www-data [preauth]
Oct 15 12:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.18.123  user=www-data
Oct 15 12:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15648]: Failed password for invalid user www-data from 14.103.18.123 port 60010 ssh2
Oct 15 12:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15648]: Received disconnect from 14.103.18.123 port 60010:11: Bye Bye [preauth]
Oct 15 12:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15648]: Disconnected from 14.103.18.123 port 60010 [preauth]
Oct 15 12:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Invalid user els from 211.253.9.49
Oct 15 12:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: input_userauth_request: invalid user els [preauth]
Oct 15 12:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15660]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15659]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15662]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15659]: pam_unix(cron:session): session closed for user p13x
Oct 15 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Failed password for invalid user els from 211.253.9.49 port 37285 ssh2
Oct 15 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Received disconnect from 211.253.9.49 port 37285:11: Bye Bye [preauth]
Oct 15 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15651]: Disconnected from 211.253.9.49 port 37285 [preauth]
Oct 15 12:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15738]: Successful su for rubyman by root
Oct 15 12:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15738]: + ??? root:rubyman
Oct 15 12:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15738]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 12:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417844 of user rubyman.
Oct 15 12:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[15738]: pam_unix(su:session): session closed for user rubyman
Oct 15 12:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417844.
Oct 15 12:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12087]: pam_unix(cron:session): session closed for user root
Oct 15 12:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15925]: Invalid user docker from 165.22.200.57
Oct 15 12:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15925]: input_userauth_request: invalid user docker [preauth]
Oct 15 12:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15925]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15925]: Failed password for invalid user docker from 165.22.200.57 port 60472 ssh2
Oct 15 12:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15925]: Connection closed by 165.22.200.57 port 60472 [preauth]
Oct 15 12:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15660]: pam_unix(cron:session): session closed for user samftp
Oct 15 12:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: Invalid user csgoserver from 82.115.24.11
Oct 15 12:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: input_userauth_request: invalid user csgoserver [preauth]
Oct 15 12:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 12:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: Failed password for invalid user csgoserver from 82.115.24.11 port 57350 ssh2
Oct 15 12:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: Received disconnect from 82.115.24.11 port 57350:11: Bye Bye [preauth]
Oct 15 12:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: Disconnected from 82.115.24.11 port 57350 [preauth]
Oct 15 12:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Invalid user sayed from 107.175.209.254
Oct 15 12:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: input_userauth_request: invalid user sayed [preauth]
Oct 15 12:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 12:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Failed password for invalid user sayed from 107.175.209.254 port 40412 ssh2
Oct 15 12:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Received disconnect from 107.175.209.254 port 40412:11: Bye Bye [preauth]
Oct 15 12:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16019]: Disconnected from 107.175.209.254 port 40412 [preauth]
Oct 15 12:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14621]: pam_unix(cron:session): session closed for user root
Oct 15 12:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: Invalid user area from 52.224.240.74
Oct 15 12:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: input_userauth_request: invalid user area [preauth]
Oct 15 12:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 12:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16091]: Invalid user docker from 165.22.200.57
Oct 15 12:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16091]: input_userauth_request: invalid user docker [preauth]
Oct 15 12:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16091]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 12:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: Failed password for invalid user area from 52.224.240.74 port 44200 ssh2
Oct 15 12:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: Received disconnect from 52.224.240.74 port 44200:11: Bye Bye [preauth]
Oct 15 12:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16067]: Disconnected from 52.224.240.74 port 44200 [preauth]
Oct 15 12:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16091]: Failed password for invalid user docker from 165.22.200.57 port 49940 ssh2
Oct 15 12:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16091]: Connection closed by 165.22.200.57 port 49940 [preauth]
Oct 15 12:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: Invalid user monit from 27.254.235.12
Oct 15 12:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: input_userauth_request: invalid user monit [preauth]
Oct 15 12:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 12:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 12:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 12:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: Invalid user  from 121.41.37.60
Oct 15 12:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: input_userauth_request: invalid user  [preauth]
Oct 15 12:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: Failed password for invalid user monit from 27.254.235.12 port 43156 ssh2
Oct 15 12:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: Received disconnect from 27.254.235.12 port 43156:11: Bye Bye [preauth]
Oct 15 12:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16101]: Disconnected from 27.254.235.12 port 43156 [preauth]
Oct 15 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16134]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16135]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16132]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16137]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16130]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: Connection closed by 121.41.37.60 port 41678 [preauth]
Oct 15 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16137]: pam_unix(cron:session): session closed for user root
Oct 15 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16130]: pam_unix(cron:session): session closed for user root
Oct 15 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16128]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: Connection closed by 14.103.18.123 port 40308 [preauth]
Oct 15 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16250]: Successful su for rubyman by root
Oct 15 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16250]: + ??? root:rubyman
Oct 15 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417849 of user rubyman.
Oct 15 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[16250]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417849.
Oct 15 13:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16132]: pam_unix(cron:session): session closed for user root
Oct 15 13:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12598]: pam_unix(cron:session): session closed for user root
Oct 15 13:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16129]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: Invalid user docker from 165.22.200.57
Oct 15 13:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: input_userauth_request: invalid user docker [preauth]
Oct 15 13:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: Failed password for invalid user docker from 165.22.200.57 port 49918 ssh2
Oct 15 13:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16548]: Connection closed by 165.22.200.57 port 49918 [preauth]
Oct 15 13:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Invalid user steam from 211.253.9.49
Oct 15 13:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: input_userauth_request: invalid user steam [preauth]
Oct 15 13:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Failed password for invalid user steam from 211.253.9.49 port 53771 ssh2
Oct 15 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Received disconnect from 211.253.9.49 port 53771:11: Bye Bye [preauth]
Oct 15 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16561]: Disconnected from 211.253.9.49 port 53771 [preauth]
Oct 15 13:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15185]: pam_unix(cron:session): session closed for user root
Oct 15 13:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11  user=root
Oct 15 13:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16645]: Failed password for root from 82.115.24.11 port 44830 ssh2
Oct 15 13:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16645]: Received disconnect from 82.115.24.11 port 44830:11: Bye Bye [preauth]
Oct 15 13:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16645]: Disconnected from 82.115.24.11 port 44830 [preauth]
Oct 15 13:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16667]: Connection closed by 14.103.18.123 port 35006 [preauth]
Oct 15 13:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: User nobody from 185.156.73.233 not allowed because not listed in AllowUsers
Oct 15 13:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: input_userauth_request: invalid user nobody [preauth]
Oct 15 13:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: Invalid user hsm from 107.175.209.254
Oct 15 13:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: input_userauth_request: invalid user hsm [preauth]
Oct 15 13:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=nobody
Oct 15 13:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: Failed password for invalid user hsm from 107.175.209.254 port 41272 ssh2
Oct 15 13:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: Failed password for invalid user nobody from 185.156.73.233 port 41680 ssh2
Oct 15 13:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: Received disconnect from 107.175.209.254 port 41272:11: Bye Bye [preauth]
Oct 15 13:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: Disconnected from 107.175.209.254 port 41272 [preauth]
Oct 15 13:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: Connection closed by 185.156.73.233 port 41680 [preauth]
Oct 15 13:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16712]: Invalid user docker from 165.22.200.57
Oct 15 13:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16712]: input_userauth_request: invalid user docker [preauth]
Oct 15 13:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16712]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16727]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16728]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16725]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16712]: Failed password for invalid user docker from 165.22.200.57 port 54322 ssh2
Oct 15 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16712]: Connection closed by 165.22.200.57 port 54322 [preauth]
Oct 15 13:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16822]: Successful su for rubyman by root
Oct 15 13:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16822]: + ??? root:rubyman
Oct 15 13:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417856 of user rubyman.
Oct 15 13:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16822]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417856.
Oct 15 13:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13118]: pam_unix(cron:session): session closed for user root
Oct 15 13:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16726]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: Invalid user traefik from 27.254.235.12
Oct 15 13:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: input_userauth_request: invalid user traefik [preauth]
Oct 15 13:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 13:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: Failed password for invalid user traefik from 27.254.235.12 port 46796 ssh2
Oct 15 13:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: Received disconnect from 27.254.235.12 port 46796:11: Bye Bye [preauth]
Oct 15 13:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: Disconnected from 27.254.235.12 port 46796 [preauth]
Oct 15 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: Invalid user docker from 165.22.200.57
Oct 15 13:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: input_userauth_request: invalid user docker [preauth]
Oct 15 13:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: Failed password for invalid user docker from 165.22.200.57 port 34466 ssh2
Oct 15 13:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: Connection closed by 165.22.200.57 port 34466 [preauth]
Oct 15 13:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session closed for user root
Oct 15 13:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74  user=root
Oct 15 13:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17164]: Failed password for root from 52.224.240.74 port 47522 ssh2
Oct 15 13:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17164]: Received disconnect from 52.224.240.74 port 47522:11: Bye Bye [preauth]
Oct 15 13:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17164]: Disconnected from 52.224.240.74 port 47522 [preauth]
Oct 15 13:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: Invalid user wahid from 82.115.24.11
Oct 15 13:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: input_userauth_request: invalid user wahid [preauth]
Oct 15 13:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 13:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: Failed password for invalid user wahid from 82.115.24.11 port 40768 ssh2
Oct 15 13:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: Received disconnect from 82.115.24.11 port 40768:11: Bye Bye [preauth]
Oct 15 13:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17205]: Disconnected from 82.115.24.11 port 40768 [preauth]
Oct 15 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17215]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17213]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17211]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17286]: Successful su for rubyman by root
Oct 15 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17286]: + ??? root:rubyman
Oct 15 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417860 of user rubyman.
Oct 15 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17286]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417860.
Oct 15 13:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: Invalid user mm from 211.253.9.49
Oct 15 13:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: input_userauth_request: invalid user mm [preauth]
Oct 15 13:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: Failed password for invalid user mm from 211.253.9.49 port 42024 ssh2
Oct 15 13:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: Received disconnect from 211.253.9.49 port 42024:11: Bye Bye [preauth]
Oct 15 13:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17333]: Disconnected from 211.253.9.49 port 42024 [preauth]
Oct 15 13:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: Invalid user docker from 165.22.200.57
Oct 15 13:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: input_userauth_request: invalid user docker [preauth]
Oct 15 13:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13750]: pam_unix(cron:session): session closed for user root
Oct 15 13:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: Failed password for invalid user docker from 165.22.200.57 port 41706 ssh2
Oct 15 13:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17449]: Connection closed by 165.22.200.57 port 41706 [preauth]
Oct 15 13:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17212]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Invalid user git from 107.175.209.254
Oct 15 13:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: input_userauth_request: invalid user git [preauth]
Oct 15 13:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Failed password for invalid user git from 107.175.209.254 port 54766 ssh2
Oct 15 13:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Received disconnect from 107.175.209.254 port 54766:11: Bye Bye [preauth]
Oct 15 13:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Disconnected from 107.175.209.254 port 54766 [preauth]
Oct 15 13:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16135]: pam_unix(cron:session): session closed for user root
Oct 15 13:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: Invalid user docker from 165.22.200.57
Oct 15 13:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: input_userauth_request: invalid user docker [preauth]
Oct 15 13:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: Failed password for invalid user docker from 165.22.200.57 port 52156 ssh2
Oct 15 13:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17625]: Connection closed by 165.22.200.57 port 52156 [preauth]
Oct 15 13:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12  user=root
Oct 15 13:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: Failed password for root from 27.254.235.12 port 50444 ssh2
Oct 15 13:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: Received disconnect from 27.254.235.12 port 50444:11: Bye Bye [preauth]
Oct 15 13:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17646]: Disconnected from 27.254.235.12 port 50444 [preauth]
Oct 15 13:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17694]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17693]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17689]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17666]: Connection closed by 14.103.18.123 port 57472 [preauth]
Oct 15 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17819]: Successful su for rubyman by root
Oct 15 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17819]: + ??? root:rubyman
Oct 15 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17819]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417863 of user rubyman.
Oct 15 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17819]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417863.
Oct 15 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: Invalid user support from 78.128.112.74
Oct 15 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: input_userauth_request: invalid user support [preauth]
Oct 15 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.128.112.74
Oct 15 13:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: Failed password for invalid user support from 78.128.112.74 port 33478 ssh2
Oct 15 13:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17801]: Connection closed by 78.128.112.74 port 33478 [preauth]
Oct 15 13:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14620]: pam_unix(cron:session): session closed for user root
Oct 15 13:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Invalid user auction from 82.115.24.11
Oct 15 13:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: input_userauth_request: invalid user auction [preauth]
Oct 15 13:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 13:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Failed password for invalid user auction from 82.115.24.11 port 32794 ssh2
Oct 15 13:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Received disconnect from 82.115.24.11 port 32794:11: Bye Bye [preauth]
Oct 15 13:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Disconnected from 82.115.24.11 port 32794 [preauth]
Oct 15 13:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17692]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Invalid user redis from 165.22.200.57
Oct 15 13:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: input_userauth_request: invalid user redis [preauth]
Oct 15 13:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Failed password for invalid user redis from 165.22.200.57 port 56792 ssh2
Oct 15 13:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Connection closed by 165.22.200.57 port 56792 [preauth]
Oct 15 13:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18267]: Invalid user j from 211.253.9.49
Oct 15 13:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18267]: input_userauth_request: invalid user j [preauth]
Oct 15 13:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18267]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18267]: Failed password for invalid user j from 211.253.9.49 port 58510 ssh2
Oct 15 13:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18267]: Received disconnect from 211.253.9.49 port 58510:11: Bye Bye [preauth]
Oct 15 13:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18267]: Disconnected from 211.253.9.49 port 58510 [preauth]
Oct 15 13:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16728]: pam_unix(cron:session): session closed for user root
Oct 15 13:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: Invalid user redis from 107.175.209.254
Oct 15 13:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: input_userauth_request: invalid user redis [preauth]
Oct 15 13:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: Failed password for invalid user redis from 107.175.209.254 port 58670 ssh2
Oct 15 13:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: Received disconnect from 107.175.209.254 port 58670:11: Bye Bye [preauth]
Oct 15 13:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: Disconnected from 107.175.209.254 port 58670 [preauth]
Oct 15 13:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18448]: Invalid user steam from 52.224.240.74
Oct 15 13:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18448]: input_userauth_request: invalid user steam [preauth]
Oct 15 13:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18448]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: Invalid user redis from 165.22.200.57
Oct 15 13:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: input_userauth_request: invalid user redis [preauth]
Oct 15 13:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18448]: Failed password for invalid user steam from 52.224.240.74 port 35758 ssh2
Oct 15 13:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18448]: Received disconnect from 52.224.240.74 port 35758:11: Bye Bye [preauth]
Oct 15 13:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18448]: Disconnected from 52.224.240.74 port 35758 [preauth]
Oct 15 13:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: Failed password for invalid user redis from 165.22.200.57 port 54366 ssh2
Oct 15 13:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: Connection closed by 165.22.200.57 port 54366 [preauth]
Oct 15 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18479]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18478]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18476]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18561]: Successful su for rubyman by root
Oct 15 13:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18561]: + ??? root:rubyman
Oct 15 13:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417867 of user rubyman.
Oct 15 13:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18561]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417867.
Oct 15 13:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15183]: pam_unix(cron:session): session closed for user root
Oct 15 13:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12  user=root
Oct 15 13:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18769]: Connection closed by 14.103.18.123 port 47724 [preauth]
Oct 15 13:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18477]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: Failed password for root from 27.254.235.12 port 54092 ssh2
Oct 15 13:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: Received disconnect from 27.254.235.12 port 54092:11: Bye Bye [preauth]
Oct 15 13:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: Disconnected from 27.254.235.12 port 54092 [preauth]
Oct 15 13:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: Invalid user redis from 165.22.200.57
Oct 15 13:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: input_userauth_request: invalid user redis [preauth]
Oct 15 13:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: Failed password for invalid user redis from 165.22.200.57 port 39162 ssh2
Oct 15 13:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18842]: Connection closed by 165.22.200.57 port 39162 [preauth]
Oct 15 13:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11  user=root
Oct 15 13:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: Failed password for root from 82.115.24.11 port 35442 ssh2
Oct 15 13:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: Received disconnect from 82.115.24.11 port 35442:11: Bye Bye [preauth]
Oct 15 13:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: Disconnected from 82.115.24.11 port 35442 [preauth]
Oct 15 13:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17215]: pam_unix(cron:session): session closed for user root
Oct 15 13:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19081]: Invalid user redis from 165.22.200.57
Oct 15 13:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19081]: input_userauth_request: invalid user redis [preauth]
Oct 15 13:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19081]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19093]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19092]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19091]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19089]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19093]: pam_unix(cron:session): session closed for user root
Oct 15 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19087]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19081]: Failed password for invalid user redis from 165.22.200.57 port 49122 ssh2
Oct 15 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19081]: Connection closed by 165.22.200.57 port 49122 [preauth]
Oct 15 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19181]: Successful su for rubyman by root
Oct 15 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19181]: + ??? root:rubyman
Oct 15 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417874 of user rubyman.
Oct 15 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19181]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417874.
Oct 15 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19178]: Invalid user hyper from 211.253.9.49
Oct 15 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19178]: input_userauth_request: invalid user hyper [preauth]
Oct 15 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19178]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19178]: Failed password for invalid user hyper from 211.253.9.49 port 46761 ssh2
Oct 15 13:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19178]: Received disconnect from 211.253.9.49 port 46761:11: Bye Bye [preauth]
Oct 15 13:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19178]: Disconnected from 211.253.9.49 port 46761 [preauth]
Oct 15 13:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19089]: pam_unix(cron:session): session closed for user root
Oct 15 13:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15662]: pam_unix(cron:session): session closed for user root
Oct 15 13:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: Invalid user frappe from 107.175.209.254
Oct 15 13:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: input_userauth_request: invalid user frappe [preauth]
Oct 15 13:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: Failed password for invalid user frappe from 107.175.209.254 port 44590 ssh2
Oct 15 13:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: Received disconnect from 107.175.209.254 port 44590:11: Bye Bye [preauth]
Oct 15 13:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19690]: Disconnected from 107.175.209.254 port 44590 [preauth]
Oct 15 13:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19088]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: Invalid user redis from 165.22.200.57
Oct 15 13:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: input_userauth_request: invalid user redis [preauth]
Oct 15 13:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: Failed password for invalid user redis from 165.22.200.57 port 45046 ssh2
Oct 15 13:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: Connection closed by 165.22.200.57 port 45046 [preauth]
Oct 15 13:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17694]: pam_unix(cron:session): session closed for user root
Oct 15 13:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11  user=root
Oct 15 13:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Invalid user asw from 52.224.240.74
Oct 15 13:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: input_userauth_request: invalid user asw [preauth]
Oct 15 13:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: Failed password for root from 82.115.24.11 port 51482 ssh2
Oct 15 13:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: Received disconnect from 82.115.24.11 port 51482:11: Bye Bye [preauth]
Oct 15 13:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19915]: Disconnected from 82.115.24.11 port 51482 [preauth]
Oct 15 13:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Failed password for invalid user asw from 52.224.240.74 port 45118 ssh2
Oct 15 13:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Received disconnect from 52.224.240.74 port 45118:11: Bye Bye [preauth]
Oct 15 13:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19917]: Disconnected from 52.224.240.74 port 45118 [preauth]
Oct 15 13:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: Invalid user els from 27.254.235.12
Oct 15 13:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: input_userauth_request: invalid user els [preauth]
Oct 15 13:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 13:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: Failed password for invalid user els from 27.254.235.12 port 57736 ssh2
Oct 15 13:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: Received disconnect from 27.254.235.12 port 57736:11: Bye Bye [preauth]
Oct 15 13:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: Disconnected from 27.254.235.12 port 57736 [preauth]
Oct 15 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19962]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19965]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19958]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20056]: Successful su for rubyman by root
Oct 15 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20056]: + ??? root:rubyman
Oct 15 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417878 of user rubyman.
Oct 15 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20056]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417878.
Oct 15 13:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20247]: Invalid user redis from 165.22.200.57
Oct 15 13:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20247]: input_userauth_request: invalid user redis [preauth]
Oct 15 13:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20247]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20247]: Failed password for invalid user redis from 165.22.200.57 port 47346 ssh2
Oct 15 13:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20247]: Connection closed by 165.22.200.57 port 47346 [preauth]
Oct 15 13:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16134]: pam_unix(cron:session): session closed for user root
Oct 15 13:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19961]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49  user=root
Oct 15 13:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: Failed password for root from 211.253.9.49 port 35014 ssh2
Oct 15 13:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: Received disconnect from 211.253.9.49 port 35014:11: Bye Bye [preauth]
Oct 15 13:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: Disconnected from 211.253.9.49 port 35014 [preauth]
Oct 15 13:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18479]: pam_unix(cron:session): session closed for user root
Oct 15 13:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: Invalid user redis from 165.22.200.57
Oct 15 13:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: input_userauth_request: invalid user redis [preauth]
Oct 15 13:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 15 13:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: Failed password for invalid user redis from 165.22.200.57 port 59838 ssh2
Oct 15 13:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: Connection closed by 165.22.200.57 port 59838 [preauth]
Oct 15 13:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: Invalid user free from 107.175.209.254
Oct 15 13:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: input_userauth_request: invalid user free [preauth]
Oct 15 13:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20448]: Failed password for root from 185.156.73.233 port 55524 ssh2
Oct 15 13:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20448]: Connection closed by 185.156.73.233 port 55524 [preauth]
Oct 15 13:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: Failed password for invalid user free from 107.175.209.254 port 59606 ssh2
Oct 15 13:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: Received disconnect from 107.175.209.254 port 59606:11: Bye Bye [preauth]
Oct 15 13:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20456]: Disconnected from 107.175.209.254 port 59606 [preauth]
Oct 15 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20504]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20508]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20509]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20503]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20503]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20576]: Successful su for rubyman by root
Oct 15 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20576]: + ??? root:rubyman
Oct 15 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417882 of user rubyman.
Oct 15 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20576]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417882.
Oct 15 13:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: Invalid user ftpuser from 82.115.24.11
Oct 15 13:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 13:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 13:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: Failed password for invalid user ftpuser from 82.115.24.11 port 33804 ssh2
Oct 15 13:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: Received disconnect from 82.115.24.11 port 33804:11: Bye Bye [preauth]
Oct 15 13:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20655]: Disconnected from 82.115.24.11 port 33804 [preauth]
Oct 15 13:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16727]: pam_unix(cron:session): session closed for user root
Oct 15 13:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20504]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20833]: Invalid user redis from 165.22.200.57
Oct 15 13:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20833]: input_userauth_request: invalid user redis [preauth]
Oct 15 13:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20833]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20833]: Failed password for invalid user redis from 165.22.200.57 port 51786 ssh2
Oct 15 13:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20833]: Connection closed by 165.22.200.57 port 51786 [preauth]
Oct 15 13:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20843]: Invalid user mm from 27.254.235.12
Oct 15 13:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20843]: input_userauth_request: invalid user mm [preauth]
Oct 15 13:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20843]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 13:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20843]: Failed password for invalid user mm from 27.254.235.12 port 33150 ssh2
Oct 15 13:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20843]: Received disconnect from 27.254.235.12 port 33150:11: Bye Bye [preauth]
Oct 15 13:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20843]: Disconnected from 27.254.235.12 port 33150 [preauth]
Oct 15 13:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19092]: pam_unix(cron:session): session closed for user root
Oct 15 13:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20952]: Invalid user ubuntu from 52.224.240.74
Oct 15 13:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20952]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 13:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20952]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20952]: Failed password for invalid user ubuntu from 52.224.240.74 port 56382 ssh2
Oct 15 13:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20952]: Received disconnect from 52.224.240.74 port 56382:11: Bye Bye [preauth]
Oct 15 13:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20952]: Disconnected from 52.224.240.74 port 56382 [preauth]
Oct 15 13:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: Invalid user redis from 165.22.200.57
Oct 15 13:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: input_userauth_request: invalid user redis [preauth]
Oct 15 13:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: Failed password for invalid user redis from 165.22.200.57 port 55232 ssh2
Oct 15 13:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: Connection closed by 165.22.200.57 port 55232 [preauth]
Oct 15 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20974]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20973]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20970]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21048]: Successful su for rubyman by root
Oct 15 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21048]: + ??? root:rubyman
Oct 15 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417885 of user rubyman.
Oct 15 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21048]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417885.
Oct 15 13:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: Invalid user jordi from 14.103.18.123
Oct 15 13:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: input_userauth_request: invalid user jordi [preauth]
Oct 15 13:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.18.123
Oct 15 13:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: Failed password for invalid user jordi from 14.103.18.123 port 35996 ssh2
Oct 15 13:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: Received disconnect from 14.103.18.123 port 35996:11: Bye Bye [preauth]
Oct 15 13:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: Disconnected from 14.103.18.123 port 35996 [preauth]
Oct 15 13:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17213]: pam_unix(cron:session): session closed for user root
Oct 15 13:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49  user=root
Oct 15 13:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20971]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: Failed password for root from 211.253.9.49 port 51504 ssh2
Oct 15 13:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: Received disconnect from 211.253.9.49 port 51504:11: Bye Bye [preauth]
Oct 15 13:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: Disconnected from 211.253.9.49 port 51504 [preauth]
Oct 15 13:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: Invalid user pc from 107.175.209.254
Oct 15 13:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: input_userauth_request: invalid user pc [preauth]
Oct 15 13:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: Failed password for invalid user pc from 107.175.209.254 port 41794 ssh2
Oct 15 13:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: Received disconnect from 107.175.209.254 port 41794:11: Bye Bye [preauth]
Oct 15 13:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21310]: Disconnected from 107.175.209.254 port 41794 [preauth]
Oct 15 13:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11  user=root
Oct 15 13:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: Failed password for root from 82.115.24.11 port 43346 ssh2
Oct 15 13:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: Received disconnect from 82.115.24.11 port 43346:11: Bye Bye [preauth]
Oct 15 13:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21323]: Disconnected from 82.115.24.11 port 43346 [preauth]
Oct 15 13:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: Invalid user mongodb from 165.22.200.57
Oct 15 13:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: input_userauth_request: invalid user mongodb [preauth]
Oct 15 13:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: Failed password for invalid user mongodb from 165.22.200.57 port 58010 ssh2
Oct 15 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: Connection closed by 165.22.200.57 port 58010 [preauth]
Oct 15 13:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19965]: pam_unix(cron:session): session closed for user root
Oct 15 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21501]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21502]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21497]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21499]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12  user=root
Oct 15 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21684]: Successful su for rubyman by root
Oct 15 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21684]: + ??? root:rubyman
Oct 15 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417889 of user rubyman.
Oct 15 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21684]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417889.
Oct 15 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21497]: pam_unix(cron:session): session closed for user root
Oct 15 13:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: Failed password for root from 27.254.235.12 port 36812 ssh2
Oct 15 13:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: Received disconnect from 27.254.235.12 port 36812:11: Bye Bye [preauth]
Oct 15 13:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: Disconnected from 27.254.235.12 port 36812 [preauth]
Oct 15 13:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21765]: Invalid user mongodb from 165.22.200.57
Oct 15 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21765]: input_userauth_request: invalid user mongodb [preauth]
Oct 15 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21765]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21765]: Failed password for invalid user mongodb from 165.22.200.57 port 45300 ssh2
Oct 15 13:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21765]: Connection closed by 165.22.200.57 port 45300 [preauth]
Oct 15 13:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17693]: pam_unix(cron:session): session closed for user root
Oct 15 13:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21500]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20509]: pam_unix(cron:session): session closed for user root
Oct 15 13:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22017]: Invalid user mongodb from 165.22.200.57
Oct 15 13:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22017]: input_userauth_request: invalid user mongodb [preauth]
Oct 15 13:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22017]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22017]: Failed password for invalid user mongodb from 165.22.200.57 port 40850 ssh2
Oct 15 13:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22017]: Connection closed by 165.22.200.57 port 40850 [preauth]
Oct 15 13:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22041]: Invalid user sa from 82.115.24.11
Oct 15 13:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22041]: input_userauth_request: invalid user sa [preauth]
Oct 15 13:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22041]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 13:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22041]: Failed password for invalid user sa from 82.115.24.11 port 33228 ssh2
Oct 15 13:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22041]: Received disconnect from 82.115.24.11 port 33228:11: Bye Bye [preauth]
Oct 15 13:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22041]: Disconnected from 82.115.24.11 port 33228 [preauth]
Oct 15 13:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22068]: Invalid user ftpuser from 211.253.9.49
Oct 15 13:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22068]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 13:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22068]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: Invalid user minecraft from 107.175.209.254
Oct 15 13:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: input_userauth_request: invalid user minecraft [preauth]
Oct 15 13:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22068]: Failed password for invalid user ftpuser from 211.253.9.49 port 39762 ssh2
Oct 15 13:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22068]: Received disconnect from 211.253.9.49 port 39762:11: Bye Bye [preauth]
Oct 15 13:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22068]: Disconnected from 211.253.9.49 port 39762 [preauth]
Oct 15 13:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: Failed password for invalid user minecraft from 107.175.209.254 port 59646 ssh2
Oct 15 13:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: Received disconnect from 107.175.209.254 port 59646:11: Bye Bye [preauth]
Oct 15 13:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22070]: Disconnected from 107.175.209.254 port 59646 [preauth]
Oct 15 13:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: Invalid user rramirez from 52.224.240.74
Oct 15 13:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: input_userauth_request: invalid user rramirez [preauth]
Oct 15 13:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22095]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22096]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22092]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22093]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22090]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22096]: pam_unix(cron:session): session closed for user root
Oct 15 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22090]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: Failed password for invalid user rramirez from 52.224.240.74 port 50088 ssh2
Oct 15 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: Received disconnect from 52.224.240.74 port 50088:11: Bye Bye [preauth]
Oct 15 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22086]: Disconnected from 52.224.240.74 port 50088 [preauth]
Oct 15 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22196]: Successful su for rubyman by root
Oct 15 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22196]: + ??? root:rubyman
Oct 15 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417895 of user rubyman.
Oct 15 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22196]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417895.
Oct 15 13:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22092]: pam_unix(cron:session): session closed for user root
Oct 15 13:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18478]: pam_unix(cron:session): session closed for user root
Oct 15 13:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: Invalid user mongodb from 165.22.200.57
Oct 15 13:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: input_userauth_request: invalid user mongodb [preauth]
Oct 15 13:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: Failed password for invalid user mongodb from 165.22.200.57 port 39358 ssh2
Oct 15 13:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: Connection closed by 165.22.200.57 port 39358 [preauth]
Oct 15 13:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22091]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Invalid user j from 27.254.235.12
Oct 15 13:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: input_userauth_request: invalid user j [preauth]
Oct 15 13:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 13:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Failed password for invalid user j from 27.254.235.12 port 40452 ssh2
Oct 15 13:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Received disconnect from 27.254.235.12 port 40452:11: Bye Bye [preauth]
Oct 15 13:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22505]: Disconnected from 27.254.235.12 port 40452 [preauth]
Oct 15 13:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20974]: pam_unix(cron:session): session closed for user root
Oct 15 13:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: Invalid user mongodb from 165.22.200.57
Oct 15 13:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: input_userauth_request: invalid user mongodb [preauth]
Oct 15 13:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: Failed password for invalid user mongodb from 165.22.200.57 port 53214 ssh2
Oct 15 13:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22595]: Connection closed by 165.22.200.57 port 53214 [preauth]
Oct 15 13:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11  user=root
Oct 15 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22624]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22625]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22621]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22621]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: Failed password for root from 82.115.24.11 port 47098 ssh2
Oct 15 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: Received disconnect from 82.115.24.11 port 47098:11: Bye Bye [preauth]
Oct 15 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: Disconnected from 82.115.24.11 port 47098 [preauth]
Oct 15 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22914]: Successful su for rubyman by root
Oct 15 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22914]: + ??? root:rubyman
Oct 15 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417902 of user rubyman.
Oct 15 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22914]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417902.
Oct 15 13:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19091]: pam_unix(cron:session): session closed for user root
Oct 15 13:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22623]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23386]: Invalid user mongodb from 165.22.200.57
Oct 15 13:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23386]: input_userauth_request: invalid user mongodb [preauth]
Oct 15 13:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23386]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23386]: Failed password for invalid user mongodb from 165.22.200.57 port 45362 ssh2
Oct 15 13:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23386]: Connection closed by 165.22.200.57 port 45362 [preauth]
Oct 15 13:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254  user=root
Oct 15 13:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Failed password for root from 107.175.209.254 port 36648 ssh2
Oct 15 13:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Received disconnect from 107.175.209.254 port 36648:11: Bye Bye [preauth]
Oct 15 13:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Disconnected from 107.175.209.254 port 36648 [preauth]
Oct 15 13:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: Invalid user monit from 211.253.9.49
Oct 15 13:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: input_userauth_request: invalid user monit [preauth]
Oct 15 13:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: Failed password for invalid user monit from 211.253.9.49 port 56250 ssh2
Oct 15 13:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: Received disconnect from 211.253.9.49 port 56250:11: Bye Bye [preauth]
Oct 15 13:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: Disconnected from 211.253.9.49 port 56250 [preauth]
Oct 15 13:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21502]: pam_unix(cron:session): session closed for user root
Oct 15 13:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23803]: Invalid user mongodb from 165.22.200.57
Oct 15 13:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23803]: input_userauth_request: invalid user mongodb [preauth]
Oct 15 13:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23803]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23803]: Failed password for invalid user mongodb from 165.22.200.57 port 47750 ssh2
Oct 15 13:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23803]: Connection closed by 165.22.200.57 port 47750 [preauth]
Oct 15 13:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23806]: Invalid user steam from 27.254.235.12
Oct 15 13:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23806]: input_userauth_request: invalid user steam [preauth]
Oct 15 13:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23806]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 13:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23806]: Failed password for invalid user steam from 27.254.235.12 port 44092 ssh2
Oct 15 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23824]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23820]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23817]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23806]: Received disconnect from 27.254.235.12 port 44092:11: Bye Bye [preauth]
Oct 15 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23806]: Disconnected from 27.254.235.12 port 44092 [preauth]
Oct 15 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23893]: Successful su for rubyman by root
Oct 15 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23893]: + ??? root:rubyman
Oct 15 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417904 of user rubyman.
Oct 15 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23893]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417904.
Oct 15 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74  user=root
Oct 15 13:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: Failed password for root from 52.224.240.74 port 43792 ssh2
Oct 15 13:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: Received disconnect from 52.224.240.74 port 43792:11: Bye Bye [preauth]
Oct 15 13:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: Disconnected from 52.224.240.74 port 43792 [preauth]
Oct 15 13:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19962]: pam_unix(cron:session): session closed for user root
Oct 15 13:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: Invalid user chenlei from 82.115.24.11
Oct 15 13:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: input_userauth_request: invalid user chenlei [preauth]
Oct 15 13:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 13:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: Failed password for invalid user chenlei from 82.115.24.11 port 46624 ssh2
Oct 15 13:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: Received disconnect from 82.115.24.11 port 46624:11: Bye Bye [preauth]
Oct 15 13:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: Disconnected from 82.115.24.11 port 46624 [preauth]
Oct 15 13:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23818]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: Invalid user mongodb from 165.22.200.57
Oct 15 13:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: input_userauth_request: invalid user mongodb [preauth]
Oct 15 13:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: Failed password for invalid user mongodb from 165.22.200.57 port 58896 ssh2
Oct 15 13:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: Connection closed by 165.22.200.57 port 58896 [preauth]
Oct 15 13:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22095]: pam_unix(cron:session): session closed for user root
Oct 15 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24336]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24334]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24332]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: Invalid user dmdba from 107.175.209.254
Oct 15 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: input_userauth_request: invalid user dmdba [preauth]
Oct 15 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24428]: Successful su for rubyman by root
Oct 15 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24428]: + ??? root:rubyman
Oct 15 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417910 of user rubyman.
Oct 15 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24428]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417910.
Oct 15 13:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24425]: Invalid user mongodb from 165.22.200.57
Oct 15 13:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24425]: input_userauth_request: invalid user mongodb [preauth]
Oct 15 13:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24425]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: Failed password for invalid user dmdba from 107.175.209.254 port 60168 ssh2
Oct 15 13:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: Received disconnect from 107.175.209.254 port 60168:11: Bye Bye [preauth]
Oct 15 13:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: Disconnected from 107.175.209.254 port 60168 [preauth]
Oct 15 13:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24425]: Failed password for invalid user mongodb from 165.22.200.57 port 33740 ssh2
Oct 15 13:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24425]: Connection closed by 165.22.200.57 port 33740 [preauth]
Oct 15 13:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: Invalid user xiaobin from 211.253.9.49
Oct 15 13:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: input_userauth_request: invalid user xiaobin [preauth]
Oct 15 13:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: Failed password for invalid user xiaobin from 211.253.9.49 port 44511 ssh2
Oct 15 13:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: Received disconnect from 211.253.9.49 port 44511:11: Bye Bye [preauth]
Oct 15 13:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24506]: Disconnected from 211.253.9.49 port 44511 [preauth]
Oct 15 13:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20508]: pam_unix(cron:session): session closed for user root
Oct 15 13:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24333]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11  user=root
Oct 15 13:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12  user=root
Oct 15 13:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: Failed password for root from 82.115.24.11 port 51550 ssh2
Oct 15 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: Failed password for root from 27.254.235.12 port 47744 ssh2
Oct 15 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: Received disconnect from 82.115.24.11 port 51550:11: Bye Bye [preauth]
Oct 15 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24720]: Disconnected from 82.115.24.11 port 51550 [preauth]
Oct 15 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: Received disconnect from 27.254.235.12 port 47744:11: Bye Bye [preauth]
Oct 15 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: Disconnected from 27.254.235.12 port 47744 [preauth]
Oct 15 13:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Invalid user apache from 165.22.200.57
Oct 15 13:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: input_userauth_request: invalid user apache [preauth]
Oct 15 13:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Failed password for invalid user apache from 165.22.200.57 port 40854 ssh2
Oct 15 13:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24771]: Connection closed by 165.22.200.57 port 40854 [preauth]
Oct 15 13:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22625]: pam_unix(cron:session): session closed for user root
Oct 15 13:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24809]: Invalid user nginx from 121.41.37.60
Oct 15 13:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24809]: input_userauth_request: invalid user nginx [preauth]
Oct 15 13:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24715]: Connection reset by 121.41.37.60 port 38868 [preauth]
Oct 15 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24863]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24862]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24859]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24856]: Connection reset by 121.41.37.60 port 46814 [preauth]
Oct 15 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24827]: Connection reset by 121.41.37.60 port 54714 [preauth]
Oct 15 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24930]: Successful su for rubyman by root
Oct 15 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24930]: + ??? root:rubyman
Oct 15 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24930]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417912 of user rubyman.
Oct 15 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[24930]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417912.
Oct 15 13:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: Invalid user traefik from 52.224.240.74
Oct 15 13:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: input_userauth_request: invalid user traefik [preauth]
Oct 15 13:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: Connection reset by 121.41.37.60 port 46802 [preauth]
Oct 15 13:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: Failed password for invalid user traefik from 52.224.240.74 port 59024 ssh2
Oct 15 13:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: Received disconnect from 52.224.240.74 port 59024:11: Bye Bye [preauth]
Oct 15 13:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: Disconnected from 52.224.240.74 port 59024 [preauth]
Oct 15 13:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20973]: pam_unix(cron:session): session closed for user root
Oct 15 13:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25151]: Invalid user apache from 165.22.200.57
Oct 15 13:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25151]: input_userauth_request: invalid user apache [preauth]
Oct 15 13:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24809]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.41.37.60
Oct 15 13:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25151]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24809]: Failed password for invalid user nginx from 121.41.37.60 port 54700 ssh2
Oct 15 13:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24809]: Connection closed by 121.41.37.60 port 54700 [preauth]
Oct 15 13:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25151]: Failed password for invalid user apache from 165.22.200.57 port 43824 ssh2
Oct 15 13:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25151]: Connection closed by 165.22.200.57 port 43824 [preauth]
Oct 15 13:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24861]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23824]: pam_unix(cron:session): session closed for user root
Oct 15 13:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49  user=root
Oct 15 13:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: Invalid user egarcia from 107.175.209.254
Oct 15 13:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: input_userauth_request: invalid user egarcia [preauth]
Oct 15 13:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25532]: Failed password for root from 211.253.9.49 port 60999 ssh2
Oct 15 13:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25532]: Received disconnect from 211.253.9.49 port 60999:11: Bye Bye [preauth]
Oct 15 13:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25532]: Disconnected from 211.253.9.49 port 60999 [preauth]
Oct 15 13:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: Failed password for invalid user egarcia from 107.175.209.254 port 57622 ssh2
Oct 15 13:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: Received disconnect from 107.175.209.254 port 57622:11: Bye Bye [preauth]
Oct 15 13:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25537]: Disconnected from 107.175.209.254 port 57622 [preauth]
Oct 15 13:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25550]: Invalid user ftpuser from 82.115.24.11
Oct 15 13:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25550]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 13:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25550]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 13:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: Invalid user apache from 165.22.200.57
Oct 15 13:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: input_userauth_request: invalid user apache [preauth]
Oct 15 13:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25550]: Failed password for invalid user ftpuser from 82.115.24.11 port 58090 ssh2
Oct 15 13:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25550]: Received disconnect from 82.115.24.11 port 58090:11: Bye Bye [preauth]
Oct 15 13:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25550]: Disconnected from 82.115.24.11 port 58090 [preauth]
Oct 15 13:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: Failed password for invalid user apache from 165.22.200.57 port 54474 ssh2
Oct 15 13:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: Connection closed by 165.22.200.57 port 54474 [preauth]
Oct 15 13:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: Invalid user tanulo from 27.254.235.12
Oct 15 13:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: input_userauth_request: invalid user tanulo [preauth]
Oct 15 13:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 13:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: Failed password for invalid user tanulo from 27.254.235.12 port 51388 ssh2
Oct 15 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: Received disconnect from 27.254.235.12 port 51388:11: Bye Bye [preauth]
Oct 15 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: Disconnected from 27.254.235.12 port 51388 [preauth]
Oct 15 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25604]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25606]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25605]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25603]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25606]: pam_unix(cron:session): session closed for user root
Oct 15 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25601]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25607]: Invalid user ftpuser from 80.94.95.115
Oct 15 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25607]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25607]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Oct 15 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25681]: Successful su for rubyman by root
Oct 15 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25681]: + ??? root:rubyman
Oct 15 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417920 of user rubyman.
Oct 15 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25681]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417920.
Oct 15 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25607]: Failed password for invalid user ftpuser from 80.94.95.115 port 19462 ssh2
Oct 15 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25607]: Connection closed by 80.94.95.115 port 19462 [preauth]
Oct 15 13:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25603]: pam_unix(cron:session): session closed for user root
Oct 15 13:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21501]: pam_unix(cron:session): session closed for user root
Oct 15 13:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25602]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Invalid user apache from 165.22.200.57
Oct 15 13:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: input_userauth_request: invalid user apache [preauth]
Oct 15 13:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Failed password for invalid user apache from 165.22.200.57 port 44772 ssh2
Oct 15 13:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Connection closed by 165.22.200.57 port 44772 [preauth]
Oct 15 13:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24336]: pam_unix(cron:session): session closed for user root
Oct 15 13:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: Invalid user apache from 165.22.200.57
Oct 15 13:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: input_userauth_request: invalid user apache [preauth]
Oct 15 13:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: Failed password for invalid user apache from 165.22.200.57 port 51398 ssh2
Oct 15 13:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: Connection closed by 165.22.200.57 port 51398 [preauth]
Oct 15 13:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11  user=root
Oct 15 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26207]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26206]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26204]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: Failed password for root from 82.115.24.11 port 40522 ssh2
Oct 15 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: Received disconnect from 82.115.24.11 port 40522:11: Bye Bye [preauth]
Oct 15 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26199]: Disconnected from 82.115.24.11 port 40522 [preauth]
Oct 15 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26288]: Successful su for rubyman by root
Oct 15 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26288]: + ??? root:rubyman
Oct 15 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417923 of user rubyman.
Oct 15 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26288]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417923.
Oct 15 13:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74  user=root
Oct 15 13:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22093]: pam_unix(cron:session): session closed for user root
Oct 15 13:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: Failed password for root from 52.224.240.74 port 52490 ssh2
Oct 15 13:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: Received disconnect from 52.224.240.74 port 52490:11: Bye Bye [preauth]
Oct 15 13:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: Disconnected from 52.224.240.74 port 52490 [preauth]
Oct 15 13:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: Invalid user eacsaci from 211.253.9.49
Oct 15 13:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: input_userauth_request: invalid user eacsaci [preauth]
Oct 15 13:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26599]: Invalid user luke from 107.175.209.254
Oct 15 13:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26599]: input_userauth_request: invalid user luke [preauth]
Oct 15 13:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26599]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: Failed password for invalid user eacsaci from 211.253.9.49 port 49255 ssh2
Oct 15 13:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: Received disconnect from 211.253.9.49 port 49255:11: Bye Bye [preauth]
Oct 15 13:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: Disconnected from 211.253.9.49 port 49255 [preauth]
Oct 15 13:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26599]: Failed password for invalid user luke from 107.175.209.254 port 42170 ssh2
Oct 15 13:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26599]: Received disconnect from 107.175.209.254 port 42170:11: Bye Bye [preauth]
Oct 15 13:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26599]: Disconnected from 107.175.209.254 port 42170 [preauth]
Oct 15 13:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26205]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12  user=root
Oct 15 13:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26663]: Invalid user apache from 165.22.200.57
Oct 15 13:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26663]: input_userauth_request: invalid user apache [preauth]
Oct 15 13:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26663]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: Failed password for root from 27.254.235.12 port 55036 ssh2
Oct 15 13:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: Received disconnect from 27.254.235.12 port 55036:11: Bye Bye [preauth]
Oct 15 13:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26661]: Disconnected from 27.254.235.12 port 55036 [preauth]
Oct 15 13:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26663]: Failed password for invalid user apache from 165.22.200.57 port 53928 ssh2
Oct 15 13:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26663]: Connection closed by 165.22.200.57 port 53928 [preauth]
Oct 15 13:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24863]: pam_unix(cron:session): session closed for user root
Oct 15 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26833]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26832]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26823]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26823]: pam_unix(cron:session): session closed for user root
Oct 15 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26829]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26958]: Successful su for rubyman by root
Oct 15 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26958]: + ??? root:rubyman
Oct 15 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417929 of user rubyman.
Oct 15 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26958]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417929.
Oct 15 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: Invalid user apache from 165.22.200.57
Oct 15 13:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: input_userauth_request: invalid user apache [preauth]
Oct 15 13:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: Failed password for invalid user apache from 165.22.200.57 port 34746 ssh2
Oct 15 13:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26977]: Connection closed by 165.22.200.57 port 34746 [preauth]
Oct 15 13:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22624]: pam_unix(cron:session): session closed for user root
Oct 15 13:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27302]: Invalid user robby from 82.115.24.11
Oct 15 13:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27302]: input_userauth_request: invalid user robby [preauth]
Oct 15 13:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27302]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 13:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27302]: Failed password for invalid user robby from 82.115.24.11 port 45778 ssh2
Oct 15 13:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26831]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27302]: Received disconnect from 82.115.24.11 port 45778:11: Bye Bye [preauth]
Oct 15 13:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27302]: Disconnected from 82.115.24.11 port 45778 [preauth]
Oct 15 13:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: Invalid user apache from 165.22.200.57
Oct 15 13:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: input_userauth_request: invalid user apache [preauth]
Oct 15 13:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: Failed password for invalid user apache from 165.22.200.57 port 33534 ssh2
Oct 15 13:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27406]: Connection closed by 165.22.200.57 port 33534 [preauth]
Oct 15 13:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25605]: pam_unix(cron:session): session closed for user root
Oct 15 13:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27443]: Invalid user whz from 211.253.9.49
Oct 15 13:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27443]: input_userauth_request: invalid user whz [preauth]
Oct 15 13:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27443]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27443]: Failed password for invalid user whz from 211.253.9.49 port 37507 ssh2
Oct 15 13:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27443]: Received disconnect from 211.253.9.49 port 37507:11: Bye Bye [preauth]
Oct 15 13:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27443]: Disconnected from 211.253.9.49 port 37507 [preauth]
Oct 15 13:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254  user=root
Oct 15 13:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27455]: Failed password for root from 107.175.209.254 port 35214 ssh2
Oct 15 13:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27455]: Received disconnect from 107.175.209.254 port 35214:11: Bye Bye [preauth]
Oct 15 13:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27455]: Disconnected from 107.175.209.254 port 35214 [preauth]
Oct 15 13:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27512]: Invalid user ubuntu from 27.254.235.12
Oct 15 13:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27512]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 13:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27512]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 13:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27512]: Failed password for invalid user ubuntu from 27.254.235.12 port 58678 ssh2
Oct 15 13:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27512]: Received disconnect from 27.254.235.12 port 58678:11: Bye Bye [preauth]
Oct 15 13:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27512]: Disconnected from 27.254.235.12 port 58678 [preauth]
Oct 15 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27520]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27519]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27517]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27880]: Successful su for rubyman by root
Oct 15 13:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27880]: + ??? root:rubyman
Oct 15 13:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417931 of user rubyman.
Oct 15 13:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[27880]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417931.
Oct 15 13:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23820]: pam_unix(cron:session): session closed for user root
Oct 15 13:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: Invalid user apache from 165.22.200.57
Oct 15 13:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: input_userauth_request: invalid user apache [preauth]
Oct 15 13:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28069]: Invalid user packer from 52.224.240.74
Oct 15 13:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28069]: input_userauth_request: invalid user packer [preauth]
Oct 15 13:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28069]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: Failed password for invalid user apache from 165.22.200.57 port 47546 ssh2
Oct 15 13:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28058]: Connection closed by 165.22.200.57 port 47546 [preauth]
Oct 15 13:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28069]: Failed password for invalid user packer from 52.224.240.74 port 37360 ssh2
Oct 15 13:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28069]: Received disconnect from 52.224.240.74 port 37360:11: Bye Bye [preauth]
Oct 15 13:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28069]: Disconnected from 52.224.240.74 port 37360 [preauth]
Oct 15 13:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27518]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11  user=root
Oct 15 13:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Failed password for root from 82.115.24.11 port 35750 ssh2
Oct 15 13:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Received disconnect from 82.115.24.11 port 35750:11: Bye Bye [preauth]
Oct 15 13:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Disconnected from 82.115.24.11 port 35750 [preauth]
Oct 15 13:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26207]: pam_unix(cron:session): session closed for user root
Oct 15 13:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: Invalid user nginx from 165.22.200.57
Oct 15 13:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: input_userauth_request: invalid user nginx [preauth]
Oct 15 13:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: Failed password for invalid user nginx from 165.22.200.57 port 51632 ssh2
Oct 15 13:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: Connection closed by 165.22.200.57 port 51632 [preauth]
Oct 15 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28289]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28288]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28285]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28368]: Successful su for rubyman by root
Oct 15 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28368]: + ??? root:rubyman
Oct 15 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28368]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417935 of user rubyman.
Oct 15 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28368]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417935.
Oct 15 13:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24334]: pam_unix(cron:session): session closed for user root
Oct 15 13:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49  user=root
Oct 15 13:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28841]: Invalid user admin from 107.175.209.254
Oct 15 13:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28841]: input_userauth_request: invalid user admin [preauth]
Oct 15 13:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28841]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: Failed password for root from 211.253.9.49 port 53995 ssh2
Oct 15 13:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: Received disconnect from 211.253.9.49 port 53995:11: Bye Bye [preauth]
Oct 15 13:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: Disconnected from 211.253.9.49 port 53995 [preauth]
Oct 15 13:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28287]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28841]: Failed password for invalid user admin from 107.175.209.254 port 54028 ssh2
Oct 15 13:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28841]: Received disconnect from 107.175.209.254 port 54028:11: Bye Bye [preauth]
Oct 15 13:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28841]: Disconnected from 107.175.209.254 port 54028 [preauth]
Oct 15 13:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: Invalid user nginx from 165.22.200.57
Oct 15 13:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: input_userauth_request: invalid user nginx [preauth]
Oct 15 13:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: Failed password for invalid user nginx from 165.22.200.57 port 44794 ssh2
Oct 15 13:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28886]: Connection closed by 165.22.200.57 port 44794 [preauth]
Oct 15 13:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12  user=root
Oct 15 13:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: Failed password for root from 27.254.235.12 port 34100 ssh2
Oct 15 13:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: Received disconnect from 27.254.235.12 port 34100:11: Bye Bye [preauth]
Oct 15 13:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: Disconnected from 27.254.235.12 port 34100 [preauth]
Oct 15 13:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26833]: pam_unix(cron:session): session closed for user root
Oct 15 13:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11  user=root
Oct 15 13:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29120]: Failed password for root from 82.115.24.11 port 41138 ssh2
Oct 15 13:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: Invalid user nginx from 165.22.200.57
Oct 15 13:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: input_userauth_request: invalid user nginx [preauth]
Oct 15 13:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29120]: Received disconnect from 82.115.24.11 port 41138:11: Bye Bye [preauth]
Oct 15 13:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29120]: Disconnected from 82.115.24.11 port 41138 [preauth]
Oct 15 13:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: Failed password for invalid user nginx from 165.22.200.57 port 59950 ssh2
Oct 15 13:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29125]: Connection closed by 165.22.200.57 port 59950 [preauth]
Oct 15 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29142]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29141]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29139]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29138]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29142]: pam_unix(cron:session): session closed for user root
Oct 15 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29136]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29239]: Successful su for rubyman by root
Oct 15 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29239]: + ??? root:rubyman
Oct 15 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417940 of user rubyman.
Oct 15 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29239]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417940.
Oct 15 13:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29138]: pam_unix(cron:session): session closed for user root
Oct 15 13:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24862]: pam_unix(cron:session): session closed for user root
Oct 15 13:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74  user=root
Oct 15 13:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: Failed password for root from 52.224.240.74 port 60170 ssh2
Oct 15 13:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: Received disconnect from 52.224.240.74 port 60170:11: Bye Bye [preauth]
Oct 15 13:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: Disconnected from 52.224.240.74 port 60170 [preauth]
Oct 15 13:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29137]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: Invalid user nginx from 165.22.200.57
Oct 15 13:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: input_userauth_request: invalid user nginx [preauth]
Oct 15 13:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: Failed password for invalid user nginx from 165.22.200.57 port 45888 ssh2
Oct 15 13:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29584]: Connection closed by 165.22.200.57 port 45888 [preauth]
Oct 15 13:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27520]: pam_unix(cron:session): session closed for user root
Oct 15 13:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: Invalid user rramirez from 211.253.9.49
Oct 15 13:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: input_userauth_request: invalid user rramirez [preauth]
Oct 15 13:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: Invalid user hyper from 107.175.209.254
Oct 15 13:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: input_userauth_request: invalid user hyper [preauth]
Oct 15 13:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: Failed password for invalid user rramirez from 211.253.9.49 port 42249 ssh2
Oct 15 13:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: Received disconnect from 211.253.9.49 port 42249:11: Bye Bye [preauth]
Oct 15 13:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: Disconnected from 211.253.9.49 port 42249 [preauth]
Oct 15 13:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: Failed password for invalid user hyper from 107.175.209.254 port 50406 ssh2
Oct 15 13:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: Received disconnect from 107.175.209.254 port 50406:11: Bye Bye [preauth]
Oct 15 13:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: Disconnected from 107.175.209.254 port 50406 [preauth]
Oct 15 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29693]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29692]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29690]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29784]: Successful su for rubyman by root
Oct 15 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29784]: + ??? root:rubyman
Oct 15 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417945 of user rubyman.
Oct 15 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29784]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417945.
Oct 15 13:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: Invalid user nginx from 165.22.200.57
Oct 15 13:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: input_userauth_request: invalid user nginx [preauth]
Oct 15 13:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: Failed password for invalid user nginx from 165.22.200.57 port 51424 ssh2
Oct 15 13:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: Connection closed by 165.22.200.57 port 51424 [preauth]
Oct 15 13:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25604]: pam_unix(cron:session): session closed for user root
Oct 15 13:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: Invalid user ftpuser from 27.254.235.12
Oct 15 13:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 13:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: Failed password for invalid user ftpuser from 27.254.235.12 port 37748 ssh2
Oct 15 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: Received disconnect from 27.254.235.12 port 37748:11: Bye Bye [preauth]
Oct 15 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30007]: Disconnected from 27.254.235.12 port 37748 [preauth]
Oct 15 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30028]: Invalid user ali from 82.115.24.11
Oct 15 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30028]: input_userauth_request: invalid user ali [preauth]
Oct 15 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30028]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 13:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29691]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30028]: Failed password for invalid user ali from 82.115.24.11 port 45444 ssh2
Oct 15 13:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30028]: Received disconnect from 82.115.24.11 port 45444:11: Bye Bye [preauth]
Oct 15 13:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30028]: Disconnected from 82.115.24.11 port 45444 [preauth]
Oct 15 13:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28289]: pam_unix(cron:session): session closed for user root
Oct 15 13:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: Invalid user nginx from 165.22.200.57
Oct 15 13:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: input_userauth_request: invalid user nginx [preauth]
Oct 15 13:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: Failed password for invalid user nginx from 165.22.200.57 port 33708 ssh2
Oct 15 13:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: Connection closed by 165.22.200.57 port 33708 [preauth]
Oct 15 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30225]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30226]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30223]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30306]: Successful su for rubyman by root
Oct 15 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30306]: + ??? root:rubyman
Oct 15 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30306]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417951 of user rubyman.
Oct 15 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30306]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417951.
Oct 15 13:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26206]: pam_unix(cron:session): session closed for user root
Oct 15 13:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Invalid user casino from 52.224.240.74
Oct 15 13:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: input_userauth_request: invalid user casino [preauth]
Oct 15 13:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: Invalid user nginx from 165.22.200.57
Oct 15 13:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: input_userauth_request: invalid user nginx [preauth]
Oct 15 13:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30224]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Failed password for invalid user casino from 52.224.240.74 port 51708 ssh2
Oct 15 13:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Received disconnect from 52.224.240.74 port 51708:11: Bye Bye [preauth]
Oct 15 13:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Disconnected from 52.224.240.74 port 51708 [preauth]
Oct 15 13:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: Failed password for invalid user nginx from 165.22.200.57 port 32978 ssh2
Oct 15 13:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: Connection closed by 165.22.200.57 port 32978 [preauth]
Oct 15 13:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254  user=root
Oct 15 13:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Invalid user user from 211.253.9.49
Oct 15 13:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: input_userauth_request: invalid user user [preauth]
Oct 15 13:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: Failed password for root from 107.175.209.254 port 34662 ssh2
Oct 15 13:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: Received disconnect from 107.175.209.254 port 34662:11: Bye Bye [preauth]
Oct 15 13:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: Disconnected from 107.175.209.254 port 34662 [preauth]
Oct 15 13:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Failed password for invalid user user from 211.253.9.49 port 58736 ssh2
Oct 15 13:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Received disconnect from 211.253.9.49 port 58736:11: Bye Bye [preauth]
Oct 15 13:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Disconnected from 211.253.9.49 port 58736 [preauth]
Oct 15 13:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Invalid user faisal from 82.115.24.11
Oct 15 13:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: input_userauth_request: invalid user faisal [preauth]
Oct 15 13:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 13:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Failed password for invalid user faisal from 82.115.24.11 port 36436 ssh2
Oct 15 13:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Received disconnect from 82.115.24.11 port 36436:11: Bye Bye [preauth]
Oct 15 13:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Disconnected from 82.115.24.11 port 36436 [preauth]
Oct 15 13:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: Invalid user admin from 194.0.234.93
Oct 15 13:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: input_userauth_request: invalid user admin [preauth]
Oct 15 13:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.93
Oct 15 13:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29141]: pam_unix(cron:session): session closed for user root
Oct 15 13:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: Failed password for invalid user admin from 194.0.234.93 port 26920 ssh2
Oct 15 13:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: Connection closed by 194.0.234.93 port 26920 [preauth]
Oct 15 13:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12  user=root
Oct 15 13:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30777]: Failed password for root from 27.254.235.12 port 41406 ssh2
Oct 15 13:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30777]: Received disconnect from 27.254.235.12 port 41406:11: Bye Bye [preauth]
Oct 15 13:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30777]: Disconnected from 27.254.235.12 port 41406 [preauth]
Oct 15 13:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: Invalid user nginx from 165.22.200.57
Oct 15 13:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: input_userauth_request: invalid user nginx [preauth]
Oct 15 13:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: Failed password for invalid user nginx from 165.22.200.57 port 34216 ssh2
Oct 15 13:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30801]: Connection closed by 165.22.200.57 port 34216 [preauth]
Oct 15 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30827]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30828]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30825]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30899]: Successful su for rubyman by root
Oct 15 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30899]: + ??? root:rubyman
Oct 15 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417953 of user rubyman.
Oct 15 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30899]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417953.
Oct 15 13:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26832]: pam_unix(cron:session): session closed for user root
Oct 15 13:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30826]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: Invalid user nginx from 165.22.200.57
Oct 15 13:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: input_userauth_request: invalid user nginx [preauth]
Oct 15 13:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: Failed password for invalid user nginx from 165.22.200.57 port 56160 ssh2
Oct 15 13:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31182]: Connection closed by 165.22.200.57 port 56160 [preauth]
Oct 15 13:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29693]: pam_unix(cron:session): session closed for user root
Oct 15 13:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: Invalid user ubuntu from 82.115.24.11
Oct 15 13:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 13:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 13:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: Failed password for invalid user ubuntu from 82.115.24.11 port 39560 ssh2
Oct 15 13:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: Received disconnect from 82.115.24.11 port 39560:11: Bye Bye [preauth]
Oct 15 13:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: Disconnected from 82.115.24.11 port 39560 [preauth]
Oct 15 13:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Invalid user openkm from 107.175.209.254
Oct 15 13:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: input_userauth_request: invalid user openkm [preauth]
Oct 15 13:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: Invalid user operator from 165.22.200.57
Oct 15 13:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: input_userauth_request: invalid user operator [preauth]
Oct 15 13:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Failed password for invalid user openkm from 107.175.209.254 port 37858 ssh2
Oct 15 13:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Received disconnect from 107.175.209.254 port 37858:11: Bye Bye [preauth]
Oct 15 13:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Disconnected from 107.175.209.254 port 37858 [preauth]
Oct 15 13:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: Failed password for invalid user operator from 165.22.200.57 port 34440 ssh2
Oct 15 13:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31293]: Connection closed by 165.22.200.57 port 34440 [preauth]
Oct 15 13:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49  user=root
Oct 15 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31311]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31310]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31308]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31304]: Failed password for root from 211.253.9.49 port 46990 ssh2
Oct 15 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31304]: Received disconnect from 211.253.9.49 port 46990:11: Bye Bye [preauth]
Oct 15 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31304]: Disconnected from 211.253.9.49 port 46990 [preauth]
Oct 15 13:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31381]: Successful su for rubyman by root
Oct 15 13:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31381]: + ??? root:rubyman
Oct 15 13:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417958 of user rubyman.
Oct 15 13:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31381]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417958.
Oct 15 13:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27519]: pam_unix(cron:session): session closed for user root
Oct 15 13:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31762]: Invalid user j from 52.224.240.74
Oct 15 13:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31762]: input_userauth_request: invalid user j [preauth]
Oct 15 13:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31762]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12  user=root
Oct 15 13:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31309]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31762]: Failed password for invalid user j from 52.224.240.74 port 43100 ssh2
Oct 15 13:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Failed password for root from 27.254.235.12 port 45056 ssh2
Oct 15 13:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31762]: Received disconnect from 52.224.240.74 port 43100:11: Bye Bye [preauth]
Oct 15 13:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31762]: Disconnected from 52.224.240.74 port 43100 [preauth]
Oct 15 13:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Received disconnect from 27.254.235.12 port 45056:11: Bye Bye [preauth]
Oct 15 13:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Disconnected from 27.254.235.12 port 45056 [preauth]
Oct 15 13:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31819]: Invalid user operator from 165.22.200.57
Oct 15 13:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31819]: input_userauth_request: invalid user operator [preauth]
Oct 15 13:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31819]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31819]: Failed password for invalid user operator from 165.22.200.57 port 48934 ssh2
Oct 15 13:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31819]: Connection closed by 165.22.200.57 port 48934 [preauth]
Oct 15 13:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30226]: pam_unix(cron:session): session closed for user root
Oct 15 13:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31927]: Invalid user ai from 82.115.24.11
Oct 15 13:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31927]: input_userauth_request: invalid user ai [preauth]
Oct 15 13:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31927]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 13:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31927]: Failed password for invalid user ai from 82.115.24.11 port 45846 ssh2
Oct 15 13:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31927]: Received disconnect from 82.115.24.11 port 45846:11: Bye Bye [preauth]
Oct 15 13:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31927]: Disconnected from 82.115.24.11 port 45846 [preauth]
Oct 15 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31939]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31942]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31943]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31938]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31937]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31936]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31943]: pam_unix(cron:session): session closed for user root
Oct 15 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31936]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: Invalid user operator from 165.22.200.57
Oct 15 13:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: input_userauth_request: invalid user operator [preauth]
Oct 15 13:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32031]: Successful su for rubyman by root
Oct 15 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32031]: + ??? root:rubyman
Oct 15 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417963 of user rubyman.
Oct 15 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[32031]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417963.
Oct 15 13:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: Failed password for invalid user operator from 165.22.200.57 port 50612 ssh2
Oct 15 13:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: Connection closed by 165.22.200.57 port 50612 [preauth]
Oct 15 13:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31938]: pam_unix(cron:session): session closed for user root
Oct 15 13:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28288]: pam_unix(cron:session): session closed for user root
Oct 15 13:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31937]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: Invalid user robby from 107.175.209.254
Oct 15 13:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: input_userauth_request: invalid user robby [preauth]
Oct 15 13:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: Failed password for invalid user robby from 107.175.209.254 port 43382 ssh2
Oct 15 13:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: Received disconnect from 107.175.209.254 port 43382:11: Bye Bye [preauth]
Oct 15 13:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: Disconnected from 107.175.209.254 port 43382 [preauth]
Oct 15 13:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32426]: Invalid user traefik from 211.253.9.49
Oct 15 13:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32426]: input_userauth_request: invalid user traefik [preauth]
Oct 15 13:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32426]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: Invalid user operator from 165.22.200.57
Oct 15 13:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: input_userauth_request: invalid user operator [preauth]
Oct 15 13:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32426]: Failed password for invalid user traefik from 211.253.9.49 port 35244 ssh2
Oct 15 13:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32426]: Received disconnect from 211.253.9.49 port 35244:11: Bye Bye [preauth]
Oct 15 13:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32426]: Disconnected from 211.253.9.49 port 35244 [preauth]
Oct 15 13:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: Failed password for invalid user operator from 165.22.200.57 port 47466 ssh2
Oct 15 13:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: Connection closed by 165.22.200.57 port 47466 [preauth]
Oct 15 13:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30828]: pam_unix(cron:session): session closed for user root
Oct 15 13:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32475]: Invalid user dci from 27.254.235.12
Oct 15 13:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32475]: input_userauth_request: invalid user dci [preauth]
Oct 15 13:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32475]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 13:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32475]: Failed password for invalid user dci from 27.254.235.12 port 48696 ssh2
Oct 15 13:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32475]: Received disconnect from 27.254.235.12 port 48696:11: Bye Bye [preauth]
Oct 15 13:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32475]: Disconnected from 27.254.235.12 port 48696 [preauth]
Oct 15 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32518]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32516]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32514]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32589]: Successful su for rubyman by root
Oct 15 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32589]: + ??? root:rubyman
Oct 15 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417967 of user rubyman.
Oct 15 13:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32589]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417967.
Oct 15 13:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: Invalid user operator from 165.22.200.57
Oct 15 13:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: input_userauth_request: invalid user operator [preauth]
Oct 15 13:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[301]: Invalid user wiki from 82.115.24.11
Oct 15 13:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[301]: input_userauth_request: invalid user wiki [preauth]
Oct 15 13:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[301]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 13:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29139]: pam_unix(cron:session): session closed for user root
Oct 15 13:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[301]: Failed password for invalid user wiki from 82.115.24.11 port 60568 ssh2
Oct 15 13:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: Failed password for invalid user operator from 165.22.200.57 port 32780 ssh2
Oct 15 13:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[301]: Received disconnect from 82.115.24.11 port 60568:11: Bye Bye [preauth]
Oct 15 13:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[301]: Disconnected from 82.115.24.11 port 60568 [preauth]
Oct 15 13:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[305]: Connection closed by 165.22.200.57 port 32780 [preauth]
Oct 15 13:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32515]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: Invalid user tanulo from 52.224.240.74
Oct 15 13:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: input_userauth_request: invalid user tanulo [preauth]
Oct 15 13:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: Failed password for invalid user tanulo from 52.224.240.74 port 42780 ssh2
Oct 15 13:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: Received disconnect from 52.224.240.74 port 42780:11: Bye Bye [preauth]
Oct 15 13:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[398]: Disconnected from 52.224.240.74 port 42780 [preauth]
Oct 15 13:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31311]: pam_unix(cron:session): session closed for user root
Oct 15 13:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: Invalid user operator from 165.22.200.57
Oct 15 13:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: input_userauth_request: invalid user operator [preauth]
Oct 15 13:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: Failed password for invalid user operator from 165.22.200.57 port 48112 ssh2
Oct 15 13:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[497]: Connection closed by 165.22.200.57 port 48112 [preauth]
Oct 15 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[540]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[539]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[536]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[612]: Successful su for rubyman by root
Oct 15 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[612]: + ??? root:rubyman
Oct 15 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[612]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417971 of user rubyman.
Oct 15 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[612]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417971.
Oct 15 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254  user=root
Oct 15 13:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: Failed password for root from 107.175.209.254 port 42474 ssh2
Oct 15 13:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: Received disconnect from 107.175.209.254 port 42474:11: Bye Bye [preauth]
Oct 15 13:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[633]: Disconnected from 107.175.209.254 port 42474 [preauth]
Oct 15 13:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29692]: pam_unix(cron:session): session closed for user root
Oct 15 13:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49  user=root
Oct 15 13:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Failed password for root from 211.253.9.49 port 51733 ssh2
Oct 15 13:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Received disconnect from 211.253.9.49 port 51733:11: Bye Bye [preauth]
Oct 15 13:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Disconnected from 211.253.9.49 port 51733 [preauth]
Oct 15 13:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[538]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: Invalid user area from 27.254.235.12
Oct 15 13:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: input_userauth_request: invalid user area [preauth]
Oct 15 13:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 13:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: Invalid user operator from 165.22.200.57
Oct 15 13:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: input_userauth_request: invalid user operator [preauth]
Oct 15 13:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: Failed password for invalid user area from 27.254.235.12 port 52344 ssh2
Oct 15 13:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: Received disconnect from 27.254.235.12 port 52344:11: Bye Bye [preauth]
Oct 15 13:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: Disconnected from 27.254.235.12 port 52344 [preauth]
Oct 15 13:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: Failed password for invalid user operator from 165.22.200.57 port 34396 ssh2
Oct 15 13:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: Connection closed by 165.22.200.57 port 34396 [preauth]
Oct 15 13:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11  user=root
Oct 15 13:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: Failed password for root from 82.115.24.11 port 44478 ssh2
Oct 15 13:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: Received disconnect from 82.115.24.11 port 44478:11: Bye Bye [preauth]
Oct 15 13:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[981]: Disconnected from 82.115.24.11 port 44478 [preauth]
Oct 15 13:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31942]: pam_unix(cron:session): session closed for user root
Oct 15 13:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: Invalid user operator from 165.22.200.57
Oct 15 13:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: input_userauth_request: invalid user operator [preauth]
Oct 15 13:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: Failed password for invalid user operator from 165.22.200.57 port 57394 ssh2
Oct 15 13:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: Connection closed by 165.22.200.57 port 57394 [preauth]
Oct 15 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1120]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1121]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1118]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1188]: Successful su for rubyman by root
Oct 15 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1188]: + ??? root:rubyman
Oct 15 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417975 of user rubyman.
Oct 15 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1188]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417975.
Oct 15 13:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30225]: pam_unix(cron:session): session closed for user root
Oct 15 13:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1119]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1490]: Invalid user operator from 165.22.200.57
Oct 15 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1490]: input_userauth_request: invalid user operator [preauth]
Oct 15 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1490]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1490]: Failed password for invalid user operator from 165.22.200.57 port 48904 ssh2
Oct 15 13:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1490]: Connection closed by 165.22.200.57 port 48904 [preauth]
Oct 15 13:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74  user=root
Oct 15 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: Failed password for root from 52.224.240.74 port 39872 ssh2
Oct 15 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: Received disconnect from 52.224.240.74 port 39872:11: Bye Bye [preauth]
Oct 15 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: Disconnected from 52.224.240.74 port 39872 [preauth]
Oct 15 13:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32518]: pam_unix(cron:session): session closed for user root
Oct 15 13:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: Invalid user ftptest from 107.175.209.254
Oct 15 13:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: input_userauth_request: invalid user ftptest [preauth]
Oct 15 13:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1565]: User www-data from 82.115.24.11 not allowed because not listed in AllowUsers
Oct 15 13:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1565]: input_userauth_request: invalid user www-data [preauth]
Oct 15 13:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11  user=www-data
Oct 15 13:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: Failed password for invalid user ftptest from 107.175.209.254 port 55438 ssh2
Oct 15 13:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: Received disconnect from 107.175.209.254 port 55438:11: Bye Bye [preauth]
Oct 15 13:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: Disconnected from 107.175.209.254 port 55438 [preauth]
Oct 15 13:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: Invalid user admin from 211.253.9.49
Oct 15 13:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: input_userauth_request: invalid user admin [preauth]
Oct 15 13:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1565]: Failed password for invalid user www-data from 82.115.24.11 port 39434 ssh2
Oct 15 13:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1565]: Received disconnect from 82.115.24.11 port 39434:11: Bye Bye [preauth]
Oct 15 13:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1565]: Disconnected from 82.115.24.11 port 39434 [preauth]
Oct 15 13:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1578]: Invalid user eth from 27.254.235.12
Oct 15 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1578]: input_userauth_request: invalid user eth [preauth]
Oct 15 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1578]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: Failed password for invalid user admin from 211.253.9.49 port 39988 ssh2
Oct 15 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: Received disconnect from 211.253.9.49 port 39988:11: Bye Bye [preauth]
Oct 15 13:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: Disconnected from 211.253.9.49 port 39988 [preauth]
Oct 15 13:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1578]: Failed password for invalid user eth from 27.254.235.12 port 55986 ssh2
Oct 15 13:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1578]: Received disconnect from 27.254.235.12 port 55986:11: Bye Bye [preauth]
Oct 15 13:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1578]: Disconnected from 27.254.235.12 port 55986 [preauth]
Oct 15 13:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1604]: Invalid user developer from 165.22.200.57
Oct 15 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1604]: input_userauth_request: invalid user developer [preauth]
Oct 15 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1613]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1614]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1608]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1604]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1699]: Successful su for rubyman by root
Oct 15 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1699]: + ??? root:rubyman
Oct 15 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417981 of user rubyman.
Oct 15 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1699]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417981.
Oct 15 13:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1604]: Failed password for invalid user developer from 165.22.200.57 port 52230 ssh2
Oct 15 13:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1604]: Connection closed by 165.22.200.57 port 52230 [preauth]
Oct 15 13:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30827]: pam_unix(cron:session): session closed for user root
Oct 15 13:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1612]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: Invalid user developer from 165.22.200.57
Oct 15 13:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: input_userauth_request: invalid user developer [preauth]
Oct 15 13:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: Failed password for invalid user developer from 165.22.200.57 port 44316 ssh2
Oct 15 13:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2103]: Connection closed by 165.22.200.57 port 44316 [preauth]
Oct 15 13:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[540]: pam_unix(cron:session): session closed for user root
Oct 15 13:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: Invalid user wpyan from 82.115.24.11
Oct 15 13:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: input_userauth_request: invalid user wpyan [preauth]
Oct 15 13:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2215]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2213]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2212]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2214]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2215]: pam_unix(cron:session): session closed for user root
Oct 15 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2209]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: Failed password for invalid user wpyan from 82.115.24.11 port 55096 ssh2
Oct 15 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: Received disconnect from 82.115.24.11 port 55096:11: Bye Bye [preauth]
Oct 15 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2192]: Disconnected from 82.115.24.11 port 55096 [preauth]
Oct 15 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2284]: Successful su for rubyman by root
Oct 15 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2284]: + ??? root:rubyman
Oct 15 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417984 of user rubyman.
Oct 15 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2284]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417984.
Oct 15 13:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2212]: pam_unix(cron:session): session closed for user root
Oct 15 13:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31310]: pam_unix(cron:session): session closed for user root
Oct 15 13:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: Invalid user developer from 165.22.200.57
Oct 15 13:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: input_userauth_request: invalid user developer [preauth]
Oct 15 13:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: Failed password for invalid user developer from 165.22.200.57 port 56744 ssh2
Oct 15 13:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2449]: Connection closed by 165.22.200.57 port 56744 [preauth]
Oct 15 13:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Invalid user amalia from 107.175.209.254
Oct 15 13:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: input_userauth_request: invalid user amalia [preauth]
Oct 15 13:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: Invalid user ubuntu from 211.253.9.49
Oct 15 13:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 13:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Failed password for invalid user amalia from 107.175.209.254 port 34292 ssh2
Oct 15 13:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Received disconnect from 107.175.209.254 port 34292:11: Bye Bye [preauth]
Oct 15 13:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Disconnected from 107.175.209.254 port 34292 [preauth]
Oct 15 13:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: Failed password for invalid user ubuntu from 211.253.9.49 port 56475 ssh2
Oct 15 13:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: Received disconnect from 211.253.9.49 port 56475:11: Bye Bye [preauth]
Oct 15 13:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: Disconnected from 211.253.9.49 port 56475 [preauth]
Oct 15 13:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Invalid user adminuser from 27.254.235.12
Oct 15 13:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: input_userauth_request: invalid user adminuser [preauth]
Oct 15 13:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 13:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2211]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Failed password for invalid user adminuser from 27.254.235.12 port 59628 ssh2
Oct 15 13:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Received disconnect from 27.254.235.12 port 59628:11: Bye Bye [preauth]
Oct 15 13:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2549]: Disconnected from 27.254.235.12 port 59628 [preauth]
Oct 15 13:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: Invalid user eth from 52.224.240.74
Oct 15 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: input_userauth_request: invalid user eth [preauth]
Oct 15 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: Failed password for invalid user eth from 52.224.240.74 port 32996 ssh2
Oct 15 13:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: Received disconnect from 52.224.240.74 port 32996:11: Bye Bye [preauth]
Oct 15 13:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: Disconnected from 52.224.240.74 port 32996 [preauth]
Oct 15 13:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1121]: pam_unix(cron:session): session closed for user root
Oct 15 13:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Invalid user developer from 165.22.200.57
Oct 15 13:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: input_userauth_request: invalid user developer [preauth]
Oct 15 13:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Failed password for invalid user developer from 165.22.200.57 port 48922 ssh2
Oct 15 13:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Connection closed by 165.22.200.57 port 48922 [preauth]
Oct 15 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2696]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2695]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2693]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2768]: Successful su for rubyman by root
Oct 15 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2768]: + ??? root:rubyman
Oct 15 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417990 of user rubyman.
Oct 15 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2768]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417990.
Oct 15 13:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Invalid user clinton from 82.115.24.11
Oct 15 13:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: input_userauth_request: invalid user clinton [preauth]
Oct 15 13:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 13:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31939]: pam_unix(cron:session): session closed for user root
Oct 15 13:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Failed password for invalid user clinton from 82.115.24.11 port 55240 ssh2
Oct 15 13:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Received disconnect from 82.115.24.11 port 55240:11: Bye Bye [preauth]
Oct 15 13:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Disconnected from 82.115.24.11 port 55240 [preauth]
Oct 15 13:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2694]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: Invalid user developer from 165.22.200.57
Oct 15 13:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: input_userauth_request: invalid user developer [preauth]
Oct 15 13:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: Failed password for invalid user developer from 165.22.200.57 port 45408 ssh2
Oct 15 13:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3035]: Connection closed by 165.22.200.57 port 45408 [preauth]
Oct 15 13:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: Invalid user test from 194.0.234.93
Oct 15 13:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: input_userauth_request: invalid user test [preauth]
Oct 15 13:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.93
Oct 15 13:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: Failed password for invalid user test from 194.0.234.93 port 41966 ssh2
Oct 15 13:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: Connection closed by 194.0.234.93 port 41966 [preauth]
Oct 15 13:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1614]: pam_unix(cron:session): session closed for user root
Oct 15 13:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: Invalid user packer from 211.253.9.49
Oct 15 13:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: input_userauth_request: invalid user packer [preauth]
Oct 15 13:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254  user=root
Oct 15 13:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: Failed password for invalid user packer from 211.253.9.49 port 44730 ssh2
Oct 15 13:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: Received disconnect from 211.253.9.49 port 44730:11: Bye Bye [preauth]
Oct 15 13:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3120]: Disconnected from 211.253.9.49 port 44730 [preauth]
Oct 15 13:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12  user=root
Oct 15 13:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Failed password for root from 107.175.209.254 port 40720 ssh2
Oct 15 13:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Received disconnect from 107.175.209.254 port 40720:11: Bye Bye [preauth]
Oct 15 13:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Disconnected from 107.175.209.254 port 40720 [preauth]
Oct 15 13:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: Failed password for root from 27.254.235.12 port 35046 ssh2
Oct 15 13:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: Received disconnect from 27.254.235.12 port 35046:11: Bye Bye [preauth]
Oct 15 13:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: Disconnected from 27.254.235.12 port 35046 [preauth]
Oct 15 13:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Invalid user developer from 165.22.200.57
Oct 15 13:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: input_userauth_request: invalid user developer [preauth]
Oct 15 13:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3154]: Did not receive identification string from 196.251.114.29
Oct 15 13:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Failed password for invalid user developer from 165.22.200.57 port 34776 ssh2
Oct 15 13:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3152]: Connection closed by 165.22.200.57 port 34776 [preauth]
Oct 15 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3166]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3167]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3163]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3232]: Successful su for rubyman by root
Oct 15 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3232]: + ??? root:rubyman
Oct 15 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417993 of user rubyman.
Oct 15 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[3232]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417993.
Oct 15 13:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32516]: pam_unix(cron:session): session closed for user root
Oct 15 13:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3165]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3508]: Invalid user adminuser from 52.224.240.74
Oct 15 13:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3508]: input_userauth_request: invalid user adminuser [preauth]
Oct 15 13:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3508]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: Invalid user developer from 165.22.200.57
Oct 15 13:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: input_userauth_request: invalid user developer [preauth]
Oct 15 13:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3508]: Failed password for invalid user adminuser from 52.224.240.74 port 47712 ssh2
Oct 15 13:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3508]: Received disconnect from 52.224.240.74 port 47712:11: Bye Bye [preauth]
Oct 15 13:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3508]: Disconnected from 52.224.240.74 port 47712 [preauth]
Oct 15 13:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: Failed password for invalid user developer from 165.22.200.57 port 39936 ssh2
Oct 15 13:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: Connection closed by 165.22.200.57 port 39936 [preauth]
Oct 15 13:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: Invalid user jordi from 82.115.24.11
Oct 15 13:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: input_userauth_request: invalid user jordi [preauth]
Oct 15 13:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.115.24.11
Oct 15 13:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2214]: pam_unix(cron:session): session closed for user root
Oct 15 13:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: Failed password for invalid user jordi from 82.115.24.11 port 41532 ssh2
Oct 15 13:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: Received disconnect from 82.115.24.11 port 41532:11: Bye Bye [preauth]
Oct 15 13:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3566]: Disconnected from 82.115.24.11 port 41532 [preauth]
Oct 15 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3632]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3631]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3629]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3696]: Successful su for rubyman by root
Oct 15 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3696]: + ??? root:rubyman
Oct 15 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 417998 of user rubyman.
Oct 15 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3696]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 417998.
Oct 15 13:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Invalid user developer from 165.22.200.57
Oct 15 13:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: input_userauth_request: invalid user developer [preauth]
Oct 15 13:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Failed password for invalid user developer from 165.22.200.57 port 41032 ssh2
Oct 15 13:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3804]: Connection closed by 165.22.200.57 port 41032 [preauth]
Oct 15 13:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[539]: pam_unix(cron:session): session closed for user root
Oct 15 13:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3630]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: Invalid user xiaobin from 27.254.235.12
Oct 15 13:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: input_userauth_request: invalid user xiaobin [preauth]
Oct 15 13:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 13:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49  user=root
Oct 15 13:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: Invalid user divya from 107.175.209.254
Oct 15 13:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: input_userauth_request: invalid user divya [preauth]
Oct 15 13:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: Failed password for invalid user xiaobin from 27.254.235.12 port 38688 ssh2
Oct 15 13:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3965]: Failed password for root from 211.253.9.49 port 32986 ssh2
Oct 15 13:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3965]: Received disconnect from 211.253.9.49 port 32986:11: Bye Bye [preauth]
Oct 15 13:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3965]: Disconnected from 211.253.9.49 port 32986 [preauth]
Oct 15 13:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: Failed password for invalid user divya from 107.175.209.254 port 40920 ssh2
Oct 15 13:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: Received disconnect from 27.254.235.12 port 38688:11: Bye Bye [preauth]
Oct 15 13:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3961]: Disconnected from 27.254.235.12 port 38688 [preauth]
Oct 15 13:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: Received disconnect from 107.175.209.254 port 40920:11: Bye Bye [preauth]
Oct 15 13:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3967]: Disconnected from 107.175.209.254 port 40920 [preauth]
Oct 15 13:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2696]: pam_unix(cron:session): session closed for user root
Oct 15 13:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: Invalid user developer from 165.22.200.57
Oct 15 13:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: input_userauth_request: invalid user developer [preauth]
Oct 15 13:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: Failed password for invalid user developer from 165.22.200.57 port 47328 ssh2
Oct 15 13:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4040]: Connection closed by 165.22.200.57 port 47328 [preauth]
Oct 15 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4092]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4091]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4089]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4196]: Successful su for rubyman by root
Oct 15 13:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4196]: + ??? root:rubyman
Oct 15 13:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418001 of user rubyman.
Oct 15 13:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4196]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418001.
Oct 15 13:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1120]: pam_unix(cron:session): session closed for user root
Oct 15 13:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: Invalid user deploy from 165.22.200.57
Oct 15 13:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: input_userauth_request: invalid user deploy [preauth]
Oct 15 13:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4090]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: Failed password for invalid user deploy from 165.22.200.57 port 56892 ssh2
Oct 15 13:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4449]: Connection closed by 165.22.200.57 port 56892 [preauth]
Oct 15 13:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: Invalid user whz from 52.224.240.74
Oct 15 13:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: input_userauth_request: invalid user whz [preauth]
Oct 15 13:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: Failed password for invalid user whz from 52.224.240.74 port 47784 ssh2
Oct 15 13:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: Received disconnect from 52.224.240.74 port 47784:11: Bye Bye [preauth]
Oct 15 13:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4478]: Disconnected from 52.224.240.74 port 47784 [preauth]
Oct 15 13:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3167]: pam_unix(cron:session): session closed for user root
Oct 15 13:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: Invalid user deploy from 165.22.200.57
Oct 15 13:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: input_userauth_request: invalid user deploy [preauth]
Oct 15 13:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: Failed password for invalid user deploy from 165.22.200.57 port 59410 ssh2
Oct 15 13:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: Connection closed by 165.22.200.57 port 59410 [preauth]
Oct 15 13:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Invalid user casino from 211.253.9.49
Oct 15 13:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: input_userauth_request: invalid user casino [preauth]
Oct 15 13:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254  user=root
Oct 15 13:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Invalid user user from 27.254.235.12
Oct 15 13:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: input_userauth_request: invalid user user [preauth]
Oct 15 13:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Failed password for invalid user casino from 211.253.9.49 port 49474 ssh2
Oct 15 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: Failed password for root from 107.175.209.254 port 48152 ssh2
Oct 15 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: Received disconnect from 107.175.209.254 port 48152:11: Bye Bye [preauth]
Oct 15 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: Disconnected from 107.175.209.254 port 48152 [preauth]
Oct 15 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Received disconnect from 211.253.9.49 port 49474:11: Bye Bye [preauth]
Oct 15 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Disconnected from 211.253.9.49 port 49474 [preauth]
Oct 15 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Failed password for invalid user user from 27.254.235.12 port 42336 ssh2
Oct 15 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Received disconnect from 27.254.235.12 port 42336:11: Bye Bye [preauth]
Oct 15 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Disconnected from 27.254.235.12 port 42336 [preauth]
Oct 15 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4655]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4658]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4660]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4659]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4660]: pam_unix(cron:session): session closed for user root
Oct 15 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4653]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4737]: Successful su for rubyman by root
Oct 15 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4737]: + ??? root:rubyman
Oct 15 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418005 of user rubyman.
Oct 15 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4737]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418005.
Oct 15 13:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4655]: pam_unix(cron:session): session closed for user root
Oct 15 13:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1613]: pam_unix(cron:session): session closed for user root
Oct 15 13:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4654]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Invalid user deploy from 165.22.200.57
Oct 15 13:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: input_userauth_request: invalid user deploy [preauth]
Oct 15 13:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Failed password for invalid user deploy from 165.22.200.57 port 37930 ssh2
Oct 15 13:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Connection closed by 165.22.200.57 port 37930 [preauth]
Oct 15 13:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3632]: pam_unix(cron:session): session closed for user root
Oct 15 13:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: Invalid user deploy from 165.22.200.57
Oct 15 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: input_userauth_request: invalid user deploy [preauth]
Oct 15 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5648]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5647]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5645]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5722]: Successful su for rubyman by root
Oct 15 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5722]: + ??? root:rubyman
Oct 15 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418011 of user rubyman.
Oct 15 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5722]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418011.
Oct 15 13:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: Failed password for invalid user deploy from 165.22.200.57 port 37256 ssh2
Oct 15 13:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: Connection closed by 165.22.200.57 port 37256 [preauth]
Oct 15 13:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2213]: pam_unix(cron:session): session closed for user root
Oct 15 13:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5646]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: Invalid user hyper from 52.224.240.74
Oct 15 13:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: input_userauth_request: invalid user hyper [preauth]
Oct 15 13:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: Failed password for invalid user hyper from 52.224.240.74 port 34334 ssh2
Oct 15 13:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: Received disconnect from 52.224.240.74 port 34334:11: Bye Bye [preauth]
Oct 15 13:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6002]: Disconnected from 52.224.240.74 port 34334 [preauth]
Oct 15 13:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6026]: Invalid user asw from 211.253.9.49
Oct 15 13:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6026]: input_userauth_request: invalid user asw [preauth]
Oct 15 13:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6026]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12  user=root
Oct 15 13:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: Invalid user liz from 107.175.209.254
Oct 15 13:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: input_userauth_request: invalid user liz [preauth]
Oct 15 13:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: Invalid user deploy from 165.22.200.57
Oct 15 13:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: input_userauth_request: invalid user deploy [preauth]
Oct 15 13:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6026]: Failed password for invalid user asw from 211.253.9.49 port 37729 ssh2
Oct 15 13:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6026]: Received disconnect from 211.253.9.49 port 37729:11: Bye Bye [preauth]
Oct 15 13:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6026]: Disconnected from 211.253.9.49 port 37729 [preauth]
Oct 15 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: Failed password for root from 27.254.235.12 port 45986 ssh2
Oct 15 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: Received disconnect from 27.254.235.12 port 45986:11: Bye Bye [preauth]
Oct 15 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6028]: Disconnected from 27.254.235.12 port 45986 [preauth]
Oct 15 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: Failed password for invalid user liz from 107.175.209.254 port 56932 ssh2
Oct 15 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: Received disconnect from 107.175.209.254 port 56932:11: Bye Bye [preauth]
Oct 15 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6039]: Disconnected from 107.175.209.254 port 56932 [preauth]
Oct 15 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: Invalid user teacher from 164.68.105.9
Oct 15 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: input_userauth_request: invalid user teacher [preauth]
Oct 15 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 13:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: Failed password for invalid user deploy from 165.22.200.57 port 45240 ssh2
Oct 15 13:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: Connection closed by 165.22.200.57 port 45240 [preauth]
Oct 15 13:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: Failed password for invalid user teacher from 164.68.105.9 port 41566 ssh2
Oct 15 13:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: Connection closed by 164.68.105.9 port 41566 [preauth]
Oct 15 13:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4092]: pam_unix(cron:session): session closed for user root
Oct 15 13:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Invalid user operator from 80.94.95.115
Oct 15 13:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: input_userauth_request: invalid user operator [preauth]
Oct 15 13:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Failed none for invalid user operator from 80.94.95.115 port 38396 ssh2
Oct 15 13:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Connection closed by 80.94.95.115 port 38396 [preauth]
Oct 15 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6144]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6146]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6141]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6214]: Successful su for rubyman by root
Oct 15 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6214]: + ??? root:rubyman
Oct 15 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418018 of user rubyman.
Oct 15 13:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[6214]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418018.
Oct 15 13:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: Invalid user deploy from 165.22.200.57
Oct 15 13:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: input_userauth_request: invalid user deploy [preauth]
Oct 15 13:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: Failed password for invalid user deploy from 165.22.200.57 port 49286 ssh2
Oct 15 13:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6250]: Connection closed by 165.22.200.57 port 49286 [preauth]
Oct 15 13:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2695]: pam_unix(cron:session): session closed for user root
Oct 15 13:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6142]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6500]: Invalid user deploy from 165.22.200.57
Oct 15 13:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6500]: input_userauth_request: invalid user deploy [preauth]
Oct 15 13:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6500]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6500]: Failed password for invalid user deploy from 165.22.200.57 port 49232 ssh2
Oct 15 13:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6500]: Connection closed by 165.22.200.57 port 49232 [preauth]
Oct 15 13:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4659]: pam_unix(cron:session): session closed for user root
Oct 15 13:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6693]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6692]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6690]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6688]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: Invalid user whz from 27.254.235.12
Oct 15 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: input_userauth_request: invalid user whz [preauth]
Oct 15 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Invalid user prod from 107.175.209.254
Oct 15 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: input_userauth_request: invalid user prod [preauth]
Oct 15 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6768]: Successful su for rubyman by root
Oct 15 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6768]: + ??? root:rubyman
Oct 15 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418019 of user rubyman.
Oct 15 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6768]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418019.
Oct 15 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: Failed password for invalid user whz from 27.254.235.12 port 49628 ssh2
Oct 15 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: Received disconnect from 27.254.235.12 port 49628:11: Bye Bye [preauth]
Oct 15 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6623]: Disconnected from 27.254.235.12 port 49628 [preauth]
Oct 15 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Failed password for invalid user prod from 107.175.209.254 port 42040 ssh2
Oct 15 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Received disconnect from 107.175.209.254 port 42040:11: Bye Bye [preauth]
Oct 15 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Disconnected from 107.175.209.254 port 42040 [preauth]
Oct 15 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6802]: Invalid user area from 211.253.9.49
Oct 15 13:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6802]: input_userauth_request: invalid user area [preauth]
Oct 15 13:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6802]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6802]: Failed password for invalid user area from 211.253.9.49 port 54217 ssh2
Oct 15 13:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6802]: Received disconnect from 211.253.9.49 port 54217:11: Bye Bye [preauth]
Oct 15 13:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6802]: Disconnected from 211.253.9.49 port 54217 [preauth]
Oct 15 13:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3166]: pam_unix(cron:session): session closed for user root
Oct 15 13:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: Invalid user deploy from 165.22.200.57
Oct 15 13:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: input_userauth_request: invalid user deploy [preauth]
Oct 15 13:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: Failed password for invalid user deploy from 165.22.200.57 port 33406 ssh2
Oct 15 13:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6935]: Connection closed by 165.22.200.57 port 33406 [preauth]
Oct 15 13:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6690]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74  user=root
Oct 15 13:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Failed password for root from 52.224.240.74 port 36990 ssh2
Oct 15 13:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Received disconnect from 52.224.240.74 port 36990:11: Bye Bye [preauth]
Oct 15 13:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7054]: Disconnected from 52.224.240.74 port 36990 [preauth]
Oct 15 13:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5648]: pam_unix(cron:session): session closed for user root
Oct 15 13:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7132]: Invalid user deploy from 165.22.200.57
Oct 15 13:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7132]: input_userauth_request: invalid user deploy [preauth]
Oct 15 13:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7132]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7132]: Failed password for invalid user deploy from 165.22.200.57 port 55958 ssh2
Oct 15 13:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7132]: Connection closed by 165.22.200.57 port 55958 [preauth]
Oct 15 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7243]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7242]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7238]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7240]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7437]: Successful su for rubyman by root
Oct 15 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7437]: + ??? root:rubyman
Oct 15 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7437]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418023 of user rubyman.
Oct 15 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[7437]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418023.
Oct 15 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7238]: pam_unix(cron:session): session closed for user root
Oct 15 13:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3631]: pam_unix(cron:session): session closed for user root
Oct 15 13:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7241]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: Invalid user ec2-user from 165.22.200.57
Oct 15 13:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: input_userauth_request: invalid user ec2-user [preauth]
Oct 15 13:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: Failed password for invalid user ec2-user from 165.22.200.57 port 33300 ssh2
Oct 15 13:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: Connection closed by 165.22.200.57 port 33300 [preauth]
Oct 15 13:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7727]: Invalid user casino from 27.254.235.12
Oct 15 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7727]: input_userauth_request: invalid user casino [preauth]
Oct 15 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7727]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 13:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7727]: Failed password for invalid user casino from 27.254.235.12 port 53272 ssh2
Oct 15 13:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7727]: Received disconnect from 27.254.235.12 port 53272:11: Bye Bye [preauth]
Oct 15 13:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7727]: Disconnected from 27.254.235.12 port 53272 [preauth]
Oct 15 13:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7730]: Invalid user deploy from 107.175.209.254
Oct 15 13:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7730]: input_userauth_request: invalid user deploy [preauth]
Oct 15 13:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7730]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7730]: Failed password for invalid user deploy from 107.175.209.254 port 60640 ssh2
Oct 15 13:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7730]: Received disconnect from 107.175.209.254 port 60640:11: Bye Bye [preauth]
Oct 15 13:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7730]: Disconnected from 107.175.209.254 port 60640 [preauth]
Oct 15 13:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6146]: pam_unix(cron:session): session closed for user root
Oct 15 13:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: Invalid user dci from 211.253.9.49
Oct 15 13:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: input_userauth_request: invalid user dci [preauth]
Oct 15 13:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: Failed password for invalid user dci from 211.253.9.49 port 42473 ssh2
Oct 15 13:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: Received disconnect from 211.253.9.49 port 42473:11: Bye Bye [preauth]
Oct 15 13:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7767]: Disconnected from 211.253.9.49 port 42473 [preauth]
Oct 15 13:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7818]: Invalid user ec2-user from 165.22.200.57
Oct 15 13:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7818]: input_userauth_request: invalid user ec2-user [preauth]
Oct 15 13:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7818]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7818]: Failed password for invalid user ec2-user from 165.22.200.57 port 55572 ssh2
Oct 15 13:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7818]: Connection closed by 165.22.200.57 port 55572 [preauth]
Oct 15 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7842]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7839]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7838]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7840]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7842]: pam_unix(cron:session): session closed for user root
Oct 15 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7832]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8346]: Successful su for rubyman by root
Oct 15 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8346]: + ??? root:rubyman
Oct 15 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418028 of user rubyman.
Oct 15 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8346]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418028.
Oct 15 13:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7838]: pam_unix(cron:session): session closed for user root
Oct 15 13:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4091]: pam_unix(cron:session): session closed for user root
Oct 15 13:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7837]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: Invalid user xiaobin from 52.224.240.74
Oct 15 13:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: input_userauth_request: invalid user xiaobin [preauth]
Oct 15 13:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: Invalid user ec2-user from 165.22.200.57
Oct 15 13:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: input_userauth_request: invalid user ec2-user [preauth]
Oct 15 13:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: Failed password for invalid user xiaobin from 52.224.240.74 port 60410 ssh2
Oct 15 13:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: Received disconnect from 52.224.240.74 port 60410:11: Bye Bye [preauth]
Oct 15 13:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8659]: Disconnected from 52.224.240.74 port 60410 [preauth]
Oct 15 13:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: Failed password for invalid user ec2-user from 165.22.200.57 port 46728 ssh2
Oct 15 13:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: Connection closed by 165.22.200.57 port 46728 [preauth]
Oct 15 13:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6693]: pam_unix(cron:session): session closed for user root
Oct 15 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8889]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8888]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8886]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: Invalid user admin from 2.57.121.25
Oct 15 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: input_userauth_request: invalid user admin [preauth]
Oct 15 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 13:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8987]: Successful su for rubyman by root
Oct 15 13:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8987]: + ??? root:rubyman
Oct 15 13:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8987]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418036 of user rubyman.
Oct 15 13:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8987]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418036.
Oct 15 13:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: Failed password for invalid user admin from 2.57.121.25 port 14516 ssh2
Oct 15 13:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: Invalid user eacsaci from 27.254.235.12
Oct 15 13:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: input_userauth_request: invalid user eacsaci [preauth]
Oct 15 13:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 13:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: Failed password for invalid user admin from 2.57.121.25 port 14516 ssh2
Oct 15 13:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: Failed password for invalid user eacsaci from 27.254.235.12 port 56912 ssh2
Oct 15 13:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: Received disconnect from 27.254.235.12 port 56912:11: Bye Bye [preauth]
Oct 15 13:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9019]: Disconnected from 27.254.235.12 port 56912 [preauth]
Oct 15 13:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: Invalid user ec2-user from 165.22.200.57
Oct 15 13:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: input_userauth_request: invalid user ec2-user [preauth]
Oct 15 13:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: Failed password for invalid user admin from 2.57.121.25 port 14516 ssh2
Oct 15 13:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: Failed password for invalid user ec2-user from 165.22.200.57 port 43554 ssh2
Oct 15 13:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9087]: Connection closed by 165.22.200.57 port 43554 [preauth]
Oct 15 13:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: Failed password for invalid user admin from 2.57.121.25 port 14516 ssh2
Oct 15 13:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4658]: pam_unix(cron:session): session closed for user root
Oct 15 13:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254  user=root
Oct 15 13:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: Failed password for invalid user admin from 2.57.121.25 port 14516 ssh2
Oct 15 13:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: Received disconnect from 2.57.121.25 port 14516:11: Bye [preauth]
Oct 15 13:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: Disconnected from 2.57.121.25 port 14516 [preauth]
Oct 15 13:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 13:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8882]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 13:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9297]: Failed password for root from 107.175.209.254 port 34592 ssh2
Oct 15 13:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9297]: Received disconnect from 107.175.209.254 port 34592:11: Bye Bye [preauth]
Oct 15 13:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9297]: Disconnected from 107.175.209.254 port 34592 [preauth]
Oct 15 13:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8887]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49  user=root
Oct 15 13:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: Failed password for root from 211.253.9.49 port 58968 ssh2
Oct 15 13:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: Received disconnect from 211.253.9.49 port 58968:11: Bye Bye [preauth]
Oct 15 13:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: Disconnected from 211.253.9.49 port 58968 [preauth]
Oct 15 13:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7243]: pam_unix(cron:session): session closed for user root
Oct 15 13:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Invalid user ec2-user from 165.22.200.57
Oct 15 13:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: input_userauth_request: invalid user ec2-user [preauth]
Oct 15 13:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Failed password for invalid user ec2-user from 165.22.200.57 port 48516 ssh2
Oct 15 13:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Connection closed by 165.22.200.57 port 48516 [preauth]
Oct 15 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9523]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9522]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9524]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9521]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9521]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9601]: Successful su for rubyman by root
Oct 15 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9601]: + ??? root:rubyman
Oct 15 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9601]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418040 of user rubyman.
Oct 15 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9601]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418040.
Oct 15 13:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5647]: pam_unix(cron:session): session closed for user root
Oct 15 13:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9522]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: Invalid user ec2-user from 165.22.200.57
Oct 15 13:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: input_userauth_request: invalid user ec2-user [preauth]
Oct 15 13:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: Failed password for invalid user ec2-user from 165.22.200.57 port 46190 ssh2
Oct 15 13:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: Connection closed by 165.22.200.57 port 46190 [preauth]
Oct 15 13:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: Invalid user packer from 27.254.235.12
Oct 15 13:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: input_userauth_request: invalid user packer [preauth]
Oct 15 13:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.12
Oct 15 13:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74  user=root
Oct 15 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: Failed password for invalid user packer from 27.254.235.12 port 60552 ssh2
Oct 15 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10024]: Failed password for root from 52.224.240.74 port 52492 ssh2
Oct 15 13:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: Received disconnect from 27.254.235.12 port 60552:11: Bye Bye [preauth]
Oct 15 13:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: Disconnected from 27.254.235.12 port 60552 [preauth]
Oct 15 13:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10024]: Received disconnect from 52.224.240.74 port 52492:11: Bye Bye [preauth]
Oct 15 13:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10024]: Disconnected from 52.224.240.74 port 52492 [preauth]
Oct 15 13:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7840]: pam_unix(cron:session): session closed for user root
Oct 15 13:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Invalid user deni from 107.175.209.254
Oct 15 13:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: input_userauth_request: invalid user deni [preauth]
Oct 15 13:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Failed password for invalid user deni from 107.175.209.254 port 44318 ssh2
Oct 15 13:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Received disconnect from 107.175.209.254 port 44318:11: Bye Bye [preauth]
Oct 15 13:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Disconnected from 107.175.209.254 port 44318 [preauth]
Oct 15 13:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: Invalid user ec2-user from 165.22.200.57
Oct 15 13:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: input_userauth_request: invalid user ec2-user [preauth]
Oct 15 13:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: Invalid user tanulo from 211.253.9.49
Oct 15 13:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: input_userauth_request: invalid user tanulo [preauth]
Oct 15 13:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.9.49
Oct 15 13:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: Failed password for invalid user ec2-user from 165.22.200.57 port 45804 ssh2
Oct 15 13:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10115]: Connection closed by 165.22.200.57 port 45804 [preauth]
Oct 15 13:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: Failed password for invalid user tanulo from 211.253.9.49 port 47225 ssh2
Oct 15 13:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: Received disconnect from 211.253.9.49 port 47225:11: Bye Bye [preauth]
Oct 15 13:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: Disconnected from 211.253.9.49 port 47225 [preauth]
Oct 15 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10139]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10138]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10133]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10228]: Successful su for rubyman by root
Oct 15 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10228]: + ??? root:rubyman
Oct 15 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10228]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418043 of user rubyman.
Oct 15 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10228]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418043.
Oct 15 13:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6144]: pam_unix(cron:session): session closed for user root
Oct 15 13:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10137]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: Invalid user ec2-user from 165.22.200.57
Oct 15 13:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: input_userauth_request: invalid user ec2-user [preauth]
Oct 15 13:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: Failed password for invalid user ec2-user from 165.22.200.57 port 34110 ssh2
Oct 15 13:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: Connection closed by 165.22.200.57 port 34110 [preauth]
Oct 15 13:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8889]: pam_unix(cron:session): session closed for user root
Oct 15 13:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: Invalid user ec2-user from 165.22.200.57
Oct 15 13:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: input_userauth_request: invalid user ec2-user [preauth]
Oct 15 13:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: Failed password for invalid user ec2-user from 165.22.200.57 port 38834 ssh2
Oct 15 13:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10612]: Connection closed by 165.22.200.57 port 38834 [preauth]
Oct 15 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10633]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10635]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10631]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10631]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10710]: Successful su for rubyman by root
Oct 15 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10710]: + ??? root:rubyman
Oct 15 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418046 of user rubyman.
Oct 15 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[10710]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418046.
Oct 15 13:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6692]: pam_unix(cron:session): session closed for user root
Oct 15 13:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10632]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: Invalid user caja01 from 107.175.209.254
Oct 15 13:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: input_userauth_request: invalid user caja01 [preauth]
Oct 15 13:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.209.254
Oct 15 13:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: Failed password for invalid user caja01 from 107.175.209.254 port 35510 ssh2
Oct 15 13:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: Received disconnect from 107.175.209.254 port 35510:11: Bye Bye [preauth]
Oct 15 13:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: Disconnected from 107.175.209.254 port 35510 [preauth]
Oct 15 13:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10965]: Invalid user pi from 80.94.95.115
Oct 15 13:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10965]: input_userauth_request: invalid user pi [preauth]
Oct 15 13:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10965]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
Oct 15 13:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10965]: Failed password for invalid user pi from 80.94.95.115 port 23086 ssh2
Oct 15 13:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10965]: Connection closed by 80.94.95.115 port 23086 [preauth]
Oct 15 13:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10993]: Invalid user centos from 165.22.200.57
Oct 15 13:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10993]: input_userauth_request: invalid user centos [preauth]
Oct 15 13:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10993]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10993]: Failed password for invalid user centos from 165.22.200.57 port 46156 ssh2
Oct 15 13:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10993]: Connection closed by 165.22.200.57 port 46156 [preauth]
Oct 15 13:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9524]: pam_unix(cron:session): session closed for user root
Oct 15 13:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: Invalid user els from 52.224.240.74
Oct 15 13:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: input_userauth_request: invalid user els [preauth]
Oct 15 13:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: Failed password for invalid user els from 52.224.240.74 port 41354 ssh2
Oct 15 13:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: Received disconnect from 52.224.240.74 port 41354:11: Bye Bye [preauth]
Oct 15 13:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11005]: Disconnected from 52.224.240.74 port 41354 [preauth]
Oct 15 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11093]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11092]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11095]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11094]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11090]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11095]: pam_unix(cron:session): session closed for user root
Oct 15 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11090]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[11178]: Successful su for rubyman by root
Oct 15 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[11178]: + ??? root:rubyman
Oct 15 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[11178]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418054 of user rubyman.
Oct 15 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[11178]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418054.
Oct 15 13:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: Invalid user centos from 165.22.200.57
Oct 15 13:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: input_userauth_request: invalid user centos [preauth]
Oct 15 13:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: Failed password for invalid user centos from 165.22.200.57 port 40978 ssh2
Oct 15 13:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: Connection closed by 165.22.200.57 port 40978 [preauth]
Oct 15 13:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11092]: pam_unix(cron:session): session closed for user root
Oct 15 13:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7242]: pam_unix(cron:session): session closed for user root
Oct 15 13:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11091]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10139]: pam_unix(cron:session): session closed for user root
Oct 15 13:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Invalid user centos from 165.22.200.57
Oct 15 13:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: input_userauth_request: invalid user centos [preauth]
Oct 15 13:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Failed password for invalid user centos from 165.22.200.57 port 56048 ssh2
Oct 15 13:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Connection closed by 165.22.200.57 port 56048 [preauth]
Oct 15 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11596]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11595]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11592]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11773]: Successful su for rubyman by root
Oct 15 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11773]: + ??? root:rubyman
Oct 15 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11773]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418056 of user rubyman.
Oct 15 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11773]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418056.
Oct 15 13:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7839]: pam_unix(cron:session): session closed for user root
Oct 15 13:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: Invalid user centos from 165.22.200.57
Oct 15 13:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: input_userauth_request: invalid user centos [preauth]
Oct 15 13:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11594]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: Failed password for invalid user centos from 165.22.200.57 port 38132 ssh2
Oct 15 13:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: Connection closed by 165.22.200.57 port 38132 [preauth]
Oct 15 13:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10635]: pam_unix(cron:session): session closed for user root
Oct 15 13:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Invalid user ftpuser from 52.224.240.74
Oct 15 13:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 13:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Failed password for invalid user ftpuser from 52.224.240.74 port 57508 ssh2
Oct 15 13:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Received disconnect from 52.224.240.74 port 57508:11: Bye Bye [preauth]
Oct 15 13:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Disconnected from 52.224.240.74 port 57508 [preauth]
Oct 15 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: Invalid user centos from 165.22.200.57
Oct 15 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: input_userauth_request: invalid user centos [preauth]
Oct 15 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: Failed password for invalid user centos from 165.22.200.57 port 39244 ssh2
Oct 15 13:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: Connection closed by 165.22.200.57 port 39244 [preauth]
Oct 15 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12185]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12184]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12180]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12265]: Successful su for rubyman by root
Oct 15 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12265]: + ??? root:rubyman
Oct 15 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418060 of user rubyman.
Oct 15 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12265]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418060.
Oct 15 13:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8888]: pam_unix(cron:session): session closed for user root
Oct 15 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12183]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Invalid user centos from 165.22.200.57
Oct 15 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: input_userauth_request: invalid user centos [preauth]
Oct 15 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Failed password for invalid user centos from 165.22.200.57 port 53830 ssh2
Oct 15 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Connection closed by 165.22.200.57 port 53830 [preauth]
Oct 15 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11094]: pam_unix(cron:session): session closed for user root
Oct 15 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12670]: Invalid user centos from 165.22.200.57
Oct 15 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12670]: input_userauth_request: invalid user centos [preauth]
Oct 15 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12670]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12676]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12677]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12673]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12673]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12670]: Failed password for invalid user centos from 165.22.200.57 port 58418 ssh2
Oct 15 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12670]: Connection closed by 165.22.200.57 port 58418 [preauth]
Oct 15 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12747]: Successful su for rubyman by root
Oct 15 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12747]: + ??? root:rubyman
Oct 15 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418064 of user rubyman.
Oct 15 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12747]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418064.
Oct 15 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9523]: pam_unix(cron:session): session closed for user root
Oct 15 13:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12675]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: Invalid user centos from 165.22.200.57
Oct 15 13:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: input_userauth_request: invalid user centos [preauth]
Oct 15 13:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: Failed password for invalid user centos from 165.22.200.57 port 50944 ssh2
Oct 15 13:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: Connection closed by 165.22.200.57 port 50944 [preauth]
Oct 15 13:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11596]: pam_unix(cron:session): session closed for user root
Oct 15 13:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13088]: Invalid user mm from 52.224.240.74
Oct 15 13:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13088]: input_userauth_request: invalid user mm [preauth]
Oct 15 13:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13088]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13088]: Failed password for invalid user mm from 52.224.240.74 port 52452 ssh2
Oct 15 13:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13088]: Received disconnect from 52.224.240.74 port 52452:11: Bye Bye [preauth]
Oct 15 13:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13088]: Disconnected from 52.224.240.74 port 52452 [preauth]
Oct 15 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13168]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13167]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13165]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13166]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13165]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13357]: Successful su for rubyman by root
Oct 15 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13357]: + ??? root:rubyman
Oct 15 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418069 of user rubyman.
Oct 15 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13357]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418069.
Oct 15 13:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: Invalid user centos from 165.22.200.57
Oct 15 13:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: input_userauth_request: invalid user centos [preauth]
Oct 15 13:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: Failed password for invalid user centos from 165.22.200.57 port 45658 ssh2
Oct 15 13:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13458]: Connection closed by 165.22.200.57 port 45658 [preauth]
Oct 15 13:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10138]: pam_unix(cron:session): session closed for user root
Oct 15 13:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13166]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12185]: pam_unix(cron:session): session closed for user root
Oct 15 13:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13681]: Invalid user debian from 165.22.200.57
Oct 15 13:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13681]: input_userauth_request: invalid user debian [preauth]
Oct 15 13:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13681]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13681]: Failed password for invalid user debian from 165.22.200.57 port 50016 ssh2
Oct 15 13:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13681]: Connection closed by 165.22.200.57 port 50016 [preauth]
Oct 15 13:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: Bad protocol version identification '\026\003\001' from 93.123.109.214 port 35048
Oct 15 13:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13741]: Bad protocol version identification 'GET / HTTP/1.1' from 93.123.109.214 port 35062
Oct 15 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13761]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13764]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13762]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13765]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13765]: pam_unix(cron:session): session closed for user root
Oct 15 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13756]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13865]: Successful su for rubyman by root
Oct 15 13:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13865]: + ??? root:rubyman
Oct 15 13:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418076 of user rubyman.
Oct 15 13:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[13865]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418076.
Oct 15 13:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13761]: pam_unix(cron:session): session closed for user root
Oct 15 13:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10633]: pam_unix(cron:session): session closed for user root
Oct 15 13:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Invalid user debian from 165.22.200.57
Oct 15 13:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: input_userauth_request: invalid user debian [preauth]
Oct 15 13:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14180]: Invalid user  from 77.90.185.47
Oct 15 13:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14180]: input_userauth_request: invalid user  [preauth]
Oct 15 13:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Failed password for invalid user debian from 165.22.200.57 port 48998 ssh2
Oct 15 13:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14171]: Connection closed by 165.22.200.57 port 48998 [preauth]
Oct 15 13:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13760]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14180]: Connection closed by 77.90.185.47 port 50116 [preauth]
Oct 15 13:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12677]: pam_unix(cron:session): session closed for user root
Oct 15 13:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74  user=root
Oct 15 13:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: Failed password for root from 52.224.240.74 port 39356 ssh2
Oct 15 13:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: Received disconnect from 52.224.240.74 port 39356:11: Bye Bye [preauth]
Oct 15 13:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14303]: Disconnected from 52.224.240.74 port 39356 [preauth]
Oct 15 13:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14320]: Invalid user debian from 165.22.200.57
Oct 15 13:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14320]: input_userauth_request: invalid user debian [preauth]
Oct 15 13:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14320]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14320]: Failed password for invalid user debian from 165.22.200.57 port 38226 ssh2
Oct 15 13:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14320]: Connection closed by 165.22.200.57 port 38226 [preauth]
Oct 15 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14353]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14352]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14350]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14423]: Successful su for rubyman by root
Oct 15 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14423]: + ??? root:rubyman
Oct 15 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418078 of user rubyman.
Oct 15 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14423]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418078.
Oct 15 13:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11093]: pam_unix(cron:session): session closed for user root
Oct 15 13:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14351]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Invalid user debian from 165.22.200.57
Oct 15 13:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: input_userauth_request: invalid user debian [preauth]
Oct 15 13:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Failed password for invalid user debian from 165.22.200.57 port 37380 ssh2
Oct 15 13:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Connection closed by 165.22.200.57 port 37380 [preauth]
Oct 15 13:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13168]: pam_unix(cron:session): session closed for user root
Oct 15 13:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: Invalid user debian from 165.22.200.57
Oct 15 13:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: input_userauth_request: invalid user debian [preauth]
Oct 15 13:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: Failed password for invalid user debian from 165.22.200.57 port 34622 ssh2
Oct 15 13:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: Connection closed by 165.22.200.57 port 34622 [preauth]
Oct 15 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14813]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14814]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14812]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14811]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14811]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
Oct 15 13:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14897]: Successful su for rubyman by root
Oct 15 13:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14897]: + ??? root:rubyman
Oct 15 13:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418082 of user rubyman.
Oct 15 13:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14897]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418082.
Oct 15 13:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14807]: Failed password for root from 80.94.95.116 port 32298 ssh2
Oct 15 13:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14807]: Connection closed by 80.94.95.116 port 32298 [preauth]
Oct 15 13:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11595]: pam_unix(cron:session): session closed for user root
Oct 15 13:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14812]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15280]: Invalid user debian from 165.22.200.57
Oct 15 13:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15280]: input_userauth_request: invalid user debian [preauth]
Oct 15 13:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15280]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15280]: Failed password for invalid user debian from 165.22.200.57 port 58640 ssh2
Oct 15 13:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15280]: Connection closed by 165.22.200.57 port 58640 [preauth]
Oct 15 13:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13764]: pam_unix(cron:session): session closed for user root
Oct 15 13:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: Invalid user admin from 52.224.240.74
Oct 15 13:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: input_userauth_request: invalid user admin [preauth]
Oct 15 13:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: Failed password for invalid user admin from 52.224.240.74 port 37030 ssh2
Oct 15 13:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: Received disconnect from 52.224.240.74 port 37030:11: Bye Bye [preauth]
Oct 15 13:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: Disconnected from 52.224.240.74 port 37030 [preauth]
Oct 15 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15395]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15394]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15392]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15455]: Successful su for rubyman by root
Oct 15 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15455]: + ??? root:rubyman
Oct 15 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418086 of user rubyman.
Oct 15 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15455]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418086.
Oct 15 13:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15528]: Invalid user debian from 165.22.200.57
Oct 15 13:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15528]: input_userauth_request: invalid user debian [preauth]
Oct 15 13:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15528]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15528]: Failed password for invalid user debian from 165.22.200.57 port 37776 ssh2
Oct 15 13:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15528]: Connection closed by 165.22.200.57 port 37776 [preauth]
Oct 15 13:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12184]: pam_unix(cron:session): session closed for user root
Oct 15 13:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15393]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14353]: pam_unix(cron:session): session closed for user root
Oct 15 13:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: Invalid user debian from 165.22.200.57
Oct 15 13:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: input_userauth_request: invalid user debian [preauth]
Oct 15 13:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: Failed password for invalid user debian from 165.22.200.57 port 46448 ssh2
Oct 15 13:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: Connection closed by 165.22.200.57 port 46448 [preauth]
Oct 15 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15831]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15830]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15825]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15898]: Successful su for rubyman by root
Oct 15 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15898]: + ??? root:rubyman
Oct 15 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418092 of user rubyman.
Oct 15 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15898]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418092.
Oct 15 13:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12676]: pam_unix(cron:session): session closed for user root
Oct 15 13:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16116]: Invalid user debian from 165.22.200.57
Oct 15 13:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16116]: input_userauth_request: invalid user debian [preauth]
Oct 15 13:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16116]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15829]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16116]: Failed password for invalid user debian from 165.22.200.57 port 55752 ssh2
Oct 15 13:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16116]: Connection closed by 165.22.200.57 port 55752 [preauth]
Oct 15 13:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94  user=root
Oct 15 13:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: Failed password for root from 222.104.76.94 port 36050 ssh2
Oct 15 13:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16104]: Connection closed by 222.104.76.94 port 36050 [preauth]
Oct 15 13:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14814]: pam_unix(cron:session): session closed for user root
Oct 15 13:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Invalid user fedora from 165.22.200.57
Oct 15 13:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: input_userauth_request: invalid user fedora [preauth]
Oct 15 13:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Failed password for invalid user fedora from 165.22.200.57 port 50954 ssh2
Oct 15 13:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Connection closed by 165.22.200.57 port 50954 [preauth]
Oct 15 13:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Invalid user admin from 222.104.76.94
Oct 15 13:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: input_userauth_request: invalid user admin [preauth]
Oct 15 13:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 13:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Invalid user dci from 52.224.240.74
Oct 15 13:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: input_userauth_request: invalid user dci [preauth]
Oct 15 13:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Failed password for invalid user admin from 222.104.76.94 port 53478 ssh2
Oct 15 13:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Failed password for invalid user dci from 52.224.240.74 port 39484 ssh2
Oct 15 13:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Received disconnect from 52.224.240.74 port 39484:11: Bye Bye [preauth]
Oct 15 13:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Disconnected from 52.224.240.74 port 39484 [preauth]
Oct 15 13:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Connection closed by 222.104.76.94 port 53478 [preauth]
Oct 15 13:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16295]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16304]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16303]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16299]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16302]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16304]: pam_unix(cron:session): session closed for user root
Oct 15 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16295]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16392]: Successful su for rubyman by root
Oct 15 13:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16392]: + ??? root:rubyman
Oct 15 13:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418096 of user rubyman.
Oct 15 13:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16392]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418096.
Oct 15 13:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16299]: pam_unix(cron:session): session closed for user root
Oct 15 13:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13167]: pam_unix(cron:session): session closed for user root
Oct 15 13:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94  user=root
Oct 15 13:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Failed password for root from 222.104.76.94 port 43288 ssh2
Oct 15 13:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16298]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Connection closed by 222.104.76.94 port 43288 [preauth]
Oct 15 13:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Invalid user fedora from 165.22.200.57
Oct 15 13:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: input_userauth_request: invalid user fedora [preauth]
Oct 15 13:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Failed password for invalid user fedora from 165.22.200.57 port 59346 ssh2
Oct 15 13:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Connection closed by 165.22.200.57 port 59346 [preauth]
Oct 15 13:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15395]: pam_unix(cron:session): session closed for user root
Oct 15 13:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94  user=root
Oct 15 13:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: Failed password for root from 222.104.76.94 port 36502 ssh2
Oct 15 13:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16679]: Connection closed by 222.104.76.94 port 36502 [preauth]
Oct 15 13:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: Invalid user fedora from 165.22.200.57
Oct 15 13:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: input_userauth_request: invalid user fedora [preauth]
Oct 15 13:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: Failed password for invalid user fedora from 165.22.200.57 port 52860 ssh2
Oct 15 13:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: Connection closed by 165.22.200.57 port 52860 [preauth]
Oct 15 13:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: Did not receive identification string from 211.227.185.88
Oct 15 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16827]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16829]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16825]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16901]: Successful su for rubyman by root
Oct 15 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16901]: + ??? root:rubyman
Oct 15 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418100 of user rubyman.
Oct 15 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16901]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418100.
Oct 15 13:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: Invalid user kali from 222.104.76.94
Oct 15 13:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: input_userauth_request: invalid user kali [preauth]
Oct 15 13:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 13:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: Failed password for invalid user kali from 222.104.76.94 port 56438 ssh2
Oct 15 13:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: Connection closed by 222.104.76.94 port 56438 [preauth]
Oct 15 13:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13762]: pam_unix(cron:session): session closed for user root
Oct 15 13:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16826]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: Invalid user fedora from 165.22.200.57
Oct 15 13:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: input_userauth_request: invalid user fedora [preauth]
Oct 15 13:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: Failed password for invalid user fedora from 165.22.200.57 port 54138 ssh2
Oct 15 13:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17166]: Connection closed by 165.22.200.57 port 54138 [preauth]
Oct 15 13:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17087]: Invalid user guest from 222.104.76.94
Oct 15 13:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17087]: input_userauth_request: invalid user guest [preauth]
Oct 15 13:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17087]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 13:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17087]: Failed password for invalid user guest from 222.104.76.94 port 41466 ssh2
Oct 15 13:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17087]: Connection closed by 222.104.76.94 port 41466 [preauth]
Oct 15 13:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15831]: pam_unix(cron:session): session closed for user root
Oct 15 13:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17211]: User ftp from 222.104.76.94 not allowed because not listed in AllowUsers
Oct 15 13:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17211]: input_userauth_request: invalid user ftp [preauth]
Oct 15 13:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94  user=ftp
Oct 15 13:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17211]: Failed password for invalid user ftp from 222.104.76.94 port 34090 ssh2
Oct 15 13:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17211]: Connection closed by 222.104.76.94 port 34090 [preauth]
Oct 15 13:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: Invalid user fedora from 165.22.200.57
Oct 15 13:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: input_userauth_request: invalid user fedora [preauth]
Oct 15 13:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74  user=root
Oct 15 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17305]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17306]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17303]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: Failed password for invalid user fedora from 165.22.200.57 port 45460 ssh2
Oct 15 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: Connection closed by 165.22.200.57 port 45460 [preauth]
Oct 15 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: Failed password for root from 52.224.240.74 port 34796 ssh2
Oct 15 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: Received disconnect from 52.224.240.74 port 34796:11: Bye Bye [preauth]
Oct 15 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17296]: Disconnected from 52.224.240.74 port 34796 [preauth]
Oct 15 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17385]: Successful su for rubyman by root
Oct 15 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17385]: + ??? root:rubyman
Oct 15 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418105 of user rubyman.
Oct 15 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17385]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418105.
Oct 15 13:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14352]: pam_unix(cron:session): session closed for user root
Oct 15 13:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17293]: Invalid user postgres from 222.104.76.94
Oct 15 13:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17293]: input_userauth_request: invalid user postgres [preauth]
Oct 15 13:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17293]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 13:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17304]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17293]: Failed password for invalid user postgres from 222.104.76.94 port 48054 ssh2
Oct 15 13:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17293]: Connection closed by 222.104.76.94 port 48054 [preauth]
Oct 15 13:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17665]: Invalid user fedora from 165.22.200.57
Oct 15 13:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17665]: input_userauth_request: invalid user fedora [preauth]
Oct 15 13:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17665]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17665]: Failed password for invalid user fedora from 165.22.200.57 port 32968 ssh2
Oct 15 13:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17665]: Connection closed by 165.22.200.57 port 32968 [preauth]
Oct 15 13:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: Invalid user vyos from 222.104.76.94
Oct 15 13:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: input_userauth_request: invalid user vyos [preauth]
Oct 15 13:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 13:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16303]: pam_unix(cron:session): session closed for user root
Oct 15 13:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: Failed password for invalid user vyos from 222.104.76.94 port 40796 ssh2
Oct 15 13:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: Connection closed by 222.104.76.94 port 40796 [preauth]
Oct 15 13:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17839]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17848]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17837]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17742]: Invalid user ubuntu from 222.104.76.94
Oct 15 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17742]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 13:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17928]: Successful su for rubyman by root
Oct 15 13:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17928]: + ??? root:rubyman
Oct 15 13:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418109 of user rubyman.
Oct 15 13:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[17928]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418109.
Oct 15 13:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17742]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 13:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17742]: Failed password for invalid user ubuntu from 222.104.76.94 port 59156 ssh2
Oct 15 13:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: Invalid user fedora from 165.22.200.57
Oct 15 13:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: input_userauth_request: invalid user fedora [preauth]
Oct 15 13:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17742]: Connection closed by 222.104.76.94 port 59156 [preauth]
Oct 15 13:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: Failed password for invalid user fedora from 165.22.200.57 port 51548 ssh2
Oct 15 13:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: Connection closed by 165.22.200.57 port 51548 [preauth]
Oct 15 13:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14813]: pam_unix(cron:session): session closed for user root
Oct 15 13:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17838]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18096]: Invalid user ovpn from 222.104.76.94
Oct 15 13:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18096]: input_userauth_request: invalid user ovpn [preauth]
Oct 15 13:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18096]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 13:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18096]: Failed password for invalid user ovpn from 222.104.76.94 port 47646 ssh2
Oct 15 13:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18096]: Connection closed by 222.104.76.94 port 47646 [preauth]
Oct 15 13:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16829]: pam_unix(cron:session): session closed for user root
Oct 15 13:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18470]: Invalid user fedora from 165.22.200.57
Oct 15 13:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18470]: input_userauth_request: invalid user fedora [preauth]
Oct 15 13:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18470]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18470]: Failed password for invalid user fedora from 165.22.200.57 port 37412 ssh2
Oct 15 13:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18470]: Connection closed by 165.22.200.57 port 37412 [preauth]
Oct 15 13:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18453]: Invalid user moxa from 222.104.76.94
Oct 15 13:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18453]: input_userauth_request: invalid user moxa [preauth]
Oct 15 13:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18453]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 13:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18453]: Failed password for invalid user moxa from 222.104.76.94 port 39748 ssh2
Oct 15 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18555]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18556]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18553]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18553]: pam_unix(cron:session): session closed for user p13x
Oct 15 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18453]: Connection closed by 222.104.76.94 port 39748 [preauth]
Oct 15 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18645]: Successful su for rubyman by root
Oct 15 13:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18645]: + ??? root:rubyman
Oct 15 13:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 13:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418113 of user rubyman.
Oct 15 13:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[18645]: pam_unix(su:session): session closed for user rubyman
Oct 15 13:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418113.
Oct 15 13:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18641]: Invalid user monit from 52.224.240.74
Oct 15 13:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18641]: input_userauth_request: invalid user monit [preauth]
Oct 15 13:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18641]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74
Oct 15 13:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: Invalid user a from 185.156.73.233
Oct 15 13:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: input_userauth_request: invalid user a [preauth]
Oct 15 13:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 13:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18641]: Failed password for invalid user monit from 52.224.240.74 port 34958 ssh2
Oct 15 13:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: Failed password for invalid user a from 185.156.73.233 port 27164 ssh2
Oct 15 13:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18625]: Connection closed by 185.156.73.233 port 27164 [preauth]
Oct 15 13:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18641]: Received disconnect from 52.224.240.74 port 34958:11: Bye Bye [preauth]
Oct 15 13:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18641]: Disconnected from 52.224.240.74 port 34958 [preauth]
Oct 15 13:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15394]: pam_unix(cron:session): session closed for user root
Oct 15 13:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: Invalid user fedora from 165.22.200.57
Oct 15 13:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: input_userauth_request: invalid user fedora [preauth]
Oct 15 13:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: Invalid user odroid from 222.104.76.94
Oct 15 13:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: input_userauth_request: invalid user odroid [preauth]
Oct 15 13:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: Failed password for invalid user fedora from 165.22.200.57 port 38008 ssh2
Oct 15 13:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: Connection closed by 165.22.200.57 port 38008 [preauth]
Oct 15 13:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18554]: pam_unix(cron:session): session closed for user samftp
Oct 15 13:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 13:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: Failed password for invalid user odroid from 222.104.76.94 port 33942 ssh2
Oct 15 13:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: Connection closed by 222.104.76.94 port 33942 [preauth]
Oct 15 13:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17306]: pam_unix(cron:session): session closed for user root
Oct 15 13:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 13:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: Invalid user redhat from 165.22.200.57
Oct 15 13:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: input_userauth_request: invalid user redhat [preauth]
Oct 15 13:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.200.57
Oct 15 13:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: Failed password for invalid user redhat from 165.22.200.57 port 37092 ssh2
Oct 15 13:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19122]: Connection closed by 165.22.200.57 port 37092 [preauth]
Oct 15 13:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: Invalid user pi from 222.104.76.94
Oct 15 13:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: input_userauth_request: invalid user pi [preauth]
Oct 15 13:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 13:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 13:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: Failed password for invalid user pi from 222.104.76.94 port 56596 ssh2
Oct 15 13:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18974]: Connection closed by 222.104.76.94 port 56596 [preauth]
Oct 15 14:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19179]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19181]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19176]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19174]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19178]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19181]: pam_unix(cron:session): session closed for user root
Oct 15 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19174]: pam_unix(cron:session): session closed for user root
Oct 15 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19172]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[19364]: Successful su for rubyman by root
Oct 15 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[19364]: + ??? root:rubyman
Oct 15 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[19364]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418116 of user rubyman.
Oct 15 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 su[19364]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418116.
Oct 15 14:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19176]: pam_unix(cron:session): session closed for user root
Oct 15 14:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15830]: pam_unix(cron:session): session closed for user root
Oct 15 14:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: Invalid user postgres from 222.104.76.94
Oct 15 14:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: input_userauth_request: invalid user postgres [preauth]
Oct 15 14:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: Failed password for invalid user postgres from 222.104.76.94 port 46270 ssh2
Oct 15 14:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19154]: Connection closed by 222.104.76.94 port 46270 [preauth]
Oct 15 14:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19173]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94  user=root
Oct 15 14:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: Failed password for root from 222.104.76.94 port 58346 ssh2
Oct 15 14:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17848]: pam_unix(cron:session): session closed for user root
Oct 15 14:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19932]: Connection closed by 222.104.76.94 port 58346 [preauth]
Oct 15 14:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20131]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20137]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20134]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20132]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20131]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20242]: Successful su for rubyman by root
Oct 15 14:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20242]: + ??? root:rubyman
Oct 15 14:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418123 of user rubyman.
Oct 15 14:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[20242]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418123.
Oct 15 14:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94  user=root
Oct 15 14:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: Failed password for root from 222.104.76.94 port 44942 ssh2
Oct 15 14:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.224.240.74  user=root
Oct 15 14:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20058]: Connection closed by 222.104.76.94 port 44942 [preauth]
Oct 15 14:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20287]: Failed password for root from 52.224.240.74 port 46838 ssh2
Oct 15 14:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20287]: Received disconnect from 52.224.240.74 port 46838:11: Bye Bye [preauth]
Oct 15 14:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20287]: Disconnected from 52.224.240.74 port 46838 [preauth]
Oct 15 14:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16302]: pam_unix(cron:session): session closed for user root
Oct 15 14:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20132]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: Invalid user deployer from 222.104.76.94
Oct 15 14:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: input_userauth_request: invalid user deployer [preauth]
Oct 15 14:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: Failed password for invalid user deployer from 222.104.76.94 port 37148 ssh2
Oct 15 14:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: Connection closed by 222.104.76.94 port 37148 [preauth]
Oct 15 14:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18556]: pam_unix(cron:session): session closed for user root
Oct 15 14:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: Invalid user ansible from 222.104.76.94
Oct 15 14:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: input_userauth_request: invalid user ansible [preauth]
Oct 15 14:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: Failed password for invalid user ansible from 222.104.76.94 port 52522 ssh2
Oct 15 14:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: Connection closed by 222.104.76.94 port 52522 [preauth]
Oct 15 14:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20643]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20642]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20640]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: Successful su for rubyman by root
Oct 15 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: + ??? root:rubyman
Oct 15 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418128 of user rubyman.
Oct 15 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418128.
Oct 15 14:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 15 14:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20707]: Failed password for root from 185.156.73.233 port 50670 ssh2
Oct 15 14:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20707]: Connection closed by 185.156.73.233 port 50670 [preauth]
Oct 15 14:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94  user=root
Oct 15 14:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16827]: pam_unix(cron:session): session closed for user root
Oct 15 14:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20625]: Failed password for root from 222.104.76.94 port 41664 ssh2
Oct 15 14:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20625]: Connection closed by 222.104.76.94 port 41664 [preauth]
Oct 15 14:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20641]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94  user=root
Oct 15 14:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: Failed password for root from 222.104.76.94 port 58456 ssh2
Oct 15 14:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: Connection closed by 222.104.76.94 port 58456 [preauth]
Oct 15 14:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19179]: pam_unix(cron:session): session closed for user root
Oct 15 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21110]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21109]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94  user=root
Oct 15 14:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21050]: Failed password for root from 222.104.76.94 port 50268 ssh2
Oct 15 14:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21181]: Successful su for rubyman by root
Oct 15 14:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21181]: + ??? root:rubyman
Oct 15 14:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418131 of user rubyman.
Oct 15 14:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[21181]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418131.
Oct 15 14:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21050]: Connection closed by 222.104.76.94 port 50268 [preauth]
Oct 15 14:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21139]: Failed password for root from 77.90.185.47 port 57486 ssh2
Oct 15 14:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21139]: Connection closed by 77.90.185.47 port 57486 [preauth]
Oct 15 14:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17305]: pam_unix(cron:session): session closed for user root
Oct 15 14:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94  user=root
Oct 15 14:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21445]: Failed password for root from 77.90.185.47 port 47262 ssh2
Oct 15 14:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21445]: Connection closed by 77.90.185.47 port 47262 [preauth]
Oct 15 14:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: Failed password for root from 222.104.76.94 port 35598 ssh2
Oct 15 14:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21108]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21216]: Connection closed by 222.104.76.94 port 35598 [preauth]
Oct 15 14:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21508]: Failed password for root from 77.90.185.47 port 42902 ssh2
Oct 15 14:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21508]: Connection closed by 77.90.185.47 port 42902 [preauth]
Oct 15 14:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21529]: Failed password for root from 77.90.185.47 port 42916 ssh2
Oct 15 14:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21529]: Connection closed by 77.90.185.47 port 42916 [preauth]
Oct 15 14:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20137]: pam_unix(cron:session): session closed for user root
Oct 15 14:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: Invalid user postgres from 222.104.76.94
Oct 15 14:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: input_userauth_request: invalid user postgres [preauth]
Oct 15 14:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: Failed password for invalid user postgres from 222.104.76.94 port 52732 ssh2
Oct 15 14:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: Connection closed by 222.104.76.94 port 52732 [preauth]
Oct 15 14:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21614]: Failed password for root from 77.90.185.47 port 50754 ssh2
Oct 15 14:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21614]: Connection closed by 77.90.185.47 port 50754 [preauth]
Oct 15 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21642]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21641]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21639]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21716]: Successful su for rubyman by root
Oct 15 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21716]: + ??? root:rubyman
Oct 15 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21716]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418135 of user rubyman.
Oct 15 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21716]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418135.
Oct 15 14:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21800]: Failed password for root from 77.90.185.47 port 48294 ssh2
Oct 15 14:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21800]: Connection closed by 77.90.185.47 port 48294 [preauth]
Oct 15 14:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17839]: pam_unix(cron:session): session closed for user root
Oct 15 14:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21612]: Invalid user test from 222.104.76.94
Oct 15 14:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21612]: input_userauth_request: invalid user test [preauth]
Oct 15 14:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21612]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21640]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21612]: Failed password for invalid user test from 222.104.76.94 port 44630 ssh2
Oct 15 14:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: Failed password for root from 77.90.185.47 port 56326 ssh2
Oct 15 14:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21946]: Connection closed by 77.90.185.47 port 56326 [preauth]
Oct 15 14:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: Failed password for root from 77.90.185.47 port 56342 ssh2
Oct 15 14:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21954]: Connection closed by 77.90.185.47 port 56342 [preauth]
Oct 15 14:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21612]: Connection closed by 222.104.76.94 port 44630 [preauth]
Oct 15 14:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94  user=root
Oct 15 14:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: Failed password for root from 222.104.76.94 port 39442 ssh2
Oct 15 14:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20643]: pam_unix(cron:session): session closed for user root
Oct 15 14:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21987]: Connection closed by 222.104.76.94 port 39442 [preauth]
Oct 15 14:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22074]: Failed password for root from 77.90.185.47 port 49276 ssh2
Oct 15 14:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22074]: Connection closed by 77.90.185.47 port 49276 [preauth]
Oct 15 14:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Invalid user songyushen from 164.68.105.9
Oct 15 14:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: input_userauth_request: invalid user songyushen [preauth]
Oct 15 14:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
Oct 15 14:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Failed password for invalid user songyushen from 164.68.105.9 port 43022 ssh2
Oct 15 14:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Connection closed by 164.68.105.9 port 43022 [preauth]
Oct 15 14:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22064]: Invalid user fa from 222.104.76.94
Oct 15 14:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22064]: input_userauth_request: invalid user fa [preauth]
Oct 15 14:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22064]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22064]: Failed password for invalid user fa from 222.104.76.94 port 55468 ssh2
Oct 15 14:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22064]: Connection closed by 222.104.76.94 port 55468 [preauth]
Oct 15 14:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22135]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22128]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22134]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22129]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22135]: pam_unix(cron:session): session closed for user root
Oct 15 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22124]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: Failed password for root from 77.90.185.47 port 52366 ssh2
Oct 15 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: Connection closed by 77.90.185.47 port 52366 [preauth]
Oct 15 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22259]: Successful su for rubyman by root
Oct 15 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22259]: + ??? root:rubyman
Oct 15 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418143 of user rubyman.
Oct 15 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[22259]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418143.
Oct 15 14:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22128]: pam_unix(cron:session): session closed for user root
Oct 15 14:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18555]: pam_unix(cron:session): session closed for user root
Oct 15 14:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22418]: Failed password for root from 77.90.185.47 port 57610 ssh2
Oct 15 14:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22418]: Connection closed by 77.90.185.47 port 57610 [preauth]
Oct 15 14:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22440]: Failed password for root from 77.90.185.47 port 57612 ssh2
Oct 15 14:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22440]: Connection closed by 77.90.185.47 port 57612 [preauth]
Oct 15 14:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: Invalid user vpn from 222.104.76.94
Oct 15 14:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: input_userauth_request: invalid user vpn [preauth]
Oct 15 14:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: Failed password for invalid user vpn from 222.104.76.94 port 37694 ssh2
Oct 15 14:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22121]: Connection closed by 222.104.76.94 port 37694 [preauth]
Oct 15 14:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22125]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Failed password for root from 77.90.185.47 port 58842 ssh2
Oct 15 14:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Connection closed by 77.90.185.47 port 58842 [preauth]
Oct 15 14:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22529]: Invalid user ubuntu from 222.104.76.94
Oct 15 14:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22529]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 14:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21110]: pam_unix(cron:session): session closed for user root
Oct 15 14:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22529]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22529]: Failed password for invalid user ubuntu from 222.104.76.94 port 56730 ssh2
Oct 15 14:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22529]: Connection closed by 222.104.76.94 port 56730 [preauth]
Oct 15 14:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: Failed password for root from 77.90.185.47 port 55220 ssh2
Oct 15 14:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: Connection closed by 77.90.185.47 port 55220 [preauth]
Oct 15 14:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: Invalid user user from 222.104.76.94
Oct 15 14:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: input_userauth_request: invalid user user [preauth]
Oct 15 14:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: Failed password for root from 77.90.185.47 port 48750 ssh2
Oct 15 14:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: Connection closed by 77.90.185.47 port 48750 [preauth]
Oct 15 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22707]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22706]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22701]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22688]: Failed password for root from 77.90.185.47 port 48766 ssh2
Oct 15 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22688]: Connection closed by 77.90.185.47 port 48766 [preauth]
Oct 15 14:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23095]: Successful su for rubyman by root
Oct 15 14:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23095]: + ??? root:rubyman
Oct 15 14:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418146 of user rubyman.
Oct 15 14:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23095]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418146.
Oct 15 14:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: Failed password for invalid user user from 222.104.76.94 port 44548 ssh2
Oct 15 14:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: Connection closed by 222.104.76.94 port 44548 [preauth]
Oct 15 14:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19178]: pam_unix(cron:session): session closed for user root
Oct 15 14:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22705]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23530]: Failed password for root from 77.90.185.47 port 55514 ssh2
Oct 15 14:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23530]: Connection closed by 77.90.185.47 port 55514 [preauth]
Oct 15 14:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: Invalid user user from 222.104.76.94
Oct 15 14:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: input_userauth_request: invalid user user [preauth]
Oct 15 14:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23765]: Bad protocol version identification '\026\003\001\001\027\001' from 165.154.12.82 port 36088
Oct 15 14:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: Failed password for invalid user user from 222.104.76.94 port 36068 ssh2
Oct 15 14:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23768]: Failed password for root from 77.90.185.47 port 50120 ssh2
Oct 15 14:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23768]: Connection closed by 77.90.185.47 port 50120 [preauth]
Oct 15 14:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21642]: pam_unix(cron:session): session closed for user root
Oct 15 14:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: Connection closed by 222.104.76.94 port 36068 [preauth]
Oct 15 14:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: Failed password for root from 77.90.185.47 port 55638 ssh2
Oct 15 14:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23820]: Connection closed by 77.90.185.47 port 55638 [preauth]
Oct 15 14:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: Failed password for root from 77.90.185.47 port 55644 ssh2
Oct 15 14:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23825]: Connection closed by 77.90.185.47 port 55644 [preauth]
Oct 15 14:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23767]: Did not receive identification string from 165.154.12.82
Oct 15 14:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23854]: Connection closed by 165.154.12.82 port 50400 [preauth]
Oct 15 14:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23856]: Protocol major versions differ for 165.154.12.82: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Server
Oct 15 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23880]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23879]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23877]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94  user=root
Oct 15 14:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23955]: Successful su for rubyman by root
Oct 15 14:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23955]: + ??? root:rubyman
Oct 15 14:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418150 of user rubyman.
Oct 15 14:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[23955]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418150.
Oct 15 14:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23818]: Failed password for root from 222.104.76.94 port 55846 ssh2
Oct 15 14:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23818]: Connection closed by 222.104.76.94 port 55846 [preauth]
Oct 15 14:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20134]: pam_unix(cron:session): session closed for user root
Oct 15 14:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: Failed password for root from 77.90.185.47 port 56842 ssh2
Oct 15 14:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24195]: Connection closed by 77.90.185.47 port 56842 [preauth]
Oct 15 14:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23878]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94  user=root
Oct 15 14:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24045]: Failed password for root from 222.104.76.94 port 44382 ssh2
Oct 15 14:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24045]: Connection closed by 222.104.76.94 port 44382 [preauth]
Oct 15 14:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24261]: Failed password for root from 77.90.185.47 port 42620 ssh2
Oct 15 14:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24261]: Connection closed by 77.90.185.47 port 42620 [preauth]
Oct 15 14:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: Failed password for root from 77.90.185.47 port 57378 ssh2
Oct 15 14:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22134]: pam_unix(cron:session): session closed for user root
Oct 15 14:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: Connection closed by 77.90.185.47 port 57378 [preauth]
Oct 15 14:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24316]: Failed password for root from 77.90.185.47 port 57380 ssh2
Oct 15 14:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24316]: Connection closed by 77.90.185.47 port 57380 [preauth]
Oct 15 14:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94  user=root
Oct 15 14:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: Failed password for root from 222.104.76.94 port 56520 ssh2
Oct 15 14:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24277]: Connection closed by 222.104.76.94 port 56520 [preauth]
Oct 15 14:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24421]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24417]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24415]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24497]: Successful su for rubyman by root
Oct 15 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24497]: + ??? root:rubyman
Oct 15 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418153 of user rubyman.
Oct 15 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24497]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418153.
Oct 15 14:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: Failed password for root from 77.90.185.47 port 38800 ssh2
Oct 15 14:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: Connection closed by 77.90.185.47 port 38800 [preauth]
Oct 15 14:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20642]: pam_unix(cron:session): session closed for user root
Oct 15 14:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: Failed password for root from 77.90.185.47 port 58536 ssh2
Oct 15 14:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: Invalid user ubnt from 222.104.76.94
Oct 15 14:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: input_userauth_request: invalid user ubnt [preauth]
Oct 15 14:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: Connection closed by 77.90.185.47 port 58536 [preauth]
Oct 15 14:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24416]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: Failed password for invalid user ubnt from 222.104.76.94 port 48850 ssh2
Oct 15 14:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24405]: Connection closed by 222.104.76.94 port 48850 [preauth]
Oct 15 14:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47  user=root
Oct 15 14:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: Failed password for root from 77.90.185.47 port 49284 ssh2
Oct 15 14:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24792]: Failed password for root from 77.90.185.47 port 51648 ssh2
Oct 15 14:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24785]: Connection closed by 77.90.185.47 port 49284 [preauth]
Oct 15 14:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24792]: Connection closed by 77.90.185.47 port 51648 [preauth]
Oct 15 14:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: Invalid user kafka from 222.104.76.94
Oct 15 14:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: input_userauth_request: invalid user kafka [preauth]
Oct 15 14:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22707]: pam_unix(cron:session): session closed for user root
Oct 15 14:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: Failed password for invalid user kafka from 222.104.76.94 port 37486 ssh2
Oct 15 14:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: Connection closed by 222.104.76.94 port 37486 [preauth]
Oct 15 14:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: Failed password for invalid user vulnerable from 77.90.185.47 port 45034 ssh2
Oct 15 14:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: Connection closed by 77.90.185.47 port 45034 [preauth]
Oct 15 14:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24904]: Invalid user pages from 77.90.185.47
Oct 15 14:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24904]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24904]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24904]: Failed password for invalid user pages from 77.90.185.47 port 56596 ssh2
Oct 15 14:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24904]: Connection closed by 77.90.185.47 port 56596 [preauth]
Oct 15 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24923]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24922]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24915]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24920]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24864]: Invalid user testuser from 222.104.76.94
Oct 15 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24864]: input_userauth_request: invalid user testuser [preauth]
Oct 15 14:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25126]: Successful su for rubyman by root
Oct 15 14:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25126]: + ??? root:rubyman
Oct 15 14:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25126]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418157 of user rubyman.
Oct 15 14:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25126]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418157.
Oct 15 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24915]: pam_unix(cron:session): session closed for user root
Oct 15 14:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24864]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24864]: Failed password for invalid user testuser from 222.104.76.94 port 54358 ssh2
Oct 15 14:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24864]: Connection closed by 222.104.76.94 port 54358 [preauth]
Oct 15 14:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21109]: pam_unix(cron:session): session closed for user root
Oct 15 14:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25560]: Invalid user matrix from 185.156.73.233
Oct 15 14:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25560]: input_userauth_request: invalid user matrix [preauth]
Oct 15 14:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25560]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 14:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25560]: Failed password for invalid user matrix from 185.156.73.233 port 25614 ssh2
Oct 15 14:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25586]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25586]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25586]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25560]: Connection closed by 185.156.73.233 port 25614 [preauth]
Oct 15 14:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25586]: Failed password for invalid user vulnerable from 77.90.185.47 port 34678 ssh2
Oct 15 14:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25586]: Connection closed by 77.90.185.47 port 34678 [preauth]
Oct 15 14:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24921]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25608]: Invalid user pages from 77.90.185.47
Oct 15 14:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25608]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25608]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25608]: Failed password for invalid user pages from 77.90.185.47 port 34692 ssh2
Oct 15 14:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25608]: Connection closed by 77.90.185.47 port 34692 [preauth]
Oct 15 14:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: Invalid user minecraft from 222.104.76.94
Oct 15 14:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: input_userauth_request: invalid user minecraft [preauth]
Oct 15 14:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: Failed password for invalid user minecraft from 222.104.76.94 port 45726 ssh2
Oct 15 14:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: Connection closed by 222.104.76.94 port 45726 [preauth]
Oct 15 14:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23880]: pam_unix(cron:session): session closed for user root
Oct 15 14:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: Failed password for invalid user vulnerable from 77.90.185.47 port 48852 ssh2
Oct 15 14:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: Connection closed by 77.90.185.47 port 48852 [preauth]
Oct 15 14:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: Invalid user pages from 77.90.185.47
Oct 15 14:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: Failed password for invalid user pages from 77.90.185.47 port 36412 ssh2
Oct 15 14:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25709]: Connection closed by 77.90.185.47 port 36412 [preauth]
Oct 15 14:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94  user=root
Oct 15 14:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25647]: Failed password for root from 222.104.76.94 port 59532 ssh2
Oct 15 14:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25647]: Connection closed by 222.104.76.94 port 59532 [preauth]
Oct 15 14:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25761]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25759]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25758]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25760]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25761]: pam_unix(cron:session): session closed for user root
Oct 15 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25756]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25948]: Successful su for rubyman by root
Oct 15 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25948]: + ??? root:rubyman
Oct 15 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418162 of user rubyman.
Oct 15 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[25948]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418162.
Oct 15 14:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25741]: Invalid user db2inst1 from 222.104.76.94
Oct 15 14:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25741]: input_userauth_request: invalid user db2inst1 [preauth]
Oct 15 14:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25741]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26059]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26059]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26059]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25741]: Failed password for invalid user db2inst1 from 222.104.76.94 port 47936 ssh2
Oct 15 14:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25758]: pam_unix(cron:session): session closed for user root
Oct 15 14:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26059]: Failed password for invalid user vulnerable from 77.90.185.47 port 45394 ssh2
Oct 15 14:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26059]: Connection closed by 77.90.185.47 port 45394 [preauth]
Oct 15 14:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25741]: Connection closed by 222.104.76.94 port 47936 [preauth]
Oct 15 14:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21641]: pam_unix(cron:session): session closed for user root
Oct 15 14:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: Invalid user pages from 77.90.185.47
Oct 15 14:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: Failed password for invalid user pages from 77.90.185.47 port 45406 ssh2
Oct 15 14:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26116]: Connection closed by 77.90.185.47 port 45406 [preauth]
Oct 15 14:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25757]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: Invalid user admin from 2.57.121.112
Oct 15 14:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: input_userauth_request: invalid user admin [preauth]
Oct 15 14:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 14:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: Failed password for invalid user admin from 2.57.121.112 port 48943 ssh2
Oct 15 14:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: Failed password for invalid user admin from 2.57.121.112 port 48943 ssh2
Oct 15 14:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: Failed password for invalid user admin from 2.57.121.112 port 48943 ssh2
Oct 15 14:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: Failed password for invalid user admin from 2.57.121.112 port 48943 ssh2
Oct 15 14:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Invalid user pi from 222.104.76.94
Oct 15 14:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: input_userauth_request: invalid user pi [preauth]
Oct 15 14:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: Failed password for invalid user admin from 2.57.121.112 port 48943 ssh2
Oct 15 14:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: Received disconnect from 2.57.121.112 port 48943:11: Bye [preauth]
Oct 15 14:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: Disconnected from 2.57.121.112 port 48943 [preauth]
Oct 15 14:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.112
Oct 15 14:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26245]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 14:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24421]: pam_unix(cron:session): session closed for user root
Oct 15 14:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: Failed password for invalid user vulnerable from 77.90.185.47 port 54288 ssh2
Oct 15 14:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Failed password for invalid user pi from 222.104.76.94 port 59146 ssh2
Oct 15 14:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: Connection closed by 77.90.185.47 port 54288 [preauth]
Oct 15 14:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26319]: Invalid user pages from 77.90.185.47
Oct 15 14:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26319]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26319]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Connection closed by 222.104.76.94 port 59146 [preauth]
Oct 15 14:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26319]: Failed password for invalid user pages from 77.90.185.47 port 54298 ssh2
Oct 15 14:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26319]: Connection closed by 77.90.185.47 port 54298 [preauth]
Oct 15 14:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94  user=root
Oct 15 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26396]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26395]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26392]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26386]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26386]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26386]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26562]: Successful su for rubyman by root
Oct 15 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26562]: + ??? root:rubyman
Oct 15 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418169 of user rubyman.
Oct 15 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26562]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418169.
Oct 15 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: Failed password for root from 222.104.76.94 port 55476 ssh2
Oct 15 14:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26386]: Failed password for invalid user vulnerable from 77.90.185.47 port 42314 ssh2
Oct 15 14:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26386]: Connection closed by 77.90.185.47 port 42314 [preauth]
Oct 15 14:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: Invalid user pages from 77.90.185.47
Oct 15 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: Connection closed by 222.104.76.94 port 55476 [preauth]
Oct 15 14:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: Failed password for invalid user pages from 77.90.185.47 port 57618 ssh2
Oct 15 14:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: Connection closed by 77.90.185.47 port 57618 [preauth]
Oct 15 14:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22129]: pam_unix(cron:session): session closed for user root
Oct 15 14:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26394]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26649]: Invalid user guest from 222.104.76.94
Oct 15 14:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26649]: input_userauth_request: invalid user guest [preauth]
Oct 15 14:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26649]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26649]: Failed password for invalid user guest from 222.104.76.94 port 42802 ssh2
Oct 15 14:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26894]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26894]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26894]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26649]: Connection closed by 222.104.76.94 port 42802 [preauth]
Oct 15 14:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26894]: Failed password for invalid user vulnerable from 77.90.185.47 port 41744 ssh2
Oct 15 14:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26894]: Connection closed by 77.90.185.47 port 41744 [preauth]
Oct 15 14:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: Invalid user pages from 77.90.185.47
Oct 15 14:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: Failed password for invalid user pages from 77.90.185.47 port 41746 ssh2
Oct 15 14:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: Connection closed by 77.90.185.47 port 41746 [preauth]
Oct 15 14:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24923]: pam_unix(cron:session): session closed for user root
Oct 15 14:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: Invalid user admin from 222.104.76.94
Oct 15 14:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: input_userauth_request: invalid user admin [preauth]
Oct 15 14:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: Failed password for invalid user admin from 222.104.76.94 port 56834 ssh2
Oct 15 14:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: Connection closed by 222.104.76.94 port 56834 [preauth]
Oct 15 14:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27159]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27159]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27159]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27159]: Failed password for invalid user vulnerable from 77.90.185.47 port 35322 ssh2
Oct 15 14:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27159]: Connection closed by 77.90.185.47 port 35322 [preauth]
Oct 15 14:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27189]: Invalid user pages from 77.90.185.47
Oct 15 14:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27189]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27189]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27189]: Failed password for invalid user pages from 77.90.185.47 port 32856 ssh2
Oct 15 14:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27189]: Connection closed by 77.90.185.47 port 32856 [preauth]
Oct 15 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27210]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27211]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27206]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27277]: Successful su for rubyman by root
Oct 15 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27277]: + ??? root:rubyman
Oct 15 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418173 of user rubyman.
Oct 15 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27277]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418173.
Oct 15 14:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: Invalid user vpnssh from 222.104.76.94
Oct 15 14:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: input_userauth_request: invalid user vpnssh [preauth]
Oct 15 14:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22706]: pam_unix(cron:session): session closed for user root
Oct 15 14:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27207]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27522]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27522]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27522]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: Failed password for invalid user vpnssh from 222.104.76.94 port 43614 ssh2
Oct 15 14:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: Connection closed by 222.104.76.94 port 43614 [preauth]
Oct 15 14:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27522]: Failed password for invalid user vulnerable from 77.90.185.47 port 53392 ssh2
Oct 15 14:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27522]: Connection closed by 77.90.185.47 port 53392 [preauth]
Oct 15 14:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Invalid user pages from 77.90.185.47
Oct 15 14:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Failed password for invalid user pages from 77.90.185.47 port 53404 ssh2
Oct 15 14:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Connection closed by 77.90.185.47 port 53404 [preauth]
Oct 15 14:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25760]: pam_unix(cron:session): session closed for user root
Oct 15 14:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: Invalid user ubuntu from 222.104.76.94
Oct 15 14:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: input_userauth_request: invalid user ubuntu [preauth]
Oct 15 14:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: Failed password for invalid user vulnerable from 77.90.185.47 port 51708 ssh2
Oct 15 14:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27918]: Connection closed by 77.90.185.47 port 51708 [preauth]
Oct 15 14:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: Failed password for invalid user ubuntu from 222.104.76.94 port 40016 ssh2
Oct 15 14:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: Invalid user pages from 77.90.185.47
Oct 15 14:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: Failed password for invalid user pages from 77.90.185.47 port 51222 ssh2
Oct 15 14:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: Connection closed by 77.90.185.47 port 51222 [preauth]
Oct 15 14:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: Connection closed by 222.104.76.94 port 40016 [preauth]
Oct 15 14:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27982]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27983]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27980]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27980]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28059]: Successful su for rubyman by root
Oct 15 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28059]: + ??? root:rubyman
Oct 15 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418177 of user rubyman.
Oct 15 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28059]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418177.
Oct 15 14:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: Invalid user zjw from 222.104.76.94
Oct 15 14:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: input_userauth_request: invalid user zjw [preauth]
Oct 15 14:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23879]: pam_unix(cron:session): session closed for user root
Oct 15 14:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: Failed password for invalid user zjw from 222.104.76.94 port 60146 ssh2
Oct 15 14:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: Failed password for invalid user vulnerable from 77.90.185.47 port 57516 ssh2
Oct 15 14:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28251]: Connection closed by 77.90.185.47 port 57516 [preauth]
Oct 15 14:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: Connection closed by 222.104.76.94 port 60146 [preauth]
Oct 15 14:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Invalid user pages from 77.90.185.47
Oct 15 14:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Failed password for invalid user pages from 77.90.185.47 port 32784 ssh2
Oct 15 14:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28277]: Connection closed by 77.90.185.47 port 32784 [preauth]
Oct 15 14:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27981]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: Invalid user user from 222.104.76.94
Oct 15 14:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: input_userauth_request: invalid user user [preauth]
Oct 15 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: Failed password for invalid user user from 222.104.76.94 port 49628 ssh2
Oct 15 14:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26396]: pam_unix(cron:session): session closed for user root
Oct 15 14:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28282]: Connection closed by 222.104.76.94 port 49628 [preauth]
Oct 15 14:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28377]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28377]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28377]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28377]: Failed password for invalid user vulnerable from 77.90.185.47 port 51868 ssh2
Oct 15 14:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28377]: Connection closed by 77.90.185.47 port 51868 [preauth]
Oct 15 14:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: Invalid user pages from 77.90.185.47
Oct 15 14:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: Failed password for invalid user pages from 77.90.185.47 port 51874 ssh2
Oct 15 14:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28420]: Connection closed by 77.90.185.47 port 51874 [preauth]
Oct 15 14:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94  user=root
Oct 15 14:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: Failed password for root from 222.104.76.94 port 36702 ssh2
Oct 15 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28719]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28720]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28706]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: Connection closed by 222.104.76.94 port 36702 [preauth]
Oct 15 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28783]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28783]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28783]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28798]: Successful su for rubyman by root
Oct 15 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28798]: + ??? root:rubyman
Oct 15 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418182 of user rubyman.
Oct 15 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[28798]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418182.
Oct 15 14:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28783]: Failed password for invalid user vulnerable from 77.90.185.47 port 48502 ssh2
Oct 15 14:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28783]: Connection closed by 77.90.185.47 port 48502 [preauth]
Oct 15 14:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: Invalid user pages from 77.90.185.47
Oct 15 14:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: Failed password for invalid user pages from 77.90.185.47 port 53538 ssh2
Oct 15 14:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: Connection closed by 77.90.185.47 port 53538 [preauth]
Oct 15 14:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24417]: pam_unix(cron:session): session closed for user root
Oct 15 14:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: Invalid user ftpuser from 222.104.76.94
Oct 15 14:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: input_userauth_request: invalid user ftpuser [preauth]
Oct 15 14:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28717]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: Failed password for invalid user ftpuser from 222.104.76.94 port 50690 ssh2
Oct 15 14:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28797]: Connection closed by 222.104.76.94 port 50690 [preauth]
Oct 15 14:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: Failed password for invalid user vulnerable from 77.90.185.47 port 33496 ssh2
Oct 15 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: Connection closed by 77.90.185.47 port 33496 [preauth]
Oct 15 14:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29230]: Invalid user pages from 77.90.185.47
Oct 15 14:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29230]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29230]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29230]: Failed password for invalid user pages from 77.90.185.47 port 39818 ssh2
Oct 15 14:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27211]: pam_unix(cron:session): session closed for user root
Oct 15 14:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29230]: Connection closed by 77.90.185.47 port 39818 [preauth]
Oct 15 14:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29328]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29328]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29328]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29328]: Failed password for invalid user vulnerable from 77.90.185.47 port 57624 ssh2
Oct 15 14:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29328]: Connection closed by 77.90.185.47 port 57624 [preauth]
Oct 15 14:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29345]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29344]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29339]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29341]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29345]: pam_unix(cron:session): session closed for user root
Oct 15 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29337]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: Invalid user pages from 77.90.185.47
Oct 15 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29203]: Invalid user vpnuser from 222.104.76.94
Oct 15 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29203]: input_userauth_request: invalid user vpnuser [preauth]
Oct 15 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: Failed password for invalid user pages from 77.90.185.47 port 57632 ssh2
Oct 15 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: Connection closed by 77.90.185.47 port 57632 [preauth]
Oct 15 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29203]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29433]: Successful su for rubyman by root
Oct 15 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29433]: + ??? root:rubyman
Oct 15 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418186 of user rubyman.
Oct 15 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29433]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418186.
Oct 15 14:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29203]: Failed password for invalid user vpnuser from 222.104.76.94 port 43482 ssh2
Oct 15 14:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29203]: Connection closed by 222.104.76.94 port 43482 [preauth]
Oct 15 14:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29339]: pam_unix(cron:session): session closed for user root
Oct 15 14:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24922]: pam_unix(cron:session): session closed for user root
Oct 15 14:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29338]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: Failed password for invalid user vulnerable from 77.90.185.47 port 42462 ssh2
Oct 15 14:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: Connection closed by 77.90.185.47 port 42462 [preauth]
Oct 15 14:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: Invalid user pages from 77.90.185.47
Oct 15 14:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: Failed password for invalid user pages from 77.90.185.47 port 54082 ssh2
Oct 15 14:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29746]: Connection closed by 77.90.185.47 port 54082 [preauth]
Oct 15 14:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: Invalid user test from 222.104.76.94
Oct 15 14:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: input_userauth_request: invalid user test [preauth]
Oct 15 14:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.104.76.94
Oct 15 14:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: Failed password for invalid user test from 222.104.76.94 port 46636 ssh2
Oct 15 14:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27983]: pam_unix(cron:session): session closed for user root
Oct 15 14:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: Connection closed by 222.104.76.94 port 46636 [preauth]
Oct 15 14:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: Failed password for invalid user vulnerable from 77.90.185.47 port 54768 ssh2
Oct 15 14:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29833]: Connection closed by 77.90.185.47 port 54768 [preauth]
Oct 15 14:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: Invalid user pages from 77.90.185.47
Oct 15 14:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: Failed password for invalid user pages from 77.90.185.47 port 54772 ssh2
Oct 15 14:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: Connection closed by 77.90.185.47 port 54772 [preauth]
Oct 15 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29892]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29891]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29890]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29889]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29986]: Successful su for rubyman by root
Oct 15 14:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29986]: + ??? root:rubyman
Oct 15 14:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418191 of user rubyman.
Oct 15 14:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[29986]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418191.
Oct 15 14:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25759]: pam_unix(cron:session): session closed for user root
Oct 15 14:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: Failed password for invalid user vulnerable from 77.90.185.47 port 57156 ssh2
Oct 15 14:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: Connection closed by 77.90.185.47 port 57156 [preauth]
Oct 15 14:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: Invalid user pages from 77.90.185.47
Oct 15 14:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29890]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: Failed password for invalid user pages from 77.90.185.47 port 43792 ssh2
Oct 15 14:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: Connection closed by 77.90.185.47 port 43792 [preauth]
Oct 15 14:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30304]: Invalid user default from 185.156.73.233
Oct 15 14:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30304]: input_userauth_request: invalid user default [preauth]
Oct 15 14:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30304]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30304]: Failed password for invalid user default from 185.156.73.233 port 59268 ssh2
Oct 15 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30304]: Connection closed by 185.156.73.233 port 59268 [preauth]
Oct 15 14:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30349]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30349]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30349]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28720]: pam_unix(cron:session): session closed for user root
Oct 15 14:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30349]: Failed password for invalid user vulnerable from 77.90.185.47 port 36324 ssh2
Oct 15 14:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30349]: Connection closed by 77.90.185.47 port 36324 [preauth]
Oct 15 14:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: Invalid user pages from 77.90.185.47
Oct 15 14:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: Failed password for invalid user pages from 77.90.185.47 port 36332 ssh2
Oct 15 14:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: Connection closed by 77.90.185.47 port 36332 [preauth]
Oct 15 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30463]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30458]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30442]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30442]: pam_unix(cron:session): session closed for user root
Oct 15 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30456]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30616]: Successful su for rubyman by root
Oct 15 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30616]: + ??? root:rubyman
Oct 15 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418194 of user rubyman.
Oct 15 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30616]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418194.
Oct 15 14:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: Failed password for invalid user vulnerable from 77.90.185.47 port 52378 ssh2
Oct 15 14:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: Connection closed by 77.90.185.47 port 52378 [preauth]
Oct 15 14:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Invalid user pages from 77.90.185.47
Oct 15 14:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Failed password for invalid user pages from 77.90.185.47 port 39040 ssh2
Oct 15 14:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Connection closed by 77.90.185.47 port 39040 [preauth]
Oct 15 14:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26395]: pam_unix(cron:session): session closed for user root
Oct 15 14:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30457]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30879]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30879]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30879]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30879]: Failed password for invalid user vulnerable from 77.90.185.47 port 40822 ssh2
Oct 15 14:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30879]: Connection closed by 77.90.185.47 port 40822 [preauth]
Oct 15 14:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: Invalid user pages from 77.90.185.47
Oct 15 14:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: Failed password for invalid user pages from 77.90.185.47 port 40834 ssh2
Oct 15 14:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30904]: Connection closed by 77.90.185.47 port 40834 [preauth]
Oct 15 14:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29344]: pam_unix(cron:session): session closed for user root
Oct 15 14:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30983]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30983]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30983]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30983]: Failed password for invalid user vulnerable from 77.90.185.47 port 37166 ssh2
Oct 15 14:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30983]: Connection closed by 77.90.185.47 port 37166 [preauth]
Oct 15 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31001]: Invalid user pages from 77.90.185.47
Oct 15 14:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31001]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31001]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31008]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31009]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31006]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31001]: Failed password for invalid user pages from 77.90.185.47 port 39566 ssh2
Oct 15 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31001]: Connection closed by 77.90.185.47 port 39566 [preauth]
Oct 15 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31107]: Successful su for rubyman by root
Oct 15 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31107]: + ??? root:rubyman
Oct 15 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418200 of user rubyman.
Oct 15 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[31107]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418200.
Oct 15 14:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27210]: pam_unix(cron:session): session closed for user root
Oct 15 14:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31007]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Failed password for invalid user vulnerable from 77.90.185.47 port 50326 ssh2
Oct 15 14:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Connection closed by 77.90.185.47 port 50326 [preauth]
Oct 15 14:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: Invalid user pages from 77.90.185.47
Oct 15 14:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: Failed password for invalid user pages from 77.90.185.47 port 35732 ssh2
Oct 15 14:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31360]: Connection closed by 77.90.185.47 port 35732 [preauth]
Oct 15 14:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29892]: pam_unix(cron:session): session closed for user root
Oct 15 14:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: Failed password for invalid user vulnerable from 77.90.185.47 port 55538 ssh2
Oct 15 14:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31513]: Connection closed by 77.90.185.47 port 55538 [preauth]
Oct 15 14:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: Received disconnect from 62.60.131.157 port 62093:11: Bye [preauth]
Oct 15 14:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: Disconnected from 62.60.131.157 port 62093 [preauth]
Oct 15 14:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31644]: Invalid user pages from 77.90.185.47
Oct 15 14:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31644]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31644]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31644]: Failed password for invalid user pages from 77.90.185.47 port 35714 ssh2
Oct 15 14:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31644]: Connection closed by 77.90.185.47 port 35714 [preauth]
Oct 15 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31660]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31659]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31656]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31730]: Successful su for rubyman by root
Oct 15 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31730]: + ??? root:rubyman
Oct 15 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418203 of user rubyman.
Oct 15 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31730]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418203.
Oct 15 14:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27982]: pam_unix(cron:session): session closed for user root
Oct 15 14:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31658]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: Failed password for invalid user vulnerable from 77.90.185.47 port 54174 ssh2
Oct 15 14:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: Connection closed by 77.90.185.47 port 54174 [preauth]
Oct 15 14:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: Invalid user pages from 77.90.185.47
Oct 15 14:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: Failed password for invalid user pages from 77.90.185.47 port 54186 ssh2
Oct 15 14:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31990]: Connection closed by 77.90.185.47 port 54186 [preauth]
Oct 15 14:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30463]: pam_unix(cron:session): session closed for user root
Oct 15 14:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32071]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32071]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32071]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32071]: Failed password for invalid user vulnerable from 77.90.185.47 port 56902 ssh2
Oct 15 14:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32071]: Connection closed by 77.90.185.47 port 56902 [preauth]
Oct 15 14:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: Invalid user pages from 77.90.185.47
Oct 15 14:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: Failed password for invalid user pages from 77.90.185.47 port 51140 ssh2
Oct 15 14:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: Connection closed by 77.90.185.47 port 51140 [preauth]
Oct 15 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32201]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32204]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32203]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32199]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32204]: pam_unix(cron:session): session closed for user root
Oct 15 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32197]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32293]: Successful su for rubyman by root
Oct 15 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32293]: + ??? root:rubyman
Oct 15 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418211 of user rubyman.
Oct 15 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32293]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418211.
Oct 15 14:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32394]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32394]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32394]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32394]: Failed password for invalid user vulnerable from 77.90.185.47 port 42724 ssh2
Oct 15 14:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32199]: pam_unix(cron:session): session closed for user root
Oct 15 14:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32394]: Connection closed by 77.90.185.47 port 42724 [preauth]
Oct 15 14:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28719]: pam_unix(cron:session): session closed for user root
Oct 15 14:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: Invalid user pages from 77.90.185.47
Oct 15 14:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: Failed password for invalid user pages from 77.90.185.47 port 42738 ssh2
Oct 15 14:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: Connection closed by 77.90.185.47 port 42738 [preauth]
Oct 15 14:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32198]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31009]: pam_unix(cron:session): session closed for user root
Oct 15 14:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: Failed password for invalid user vulnerable from 77.90.185.47 port 59354 ssh2
Oct 15 14:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32632]: Connection closed by 77.90.185.47 port 59354 [preauth]
Oct 15 14:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32645]: Invalid user pages from 77.90.185.47
Oct 15 14:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32645]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32645]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32645]: Failed password for invalid user pages from 77.90.185.47 port 51756 ssh2
Oct 15 14:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32645]: Connection closed by 77.90.185.47 port 51756 [preauth]
Oct 15 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32699]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32700]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32698]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32697]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[326]: Successful su for rubyman by root
Oct 15 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[326]: + ??? root:rubyman
Oct 15 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418213 of user rubyman.
Oct 15 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[326]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418213.
Oct 15 14:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[363]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[363]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[363]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[363]: Failed password for invalid user vulnerable from 77.90.185.47 port 45574 ssh2
Oct 15 14:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[363]: Connection closed by 77.90.185.47 port 45574 [preauth]
Oct 15 14:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: Invalid user pages from 77.90.185.47
Oct 15 14:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: Failed password for invalid user pages from 77.90.185.47 port 45578 ssh2
Oct 15 14:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[501]: Connection closed by 77.90.185.47 port 45578 [preauth]
Oct 15 14:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29341]: pam_unix(cron:session): session closed for user root
Oct 15 14:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32698]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[611]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[611]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[611]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[611]: Failed password for invalid user vulnerable from 77.90.185.47 port 40984 ssh2
Oct 15 14:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[611]: Connection closed by 77.90.185.47 port 40984 [preauth]
Oct 15 14:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: Invalid user pages from 77.90.185.47
Oct 15 14:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: Failed password for invalid user pages from 77.90.185.47 port 51674 ssh2
Oct 15 14:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: Connection closed by 77.90.185.47 port 51674 [preauth]
Oct 15 14:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31660]: pam_unix(cron:session): session closed for user root
Oct 15 14:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: Failed password for invalid user vulnerable from 77.90.185.47 port 33884 ssh2
Oct 15 14:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: Connection closed by 77.90.185.47 port 33884 [preauth]
Oct 15 14:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[709]: Invalid user pages from 77.90.185.47
Oct 15 14:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[709]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[709]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[725]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[724]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[722]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[814]: Successful su for rubyman by root
Oct 15 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[814]: + ??? root:rubyman
Oct 15 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418217 of user rubyman.
Oct 15 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[814]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418217.
Oct 15 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[709]: Failed password for invalid user pages from 77.90.185.47 port 33898 ssh2
Oct 15 14:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[709]: Connection closed by 77.90.185.47 port 33898 [preauth]
Oct 15 14:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29891]: pam_unix(cron:session): session closed for user root
Oct 15 14:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[723]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: Failed password for invalid user vulnerable from 77.90.185.47 port 42606 ssh2
Oct 15 14:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1157]: Connection closed by 77.90.185.47 port 42606 [preauth]
Oct 15 14:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: Invalid user pages from 77.90.185.47
Oct 15 14:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: Failed password for invalid user pages from 77.90.185.47 port 37002 ssh2
Oct 15 14:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: Connection closed by 77.90.185.47 port 37002 [preauth]
Oct 15 14:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32203]: pam_unix(cron:session): session closed for user root
Oct 15 14:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: Failed password for invalid user vulnerable from 77.90.185.47 port 55316 ssh2
Oct 15 14:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: Connection closed by 77.90.185.47 port 55316 [preauth]
Oct 15 14:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: Invalid user pages from 77.90.185.47
Oct 15 14:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: Failed password for invalid user pages from 77.90.185.47 port 55328 ssh2
Oct 15 14:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1268]: Connection closed by 77.90.185.47 port 55328 [preauth]
Oct 15 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1299]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1300]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1296]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1380]: Successful su for rubyman by root
Oct 15 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1380]: + ??? root:rubyman
Oct 15 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418221 of user rubyman.
Oct 15 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1380]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418221.
Oct 15 14:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30458]: pam_unix(cron:session): session closed for user root
Oct 15 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: Failed password for invalid user vulnerable from 77.90.185.47 port 41234 ssh2
Oct 15 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: Connection closed by 77.90.185.47 port 41234 [preauth]
Oct 15 14:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: Invalid user pages from 77.90.185.47
Oct 15 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1297]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: Failed password for invalid user pages from 77.90.185.47 port 41706 ssh2
Oct 15 14:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: Connection closed by 77.90.185.47 port 41706 [preauth]
Oct 15 14:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32700]: pam_unix(cron:session): session closed for user root
Oct 15 14:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: Failed password for invalid user vulnerable from 77.90.185.47 port 57558 ssh2
Oct 15 14:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1738]: Connection closed by 77.90.185.47 port 57558 [preauth]
Oct 15 14:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 15 14:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Invalid user pages from 77.90.185.47
Oct 15 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: Failed password for root from 185.156.73.233 port 15614 ssh2
Oct 15 14:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1754]: Connection closed by 185.156.73.233 port 15614 [preauth]
Oct 15 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Failed password for invalid user pages from 77.90.185.47 port 57570 ssh2
Oct 15 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1768]: Connection closed by 77.90.185.47 port 57570 [preauth]
Oct 15 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1820]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1819]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1817]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1998]: Successful su for rubyman by root
Oct 15 14:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1998]: + ??? root:rubyman
Oct 15 14:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418228 of user rubyman.
Oct 15 14:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[1998]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418228.
Oct 15 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: Failed password for invalid user vulnerable from 77.90.185.47 port 55566 ssh2
Oct 15 14:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: Connection closed by 77.90.185.47 port 55566 [preauth]
Oct 15 14:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: Invalid user pages from 77.90.185.47
Oct 15 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31008]: pam_unix(cron:session): session closed for user root
Oct 15 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: Failed password for invalid user pages from 77.90.185.47 port 55578 ssh2
Oct 15 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2168]: Connection closed by 77.90.185.47 port 55578 [preauth]
Oct 15 14:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1818]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Failed password for invalid user vulnerable from 77.90.185.47 port 60592 ssh2
Oct 15 14:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Connection closed by 77.90.185.47 port 60592 [preauth]
Oct 15 14:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Invalid user pages from 77.90.185.47
Oct 15 14:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[725]: pam_unix(cron:session): session closed for user root
Oct 15 14:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Failed password for invalid user pages from 77.90.185.47 port 47616 ssh2
Oct 15 14:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Connection closed by 77.90.185.47 port 47616 [preauth]
Oct 15 14:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2357]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2357]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2357]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2357]: Failed password for invalid user vulnerable from 77.90.185.47 port 59244 ssh2
Oct 15 14:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2357]: Connection closed by 77.90.185.47 port 59244 [preauth]
Oct 15 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2377]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2378]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2376]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2375]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2378]: pam_unix(cron:session): session closed for user root
Oct 15 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2372]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: Invalid user pages from 77.90.185.47
Oct 15 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2466]: Successful su for rubyman by root
Oct 15 14:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2466]: + ??? root:rubyman
Oct 15 14:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418230 of user rubyman.
Oct 15 14:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2466]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418230.
Oct 15 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: Failed password for invalid user pages from 77.90.185.47 port 59284 ssh2
Oct 15 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2369]: Connection closed by 77.90.185.47 port 59284 [preauth]
Oct 15 14:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2375]: pam_unix(cron:session): session closed for user root
Oct 15 14:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31659]: pam_unix(cron:session): session closed for user root
Oct 15 14:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2373]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2748]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2748]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2748]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2748]: Failed password for invalid user vulnerable from 77.90.185.47 port 58388 ssh2
Oct 15 14:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2748]: Connection closed by 77.90.185.47 port 58388 [preauth]
Oct 15 14:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: Invalid user pages from 77.90.185.47
Oct 15 14:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: Failed password for invalid user pages from 77.90.185.47 port 47144 ssh2
Oct 15 14:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: Connection closed by 77.90.185.47 port 47144 [preauth]
Oct 15 14:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1300]: pam_unix(cron:session): session closed for user root
Oct 15 14:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: Failed password for invalid user vulnerable from 77.90.185.47 port 47238 ssh2
Oct 15 14:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: Connection closed by 77.90.185.47 port 47238 [preauth]
Oct 15 14:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: Invalid user pages from 77.90.185.47
Oct 15 14:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2864]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2865]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2863]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2862]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2862]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: Failed password for invalid user pages from 77.90.185.47 port 49032 ssh2
Oct 15 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: Connection closed by 77.90.185.47 port 49032 [preauth]
Oct 15 14:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2954]: Successful su for rubyman by root
Oct 15 14:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2954]: + ??? root:rubyman
Oct 15 14:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2954]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418236 of user rubyman.
Oct 15 14:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[2954]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418236.
Oct 15 14:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32201]: pam_unix(cron:session): session closed for user root
Oct 15 14:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2863]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: Failed password for invalid user vulnerable from 77.90.185.47 port 36704 ssh2
Oct 15 14:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: Connection closed by 77.90.185.47 port 36704 [preauth]
Oct 15 14:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3194]: Invalid user pages from 77.90.185.47
Oct 15 14:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3194]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3194]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3194]: Failed password for invalid user pages from 77.90.185.47 port 45328 ssh2
Oct 15 14:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3194]: Connection closed by 77.90.185.47 port 45328 [preauth]
Oct 15 14:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1820]: pam_unix(cron:session): session closed for user root
Oct 15 14:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: Failed password for invalid user vulnerable from 77.90.185.47 port 40554 ssh2
Oct 15 14:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3268]: Connection closed by 77.90.185.47 port 40554 [preauth]
Oct 15 14:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Invalid user pages from 77.90.185.47
Oct 15 14:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Failed password for invalid user pages from 77.90.185.47 port 40610 ssh2
Oct 15 14:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Connection closed by 77.90.185.47 port 40610 [preauth]
Oct 15 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3340]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3343]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3337]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3413]: Successful su for rubyman by root
Oct 15 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3413]: + ??? root:rubyman
Oct 15 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3413]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418241 of user rubyman.
Oct 15 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3413]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418241.
Oct 15 14:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3556]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3556]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3556]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32699]: pam_unix(cron:session): session closed for user root
Oct 15 14:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3556]: Failed password for invalid user vulnerable from 77.90.185.47 port 58232 ssh2
Oct 15 14:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3556]: Connection closed by 77.90.185.47 port 58232 [preauth]
Oct 15 14:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: Invalid user pages from 77.90.185.47
Oct 15 14:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: Failed password for invalid user pages from 77.90.185.47 port 58244 ssh2
Oct 15 14:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3610]: Connection closed by 77.90.185.47 port 58244 [preauth]
Oct 15 14:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3339]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3696]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3696]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3696]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3696]: Failed password for invalid user vulnerable from 77.90.185.47 port 46610 ssh2
Oct 15 14:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3696]: Connection closed by 77.90.185.47 port 46610 [preauth]
Oct 15 14:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3700]: Invalid user pages from 77.90.185.47
Oct 15 14:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3700]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3700]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3700]: Failed password for invalid user pages from 77.90.185.47 port 37502 ssh2
Oct 15 14:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3700]: Connection closed by 77.90.185.47 port 37502 [preauth]
Oct 15 14:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2377]: pam_unix(cron:session): session closed for user root
Oct 15 14:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3754]: Invalid user dynamic from 2.57.122.26
Oct 15 14:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3754]: input_userauth_request: invalid user dynamic [preauth]
Oct 15 14:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3754]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.26
Oct 15 14:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3754]: Failed password for invalid user dynamic from 2.57.122.26 port 40444 ssh2
Oct 15 14:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3754]: Connection closed by 2.57.122.26 port 40444 [preauth]
Oct 15 14:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
Oct 15 14:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Failed password for root from 190.103.202.7 port 50414 ssh2
Oct 15 14:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Connection closed by 190.103.202.7 port 50414 [preauth]
Oct 15 14:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: Failed password for invalid user vulnerable from 77.90.185.47 port 40848 ssh2
Oct 15 14:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3797]: Connection closed by 77.90.185.47 port 40848 [preauth]
Oct 15 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3804]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3805]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3802]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3866]: Invalid user pages from 77.90.185.47
Oct 15 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3866]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3866]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3891]: Successful su for rubyman by root
Oct 15 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3891]: + ??? root:rubyman
Oct 15 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418243 of user rubyman.
Oct 15 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3891]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418243.
Oct 15 14:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3866]: Failed password for invalid user pages from 77.90.185.47 port 40856 ssh2
Oct 15 14:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3866]: Connection closed by 77.90.185.47 port 40856 [preauth]
Oct 15 14:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[724]: pam_unix(cron:session): session closed for user root
Oct 15 14:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3803]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: Failed password for invalid user vulnerable from 77.90.185.47 port 59604 ssh2
Oct 15 14:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: Connection closed by 77.90.185.47 port 59604 [preauth]
Oct 15 14:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: Invalid user pages from 77.90.185.47
Oct 15 14:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: Failed password for invalid user pages from 77.90.185.47 port 59616 ssh2
Oct 15 14:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: Connection closed by 77.90.185.47 port 59616 [preauth]
Oct 15 14:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2865]: pam_unix(cron:session): session closed for user root
Oct 15 14:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4299]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4299]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4299]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4299]: Failed password for invalid user vulnerable from 77.90.185.47 port 56888 ssh2
Oct 15 14:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4299]: Connection closed by 77.90.185.47 port 56888 [preauth]
Oct 15 14:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4311]: Invalid user pages from 77.90.185.47
Oct 15 14:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4311]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4311]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4311]: Failed password for invalid user pages from 77.90.185.47 port 57992 ssh2
Oct 15 14:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4311]: Connection closed by 77.90.185.47 port 57992 [preauth]
Oct 15 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4326]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4325]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4323]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4394]: Successful su for rubyman by root
Oct 15 14:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4394]: + ??? root:rubyman
Oct 15 14:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418249 of user rubyman.
Oct 15 14:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[4394]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418249.
Oct 15 14:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1299]: pam_unix(cron:session): session closed for user root
Oct 15 14:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4324]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: Failed password for invalid user vulnerable from 77.90.185.47 port 56280 ssh2
Oct 15 14:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4669]: Connection closed by 77.90.185.47 port 56280 [preauth]
Oct 15 14:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: Invalid user pages from 77.90.185.47
Oct 15 14:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: Failed password for invalid user pages from 77.90.185.47 port 56294 ssh2
Oct 15 14:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: Connection closed by 77.90.185.47 port 56294 [preauth]
Oct 15 14:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3343]: pam_unix(cron:session): session closed for user root
Oct 15 14:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: Failed password for invalid user vulnerable from 77.90.185.47 port 59688 ssh2
Oct 15 14:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4774]: Connection closed by 77.90.185.47 port 59688 [preauth]
Oct 15 14:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4780]: Invalid user pages from 77.90.185.47
Oct 15 14:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4780]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4780]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4780]: Failed password for invalid user pages from 77.90.185.47 port 48522 ssh2
Oct 15 14:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4780]: Connection closed by 77.90.185.47 port 48522 [preauth]
Oct 15 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4836]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4834]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4832]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4836]: pam_unix(cron:session): session closed for user root
Oct 15 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4830]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5032]: Successful su for rubyman by root
Oct 15 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5032]: + ??? root:rubyman
Oct 15 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418252 of user rubyman.
Oct 15 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[5032]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418252.
Oct 15 14:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4832]: pam_unix(cron:session): session closed for user root
Oct 15 14:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1819]: pam_unix(cron:session): session closed for user root
Oct 15 14:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: Failed password for invalid user vulnerable from 77.90.185.47 port 35530 ssh2
Oct 15 14:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: Connection closed by 77.90.185.47 port 35530 [preauth]
Oct 15 14:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: Invalid user pages from 77.90.185.47
Oct 15 14:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: Failed password for invalid user pages from 77.90.185.47 port 35546 ssh2
Oct 15 14:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: Connection closed by 77.90.185.47 port 35546 [preauth]
Oct 15 14:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4831]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5731]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5731]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5731]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5731]: Failed password for invalid user vulnerable from 77.90.185.47 port 56630 ssh2
Oct 15 14:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5731]: Connection closed by 77.90.185.47 port 56630 [preauth]
Oct 15 14:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5743]: Invalid user pages from 77.90.185.47
Oct 15 14:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5743]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5743]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3805]: pam_unix(cron:session): session closed for user root
Oct 15 14:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5743]: Failed password for invalid user pages from 77.90.185.47 port 33258 ssh2
Oct 15 14:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5743]: Connection closed by 77.90.185.47 port 33258 [preauth]
Oct 15 14:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5843]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5841]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5839]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5934]: Successful su for rubyman by root
Oct 15 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5934]: + ??? root:rubyman
Oct 15 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418257 of user rubyman.
Oct 15 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5934]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418257.
Oct 15 14:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: Failed password for invalid user vulnerable from 77.90.185.47 port 34012 ssh2
Oct 15 14:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5832]: Connection closed by 77.90.185.47 port 34012 [preauth]
Oct 15 14:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 15 14:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: Invalid user pages from 77.90.185.47
Oct 15 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5835]: Failed password for root from 185.156.73.233 port 38666 ssh2
Oct 15 14:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5835]: Connection closed by 185.156.73.233 port 38666 [preauth]
Oct 15 14:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: Failed password for invalid user pages from 77.90.185.47 port 52768 ssh2
Oct 15 14:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5992]: Connection closed by 77.90.185.47 port 52768 [preauth]
Oct 15 14:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2376]: pam_unix(cron:session): session closed for user root
Oct 15 14:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5840]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: Failed password for invalid user vulnerable from 77.90.185.47 port 46460 ssh2
Oct 15 14:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6194]: Connection closed by 77.90.185.47 port 46460 [preauth]
Oct 15 14:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: Invalid user pages from 77.90.185.47
Oct 15 14:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: Failed password for invalid user pages from 77.90.185.47 port 46468 ssh2
Oct 15 14:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: Connection closed by 77.90.185.47 port 46468 [preauth]
Oct 15 14:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4326]: pam_unix(cron:session): session closed for user root
Oct 15 14:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: Failed password for invalid user vulnerable from 77.90.185.47 port 48506 ssh2
Oct 15 14:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: Connection closed by 77.90.185.47 port 48506 [preauth]
Oct 15 14:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: Invalid user pages from 77.90.185.47
Oct 15 14:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: Failed password for invalid user pages from 77.90.185.47 port 55294 ssh2
Oct 15 14:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6301]: Connection closed by 77.90.185.47 port 55294 [preauth]
Oct 15 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6317]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6316]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6314]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6386]: Successful su for rubyman by root
Oct 15 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6386]: + ??? root:rubyman
Oct 15 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418262 of user rubyman.
Oct 15 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6386]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418262.
Oct 15 14:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2864]: pam_unix(cron:session): session closed for user root
Oct 15 14:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6315]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: Failed password for invalid user vulnerable from 77.90.185.47 port 48988 ssh2
Oct 15 14:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6720]: Connection closed by 77.90.185.47 port 48988 [preauth]
Oct 15 14:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: Invalid user pages from 77.90.185.47
Oct 15 14:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: Failed password for invalid user pages from 77.90.185.47 port 48996 ssh2
Oct 15 14:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: Connection closed by 77.90.185.47 port 48996 [preauth]
Oct 15 14:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session closed for user root
Oct 15 14:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Failed password for invalid user vulnerable from 77.90.185.47 port 58282 ssh2
Oct 15 14:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6814]: Connection closed by 77.90.185.47 port 58282 [preauth]
Oct 15 14:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: Invalid user pages from 77.90.185.47
Oct 15 14:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: Failed password for invalid user pages from 77.90.185.47 port 33824 ssh2
Oct 15 14:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6826]: Connection closed by 77.90.185.47 port 33824 [preauth]
Oct 15 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6883]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6885]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6878]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6953]: Successful su for rubyman by root
Oct 15 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6953]: + ??? root:rubyman
Oct 15 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418266 of user rubyman.
Oct 15 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6953]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418266.
Oct 15 14:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7060]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7060]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7060]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7060]: Failed password for invalid user vulnerable from 77.90.185.47 port 35752 ssh2
Oct 15 14:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7060]: Connection closed by 77.90.185.47 port 35752 [preauth]
Oct 15 14:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3340]: pam_unix(cron:session): session closed for user root
Oct 15 14:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7221]: Invalid user pages from 77.90.185.47
Oct 15 14:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7221]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7221]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7221]: Failed password for invalid user pages from 77.90.185.47 port 35756 ssh2
Oct 15 14:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7221]: Connection closed by 77.90.185.47 port 35756 [preauth]
Oct 15 14:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6879]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5843]: pam_unix(cron:session): session closed for user root
Oct 15 14:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7369]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7369]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7369]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7369]: Failed password for invalid user vulnerable from 77.90.185.47 port 45674 ssh2
Oct 15 14:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7369]: Connection closed by 77.90.185.47 port 45674 [preauth]
Oct 15 14:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7389]: Invalid user pages from 77.90.185.47
Oct 15 14:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7389]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7389]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7389]: Failed password for invalid user pages from 77.90.185.47 port 45690 ssh2
Oct 15 14:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7389]: Connection closed by 77.90.185.47 port 45690 [preauth]
Oct 15 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7455]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7456]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7453]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7523]: Successful su for rubyman by root
Oct 15 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7523]: + ??? root:rubyman
Oct 15 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418271 of user rubyman.
Oct 15 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7523]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418271.
Oct 15 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: Failed password for invalid user vulnerable from 77.90.185.47 port 43162 ssh2
Oct 15 14:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7534]: Connection closed by 77.90.185.47 port 43162 [preauth]
Oct 15 14:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7655]: Invalid user pages from 77.90.185.47
Oct 15 14:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7655]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7655]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7655]: Failed password for invalid user pages from 77.90.185.47 port 42138 ssh2
Oct 15 14:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7655]: Connection closed by 77.90.185.47 port 42138 [preauth]
Oct 15 14:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3804]: pam_unix(cron:session): session closed for user root
Oct 15 14:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7454]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7800]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7800]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7800]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7800]: Failed password for invalid user vulnerable from 77.90.185.47 port 57952 ssh2
Oct 15 14:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7800]: Connection closed by 77.90.185.47 port 57952 [preauth]
Oct 15 14:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: Invalid user pages from 77.90.185.47
Oct 15 14:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: Failed password for invalid user pages from 77.90.185.47 port 57956 ssh2
Oct 15 14:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: Connection closed by 77.90.185.47 port 57956 [preauth]
Oct 15 14:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6317]: pam_unix(cron:session): session closed for user root
Oct 15 14:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: Failed password for invalid user vulnerable from 77.90.185.47 port 43064 ssh2
Oct 15 14:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8329]: Connection closed by 77.90.185.47 port 43064 [preauth]
Oct 15 14:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: Invalid user pages from 77.90.185.47
Oct 15 14:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: Failed password for invalid user pages from 77.90.185.47 port 33602 ssh2
Oct 15 14:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8345]: Connection closed by 77.90.185.47 port 33602 [preauth]
Oct 15 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8365]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8364]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8366]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8367]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8367]: pam_unix(cron:session): session closed for user root
Oct 15 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8359]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8452]: Successful su for rubyman by root
Oct 15 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8452]: + ??? root:rubyman
Oct 15 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418277 of user rubyman.
Oct 15 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[8452]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418277.
Oct 15 14:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8364]: pam_unix(cron:session): session closed for user root
Oct 15 14:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4325]: pam_unix(cron:session): session closed for user root
Oct 15 14:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8361]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: Failed password for invalid user vulnerable from 77.90.185.47 port 50238 ssh2
Oct 15 14:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8703]: Connection closed by 77.90.185.47 port 50238 [preauth]
Oct 15 14:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: Invalid user pages from 77.90.185.47
Oct 15 14:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: Failed password for invalid user pages from 77.90.185.47 port 50248 ssh2
Oct 15 14:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8737]: Connection closed by 77.90.185.47 port 50248 [preauth]
Oct 15 14:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6885]: pam_unix(cron:session): session closed for user root
Oct 15 14:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Failed password for invalid user vulnerable from 77.90.185.47 port 42088 ssh2
Oct 15 14:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Connection closed by 77.90.185.47 port 42088 [preauth]
Oct 15 14:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: Invalid user pages from 77.90.185.47
Oct 15 14:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: Failed password for invalid user pages from 77.90.185.47 port 36776 ssh2
Oct 15 14:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8953]: Connection closed by 77.90.185.47 port 36776 [preauth]
Oct 15 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8995]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8994]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8990]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9074]: Successful su for rubyman by root
Oct 15 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9074]: + ??? root:rubyman
Oct 15 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418279 of user rubyman.
Oct 15 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9074]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418279.
Oct 15 14:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9301]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9301]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9301]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9301]: Failed password for invalid user vulnerable from 77.90.185.47 port 33508 ssh2
Oct 15 14:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9301]: Connection closed by 77.90.185.47 port 33508 [preauth]
Oct 15 14:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4834]: pam_unix(cron:session): session closed for user root
Oct 15 14:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9403]: Invalid user pages from 77.90.185.47
Oct 15 14:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9403]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9403]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9403]: Failed password for invalid user pages from 77.90.185.47 port 33520 ssh2
Oct 15 14:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9403]: Connection closed by 77.90.185.47 port 33520 [preauth]
Oct 15 14:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8993]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: Failed password for invalid user vulnerable from 77.90.185.47 port 60898 ssh2
Oct 15 14:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9508]: Connection closed by 77.90.185.47 port 60898 [preauth]
Oct 15 14:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7456]: pam_unix(cron:session): session closed for user root
Oct 15 14:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: Invalid user pages from 77.90.185.47
Oct 15 14:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: Failed password for invalid user pages from 77.90.185.47 port 41562 ssh2
Oct 15 14:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: Connection closed by 77.90.185.47 port 41562 [preauth]
Oct 15 14:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: Failed password for invalid user vulnerable from 77.90.185.47 port 56654 ssh2
Oct 15 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9602]: Connection closed by 77.90.185.47 port 56654 [preauth]
Oct 15 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9632]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9633]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9630]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9821]: Successful su for rubyman by root
Oct 15 14:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9821]: + ??? root:rubyman
Oct 15 14:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418285 of user rubyman.
Oct 15 14:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[9821]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418285.
Oct 15 14:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: Invalid user pages from 77.90.185.47
Oct 15 14:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: Failed password for invalid user pages from 77.90.185.47 port 56664 ssh2
Oct 15 14:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9823]: Connection closed by 77.90.185.47 port 56664 [preauth]
Oct 15 14:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5841]: pam_unix(cron:session): session closed for user root
Oct 15 14:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9631]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: Failed password for invalid user vulnerable from 77.90.185.47 port 37726 ssh2
Oct 15 14:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10091]: Connection closed by 77.90.185.47 port 37726 [preauth]
Oct 15 14:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: Invalid user pages from 77.90.185.47
Oct 15 14:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: Failed password for invalid user pages from 77.90.185.47 port 37742 ssh2
Oct 15 14:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: Connection closed by 77.90.185.47 port 37742 [preauth]
Oct 15 14:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8366]: pam_unix(cron:session): session closed for user root
Oct 15 14:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: Failed password for invalid user vulnerable from 77.90.185.47 port 38620 ssh2
Oct 15 14:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10217]: Connection closed by 77.90.185.47 port 38620 [preauth]
Oct 15 14:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: Invalid user pages from 77.90.185.47
Oct 15 14:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: Failed password for invalid user pages from 77.90.185.47 port 57458 ssh2
Oct 15 14:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: Connection closed by 77.90.185.47 port 57458 [preauth]
Oct 15 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10246]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10245]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10243]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10326]: Successful su for rubyman by root
Oct 15 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10326]: + ??? root:rubyman
Oct 15 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418287 of user rubyman.
Oct 15 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10326]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418287.
Oct 15 14:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6316]: pam_unix(cron:session): session closed for user root
Oct 15 14:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10244]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: Failed password for invalid user vulnerable from 77.90.185.47 port 33938 ssh2
Oct 15 14:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: Connection closed by 77.90.185.47 port 33938 [preauth]
Oct 15 14:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10582]: Invalid user pages from 77.90.185.47
Oct 15 14:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10582]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10582]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10582]: Failed password for invalid user pages from 77.90.185.47 port 33954 ssh2
Oct 15 14:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10582]: Connection closed by 77.90.185.47 port 33954 [preauth]
Oct 15 14:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: Invalid user anonymous from 185.156.73.233
Oct 15 14:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: input_userauth_request: invalid user anonymous [preauth]
Oct 15 14:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233
Oct 15 14:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: Failed password for invalid user anonymous from 185.156.73.233 port 42696 ssh2
Oct 15 14:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10606]: Connection closed by 185.156.73.233 port 42696 [preauth]
Oct 15 14:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8995]: pam_unix(cron:session): session closed for user root
Oct 15 14:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10677]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10677]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10677]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10677]: Failed password for invalid user vulnerable from 77.90.185.47 port 37880 ssh2
Oct 15 14:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10677]: Connection closed by 77.90.185.47 port 37880 [preauth]
Oct 15 14:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10690]: Invalid user pages from 77.90.185.47
Oct 15 14:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10690]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10690]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10690]: Failed password for invalid user pages from 77.90.185.47 port 48498 ssh2
Oct 15 14:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10690]: Connection closed by 77.90.185.47 port 48498 [preauth]
Oct 15 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10750]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10751]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10749]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10748]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10745]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10748]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10920]: Successful su for rubyman by root
Oct 15 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10920]: + ??? root:rubyman
Oct 15 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418293 of user rubyman.
Oct 15 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10920]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418293.
Oct 15 14:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10745]: pam_unix(cron:session): session closed for user root
Oct 15 14:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: Failed password for invalid user vulnerable from 77.90.185.47 port 44552 ssh2
Oct 15 14:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: Connection closed by 77.90.185.47 port 44552 [preauth]
Oct 15 14:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6883]: pam_unix(cron:session): session closed for user root
Oct 15 14:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11100]: Invalid user pages from 77.90.185.47
Oct 15 14:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11100]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11100]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11100]: Failed password for invalid user pages from 77.90.185.47 port 44558 ssh2
Oct 15 14:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11100]: Connection closed by 77.90.185.47 port 44558 [preauth]
Oct 15 14:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10749]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: Failed password for invalid user vulnerable from 77.90.185.47 port 59882 ssh2
Oct 15 14:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: Connection closed by 77.90.185.47 port 59882 [preauth]
Oct 15 14:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Invalid user pages from 77.90.185.47
Oct 15 14:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9633]: pam_unix(cron:session): session closed for user root
Oct 15 14:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Failed password for invalid user pages from 77.90.185.47 port 47192 ssh2
Oct 15 14:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Connection closed by 77.90.185.47 port 47192 [preauth]
Oct 15 14:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11297]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11297]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11297]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11297]: Failed password for invalid user vulnerable from 77.90.185.47 port 37046 ssh2
Oct 15 14:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11297]: Connection closed by 77.90.185.47 port 37046 [preauth]
Oct 15 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11319]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11318]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11317]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11316]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11319]: pam_unix(cron:session): session closed for user root
Oct 15 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11312]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: Invalid user pages from 77.90.185.47
Oct 15 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11402]: Successful su for rubyman by root
Oct 15 14:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11402]: + ??? root:rubyman
Oct 15 14:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418297 of user rubyman.
Oct 15 14:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[11402]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418297.
Oct 15 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: Failed password for invalid user pages from 77.90.185.47 port 37062 ssh2
Oct 15 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: Connection closed by 77.90.185.47 port 37062 [preauth]
Oct 15 14:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11316]: pam_unix(cron:session): session closed for user root
Oct 15 14:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7455]: pam_unix(cron:session): session closed for user root
Oct 15 14:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11313]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: Failed password for invalid user vulnerable from 77.90.185.47 port 40050 ssh2
Oct 15 14:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: Connection closed by 77.90.185.47 port 40050 [preauth]
Oct 15 14:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11798]: Invalid user pages from 77.90.185.47
Oct 15 14:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11798]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11798]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11798]: Failed password for invalid user pages from 77.90.185.47 port 45446 ssh2
Oct 15 14:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11798]: Connection closed by 77.90.185.47 port 45446 [preauth]
Oct 15 14:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10246]: pam_unix(cron:session): session closed for user root
Oct 15 14:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11882]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11882]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11882]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11882]: Failed password for invalid user vulnerable from 77.90.185.47 port 37010 ssh2
Oct 15 14:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11882]: Connection closed by 77.90.185.47 port 37010 [preauth]
Oct 15 14:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: Invalid user pages from 77.90.185.47
Oct 15 14:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: Failed password for invalid user pages from 77.90.185.47 port 37026 ssh2
Oct 15 14:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11907]: Connection closed by 77.90.185.47 port 37026 [preauth]
Oct 15 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11934]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11932]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11935]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11932]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12006]: Successful su for rubyman by root
Oct 15 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12006]: + ??? root:rubyman
Oct 15 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12006]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418303 of user rubyman.
Oct 15 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12006]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418303.
Oct 15 14:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8365]: pam_unix(cron:session): session closed for user root
Oct 15 14:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: Failed password for invalid user vulnerable from 77.90.185.47 port 44102 ssh2
Oct 15 14:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12193]: Connection closed by 77.90.185.47 port 44102 [preauth]
Oct 15 14:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11933]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: Invalid user pages from 77.90.185.47
Oct 15 14:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: Failed password for invalid user pages from 77.90.185.47 port 43670 ssh2
Oct 15 14:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12250]: Connection closed by 77.90.185.47 port 43670 [preauth]
Oct 15 14:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Failed password for invalid user vulnerable from 77.90.185.47 port 53622 ssh2
Oct 15 14:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Connection closed by 77.90.185.47 port 53622 [preauth]
Oct 15 14:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10751]: pam_unix(cron:session): session closed for user root
Oct 15 14:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: Invalid user pages from 77.90.185.47
Oct 15 14:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: Failed password for invalid user pages from 77.90.185.47 port 53624 ssh2
Oct 15 14:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12367]: Connection closed by 77.90.185.47 port 53624 [preauth]
Oct 15 14:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12424]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12423]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12421]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12515]: Successful su for rubyman by root
Oct 15 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12515]: + ??? root:rubyman
Oct 15 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418306 of user rubyman.
Oct 15 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12515]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418306.
Oct 15 14:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: Failed password for invalid user vulnerable from 77.90.185.47 port 59070 ssh2
Oct 15 14:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12418]: Connection closed by 77.90.185.47 port 59070 [preauth]
Oct 15 14:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12571]: Invalid user pages from 77.90.185.47
Oct 15 14:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12571]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12571]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12571]: Failed password for invalid user pages from 77.90.185.47 port 48010 ssh2
Oct 15 14:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12571]: Connection closed by 77.90.185.47 port 48010 [preauth]
Oct 15 14:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8994]: pam_unix(cron:session): session closed for user root
Oct 15 14:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12422]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: Failed password for invalid user vulnerable from 77.90.185.47 port 33630 ssh2
Oct 15 14:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12789]: Connection closed by 77.90.185.47 port 33630 [preauth]
Oct 15 14:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12796]: Invalid user pages from 77.90.185.47
Oct 15 14:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12796]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12796]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12796]: Failed password for invalid user pages from 77.90.185.47 port 33646 ssh2
Oct 15 14:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12796]: Connection closed by 77.90.185.47 port 33646 [preauth]
Oct 15 14:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11318]: pam_unix(cron:session): session closed for user root
Oct 15 14:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Failed password for invalid user vulnerable from 77.90.185.47 port 38542 ssh2
Oct 15 14:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Connection closed by 77.90.185.47 port 38542 [preauth]
Oct 15 14:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: Invalid user pages from 77.90.185.47
Oct 15 14:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: Failed password for invalid user pages from 77.90.185.47 port 59188 ssh2
Oct 15 14:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12921]: Connection closed by 77.90.185.47 port 59188 [preauth]
Oct 15 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12942]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12943]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12940]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13021]: Successful su for rubyman by root
Oct 15 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13021]: + ??? root:rubyman
Oct 15 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418312 of user rubyman.
Oct 15 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13021]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418312.
Oct 15 14:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9632]: pam_unix(cron:session): session closed for user root
Oct 15 14:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12941]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: Failed password for invalid user vulnerable from 77.90.185.47 port 56422 ssh2
Oct 15 14:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: Connection closed by 77.90.185.47 port 56422 [preauth]
Oct 15 14:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Invalid user pages from 77.90.185.47
Oct 15 14:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Failed password for invalid user pages from 77.90.185.47 port 53982 ssh2
Oct 15 14:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Connection closed by 77.90.185.47 port 53982 [preauth]
Oct 15 14:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11935]: pam_unix(cron:session): session closed for user root
Oct 15 14:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: Failed password for invalid user vulnerable from 77.90.185.47 port 60048 ssh2
Oct 15 14:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13493]: Connection closed by 77.90.185.47 port 60048 [preauth]
Oct 15 14:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: Invalid user pages from 77.90.185.47
Oct 15 14:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: Failed password for invalid user pages from 77.90.185.47 port 60054 ssh2
Oct 15 14:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13527]: Connection closed by 77.90.185.47 port 60054 [preauth]
Oct 15 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13555]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13554]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13551]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13622]: Successful su for rubyman by root
Oct 15 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13622]: + ??? root:rubyman
Oct 15 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418314 of user rubyman.
Oct 15 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13622]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418314.
Oct 15 14:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10245]: pam_unix(cron:session): session closed for user root
Oct 15 14:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: Failed password for invalid user vulnerable from 77.90.185.47 port 34274 ssh2
Oct 15 14:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: Connection closed by 77.90.185.47 port 34274 [preauth]
Oct 15 14:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13873]: Invalid user pages from 77.90.185.47
Oct 15 14:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13873]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13873]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13553]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13873]: Failed password for invalid user pages from 77.90.185.47 port 58842 ssh2
Oct 15 14:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13873]: Connection closed by 77.90.185.47 port 58842 [preauth]
Oct 15 14:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13952]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13952]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13952]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12424]: pam_unix(cron:session): session closed for user root
Oct 15 14:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13952]: Failed password for invalid user vulnerable from 77.90.185.47 port 58230 ssh2
Oct 15 14:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13952]: Connection closed by 77.90.185.47 port 58230 [preauth]
Oct 15 14:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13985]: Invalid user pages from 77.90.185.47
Oct 15 14:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13985]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13985]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13985]: Failed password for invalid user pages from 77.90.185.47 port 58234 ssh2
Oct 15 14:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13985]: Connection closed by 77.90.185.47 port 58234 [preauth]
Oct 15 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14133]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14130]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14131]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14134]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14134]: pam_unix(cron:session): session closed for user root
Oct 15 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14128]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14211]: Successful su for rubyman by root
Oct 15 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14211]: + ??? root:rubyman
Oct 15 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418319 of user rubyman.
Oct 15 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14211]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418319.
Oct 15 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: Failed password for invalid user vulnerable from 77.90.185.47 port 60110 ssh2
Oct 15 14:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14242]: Connection closed by 77.90.185.47 port 60110 [preauth]
Oct 15 14:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14130]: pam_unix(cron:session): session closed for user root
Oct 15 14:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Invalid user pages from 77.90.185.47
Oct 15 14:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10750]: pam_unix(cron:session): session closed for user root
Oct 15 14:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Failed password for invalid user pages from 77.90.185.47 port 60116 ssh2
Oct 15 14:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Connection closed by 77.90.185.47 port 60116 [preauth]
Oct 15 14:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 15 14:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: Failed password for root from 164.68.105.9 port 52914 ssh2
Oct 15 14:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14423]: Connection closed by 164.68.105.9 port 52914 [preauth]
Oct 15 14:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14129]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: Failed password for invalid user vulnerable from 77.90.185.47 port 35184 ssh2
Oct 15 14:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14503]: Connection closed by 77.90.185.47 port 35184 [preauth]
Oct 15 14:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14523]: Invalid user pages from 77.90.185.47
Oct 15 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14523]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14523]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14523]: Failed password for invalid user pages from 77.90.185.47 port 35188 ssh2
Oct 15 14:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14523]: Connection closed by 77.90.185.47 port 35188 [preauth]
Oct 15 14:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12943]: pam_unix(cron:session): session closed for user root
Oct 15 14:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: Failed password for invalid user vulnerable from 77.90.185.47 port 48992 ssh2
Oct 15 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: Connection closed by 77.90.185.47 port 48992 [preauth]
Oct 15 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14621]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14622]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14623]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14619]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14705]: Successful su for rubyman by root
Oct 15 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14705]: + ??? root:rubyman
Oct 15 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418325 of user rubyman.
Oct 15 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: Invalid user pages from 77.90.185.47
Oct 15 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[14705]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418325.
Oct 15 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14622]: pam_unix(cron:session): session closed for user root
Oct 15 14:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: Failed password for invalid user pages from 77.90.185.47 port 49004 ssh2
Oct 15 14:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: Connection closed by 77.90.185.47 port 49004 [preauth]
Oct 15 14:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11317]: pam_unix(cron:session): session closed for user root
Oct 15 14:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14620]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: Failed password for invalid user vulnerable from 77.90.185.47 port 38994 ssh2
Oct 15 14:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: Connection closed by 77.90.185.47 port 38994 [preauth]
Oct 15 14:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15012]: Invalid user pages from 77.90.185.47
Oct 15 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15012]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15012]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15012]: Failed password for invalid user pages from 77.90.185.47 port 39008 ssh2
Oct 15 14:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15012]: Connection closed by 77.90.185.47 port 39008 [preauth]
Oct 15 14:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13555]: pam_unix(cron:session): session closed for user root
Oct 15 14:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: Failed password for invalid user vulnerable from 77.90.185.47 port 57388 ssh2
Oct 15 14:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15177]: Connection closed by 77.90.185.47 port 57388 [preauth]
Oct 15 14:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15188]: Invalid user pages from 77.90.185.47
Oct 15 14:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15188]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15188]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15188]: Failed password for invalid user pages from 77.90.185.47 port 52284 ssh2
Oct 15 14:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15188]: Connection closed by 77.90.185.47 port 52284 [preauth]
Oct 15 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15206]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15204]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15201]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15281]: Successful su for rubyman by root
Oct 15 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15281]: + ??? root:rubyman
Oct 15 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418329 of user rubyman.
Oct 15 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15281]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418329.
Oct 15 14:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11934]: pam_unix(cron:session): session closed for user root
Oct 15 14:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15203]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: Failed password for invalid user vulnerable from 77.90.185.47 port 40848 ssh2
Oct 15 14:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: Connection closed by 77.90.185.47 port 40848 [preauth]
Oct 15 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: Invalid user pages from 77.90.185.47
Oct 15 14:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: Failed password for invalid user pages from 77.90.185.47 port 51090 ssh2
Oct 15 14:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15532]: Connection closed by 77.90.185.47 port 51090 [preauth]
Oct 15 14:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14133]: pam_unix(cron:session): session closed for user root
Oct 15 14:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15618]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15618]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15618]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15618]: Failed password for invalid user vulnerable from 77.90.185.47 port 34106 ssh2
Oct 15 14:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15618]: Connection closed by 77.90.185.47 port 34106 [preauth]
Oct 15 14:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: Invalid user pages from 77.90.185.47
Oct 15 14:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: Failed password for invalid user pages from 77.90.185.47 port 36280 ssh2
Oct 15 14:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15622]: Connection closed by 77.90.185.47 port 36280 [preauth]
Oct 15 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15678]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15676]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15677]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15675]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15749]: Successful su for rubyman by root
Oct 15 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15749]: + ??? root:rubyman
Oct 15 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418333 of user rubyman.
Oct 15 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15749]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418333.
Oct 15 14:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12423]: pam_unix(cron:session): session closed for user root
Oct 15 14:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15910]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15910]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15910]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15910]: Failed password for invalid user vulnerable from 77.90.185.47 port 51556 ssh2
Oct 15 14:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15910]: Connection closed by 77.90.185.47 port 51556 [preauth]
Oct 15 14:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: Invalid user pages from 77.90.185.47
Oct 15 14:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: Failed password for invalid user pages from 77.90.185.47 port 51568 ssh2
Oct 15 14:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: Connection closed by 77.90.185.47 port 51568 [preauth]
Oct 15 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15676]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: Failed password for invalid user vulnerable from 77.90.185.47 port 50664 ssh2
Oct 15 14:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: Connection closed by 77.90.185.47 port 50664 [preauth]
Oct 15 14:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14623]: pam_unix(cron:session): session closed for user root
Oct 15 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Invalid user pages from 77.90.185.47
Oct 15 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Failed password for invalid user pages from 77.90.185.47 port 43546 ssh2
Oct 15 14:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Connection closed by 77.90.185.47 port 43546 [preauth]
Oct 15 14:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.170.54  user=root
Oct 15 14:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: Failed password for root from 46.101.170.54 port 41154 ssh2
Oct 15 14:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16083]: Connection closed by 46.101.170.54 port 41154 [preauth]
Oct 15 14:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16148]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16146]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16144]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: Failed password for invalid user vulnerable from 77.90.185.47 port 55982 ssh2
Oct 15 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: Connection closed by 77.90.185.47 port 55982 [preauth]
Oct 15 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16216]: Successful su for rubyman by root
Oct 15 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16216]: + ??? root:rubyman
Oct 15 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418337 of user rubyman.
Oct 15 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16216]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418337.
Oct 15 14:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Invalid user pages from 77.90.185.47
Oct 15 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Failed password for invalid user pages from 77.90.185.47 port 42646 ssh2
Oct 15 14:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Connection closed by 77.90.185.47 port 42646 [preauth]
Oct 15 14:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12942]: pam_unix(cron:session): session closed for user root
Oct 15 14:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16145]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16484]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16484]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16484]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16484]: Failed password for invalid user vulnerable from 77.90.185.47 port 50608 ssh2
Oct 15 14:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16484]: Connection closed by 77.90.185.47 port 50608 [preauth]
Oct 15 14:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: Invalid user Administrator from 194.0.234.19
Oct 15 14:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: input_userauth_request: invalid user Administrator [preauth]
Oct 15 14:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: Failed none for invalid user Administrator from 194.0.234.19 port 57894 ssh2
Oct 15 14:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: Connection closed by 194.0.234.19 port 57894 [preauth]
Oct 15 14:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: Invalid user pages from 77.90.185.47
Oct 15 14:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: Failed password for invalid user pages from 77.90.185.47 port 50614 ssh2
Oct 15 14:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: Connection closed by 77.90.185.47 port 50614 [preauth]
Oct 15 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15206]: pam_unix(cron:session): session closed for user root
Oct 15 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: Invalid user yoann from 190.103.202.7
Oct 15 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: input_userauth_request: invalid user yoann [preauth]
Oct 15 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 15 14:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: Failed password for invalid user yoann from 190.103.202.7 port 47898 ssh2
Oct 15 14:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16543]: Connection closed by 190.103.202.7 port 47898 [preauth]
Oct 15 14:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: Failed password for invalid user vulnerable from 77.90.185.47 port 36482 ssh2
Oct 15 14:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16602]: Connection closed by 77.90.185.47 port 36482 [preauth]
Oct 15 14:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16618]: Invalid user pages from 77.90.185.47
Oct 15 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16618]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16618]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16618]: Failed password for invalid user pages from 77.90.185.47 port 51486 ssh2
Oct 15 14:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16618]: Connection closed by 77.90.185.47 port 51486 [preauth]
Oct 15 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16635]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16636]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16634]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16633]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16631]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16636]: pam_unix(cron:session): session closed for user root
Oct 15 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16631]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16712]: Successful su for rubyman by root
Oct 15 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16712]: + ??? root:rubyman
Oct 15 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418343 of user rubyman.
Oct 15 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[16712]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418343.
Oct 15 14:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16633]: pam_unix(cron:session): session closed for user root
Oct 15 14:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13554]: pam_unix(cron:session): session closed for user root
Oct 15 14:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16632]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: Failed password for invalid user vulnerable from 77.90.185.47 port 39672 ssh2
Oct 15 14:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16951]: Connection closed by 77.90.185.47 port 39672 [preauth]
Oct 15 14:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: Invalid user pages from 77.90.185.47
Oct 15 14:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: Failed password for invalid user pages from 77.90.185.47 port 39678 ssh2
Oct 15 14:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: Connection closed by 77.90.185.47 port 39678 [preauth]
Oct 15 14:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15678]: pam_unix(cron:session): session closed for user root
Oct 15 14:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Failed password for invalid user vulnerable from 77.90.185.47 port 54266 ssh2
Oct 15 14:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Connection closed by 77.90.185.47 port 54266 [preauth]
Oct 15 14:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: Invalid user pages from 77.90.185.47
Oct 15 14:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: Failed password for invalid user pages from 77.90.185.47 port 38610 ssh2
Oct 15 14:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: Connection closed by 77.90.185.47 port 38610 [preauth]
Oct 15 14:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: Invalid user test2 from 138.68.58.124
Oct 15 14:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: input_userauth_request: invalid user test2 [preauth]
Oct 15 14:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.58.124
Oct 15 14:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: Failed password for invalid user test2 from 138.68.58.124 port 47334 ssh2
Oct 15 14:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: Connection closed by 138.68.58.124 port 47334 [preauth]
Oct 15 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17154]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17153]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17150]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17232]: Successful su for rubyman by root
Oct 15 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17232]: + ??? root:rubyman
Oct 15 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418347 of user rubyman.
Oct 15 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17232]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418347.
Oct 15 14:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: Failed password for invalid user vulnerable from 77.90.185.47 port 33320 ssh2
Oct 15 14:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: Connection closed by 77.90.185.47 port 33320 [preauth]
Oct 15 14:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14131]: pam_unix(cron:session): session closed for user root
Oct 15 14:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: Invalid user pages from 77.90.185.47
Oct 15 14:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: Failed password for invalid user pages from 77.90.185.47 port 33330 ssh2
Oct 15 14:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: Connection closed by 77.90.185.47 port 33330 [preauth]
Oct 15 14:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17152]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17521]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17521]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17521]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17521]: Failed password for invalid user vulnerable from 77.90.185.47 port 44868 ssh2
Oct 15 14:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17521]: Connection closed by 77.90.185.47 port 44868 [preauth]
Oct 15 14:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16148]: pam_unix(cron:session): session closed for user root
Oct 15 14:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Invalid user pages from 77.90.185.47
Oct 15 14:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Failed password for invalid user pages from 77.90.185.47 port 35262 ssh2
Oct 15 14:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Connection closed by 77.90.185.47 port 35262 [preauth]
Oct 15 14:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Failed password for invalid user vulnerable from 77.90.185.47 port 36322 ssh2
Oct 15 14:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17609]: Connection closed by 77.90.185.47 port 36322 [preauth]
Oct 15 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17628]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17629]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17626]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17723]: Successful su for rubyman by root
Oct 15 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17723]: + ??? root:rubyman
Oct 15 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418351 of user rubyman.
Oct 15 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17723]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418351.
Oct 15 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: Invalid user pages from 77.90.185.47
Oct 15 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: Failed password for invalid user pages from 77.90.185.47 port 36324 ssh2
Oct 15 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: Connection closed by 77.90.185.47 port 36324 [preauth]
Oct 15 14:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
Oct 15 14:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: Failed password for root from 164.68.105.9 port 35786 ssh2
Oct 15 14:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17878]: Connection closed by 164.68.105.9 port 35786 [preauth]
Oct 15 14:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14621]: pam_unix(cron:session): session closed for user root
Oct 15 14:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17627]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Failed password for invalid user vulnerable from 77.90.185.47 port 35782 ssh2
Oct 15 14:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Connection closed by 77.90.185.47 port 35782 [preauth]
Oct 15 14:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: Invalid user pages from 77.90.185.47
Oct 15 14:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: Failed password for invalid user pages from 77.90.185.47 port 59974 ssh2
Oct 15 14:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: Connection closed by 77.90.185.47 port 59974 [preauth]
Oct 15 14:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16635]: pam_unix(cron:session): session closed for user root
Oct 15 14:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: Failed password for invalid user vulnerable from 77.90.185.47 port 53912 ssh2
Oct 15 14:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: Connection closed by 77.90.185.47 port 53912 [preauth]
Oct 15 14:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18285]: Invalid user pages from 77.90.185.47
Oct 15 14:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18285]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18285]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18285]: Failed password for invalid user pages from 77.90.185.47 port 53916 ssh2
Oct 15 14:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18285]: Connection closed by 77.90.185.47 port 53916 [preauth]
Oct 15 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18314]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18315]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18311]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18492]: Successful su for rubyman by root
Oct 15 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18492]: + ??? root:rubyman
Oct 15 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18492]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418357 of user rubyman.
Oct 15 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18492]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418357.
Oct 15 14:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15204]: pam_unix(cron:session): session closed for user root
Oct 15 14:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18717]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18717]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18717]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18717]: Failed password for invalid user vulnerable from 77.90.185.47 port 40584 ssh2
Oct 15 14:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18717]: Connection closed by 77.90.185.47 port 40584 [preauth]
Oct 15 14:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18313]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18765]: Invalid user pages from 77.90.185.47
Oct 15 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18765]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18765]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18765]: Failed password for invalid user pages from 77.90.185.47 port 36894 ssh2
Oct 15 14:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18765]: Connection closed by 77.90.185.47 port 36894 [preauth]
Oct 15 14:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17154]: pam_unix(cron:session): session closed for user root
Oct 15 14:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: Failed password for invalid user vulnerable from 77.90.185.47 port 56906 ssh2
Oct 15 14:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18855]: Connection closed by 77.90.185.47 port 56906 [preauth]
Oct 15 14:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18887]: Invalid user pages from 77.90.185.47
Oct 15 14:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18887]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18887]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18887]: Failed password for invalid user pages from 77.90.185.47 port 56918 ssh2
Oct 15 14:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18887]: Connection closed by 77.90.185.47 port 56918 [preauth]
Oct 15 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18918]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18917]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18913]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19107]: Successful su for rubyman by root
Oct 15 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19107]: + ??? root:rubyman
Oct 15 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418359 of user rubyman.
Oct 15 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19107]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418359.
Oct 15 14:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15677]: pam_unix(cron:session): session closed for user root
Oct 15 14:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: Failed password for invalid user vulnerable from 77.90.185.47 port 58644 ssh2
Oct 15 14:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: Connection closed by 77.90.185.47 port 58644 [preauth]
Oct 15 14:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18914]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: Invalid user pages from 77.90.185.47
Oct 15 14:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: Failed password for invalid user pages from 77.90.185.47 port 58620 ssh2
Oct 15 14:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: Connection closed by 77.90.185.47 port 58620 [preauth]
Oct 15 14:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19664]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19664]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19664]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17629]: pam_unix(cron:session): session closed for user root
Oct 15 14:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19664]: Failed password for invalid user vulnerable from 77.90.185.47 port 42098 ssh2
Oct 15 14:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19664]: Connection closed by 77.90.185.47 port 42098 [preauth]
Oct 15 14:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: Invalid user pages from 77.90.185.47
Oct 15 14:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: Failed password for invalid user pages from 77.90.185.47 port 42114 ssh2
Oct 15 14:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: Connection closed by 77.90.185.47 port 42114 [preauth]
Oct 15 14:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19851]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19852]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19850]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19849]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19852]: pam_unix(cron:session): session closed for user root
Oct 15 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19846]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: Failed password for invalid user vulnerable from 77.90.185.47 port 40874 ssh2
Oct 15 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19843]: Connection closed by 77.90.185.47 port 40874 [preauth]
Oct 15 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19952]: Successful su for rubyman by root
Oct 15 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19952]: + ??? root:rubyman
Oct 15 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418363 of user rubyman.
Oct 15 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[19952]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418363.
Oct 15 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: Invalid user pages from 77.90.185.47
Oct 15 14:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: Failed password for invalid user pages from 77.90.185.47 port 52162 ssh2
Oct 15 14:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: Connection closed by 77.90.185.47 port 52162 [preauth]
Oct 15 14:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19849]: pam_unix(cron:session): session closed for user root
Oct 15 14:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16146]: pam_unix(cron:session): session closed for user root
Oct 15 14:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.156.73.233  user=root
Oct 15 14:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19847]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: Failed password for root from 185.156.73.233 port 53212 ssh2
Oct 15 14:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20250]: Connection closed by 185.156.73.233 port 53212 [preauth]
Oct 15 14:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: Failed password for invalid user vulnerable from 77.90.185.47 port 47320 ssh2
Oct 15 14:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: Connection closed by 77.90.185.47 port 47320 [preauth]
Oct 15 14:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20313]: Invalid user pages from 77.90.185.47
Oct 15 14:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20313]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20313]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20313]: Failed password for invalid user pages from 77.90.185.47 port 47322 ssh2
Oct 15 14:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20313]: Connection closed by 77.90.185.47 port 47322 [preauth]
Oct 15 14:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18315]: pam_unix(cron:session): session closed for user root
Oct 15 14:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20420]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20420]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20420]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20420]: Failed password for invalid user vulnerable from 77.90.185.47 port 56040 ssh2
Oct 15 14:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20420]: Connection closed by 77.90.185.47 port 56040 [preauth]
Oct 15 14:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: Invalid user pages from 77.90.185.47
Oct 15 14:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20449]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20448]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: Failed password for invalid user pages from 77.90.185.47 port 43594 ssh2
Oct 15 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20445]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: Connection closed by 77.90.185.47 port 43594 [preauth]
Oct 15 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20532]: Successful su for rubyman by root
Oct 15 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20532]: + ??? root:rubyman
Oct 15 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20532]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418369 of user rubyman.
Oct 15 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20532]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418369.
Oct 15 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: Invalid user yoann from 190.103.202.7
Oct 15 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: input_userauth_request: invalid user yoann [preauth]
Oct 15 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
Oct 15 14:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: Failed password for invalid user yoann from 190.103.202.7 port 60294 ssh2
Oct 15 14:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20556]: Connection closed by 190.103.202.7 port 60294 [preauth]
Oct 15 14:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16634]: pam_unix(cron:session): session closed for user root
Oct 15 14:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20446]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20788]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20788]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20788]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20788]: Failed password for invalid user vulnerable from 77.90.185.47 port 55074 ssh2
Oct 15 14:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20788]: Connection closed by 77.90.185.47 port 55074 [preauth]
Oct 15 14:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20801]: Invalid user pages from 77.90.185.47
Oct 15 14:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20801]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20801]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20801]: Failed password for invalid user pages from 77.90.185.47 port 55090 ssh2
Oct 15 14:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20801]: Connection closed by 77.90.185.47 port 55090 [preauth]
Oct 15 14:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18918]: pam_unix(cron:session): session closed for user root
Oct 15 14:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Failed password for invalid user vulnerable from 77.90.185.47 port 42410 ssh2
Oct 15 14:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20872]: Connection closed by 77.90.185.47 port 42410 [preauth]
Oct 15 14:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 15 14:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=git@mediuscorp.com@198.199.94.12 rhost=::ffff:79.124.49.146
Oct 15 14:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20895]: Invalid user pages from 77.90.185.47
Oct 15 14:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20895]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20895]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Oct 15 14:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=git@mediuscorp.com rhost=::ffff:79.124.49.146
Oct 15 14:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20895]: Failed password for invalid user pages from 77.90.185.47 port 51844 ssh2
Oct 15 14:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20895]: Connection closed by 77.90.185.47 port 51844 [preauth]
Oct 15 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20952]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20951]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20948]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20948]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21020]: Successful su for rubyman by root
Oct 15 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21020]: + ??? root:rubyman
Oct 15 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21020]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418374 of user rubyman.
Oct 15 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21020]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418374.
Oct 15 14:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17153]: pam_unix(cron:session): session closed for user root
Oct 15 14:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: Failed password for invalid user vulnerable from 77.90.185.47 port 46220 ssh2
Oct 15 14:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21174]: Connection closed by 77.90.185.47 port 46220 [preauth]
Oct 15 14:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: Invalid user pages from 77.90.185.47
Oct 15 14:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: Failed password for invalid user pages from 77.90.185.47 port 46222 ssh2
Oct 15 14:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: Connection closed by 77.90.185.47 port 46222 [preauth]
Oct 15 14:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20949]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: Failed password for invalid user vulnerable from 77.90.185.47 port 57132 ssh2
Oct 15 14:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: Connection closed by 77.90.185.47 port 57132 [preauth]
Oct 15 14:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: Invalid user pages from 77.90.185.47
Oct 15 14:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: Failed password for invalid user pages from 77.90.185.47 port 49350 ssh2
Oct 15 14:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19851]: pam_unix(cron:session): session closed for user root
Oct 15 14:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: Connection closed by 77.90.185.47 port 49350 [preauth]
Oct 15 14:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: Failed password for invalid user vulnerable from 77.90.185.47 port 55420 ssh2
Oct 15 14:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: Connection closed by 77.90.185.47 port 55420 [preauth]
Oct 15 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21484]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21483]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21481]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21481]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21554]: Successful su for rubyman by root
Oct 15 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21554]: + ??? root:rubyman
Oct 15 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418378 of user rubyman.
Oct 15 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21554]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418378.
Oct 15 14:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: Invalid user pages from 77.90.185.47
Oct 15 14:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: Failed password for invalid user pages from 77.90.185.47 port 55422 ssh2
Oct 15 14:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21542]: Connection closed by 77.90.185.47 port 55422 [preauth]
Oct 15 14:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21706]: Invalid user admin from 2.57.121.25
Oct 15 14:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21706]: input_userauth_request: invalid user admin [preauth]
Oct 15 14:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21706]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 14:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17628]: pam_unix(cron:session): session closed for user root
Oct 15 14:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21706]: Failed password for invalid user admin from 2.57.121.25 port 41595 ssh2
Oct 15 14:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21706]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21706]: Failed password for invalid user admin from 2.57.121.25 port 41595 ssh2
Oct 15 14:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21706]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21706]: Failed password for invalid user admin from 2.57.121.25 port 41595 ssh2
Oct 15 14:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21706]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21482]: pam_unix(cron:session): session closed for user samftp
Oct 15 14:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21706]: Failed password for invalid user admin from 2.57.121.25 port 41595 ssh2
Oct 15 14:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21706]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21706]: Failed password for invalid user admin from 2.57.121.25 port 41595 ssh2
Oct 15 14:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21706]: Received disconnect from 2.57.121.25 port 41595:11: Bye [preauth]
Oct 15 14:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21706]: Disconnected from 2.57.121.25 port 41595 [preauth]
Oct 15 14:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21706]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.121.25
Oct 15 14:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21706]: PAM service(sshd) ignoring max retries; 5 > 3
Oct 15 14:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: Failed password for invalid user vulnerable from 77.90.185.47 port 34720 ssh2
Oct 15 14:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21820]: Connection closed by 77.90.185.47 port 34720 [preauth]
Oct 15 14:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: Invalid user pages from 77.90.185.47
Oct 15 14:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: Failed password for invalid user pages from 77.90.185.47 port 55568 ssh2
Oct 15 14:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21829]: Connection closed by 77.90.185.47 port 55568 [preauth]
Oct 15 14:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20449]: pam_unix(cron:session): session closed for user root
Oct 15 14:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21923]: Invalid user vulnerable from 77.90.185.47
Oct 15 14:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21923]: input_userauth_request: invalid user vulnerable [preauth]
Oct 15 14:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21923]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21923]: Failed password for invalid user vulnerable from 77.90.185.47 port 42036 ssh2
Oct 15 14:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21923]: Connection closed by 77.90.185.47 port 42036 [preauth]
Oct 15 14:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Oct 15 14:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21938]: Invalid user pages from 77.90.185.47
Oct 15 14:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21938]: input_userauth_request: invalid user pages [preauth]
Oct 15 14:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21938]: pam_unix(sshd:auth): check pass; user unknown
Oct 15 14:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.90.185.47
Oct 15 14:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21938]: Failed password for invalid user pages from 77.90.185.47 port 42044 ssh2
Oct 15 14:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21938]: Connection closed by 77.90.185.47 port 42044 [preauth]
Oct 15 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21966]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21964]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 15 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
Oct 15 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
Oct 15 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21962]: pam_unix(cron:session): session closed for user p13x
Oct 15 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22041]: Successful su for rubyman by root
Oct 15 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22041]: + ??? root:rubyman
Oct 15 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
Oct 15 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: New session 418383 of user rubyman.
Oct 15 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22041]: pam_unix(su:session): session closed for user rubyman
Oct 15 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[399]: Removed session 418383.